Icefog Cyberespionage Campaign Hit 3 US Oil, Gas Companies

When the curtain was peeled back on the Icefog targeted espionage campaign in September, a new type of operator was unveiled, one that took the persistence out of advanced persistent threats APT. Researchers at Kaspersky Lab noted in uncovering Icefog that the attacks against the defense supply...

iScripts MultiCart <= 2.4 - Persistent XSS / CSRF / XSS+CSRF Mass Accounts takeover

Exploit for php platform in category web applications Exploit Title : iScripts MultiCart same product id for which you submited the review. Cross-site request forgery form nam...

Car Rental Script Cross Site Request Forgery / Cross Site Scripting

Car Rental Script - Multiple Vulnerabilties ==================================================================== .:. Author : HackXBack .:. Contact : [email protected] .:. Home : http://www.iphobos.com/blog/ .:. Script : http://www.phpjabbers.com/car-rental/ .:. Tested On Demo :...

Microsoft Sharepoint - Bypass & Persistent Vulnerability

Document Title: =============== Microsoft Sharepoint - Bypass & Persistent Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1024 Microsoft Security Response Center MSRC ID: 15181 Release Date: ============= 2014-01-13 Vulnerability Laborator...

Microsoft Sharepoint - Filter Bypass & Persistent Issues

Document Title: =============== Microsoft Sharepoint - Filter Bypass & Persistent Issues References: =========== http://www.vulnerability-lab.com/getcontent.php?id=1027 View Video 1: http://www.youtube.com/watch?v=L9n-JFog9K8 View Video 2: http://www.youtube.com/watch?v=xbp0gyPDGko Advisory:...

Microsoft Sharepoint - Filter Bypass & Persistent Issues

Document Title: =============== Microsoft Sharepoint - Filter Bypass & Persistent Issues References: =========== http://www.vulnerability-lab.com/getcontent.php?id=1027 View Video 1: http://www.youtube.com/watch?v=L9n-JFog9K8 View Video 2: http://www.youtube.com/watch?v=xbp0gyPDGko Advisory:...

Microsoft Sharepoint - Bypass & Persistent Vulnerability

Document Title: =============== Microsoft Sharepoint - Bypass & Persistent Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1024 Microsoft Security Response Center MSRC ID: 15181 Release Date: ============= 2014-01-13 Vulnerability Laborator...

[CVE-2013-5676] Plain Text Password In SonarQube Jenkins Plugin

Advisory Information Title: Default markup formatter permits offsite-bound forms Date published : 2013-12-16 Date of last update: 2013-12-16 Vendors contacted : Jenkins CI v 1.523 Discovered by: Christian Catalano Severity: Low 02. Vulnerability Information CVE reference: CVE-2013-5573 CVSS v2...

Sonicwall GMS v7.x - Filter Bypass &amp; Persistent Vulnerability &#40;0Day&#41;

Document Title: =============== Sonicwall GMS v7.x - Filter Bypass & Persistent Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1099 Bulletin: Dell SonicWALL GMS Service Bulletin for Cross-Site Scripting Vulnerability...

Feeder.co RSS Feeder 5.2 Chrome - Persistent Software Vulnerability

Document Title: =============== Feeder.co RSS Feeder 5.2 Chrome - Persistent Software Vulnerability Release Date: ============= 2013-10-26 Vulnerability Laboratory ID VL-ID: ==================================== 1119 Common Vulnerability Scoring System: ==================================== 3.8...

Seagate BlackArmor NAS sg2000-2000.1331 - Multiple Persistent Cross-Site Scripting Vulnerabilities

Seagate BlackArmor NAS sg2000-2000.1331 - Multiple Persistent Cross-Site Scripting Vulnerabilities Exploit Title: Seagate BlackArmor NAS - Multiple Persistent Cross Site Scripting Vulnerabilities Google Dork: N/A Date: 04-01-2014 Exploit Author: Jeroen - IT Nerdbox Vendor Homepage:...

