Movable Type Pro 5.13en - Persistent Cross-Site Scripting

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Source URL: http://www.cloudscan.me/2012/10/cve-2012-1503-movable-type-pro-513en.html Keywords: CVE-2012-1503, Movable Type Pro 5.13en, Stored XSS, JavaScript Injection, Vendor Unresponsive, Full Disclosure Introduction Movable Type MT started as on...

WordPress Plugin White Label CMS 1.5 - Cross-Site Request Forgery / Persistent Cross-Site Scripting

Exploit Title: White Label CMS v 1.5 CSRF w/ persistent XSS Date: 21/10/2012 Exploit Author: pcsjj Vendor Homepage: http://www.videousermanuals.com/white-label-cms/ Version: 1.5 Software Link: http://plugins.svn.wordpress.org/white-label-cms/branches/ Downloads: 110,313 CVE : CVE-2012-5387 CSRF,...

WordPress Plugin White Label CMS 1.5 - Cross-Site Request Forgery Persistent Cross-Site Scripting

WordPress Plugin White Label CMS 1.5 - Cross-Site Request Forgery Persistent Cross-Site Scripting Exploit Title: White Label CMS v 1.5 CSRF w/ persistent XSS Date: 21/10/2012 Exploit Author: pcsjj Vendor Homepage: http://www.videousermanuals.com/white-label-cms/ Version: 1.5 Software Link:...

Interspire Email Marketer v6.0.1 - Multiple Vulnerabilites

Title: ====== Interspire Email Marketer v6.0.1 - Multiple Vulnerabilites Date: ===== 2012-10-02 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=710 VL-ID: ===== 710 Common Vulnerability Scoring System: ==================================== 8.3 Introduction: =============...

vOlk Botnet Framework v4.0 - Multiple Web Vulnerabilities

Title: ====== vOlk Botnet Framework v4.0 - Multiple Web Vulnerabilities Date: ===== 2012-10-09 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=721 VL-ID: ===== 721 Common Vulnerability Scoring System: ==================================== 8.3 Introduction: =============...

Switchvox Asterisk v5.1.2 - Multiple Web Vulnerabilities

Title: ====== Switchvox Asterisk v5.1.2 - Multiple Web Vulnerabilities Date: ===== 2012-09-10 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=700 VL-ID: ===== 700 Common Vulnerability Scoring System: ==================================== 4.1 Introduction: =============...

SonicWALL EMail Security 7.3.5 - Multiple Vulnerabilities

Title: ====== SonicWALL EMail Security 7.3.5 - Multiple Vulnerabilities Date: ===== 2012-08-14 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=543 VL-ID: ===== 543 Common Vulnerability Scoring System: ==================================== 3.5 Introduction: =============...

Better WP Security v3.4.3 Wordpress - Web Vulnerabilities

Title: ====== Better WP Security v3.4.3 Wordpress - Web Vulnerabilities Date: ===== 2012-08-20 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=691 VL-ID: ===== 691 Common Vulnerability Scoring System: ==================================== 3.5 Introduction: =============...

Movable Type Pro 5.13en - Persistent Cross-Site Scripting

Movable Type Pro 5.13en - Persistent Cross-Site Scripting -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Source URL: http://www.cloudscan.me/2012/10/cve-2012-1503-movable-type-pro-513en.html Keywords: CVE-2012-1503, Movable Type Pro 5.13en, Stored XSS, JavaScript Injection, Vendor Unresponsive,...

Movable Type Pro 5.13en Cross Site Scripting

Our researchers discovered a persistent XSS vulnerability, allowing an attacker to inject arbitrary script code into the comment section of any existing Mt5.13en installation. Source URL: http://www.cloudscan.me/2012/10/cve-2012-1503-movable-type-pro-513en.html Keywords: CVE-2012-1503, Movable Ty...

White Label CMS v 1.5 CSRF / Persistent XSS

CVE : CVE-2012-5387 CSRF, CVE-2012-5388 XSS Exploit Title: White Label CMS v 1.5 CSRF w/ persistent XSS Date: 21/10/2012 Exploit Author: pcsjj Vendor Homepage: http://www.videousermanuals.com/white-label-cms/ Version: 1.5 Software Link: http://plugins.svn.wordpress.org/white-label-cms/branches/...

CVE-2012-4826

Stack-based buffer overflow in the SQL/PSM aka SQL Persistent Stored Module Stored Procedure SP infrastructure in IBM DB2 9.1, 9.5, 9.7 before FP7, 9.8, and 10.1 might allow remote authenticated users to execute arbitrary code by debugging a stored procedure...

Stack overflow

Stack-based buffer overflow in the SQL/PSM aka SQL Persistent Stored Module Stored Procedure SP infrastructure in IBM DB2 9.1, 9.5, 9.7 before FP7, 9.8, and 10.1 might allow remote authenticated users to execute arbitrary code by debugging a stored procedure...

CVE-2012-4826

Stack-based buffer overflow in the SQL/PSM aka SQL Persistent Stored Module Stored Procedure SP infrastructure in IBM DB2 9.1, 9.5, 9.7 before FP7, 9.8, and 10.1 might allow remote authenticated users to execute arbitrary code by debugging a stored procedure...

Movable Type Pro 5.13en Cross Site Scripting

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Source URL: http://www.cloudscan.me/2012/10/cve-2012-1503-movable-type-pro-513en.html Keywords: CVE-2012-1503, Movable Type Pro 5.13en, Stored XSS, JavaScript Injection, Vendor Unresponsive, Full Disclosure Introduction Movable Type MT started as on...

SilverStripe 2.4.7 Cross Site Scripting

OVERVIEW SilverStripe 2.4.7 and lower versions are vulnerable to Persistent Cross Site Scripting. 2. BACKGROUND SilverStripe CMS is easy for both developers and content authors to work with. The SilverStripe Framework keeps the code tucked away neatly so that it can be accessed easily by...

vOlk Botnet Framework 4.0 - Multiple Vulnerabilities

vOlk Botnet Framework 4.0 - Multiple Vulnerabilities Title: ====== vOlk Botnet Framework v4.0 - Multiple Web Vulnerabilities Date: ===== 2012-10-09 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=721 VL-ID: ===== 721 Common Vulnerability Scoring System:...

LAN Messenger 1.2.28 Cross Site Scripting

Title: ====== LAN Messenger v1.2.28 - Persistent Software Vulnerability Date: ===== 2012-05-16 References: =========== http://www.vulnerability-lab.com/getcontent.php?id= VL-ID: ===== 541 Common Vulnerability Scoring System: ==================================== 7.5 Introduction: ============= LAN...

File Attachment persistent XSS

There is a persistent XSS vulnerability in the attachment download functionality of Confluence. By uploading a malicious executable file type like SVG scalable vector graphics with embedded JavaScript, it’s possible for an attacker to execute arbitrary code under the context of the logged in user...

File Attachment persistent XSS

There is a persistent XSS vulnerability in the attachment download functionality of Confluence. By uploading a malicious executable file type like SVG scalable vector graphics with embedded JavaScript, it’s possible for an attacker to execute arbitrary code under the context of the logged in user...