Air Drive Plus v2.4 iOS - Arbitrary File Upload Vulnerability

(b...@evolution-sec.com) Disclaimer: === The information provided in this advisory is provided as it is without any warranty. Vulnerability-Lab disclaims all warranties, either expressed or implied, including the warranties of merchantability and capability for a particular purpose. V

Nikon CoolPix L Series Fw1.0 - Information Disclosure Issue

s medium(-). Credits: Vulnerability Laboratory [Research Team] - Benjamin Kunz Mejri (b...@evolution-sec.com) Disclaimer: === The information provided in this advisory is provided as it is without any warranty. Vulnerability-Lab disclaims all warranties, either expressed or implied, inclu

FTP Sprite v1.2.1 iOS - Persistent Web Vulnerability

=== The information provided in this advisory is provided as it is without any warranty. Vulnerability-Lab disclaims all warranties, either expressed or implied, including the warranties of merchantability and capability for a particular purpose. Vulnerability- Lab or its suppliers are n

Barracuda CudaTel 2.6.02.040 - Client Side Cross Site Scripting Vulnerability

Benjamin Kunz Mejri (b...@vulnerability-lab.com) Disclaimer: === The information provided in this advisory is provided as it is without any warranty. Vulnerability-Lab disclaims all warranties, either expressed or implied, including the warranties of merchantability and capability for a p

Dell Kace 1000 SMA v5.4.70402 - Persistent Vulnerabilities

ry [Research Team] - Ibrahim Mosaad El-Sayed [ibra...@evolution-sec.com] Disclaimer: === The information provided in this advisory is provided as it is without any warranty. Vulnerability-Lab disclaims all warranties, either expressed or implied, including the warranties of merchantabilit

Olive File Manager v1.0.1 iOS - Multiple Vulnerabilities

urity risk of the persistent input validation web vulnerability is estimated as high(-). Credits: Vulnerability Laboratory [Research Team] - Benjamin Kunz Mejri (b...@evolution-sec.com) Disclaimer: === The information provided in this advisory is provided as it is without any warranty

WiFly 1.0 Pro iOS - Multiple Web Vulnerabilities

e upload vulnerability is estimated as high. Credits: Vulnerability Laboratory [Research Team] - Benjamin Kunz Mejri (b...@evolution-sec.com) Disclaimer: === The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims al

Flux Player v3.1.0 iOS - File Include & Arbitrary File Upload Vulnerability

vulnerability is estimated as high. 1.2 The security risk of the arbitrary file upload vulnerability is estimated as high(+). Credits: Vulnerability Laboratory [Research Team] - Benjamin Kunz Mejri (b...@evolution-sec.com) Disclaimer: === The information provided in this advisor

Barracuda CudaTel 2.6.02.04 - Multiple Client Side Cross Site Vulnerabilities (Bug Bounty #17)

isk of the (multiple) client side input validation vulnerabilities are estimated as medium. Credits: Vulnerability Laboratory [Research Team] -Benjamin Kunz Mejri (b...@vulnerability-lab.com) Disclaimer: === The information provided in this advisory is provided as

ePhoto Transfer v1.2.1 iOS - Multiple Web Vulnerabilities

b...@evolution-sec.com) Disclaimer: === The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties, either expressed or implied, including the warranties of merchantability and capability for a particular purpose. Vulnerab

Dell PacketTrap MSP RMM 6.6.x - Multiple Persistent Web Vulnerabilities

of the main software reports module when processing to watch the customer name, device name or host name #reproduce2 Risk: = The security risk of the persistent input validation vulnerabilities are estimated as medium(+). Credits: Vulnerability Laboratory [Research Team] - Benj

Download Lite v4.3 iOS - Persistent File Web Vulnerability

inject the own script code by using the local device to execute when a remote user is processing to open the index listing. Solution: = The vulnerability can be patched by a secure encoding and parse of the file name in the main file dir listing index module of the application. Risk: =

