WordPress Plugin mini mail Dashboard widget 1.42 - Persistent Cross-Site Scripting

!/usr/bin/python ''' Author: loneferret of Offensive Security Product: Mini Mail Dashboard Widget Version: 1.42 Software Download: http://wordpress.org/extend/plugins/mini-mail-dashboard-widget/ Timeline: 29 May 2012: Vulnerability reported to CERT 30 May 2012: Response received from CERT with...

VMware Vendor Service Cross Site Scripting

Title: ====== VMware Vendor Service - Multiple Web Vulnerabilities Date: ===== 2012-05-16 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=419 VL-ID: ===== 419 Common Vulnerability Scoring System: ==================================== 5.2 Introduction: ============= VMwar...

Inoutmail Webmail CMS 2012 Cross Site Scripting

Title: ====== Inout Mobile Webmail APP - Multiple Web Vulnerabilities Date: ===== 2012-06-08 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=609 VL-ID: ===== 609 Common Vulnerability Scoring System: ==================================== 3.5 Abstract: ========= The...

eFront Enterprise v3.6.11 - Multiple Web Vulnerabilities

Document Title: =============== eFront Enterprise v3.6.11 - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=668 Release Date: ============= 2012-08-06 Vulnerability Laboratory ID VL-ID: ==================================== 66...

WordPress Effective Lead Management Plugin 3.0.0 - Persistent XSS

Effective Lead Management plugin is prone to a persistent XSS vulnerability. If the Javascript is included in the name or in the "requirements" field, this vulnerability will fire the admin views the lead management page. Solution Update the plugin...

XSS vulnerability in the "import word document" page action through the page name

On the "import word document" page action the name of the confluence page is a persistent xss vector as it is not encoded. How to Reproduce: 1. Create a confluence page with the following title noformat XSS"/alert'XSS' noformat 2. Navigate to the created page 3. Under the tools menu select "Impor...

XSS vulnerability in the "import word document" page action through the page name

On the "import word document" page action the name of the confluence page is a persistent xss vector as it is not encoded. How to Reproduce: 1. Create a confluence page with the following title noformat XSS"/alert'XSS' noformat 2. Navigate to the created page 3. Under the tools menu select "Impor...

XSS vulnerability in the "import word document" page action through the page name

On the "import word document" page action the name of the confluence page is a persistent xss vector as it is not encoded. How to Reproduce: 1. Create a confluence page with the following title noformat XSS"/alert'XSS' noformat 2. Navigate to the created page 3. Under the tools menu select "Impor...

eFront Educational v3.6.11 - Multiple Web Vulnerabilities

Document Title: =============== eFront Educational v3.6.11 - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=666 Release Date: ============= 2012-08-03 Vulnerability Laboratory ID VL-ID: ==================================== 6...

eFront Educational v3.6.11 - Multiple Web Vulnerabilities

Document Title: =============== eFront Educational v3.6.11 - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=666 Release Date: ============= 2012-08-03 Vulnerability Laboratory ID VL-ID: ==================================== 6...

Barracuda EMail Security 2.0.2 Filter Bypass / XSS

Title: ====== Barracuda EMail Security 2.0.2 - Multiple Web Vulnerabilities Date: ===== 2012-08-01 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=621 http://www.vulnerability-lab.com/getcontent.php?id=630 Barracuda Networks Security ID: BNSEC-304 VL-ID: ===== 621 Commo...

Kaspersky Password Manager - Filter Bypass Vulnerability

Document Title: =============== Kaspersky Password Manager - Filter Bypass Vulnerability References: =========== http://www.vulnerability-lab.com/getcontent.php?id=674 Download: http://www.vulnerability-lab.com/resources/videos/674.wmv View: http://www.youtube.com/watch?v=8D86ic9opYE Advisory:...

Barracuda Email Security Service - Multiple HTML Injection Vulnerabilities

Barracuda Email Security Service - Multiple HTML Injection Vulnerabilities source: https://www.securityfocus.com/bid/54773/info Barracuda Email Security Service is prone to multiple HTML-injection vulnerabilities because it fails to properly validate user-supplied input. An attacker may leverage...

Inout Mobile Webmail APP Persistent XSS Vulnerability

Exploit for php platform in category web applications Inout Mobile Webmail APP - Multiple Web Vulnerabilities Details: ======== Multiple persistent input validation vulnerabilities are detected in the inoutscripts mobile Inoutmail CMS 2012. The bugs allow remote attackers to implement/inject...

Barracuda EMail Security 2.0.2 - Multiple Web Vulnerabilities

Document Title: =============== Barracuda EMail Security 2.0.2 - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=621 http://www.vulnerability-lab.com/getcontent.php?id=563 Barracuda Networks Security ID: BNSEC-304 Release Dat...

Social Engine v4.2.5 - Multiple Web Vulnerabilities

Document Title: =============== Social Engine v4.2.5 - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=672 Release Date: ============= 2012-07-30 Vulnerability Laboratory ID VL-ID: ==================================== 672...

Social Engine v4.2.5 - Multiple Web Vulnerabilities

Document Title: =============== Social Engine v4.2.5 - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=672 Release Date: ============= 2012-07-30 Vulnerability Laboratory ID VL-ID: ==================================== 672...

rdtax.myeg.com.my Cross Site Scripting

Exploit Title: rdtax.myeg.com.my XSS Vulnerability Date: 27/07/2012 Author: Ryuzaki Lawlet Web/Blog: http://justryuz.blogspot.com Category: webapps Security:RISK: normal Vendor or Software Link: Google dork: - Tested on: Linux Exploit/p0c : http://localhost:80/path/path/chooseIns.jsp?agent= Proof...

Social Engine 4 Cross Site Scripting

===================================================== Social Engine 4 Persistent XSS & Non-Persistent XSS ===================================================== :----------------------------------------------------------------------------------------------------------------------------------------...

Firms Need 'Tough Love' In Struggle Against APTs

Black Hat is upon us and, with it, a lot of chatter about the dangers posed by so-called “APT,” or advanced persistent threats. Rather than get trapped in the hype bubble, Threatpost editor Paul Roberts took the opportunity to check back in with a recognized expert on detecting and combating...