47153 matches found
CVE-2015-4084 - WordPress Free Counter Plugin [Stored XSS]
Exploit Title: WordPress Free Counter Plugin Stored XSS Date: 2015/05/25 Exploit Author: Panagiotis Vagenas Contact: https://twitter.com/panVagenas Vendor Homepage: http://www.free-counter.org Software Link: https://wordpress.org/plugins/free-counter/ Version: 1.1 Tested on: WordPress 4.2.2...
CVE-2015-4010 - Cross-site Request Forgery & Cross-site Scripting in Encrypted Contact Form Wordpress Plugin v1.0.4
Title: CVE-2015-4010 - Cross-site Request Forgery & Cross-site Scripting in Encrypted Contact Form Wordpress Plugin v1.0.4 Submitter: Nitin Venkatesh Product: Encrypted Contact Form Wordpress Plugin Product URL: https://wordpress.org/plugins/encrypted-contact-form/ Vulnerability Type: Cross-site...
ESA-2015-091: RSA® Web Threat Detection Cross-Site Request Forgery Vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2015-091: RSA® Web Threat Detection Cross-Site Request Forgery Vulnerability EMC Identifier: ESA-2015-091 CVE Identifier: CVE-2015-0541 Severity Rating: 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P Affected Products: · RSA Web Threat Detection versions prior to...
[Multiple CVE's]: various critical vulnerabilities in SysAid Help Desk (RCE, file download, DoS, etc)
Hi, tl;dr Found lots of vulns in SysAid Help Desk 14.4, including RCE. SysAid have informed me they all have been fixed in 15.2, but no re-test was performed. Full advisory below, and a copy can be obtained at 1. 5 Metasploit modules have been released and currently awaiting merge in the moderati...
[security bulletin] HPSBGN03343 rev.1 - HP WebInspect, Remote Unauthorized Access
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c04695307 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04695307 Version: 1 HPSBGN03343 rev....
Enhanced SQL Portal 5.0.7961 XSS Vulnerability
Credits: John Page hyp3rlinx + Domains: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/AS-ENHSQLPORTAL0602.txt Vendor: www.eliacom.com www.eliacom.com/mysql-gui-download.php Product: Enhanced SQL Portal 5.0.7961 web based MySQL administration application. Advisory...
[SECURITY] [DSA 3278-1] libapache-mod-jk security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3278-1 [email protected] http://www.debian.org/security/ Markus Koschany June 03, 2015 http://www.debian.org/security/faq -...
CRUCMS Crucial Networking - SQL Injection Vulnerability
Document Title: =============== CRUCMS Crucial Networking - SQL Injection Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1497 Release Date: ============= 2015-05-18 Vulnerability Laboratory ID VL-ID: ==================================== 14...
1 Click ActiveX buffer overflow
SkinCrafter.dll buffer overflow...
AnimaGallery 2.6 (theme and lang cookie parameter) Local File Include Vulnerability
Exploit Title: AnimaGallery 2.6 theme and lang cookie parameter Local File Include Vulnerability Date: 2015/06/07 Vendor Homepage: http://dg.no.sapo.pt/ Software Link:http://dg.no.sapo.pt/AnimaGallery2.6.zip Version: 2.6 Tested on: Centos 6.5,php 5.3.2,magicquotesgpc=off Category: webapps...
Apache mod_jk information disclosure
No description provided...
t1utils memory corruption
Memory corruption on fonts manipulation...
Symphony CMS XSS Vulnerability
Credits: John Page hyp3rlinx + Domains: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/ Vendor: ================================ http://www.silverstripe.org/software/download Product: ================================ SilverStripe CMS & Framework v3.1.13 Advisory...
Webgrind XSS vulnerability
Credits: John Page hyp3rlinx Domains: hyp3rlinx.altervista.org Source: http://hyp3rlinx.altervista.org/advisories/AS-WEBGRIND0520.txt Vendor: https://github.com/jokkedk/webgrind Product: Webgrind is a Xdebug Profiling Web Frontend in PHP. Advisory Information:...
Xloner v3.1.2 wordpress plugin authenticated command execution and XSS
This advisory is in addition to the one I filed in November http://www.openwall.com/lists/oss-security/2014/11/06/1 that had the following CVEs assigned CVE-2014-8603 CVE-2014-8604 CVE-2014-8605 CVE-2014-8606 CVE-2014-8607, advisory http://www.vapid.dhs.org/advisory.php?v=110. Title: Xloner v3.1....
