Barracuda Message Archiver 650 Cross Site Scripting

Document Title: =============== Barracuda Message Archiver 650 - Persistent Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=751 Barracuda Networks Security ID BNSEC: 703 Release Date: ============= 2014-02-18 Vulnerability Laboratory ID...

Barracuda Firewall 6.1.0.016 - Multiple Vulnerabilities

Document Title: =============== Barracuda Bug Bounty 30 Firewall - Multiple Persistent Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1065 Barracuda Networks Security ID BNSEC: BNSEC-2067 Video:...

Barracuda Message Archiver 650 - Persistent Cross-Site Scripting

Barracuda Message Archiver 650 - Persistent Cross-Site Scripting Document Title: =============== Barracuda Message Archiver 650 - Persistent Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=751 Barracuda Networks Security ID BNSEC: 703 Relea...

Google Chrome CSRF Vulnerability - Linux

Google Chrome is prone to a cross-site request forgery CSRF attack. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:google:chrome...

CVE-2013-6167

Mozilla Firefox through 27 sends HTTP Cookie headers without first validating that they have the required character-set restrictions, which allows remote attackers to conduct the equivalent of a persistent Logout CSRF attack via a crafted parameter that forces a web application to set a malformed...

CVE-2013-6166

Google Chrome before 29 sends HTTP Cookie headers without first validating that they have the required character-set restrictions, which allows remote attackers to conduct the equivalent of a persistent Logout CSRF attack via a crafted parameter that forces a web application to set a malformed...

Cross site request forgery (csrf)

Mozilla Firefox through 27 sends HTTP Cookie headers without first validating that they have the required character-set restrictions, which allows remote attackers to conduct the equivalent of a persistent Logout CSRF attack via a crafted parameter that forces a web application to set a malformed...

Android Browser and WebView addJavascriptInterface Code Execution

This Metasploit module exploits a privilege escalation issue in Android versions prior 4.2's WebView component that arises when untrusted Javascript code is executed by a WebView that has one or more Interfaces added to it. The untrusted Javascript code can call into the Java Reflection APIs...

Project description is persistent XSS vector for project admins

This issue is a clone of another one that was fixed in OD but left unfixed in BTF as "admin xss". It has been pointed out by several customers that this exploit requires only project admin level of privilege. The following project description: code alert1 code Pops up in the view project page, th...

Project description is persistent XSS vector for project admins

This issue is a clone of another one that was fixed in OD but left unfixed in BTF as "admin xss". It has been pointed out by several customers that this exploit requires only project admin level of privilege. The following project description: code alert1 code Pops up in the view project page, th...

CTERA 3.2.29.03.2.42.0 - Persistent Cross-Site Scripting

CTERA 3.2.29.03.2.42.0 - Persistent Cross-Site Scripting Exploit Title: CTERA Project Folders - Stored XSS Date: 11-Mar-2013 Exploit Author: Luigi Vezzoso Vendor Homepage: http://www.ctera.com Version: 3.2.29.0 and 3.2.42.0 Tested on: ctera os CVE : CVE-2013-2639 OVERVIEW Standard Ctera User...

Mozilla Bug Bounty #5 - WireTap Remote Web Vulnerability

Document Title: =============== Mozilla Bug Bounty 5 - WireTap Remote Web Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=953 Mozilla Bug Tracking ID: 875818 Video: http://www.vulnerability-lab.com/getcontent.php?id=1182 Partner News...

Mozilla SeaMonkey - Filter Bypass & Persistent Vulnerability

Document Title: =============== Mozilla SeaMonkey - Filter Bypass & Persistent Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=967 Mozilla Bug Tracking ID: 881686 http://www.vulnerability-lab.com/getcontent.php?id=953 Mozilla Bug Tracking I...

Mozilla SeaMonkey - Filter Bypass & Persistent Vulnerability

Document Title: =============== Mozilla SeaMonkey - Filter Bypass & Persistent Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=967 Mozilla Bug Tracking ID: 881686 http://www.vulnerability-lab.com/getcontent.php?id=953 Mozilla Bug Tracking I...

Atmail Webmail => 7.2 - Multiple XSS & FPD Vulnerabilities

Atmail is a platform which main purposes is to... send and receive emails - anyway, latest versions suffers on multiple Cross Site Scripting vulnerabilities because of poor content and variables filtration. Cheers. Title: Atmail Webmail =7.2 - Multiple XSS & FPD Date: 01.27.2014 Vendor: atmail.co...

Ability Mail Server 2013 -Persistent Cross-Site Scripting Cross-Site Request Forgery (Password Reset)

Ability Mail Server 2013 -Persistent Cross-Site Scripting Cross-Site Request Forgery Password Reset On one machine Windows Server 2003, install a new instance of AMS with these configurations 1. Primary Domain: hack.local 2. Enable the WebMail Service 3. Domain Name: hack.local 4. Add a User and...

Joomla! Component Komento 1.7.2 - Persistent Cross-Site Scripting

Joomla! Component Komento 1.7.2 - Persistent Cross-Site Scripting Advisory ID: HTB23194 Product: Komento Joomla Extension Vendor: Stack Ideas Sdn Bhd. Vulnerable Versions: 1.7.2 and probably prior Tested Version: 1.7.2 Advisory Publication: January 2, 2014 without technical details Vendor...

PHPJabbers Car Rental脚本多个漏洞

No description provided by source. Car Rental Script - Multiple Vulnerabilities ==================================================================== .:. Author : HackXBack .:. Contact : [email protected] .:. Home : http://www.iphobos.com/blog/ .:. Script : http://www.phpjabbers.com/car-rental/ ===...

Teracom Modem T2-B-Gawv1.4U10Y-BI - Persistent Cross-Site Scripting

Teracom Modem T2-B-Gawv1.4U10Y-BI - Persistent Cross-Site Scripting Exploit Title: Teracom Modem Stored XSS Vulnerability Date: 19-01-2014 Author: Rakesh S Software Link: http://www.teracom.in/ Version: T2-B-Gawv1.4U10Y-BI Tested on: Windows 7 Code : GET...

SmarterMail Enterprise and Standard 11.x - Persistent Cross-Site Scripting

SmarterMail Enterprise and Standard 11.x - Persistent Cross-Site Scripting Click Me, Please...\r\n NOTE: javascript html char encode = then you will be able to get into the victim's mailbox via the url: http://WebSite/Smarter/Default.aspx I used phpmailer class for beside of the ex...