7633 matches found
Inquisiq R3 (LMS) - Multiple Persistent Vulnerabilities
Document Title: =============== Inquisiq R3 LMS - Multiple Persistent Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=317 Release Date: ============= 2012-01-27 Vulnerability Laboratory ID VL-ID: ==================================== 317...
Inquisiq R3 (LMS) - Multiple Persistent Vulnerabilities
Document Title: =============== Inquisiq R3 LMS - Multiple Persistent Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=317 Release Date: ============= 2012-01-27 Vulnerability Laboratory ID VL-ID: ==================================== 317...
DeutschePost Website - Non Persistent Web Vulnerability
Document Title: =============== DeutschePost Website - Non Persistent Web Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=261 Release Date: ============= 2012-01-26 Vulnerability Laboratory ID VL-ID: ==================================== 261...
WordPress <= 3.3.1 Multiple Vulnerabilities
Exploit for php platform in category web applications Trustwave's SpiderLabs Security Advisory TWSL2012-002: Multiple Vulnerabilities in WordPress Published: 1/24/12 Version: 1.0 Vendor: WordPress http://wordpress.org/ Product: WordPress Version affected: 3.3.1 and prior Product description:...
Acolyte CMS 1.5 / 6.3 Cross Site Scripting / SQL Injection
Title: ====== Acolyte CMS v1.5 and v6.3 - SQL Injection Vulnerabilities Date: ===== 2012-01-25 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=397 VL-ID: ===== 397 Abstract: ========= A Vulnerability Laboratory researcher discovered a critical remote SQL Injection and a...
Acolyte CMS v1.5 and v6.3 - SQL Injection Vulnerabilities
Document Title: =============== Acolyte CMS v1.5 and v6.3 - SQL Injection Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=397 Release Date: ============= 2012-01-25 Vulnerability Laboratory ID VL-ID: ==================================== 3...
Parallels H Sphere 3.3 P1 Cross Site Scripting
Title: ====== Parallels H Sphere v3.3 P1 - Multiple Persistent Vulnerabilities Date: ===== 2012-01-22 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=392 VL-ID: ===== 392 Introduction: ============= Parallels H-Sphere delivers a multi-server hosting automation solution...
Drupal CKEditor 3.0 - 3.6.2 - Persistent EventHandler XSS
Exploit Title: Drupal CKEditor 3.0 - 3.6.2 - Persistent EventHandler XSS Google Dork: "inurl:"sites/all/modules/ckeditor" -drupalcode.org" Google Results: Approximately 379.000 results Date: 18th January 2012 Author: MaXe @InterN0T Found in a private Hatforce.com Penetration Test Software Link:...
Parallels H Sphere v3.3 P1 - Multiple Web Vulnerabilities
Document Title: =============== Parallels H Sphere v3.3 P1 - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=392 Release Date: ============= 2012-01-21 Vulnerability Laboratory ID VL-ID: ==================================== 3...
Discuz 4.0 头像设置处可以持久型脚本
简要描述: Discuz 4.0 头像设置处可以post xss脚本, 可能是个老漏洞了,在内网的论坛上发现的,不知道是否没升级…… 详细说明: Discuz 4.0 头像设置处,先选一个系统自带头像,提交,抓包。 将头像地址【customavatars/190.jpg】替换为xss脚本【javascript:alert/x/】,post提交后,所有头像引用代码辩位;可以成功执行。 不过引号、,等会被替换或编码,必须构造无引号的语句 漏洞证明:...
Syneto UTM WAF v1.4.2 - Multiple Web Vulnerabilities
Document Title: =============== Syneto UTM WAF v1.4.2 - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=373 Release Date: ============= 2012-01-20 Vulnerability Laboratory ID VL-ID: ==================================== 373...
Drupal Module CKEditor 3.0 3.6.2 - Persistent EventHandler Cross-Site Scripting
Drupal Module CKEditor 3.0 3.6.2 - Persistent EventHandler Cross-Site Scripting Exploit Title: Drupal CKEditor 3.0 - 3.6.2 - Persistent EventHandler XSS Google Dork: "inurl:"sites/all/modules/ckeditor" -drupalcode.org" Google Results: Approximately 379.000 results Date: 18th January 2012 Author:...
Drupal Module CKEditor 3.0 < 3.6.2 - Persistent EventHandler Cross-Site Scripting
Exploit Title: Drupal CKEditor 3.0 - 3.6.2 - Persistent EventHandler XSS Google Dork: "inurl:"sites/all/modules/ckeditor" -drupalcode.org" Google Results: Approximately 379.000 results Date: 18th January 2012 Author: MaXe @InterN0T Found in a private Hatforce.com Penetration Test Software Link:...
Drupal CKEditor 3.6.2 Cross Site Scripting
Exploit Title: Drupal CKEditor 3.0 - 3.6.2 - Persistent EventHandler XSS Google Dork: "inurl:"sites/all/modules/ckeditor" -drupalcode.org" Google Results: Approximately 379.000 results Date: 18th January 2012 Author: MaXe @InterN0T Found in a private Hatforce.com Penetration Test Software Link:...
Barracuda Spam/Virus WAF 600 - Multiple Vulnerabilities
Document Title: =============== Barracuda Spam/Virus WAF 600 - Multiple Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=28 Release Date: ============= 2012-01-18 Vulnerability Laboratory ID VL-ID: ==================================== 28...
MegaSWF Cross Site Scripting
Title: ====== MegaSWF - Persistant Cross Site Scripting Vulnerability Date: ===== 2012-01-12 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=368 VL-ID: ===== 368 Introduction: ============= Do you create Flash games, Flash animations, or any other type of content saved ...
Barracuda SSL VPN 480 Script Insertion
Title: ====== Barracuda SSL VPN 480 - Multiple Web Vulnerabilities Date: ===== 2012-01-12 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=35 VL-ID: ===== 35 Introduction: ============= The Barracuda SSL VPN is an integrated hardware and software solution enabling secure...
WebTitan Appliance 3.50.x Script Insertion
Title: ====== WebTitan Appliance v3.50.x - Multiple Web Vulnerabilities Date: ===== 2012-01-13 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=89 VL-ID: ===== 89 Introduction: ============= WebTitan is a complete internet monitoring software web filter which provides...
Wordpress plugin Count-per-day plurality of defect and repair-vulnerability warning-the black bar safety net
Title: Count-per-day Wordpress plugin Arbitrary file download and XSS Affected versions: 3.1.1 Author 6Scan http://6scan.com security team www.2cto.com Download address: http://wordpress.org/extend/plugins/count-per-day/ Official fix: This advisory is released after the vendor has responded and...
Tine 2.0 - Maischa Multiple Cross-Site Scripting Vulnerabilities
Tine 2.0 - Maischa Multiple Cross-Site Scripting Vulnerabilities Title: ====== Tine v2.0 Maischa - Cross Site Scripting Vulnerability Date: ===== 2012-01-12 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=379 VL-ID: ===== 379 Introduction: ============= Tine 2.0 is an...