Barracuda LB, SVF, WAF & WEF - Multiple Vulnerabilities

value(s) output listing. Restrict and parse the input fields (function) of trusted and self signed certificates values to prevent future executions out of the certificate context. Risk: = The security risk of the persistent input validation web vulnerabilities are estimated as high(-). Credit

Barracuda CudaTel 2.6.02.040 - Remote SQL Injection Vulnerability

Tel [CDR] (ROW&PAGE) - Remote SQL-Injection Exploit //=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- // Vulnerability Research Laboratory (www.vulnerability-lab.com) //=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- // Greet

Barracuda CudaTel 2.6.02.040 - SQL Injection Vulnerability

Tel [CDR] (ROW&PAGE) - Remote SQL-Injection Exploit //=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- // Vulnerability Research Laboratory (www.vulnerability-lab.com) //=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- // Greets: I

Dell Kace 1000 SMA 5.4.742 - SQL Injection Vulnerabilities

LOG_TIMEOUT, k.ALERT_DIALOG_TIMEOUT_ACTION, k.ALERT_SNOOZE_DURATION, k.ALERT_MESSAGE from KBOT k left join KBOT_FORM f on k.ID = f.KBOT_ID left join KBOT_SHELL_SCRIPT s on k.ID = s.KBOT_ID where k.ID = '20''") Risk: = The security risk of the remote sql injection web vulnerabilitie

Photo Server 2.0 iOS - Multiple Critical Vulnerabilities

The security risk of the arbitrary file upload vulnerability is estimated as high(+). Credits: Vulnerability Laboratory [Research Team] - Benjamin Kunz Mejri (b...@evolution-sec.com) Disclaimer: === The information provided in this advisory is provided as it is without any warranty. Vulne

iPic Sharp v1.2.1 Wifi iOS - Persistent Foldername Web Vulnerability

27;dirlocal'''} PoC: Source Camera Roll Default Album [PERSISTENT INJECTED SCRIPT CODE!] Solution: ===== The vulnerability can be patched by a secure encoding of the foldername item input. Encode, Filter or parse also the affected output at the file dir index listing locati

Private Photos v1.0 iOS - Persistent Path Web Vulnerability

ode inject web vulnerability is estimated as medium. Credits: Vulnerability Laboratory [Research Team] - Benjamin Kunz Mejri (b...@evolution-sec.com) Disclaimer: === The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab discla

Private Photos v1.0 iOS - Persistent Path Web Vulnerability

is provided as it is without any warranty. Vulnerability Lab disclaims all warranties, either expressed or implied, including the warranties of merchantability and capability for a particular purpose. Vulnerability- Lab or its suppliers are not liable in any case of damage, including direct

WebDisk 3.0.2 PhotoViewer iOS - Command Execution Vulnerability

am] - Benjamin Kunz Mejri (b...@evolution-sec.com) Disclaimer: === The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties, either expressed or implied, including the warranties of merchantability and capability for a part

withU Music Share v1.3.7 iOS - Command Inject Vulnerability

he information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties, either expressed or implied, including the warranties of merchantability and capability for a particular purpose. Vulnerability- Lab or its suppliers are not liable i

FTP OnConnect v1.4.11 iOS - Multiple Web Vulnerabilities

ity is estimated as critical. 1.3 The security risk of the persistent input validation web vulnerability is estimated as high(-). Credits: Vulnerability Laboratory [Research Team] - Benjamin Kunz Mejri (b...@evolution-sec.com) Disclaimer: === The information provided in this adv

Microsoft Yammer Social Network - oAuth Bypass (Session Token) Vulnerability

am] - Ateeq Khan (at...@evolution-sec.com) Disclaimer: === The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties, either expressed or implied, including the warranties of merchantability and capability for a particular pur

