Apple iTunes & AppStore - Filter Bypass & Persistent Invoice Vulnerability

2015-07-27 Thread Vulnerability Lab
ule is estimated as high. (CVSS 5.8) Credits & Authors: == Vulnerability Laboratory [Research Team] - Benjamin Kunz Mejri (b...@evolution-sec.com) [www.vulnerability-lab.com] Disclaimer & Information: = The information provided in this advisory is

Ferrari - PHP CGI Argument Injection (RCE) Vulnerability

2015-08-10 Thread Vulnerability Lab
eranclaessens.be) Disclaimer & Information: = The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties, either expressed or implied, including the warranties of merchantability and capability for a

Device Inspector v1.5 iOS - Command Inject Vulnerabilities

2015-08-10 Thread Vulnerability Lab
isclaimer & Information: = The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties, either expressed or implied, including the warranties of merchantability and capability for a particular purpose. Vuln

bizidea Design CMS 2015Q3 - SQL Injection Vulnerability

2015-08-12 Thread Vulnerability Lab
= The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties, either expressed or implied, including the warranties of merchantability and capability for a particular purpose. Vulnerability-Lab or its suppliers ar

Microsoft HTA (HTML Application) - Remote Code Execution Vulnerability (MS14-064)

2015-08-20 Thread Vulnerability Lab
x20\x20\x20\x0d\x0a\x20\x20\x20\x20\x61\x62\x28\x30\x29". "\x3d\x30\x20\x20\x20\x0d\x0a\x20\x20\x20\x20\x61\x61\x28\x61\x31\x29\x3d\x61\x64\x64\x2b\x34\x20". "\x20\x20\x20\x20\x0d\x0a\x20\x20\x20\x20\x61\x62\x28\x30\x29\x3d\x31\x2e\x36\x39\x37\x35\x39\x36"

PDF Shaper v3.5 - (MSF) Remote Buffer Overflow Vulnerability

2015-08-20 Thread Vulnerability Lab
eol stream << "/Intent /RelativeColorimetric" << eol stream << "/Subtype /Image" << eol stream << "/Filter /DCTDecode" << eol stream << "/Length #{jpeg.length}" << eol stream << "/

WebSolutions India Design CMS - SQL Injection Vulnerability

2015-08-20 Thread Vulnerability Lab
his advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties, either expressed or implied, including the warranties of merchantability and capability for a particular purpose. Vulnerability-Lab or its suppliers are not liable in any case of damage, includin

ChiefPDF Software v2.x - Buffer Overflow Vulnerability

2015-08-20 Thread Vulnerability Lab
The security risk of the local buffer overflow vulnerability in the chiefpdf software clients is estimated as high. (CVSS 7.3) Credits & Authors: == metacom - [http://www.vulnerability-lab.com/show.php?user=metacom] Disclaimer & Information: ===

UBNT Bug Bounty #1 - Client Side Cross Site Scripting Vulnerability

2015-08-20 Thread Vulnerability Lab
r [sa...@evolution-sec.com] Disclaimer & Information: = The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties, either expressed or implied, including the warranties of merchantability and capability for a

UBNT Bug Bounty #3 - Persistent Filename Vulnerability

2015-08-20 Thread Vulnerability Lab
4.2) Credits & Authors: == Vulnerability Laboratory [Research Team] - Hadji Samir [sa...@evolution-sec.com] Disclaimer & Information: = The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all

PayPal Bug Bounty #119 - Stored Cross Site Scripting Vulnerability

2015-08-31 Thread Vulnerability Lab
er & Information: = The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties, either expressed or implied, including the warranties of merchantability and capability for a particular purpose. Vuln

LinuxOptic CMS 2009 - Auth Bypass Session Vulnerability

2015-08-31 Thread Vulnerability Lab
= Contact: https://securityresearchindia.wordpress.com > https://twitter.com/aaditya_purani Disclaimer & Information: = The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties, either expressed

