Cades (2016Q1) - (id) Multiple SQL Injection Vulnerabilities

ities in the web-application are estimated as high. (CVSS 7.5) Credits & Authors: == Dr.Malware Disclaimer & Information: = The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all war

Dorsa Web CMS - Multiple SQL Injection Vulnerabilities

D_NOFOZI , root3r , Sir.H4m1d , 0day , pi.hack , s4jj4d , whitewolf , jok3r , MoHaMaD-BlAcK , l3gi0n, mr.turk , 0xdevil , king_k4li Disclaimer & Information: = The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all

Docker UI v0.10.0 - Multiple Persistent Vulnerabilities

er=Manideep%20K.] Disclaimer & Information: = The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties, either expressed or implied, including the warranties of merchantability and capability for a par

Trend Micro (SSO) - (Backend) SSO Redirect & Session Vulnerability

w.yahoo.com/my_account/] Content-Type[text/html] Content-Language[en] Cache-Control[no-store, no-cache] y-trace[BAEAQAAmoBYDWfT3qwAAbpfxk8XLzrgFKnerkc.NAAUqd6uR22UgXJ6WAA--] Content-Length[382] X-Firefox-Spdy[h2] Security Risk: ===

Python v2.7 v1.5.4 iOS - Filter Bypass & Persistent Vulnerability

== The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties, either expressed or implied, including the warranties of merchantability and capability for a particular purpose. Vulnerability-Lab or its supplie

Wordpress Scoreme Theme - Client Side Cross Site Scripting Web Vulnerability

3gi0n, mr.turk , 0xdevil , king_k4li Disclaimer & Information: = The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties, either expressed or implied, including the warranties of merchantability and capabil

Techsoft Web Solutions CMS 2016 Q2 - SQL Injection Web Vulnerability

ck , l3gi0n , nazanin_wild and 0xdevil Disclaimer & Information: = The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties, either expressed or implied, including the warranties of merchantability a

FortiManager & FortiAnalyzer 5.x (Appliance Application) - (filename) Persistent Web Vulnerability

load function is estimated as medium. (CVSS 3.7) Credits & Authors: == Vulnerability Laboratory [Research Team] - Marco Onorati (resea...@vulnerability-lab.com) [www.vulnerability-lab.com] Disclaimer & Information: = The information provided in t

Apple iOS 9.3.1 (iPhone 6S & iPhone Plus) - (3D Touch) Passcode Bypass Vulnerability

== The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties, either expressed or implied, including the warranties of merchantability and capability for a particular purpose. Vulnerability-Lab or its suppliers are not l

Techsoft WS CMS (2016 Q2) - SQL Injection Web Vulnerability

l3gi0n , nazanin_wild and 0xdevil Disclaimer & Information: = The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties, either expressed or implied, including the warranties of merchantability and capab

Virtual Freer v1.58 - Client Side Cross Site Scripting Vulnerability

rton - Milad Hacking - Mohamad Ghasemi - irhblackhat - Distr0watch - N3TC4T - Ac!D - Mr.G}{o$t - MRS4JJ4D - Nazila Blackhat Disclaimer & Information: ===== The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab discla

Quicksilver HQ VoHo Concept4E CMS v1.0 - Multiple SQL Injection Web Vulnerabilities

rability-lab.com/show.php?user=Iran%20Cyber%20Security] THX: MOHAMAD-NOFOZI , root3r , sir.h4m1d , m0hamad.black , whitewolf , mr.s4jj4d , mr.turk , 0day , pi.hack , l3gi0n , nazanin_wild and 0xdevil Disclaimer & Information: = The information provided in this adviso

Eight Webcom CMS (2016 Q2) - SQL Injection Vulnerability

m0hamad.black , whitewolf , mr.s4jj4d , mr.turk , 0day , pi.hack , l3gi0n , nazanin_wild and 0xdevil Disclaimer & Information: = The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties, either expre

Perli v2.6 iOS - Filter Bypass & Persistent Vulnerability

nerability Laboratory [Research Team] - Benjamin Kunz Mejri (b...@evolution-sec.com) [www.vulnerability-lab.com] Disclaimer & Information: = The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties, e

