Category: Segurança digital

Vulnerability Details: Reflected Cross-Site Scripting (XSS) Vulnerability in Esponce QR Code Generator

Vulnerability Details: Reflected Cross-Site Scripting (XSS) Vulnerability in Esponce QR Code Generator

Two weeks ago a user, yuyang998, on the wordpress.org Support Forum disclosed that the plugin Esponce QR Code Generator has a reflected cross-site scripting (XSS) vulnerability. On the thread for one of their others disclosures, we...

Vulnerability Details: Reflected Cross-Site Scripting (XSS) Vulnerability in WP Ad Guru Lite

Vulnerability Details: Reflected Cross-Site Scripting (XSS) Vulnerability in WP Ad Guru Lite

Two weeks ago a user, yuyang998, on the wordpress.org Support Forum disclosed that the plugin WP Ad Guru Lite has a reflected cross-site scripting (XSS) vulnerability. On the thread for one of their others disclosures, we...

Sonicwall SRA 8.1.0.2-14sv viewcert.cgi Remote Command Execution

Sonicwall SRA 8.1.0.2-14sv viewcert.cgi Remote Command Execution

Topic: Sonicwall SRA 8.1.0.2-14sv viewcert.cgi Remote Command Execution Risk: High Text:# Exploit Title: Sonicwall viewcert.cgi CGI Remote Command Injection Vulnerablity # Date: 12/24/2016 # Exploit Author: xort … Source

Sophos Web Appliance 4.2.1.3 Block / Unblock

Sophos Web Appliance 4.2.1.3 Block / Unblock

Topic: Sophos Web Appliance 4.2.1.3 Block / Unblock Risk: Medium Text:# Exploit Title: Sophos Web Appliance UnBlock/Block-IP Remote Command Injection Vulnerablity # Date: 12/12/2016 # Exploit Au… Source

Microsoft Edge / Internet Explorer HandleColumnBreakOnColumnSpanningElement Type Confusion

Microsoft Edge / Internet Explorer HandleColumnBreakOnColumnSpanningElement Type Confusion

Topic: Microsoft Edge / Internet Explorer HandleColumnBreakOnColumnSpanningElement Type Confusion Risk: Medium Text:Microsoft Edge and IE: Type confusion in HandleColumnBreakOnColumnSpanningElement CVE-2017-0037 PoC: < !– saved fro… Source

Sophos Web Appliance 4.2.1.3 Remote Command Execution

Sophos Web Appliance 4.2.1.3 Remote Command Execution

Topic: Sophos Web Appliance 4.2.1.3 Remote Command Execution Risk: High Text:# Exploit Title: Sophos Web Appliance diagnostic_tools wget Remote Command Injection Vulnerablity # Date: 12/12/2016 # Explo… Source

Air Transfer 1.2.1 / 1.0.14 Cross Site Scripting

Air Transfer 1.2.1 / 1.0.14 Cross Site Scripting

Topic: Air Transfer 1.2.1 / 1.0.14 Cross Site Scripting Risk: Low Text:Document Title: Air Transfer 1.2.1 & 1.0.14 iOS – Multiple XSS Web Vulnerabilities References (Source): == … Source

Travel Portal Script 9.37 Cross Site Scripting / SQL Injection

Travel Portal Script 9.37 Cross Site Scripting / SQL Injection

Topic: Travel Portal Script 9.37 Cross Site Scripting / SQL Injection Risk: Medium Text:Exploit Title : Travel Portal Script v9.37 – Multiple Vulnerability Google Dork : – Date : 23/02/2017 Exploit Author : Ma…...

tnef 1.4.12 OOB Read / Write / Type Confusions / Integer Overflows

tnef 1.4.12 OOB Read / Write / Type Confusions / Integer Overflows

Topic: tnef 1.4.12 OOB Read / Write / Type Confusions / Integer Overflows Risk: Medium Text:X41 D-Sec GmbH Security Advisory: X41-2017-004 Multiple Vulnerabilities in tnef == Overview — Confirmed A… Source