Dogma India dogmaindia CMS - Auth Bypass Vulnerability

2015-08-31 Thread Vulnerability Lab
provided as it is without any warranty. Vulnerability Lab disclaims all warranties, either expressed or implied, including the warranties of merchantability and capability for a particular purpose. Vulnerability-Lab or its suppliers are not liable in any case of damage, including direct, indirect, inci

Zhone ADSL2+ 4P Bridge & Router (Broadcom) - Multiple Vulnerabilities

2015-09-03 Thread Vulnerability Lab
Mahmoud Khaled - [mahmoud_k...@yahoo.com] Disclaimer & Information: = The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties, either expressed or implied, including the warranties of merchantability and

Yahoo Bug Bounty #32 - Cross Site Request Forgery bulkImport Web Vulnerability

2015-09-11 Thread Vulnerability Lab
ication is estimated as medium. (CVSS 3.8) Credits & Authors: == Vulnerability Laboratory [Research Team] - Hadji Samir [sa...@evolution-sec.com] Disclaimer & Information: = The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab

Shopify Bug Bounty #8 - (FilePath) Persistent Vulnerability

2015-09-11 Thread Vulnerability Lab
m] - Hadji Samir [sa...@evolution-sec.com] Disclaimer & Information: = The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties, either expressed or implied, including the warranties of merchantability and capabil

PayPal Inc - Security Approval & 2FA Session Auth Bypass (API) Vulnerability

2015-09-11 Thread Vulnerability Lab
arch Team] - Benjamin Kunz Mejri (b...@evolution-sec.com) [www.vulnerability-lab.com] Disclaimer & Information: = The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties, either expressed or

Magento Bug Bounty #19 - Persistent Filename Vulnerability

2015-09-11 Thread Vulnerability Lab
plication is estimated as medium. (CVSS 3.9) Credits & Authors: == Vulnerability Laboratory [Research Team] - Hadji Samir [sa...@evolution-sec.com] Disclaimer & Information: = The information provided in this advisory is provided as it is without an

Paypal Inc - Open Redirect Web Vulnerability

2015-09-15 Thread Vulnerability Lab
d as it is without any warranty. Vulnerability Lab disclaims all warranties, either expressed or implied, including the warranties of merchantability and capability for a particular purpose. Vulnerability-Lab or its suppliers are not liable in any case of damage, including direct, indirect, in

Air Drive Plus v2.4 iOS - Arbitrary File Upload Vulnerability

2015-09-22 Thread Vulnerability Lab
=== Vulnerability Laboratory [Research Team] - Benjamin Kunz Mejri (b...@evolution-sec.com) [www.vulnerability-lab.com] Disclaimer & Information: = The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims

UDID v1.0 iOS - Persistent Mail Encode Vulnerability

2015-09-22 Thread Vulnerability Lab
laimer & Information: = The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties, either expressed or implied, including the warranties of merchantability and capability for a particular purpose. Vulnerability-Lab

Flowdock API Bug Bounty #1 - (Description) Persistent Web Vulnerability

2015-09-23 Thread Vulnerability Lab
Authors: == Vulnerability Laboratory [Research Team] - Hadji Samir [sa...@evolution-sec.com] Disclaimer & Information: = The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties, either expressed or implied,

WiFi Drive CR v1.0 iOS - Persistent Filename Dir List Vulnerability

2015-09-23 Thread Vulnerability Lab
tory [Research Team] - Benjamin Kunz Mejri (b...@evolution-sec.com) [www.vulnerability-lab.com] Disclaimer & Information: ===== The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties, either expres

UltraEdit v22.20 - Buffer Overflow Vulnerability

2015-09-23 Thread Vulnerability Lab
p; Information: ===== The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties, either expressed or implied, including the warranties of merchantability and capability for a particular purpose. Vulnerab

My.WiFi USB Drive v1.0 iOS - File Include Vulnerability

2015-09-28 Thread Vulnerability Lab
i (b...@evolution-sec.com) [www.vulnerability-lab.com] Disclaimer & Information: = The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties, either expressed or implied, including the warranties o

Flowdock API Bug Bounty #3 - (Invite) Persistent Web Vulnerability

2015-09-28 Thread Vulnerability Lab
as been invited to grant access 8. Successful reproduce of the vulnerability in flowdock api and main dashbaord! Note: Use tamper data in mozilla to manipulate the session values and to approve the existence of the vulnerability! Execution Point: https://www.flowdock.com/app/vuln

