HP Laser Jet - JavaScript Persistent XSS via PJL Directory Traversal

Exploit for hardware platform in category web applications !/usr/bin/perl use strict; use warnings; use IO::Socket::INET; my $host = $ARGV0; Exploit Title: HP Laser Jet Persistent Javascript Cross Site Scripting via PJL Google Dork: n/a Date: 4/22/14 Exploit Author: @0x00string Vendor Homepage:...

Juniper Networks Junos OS J-Web Persistent Cross Site Scripting Vulnerability

Persistent XSS Vulnerability in J-Web SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/o:juniper:junos"; if description...

NETGEAR DGN2200 1.0.0.29_1.7.29_HotS - Persistent Cross-Site Scripting

NETGEAR DGN2200 1.0.0.291.7.29HotS - Persistent Cross-Site Scripting Exploit Title: Stored XSS Vulnerability in NETGEAR DGN2200 Web interface Date 30/04/2014 Exploit author: Dolev Farhi @f1nhack Vendor homepage: http://netgear.com Affected Firmware version: 1.0.0.291.7.29HotS Affected Hardware:...

BarracudaDrive 6.7.1 Cross Site Scripting Vulnerability

BarracudaDrive version 6.7.1 suffers from multiple persistent and reflective cross site scripting vulnerabilities Title : BarracudaDrive Multiple XSS Vulnerabilities Author : Shakeel Bhat SecPod Technologies Pvt. Ltd. http://www.secpod.com Vendor : http://barracudadrive.com Advisory :...

BarracudaDrive 6.7.1 Cross Site Scripting

Title : BarracudaDrive Multiple XSS Vulnerabilities Author : Shakeel Bhat SecPod Technologies Pvt. Ltd. http://www.secpod.com Vendor : http://barracudadrive.com Advisory : http://secpod.org/blog/?p=2309 http://secpod.org/advisories/SecPodAdvistoryBarracudaDrive6.7.1MultXSSVuln.txt Software :...

Mail.ru: Persistent XSS in afisha.mail.ru

Adding a comment to article, this makes javascript execution possible. POST: http://afisha.mail.ru/ext/addcomment/ Post Content alias=article&id=42797&pid=&count=20&commentbody=%5Btesting%5D+%22%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E&ok=%D0%94%D0%BE%D0%B1%D0%B0%D0%B2%D0%B8%D1%82%D1%8C also the...

HP Laser Jet - JavaScript Persistent Cross-Site Scripting via PJL Directory Traversal

HP Laser Jet - JavaScript Persistent Cross-Site Scripting via PJL Directory Traversal !/usr/bin/perl use strict; use warnings; use IO::Socket::INET; my $host = $ARGV0; Exploit Title: HP Laser Jet Persistent Javascript Cross Site Scripting via PJL Google Dork: n/a Date: 4/22/14 Exploit Author:...

Respondly: Persistent Cross-site scripting vulnerability settings.

Hello, I created an account with as group name ", after that I went to settings and found a Cross-site scripting vulnerability located at that page. The url for me : https://app.respond.ly/6sjp/settings/account I have a proof of concept in the attachment. best regards Olivier Beg...

IRCCloud: Dangerous Persistent xss

If a person is an op in a channel, it is possible to make all the users inside the irc channel execute javascript code. Steps to repoduce: 1.Go to a random channel where you are op. 2.Enter the following command: /ban alert2 3.The script will execute an alert box containing 2 in all the browsers ...

Woltlab Burning Board 3.9.1 - Persistent Encoding Issue

Document Title: =============== Woltlab Burning Board 3.9.1 - Persistent Encoding Issue References: =========== http://www.vulnerability-lab.com/getcontent.php?id=1257 Video: https://www.youtube.com/watch?v=jNwS7gV7cQE Advisory: http://www.vulnerability-lab.com/getcontent.php?id=1256 Release Date...

Woltlab Burning Board 3.9.1 - Persistent Encoding Issue

Document Title: =============== Woltlab Burning Board 3.9.1 - Persistent Encoding Issue References: =========== http://www.vulnerability-lab.com/getcontent.php?id=1257 Video: https://www.youtube.com/watch?v=jNwS7gV7cQE Advisory: http://www.vulnerability-lab.com/getcontent.php?id=1256 Release Date...

MaraDNS < 1.3.07.15 / 1.4.x < 1.4.12 / 2.0.x < 2.0.06 Persistent Ghost Domain Caching

According to its self-reported version number, the MaraDNS server running on the remote host is affected by an issue when updating DNS records in the server's cache that were revoked, possibly for malicious reasons. A remote attacker can continually query an affected host for the revoked domain,...

Woltlab Burning Board 3.9.1 - Persistent Web Vulnerability

Document Title: =============== Woltlab Burning Board 3.9.1 - Persistent Web Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1256 Video: http://www.vulnerability-lab.com/getcontent.php?id=1257 Release Date: ============= 2014-04-10...

AppFish Offline Coder 2.2 Persistent Script Insertion

Document Title: =============== AppFish Offline Coder v2.2 iOS - Persistent Software Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1252 Release Date: ============= 2014-04-08 Vulnerability Laboratory ID VL-ID:...

Microsoft Office 365 Outlook - Persistent Vulnerability

Document Title: =============== Microsoft Office 365 Outlook - Persistent Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=857 Microsoft Security Response Center MSRC ID: 14093 Microsoft Security Response Center MSRC MANAGER: JT Release Date...

Woltlab Burning Board 3.9.1 - Persistent Web Vulnerability

Document Title: =============== Woltlab Burning Board 3.9.1 - Persistent Web Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1256 Video: http://www.vulnerability-lab.com/getcontent.php?id=1257 Release Date: ============= 2014-04-10...

Microsoft Office 365 Outlook - Persistent Vulnerability

Document Title: =============== Microsoft Office 365 Outlook - Persistent Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=857 Microsoft Security Response Center MSRC ID: 14093 Microsoft Security Response Center MSRC MANAGER: JT Release Date...

Khan Academy: Persistent class XSS [the fuck]

Hi, I created a class called : " and it actually worked 0.0. It worked here for me : https://www.khanacademy.org/coach/reports/grid?force=1 Best regards, Olivier Beg...

Khan Academy: Stored XSS {dangerous?} https://www.khanacademy.org/coach/roster/?listId=allStudents

Hi, when you go to https://www.khanacademy.org/coach/roster/?listId=allStudents and press on add class you have the possebility to add a class obvious. when you name it " it will stay persistent. quite dangerous Best regards, Olivier Beg...

Vulnerability in World Largest Video Site Turned Million of Visitors into DDoS Zombies

An application layer or 'layer 7' distributed denial of service DDoS attacks is one of the most complicated web attack that disguised to look like legitimate traffic but targets specific areas of a website, making it even more difficult to detect and mitigate. Just Yesterday Cloud-based security...