kirovskschool7.ru Cross Site Scripting vulnerability OBB-1251628

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

TP-Link TL-WR841N / TL-WR841ND Brute Force / CSRF

Hello list! There are Brute Force and Cross-Site Request Forgery vulnerabilities in TP-Link TL-WR841N and TL-WR841ND. ------------------------- Affected products: ------------------------- Vulnerable are the next models: TP-Link TL-WR841N and TL-WR841ND, Firmware Version 3.16.9 Build 151216. All...

What you didn’t know about OWASP Top-10 2017? Part 1/3

I hope everybody have already read the latest OWASP Top-10 list . Let me share some useful insights about it. First of all, OWASP Top-10 is NOT a vulnerability classification system. Rather it is a list of the most critical security risks for web application. What’s the difference? For example, t...

CSRF vulnerabilities in Callisto 821+R3 ADSL Router

Hello 3APA3A! After all my advisories about vulnerabilities in Callisto 821+ http://seclists.org/fulldisclosure/2011/Aug/1 and recent advisory about Callisto 821+R3, here is new one. Because vendor ignored in 2011 all my letters and subsequent my public disclosure of vulnerabilities and new devic...

Nodes Studio CMS XSS / Path Disclosure / SQL Injection

Hello list! There are SQL Injection, Cross-Site Scripting and Full Path Disclosure vulnerabilities in Nodes Studio CMS. This is Russian commercial CMS, which I found at one site of Russian terrorists and propagandists. ------------------------- Affected vendors: ------------------------- Nodes...

BF and XSS vulnerabilities in D-Link DCS-2103

Hello 3APA3A! There are Brute Force and Cross-Site Scripting vulnerabilities in D-Link DCS-2103 IP camera. If previous Path Traversal and Full path disclosure vulnerabilities were post-auth, then these BF and XSS vulnerabilities are pre-auth. ------------------------- Affected products:...

IL and CSRF vulnerabilities in D-Link DAP-1360

Hello 3APA3A! There are Information Leakage and Cross-Site Request Forgery vulnerabilities in D-Link DAP-1360 Wi-Fi Access Point and Router. ------------------------- Affected products: ------------------------- Vulnerable is the next model: D-Link DAP-1360, Firmware 1.0.0. This model with other...

[Websecurify] Web Security Testing Runtime

A Complete Suite Of Web Security Tools The Suite provides a complete and functional marketplace of highly integrated web application security tools. You will find that different areas are covered by various domain-specific solutions. The Suite consists of automated scanners, fuzzers, utilities an...

mp3-player 2.5 Cross Site Scripting / Content Spoofing

Hello list! These are Cross-Site Scripting and Content Spoofing vulnerabilities in mp3-player. ------------------------- Affected products: ------------------------- Vulnerable are mp3-player 2.5 and previous versions. ------------------------- Affected vendors: ------------------------- U-Studio...

Multiple vulnerabilities in flv-player

Hello 3APA3A! These are Cross-Site Scripting and Content Spoofing vulnerabilities in flv-player. ------------------------- Affected products: ------------------------- Vulnerable are flv-player 3.5 and previous versions. ------------------------- Affected vendors: ------------------------- U-Stud...

Multiple vulnerabilities in mp3-player

Hello 3APA3A! These are Cross-Site Scripting and Content Spoofing vulnerabilities in mp3-player. ------------------------- Affected products: ------------------------- Vulnerable are mp3-player 2.5 and previous versions. ------------------------- Affected vendors: ------------------------- U-Stud...

XSS and CS vulnerabilities in aCMS

Hello 3APA3A! After previous Cross-Site Scripting, Content Spoofing, Information Leakage, Insufficient Authorization and Arbitrary File Uploading vulnerabilities in aCMS, here are new ones. These are Cross-Site Scripting and Content Spoofing vulnerabilities in aCMS. This is commercial CMS...

Vulnerabilities in Avaya IP Office Customer Call Reporter

Hello 3APA3A! I want to warn you about vulnerabilities in Avaya IP Office Customer Call Reporter. These are Remote HTML Include and Remote XSS Include Cross-Site Scripting vulnerabilities. After I found multiple vulnerabilities in Avaya IP Office Customer Call Reporter in December, I informed ZDI...

Vulnerabilities in Avaya IP Office Customer Call Reporter

Hello 3APA3A! I want to warn you about vulnerabilities in Avaya IP Office Customer Call Reporter. These are Remote HTML Include and Remote XSS Include Cross-Site Scripting vulnerabilities. After I found multiple vulnerabilities in Avaya IP Office Customer Call Reporter in December, I informed ZDI...

SQL Injection vulnerability in Soltech.CMS

Hello 3APA3A! There is SQL Injection vulnerability in Soltech.CMS. This is commercial CMS. ------------------------- Affected products: ------------------------- Vulnerable are Soltech.CMS v 0.4 and previous versions. ------------------------- Affected vendors: ------------------------- Soltech...

Vulnerabilities in multiple web applications with GDD FLVPlayer

Hello 3APA3A! These are Content Spoofing and Cross-Site Scripting vulnerabilities in multiple web applications with GDD FLVPlayer. Earlier I've wrote about vulnerabilities in GDD FLVPlayer http://seclists.org/fulldisclosure/2013/Aug/247. This is video and audio player, which is used at thousands...

CS, XSS and FPD vulnerabilities in MCImageManager for TinyMCE

Hello 3APA3A! I want to warn you about vulnerabilities in Moxiecode Image Manager MCImageManager. This is commercial plugin for TinyMCE. It concerns as MCImageManager, as all web applications which have MCImageManager in their bundle. These are Content Spoofing, Cross-Site Scripting and Full Path...

Atlassian Confluence 3.x / 4.x Information Disclosure

Hello list, Since vendor does not seem to care about this issue more than a year after initial report https://jira.atlassian.com/browse/CONF-23985, I think that is time to share this issue. ------------------------- Affected products: ------------------------- Atlassian Confluence 3.x and 4.x...

GDD FLVPlayer 3.635 Cross Site Scripting / Content Spoofing

Hello list! These are Content Spoofing and Cross-Site Scripting vulnerabilities in GDD FLVPlayer. ------------------------- Affected products: ------------------------- Vulnerable are GDD FLVPlayer v3.635 and previous versions. ------------------------- Affected vendors: -------------------------...

Avaya IP Office Customer Call Reporter 8.0.9.13 XSS

Hello list! I want to warn you about vulnerabilities in Avaya IP Office Customer Call Reporter. These are Remote HTML Include and Remote XSS Include Cross-Site Scripting vulnerabilities. After I found multiple vulnerabilities in Avaya IP Office Customer Call Reporter in December, I informed ZDI...