WinRAR SFX v5.21 - Remote Code Execution Vulnerability

2015-09-28 Thread Vulnerability Lab
gham [https://ir.linkedin.com/in/rezasp] (m...@reza.es or reza.esparg...@gmail.com] (www.reza.es) Disclaimer & Information: = The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties, either expressed or

NodeBB v0.8.2 - Client Side Cross Site Web Vulnerability

2015-09-28 Thread Vulnerability Lab
S 3.4) Credits & Authors: == Mikica Ivosevic Disclaimer & Information: = The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties, either expressed or implied, including the warranties of me

Photos in Wifi v1.0.1 iOS - Arbitrary File Upload Vulnerability

2015-09-28 Thread Vulnerability Lab
enjamin Kunz Mejri (b...@evolution-sec.com) [www.vulnerability-lab.com] Disclaimer & Information: = The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties, either expressed or implied,

IconLover v5.4.5 - Stack Buffer Overflow Vulnerability

2015-09-28 Thread Vulnerability Lab
ow.php?user=ZwX] Disclaimer & Information: ===== The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties, either expressed or implied, including the warranties of merchantability and capability for a pa

WebComIndia CMS 2015Q4 - Auth Bypass Vulnerability

2015-10-09 Thread Vulnerability Lab
ani ] Special Thanks: Hell Shield Hackers | Ahmedabad University | Skysecura Disclaimer & Information: = The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties, either expressed or implied, including

PayPal Inc Bug Bounty #119 - URL Redirect Web Vulnerability

2015-10-09 Thread Vulnerability Lab
== Rui Silva (http://www.vulnerability-lab.com/show.php?user=Rui%20Silva) Disclaimer & Information: = The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties, either expressed or implied, inc

FreeYouTubeToMP3 Converter 4.0.1 - Buffer Overflow Vulnerability

2015-10-09 Thread Vulnerability Lab
lab.com/show.php?user=ZwX ] Disclaimer & Information: ===== The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties, either expressed or implied, including the warranties of merchantability a

PayPal Inc Bug Bounty #117 - Session Fixation Vulnerability

2015-10-15 Thread Vulnerability Lab
Samir (sa...@evolution-sec.com) [http://www.vulnerability-lab.com/show.php?user=Hadji%20Samir] Disclaimer & Information: = The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties, either e

Freemake Video Downloader 3.7.1 - Code Execution Vulnerability

2015-10-15 Thread Vulnerability Lab
amp; Authors: == ZwX - (http://zwx.fr) [ http://www.vulnerability-lab.com/show.php?user=ZwX ] Disclaimer & Information: = The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties, eith

LAN Scan HD v1.20 iOS - Command Inject Vulnerability

2015-11-17 Thread Vulnerability Lab
his advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties, either expressed or implied, including the warranties of merchantability and capability for a particular purpose. Vulnerability-Lab or its suppliers are not liable in any case of damage, including direct,

Port Scan v2.0 iOS - Command Inject Vulnerability

2015-11-17 Thread Vulnerability Lab
rch Team] - Benjamin Kunz Mejri (b...@evolution-sec.com) [www.vulnerability-lab.com] Disclaimer & Information: = The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties, either expressed or implied, incl

Magento Bug Bounty #24 - Multiple CSRF Web Vulnerabilities

2015-11-17 Thread Vulnerability Lab
ing/ http://www.magentocommerce.com/bug-tracking/report PoC #2: CSRF URL: http://merch.docs.magento.com/ce/user_guide/Magento_Community_Edition_User_Guide.html Note: Remote attackers are able to inject own websites/webpages with fake login for phishing attacks against the login users Reference(s): http:

Magento Bug Bounty #22 - (Profile) Persistent Vulnerability

2015-11-17 Thread Vulnerability Lab
ww.vulnerability-lab.com/show.php?user=Hadji%20Samir) Disclaimer & Information: = The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties, either expressed or implied, including the warranties of

