[waraxe-2019-SA#110] - Reflected XSS in MapProxy 1.11.0
Author: Janek Vind "waraxe"
Date: 07. August 2019
Location: Estonia, Tartu
Web: http://www.waraxe.us/advisory-110.html
Target description:
[waraxe-2018-SA#108] - Username Disclosure in Breadcrumb NavXT Wordpress plugin
Author: Janek Vind "waraxe"
Date: 26. September 2018
Location: Estonia, Tartu
Web: http://www.waraxe.us/advisory-108.html
Target
[waraxe-2018-SA#107] - Reflected XSS in FV Flowplayer Wordpress plugin
Author: Janek Vind "waraxe"
Date: 20. September 2018
Location: Estonia, Tartu
Web: http://www.waraxe.us/advisory-107.html
Target description:
[waraxe-2013-SA#104] - Multiple Vulnerabilities in Spider Event Calendar
Wordpress Plugin
===
Author: Janek Vind waraxe
Date: 22. May 2013
Location: Estonia, Tartu
Web: http://www.waraxe.us/advisory-104.html
[waraxe-2013-SA#105] - Multiple Vulnerabilities in Spider Catalog Wordpress
Plugin
===
Author: Janek Vind waraxe
Date: 22. May 2013
Location: Estonia, Tartu
Web: http://www.waraxe.us/advisory-105.html
Description
[waraxe-2013-SA#102] - Reflected XSS in phpMyAdmin 3.5.7
===
Author: Janek Vind waraxe
Date: 09. April 2013
Location: Estonia, Tartu
Web: http://www.waraxe.us/advisory-102.html
Description of vulnerable software:
[waraxe-2013-SA#101] - Update Spoofing Vulnerability in Royal TS 2.1.5
===
Author: Janek Vind waraxe
Date: 29. March 2013
Location: Estonia, Tartu
Web: http://www.waraxe.us/advisory-101.html
Description of vulnerable
[waraxe-2013-SA#099] - Update Spoofing Vulnerability in LibreOffice 4.0.1.2
===
Author: Janek Vind waraxe
Date: 21. March 2013
Location: Estonia, Tartu
Web: http://www.waraxe.us/advisory-99.html
Description of
[waraxe-2013-SA#098] - Directory Traversal Vulnerabilities in OpenCart 1.5.5.1
===
Author: Janek Vind waraxe
Date: 19. March 2013
Location: Estonia, Tartu
Web: http://www.waraxe.us/advisory-98.html
Description of
[waraxe-2013-SA#097] - Multiple Vulnerabilities in PHP-Fusion 7.02.05
===
Author: Janek Vind waraxe
Date: 27. February 2013
Location: Estonia, Tartu
Web: http://www.waraxe.us/advisory-97.html
Description of vulnerable
[waraxe-2012-SA#095] - Multiple Vulnerabilities in Wordpress FoxyPress Plugin
===
Author: Janek Vind waraxe
Date: 30. October 2012
Location: Estonia, Tartu
Web: http://www.waraxe.us/advisory-95.html
Description of
[waraxe-2012-SA#094] - Multiple Vulnerabilities in Wordpress GRAND Flash Album
Gallery Plugin
=
Author: Janek Vind waraxe
Date: 24. October 2012
Location: Estonia, Tartu
Web:
[waraxe-2012-SA#092] - Multiple Vulnerabilities in Wordpress Slideshow Plugin
===
Author: Janek Vind waraxe
Date: 17. October 2012
Location: Estonia, Tartu
Web: http://www.waraxe.us/advisory-92.html
Description of
[waraxe-2012-SA#093] - Multiple Vulnerabilities in Wordpress Social Discussions
Plugin
==
Author: Janek Vind waraxe
Date: 17. October 2012
Location: Estonia, Tartu
Web: http://www.waraxe.us/advisory-93.html
[waraxe-2012-SA#089] - Multiple Vulnerabilities in TorrentTrader 2.08
===
Author: Janek Vind waraxe
Date: 17. September 2012
Location: Estonia, Tartu
Web: http://www.waraxe.us/advisory-89.html