[SECURITY] [DSA 3275-1] fusionforge security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3275-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso May 30, 2015 http://www.debian.org/security/faq -...
vfront-0.99.2 CSRF & Persistent XSS
Credits: John Page hyp3rlinx + Domains: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/AS-VFRONT0602.txt Vendor: ============== www.vfront.org Product: =================================================================================== vfront-0.99.2 is a PHP web...
CA20150604-01: Security Notice for CA Common Services
-----BEGIN PGP SIGNED MESSAGE----- CA20150604-01: Security Notice for CA Common Services Issued: June 4, 2015 CA Technologies Support is alerting customers to multiple potential risks with products that bundle CA Common Services on Unix/Linux platforms. A local attacker may exploit these...
Stored XSS in WP Photo Album Plus WordPress Plugin
Advisory ID: HTB23257 Product: WP Photo Album Plus WordPress Plugin Vendor: J.N. Breetvelt Vulnerable Versions: 6.1.2 and probably prior Tested Version: 6.1.2 Advisory Publication: April 29, 2015 without technical details Vendor Notification: April 29, 2015 Vendor Patch: April 29, 2015 Public...
DbNinja 3.2.6 Flash XSS Vulnerabilities
Exploit Title: DbNinja Flash XSS Exploit Google Dork: intitle: Flash XSS Date: May 27, 2015 Exploit Author: John Page hyp3rlinx Website: hyp3rlinx.altervista.org Vendor Homepage: www.dbninja.com Software Link: www.dbninja.com Version: 3.2.6 Tested on: Windows 7 Category: Flash XSS CVE : NA Source...
[USN-2618-1] python-dbusmock vulnerability
========================================================================== Ubuntu Security Notice USN-2618-1 May 21, 2015 python-dbusmock vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives:...
dbusmock code execution
No description provided...
CVE-2015-4109 - WordPress Users Ultra Plugin [SQL injection]
Exploit Title: CVE-2015-4109 - WordPress Users Ultra Plugin SQL injection Date: 2015/05/30 Exploit Author: Panagiotis Vagenas Contact: https://twitter.com/panVagenas Vendor Homepage: http://usersultra.com Software Link: https://wordpress.org/plugins/users-ultra/ Version: 1.5.15 Tested on: WordPre...
[CVE-2015-4107] Wing FTP Server Remote Code Execution vulnerability
Exploit Title: Wing FTP Server Remote Code Execution vulnerability Product: Wing FTP Server Vulnerable Versions: 4.4.6 and all previous versions Tested Version: 4.4.6 Advisory Publication: 05/06/2015 Latest Update: 05/06/2015 Vulnerability Type: Improper Control of Generation of Code CWE-94 CVE...
[SECURITY] [DSA 3280-1] php5 security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3280-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff June 07, 2015 http://www.debian.org/security/faq -...
redis restrictions bypass
Lua sandbox escaping...
Wing FTP Server security vulnerabilities
Code execution and CSRF in web interface...
EMC RSA Web Threat Detection CSRF
No description provided...
Ektron CMS 9.10 SP1 - XSS Vulnerability
Vulnerability type: Cross-site Scripting Vendor: http://www.ektron.com/ Product: Ektron Content Management System Affected version: = 9.10 SP1 Build 9.1.0.184.1.102 Patched version: 9.10 SP1 Build 9.1.0.184.1.114 Credit: Jerold Hoong PROOF OF CONCEPT XSS Cross-site scripting XSS vulnerability in...
Symphony CMS 2.6.2
Credits: John Page hyp3rlinx + Domains: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/AS-SYMPHONY0606.txt Vendor: ================================ www.getsymphony.com/download/ Product: ================================ Symphony CMS 2.6.2 Advisory Information:...
Freebox OS Web interface 3.0.2 XSS, CSRF
Hello list, Here are two CVEs I reported to Freebox, a french ISP: - CVE-2014-9382 - CSRF in VPN user account creation - CVE-2014-9405 - XSS Vulnerable product: Freebox OS Web interface 3.0.2. CVE-2014-9382 - CSRF in Freebox OS Web interface 3.0.2 allowing VPN user account creation...
HP WebInspect unauthorized access
No description provided...
CA Common Services privilege escalation
Multiple privilege escalation vulnerabilities...
1 Click Audio Converter v2.3.6 - Activex Buffer Overflow
Document Title: =============== 1 Click Audio Converter v2.3.6 - Activex Buffer Overflow References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1504 http://www.vulnerability-lab.com/getcontent.php?id=1505 View Video: https://www.youtube.com/watch?v=Ad0wHlHz0KU...