Copy to WebDAV v1.1 iOS - Multiple Web Vulnerabilities

ejri (b...@evolution-sec.com) Disclaimer: === The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties, either expressed or implied, including the warranties of merchantability and capability for a particular

Photo Transfer Upload v1.0 iOS - Multiple Vulnerabilities

be patched by a secure encoding or escape when processing to add via POST method request folders with manipulated names. Risk: = The security risk of the persistent input validation web vulnerability is estimated as medium(+). Credits: Vulnerability Laboratory [Research Team] - B

PayPal Bug Bounty #110 - Auth Bypass (Session) Vulnerability

as it is without any warranty. Vulnerability-Lab disclaims all warranties, either expressed or implied, including the warranties of merchantability and capability for a particular purpose. Vulnerability- Lab or its suppliers are not liable in any case of damage, including direct, indirect, incid

UTA EDU University ENG - SQL Injection Vulnerability

t is without any warranty. Vulnerability Lab disclaims all warranties, either expressed or implied, including the warranties of merchantability and capability for a particular purpose. Vulnerability- Lab or its suppliers are not liable in any case of damage, including direct, indirect, incide

Department of Transport UK - SQL Injection Vulnerability

estimated as critical. Credits: Vulnerability Laboratory [Research Team] - Chokri Ben Achour (cho...@evolution-sec.com) Disclaimer: === The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties, either express

Microsoft MSRC RSS ASPX - CS Cross Site Web Vulnerability

lication is estimated as low(+)|(-)medium. Credits: Muhammad Ahmed Siddiqui - ah...@nybbletech.com Disclaimer: === The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties, either expressed or implied, includi

eTransfer Lite v1.0 iOS - Persistent Filename Vulnerability

of the persistent input validation web vulnerability is estimated as medium(+). Credits: Vulnerability Laboratory [Research Team] - Benjamin Kunz Mejri (b...@evolution-sec.com) [www.vulnerability-lab.com] Disclaimer: === The information provided in this advisory is provided as it is w

Talkie Bluetooth Video iFiles 2.0 iOS - Multiple Vulnerabilities

nerability Laboratory [Research Team] - Benjamin Kunz Mejri (b...@evolution-sec.com) [www.vulnerability-lab.com] Disclaimer: === The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties, either expressed or

Microsoft SharePoint 2013 (Cloud) - Persistent Exception Handling Web Vulnerability

) URL: http://technet.microsoft.com/de-de/security/bulletin/MS13-067 > Updates Risk: = The security risk of the of the persistent input validation vulnerability is estimated as high(-). Credits: Vulnerability Laboratory [Research Team] - Benjamin Kunz Mejri (b...@evolution-se

Wordpress Plugin Complete Gallery Manager 3.3.3 - Arbitrary File Upload Vulnerability

: Code Newbie Team - Malaysia & Indonesia BlackHat Byakuya | Cai | Lord Router | Ops Msia Bersatu | Clound | Agam | Encik Linux | X-Tuned and all official Code-Newbie Member Disclaimer: === either expressed or implied, including the warranties of merchantability and capability for a

Paypal Inc Bug Bounty #99 - Filter Bypass & Persistent Web Vulnerability

Risk: = The security risk of the filter bypass and persistent script code inject web vulnerability is estimated as medium(+). Credits: Vulnerability Laboratory [Research Team] - Ateeq ur Rehman Khan (at...@evolution-sec.com) Disclaimer: === The information provided in th

Monstra CMS v1.2.0 - Blind SQL Injection Vulnerability

endent Vulnerability Researcher - linc0ln.dll Disclaimer: === The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties, either expressed or implied, including the warranties of merchantability and capability for a particular p

Paypal Inc Bug Bounty #99 - Filter Bypass & Persistent Vulnerability

Risk: = The security risk of the filter bypass and persistent script code inject web vulnerability is estimated as medium(+). Credits: Vulnerability Laboratory [Research Team] - Ateeq ur Rehman Khan (at...@evolution-sec.com) Disclaimer: === The information provided in th

