# Exploit Title: Wordpress Media Cleaner - XSS
# Author: #304;smail SAYGILI
# Web Site: www.ismailsaygili.com.tr
# E-Mail: ileti...@ismailsaygili.com.tr
# Date: 2015-02-26
# Plugin Download:
https://downloads.wordpress.org/plugin/wp-media-cleaner.2.2.6.zip
# Version: 2.2.6
# Vulnerable File(s):
SEC Consult Vulnerability Lab Security Advisory 20150227-0
===
title: Multiple vulnerabilities
product: Loxone Smart Home
vulnerable version: Firmware: 5.49; Android-App: 3.4.1
fixed version: 6.3
SektionEins GmbH
www.sektioneins.de
-= Security Advisory =-
Advisory: Cross-Site-Scripting (XSS) in tcllib's html::textarea
Release Date: 26 February 2015
Last Modified: 26 February 2015
# Exploit Title: HelpDezk 1.0.1 Multiple Vulnerabilities
# Google Dork: intext: helpdezk-community-1.0.1
# Date: 26-2-2015
# Exploit Author: Dennis Veninga
# Vendor Homepage: http://www.helpdezk.org/
# Vendor contacted: 26-2-2015
# Version: 1.0.1
# Tested on: Firefox 36 Chrome 38 / W8.1-x64
CVE-2015-0254 XXE and RCE via XSL extension in JSTL XML tags
Severity: Important
Vendor:
The Apache Software Foundation
Versions Affected:
Standard Taglibs 1.2.1
The unsupported 1.0.x and 1.1.x versions may also be affected.
Description:
When an application uses x:parse or x:transform tags to