Murgent CMS - SQL Injection Vulnerability

2015-11-17 Thread Vulnerability Lab
Shab,Sia Turk and All Of My Friends Disclaimer & Information: = The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties, either expressed or implied, including the warranties of merchantability and capability fo

Free WMA MP3 Converter - Buffer Overflow Exploit (SEH)

2015-11-17 Thread Vulnerability Lab
/show.php?user=ZwX ] Disclaimer & Information: = The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties, either expressed or implied, including the warranties of merchantability and capability for

Adobe Premiere Clip v1.1.1 iOS - (cid:x) Filter Bypass & Persistent Software Vulnerability

2015-11-18 Thread Vulnerability Lab
Credits & Authors: == Vulnerability Laboratory [Research Team] - Benjamin Kunz Mejri (b...@evolution-sec.com) [www.vulnerability-lab.com] Disclaimer & Information: ===== The information provided in this advisory is provided as it is without any warr

CIS Manager Content Management System 2015Q4 - SQL Injection Vulnerability

2015-11-25 Thread Vulnerability Lab
ager Content Management System. Vulnerability Disclosure Timeline: == 2015-11-24: Report to Vulnerability Lab (Sajjad Sotoudeh - White-hg) 2015-11-25: Public Disclosure (Vulnerability Laboratory) Discovery Status: = Published Affected Produ

DELL Scrutinizer v12.0.3 - Persistent Software Vulnerability

2015-12-22 Thread Vulnerability Lab
& Information: ========= The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties, either expressed or implied, including the warranties of merchantability and capability for a particular purpose. Vulne

Western Union CN Bug Bounty #6 - Client Side Cross Site Scripting Web Vulnerability

2015-12-22 Thread Vulnerability Lab
n is estimated as medium. (CVSS 3.2) Credits & Authors: == Vulnerability Laboratory [Research Team] - Milan Solanki [milans...@gmail.com] Disclaimer & Information: = The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab discl

Lithium Forum - (previewImages) Persistent Vulnerability

2015-12-22 Thread Vulnerability Lab
e is estimated as medium. (CVSS 4.6) Credits & Authors: == Vulnerability Laboratory [Research Team] – Hadji Samir (sa...@evolution-sec.com) [http://www.vulnerability-lab.com/show.php?user=Hadji%20Samir] Disclaimer & Information: = The information

Switch v4.68 - Code Execution Vulnerability

2015-12-22 Thread Vulnerability Lab
is provided as it is without any warranty. Vulnerability Lab disclaims all warranties, either expressed or implied, including the warranties of merchantability and capability for a particular purpose. Vulnerability-Lab or its suppliers are not liable in any case of damage, including direct, indirect,

POP Peeper 4.0.1 - Persistent Code Execution Vulnerability

2015-12-22 Thread Vulnerability Lab
out any warranty. Vulnerability Lab disclaims all warranties, either expressed or implied, including the warranties of merchantability and capability for a particular purpose. Vulnerability-Lab or its suppliers are not liable in any case of damage, including direct, indirect, incidental, consequ

Aeris Calandar v2.1 - Buffer Overflow Vulnerability

2015-12-22 Thread Vulnerability Lab
p; Information: ===== The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties, either expressed or implied, including the warranties of merchantability and capability for a particular purpose.

Secure Item Hub v1.0 iOS - Multiple Web Vulnerabilities

2016-01-27 Thread Vulnerability Lab
y [Research Team] - Benjamin Kunz mejri (resea...@vulnerability-lab.com) [www.vulnerability-lab.com] Disclaimer & Information: ===== The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties, either exp

Apple WatchOS v2.1 - Denial of Service Vulnerability

2016-01-27 Thread Vulnerability Lab
za.es] Disclaimer & Information: = The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties, either expressed or implied, including the warranties of merchantability and capability for a particular purpos

Barracuda Networks Bug Bounty #38 Message Archiver - Multiple Vulnerabilities

2016-01-27 Thread Vulnerability Lab
/view_message_log_detail.cgi [primary_tab parameter] [+] /cgi-mod/view_message_log_detail.cgi [realm parameter] [+] /cgi-mod/view_message_log_detail.cgi [secondary_tab parameter] Security Risk: == The secu

