Connect Back 139 bytes

Connect Back 139 bytes. Shellcode exploit for linux platform / Title: connect back shellcode that splits from the process it was injected into, and then stays persistent and difficult to remove. It is also very close to invisible due to some interesting effects created by forking, and calling the...

ChatSecure IM 2.2.4 Script Insertion

Document Title: =============== ChatSecure IM v2.2.4 iOS - Persistent Web Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1317 Release Date: ============= 2014-09-10 Vulnerability Laboratory ID VL-ID: ==================================== 13...

OroCRM - Persistent Cross-Site Scripting

OroCRM - Persistent Cross-Site Scripting Affected software: OroCRM is an easy-to-use, open source CRM with built in marketing automation tools for your commerce business. It's the CRM built for both sales and marketing! Discovered by: Provensec Website: http://www.provensec.com Author: Provensec...

Discuz! 7.2 某自带功能存在储存型XSS漏洞

简要描述： Discuz! 7.2 某自带功能存在储存型XSS漏洞 详细说明： 还是在签到哦 plugin.php?id=dpssign:sign 发表签到 签到可以写入xss 但是要干扰前面的代码 才可以形成xss https://images.seebug.org/upload/201409/1100522754a8ee564ad50b51a9dcd8669c53e051.jpg https://images.seebug.org/upload/201409/1100524583a5fba1a426878f1f3598aaf1fa7dfc.jpg 漏洞证明：...

ChatSecure IM 2.2.4 iOS - Persistent Cross-Site Scripting

ChatSecure IM 2.2.4 iOS - Persistent Cross-Site Scripting Document Title: =============== ChatSecure IM v2.2.4 iOS - Persistent Web Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1317 Release Date: ============= 2014-09-10 Vulnerability...

ChatSecure IM 2.2.4 iOS - Persistent Cross-Site Scripting

Document Title: =============== ChatSecure IM v2.2.4 iOS - Persistent Web Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1317 Release Date: ============= 2014-09-10 Vulnerability Laboratory ID VL-ID: ==================================== 13...

OroCRM - Persistent Cross-Site Scripting

Affected software: OroCRM is an easy-to-use, open source CRM with built in marketing automation tools for your commerce business. It's the CRM built for both sales and marketing! Discovered by: Provensec Website: http://www.provensec.com Author: Provensec Labs Type of vulnerability: XSS Stored...

ChatSecure IM v2.2.4 iOS - Persistent Web Vulnerability

Document Title: =============== ChatSecure IM v2.2.4 iOS - Persistent Web Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1317 Release Date: ============= 2014-09-10 Vulnerability Laboratory ID VL-ID: ==================================== 13...

Atmail Webmail 7.2 - Multiple Vulnerabilities

Atmail Webmail 7.2 - Multiple Vulnerabilities Title: Atmail Webmail =7.2 - Multiple XSS & FPD Date: 01.27.2014 Vendor: atmail.com Version: =7.2 Latest ATM, tested also on 7.1.1 Authors: Smash & Brag / smashatdevilteam.pl PoC: poczta.pl / demo.atmail.com 1. Cross Site Scripting a GET -...

phpMyFAQ 2.8.x - Multiple Vulnerabilities

phpMyFAQ 2.8.x - Multiple Vulnerabilities Title: phpMyFAQ 2.8.X - Multiple Vulnerabilities Vendor: phpmyfaq.de Date: 04.09.19 Version: = 2.8.12 Latest ATM Tested on: Apache 2.2 / PHP 5.4 / Linux Contact: smash at devilteam.pl 1 Persistent XSS Administrator is able to view information about specif...

TP-Link TL-WR841N TL-WR841ND - Multiple Vulnerabilities

TP-Link TL-WR841N TL-WR841ND - Multiple Vulnerabilities Title: TP-LINK Model No. TL-WR841N / TL-WR841ND - Multiple Vulnerabilities Date: 30.06.14 Vendor: TP-LINK Affected versions: TL-WR841N / TL-WR841ND Tested on: Firmware Version - 3.13.27 Build 121101 Rel.38183n, Hardware Version - WR841N v8...