Security Guard CMS QT 4.7.3 - Local Stack Buffer Overflow Vulnerability

e local stack buffer overflow software vulnerability is estimated as high(-). Credits: Vulnerability Laboratory [Research Team] - Benjamin Kunz Mejri (b...@evolution-sec.com) [www.vulnerability-lab.com] Disclaimer: === The information provided in this advisory is provided as it is

Hide Photo+Video Safe v1.6 iOS - Multiple Vulnerabilities

he information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties, either expressed or implied, including the warranties of merchantability and capability for a particular purpose. Vulnerability- Lab or its suppliers are not liable in any c

SilverStripe Framework CMS 3.0.5 - Multiple Web Vulnerabilities

y - ss-cms.localhost:8080/admin/test/Company?q[Name]=&q[Category]=&q[Revenue]=&q[CEO]= Model Admin > Add Company > Edit Company - ss-cms.localhost:8080/admin/test/Company/EditForm/field/Company/item/new?q[Name]=&q[Category]=&q[Revenue]=&q[CEO]= Risk: ===== The security ri

elproLOG MONITOR WebAccess 2.1 - Multiple Web Vulnerabilities

ing web vulnerabilities are estimated as low(+)|(-)medium. Credits: Vulnerability Laboratory [Research Team] - Benjamin Kunz Mejri (b...@evolution-sec.com) [www.vulnerability-lab.com] Disclaimer: === The information provided in this advisory is provided as it is without any war

WebAssist PowerCMS PHP - Multiple Web Vulnerabilities

rability-lab.com] Disclaimer: === The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties, either expressed or implied, including the warranties of merchantability and capability for a particular purpose. Vulnerabili

Apple iOS 7 iPad2 Face-Time 1.0.2 - Privacy Vulnerability

Team] - Benjamin Kunz Mejri (b...@evolution-sec.com) [www.vulnerability-lab.com] Disclaimer: === The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties, either expressed or implied, including the warrantie

OliveOffice Mobile Suite 2.0.3 iOS - File Include Vulnerability

h Team] - Benjamin Kunz Mejri (b...@evolution-sec.com) [www.vulnerability-lab.com] Disclaimer & Information: = The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties, either expressed or implied, includi

My File Explorer v1.3.1 iOS - Multiple Web Vulnerabilities

olution-sec.com) [www.vulnerability-lab.com] Disclaimer & Information: = The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties, either expressed or implied, including the warranties of merchantability and capab

Paypal Inc Bug Bounty #105 MOS - Multiple Persistent Print Layout Vulnerabilities

rsistent input validation web vulnerability is estimated as medium(+)|(-)high. Credits & Authors: == Vulnerability Laboratory [Research Team] - Benjamin Kunz Mejri (b...@evolution-sec.com) Disclaimer & Information: = The information

Apple iOS 7.2 - Sim Lock Screen Display Bypass Vulnerability

aimer & Information: = The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties, either expressed or implied, including the warranties of merchantability and capability for a particular purpose. Vulnerability- L

DornCMS Application v1.4 - Multiple Web Vulnerabilities

nerability Laboratory [Research Team] - Benjamin Kunz Mejri (b...@evolution-sec.com) [www.vulnerability-lab.com] Disclaimer & Information: ===== The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties

ZAPms v1.42 CMS - Client Side Cross Site Scripting Web Vulnerability

pting web vulnerability in the administrator panel is estimated as medium(-). Credits & Authors: == Vulnerability Laboratory [Research Team] - Katharin S. L. (CH) Disclaimer & Information: = The information provided in this advisory is provided as it is wi

PayPal Inc Bug Bounty #61 - Persistent Mail Encoding Vulnerability

(+). Credits & Authors: == Vulnerability Laboratory [Research Team] -Benjamin Kunz Mejri (b...@vulnerability-lab.com) Disclaimer & Information: ========= The information provided in this advisory is provided as it is without any warranty. Vulnerability