Telegram (API) - Cross Site Request Forgery Vulnerabilities

2016-01-27 Thread Vulnerability Lab
elopers is estimated as medium. (CVSS 3.2) Credits & Authors: == Lawrence Amer - ( http://www.vulnerability-lab.com/show.php?user=Lawrence%20Amer ) Disclaimer & Information: = The information provided in this advisory is provided as it is without any

Ebay Magento Bug Bounty #2 - Persistent Web Vulnerability

2016-01-27 Thread Vulnerability Lab
y risk of the persistent mail encoding web vulnerability and the web-server validation misconfiguration are estimated as medium. (CVSS 3.7) Credits & Authors: == Vulnerability Laboratory [Research Team] - Benjamin Kunz Mejri (b...@evolution-sec.com) [www.vulnerability-lab.com]

Kleefa v1.7 (IR) - Multiple Web Vulnerabilities

2016-01-27 Thread Vulnerability Lab
ing web vulnerabilities in the web-application are estimated as medium. (CVSS 3.3) Credits & Authors: == Iran Cyber Security Group - (ICG SEC) Disclaimer & Information: = The information provided in this advisory is provided as it is without any war

Classic Infomedia (Login) - Auth Bypass Web Vulnerability

2016-01-27 Thread Vulnerability Lab
o : root3r | MOHAMAD-NOFOZI | KamraN HellisH | JOK3R | Pi.Hack | CRY$I$ BL4CK | WH!T3 W01F | And All Members Of Iran-Cyber.Net Disclaimer & Information: = The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab dis

WebMartIndia CMS 2016 Q1 - SQL Injection Vulnerability

2016-01-27 Thread Vulnerability Lab
ICG SEC) [Iran-Cyber.Net] Spc Thnx 2: root3r , mohamad-nofozi , jok3r , pi.hack , 0day , m0hamad-black , wh1tew0lf , mr.turk and all member of iran-cyber.net Disclaimer & Information: ========= The information provided in this advisory is provided as it is without any warranty. Vu

los818 CMS 2016 Q1 - SQL Injection Web Vulnerability

2016-01-27 Thread Vulnerability Lab
ded as it is without any warranty. Vulnerability Lab disclaims all warranties, either expressed or implied, including the warranties of merchantability and capability for a particular purpose. Vulnerability-Lab or its suppliers are not liable in any case of damage, including direct, indirect, i

Trend Micro Direct Pass - Filter Bypass & Persistent Web Vulnerability

2016-01-28 Thread Vulnerability Lab
rmation: = The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties, either expressed or implied, including the warranties of merchantability and capability for a particular purpose. Vulnerability-Lab or its

New Era Company CMS - (id) SQL Injection Vulnerability

2016-01-28 Thread Vulnerability Lab
Cyber Security Group - 0x3a (ICG SEC) Disclaimer & Information: = The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties, either expressed or implied, including the warranties of merchantability

Netlife Photosuite Pro - Client Side Cross Site Scripting Vulnerability

2016-01-29 Thread Vulnerability Lab
ts & Authors: == Iran Cyber Security Group - 0x3a (ICG SEC) [Iran-Cyber.Net] [http://www.vulnerability-lab.com/show.php?user=Iran%20Cyber%20Security] Disclaimer & Information: = The information provided in this advisory is provided as it is without any warrant

Netlife Photosuite Pro - Client Side Cross Site Scripting Vulnerability

2016-02-01 Thread Vulnerability Lab
ts & Authors: == Iran Cyber Security Group - 0x3a (ICG SEC) [Iran-Cyber.Net] [http://www.vulnerability-lab.com/show.php?user=Iran%20Cyber%20Security] Disclaimer & Information: = The information provided in this advisory is provided as it is without any warrant

File Hub v3.3 iOS (Wifi) - Multiple Web Vulnerabilities

2016-02-01 Thread Vulnerability Lab
n Kunz Mejri (resea...@vulnerability-lab.com) [www.vulnerability-lab.com] Disclaimer & Information: = The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties, either expressed or implied, including t

