Endpoint Protector v4.0.4.0 - Multiple Web Vulnerabilities

Title: ====== Endpoint Protector v4.0.4.0 - Multiple Web Vulnerabilities Date: ===== 2012-10-01 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=571 VL-ID: ===== 571 Common Vulnerability Scoring System: ==================================== 5 Introduction: =============...

Fortigate UTM WAF Appliance - Multiple Web Vulnerabilities

Title: ====== Fortigate UTM WAF Appliance - Multiple Web Vulnerabilities Date: ===== 2012-09-06 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=557 VL-ID: ===== 557 Common Vulnerability Scoring System: ==================================== 5 Introduction: ============= T...

GTA UTM Firewall GB 6.0.3 - Multiple Web Vulnerabilities

Title: ====== GTA UTM Firewall GB 6.0.3 - Multiple Web Vulnerabilities Date: ===== 2012-09-30 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=579 VL-ID: ===== 579 Common Vulnerability Scoring System: ==================================== 4 Introduction: ============= The...

GTA UTM Firewall GB 6.0.3 - Multiple Web Vulnerabilities

Title: ====== GTA UTM Firewall GB 6.0.3 - Multiple Web Vulnerabilities Date: ===== 2012-09-10 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=579 VL-ID: ===== 579 Common Vulnerability Scoring System: ==================================== 4 Introduction: ============= The...

Fortigate UTM WAF Appliance - Multiple Web Vulnerabilities

Title: ====== Fortigate UTM WAF Appliance - Multiple Web Vulnerabilities Date: ===== 2012-09-06 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=557 VL-ID: ===== 557 Common Vulnerability Scoring System: ==================================== 5 Introduction: ============= T...

Endpoint Protector 4.0.4.0 - Multiple Vulnerabilities

Title: ====== Endpoint Protector v4.0.4.0 - Multiple Web Vulnerabilities Date: ===== 2012-10-01 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=571 VL-ID: ===== 571 Common Vulnerability Scoring System: ==================================== 5 Introduction: =============...

Mail.RU Group eMail - Persistent Web Vulnerability

Document Title: =============== Mail.RU Group eMail - Persistent Web Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=709 Release Date: ============= 2012-10-09 Vulnerability Laboratory ID VL-ID: ==================================== 709 Comm...

Mail.RU Group eMail - Persistent Web Vulnerability

Document Title: =============== Mail.RU Group eMail - Persistent Web Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=709 Release Date: ============= 2012-10-09 Vulnerability Laboratory ID VL-ID: ==================================== 709 Comm...

Persistent xss within build and plan labels

Labels are not escaped when rendered in several resources and so are a persistent xss vector. Some example resources where this can be seen include: plan configuration, plan viewing, http://$host/bamboo/build/label/viewLabels.action and allPlans.action as filter options. An example label which ca...

persistent xss in a user's username within mentions within comments

A user's username is injected into the "rel" attribute of the user mention link without being encoded properly. This means that if the username contains a " character then new attributes can be injected into the user mention link element. Hence, providing a persistent xss vector. To reproduce thi...

Paypal BugBounty 5 Cross Site Scripting

Title: ====== Paypal BugBounty 5 - Persistent Web Vulnerability Date: ===== 2012-10-03 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=639 VL-ID: ===== 639 Common Vulnerability Scoring System: ==================================== 3.3 Introduction: ============= PayPal i...

vOlk Botnet Framework v4.0 - Multiple Web Vulnerabilities

Document Title: =============== vOlk Botnet Framework v4.0 - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=721 Release Date: ============= 2012-10-08 Vulnerability Laboratory ID VL-ID: ==================================== 7...

Interspire Email Marketer 6.0.1 XSS / SQL Injection

Title: ====== Interspire Email Marketer v6.0.1 - Multiple Vulnerabilites Date: ===== 2012-10-02 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=710 VL-ID: ===== 710 Common Vulnerability Scoring System: ==================================== 8.3 Introduction: =============...

Web Help Desk by SolarWinds - Persistent Cross-Site Scripting

Web Help Desk by SolarWinds - Persistent Cross-Site Scripting Author: loneferret of Offensive Security Product: Web Help Desk by SolarWinds Version: 11.0.7 older versions may be affected Vendor Site: http://www.webhelpdesk.com Software Download: http://www.webhelpdesk.com/help-desk-software/...

Web Help Desk by SolarWinds - Persistent Cross-Site Scripting

Author: loneferret of Offensive Security Product: Web Help Desk by SolarWinds Version: 11.0.7 older versions may be affected Vendor Site: http://www.webhelpdesk.com Software Download: http://www.webhelpdesk.com/help-desk-software/ Discovered: August 18th 2012 Disclosure: August 19th 2012: Reporte...

vOlk Botnet Framework v4.0 - Multiple Web Vulnerabilities

Document Title: =============== vOlk Botnet Framework v4.0 - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=721 Release Date: ============= 2012-10-08 Vulnerability Laboratory ID VL-ID: ==================================== 7...

Potential persistent xss in fixCaseInNotifications.jsp

There is a difficult to exploit XSS in fixCaseInNotifications.jsp. We could not get it to trigger, but there are some scenarios where unescaped data can be displayed through fix method correctName, userNameToFix. The relevant code is as follows: code NotificationCaseFixer caseFixer = new...

Omnistar Mailer 7.2 - Multiple Vulnerabilities

Omnistar Mailer 7.2 - Multiple Vulnerabilities Title: ====== Omnistar Mailer v7.2 - Multiple Web Vulnerabilities Date: ===== 2012-10-01 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=711 VL-ID: ===== 711 Common Vulnerability Scoring System:...

OPlayer 2.0.05 iPhone,iPod TC & iPad - Web Vulnerabilities

Document Title: =============== OPlayer 2.0.05 iPhone,iPod TC & iPad - Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=713 Release Date: ============= 2012-10-02 Vulnerability Laboratory ID VL-ID: ====================================...

GTA UTM Firewall GB 6.0.3 Cross Site Scripting

Title: ====== GTA UTM Firewall GB 6.0.3 - Multiple Web Vulnerabilities Date: ===== 2012-09-10 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=579 VL-ID: ===== 579 Common Vulnerability Scoring System: ==================================== 4 Introduction: ============= The...