Zikula CMS v1.3.5 - Multiple Web Vulnerabilities

(b...@evolution-sec.com) [www.vulnerability-lab.com] Disclaimer & Information: = The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties, either expressed or implied, including the wa

Bluetooth U v1.2.0 iOS - Directory Traversal Vulnerability

ability can be patched by a restriction of the filename user input. Encode and parse the input and filter the index file name dir listing to prevent executions. Security Risk: == The security risk of the path/directory traversal web vulnerability is estimated as high(+). Credits & A

PayPal Inc Bug Bounty #61 - Persistent Mail Encoding Vulnerability

(+). Credits & Authors: == Vulnerability Laboratory [Research Team] -Benjamin Kunz Mejri (b...@vulnerability-lab.com) Disclaimer & Information: ========= The information provided in this advisory is provided as it is without any warranty. Vulnerability

Elite Graphix ElitCMS 1.01 & PRO - Multiple Web Vulnerabilities

w(+)|(-)medium. Credits & Authors: == Vulnerability Laboratory [Research Team] - Katharin S. L. (CH) Disclaimer & Information: = The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties, eithe

Onpub CMS 1.4 & 1.5 - Multiple SQL Injection Vulnerabilities

Disclaimer & Information: = The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties, either expressed or implied, including the warranties of merchantability and capability for a particular p

Feeder.co RSS Feeder 5.2 Chrome - Persistent Software Vulnerability

Document Title: === Feeder.co RSS Feeder 5.2 Chrome - Persistent Software Vulnerability Release Date: = 2013-10-26 Vulnerability Laboratory ID (VL-ID): 1119 Common Vulnerability Scoring System:

Paypal Inc Bug Bounty #104 - Persistent Exception Vulnerability

input validation and exception-handling vulnerability is estimated as medium(+). Credits & Authors: == Vulnerability Laboratory [Research Team] - Benjamin Kunz Mejri (b...@evolution-sec.com) Disclaimer & Information: = The information pr

ILIAS eLearning 4.3.4 & 4.4 CMS - Persistent Notes Web Vulnerability

ulnerability Laboratory [Research Team] - Benjamin Kunz Mejri (b...@evolution-sec.com) Disclaimer & Information: = The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties, either expressed or

GTX CMS 2013 Optima - Multiple Web Vulnerabilities

& Authors: == Vulnerability Laboratory [Research Team] - Benjamin Kunz Mejri (b...@evolution-sec.com) [www.vulnerability-lab.com] Disclaimer & Information: = The information provided in this advisory is provided as it is without any warranty. Vuln

Olat CMS 7.8.0.1 - Persistent Calender Web Vulnerability

in Kunz Mejri (b...@evolution-sec.com) [www.vulnerability-lab.com] Disclaimer & Information: = The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties, either expressed or implied, including the warrantie

pdirl PHP Directory Listing 1.0.4 - Cross Site Scripting Web Vulnerabilities

scripting web vulnerabilities are estimated as medium. 1.2 The security risk of the client-side cross site request forgery web vulnerability is estimated as medium(-). 1.3 The security risk of the full path disclosure issue is estimated as low. Credits & Authors: == lin

PayPal Inc Bug Bounty #65 China - Redirect Web Vulnerability

Document Title: === PayPal Inc Bug Bounty #65 China - Redirect Web Vulnerability References (Source): http://www.vulnerability-lab.com/get_content.php?id=860 PayPal Security UID: rdbeeur Release Date: = 2013-11-17 Vulnerability Laboratory ID (VL-I

PayPal Inc Bug Bounty #42 - Persistent POST Inject Vulnerability

earch Team] - Benjamin Kunz Mejri (b...@vulnerability-lab.com) [www.vulnerability-lab.com] Disclaimer & Information: = The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties, either expressed or