JSPMyAdmin SQL Injection, CSRF & XSS Vulnerabilities
Credits: John Page hyp3rlinx Domains: hyp3rlinx.altervista.org Source: http://hyp3rlinx.altervista.org/advisories/AS-JSPMYADMIN0529.txt Vendor: code.google.com/p/jsp-myadmin Product: JSPAdmin 1.1 is a Java web based MySQL database management system. Advisory Information:...
Sendio ESP information disclosure
Session disclosure via Referer...
[USN-2627-1] t1utils vulnerability
========================================================================== Ubuntu Security Notice USN-2627-1 June 03, 2015 t1utils vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubun...
1 Click Extract Audio v2.3.6 - Activex Buffer Overflow
Document Title: =============== 1 Click Extract Audio v2.3.6 - Activex Buffer Overflow References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1506 Video: http://www.vulnerability-lab.com/getcontent.php?id=1507 Release Date: ============= 2015-06-05 Vulnerabilit...
[CVE-2015-4108] Wing FTP Server Cross-site Request Forgery vulnerabilities
Exploit Title: Wing FTP Server Cross-site Request Forgery vulnerabilities Product: Wing FTP Server Vulnerable Versions: 4.4.6 and all previous versions Tested Version: 4.4.6 Advisory Publication: 05/06/2015 Latest Update: 05/06/2015 Vulnerability Type: Cross-site Request Forgery CWE-352 CVE...
Apache Jackrabbit XXE
XXE via WebDAV request...
IBM Watson (Cognea) - XSS and Redirect Vulnerabilities
Vulnerability type: Cross-site Scripting & Redirect Vendor: www.ibm.com Product: IBM Watson Cloud Computing SaaS Cognea Product Link: http://www.ibm.com/smarterplanet/us/en/ibmwatson/ Credit: Jerold Hoong The logout.jsp page function of the IBM Watson Cognea SaaS application is vulnerable to...
[SECURITY] [DSA 3276-1] symfony security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3276-1 [email protected] http://www.debian.org/security/ David Prevot May 31, 2015 http://www.debian.org/security/faq -...
Ektron CMS 9.10 SP1 - CSRF Vulnerability
Vulnerability type: Cross-site Request Forgery Vendor: http://www.ektron.com/ Product: Ektron Content Management System Affected version: = 9.10 SP1 Build 9.1.0.184.1.114 Patched version: 9.10 SP1 Build 9.1.0.184.1.120 CVE ID: CVE-2015-3624 Credit: Jerold Hoong PROOF OF CONCEPT CSRF Cross-site...
ManageEngine EventLog Analyzer V:10.0 CSRF Vulnerability
========================================================================================= CSRF Vulnerability in ManageEngine EventLog Analyzer Version :10.0, Build Number : 10001 ========================================================================================= . contents:: Table Of Conten...
Ektron CMS 9.10 SP1 - XSS Vulnerability
Vulnerability type: Cross-site Scripting Vendor: http://www.ektron.com/ Product: Ektron Content Management System Affected version: = 9.10 SP1 Build 9.1.0.184.1.102 Patched version: 9.10 SP1 Build 9.1.0.184.1.114 Credit: Jerold Hoong PROOF OF CONCEPT XSS Cross-site scripting XSS vulnerability in...
CVE-2015-4038 - WordPress WP Membership plugin [Privilege escalation]
Exploit Title: CVE-2015-4038 - WordPress WP Membership plugin Privilege escalation Contact: https://twitter.com/panVagenas Vendor Homepage: http://wpmembership.e-plugins.com/ Software Link: http://codecanyon.net/item/wp-membership/10066554 Version: 1.2.3 Tested on: WordPress 4.2.2 CVE:...
[SECURITY] [DSA 3279-1] redis security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3279-1 [email protected] http://www.debian.org/security/ Alessandro Ghedini June 06, 2015 http://www.debian.org/security/faq -...
CVE-2015-4039 - WordPress WP Membership plugin [Stored XSS]
Exploit Title: CVE-2015-4039 - WordPress WP Membership plugin Stored XSS Contact: https://twitter.com/panVagenas Vendor Homepage: http://wpmembership.e-plugins.com/ Software Link: http://codecanyon.net/item/wp-membership/10066554 Version: 1.2.3 Tested on: WordPress 4.2.2 CVE: CVE-2015-4039...
CVE-2015-1833 (Jackrabbit WebDAV XXE vulnerability)
Dear readers, we just fixed a recently reported vulnerability in Apache Jackrabbit's WebDAV module; see - the attached CVE report - patches for all currently maintained Jackrabbit branches We just released Jackrabbit 2.10.1 see below and we'll get to the other branches shortly. Check the CVE for...
StrongSwan certificate spoofing
Server's certificate is validated after credentials are sent...