Endpoint Protector 4.0.4.0 - Multiple Vulnerabilities

Title: ====== Endpoint Protector v4.0.4.0 - Multiple Web Vulnerabilities Date: ===== 2012-10-01 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=571 VL-ID: ===== 571 Common Vulnerability Scoring System: ==================================== 5 Introduction: =============...

Persistent xss within build and plan labels

Labels are not escaped when rendered in several resources and so are a persistent xss vector. Some example resources where this can be seen include: plan configuration, plan viewing, http://$host/bamboo/build/label/viewLabels.action and allPlans.action as filter options. An example label which ca...

persistent xss in a user's username within mentions within comments

A user's username is injected into the "rel" attribute of the user mention link without being encoded properly. This means that if the username contains a " character then new attributes can be injected into the user mention link element. Hence, providing a persistent xss vector. To reproduce thi...

vOlk Botnet Framework v4.0 - Multiple Web Vulnerabilities

Document Title: =============== vOlk Botnet Framework v4.0 - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=721 Release Date: ============= 2012-10-08 Vulnerability Laboratory ID VL-ID: ==================================== 7...

Web Help Desk by SolarWinds - Persistent Cross-Site Scripting

Web Help Desk by SolarWinds - Persistent Cross-Site Scripting Author: loneferret of Offensive Security Product: Web Help Desk by SolarWinds Version: 11.0.7 older versions may be affected Vendor Site: http://www.webhelpdesk.com Software Download: http://www.webhelpdesk.com/help-desk-software/...

Interspire Email Marketer 6.0.1 XSS / SQL Injection

Title: ====== Interspire Email Marketer v6.0.1 - Multiple Vulnerabilites Date: ===== 2012-10-02 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=710 VL-ID: ===== 710 Common Vulnerability Scoring System: ==================================== 8.3 Introduction: =============...

Paypal BugBounty 5 Cross Site Scripting

Title: ====== Paypal BugBounty 5 - Persistent Web Vulnerability Date: ===== 2012-10-03 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=639 VL-ID: ===== 639 Common Vulnerability Scoring System: ==================================== 3.3 Introduction: ============= PayPal i...

vOlk Botnet Framework v4.0 - Multiple Web Vulnerabilities

Document Title: =============== vOlk Botnet Framework v4.0 - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=721 Release Date: ============= 2012-10-08 Vulnerability Laboratory ID VL-ID: ==================================== 7...

Web Help Desk by SolarWinds - Persistent Cross-Site Scripting

Author: loneferret of Offensive Security Product: Web Help Desk by SolarWinds Version: 11.0.7 older versions may be affected Vendor Site: http://www.webhelpdesk.com Software Download: http://www.webhelpdesk.com/help-desk-software/ Discovered: August 18th 2012 Disclosure: August 19th 2012: Reporte...

Potential persistent xss in fixCaseInNotifications.jsp

There is a difficult to exploit XSS in fixCaseInNotifications.jsp. We could not get it to trigger, but there are some scenarios where unescaped data can be displayed through fix method correctName, userNameToFix. The relevant code is as follows: code NotificationCaseFixer caseFixer = new...

Omnistar Mailer 7.2 - Multiple Vulnerabilities

Omnistar Mailer 7.2 - Multiple Vulnerabilities Title: ====== Omnistar Mailer v7.2 - Multiple Web Vulnerabilities Date: ===== 2012-10-01 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=711 VL-ID: ===== 711 Common Vulnerability Scoring System:...

OPlayer 2.0.05 iPhone,iPod TC & iPad - Web Vulnerabilities

Document Title: =============== OPlayer 2.0.05 iPhone,iPod TC & iPad - Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=713 Release Date: ============= 2012-10-02 Vulnerability Laboratory ID VL-ID: ====================================...

OPlayer 2.0.05 iOS Cross Site Scripting

Title: ====== OPlayer v2.0.05 iOS - Multiple Web Vulnerabilities Date: ===== 2012-10-01 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=715 VL-ID: ===== 719 Common Vulnerability Scoring System: ==================================== 4.5 Introduction: ============= OPlayer...

GTA UTM Firewall GB 6.0.3 Cross Site Scripting

Title: ====== GTA UTM Firewall GB 6.0.3 - Multiple Web Vulnerabilities Date: ===== 2012-09-10 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=579 VL-ID: ===== 579 Common Vulnerability Scoring System: ==================================== 4 Introduction: ============= The...

Switchvox Asterisk 5.1.2 Cross Site Scripting

Title: ====== Switchvox Asterisk v5.1.2 - Multiple Web Vulnerabilities Date: ===== 2012-09-10 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=700 VL-ID: ===== 700 Common Vulnerability Scoring System: ==================================== 4.1 Introduction: =============...

Paypal BugBounty #9 - Persistent Web Vulnerabilities

Document Title: =============== Paypal BugBounty 9 - Persistent Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=646 Release Date: ============= 2012-10-01 Vulnerability Laboratory ID VL-ID: ==================================== 646...

Endpoint Protector v4.0.4.0 - Multiple Web Vulnerabilities

Document Title: =============== Endpoint Protector v4.0.4.0 - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=571 Release Date: ============= 2012-09-30 Vulnerability Laboratory ID VL-ID: ====================================...

Fortigate UTM WAF Appliance Multiple Vulnerabilities

Multiple input validation vulnerabilitiespersistent are detected in the FortiGate UTM Appliance Application. Remote attackers & low privileged user accounts can inject persistent own malicious script code to manipulate specific customer/admin requests. Affected Products: ==================...

GTA UTM Firewall GB 6.0.3 - Multiple Web Vulnerabilities

Document Title: =============== GTA UTM Firewall GB 6.0.3 - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=579 Release Date: ============= 2012-09-29 Vulnerability Laboratory ID VL-ID: ==================================== 57...

GTA UTM Firewall GB 6.0.3 - Multiple Web Vulnerabilities

Document Title: =============== GTA UTM Firewall GB 6.0.3 - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=579 Release Date: ============= 2012-09-29 Vulnerability Laboratory ID VL-ID: ==================================== 57...