Paypal Inc Bug Bounty #47 ALYZ - Persistent Search Vulnerability

x & Patch: === 2013-11-01: Vendor Fix/Patch (PayPal Developer Team - Reward) Security Risk: == The security risk of the persistent input validation web vulnerabilities are estimated as medium. Credits & Authors: ====== Vulnerability Laboratory

Paypal Bug Bounty #14 - Persistent Payment Mail Encoding Vulnerability

mation: = The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties, either expressed or implied, including the warranties of merchantability and capability for a particular purpose. Vulnerability- La

Appologics AirBeam v1.9.2 iOS - Multiple Web Vulnerabilities

Document Title: === Appologics AirBeam v1.9.2 iOS - Multiple Web Vulnerabilities References (Source): http://www.vulnerability-lab.com/get_content.php?id=1140 Release Date: = 2013-11-20 Vulnerability Laboratory ID (VL-ID): =

NewsAktuell PressePortal DE - Remote SQL Injection Web Vulnerability

co Onorati (m.onor...@web.de) [www.vulnerability-lab.com] Disclaimer & Information: = The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties, either expressed or implied, including the warranties of merch

Photo Transfer Wifi 1.4.4 iOS - Multiple Web Vulnerabilities

ersistent album name web vulnerability is estimated as medium(+). Credits & Authors: == Vulnerability Laboratory [Research Team] - Benjamin Kunz Mejri (b...@evolution-sec.com) [www.vulnerability-lab.com] Disclaimer & Information: = The information pr

Imagam iFiles v1.16.0 iOS - Multiple Web Vulnerabilities

=== Vulnerability Laboratory [Research Team] - Benjamin Kunz Mejri (b...@evolution-sec.com) [www.vulnerability-lab.com] Disclaimer & Information: = The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warr

Sonicwall GMS v7.x - Filter Bypass & Persistent Vulnerability (0Day)

jamin Kunz Mejri (b...@evolution-sec.com) [www.vulnerability-lab.com] Disclaimer & Information: ===== The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties, either expressed or implied, including

Wireless Transfer App 3.7 iOS - Multiple Web Vulnerabilities

=== The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties, either expressed or implied, including the warranties of merchantability and capability for a particular purpose. Vulnerability- Lab or its suppliers are

Print n Share v5.5 iOS - Multiple Web Vulnerabilities

medium(+) with a cvss (common vulnerability scoring system) count of 4.5(+). Credits & Authors: == Vulnerability Laboratory [Research Team] - Benjamin Kunz Mejri (b...@evolution-sec.com) [www.vulnerability-lab.com] Disclaimer & Information: = The information

Air Gallery 1.0 Air Photo Browser - Multiple Vulnerabilities

ulnerability Laboratory [Research Team] - Benjamin Kunz Mejri (b...@evolution-sec.com) [www.vulnerability-lab.com] Disclaimer & Information: = The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all

Photo Video Album Transfer 1.0 iOS - Multiple Vulnerabilities

s & Authors: == Vulnerability Laboratory [Research Team] - Benjamin Kunz Mejri (b...@evolution-sec.com) [www.vulnerability-lab.com] Disclaimer & Information: = The information provided in this advisory is provided as it is without any warran

Microsoft PhotoStory - CS Cross Site Scripting Vulnerability

ed as medium(-). Credits & Authors: == Independent Laboratory Researcher - Muhammad A.S. [ahmed@gmail.com] Disclaimer & Information: = The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims

Microsoft Yammer - Persistent Profile Vulnerabilities

== [Vulnerability Laboratory] (Core Research Team) - Ateeq ur Rehman Khan (at...@evolution-sec.com) Disclaimer & Information: = The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties, either expr