Description of vulnerable
[waraxe-2012-SA#088] - Reflected XSS in Joomla 2.5.4 admin sysinfo page
===
Author: Janek Vind waraxe
Date: 03. May 2012
Location: Estonia, Tartu
Web: http://www.waraxe.us/advisory-88.html
CVE:
[waraxe-2012-SA#087] - Reflected XSS in Joomla 1.5.26 ja_purity template
===
Author: Janek Vind waraxe
Date: 03. May 2012
Location: Estonia, Tartu
Web: http://www.waraxe.us/advisory-87.html
CVE:
[waraxe-2012-SA#086] - Local File Inclusion in Invision Power Board 3.3.0
===
Author: Janek Vind waraxe
Date: 12. April 2012
Location: Estonia, Tartu
Web: http://www.waraxe.us/advisory-86.html
CVE:
[waraxe-2012-SA#084] - Multiple Vulnerabilities in OpenCart 1.5.2.1
===
Author: Janek Vind waraxe
Date: 06. April 2012
Location: Estonia, Tartu
Web: http://www.waraxe.us/advisory-84.html
Description of vulnerable
[waraxe-2012-SA#085] - Reflected XSS in Uploadify Integration Wordpress plugin
===
Author: Janek Vind waraxe
Date: 06. April 2012
Location: Estonia, Tartu
Web: http://www.waraxe.us/advisory-85.html
Description of
[waraxe-2012-SA#082] - File Existence Disclosure in Uploadify 3.0.0
===
Author: Janek Vind waraxe
Date: 05. April 2012
Location: Estonia, Tartu
Web: http://www.waraxe.us/advisory-82.html
Description of vulnerable
[waraxe-2012-SA#083] - Multiple Vulnerabilities in Uploadify 2.1.4
===
Author: Janek Vind waraxe
Date: 05. April 2012
Location: Estonia, Tartu
Web: http://www.waraxe.us/advisory-83.html
Description of vulnerable
[waraxe-2012-SA#081] - Multiple Vulnerabilities in Coppermine 1.5.18
==
Author: Janek Vind waraxe
Date: 29. March 2012
Location: Estonia, Tartu
Web: http://www.waraxe.us/advisory-81.html
Affected Software:
[waraxe-2012-SA#080] - Multiple Vulnerabilities in NextBBS 0.6.0
===
Author: Janek Vind waraxe
Date: 27. March 2012
Location: Estonia, Tartu
Web: http://www.waraxe.us/advisory-80.html
Description of vulnerable software:
[waraxe-2010-SA#079] - Reflected XSS in Coppermine 1.5.10
==
Author: Janek Vind waraxe
Date: 28. December 2010
Location: Estonia, Tartu
Web: http://www.waraxe.us/advisory-79.html
Affected Software:
[waraxe-2010-SA#078] - Multiple Vulnerabilities in CruxCMS 3.0.0
===
Author: Janek Vind waraxe
Date: 27. December 2010
Location: Estonia, Tartu
Web: http://www.waraxe.us/advisory-78.html
Affected Software:
[waraxe-2009-SA#075] - Remote File Disclosure in Vivvo CMS 4.1.5.1
===
Author: Janek Vind waraxe
Date: 21. October 2009
Location: Estonia, Tartu
Web: http://www.waraxe.us/advisory-75.html
Description of
[waraxe-2009-SA#074] - Multiple Vulnerabilities in TorrentTrader Classic 1.09
===
Author: Janek Vind waraxe
Date: 15. June 2009
Location: Estonia, Tartu
Web: http://www.waraxe.us/advisory-74.html
Description of
[waraxe-2009-SA#072] - Multiple Vulnerabilities in RavenNuke 2.3.0
===
Author: Janek Vind waraxe
Date: 16. February 2009
Location: Estonia, Tartu
Web: http://www.waraxe.us/advisory-72.html
Description of
Try this:
chromehtml:%20--renderer-path=calc%20--no-sandbox
Disabling sandbox does matter :)
Tested with Google Chrome Chrome 1.0.154.46 on Win XP/Vista and IE6/IE7 and it
works ...