AccelSite Content Manager v1.0 - SQL Injection Vulnerability

, mr.turk , 0day , pi.hack , l3gi0n , nazanin_wild and 0xdevil Disclaimer & Information: = The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties, either expressed or implied, including the warranties of

Wordpress Robo Gallery v2.0.14 - Code Execution Vulnerability

t is without any warranty. Vulnerability Lab disclaims all warranties, either expressed or implied, including the warranties of merchantability and capability for a particular purpose. Vulnerability-Lab or its suppliers are not liable in any case of damage, including direct, indirect, incidental, conse

Webline CMS (2016Q2) - SQL Injection Vulnerability

, 0day , pi.hack , l3gi0n, nazanin_wild and 0xdevil Disclaimer & Information: = The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties, either expressed or implied, including the warranties of merchantability

Django CMS v3.2.3 - Filter Bypass & Persistent Vulnerability

ecial chars and escapte the entries to prevent further application-side script code injection attacks. Security Risk: == The security risk of the application-side input validation web vulnerability in the django cms is estimated as medium. (CVSS 3.6) Credits & Authors: ====== Vulnerability Lab

C & C++ for OS - Filter Bypass & Persistent Vulnerability

dium. (CVSS 3.5) Credits & Authors: == Vulnerability Laboratory [Research Team] - Benjamin Kunz Mejri (b...@evolution-sec.com) [www.vulnerability-lab.com] Disclaimer & Information: = The information provided in this advisory is provided as it is without any warranty

Totemomail v4.x & v5.x - Filter Bypass & Persistent Vulnerability

n appliance web-application. Credits & Authors: == Vulnerability Laboratory [Research Team] - Benjamin Kunz Mejri (resea...@vulnerability-lab.com) [www.vulnerability-lab.com] Disclaimer & Information: ===== The information provided in this advisory is

UBNT Bug Bounty #2 - XML External Entity Vulnerability

Samir] Disclaimer & Information: ===== The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties, either expressed or implied, including the warranties of merchantability and capability for

Cyberoam Central Console v02.03.1 - Multiple Persistent Vulnerabilities

e Amer - ( http://www.vulnerability-lab.com/show.php?user=Lawrence%20Amer ) Disclaimer & Information: = The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties, either expressed or implied, in

Django CMS v3.2.3 - Filter Bypass & Persistent Vulnerability

he application-side input validation vulnerability and filter bypass issue is estimated as medium. (CVSS 3.6) Credits & Authors: == Vulnerability Laboratory [Research Team] - Benjamin Kunz Mejri (b...@evolution-sec.com) [www.vulnerability-lab.com] Disclaimer & Informat

Negin Group CMS - (v) Multiple Web Vulnerabilities

s advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties, either expressed or implied, including the warranties of merchantability and capability for a particular purpose. Vulnerability-Lab or its suppliers are not liable in any case of damage, including direc

Trend Micro (Account) - Email Spoofing Web Vulnerability

estimated as medium. (CVSS 4.6) Credits & Authors: == Vulnerability Laboratory [Research Team] – Hadji Samir [Evolution Security GmbH] [http://www.vulnerability-lab.com/show.php?user=Hadji%20Samir] Disclaimer & Information: ===== The information provide

VoipNow v4.0.1 - (xajax_handler) Persistent Vulnerability

Benjamin Kunz Mejri (resea...@vulnerability-lab.com) [www.vulnerability-lab.com] Disclaimer & Information: ===== The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties, either expressed or implied, includi

Sophos XG Firewall (SF01V) - Persistent Web Vulnerability

ttp://www.vulnerability-lab.com/show.php?user=Lawrence%20Amer ) Disclaimer & Information: = The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties, either expressed or implied, including the warra

Oracle Discoverer Viewer BI - Open Redirect Vulnerability

] Disclaimer & Information: = The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties, either expressed or implied, including the warranties of merchantability and capability for a particular purpose. Vulnerability-Lab or