Phone Drive Eightythree 4.1.1 iOS - Multiple Vulnerabilities

ility is estimated as high(-). 1.2 - 1.3 The security risk of the local file include web vulnerability via file and folder name value is estimated as high(+). Credits & Authors: == Vulnerability Laboratory [Research Team] - Benjamin Kunz Mejri (b...@evolution-sec.com) [www.v

Microsoft Online, Office & Cloud - Persistent Encoding Vulnerabilities

k: == The security risk of the (application-side) persistent mail encoding web vulnerabilities are estimated as medium(+). Credits & Authors: == Vulnerability Laboratory [Research Team] - Benjamin Kunz Mejri (b...@evolution-sec.com) [www.vulnerability-lab.com] Disclaimer & I

Phone Drive Eightythree 4.1.1 iOS - Multiple Vulnerabilities

Document Title: === Phone Drive Eightythree 4.1.1 iOS - Multiple Vulnerabilities References (Source): http://www.vulnerability-lab.com/get_content.php?id=1168 Release Date: = 2013-12-11 Vulnerability Laboratory ID (VL-ID): =

FileMaster SY-IT v3.1 iOS - Multiple Web Vulnerabilities

Document Title: === FileMaster SY-IT v3.1 iOS - Multiple Web Vulnerabilities References (Source): http://www.vulnerability-lab.com/get_content.php?id=1170 Release Date: = 2013-12-16 Vulnerability Laboratory ID (VL-ID): =

QuickHeal AntiVirus 7.0.0.1 - Stack Overflow Vulnerability

: === The vulnerability can be patched by a secure filter and size restriction of the PE file name text flag. Security Risk: == The security risk of the local stack buffer overflow vulnerability is estimated as medium(+). Credits & Authors: == Arash

Song Exporter v2.1.1 RS iOS - File Include Vulnerabilities

ated as high(-). Credits & Authors: == Vulnerability Laboratory [Research Team] - Benjamin Kunz Mejri (b...@evolution-sec.com) [www.vulnerability-lab.com] Disclaimer & Information: = The information provided in this advisory is provided as it is without any warranty

Song Exporter v2.1.1 RS iOS - File Include Vulnerabilities

ated as high(-). Credits & Authors: == Vulnerability Laboratory [Research Team] - Benjamin Kunz Mejri (b...@evolution-sec.com) [www.vulnerability-lab.com] Disclaimer & Information: = The information provided in this advisory is provided as it is without any warranty

Mozilla Bug Bounty #5 - WireTap Remote Web Vulnerability

ot; {file: "chrome://global/content/bindings/general.xml" line: 0}] [JavaScript Error: "Search service falling back to synchronous initialization at SRCH_SVC__ensureInitialized@resource:///components/nsSearchService.js:2498 @resource:///components/nsSearchService.js:3476 _adjustAcItem@chrome://

SimplyShare v1.4 iOS - Multiple Web Vulnerabilities

code inject web vulnerabilities via POST method request are estimated as medium. Credits & Authors: == Vulnerability Laboratory [Research Team] - Benjamin Kunz Mejri (b...@evolution-sec.com) [www.vulnerability-lab.com] Disclaimer & Information: = The

German Telekom Bug Bounty #9 - Code Execution Vulnerability

== The security risk of the remote code execution vulnerability is estimated as critical. Credits & Authors: == Vulnerability Laboratory [Research Team] - Ibrahim Mosaad El-Sayed (ibra...@evolution-sec.com) [www.vulnerability-lab.com] Disclaimer & Information: =

German Telekom Bug Bounty #10 - Arbitrary File Upload Vulnerability

p; Information: ===== The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties, either expressed or implied, including the warranties of merchantability and capability for a particular purpose. Vulnerabi

