Gwibber v2.29.1 & v3.x - Persistent Software Vulnerability

Document Title: =============== Gwibber v2.29.1 & v3.x - Persistent Software Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=365 Release Date: ============= 2011-12-21 Vulnerability Laboratory ID VL-ID: ====================================...

CS и XSS уязвимости в Zeema CMS

Здравствуйте 3APA3A! Сообщаю вам о найденных мною Content Spoofing и Cross-Site Scripting уязвимостях в системе Zeema CMS. Это украинская коммерческая CMS. Content Spoofing WASC-12: В связи с возможностью прямого обращения к скрипту http://site/counter/counter.php с подделкой параметра ref и...

Content Papst CMS 2011.2 Cross Site Scripting / Information Disclosure

Title: ====== Content Papst CMS v2011.2 - Multiple Web Vulnerabilities Date: ===== 2011-12-18 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=363 VL-ID: ===== 363 Introduction: ============= Contentpapst ist ein leistungsstarkes und sehr flexibles...

Content Papst CMS v2011.2 - Multiple Web Vulnerabilities

Document Title: =============== Content Papst CMS v2011.2 - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=363 Release Date: ============= 2011-12-18 Vulnerability Laboratory ID VL-ID: ==================================== 36...

Windows Command Shell, Bind TCP (via perl) IPv6

Listen for a connection and spawn a command shell via perl persistent This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework module MetasploitModule CachedSize = 140 include Msf::Payload::Single include...

Web App Pentesting - PenTest Magazine

Web App Pentesting - Pentest Magazine The significance of HTTP and the Web for Advanced Persistent Threats Web Application Security and Penetration Testing Developers are form Wenus, Application Security guys from Mars Pulling legs of Arachni XSS BeeF Metaspolit Exploitation Cross-site request...

Cross-Site Scripting Vuln in Zoho ManageEngine ADSelfServicePlus

Vulnerability ID: VRPTH-2011-001 Reference: http://jameswebb.me/vulns/vrpth-2011-001.txt Vulnerability Summary ====================== Non-persistent XSS in Zoho ManageEngine ADSelfService Plus Test Environment ================= Windows 2008RC2 fully patched. ManageEngine ADSelfServicePlus version...

Zoho ManageEngine ADSelfService Plus 4.5 Cross Site Scripting

Vulnerability ID: VRPTH-2011-001 Reference: http://jameswebb.me/vulns/vrpth-2011-001.txt Vulnerability Summary ====================== Non-persistent XSS in Zoho ManageEngine ADSelfService Plus Test Environment ================= Windows 2008RC2 fully patched. ManageEngine ADSelfServicePlus version...

iGuard Biometric Access Control - Multiple Vulnerabilities

Document Title: =============== iGuard Biometric Access Control - Multiple Vulnerabilities References Source: ==================== 2011/Q3-4 Release Date: ============= 2011-11-08 Vulnerability Laboratory ID VL-ID: ==================================== 104 Product & Service Introduction:...

Saints Row Cross Site Scripting

| Title : Saints Row saintsrow.com Persistent XSS | Author : Codeine | Email : f3codeineatyahoodotcom | Date : 11/07/2011 | Cat : PHPXSS | URL : http://www.saintsrow.com/ Saintsrow.com suffers from a persistent XSS vulnerability within the profile system. The vulnerability persists in all profile...

WhiteHouse Gov Service - Persistent Web Vulnerabilities

Document Title: =============== WhiteHouse Gov Service - Persistent Web Vulnerabilities References: =========== Download: http://www.vulnerability-lab.com/resources/videos/314.wmv View: http://www.youtube.com/watch?v=dsxyQLCPmE Release Date: ============= 2011-11-06 Vulnerability Laboratory ID...

Strictly social XSS уязвимость в WordPress

Здравствуйте 3APA3A! Сообщаю вам о найденной мною Cross-Site Scripting уязвимости в WordPress. Которую я нашёл ещё 15.10.2008 и к которой уязвимы все версии WordPress. В WordPress имеет место Cross-Site Scripting уязвимость, в данном случае Strictly social XSS http://websecurity.com.ua/5469/, на...

WhiteHouse Gov Service - Persistent Web Vulnerabilities

Document Title: =============== WhiteHouse Gov Service - Persistent Web Vulnerabilities References: =========== Download: http://www.vulnerability-lab.com/resources/videos/314.wmv View: http://www.youtube.com/watch?v=dsxyQLCPmE Release Date: ============= 2011-11-06 Vulnerability Laboratory ID...

Persistent XSS Vulnerability in White House Website

Persistent XSS Vulnerability in White House Website Alexander Fuchs, A German Security Researcher Discover Persistent XSS Vulnerability in Official website of White House. He said "The petition system is vulnerable. Every Petition i start or join will execute my code. I could join all petitions a...

Persistent XSS Vulnerability in White House Website

Persistent XSS Vulnerability in White House Website Alexander Fuchs, A German Security Researcher Discover Persistent XSS Vulnerability in Official website of White House. He said "The petition system is vulnerable. Every Petition i start or join will execute my code. I could join all petitions a...

XSS Vulnerability on AOL Energy website

XSS Vulnerability on AOL Energy website A non-persistent Cross Site Scripting XSS vulnerability discovered on AOL Energy website. The similar Vulnerability is claimed by few other guys on some forums too. No clue that who found it first, But THN got update from Vansh & Vaibhuv from India...

XSS Vulnerability on AOL Energy website

XSS Vulnerability on AOL Energy website A non-persistent Cross Site Scripting XSS vulnerability discovered on AOL Energy%3C%2Fscript%3E website. The similar Vulnerability is claimed by few other guys on some forums too. No clue that who found it first, But THN got update from Vansh & Vaibhuv from...

Whitehouse.gov Cross Site Scripting

Title: ====== WhiteHouse Gov Service - Persistent Web Vulnerability Date: ===== 2011-11-04 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=308 VL-ID: ===== 308 Introduction: ============= http://www.whitehouse.gov/ Abstract: ========= The vulnerability-lab researcher...

Barracuda Archiver 650 - Input Validation Vulnerability

Document Title: =============== Barracuda Archiver 650 - Input Validation Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=34 Release Date: ============= 2011-11-03 Vulnerability Laboratory ID VL-ID: ==================================== 34...

WhiteHouse Gov Service - Persistent Web Vulnerability

Document Title: =============== WhiteHouse Gov Service - Persistent Web Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=308 Release Date: ============= 2011-11-03 Vulnerability Laboratory ID VL-ID: ==================================== 308...