MBLS Flex CMS 0.7.2 SQL Injection / Cross Site Scripting

MBLS Flex CMS 0.7.2 SQL Injection / Cross Site Scripting

Topic: MBLS Flex CMS 0.7.2 SQL Injection / Cross Site Scripting Risk: Medium Text:Title: SQL injection & Cross-site scripting in CMS Flex Credit: Bilal KARDADOU Vulnerability: SQL injection & Cross-Site scri… Source

WordPress Mail Masta 1.0 SQL Injection

WordPress Mail Masta 1.0 SQL Injection

Topic: WordPress Mail Masta 1.0 SQL Injection Risk: Medium Text:# Exploit Title: Multiple SQL injection vulnerabilities in Mail Masta (aka mail-masta) plugin 1.0 for WordPress. # Date: 02/18… Source

Siklu EtherHaul Remote Command Execution

Siklu EtherHaul Remote Command Execution

Topic: Siklu EtherHaul Remote Command Execution Risk: High Text:[+] Credits: Ian Ling [+] Website: iancaling.com [+] Source: http://blog.iancaling.com/post/155127766533 Vendor: == … Source

DIGISOL DG-HR1400 Cross Site Request Forgery

DIGISOL DG-HR1400 Cross Site Request Forgery

Topic: DIGISOL DG-HR1400 Cross Site Request Forgery Risk: Low Text:html> Digisol Router CSRF Exploit – Indrajith A.N history.pushState(”, ”, ‘/’) < form a… Source

Joomla BookLibrary 3.6.1 SQL Injection

Joomla BookLibrary 3.6.1 SQL Injection

Topic: Joomla BookLibrary 3.6.1 SQL Injection Risk: Medium Text:# # # # # # Exploit Title: Joomla! Component BookLibrary v3.6.1 – SQL Injection # Google Dork: inurl:index.php?option=com_bo… Source

Joomla Eventix Events Calendar 1.0 SQL Injection

Joomla Eventix Events Calendar 1.0 SQL Injection

Topic: Joomla Eventix Events Calendar 1.0 SQL Injection Risk: Medium Text:# # # # # # Exploit Title: Joomla! Component Eventix Events Calendar v1.0 – SQL Injection # Google Dork: inurl:index.php?opt… Source

Joomla J-BusinessDirectory 4.6.8 SQL Injection

Joomla J-BusinessDirectory 4.6.8 SQL Injection

Topic: Joomla J-BusinessDirectory 4.6.8 SQL Injection Risk: Medium Text:# # # # # # Exploit Title: Joomla! Component J-BusinessDirectory v4.6.8 – SQL Injection # Google Dork: inurl:index.php?optio… Source

Joomla AppointmentBookingPro 4.0.1 SQL Injection

Joomla AppointmentBookingPro 4.0.1 SQL Injection

Topic: Joomla AppointmentBookingPro 4.0.1 SQL Injection Risk: Medium Text:# # # # # # Exploit Title: Joomla! Component AppointmentBookingPro v4.0.1 – SQL Injection # Google Dork: inurl:index.php?opt… Source

Joomla J-CruiseReservation Standard 3.0 SQL Injection

Joomla J-CruiseReservation Standard 3.0 SQL Injection

Topic: Joomla J-CruiseReservation Standard 3.0 SQL Injection Risk: Medium Text:# # # # # # Exploit Title: Joomla! Component J-CruiseReservation Standard v3.0 – SQL Injection # Google Dork: inurl:index.ph… Source

Joomla VehicleManager 3.9 SQL Injection

Joomla VehicleManager 3.9 SQL Injection

Topic: Joomla VehicleManager 3.9 SQL Injection Risk: Medium Text:# # # # # # Exploit Title: Joomla! Component VehicleManager v3.9 – SQL Injection # Google Dork: inurl:index.php?option=com_v… Source

Joomla RealEstateManager 3.9 SQL Injection

Joomla RealEstateManager 3.9 SQL Injection

Topic: Joomla RealEstateManager 3.9 SQL Injection Risk: Medium Text:# # # # # # Exploit Title: Joomla! Component RealEstateManager v3.9 – SQL Injection # Google Dork: inurl:index.php?option=co… Source

