New CSRF and XSS vulnerabilities in ADSL modem Callisto 821+

Hello 3APA3A! I want to warn you about security vulnerabilities in ADSL modem Callisto 821+ SI2000 Callisto821+ Router. These are Cross-Site Request Forgery and Cross-Site Scripting vulnerabilities. In April I've already drew attention of Ukrtelecom's representative and this modem was bough at...

New CSRF and XSS vulnerabilities in ADSL modem Callisto 821+

Hello 3APA3A! I want to warn you about security vulnerabilities in ADSL modem Callisto 821+ SI2000 Callisto821+ Router. These are Cross-Site Request Forgery and Cross-Site Scripting vulnerabilities. Which I've found in your modem. In April I've already drew attention of Ukrtelecom's representativ...

Report: L3 Warns Employees Of Attacks Using Compromised SecurID Tokens

Executives at U.S. defense contractor L-3 Communications warned employees in April about an attempt by unknown assailants to compromise the company’s network using forged SECURID tokens from RSA. The report, if accurate would be the second attack on a leading defense contractor with links back to...

Apache Archiva 1.3.4 Cross Site Scripting

Hi, This is regarding multiple XSS Cross Site Scripting Vulnerabilities in Apache Archiva 1.3.4 and previous versions. The following is the disclosure document Project: Apache Archiva Severity: High Versions: 1.3.0 - 1.3.4. The unsupported versions Archiva 1.0 - 1.2.2 are also affected. Exploit...

[SECURITY] CVE-2011-1077: Apache Archiva Multiple XSS vulnerability

CVE-2011-1077: Apache Archiva Multiple XSS vulnerability Severity: High Vendor: The Apache Software Foundation Versions Affected: Archiva 1.3.0 - 1.3.4 The unsupported versions Archiva 1.0 - 1.2.2 are also affected. Description: The multiple XSS issues found are both Stored Persistent and Reflect...

CSRF and XSS vulnerabilities in ADSL modem Callisto 821+

Hello 3APA3A! I want to warn you about security vulnerabilities in ADSL modem Callisto 821+ SI2000 Callisto821+ Router. These are Cross-Site Request Forgery and Cross-Site Scripting vulnerabilities. These attacks should be conducted on modem owner, which is logged into control panel. Taking into...

FPD и XSS уязвимости в Easy Contact для WordPress

Здравствуйте 3APA3A! Сообщаю вам о найденных мною Full path disclosure и Cross-Site Scripting уязвимостях в плагине Easy Contact для WordPress. Full path disclosure WASC-13: http://site/wp-content/plugins/easy-contact/econtact.php http://site/wp-content/plugins/easy-contact/econtact-menu.php XSS...

dhtml-menu-builder Auth bypass and Persistent XSS Vulnerability

Exploit for php platform in category web applications 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /' \ /\ //\ Exploit database separated by exploit 0 0 // type local, remote, DoS, etc. 1 1 1 0 +...

xMatters AlarmPoint Java Web Server API 3.2.1 Cross Site Scripting

Information -------------------- Name : XSS Persistent vulnerability in xMatters AlarmPoint Java Web Server API Software : xMatters AlarmPoint Vendor Homepage : http://www.xmatters.com Vulnerability Type : Cross-Site Scripting Severity : High Researcher : Juan Sacco Description ------------------...

eyeos 1.9.0.2 - Persistent Cross-Site Scripting Using Image Files

Title: eyeOS alert"XSS done"; - Risks and consequences: Malicious users can inject code inside image files malware, browser exploits, etc... to attack other users and compromise the whole system via shared files or internal messages. - Mitigations: Disallow public dirs. Avoid work with images. -...

Football Website Manager 1.1 Cross Site Scripting / SQL Injection

========================================================================= Football Website Manager PHP Script BSQL-i / Persistent XSS Vulnerability ==========================================================================...

ZenPhoto 1.4.0.3 x-forwarded-for HTTP Header presisitent XSS

Exploit for php platform in category web applications Exploit Title: ZenPhoto 1.4.0.3 patched 2011-4-19 x-forwarded-for HTTP Header presisitent XSS Date: 21-4-2011 Author: Saif El-Sherei Software Link: http://zenphoto.googlecode.com/files/zenphoto-1.4.0.3.zip Version: 1.4.0.3 latest updated...

The Oak Ridge National Laboratory Hacked !

A top United States federal lab was the victim of a "silent" cyberattack earlier this month, news outlets are reporting The Oak Ridge National Laboratory in Tennessee was the victim, according to Nextgov.com. The lab is an energy department laboratory that studies nuclear fusion, supercomputing,...

ZenPhoto 1.4.0.3 Cross Site Scripting

Exploit Title: ZenPhoto 1.4.0.3 patched 2011-4-19 x-forwarded-for HTTP Header presisitent XSS Date: 21-4-2011 Author: Saif El-Sherei Software Link: http://zenphoto.googlecode.com/files/zenphoto-1.4.0.3.zip Version: 1.4.0.3 latest updated 2011-4-19 Tested on:FF 3.0.15, IE 8 Info: Zenphoto is an...

Oak Ridge National Laboratory Cuts Off Internet, E-mail After Attack

The Oak Ridge National Laboratory, a science and technology complex that houses one of the world’s fastest computers, was forced to suspend Internet access and e-mail capabilities for employees on Friday in response to what has been described as a targeted phishing attack, according to...

Supreme Court of Canada vulnerable to non prsistance xss attack !

Supreme Court of Canada vulnerable to xss attack ! Vunl Link : https://sr.scc-csc.gc.ca/search?client=SCC-CSC&site=Internet&output=xmlnodtd&proxystylesheet=SCC-CSC&hl=en&oe=latin1&ie=latin1&q=%3E%22%3E%3CMARQUEE%3EHACKED+BY+ZERO+COOL%3C%2FMARQUEE%3E&btnG=Search Found n Submitted by : Zero Cool...

O2 classic router: persistent cross site scripting (XSS) and cross site request forgery (CSRF)

O2 classic router: persistent cross site scripting XSS and cross site request forgery CSRF References https://vulners.com/cve/CVE-2010-1482 http://int21.de/cve/CVE-2011-0746-o2-router.html Description The default DSL router shipped by the german company O2 is completely vulnerable to persistent...

O2 Classic Router Cross Site Request Forgery / Cross Site Scripting

O2 classic router: persistent cross site scripting XSS and cross site request forgery CSRF References http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1482 http://int21.de/cve/CVE-2011-0746-o2-router.html Description The default DSL router shipped by the german company O2 is completely...

Yaws-Wiki 1.88-1 (Erlang) - Persistent Reflective Cross-Site Scripting

Yaws-Wiki 1.88-1 Erlang - Persistent Reflective Cross-Site Scripting Application: yaws-wiki version affected: 1.88-1 platform: Erlang homepage:http://yaws.hyber.org/ Researcher: Michael Brooks Orignal Advisory:https://sitewat.ch/en/Advisory/4 Install instructions for Ubuntu: sudo apt-get install...

DoceboLms 4.0.4 - Multiple Persistent Cross-Site Scripting Vulnerabilities

DoceboLms 4.0.4 - Multiple Persistent Cross-Site Scripting Vulnerabilities DoceboLMS 4.0.4 Multiple Stored XSS Vulnerabilities function xss1document.forms"xss1".submit; function xss2document.forms"xss2".submit; input type="hidden" name="authentic...