Compal ConnectBox Wireless - Passphrase Settings Filter Bypass Vulnerability

2016-02-03 Thread Vulnerability Lab
[Research Team] - Marco Onorati Disclaimer & Information: = The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties, either expressed or implied, including the warranties of merchantability and

Getdpd Bug Bounty #1 - (asm0option0) Persistent Web Vulnerability

2016-02-03 Thread Vulnerability Lab
== Vulnerability Laboratory [Research Team] - Hadji Samir [sa...@evolution-sec.com] [www.vulnerability-lab.com] (http://www.vulnerability-lab.com/show.php?user=Hadji%20Samir) Disclaimer & Information: = The information provided in this advisory is provided a

SimpleView CRM - Client Side Open Redirect Vulnerability

2016-02-03 Thread Vulnerability Lab
== Tommy DeVoss Disclaimer & Information: = The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties, either expressed or implied, including the warranties of merchantability and capability for a p

File Manager PRO v1.3 iOS - Multiple Web Vulnerabilities

2016-02-03 Thread Vulnerability Lab
application is estimated as high. (CVSS 7.3) Credits & Authors: == Vulnerability Laboratory [Research Team] - Benjamin Kunz Mejri (resea...@vulnerability-lab.com) [www.vulnerability-lab.com] Disclaimer & Information: = The information provided in this advisory is provided as

Soso Transfer v1.1 iOS - Denial of Service Vulnerability

2016-02-03 Thread Vulnerability Lab
ided as it is without any warranty. Vulnerability Lab disclaims all warranties, either expressed or implied, including the warranties of merchantability and capability for a particular purpose. Vulnerability-Lab or its suppliers are not liable in any case of damage, including direct, indirect, incidenta

Apple iOS v9.1, 9.2 & 9.2.1 - Application Update Loop Pass Code Bypass

2016-02-04 Thread Vulnerability Lab
sea...@vulnerability-lab.com) [www.vulnerability-lab.com] Disclaimer & Information: = The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties, either expressed or implied, including the warranties

JavaScript Anywhere v3.0.4 iOS - Persistent Vulnerability

2016-02-08 Thread Vulnerability Lab
vulnerability-lab.com] Disclaimer & Information: = The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties, either expressed or implied, including the warranties of merchantability and capability for a

Getdpd BB #4 - (name) Persistent Validation Vulnerability

2016-02-08 Thread Vulnerability Lab
= The security risk of application-side input validation web vulnerability in the frontend of the getdpd web-application is estimated as medium. (CVSS 3.8) Credits & Authors: == Vulnerability Laboratory [Research Team] - Hadji Samir [sa...@evolution-sec.com] Disclaimer &

Alsovalue CMS 2016Q1 - SQL Injection Web Vulnerability

2016-02-08 Thread Vulnerability Lab
isclaimer & Information: = The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties, either expressed or implied, including the warranties of merchantability and capability for a particular purpose. Vulnerability-Lab or its s

Ebay Inc (Pages) - Client Side Cross Site Scripting Vulnerabilities

2016-02-08 Thread Vulnerability Lab
== The security risk of the client-side vulnerabilities in the official ebay online service pages Credits & Authors: == Daniel Díez Tainta - (@DaniLabs) Disclaimer & Information: = The information provided in this advisory is provided as it is witho

PressePortal NewsAktuell (DPA) - Multiple Vulnerabilities

2016-02-08 Thread Vulnerability Lab
redits & Authors: == Vulnerability Laboratory [Research Team] - Marco Onorati [http://www.vulnerability-lab.com/show.php?user=Marco%20Onorati] Disclaimer & Information: = The information provided in this advisory is provided as it is without any warra

File Sharing Manager v1.0 iOS - Multiple Web Vulnerabilities

2016-02-10 Thread Vulnerability Lab
@vulnerability-lab.com) [www.vulnerability-lab.com] Disclaimer & Information: = The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties, either expressed or implied, including the warranties of merchan

MyScript Memo v3.0 iOS - (Mail) Persistent Vulnerability

2016-02-10 Thread Vulnerability Lab
Disclaimer & Information: = The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties, either expressed or implied, including the warranties of merchantability and capability for a particular purpose.