German Telekom Bug Bounty #11 - Remote SQL Injection Vulnerability

ypes and filelist parameter to prevent further injection attacks. Security Risk: == The security risk of the remote sql injection web vulnerability is estimated as critical with a cvss count of 8.3. Credits & Authors: == Vulnerability Laboratory [Research Team] - Ibrahim Mosaa

gpEasy v4.3.x CMS - Multiple Web Vulnerabilities

ndling. Parse and filter the input field GET method request with the vulnerable host, path, pass, user and port parameters. Security Risk: == 1.1 The security risk of the local file include and arbitrary file upload web vulnerability is estimated as high(-). 1.2 The secuirty risk of the clie

Facebook Bug Bounty #12 - Client Side Exception Web Vulnerability

1-06: Researcher Notification & Coordination (Benjamin Kunz Mejri - Vulnerability Lab) 2014-01-07: Vendor Notification (Facebook Security Team - WhiteHat Program) 2014-01-09: Vendor Response/Feedback (Facebook Security Team - WhiteHat Program) 2014-01-31: Vendor Fix/Patch (Facebook Developer Team) 20

WiFi Camera Roll v1.2 iOS - Multiple Web Vulnerabilities

d in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties, either expressed or implied, including the warranties of merchantability and capability for a particular purpose. Vulnerability- Lab or its suppliers are not liable in any case of damag

jDisk (stickto) v2.0.3 iOS - Multiple Web Vulnerabilities

ilities are estimated as high(+). Credits & Authors: == Vulnerability Laboratory [Research Team] - Benjamin Kunz Mejri (b...@evolution-sec.com) [www.vulnerability-lab.com] Disclaimer & Information: = The information provided in this advisory is pr

mbDriveHD v1.0.7 iOS - Multiple Web Vulnerabilities

== Vulnerability Laboratory [Research Team] - Benjamin Kunz Mejri (b...@evolution-sec.com) [www.vulnerability-lab.com] Disclaimer & Information: = The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab discla

File Hub v1.9.1 iOS - Multiple Web Vulnerabilities

rability is estimated as high. Credits & Authors: == Vulnerability Laboratory [Research Team] - Benjamin Kunz Mejri (b...@evolution-sec.com) [www.vulnerability-lab.com] Disclaimer & Information: = The information provided in this advisory is provided as it is

My PDF Creator & DE DM v1.4 iOS - Multiple Vulnerabilities

-lab.com] Disclaimer & Information: ===== The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties, either expressed or implied, including the warranties of merchantability and capability for a particula

Barracuda Message Archiver 650 - Persistent Web Vulnerability

ulnerability is estimated as medium. Credits & Authors: == Vulnerability Laboratory [Research Team] - Benjamin Kunz Mejri (b...@evolution-sec.com) [www.vulnerability-lab.com] Disclaimer & Information: = The information provided in this advisory is provid

Barracuda Bug Bounty #36 Firewall - Client Side Exception Handling Web Vulnerability

vulnerability is estimated as medium to high because of the location in the secure application exception-handling. Credits & Authors: == Vulnerability Laboratory [Research Team] - Benjamin Kunz Mejri (b...@evolution-sec.com) [www.vulnerability-lab.com] Disclaimer & Information:

CNNVD Gov CN #1 - Filter Bypass & Persistent Web Vulnerability

Kunz Mejri (b...@evolution-sec.com) [www.vulnerability-lab.com] Disclaimer & Information: = The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties, either expressed or implied, including the warrantie

Barracuda Networks Bug Bounty #35 - Persistent Web Vulnerability

persistent input validation web vulnerabilities are estimated as medium(+). Credits & Authors: == Vulnerability Laboratory [Research Team] - Benjamin Kunz Mejri (b...@evolution-sec.com) [www.vulnerability-lab.com] Disclaimer & Information: = The

WiFiles HD v1.3 iOS - File Include Web Vulnerability

. Credits & Authors: == Vulnerability Laboratory [Research Team] - Benjamin Kunz Mejri (b...@evolution-sec.com) [www.vulnerability-lab.com] Disclaimer & Information: = The information provided in this advisory is provided as it is without any

  1   2   3   4   5   6   7   8   9   >