Seagate BlackArmor NAS sg2000-2000.1331 - Multiple Persistent Cross Site Scripting Vulnerabilities

Exploit for hardware platform in category web applications When adding a user to the device, it is possible to enter a full name. This input field does not sanitize its input and it is possible to enter any payload which will get executed upon reload. The workgroup configuration is also vulnerabl...

Seagate BlackArmor NAS sg2000-2000.1331 Cross Site Scripting

Exploit Title: Seagate BlackArmor NAS - Multiple Persistent Cross Site Scripting Vulnerabilities Google Dork: N/A Date: 04-01-2014 Exploit Author: Jeroen - IT Nerdbox Vendor Homepage: http://www.seagate.com/ Software Link: http://www.seagate.com/support/downloads/item/banas-220-firmware-master-dl...

Seagate BlackArmor NAS sg2000-2000.1331跨站脚本漏洞

No description provided by source. Exploit Title: Seagate BlackArmor NAS - Multiple Persistent Cross Site Scripting Vulnerabilities Google Dork: N/A Date: 04-01-2014 Exploit Author: Jeroen - IT Nerdbox Vendor Homepage: http://www.seagate.com/ http://www.seagate.com/ Software Link:...

Seagate BlackArmor NAS sg2000-2000.1331 - Multiple Persistent Cross-Site Scripting Vulnerabilities

Exploit Title: Seagate BlackArmor NAS - Multiple Persistent Cross Site Scripting Vulnerabilities Google Dork: N/A Date: 04-01-2014 Exploit Author: Jeroen - IT Nerdbox Vendor Homepage: http://www.seagate.com/ Software Link: http://www.seagate.com/support/downloads/item/banas-220-firmware-master-dl...

WEBCrafted Cross Site Scripting

WEBCrafted Exploit Exploit By G4eL Exploit Title: WEBCrafted - Persistent XSS Google Dork: inurl:"/templates/webcrafted/" Date: 04/01/2014 Exploit Author: G4eL Software Link: http://www.bukkit.fr/index.php?/files/file/24-webcrafted-le-cms-minecraft/ Persistent XSS in users accounts Users...

Technicolor TC7200 Cross Site Scripting

Exploit Title: Technicolor TC7200 - Multiple XSS Vulnerabilities Google Dork: N/A Date: 02-01-2013 Exploit Author: Jeroen - IT Nerdbox Vendor Homepage: http://www.technicolor.com/en/solutions-services/connected-home/modems-gatew ays/cable-modems-gateways/tc7200-tc7300 Software Link: N/A Version:...

Cisco EPC3925 - Persistent Cross-Site Scripting

Cisco EPC3925 - Persistent Cross-Site Scripting Exploit Title: Cisco EPC3925 - Persistent Cross Site Scripting Google Dork: N/A Date: 12-11-2013 Exploit Author: Jeroen - IT Nerdbox Vendor Homepage: http://www.cisco.com Software Link: Not public Version: epc3925-E10-5-v302r125572-130520c Tested on...

Cisco EPC3925 - Persistent Cross-Site Scripting

Exploit Title: Cisco EPC3925 - Persistent Cross Site Scripting Google Dork: N/A Date: 12-11-2013 Exploit Author: Jeroen - IT Nerdbox Vendor Homepage: http://www.cisco.com Software Link: Not public Version: epc3925-E10-5-v302r125572-130520c Tested on: Cisco EPC3925 CVE: N/A Description The paramet...

Jenkins CI 1.523 Persistent Script Insertion

Advisory Information Title: Default markup formatter permits offsite-bound forms Date published : 2013-12-16 Date of last update: 2013-12-16 Vendors contacted : Jenkins CI v 1.523 Discovered by: Christian Catalano Severity: Low 02. Vulnerability Information CVE reference: CVE-2013-5573 CVSS v2...