Apache Sling Framework v2.3.6 - Information Disclosure Vulnerability

2016-02-10 Thread Vulnerability Lab
lnerability-lab.com] (https://twitter.com/cybercrimenews) Disclaimer & Information: = The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties, either expressed or implied, including the warranties

HD Video Player v2.5 iOS - Multiple Web Vulnerabilities

2016-02-12 Thread Vulnerability Lab
= Vulnerability Laboratory [Research Team] - Benjamin Kunz Mejri (resea...@vulnerability-lab.com) [www.vulnerability-lab.com] Disclaimer & Information: = The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclai

ifixit Bug Bounty #5 - Guide Search Persistent Vulnerability

2016-02-20 Thread Vulnerability Lab
tent input validation web vulnerability in the ifixit.com online service web-application is estimated as medium. (CVSS 3.8) Credits & Authors: == Vulnerability Laboratory [Research Team] - Hadji Samir (sa...@evolution-sec.com) [http://www.vulnerability-lab.com/show.php?us

Adobe - Multiple Client Side Cross Site Scripting Web Vulnerabilities

2016-02-20 Thread Vulnerability Lab
. (CVSS 3.0) The security risk of the client-side open redirect web vulnerability in the adobe web-application is estimated as low. (CVSS 2.1) Credits & Authors: == Daniel Díez Tainta - (@DaniLabs) Disclaimer & Information: = The informa

Chamilo LMS - Persistent Cross Site Scripting Vulnerability

2016-02-20 Thread Vulnerability Lab
sk of the persistent cross site script vulnerability in the web-application is estimated as medium. (CVSS 3.3) Credits & Authors: == Lawrence Amer - ( http://www.vulnerability-lab.com/show.php?user=Lawrence%20Amer ) Disclaimer & Information: =

Chamilo LMS IDOR - (messageId) Delete POST Inject Vulnerability

2016-02-20 Thread Vulnerability Lab
amp; Information: = The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties, either expressed or implied, including the warranties of merchantability and capability for a particular purpose. Vulnerability-Lab or its suppliers ar

Investors Application - Client Side Cross Site Scripting Vulnerability

2016-02-20 Thread Vulnerability Lab
] Disclaimer & Information: = The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties, either expressed or implied, including the warranties of merchantability and capability for a particular purpose. Vu

Prezi Bug Bounty #5 - Client Side Cross Site Scripting & Open Redirect Vulnerability

2016-02-20 Thread Vulnerability Lab
& Authors: == Milan A Solanki - (milans...@gmail.com) [http://www.safehacking4mas.blogspot.in] [https://www.facebook.com/Mas.Hackers] Disclaimer & Information: = The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all w

ifixit Bug Bounty #6 -(Profile) Persistent Vulnerability

2016-02-20 Thread Vulnerability Lab
ion provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties, either expressed or implied, including the warranties of merchantability and capability for a particular purpose. Vulnerability-Lab or its suppliers are not liable in any

InstantCoder v1.0 iOS - Multiple Web Vulnerabilities

2016-02-22 Thread Vulnerability Lab
this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties, either expressed or implied, including the warranties of merchantability and capability for a particular purpose. Vulnerability-Lab or its suppliers are not liable in any case of damage, includ

Ubiquiti Networks Bug Bounty #9 - Invoice Persistent Vulnerabilities

2016-02-22 Thread Vulnerability Lab
ded as it is without any warranty. Vulnerability Lab disclaims all warranties, either expressed or implied, including the warranties of merchantability and capability for a particular purpose. Vulnerability-Lab or its suppliers are not liable in any case of damage, including direct, indirect, incidenta

Oxwall Forum v1.8.1 - Persistent Cross Site Scripting Vulnerability

2016-02-22 Thread Vulnerability Lab
er & Information: = The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties, either expressed or implied, including the warranties of merchantability and capability for a particular purpose. Vuln

