VuFind 1.0 Reflected XSS (Cross-site Scripting) Application 0-Day Web Security Bug

VuFind 1.0 Reflected XSS (Cross-site Scripting) Application 0-Day Web Security Bug   Exploit Title: VuFind Results? &lookfor parameter Reflected XSS Web Security Vulnerability Product: VuFind Vendor: VuFind Vulnerable Versions: 1.0 Tested Version: 1.0 Advisory Publication: September 20, 2015 Latest Update:… Continue Reading

Winmail Server 4.2 Reflected XSS (Cross-site Scripting) Web Application 0-Day Security Bug

Winmail Server 4.2 Reflected XSS (Cross-site Scripting) Web Application 0-Day Security Bug     Exploit Title: Winmail Server badlogin.php &lid parameter Reflected XSS Web Security Vulnerability Product: Winmail Server Vendor: Winmail Server Vulnerable Versions: 4.2   4.1 Tested Version: 4.2… Continue Reading

KnowledgeTree OSS 3.0.3b Reflected XSS (Cross-site Scripting) Web Application 0-Day Security Bug

KnowledgeTree OSS 3.0.3b Reflected XSS (Cross-site Scripting) Web Application 0-Day Security Bug   Exploit Title: KnowledgeTree login.php &errorMessage parameter Reflected XSS Web Security Vulnerability Product: Knowledge Tree Document Management System Vendor: Knowledge Inc Vulnerable Versions: OSS 3.0.3b Tested Version: OSS… Continue Reading

PhotoPost PHP 4.8c Cookie Based Stored XSS (Cross-site Scripting) Web Application 0-Day Bug

PhotoPost PHP 4.8c Cookie Based Stored XSS (Cross-site Scripting) Web Application 0-Day Bug   Exploit Title: PhotoPost PHP __utmz Cookie Stored XSS Web Security Vulnerability Product: PhotoPost PHP Vendor: PhotoPost Vulnerable Versions: 4.8c  4.8.6  4.8.5  4.8.2  3.1.1  vB3 Tested Version:… Continue Reading

FC2 & Rakuten Online Websites Multiple XSS (Cross-site Scripting) and Open Redirect Cyber Vulnerabilities

FC2 & Rakuten Online Websites Multiple XSS (Cross-site Scripting) and Open Redirect Cyber Vulnerabilities    FC2 and Rakuten are the first and second top ranking Japanese local online websites. This article introduces several XSS (Cross-site Scripting) and Open Redirect bugs… Continue Reading

CVE-2015-2349 – SuperWebMailer 5.50.0.01160 XSS (Cross-site Scripting) Web Security Vulnerabilities

CVE-2015-2349 – SuperWebMailer 5.50.0.01160 XSS (Cross-site Scripting) Web Security Vulnerabilities Exploit Title: CVE-2015-2349 – SuperWebMailer /defaultnewsletter.php” HTMLForm Parameter XSS Web Security Vulnerabilities Product: SuperWebMailer Vendor: SuperWebMailer Vulnerable Versions: 5.*.0.*   4.*.0.* Tested Version: 5.*.0.*   4.*.0.* Advisory Publication: March 11,… Continue Reading

CVE-2014-8753 Cit-e-Net Multiple XSS (Cross-Site Scripting) Web Security Vulnerabilities

CVE-2014-8753 Cit-e-Net Multiple XSS (Cross-Site Scripting) Web Security Vulnerabilities Exploit Title: Cit-e-Net Multiple XSS (Cross-Site Scripting) Web Security Vulnerabilities Product: Cit-e-Access Vendor: Cit-e-Net Vulnerable Versions: Version 6 Tested Version: Version 6 Advisory Publication: February 12, 2015 Latest Update: June 01,… Continue Reading

CVE-2014-2230 – OpenX Dest Redirect Privilege Escalation Web Security Vulnerability

CVE-2014-2230 – OpenX 2.8.10 Dest Redirect Privilege Escalation Web Security Vulnerability     Exploit Title: OpenX Dest Redirect Privilege Escalation Web Security Vulnerability Product: OpenX Vendor:  OpenX Vulnerable Versions: 2.8.10 and probably prior Tested Version: 2.8.10 Advisory Publication: October 06, 2014 Latest… Continue Reading

OSVDB 120807 NetCat CMS 3.12 HTML Injection Web Security Vulnerabilities

  OSVDB 120807 NetCat CMS 3.12 HTML Injection Web Security Vulnerabilities   Exploit Title: NetCat CMS 3.12 /catalog/search.php? q Parameter HTML Injection Web Security Vulnerabilities Product: NetCat CMS (Content Management System) Vendor: NetCat Vulnerable Versions: 3.12 3.0 2.4 2.3 2.2… Continue Reading