PHP Stock Management System 1.02 - Multiple Persistent Cross Site Scripting Vulnerabilities

Exploit for php platform in category web applications ​ Exploit Title: Multiple Persistent Cross Site Scripting Vulnerabilities in PHP Stock Management System 1.02 Date: 25 Aug 2014 Exploit Author: ​Ragha Deepthi K R Vendor Homepage: ​http://www.posnic.com/​ Software Link:​...

osCommerce 2.3.4 - Multiple Vulnerabilities

osCommerce 2.3.4 - Multiple Vulnerabilities Title: osCommerce 2.3.4 - Multiple vulnerabilities Date: 10.07.14 Affected versions: = 2.3.4 latest atm Vendor: oscommerce.com Tested on: Apache 2.2.22 at Debian Contact: smash at devilteam.pl Cross Site Scripting 1. Reflected XSS - Send Email Vulnerabl...

osCommerce 2.3.4 - Multiple Vulnerabilities

Title: osCommerce 2.3.4 - Multiple vulnerabilities Date: 10.07.14 Affected versions: = 2.3.4 latest atm Vendor: oscommerce.com Tested on: Apache 2.2.22 at Debian Contact: smash at devilteam.pl Cross Site Scripting 1. Reflected XSS - Send Email Vulnerable parameters - customersemailaddress &...

Atmail Webmail 7.2 - Multiple Vulnerabilities

Title: Atmail Webmail =7.2 - Multiple XSS & FPD Date: 01.27.2014 Vendor: atmail.com Version: =7.2 Latest ATM, tested also on 7.1.1 Authors: Smash & Brag / smashatdevilteam.pl PoC: poczta.pl / demo.atmail.com 1. Cross Site Scripting a GET - viewmessageTabNumber Request:...

phpMyFAQ 2.8.x - Multiple Vulnerabilities

Title: phpMyFAQ 2.8.X - Multiple Vulnerabilities Vendor: phpmyfaq.de Date: 04.09.19 Version: = 2.8.12 Latest ATM Tested on: Apache 2.2 / PHP 5.4 / Linux Contact: smash at devilteam.pl 1 Persistent XSS Administrator is able to view information about specific user session in 'Statistic' tab. Over...

Zen Cart 1.5.3 - Multiple Vulnerabilities

Title: Zen Cart 1.5.3 - CSRF & Admin Panel XSS Date: 09.07.14 Vendor: zen-cart.com Tested on: Apache 2.2 at Linux Contact: smashatdevilteam.pl 1 - CSRF - Delete admin GET profile stands for user id. localhost/zen/zen-cart-v1.5.3-07042014/admin123/profiles.php?action=delete&profile=2 - Reset layou...

TP-Link TL-WR841N / TL-WR841ND - Multiple Vulnerabilities

Title: TP-LINK Model No. TL-WR841N / TL-WR841ND - Multiple Vulnerabilities Date: 30.06.14 Vendor: TP-LINK Affected versions: TL-WR841N / TL-WR841ND Tested on: Firmware Version - 3.13.27 Build 121101 Rel.38183n, Hardware Version - WR841N v8 00000000 at Linux Contact: smash at devilteam.pl 1 -...

vBulletin 5.1.x - Persistent Cross-Site Scripting

Title: vBulletin 5.1.X - Cross Site Scripting Date: 05.09.14 Version: = 5.1.2 Latest ATM Vendor: vbulletin.com Contact: smash at devilteam.pl 1 Agenda Latest vBulletin forum software suffers on persistent cross site scripting vulnerability, which most likely can be used against every user, such a...

vBulletin 5.1.x - Persistent Cross-Site Scripting

vBulletin 5.1.x - Persistent Cross-Site Scripting Title: vBulletin 5.1.X - Cross Site Scripting Date: 05.09.14 Version: = 5.1.2 Latest ATM Vendor: vbulletin.com Contact: smash at devilteam.pl 1 Agenda Latest vBulletin forum software suffers on persistent cross site scripting vulnerability, which...