Wordpress Truemag Theme - Client Side Cross Site Scripting Web Vulnerability

Cyber%20Security] Special Thanks: root3r Disclaimer & Information: = The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties, either expressed or implied, including the warranties of merchantabi

Wordpress Truemag Theme - Client Side Cross Site Scripting Web Vulnerability

Cyber%20Security] Special Thanks: root3r Disclaimer & Information: = The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties, either expressed or implied, including the warranties of merchantabi

Skype Manager - (Email Change) Filter Bypass Vulnerability

onditions do match with the case scenario. Credits & Authors: == Karim Rahal [ka...@karimrahal.com / karim...@elitesec.org] - @KarimMTV Disclaimer & Information: = The information provided in this advisory is provided as it is without any warranty. Vu

Notes v4.5 iOS - Arbitrary File Upload Vulnerability

ation: = The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties, either expressed or implied, including the warranties of merchantability and capability for a particular purpose. Vulnerability-Lab or its

Stanford University - Multiple SQL Injection Vulnerabilities

i (b...@evolution-sec.com) [www.vulnerability-lab.com] [http://www.vulnerability-lab.com/show.php?user=Benjamin%20K.M.] Disclaimer & Information: = The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties

Trend Micro Direct Pass - Filter Bypass & Cross Site Scripting Vulnerability

er & Information: ========= The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties, either expressed or implied, including the warranties of merchantability and capability for a particular purpose. Vulne

AEF CMS v1.0.9 - (PM) Persistent Cross Site Scripting Vulnerability

s medium (cvss 4.4). Credits & Authors: == Benjamin K.M. [resea...@vulnerability-lab.com] - https://www.vulnerability-lab.com/show.php?user=Benjamin+K.M. Disclaimer & Information: = The information provided in this advisory is provided as it is withou

Weblication CMS Core & Grid v12.6.24 - Multiple Cross Site Scripting Vulnerabilities

= Benjamin K.M. [resea...@vulnerability-lab.com] - https://www.vulnerability-lab.com/show.php?user=Benjamin+K.M. Disclaimer & Information: = The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warran

Sandoba CP:Shop CMS v2016.1 - Multiple Cross Site Scripting Vulnerabilities

ode=rename_dir&form[dir]= Solution - Fix & Patch: === The cross site vulnerabilities can be resolved by implementation of htmlentities and a secure input restriction of characters. Security Risk: == The security risk of the client-side cross site scrip

Microsoft Skype Mobile v81.2 & v8.13 - Remote Denial of Service Vulnerability

mation provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties, either expressed or implied, including the warranties of merchantability and capability for a particular purpose. Vulnerability-Lab or its suppliers are not liable in any c

Secutech DSL WR RIS 330 - Filter Bypass Vulnerability

estimated as medium (CVSS 3.3). Credits & Authors: == Lawrence Amer (Vulnerability Lab Core Research Team) [zeroat...@gmail.com] - https://www.vulnerability-lab.com/show.php?user=Lawrence+Amer Disclaimer & Information: = The information provide

Intel System CU - Buffer Overflow (Denial of Service) Vulnerability

aoud - https://www.vulnerability-lab.com/show.php?user=S.AbenMassaoud Disclaimer & Information: = The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties, either expressed or implied, including the warranties of mer

ASUS WRT-AC66U 3.x - Cross Site Scripting Vulnerability

edium (CVSS 3.0). Credits & Authors: ====== Lawrence Amer (Vulnerability Lab Core Research Team) [zeroat...@gmail.com] - https://www.vulnerability-lab.com/show.php?user=Lawrence+Amer Disclaimer & Information: = The information provided in this advis

Barracuda ADC 5.x - Filter Bypass & Persistent Validation Vulnerability

s/ Solution - Fix & Patch: === The vulnerability can be patched by a parse and encode of the vulnerable content rules input field values. Restrict the input and disallow special chars. Filter and parse the item listing in the configured server module to prevent an execution. Implement a

Barracuda ADC 5.x - Client Side Cross Site Scripting Vulnerability

isk: == The security risk of the non-persistent input validation web vulnerability in the barracuda networks adc appliance web-application is estimated as medium (CVSS 3.6). Credits & Authors: == Benjamin K.M. - https://www.vulnerability-lab.com/show.php?user=Benja