Joomla MultiTier 3.1 SQL Injection

Joomla MultiTier 3.1 SQL Injection

Topic: Joomla MultiTier 3.1 SQL Injection Risk: Medium Text:# # # # # # Exploit Title: Joomla! Component MultiTier v3.1 – SQL Injection # Google Dork: inurl:index.php?option=com_multit… Source

Joomla MediaLibrary Basic 3.5 SQL Injection

Joomla MediaLibrary Basic 3.5 SQL Injection

Topic: Joomla MediaLibrary Basic 3.5 SQL Injection Risk: Medium Text:# # # # # # Exploit Title: Joomla! Component MediaLibrary Basic v3.5 – SQL Injection # Google Dork: inurl:index.php?option=c… Source

Joomla UserExtranet 1.3.1 SQL Injection

Joomla UserExtranet 1.3.1 SQL Injection

Topic: Joomla UserExtranet 1.3.1 SQL Injection Risk: Medium Text:# # # # # # Exploit Title: Joomla! Component UserExtranet v1.3.1 – SQL Injection # Google Dork: inurl:index.php?option=com_u… Source

Teradici Management Console 2.2.0 Shell Upload / Privilege Escalation

Teradici Management Console 2.2.0 Shell Upload / Privilege Escalation

Topic: Teradici Management Console 2.2.0 Shell Upload / Privilege Escalation Risk: High Text:# Exploit Title: Teradici Management Console 2.2.0 – Web Shell Upload and Privilege Escalation # Date: February 22nd, 2017 #… Source

PDFMate PDF Converter Pro 1.7.5.0 Buffer Overflow

PDFMate PDF Converter Pro 1.7.5.0 Buffer Overflow

Topic: PDFMate PDF Converter Pro 1.7.5.0 Buffer Overflow Risk: High Text:Document Title: PDFMate PDF Converter Pro 1.7.5.0 – Buffer Overflow Vulnerability References (Source): == … Source

Vulnerability Details: Reflected Cross-Site Scripting (XSS) Vulnerability in WordPress.com Custom CSS

Vulnerability Details: Reflected Cross-Site Scripting (XSS) Vulnerability in WordPress.com Custom CSS

Two weeks ago a user, yuyang998, on the wordpress.org Support Forum disclosed that the plugin WordPress.com Custom CSS had a reflected cross-site scripting (XSS) vulnerability. On the thread for one of their others disclosures, we asked if...

Vulnerability Details: Cross-Site Request Forgery (CSRF)/Cross-Site Scripting (XSS) Vulnerability in Simple Newsletter Plugin

Vulnerability Details: Cross-Site Request Forgery (CSRF)/Cross-Site Scripting (XSS) Vulnerability in Simple Newsletter Plugin

Two weeks ago a user, yuyang998, on the wordpress.org Support Forum disclosed that the plugin Simple Newsletter Plugin has either a persistent or reflected cross-site scripting (XSS) vulnerability. On the thread for one of their others...

Java/Python FTP Injections Allow for Firewall Bypass

Java/Python FTP Injections Allow for Firewall Bypass

Topic: Java/Python FTP Injections Allow for Firewall Bypass Risk: Medium Text:Overview Recently, an vulnerability in Java’s FTP URL handling code has been published which allows for protocol stream inject… Source

Lock Photos Album&Videos Safe v4.3 Directory Traversal Vulnerability

Lock Photos Album&Videos Safe v4.3 Directory Traversal Vulnerability

Topic: Lock Photos Album&Videos Safe v4.3 Directory Traversal Vulnerability Risk: High Text:Document Title: Lock Photos Album&Videos Safe v4.3 – Directory Traversal Vulnerability References (Source): … Source

ProjectSend r754 – IDOR & Authentication Bypass Vulnerability

ProjectSend r754 – IDOR & Authentication Bypass Vulnerability

Topic: ProjectSend r754 – IDOR & Authentication Bypass Vulnerability Risk: Medium Text:Document Title: ProjectSend r754 – IDOR & Authentication Bypass Vulnerability References (Source): == http… Source