ManageEngine MSPCentral 9 Cross Site Request Forgery / Cross Site Scripting

-------------------------------------------------------------- REDACTED REDACTED REDACTED REDACTED REDACTED REDACTED REDACTED ADVISORY ADVISORY ADVISORY ADVISORY ADVISORY ADVISORY ADVISORY -------------------------------------------------------------- RA004: Multiple vulnerabilities in ManageEngi...

SchoolCMS - Persistent Cross-Site Scripting

Title: SchoolCMS Persistant XSS. Date: 03/12/12 Author: VipVince Vendor: www.poweritschools.com Google Dork: /oldcore/cal/eventform.php Tested on: Windows. This is a Persistant XSS used in the software by many schools. About 225 results 0.21 seconds The vulnerability lies in the eventform.php fil...

SchoolCMS - Persistent Cross-Site Scripting

SchoolCMS - Persistent Cross-Site Scripting Title: SchoolCMS Persistant XSS. Date: 03/12/12 Author: VipVince Vendor: www.poweritschools.com Google Dork: /oldcore/cal/eventform.php Tested on: Windows. This is a Persistant XSS used in the software by many schools. About 225 results 0.21 seconds The...

Spear Phishing Remains Preferred Point of Entry in Targeted, Persistent Attacks

Persistent targeted attacks against the government, financial services, manufacturing and critical infrastructure take on many characteristics. Attackers can have different backgrounds and motivations, and the tools they use can range from commodity malware to zero-day exploits. One characteristi...

CVE-2012-5174

The KYOCERA AH-K3001V, AH-K3002V, WX300K, WX310K, WX320K, and WX320KR devices allow remote attackers to cause a denial of service persistent reboot via an e-mail message in an invalid format...

HackInTheBox Quartal Magazine - eZine Issue 09

Document Title: =============== HackInTheBox Quartal Magazine - eZine Issue 09 References: =========== Download: http://www.vulnerability-lab.com/resources/documents/780.pdf Original: magazine.hackinthebox.org/issues/HITB-Ezine-Issue-009.pdf Release Date: ============= 2012-11-30 Vulnerability...

HackInTheBox Quartal Magazine - eZine Issue 09

Document Title: =============== HackInTheBox Quartal Magazine - eZine Issue 09 References: =========== Download: https://www.vulnerability-lab.com/resources/documents/780.pdf Original: magazine.hackinthebox.org/issues/HITB-Ezine-Issue-009.pdf Release Date: ============= 2012-11-30 Vulnerability...

Spotify Cross Site Scripting

Title: ====== Spotify Playlists - Persistent Cross Site Scripting Vector Date: ===== 2012-11-27 Introduction: ============= Spotify is a Swedish music streaming service offering digitally restricted streaming of selected music from a range of major and independent record labels, including Sony,...

D-Link DSR-250N Persistent Root Access

D-Link DSR-250N has a backdoor account that allows for persistent root access. D-Link DSR-250N Persistent Root Access Router: D-Link DSR-250N Hardware Version: A1 Firmware Version: 1.05B73WW Arch: armv6l, Linux Author: 0o -- nullnull nu11.nu11 at yahoo.com Date: 2012-11-25 Purpose: Persistently...

Apple WGT Dictionnaire 1.3 - Persistent Web Vulnerability

Document Title: =============== Apple WGT Dictionnaire 1.3 - Persistent Web Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=774 Release Date: ============= 2012-11-26 Vulnerability Laboratory ID VL-ID: ==================================== 7...

Apple WGT Dictionnaire 1.3 - Persistent Web Vulnerability

Document Title: =============== Apple WGT Dictionnaire 1.3 - Persistent Web Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=774 Release Date: ============= 2012-11-26 Vulnerability Laboratory ID VL-ID: ==================================== 7...

D-Link DSR-250N Backdoor

D-Link DSR-250N Persistent Root Access Router: D-Link DSR-250N Hardware Version: A1 Firmware Version: 1.05B73WW Arch: armv6l, Linux Author: 0o -- nullnull nu11.nu11 at yahoo.com Date: 2012-11-25 Purpose: Persistently become real root on your D-Link DSR-250N I just wanted to do real firewalling on...

Paypal BBP #2 - Persistent Listing Web Vulnerability

Document Title: =============== Paypal BBP 2 - Persistent Listing Web Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=634 Release Date: ============= 2012-11-25 Vulnerability Laboratory ID VL-ID: ==================================== 634...

Paypal Bug Bounty #21 - Persistent Encoding Vulnerability

Document Title: =============== Paypal Bug Bounty 21 - Persistent Encoding Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=684 Release Date: ============= 2012-11-24 Vulnerability Laboratory ID VL-ID: ==================================== 68...

PHP Server Monitor - Persistent Cross-Site Scripting

PHP Server Monitor - Persistent Cross-Site Scripting Author: loneferret of Offensive Security Product: PHP Server Monitor Version: 2.0.1 and maybe older versions Google Dork: intext="Powered by PHP Server Monitor v2.0.1" yes people have made this available on the web Software Download:...

Skype Community - Mail Encoding Web Vulnerability #2

Document Title: =============== Skype Community - Mail Encoding Web Vulnerability 2 References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=719 MICROSOFT SECURITY RESPONSE CENTER MSRC ID: 13022 & 13034 Release Date: ============= 2012-11-20 Vulnerability...

SonicWALL CDP 5040 6.x Cross Site Scripting

Title: ====== SonicWALL CDP 5040 v6.x - Multiple Web Vulnerabilities Date: ===== 2012-11-19 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=549 VL-ID: ===== 549 Common Vulnerability Scoring System: ==================================== 3.5 Introduction: =============...

Skype Community - Mail Encoding Web Vulnerability #2

Document Title: =============== Skype Community - Mail Encoding Web Vulnerability 2 References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=719 MICROSOFT SECURITY RESPONSE CENTER MSRC ID: 13022 & 13034 Release Date: ============= 2012-11-20 Vulnerability...

Skype Community - Mail Encoding Web Vulnerability #1

Document Title: =============== Skype Community - Mail Encoding Web Vulnerability 1 References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=708 MICROSOFT SECURITY RESPONSE CENTER MSRC ID: 13022 & 13034 Release Date: ============= 2012-11-19 Vulnerability...

WeBid 1.0.5 - Cross-Site Scripting

WeBid 1.0.5 - Cross-Site Scripting Exploit Title: WeBid Vendor Homepage: http://www.webidsupport.com Software Link: http://sourceforge.net/projects/simpleauction/files/simpleauction/WeBid%20v1.0.4/WeBid-1.0.4.zip/download Version: 1.0.5 Tested on: Ubuntu Linux INGRESS SECURITY SECURITY ADVISORY...