AT&T Bizcircle - Persistent Profile Cross Site Scripting Vulnerabilities

1759500603/profile/edit/group/1/ Solution - Fix & Patch: ======= The vulnerability has been patched by the at&t developer team of the biz circle team. The issue was part of the official bug bounty program. Security Risk: == The security risk of the persisten

Lenovo SU v5.07 - Buffer Overflow & Arbitrary Code Execution Vulnerability

how.php?user=S.AbenMassaoud Disclaimer & Information: = The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties, either expressed or implied, including the warranties of merchantability and capability fo

Barracuda ADC v5.x - Multiple Persistent Vulnerabilities

== The security risk of the persistent input validation web vulnerability in the barracuda networks adc appliance web-application is estimated as medium. Credits & Authors: == Benjamin K.M. (Vulnerability Laboratory Core Research Team) - https://www.vulnerabili

Huawei eNSP v1 - Buffer Overflow (DoS) Vulnerability

r=S.AbenMassaoud Disclaimer & Information: = The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties, either expressed or implied, including the warranties of merchantability and capability for

GhostMail - (Status Message) Persistent Web Vulnerability

tion web vulnerability in the chat module is estimated as medium (CVSS 4.0). Credits & Authors: ========== Vulnerability-Lab [resea...@vulnerability-lab.com] - https://www.vulnerability-lab.com/show.php?user=Vulnerability-Lab Disclaimer & Information: =

Barracuda Cloud Control v3.020 - CS Cross Site Vulnerability

te by recognizing the patch cycle. Security Risk: == The security risk of the non-persistent cross site scripting vulnerability in the target_user value parameter is estimated as medium. Credits & Authors: == Vulnerability-Lab [resea...@vulnerability-lab.com] - https://www.vulnerability-lab.c

GhostMail - (filename to link) POST Inject Web Vulnerability

ion vulnerability. The vulnerability has been reported 2016-10-01. The issue was resolved during the 2017 Q2 - Q4 by the ghost mail developer team. Security Risk: == The security risk of the application-side input validation web vulnerability in the ghostmail mail module i

Binance v1.5.0 - Insecure File Permission Vulnerability

ty Manager] - https://www.vulnerability-lab.com/show.php?user=ZwX Disclaimer & Information: = The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties, either expressed or implied, including the

Adobe Systems - Arbitrary Code Injection Vulnerability

adobe systems psirt and developer team. The issue has been patched in multiple functions. The forumulars are already restricted and the case scenario has been full transparent delivered to ensure the problematic becomes visible to adobe. (Example: http://t.info.adobesystems.com//r/?id=h70201f92,8cea7339,8cea7343&p1=%40HeF

TortoiseSVN v1.12.1 - Remote Code Execution Vulnerability

mated as high. Credits & Authors: == PingFanZettaKe [VXRL Team] - https://www.vulnerability-lab.com/show.php?user=PingFanZettaKe Disclaimer & Information: = The information provided in this advisory is provided as it is without any warranty. Vulner

Dabman & Imperial (i&d) Web Radio Devices - Undocumented Telnet Backdoor & Command Execution Vulnerability

ware" message 7. Press OK to start the update 8. Updated Version: TN81HH96-g102h-g103**a*-fb21a-3624 Security Risk: == The security risk of the vulnerabilities in the online web radio with wifi and user interface are estimated as critical. The vulnerability can be exploited b

Deutsche Bahn Ticket Vending Machine Windows XP - Local Kiosk Privilege Escalation Vulnerability

ion with the touch display to access the file system. Credits & Authors: == Benjamin K.M. - https://www.vulnerability-lab.com/show.php?user=Benjamin+K.M. Disclaimer & Information: = The information provided in this advisory is provided as it is with

Mapbox (API) - Filter Bypass & Persistent Vulnerability

Mejri (b...@evolution-sec.com) [www.vulnerability-lab.com] Disclaimer & Information: = The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties, either expressed or implied, including the warra