InstantCoder v1.0 iOS - Multiple Web Vulnerabilities

2016-02-23 Thread Vulnerability Lab
this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties, either expressed or implied, including the warranties of merchantability and capability for a particular purpose. Vulnerability-Lab or its suppliers are not liable in any case of damage, includ

eFront 3.6.15.6 CMS – (Message Attachment) Persistent Cross Site Scripting Vulnerability

2016-02-24 Thread Vulnerability Lab
um. (CVSS 4.0) Credits & Authors: == Vulnerability Laboratory [Research Team] - Lawrence Amer - http://www.vulnerability-lab.com/show.php?user=Lawrence%20Amer Disclaimer & Information: = The information provided in this advisory is provided as it

WP Good News Themes - Client Side Cross Site Scripting Web Vulnerability

2016-02-29 Thread Vulnerability Lab
eini (EhsanSec.ir) Disclaimer & Information: = The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties, either expressed or implied, including the warranties of merchantability and capability

Fing v3.3.0 iOS - Persistent Mail Encoding Vulnerability

2016-02-29 Thread Vulnerability Lab
web vulnerability in the fing scanner iOS app is estimated as medium. (CVSS 3.5) Credits & Authors: == Vulnerability Laboratory [Research Team] - Benjamin Kunz Mejri (b...@evolution-sec.com) [www.vulnerability-lab.com] Disclaimer & Information: =

Apple iOS v9.2.1 - Multiple PassCode Bypass Vulnerabilities (App Store Link, Buy Tones Link & Weather Channel Link)

2016-03-07 Thread Vulnerability Lab
SS 6.4) Credits & Authors: == Vulnerability Laboratory [Research Team] - Benjamin Kunz Mejri (resea...@vulnerability-lab.com) [http://www.vulnerability-lab.com/show.php?user=Benjamin%20K.M.] Disclaimer & Information: ========= The information provided in

ChitaSoft (Web-Application) - SQL Injection Vulnerability

2016-03-14 Thread Vulnerability Lab
ormation provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties, either expressed or implied, including the warranties of merchantability and capability for a particular purpose. Vulnerability-Lab or its suppliers are not liable in any case

Chamlio LMS v1.10.2 - (Profile) Persistent Web Vulnerability

2016-03-14 Thread Vulnerability Lab
The security risk of the application-side validation web vulnerability in the profile module is estimated as medium. (CVSS 3.4) Credits & Authors: == Vulnerability Laboratory [Research Team] - Lawrence Amer - http://www.vulnerability-lab.com/show.php?user=Lawrence%20Amer Dis

Yahoo Bug Bounty #37 - Sender Spoofing Vulnerability

2016-03-14 Thread Vulnerability Lab
& Information: = The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties, either expressed or implied, including the warranties of merchantability and capability for a particular purpose. Vulnerabilit

Patron Info System - SQL Injection Vulnerability

2016-03-31 Thread Vulnerability Lab
urity] Special Tnx 2 : MOHAMAD_NOFOZI , root3r , Sir.H4m1d , 0day , pi.hack , s4jj4d , whitewolf , jok3r , MoHaMaD-BlAcK ,l3gi0 n , mr.turk , 0xdevil & king_k4li Disclaimer & Information: = The information provided in this advisory is provided as it is without any

Hi Technology & Services CMS - SQL Injection Vulnerabilities

2016-03-31 Thread Vulnerability Lab
i Disclaimer & Information: = The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties, either expressed or implied, including the warranties of merchantability and capability for a particular purpose. Vulnerability-Lab or

WP External Links v1.80 - Cross Site Scripting Web Vulnerabilities

2016-03-31 Thread Vulnerability Lab
= The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties, either expressed or implied, including the warranties of merchantability and capability for a particular purpose. Vulnerability-Lab or its suppliers ar

Docker UI v0.10.0 - Multiple Client Side Cross Site Request Forgery Web Vulnerabilities

2016-03-31 Thread Vulnerability Lab
ep K. - http://www.vulnerability-lab.com/show.php?user=Manideep%20K. Disclaimer & Information: = The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties, either expressed or implied, including the warran

<    1   2   3   4   5   6   7   8   9   >