WordPress DW Question Answer 1.4.2.2 Cross Site Scripting

FULL DISCLOSURE Product : DW Question Answer Exploit Author : Rahul Pratap Singh Version : 1.4.2.2 Home page Link : https://wordpress.org/plugins/dw-question-answer/ Website : 0x62626262.wordpress.com Linkedin : https://in.linkedin.com/in/rahulpratapsingh94 Date : 11/3/2016 XSS Vulnerability:...

IBM Lotus Domino R8 - Password Hash Extraction

IBM Lotus Domino R8 - Password Hash Extraction Exploit Title: IBM Lotus Domino = R8 Password Hash Extraction Exploit Google Dork: inurl:names.nsf?opendatabase Date: 02-24-2016 Exploit Author: Jonathan Broche Contact: https://twitter.com/g0jhonny Vendor Homepage:...

Debian: Security Advisory (DSA-3355-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Alienvault OSSIM/USM Command Execution Vulnerability

Details ======= Product: Alienvault OSSIM/USM Vulnerability: Command Execution Author: Peter Lapp, [email protected] CVE: None assigned Vulnerable Versions: =4.14.X Fixed Version: 4.15.0 Summary ======= Alienvault OSSIM is an open source SIEM solution designed to collect and correlate log data. T...

GParted 0.14.1 - OS Command Execution

GParted 0.14.1 - OS Command Execution SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: OS Command Execution product: GParted - Gnome Partition Editor vulnerable version: =0.15.0, =0.14.1 with fix for CVE-2014-7208 appli...

WordPress SupportEzzy Ticket System 1.2.5 Cross Site Scripting

Exploit Title: SupportEzzy Ticket System - WordPress Plugin Stored XSS Vulnerability Date: 12-10-2014 Exploit Author: Halil Dalabasmaz Version: v1.2.5 Vendor Homepage: http://codecanyon.net/item/supportezzy-ticket-system-wordpress-plugin/8908617 Software Test Link:...

Digi Online Examination System 2.0 - Unrestricted File Upload Vulnerability

Exploit for php platform in category web applications Exploit Title: Digi Online Examination System Unrestricted File Upload Vulnerability Date: 12-10-2014 Exploit Author: Halil Dalabasmaz Version: v2.0 Software Link: http://codecanyon.net/item/digi-online-examination-system-does/8610180 Software...

CacheGuard-OS 5.7.7 - CSRF Vulnerability

Exploit for linux platform in category web applications I. VULNERABILITY ------------------------- CSRF vulnerabilities in CacheGuard-OS v5.7.7 II. BACKGROUND ------------------------- CacheGuard is an All-in-One Web Security Gateway providing firewall, web antivirus, caching, compression, URL...

SonicWALL GMS 7.2 Build 7221.1701 Cross Site Scripting

I. VULNERABILITY ------------------------- Reflected XSS vulnerabilities in DELL SonicWALL GMS 7.2 Build: 7221.1701 II. BACKGROUND ------------------------- Dell® SonicWALL® provides intelligent network security and data protection solutions that enable customers and partners to dynamically secur...

A method can ignore the CDN to find the true IP DDOS and intrusion-vulnerability warning-the black bar safety net

This vulnerability,==should not count the vulnerability. But the impact of range is great, the current acceleration music, website defender, Baidu cloud acceleration, security, treasure, etc the CDN can beat the exhilaration of, a variety of high - DDOSand CC Defense, but this hole can ignore the...

The Keen Team - Chinese Hacker Group Reveals their Identities

The Keen Team – a mysterious group of Chinese hackers who hacked Apple’s Safari Mac OS X Mavericks system in just 20 seconds and Windows 8.1. Adobe Flash in only 15 seconds during Pwn2Own Hacking Competition this year, are no more mysterious as the team revealed its members identity. In an...

WatchGuard XTM 11.8 Cross Site Scripting

I. VULNERABILITY ------------------------- Reflected XSS Attacks vulnerabilities in WatchGuard XTM 11.8 II. BACKGROUND ------------------------- WatchGuard builds affordable, all-in-one network and content security solutions to provide defense in depth for corporate content, networks and the...

MobileIron 4.5.4 Cross Site Scripting

MobileIron 4.5.4 Device Registration regpin Cross Site Scripting scip AG Vulnerability ID 10847 10/28/2013 http://www.scip.ch/en/?vuldb.10847 I. INTRODUCTION MobileIron is a commercial solution to provide secure access to mobile users in corporate environments. More information is available on th...

Xorbin Digital Flash Clock 1.0 For WordPress XSS

==================================================================== Xorbin Digital Flash Clock 1.0 Plugin for Wordpress Flash-based XSS ==================================================================== Description: This plugin displays digital flash clock on your website. It's easy to use and...

UCenter Home 2.0 the music box plug-in tasteless injection use-vulnerability warning-the black bar safety net

The problem occurs in the plug-in is musicbox, by the above keyword search will find some to enable this plugin site, in the URL after the“’”error, put in a SQLmap, run the next, almost always there is the injection. ! ! ! Repair solutions: Filter...

WordPress Facebook Survey Plugin 1.0 - SQL Injection

This WordPress Facebook Survey plugin is prone to an SQL injection. This vulnerability allows an attacker to modify data, compromise the access and application or exploit hidden vulnerabilities in the underlying database. Solution Filter the "id" input or use the intval PHP function to make sure...

Ektron CMS 8.5.0 - Multiple Vulnerabilities

Ektron CMS 8.5.0 - Multiple Vulnerabilities Sense of Security - Security Advisory - SOS-12-009 Release Date. 05-Sep-2012 Last Update. - Vendor Notification Date. 07-May-2012 Product. Ektron CMS Platform. ASP.NET Affected versions. Ektron CMS version 8.5.0 and possibly others Severity Rating. High...

TestLink 1.9.3 Arbitrary File Upload

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 "TestLink v1.9.3...

Checkpoint Abra - Multiple Vulnerabilities

Check Point Abra Vulnerabilities Author: Belov V., Komarov A. Group-IB, http://group-ib.ru Vendor: Check Point Software Technologies Ltd Product web page: http://rus.checkpoint.com/products/abra/index.html; http://www.checkpoint.com/products/go/ Platforms: Windows XP, Vista, 7 32 bit Summary: Che...

.Net Framework Tilde Character DoS - Sorry, exploit-db link corrected

Link: http://soroush.secproject.com/downloadable/iistildedos.txt Exploit-db link: www.exploit-db.com/exploits/19575 ---------------------------- Security Research - .Net Framework Tilde Character DoS Website : http://soroush.secproject.com/blog/ I. BACKGROUND --------------------- "The .NET...