Wordpress Levo-Slideshow 2.3 - Arbitrary File Upload Vulnerability

stimated as high. (CVSS 7.5) Credits & Authors: == Aaditya Purani - (https://aadityapurani.com) [http://www.vulnerability-lab.com/show.php?user=Aaditya%20Purani] Disclaimer & Information: = The information provided in this advisory is provided as it

Microsoft Education - Code Execution Vulnerability

Credits & Authors: == Kieran Claessens - (www.kieranclaessens.be) [http://www.vulnerability-lab.com/show.php?user=Kieran%20Claessens] Disclaimer & Information: = The information provided in this advisory is provided as it is without any warranty. V

Wordpress Levo-Slideshow v2.3 - Persistent Vulnerability

/show.php?user=Aaditya%20Purani] Disclaimer & Information: = The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties, either expressed or implied, including the warranties of merchantabili

FlashFXP v5.3.0 (Windows) - Memory Corruption Vulnerability

.vulnerability-lab.com/show.php?user=Benjamin%20K.M.] Disclaimer & Information: = The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties, either expressed or implied, including the warranties of m

CM Ad Changer 1.7.7 Wordpress Plugin - Cross Site Scripting Web Vulnerability

i] Disclaimer & Information: = The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties, either expressed or implied, including the warranties of merchantability and capability for a particular purpos

Bashi v1.6 iOS - Persistent Mail Encoding Vulnerability

Vulnerability Laboratory [Research Team] - Benjamin Kunz Mejri (b...@evolution-sec.com) [www.vulnerability-lab.com] Disclaimer & Information: = The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties, either expre

FortiManager & FortiAnalyzer - (filename) Persistent Web Vulnerability

boratory [Research Team] - Marco Onorati (resea...@vulnerability-lab.com) [www.vulnerability-lab.com] Disclaimer & Information: = The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties, either expressed

Ladesk Agent #1 (Bug Bounty) - Session Reset Password Vulnerability

ulnerability-lab.com) [www.vulnerability-lab.com] [http://www.vulnerability-lab.com/show.php?user=Benjamin%20K.M.] Disclaimer & Information: = The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warrant

Mutualaid CMS v4.3.1 - SQL Injection Web Vulnerability

is estimated as high. (CVSS 7.6) Credits & Authors: == mr_mask_black Greetz: peyman - hossein - kian error - king dawn - white wolf - ahmad danger Disclaimer & Information: = The information provided in this advisory is provided as it is without any wa

Alfine CMS v2.6 - (Login) Auth Bypass Vulnerability

== The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties, either expressed or implied, including the warranties of merchantability and capability for a particular purpose. Vulnerability-Lab or its suppli

Iranian Weblog Services v3.3 CMS - Multiple Web Vulnerabilities

Cyber.Net] [http://www.vulnerability-lab.com/show.php?user=Iran%20Cyber%20Security] Disclaimer & Information: = The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties, either expressed or implied, includ

KWSPHP CMS v1.6.995 - Persistent Cross Site Scripting Web Vulnerability

- (http://zwx.fr) [ http://www.vulnerability-lab.com/show.php?user=ZwX ] Disclaimer & Information: = The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties, either expressed or implied,

OpenDocMan v1.3.5 - Full Path Disclosure Vulnerability

dvisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties, either expressed or implied, including the warranties of merchantability and capability for a particular purpose. Vulnerability-Lab or its suppliers are not liable in any case of damage, including d

IBM BlueMix Cloud - (API) Persistent Web Vulnerability

;:"images/appIcons/i-appicon-33-50.png","ace_mediumicon": "images/appIcons/i-appicon-33-32.png","ace_starred":false} Reference(s): http://console.au-syd.bluemix.net/ http://console.au-syd.bluemix.net/rest/ http://console.au-syd.bluemix.net/rest/v2/

Teampass 2.1.26 - Authenticated File Upload Vulnerability

The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties, either expressed or implied, including the warranties of merchantability and capability for a particular purpose. Vulnerability-Lab or its sup

Micron CMS v5.3 - (cat_id) SQL Injection Vulnerability

lack] Disclaimer & Information: = The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties, either expressed or implied, including the warranties of merchantability and capability for a particular purpose. Vu

