MailOrderWorks v5.907 - Multiple Web Vulnerabilities

Title: ====== MailOrderWorks v5.907 - Multiple Web Vulnerabilities Date: ===== 2013-01-02 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=798 VL-ID: ===== 796 Common Vulnerability Scoring System: ==================================== 4.5 Introduction: ============= Mail...

SEC Consult SA-20130311-0 :: Persistent cross-site scripting in jforum

SEC Consult Vulnerability Lab Security Advisory 20130311-0 ======================================================================= title: Persistent cross-site scripting vulnerability product: jforum vulnerable version: 2.1.9 fixed version: - impact: medium homepage: http://jforum.net/ found:...

SEC Consult 20130417-0 :: Multiple vulnerabilities in Sosci Survey

SEC Consult Vulnerability Lab Security Advisory 20130417-0 ======================================================================= title: Multiple vulnerabilities in Sosci Survey product: Sosci Survey vulnerable version: 2.3.04a fixed version: 2.3.04a impact: Critical homepage:...

Sony PSN Community - Mail Encoding Web Vulnerability

Document Title: =============== Sony PSN Community - Mail Encoding Web Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=748 Release Date: ============= 2013-05-05 Vulnerability Laboratory ID VL-ID: ==================================== 747...

Sony PSN Community - Persistent Web Vulnerability

Document Title: =============== Sony PSN Community - Persistent Web Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=746 Release Date: ============= 2013-05-04 Vulnerability Laboratory ID VL-ID: ==================================== 746 Commo...

File Lite 3.3 & 3.5 PRO iOS - Multiple Web Vulnerabilities

Document Title: =============== File Lite 3.3 & 3.5 PRO iOS - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=939 Release Date: ============= 2013-05-04 Vulnerability Laboratory ID VL-ID: ====================================...

Malware More Globally Distributed, Still Made in China

In an attempt to better evade detection, cybercriminals are increasingly configuring their command and control infrastructure in such a way that initial malware callbacks communicate with a server located in the same country as the newly infected machines. This emerging trend is among the vast an...

'Magic' Espionage Malware Targets UK Computers

Thousands of U.K. business computers have been infected by espionage malware using a custom protocol to communicate with its command and control servers. Researchers at Israeli security company Seculert added that the malware is still percolating with a number of capabilities yet to be deployed...

OTRS 3.x - FAQ Module Persistent Cross-Site Scripting

OTRS 3.x - FAQ Module Persistent Cross-Site Scripting Exploit Title: OTRS Faq Module - Persistent XSS Date: 2-Apr-2013 Exploit Author: Luigi Vezzoso Vendor Homepage: http://www.otrs.com Version: OTRS ITSM 3.2.x,OTRS ITSM 3.1.x,OTRS ITSM 3.0.x Tested on: Perl CVE : CVE-2013-2637 OVERVIEW The OTRS...

OTRS FAQ Module - Persistent XSS

The OTRS ITSM FAQ Module 3.2.x and below is vulnerable to a persistant XSS that permit some client side attack like cookies grabbing. OTRS http://www.otrs.com is a flexible Help Desk and IT-Service Management Software distribuited as opensource project AGPL License and also as-a-service. WIth a...

OTRS 3.x - FAQ Module Persistent Cross-Site Scripting

Exploit Title: OTRS Faq Module - Persistent XSS Date: 2-Apr-2013 Exploit Author: Luigi Vezzoso Vendor Homepage: http://www.otrs.com Version: OTRS ITSM 3.2.x,OTRS ITSM 3.1.x,OTRS ITSM 3.0.x Tested on: Perl CVE : CVE-2013-2637 OVERVIEW The OTRS ITSM FAQ Module 3.2.x and below is vulnerable to a...

OTRS FAQ Cross Site Scripting

Exploit Title: OTRS Faq Module - Persistent XSS Date: 2-Apr-2013 Exploit Author: Luigi Vezzoso Vendor Homepage: http://www.otrs.com Version: OTRS ITSM 3.2.x,OTRS ITSM 3.1.x,OTRS ITSM 3.0.x Tested on: Perl CVE : CVE-2013-2637 OVERVIEW The OTRS ITSM FAQ Module 3.2.x and below is vulnerable to a...

Organizations on Average Hit Every Three Minutes with Malware

A report released Wednesday indicates an organization on average experiences a malware-related event every three minutes, often involving business-related spear phishing and targeting technology companies. Those findings were included in a new report on advanced persistent threats released by...

Paypal Bug Bounty #31 - Mail Encoding Web Vulnerability

Document Title: =============== Paypal Bug Bounty 31 - Mail Encoding Web Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=706 PayPal Security UID: erc849qoz Release Date: ============= 2013-04-03 Vulnerability Laboratory ID VL-ID:...

Paypal Bug Bounty #31 - Mail Encoding Web Vulnerability

Document Title: =============== Paypal Bug Bounty 31 - Mail Encoding Web Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=706 PayPal Security UID: erc849qoz Release Date: ============= 2013-04-03 Vulnerability Laboratory ID VL-ID:...

WordPress FuneralPress Plugin 1.1.6 - Persistent XSS

FuneralPress plugin is prone to a persistent cross-site scripting vulnerabilities. These vulnerabilities allow attackers to host malicious Javascript on another site, enter a path to a local image in , if Photo was selected. Also, attackers can submit the form with the following entered into...

Wordpress FuneralPress Plugin 1.1.6 - Persistent XSS

Exploit for php platform in category web applications A low-privilege or guest user can inject code via the , and elements which are part of the wpfhuploadform form in http://site/obituaries/?id=ID&f=guestbook&m=add Scripts injected via the "photo-message" and "youtube-message" elements will be...

Network Weathermap 0.97a - 'editor.php' Persistent Cross-Site Scripting

Network Weathermap 0.97a - Persistent XSS Earlier versions are also possibly vulnerable. INFORMATION Product: Network Weathermap 0.97a Remote-exploit: yes Vendor-URL: http://www.network-weathermap.com/ Discovered by: Daniel Ricardo dos Santos CVE Request - 15/03/2013 CVE Assign - 18/03/2013 CVE...

Network Weathermap 0.97a Cross Site Scripting

Network Weathermap 0.97a - Persistent XSS Earlier versions are also possibly vulnerable. INFORMATION Product: Network Weathermap 0.97a Remote-exploit: yes Vendor-URL: http://www.network-weathermap.com/ Discovered by: Daniel Ricardo dos Santos CVE Request - 15/03/2013 CVE Assign - 18/03/2013 CVE...

MailOrderWorks 5.907 Cross Site Scripting

Title: ====== MailOrderWorks v5.907 - Multiple Web Vulnerabilities Date: ===== 2013-01-02 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=798 VL-ID: ===== 796 Common Vulnerability Scoring System: ==================================== 4.5 Introduction: ============= Mail...