BMW ConnectedDrive - (Update) VIN Session Vulnerability

Credits & Authors: == Vulnerability Laboratory [Research Team] - Benjamin Kunz Mejri (resea...@vulnerability-lab.com) [www.vulnerability-lab.com] Disclaimer & Information: = The information provided in this advisory is provided as it is without any

BMW - (Token) Client Side Cross Site Scripting Vulnerability

his advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties, either expressed or implied, including the warranties of merchantability and capability for a particular purpose. Vulnerability-Lab or its suppliers are not liable in any case of damage, in

Django CMS v3.3.0 - (Editor Snippet) Persistent Web Vulnerability (CVE-2016-6186)

ability in the django cms is estimated as medium. (CVSS 3.5) Credits & Authors: ====== Vulnerability Laboratory [Research Team] - Benjamin Kunz Mejri (b...@evolution-sec.com) [www.vulnerability-lab.com] Disclaimer & Information: ========= The information pro

Nusiorung CMS 2016 - (Login) Auth Bypass Vulnerability

r & Information: = The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties, either expressed or implied, including the warranties of merchantability and capability for a particular purpose. Vulnerabil

DornCMS v1.4 - (FileManager) Persistent Cross Site Scripting Vulnerability

is estimated as medium. (CVSS 4.6) Credits & Authors: == Vulnerability Laboratory [Research Team] - Benjamin Kunz Mejri (b...@evolution-sec.com) [www.vulnerability-lab.com] Disclaimer & Information: ===== The information provided in this adviso

VUPlayer 2.49 - (.pls) Buffer Overflow Vulnerability

n: = The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties, either expressed or implied, including the warranties of merchantability and capability for a particular purpose. Vulnerability-La

VUPlayer 2.49 - (.wax) Buffer Overflow Vulnerability

ab.com/show.php?user=ZwX] Disclaimer & Information: = The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties, either expressed or implied, including the warranties of merchantability and capability for a particu

Zortam Media Studio 20.60 - Buffer Overflow Vulnerability

Credits & Authors: == ZwX - [http://www.vulnerability-lab.com/show.php?user=ZwX] Disclaimer & Information: = The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties, either expresse

Exponent CMS 2.3.9 - Useraccounts Persistent Vulnerability

Laboratory [Research Team] - Benjamin Kunz Mejri (b...@evolution-sec.com) [www.vulnerability-lab.com] Disclaimer & Information: = The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties, eith

Zoll Checklist v1.2.2 iOS - Multiple Persistent Vulnerabilities

;</tr></table>< p> </p><p>  </p><p class="footer">ZOLL Checklist</p></body></html> Von meinem iPhone gesendet Solution - Fix &am

Saveya Bounty #1 - Bypass & Persistent Vulnerability

y in the saveya online service web-application is estimated as medium. (CVSS 3.7) Credits & Authors: == Vulnerability Laboratory [Research Team] - Benjamin Kunz Mejri (b...@evolution-sec.com) [www.vulnerability-lab.com] Disclaimer & Information: ========= The information pr

ZMS v3.2 CMS - Multiple Client Side Cross Site Scripting Web Vulnerabilities

z Mejri (b...@evolution-sec.com) [www.vulnerability-lab.com] Disclaimer & Information: = The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties, either expressed or implied, including the warra

Fortinet FortiManager & FortiAnalyzer - (filename) Persistent Web Vulnerability

tory [Research Team] - Marco Onorati (http://www.vulnerability-lab.com/show.php?user=Marco%20Onorati) Disclaimer & Information: = The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties, either

Car CMS v3.00.30 - Search Cross Site Scripting Vulnerability

dium. (CVSS 3.2) Credits & Authors: == ZwX - [http://www.vulnerability-lab.com/show.php?user=ZwX] Disclaimer & Information: = The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties, e

FortiManager (Series) - Multiple Web Vulnerabilities

The security risk of the persistent and non-persistent cross site scripting web vulnerability is estimated as medium. (CVSS 3.8) Credits & Authors: == Vulnerability Laboratory [Research Team] - Benjamin Kunz Mejri (http://www.vulnerability-lab.com/show.php?user=Benjamin%20K.M.

Guppy CMS v5.01.03 - Client Side Cross Site Scripting Web Vulnerability

.vulnerability-lab.com] Disclaimer & Information: ===== The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties, either expressed or implied, including the warranties of merchantability and capability fo

Car CMS v3.00.30 - Search Cross Site Scripting Vulnerability

dium. (CVSS 3.2) Credits & Authors: == ZwX - [http://www.vulnerability-lab.com/show.php?user=ZwX] Disclaimer & Information: = The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties, e

Zoll ePCR v2.6.4 iOS - Multiple Persistent Vulnerabilities

The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties, either expressed or implied, including the warranties of merchantability and capability for a particular purpose. Vulnerability-Lab or its sup

Docebo LMS 6.9 - (Moxie) API Calls RST Remote Code Execution Vulnerability

}, "id": "i9" } #3 1. Remote attacker with low user privileges can use the link below to get files uploaded into S3 package as zip downloadable package. URL: https://docebosaas.localhost:8080/moxiemanager/api.php?action=download&path=/S3&names=NAMEOFIFLE.jpg&am

WinSaber - Unquoted Service Path Privilege Escalation

(CVSS 4.2) Credits & Authors: == ZwX - [http://www.vulnerability-lab.com/show.php?user=ZwX] Disclaimer & Information: = The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties,

FortiAnalyzer & FortiManager - Client Side Cross Site Scripting Web Vulnerability

site scripting web vulnerability in the fortianalyzer and fortimanager web-application is estimated as medium. (CVSS 3.0) Credits & Authors: == Vulnerability Laboratory [Research Team] - Benjamin Kunz Mejri (http://www.vulnerability-lab.com/show.php?user=Benjamin%20K.M.) Disclai

FortiManager (Series) - (Bookmark) Persistent Vulnerability

ulnerability in the fortimanager web-application is estimated as medium. (CVSS 3.8) Credits & Authors: == Vulnerability Laboratory [Research Team] - Benjamin Kunz Mejri (resea...@vulnerability-lab.com) [www.vulnerability-lab.com] Disclaimer & Information: ===== The

Typesettercms v5.0.1 - (Delete Files) CSRF Vulnerability

low user interaction. For security demonstration or to reproduce the vulnerability follow the provided information and steps below to continue. PoC: Exploitation Delet Pages CSRF http://localhost:8080/Admin/Extra?cmd=DeleteArea&file=[VULNERABILITY-LAB]"/> Reference(s): http://

Subrion v4.0.5 CMS - SQL Injection Vulnerability

w.php?user=Benjamin%20K.M.] Disclaimer & Information: ===== The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties, either expressed or implied, including the warranties of merchantability and capab

FortiCloud - (Reports Summary) Multiple Persistent Vulnerabilities

=== Vulnerability Laboratory [Research Team] - Lawrence Amer - ( http://www.vulnerability-lab.com/show.php?user=Lawrence%20Amer ) Disclaimer & Information: = The information provided in this advisory is provided as it is without any warranty. Vulnerability L

phpCollab v2.5 CMS - SQL Injection Vulnerability

jri (http://www.vulnerability-lab.com/show.php?user=Benjamin%20K.M.) Disclaimer & Information: = The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties, either expressed or implied, incl

Facebook Bug Bounty #33 - Bypass ID user to linked Phone Number Vulnerability

amp; Authors: == SaifAllah benMassaoud & Zahid Mehmood - ( http://www.vulnerability-lab.com/show.php?user=SaifAllahbenMassaoud ) Disclaimer & Information: = The information provided in this advisory is provided as it is without any warranty.

FortiVoice v5.0 - Filter Bypass & Persistent Validation Vulnerability

ormation: ====== The vulnerability lab core team discovered multiple application-side web vulnerabilities in the official Fortinet FortiVoice v5.x appliance web-application. Vulnerability Disclosure Timeline: == 2016-05-11: Researcher Notification &

<    1   2   3   4   5   6   7   8   9   >