Full PoC:
htmlheadtitleChrome URI Handler Remote Command Execution
PoC/title/head
body
h3This is a test/h3
[waraxe-2009-SA#070] - Multiple Vulnerabilities in MKPortal = 1.2.1
==
Author: Janek Vind waraxe
Date: 15. January 2009
Location: Estonia, Tartu
Web: http://www.waraxe.us/advisory-70.html
Description of vulnerable
[waraxe-2008-SA#068] - Sql Injection in vBulletin 3.7.3.pl1
===
Author: Janek Vind waraxe
Date: 17. November 2008
Location: Estonia, Tartu
Web: http://www.waraxe.us/advisory-68.html
Description of vulnerable software:
[waraxe-2008-SA#069] - Multiple Sql Injection in vBulletin 3.7.4
===
Author: Janek Vind waraxe
Date: 17. November 2008
Location: Estonia, Tartu
Web: http://www.waraxe.us/advisory-69.html
Description of vulnerable
[waraxe-2008-SA#066] - Multiple Vulnerabilities in Coppermine 1.4.14
===
Author: Janek Vind waraxe
Date: 31. January 2008
Location: Estonia, Tartu
Web: http://www.waraxe.us/advisory-66.html
Target software
[waraxe-2008-SA#065] - Remote Shell Command Execution in Coppermine 1.4.14
===
Author: Janek Vind waraxe
Date: 30. January 2008
Location: Estonia, Tartu
Web: http://www.waraxe.us/advisory-65.html
Target software
[waraxe-2008-SA#063] - Information Leakage in Kayako SupportSuite 3.11.01
===
Author: Janek Vind waraxe
Date: 21. January 2008
Location: Estonia, Tartu
Web: http://www.waraxe.us/advisory-63.html
Target software
[waraxe-2008-SA#064] - Sql Injection in MyBB 1.2.11
===
Author: Janek Vind waraxe
Date: 21. January 2008
Location: Estonia, Tartu
Web: http://www.waraxe.us/advisory-64.html
Target software description:
[waraxe-2008-SA#062] - Multiple Sql Injections in MyBB 1.2.10
===
Author: Janek Vind waraxe
Date: 16. January 2008
Location: Estonia, Tartu
Web: http://www.waraxe.us/advisory-62.html
Target software description:
[waraxe-2008-SA#061] - Remote Code Execution in MyBB 1.2.10
===
Author: Janek Vind waraxe
Independent discovery: koziolek
Date: 16. January 2008
Location: Estonia, Tartu
Web: http://www.waraxe.us/advisory-61.html
[waraxe-2007-SA#060] - Sensitive info disclosure in CuteNews = 1.4.5
=
Author: Janek Vind waraxe
Date: 24. December 2007
Location: Estonia, Tartu
Web: http://www.waraxe.us/advisory-60.html
Vulnerable software description:
[waraxe-2007-SA#059] - XSS in WordPress 2.3
Author: Janek Vind waraxe
Date: 27. October 2007
Location: Estonia, Tartu
Web: http://www.waraxe.us/advisory-59.html
Target software description:
[waraxe-2007-SA#056] - Another Sql Injection in NukeSentinel 2.5.11
Author: Janek Vind waraxe
Date: 27. September 2007
Location: Estonia, Tartu
Web: http://www.waraxe.us/advisory-56.html
Target software description:
[waraxe-2007-SA#055] - Sql Injection in SiteX CMS 0.7.3 Beta
Author: Janek Vind waraxe
Date: 27. September 2007
Location: Estonia, Tartu
Web: http://www.waraxe.us/advisory-55.html
Target software description:
[waraxe-2007-SA#057] - Unauthorized File Upload in SiteX CMS
Author: Janek Vind waraxe
Date: 27. September 2007
Location: Estonia, Tartu
Web: http://www.waraxe.us/advisory-57.html
Target software description:
[waraxe-2007-SA#058] - Critical Sql Injection in NukeSentinel 2.5.12
Author: Janek Vind waraxe
Date: 27. September 2007
Location: Estonia, Tartu
Web: http://www.waraxe.us/advisory-58.html
Target software description:
[waraxe-2007-SA#053] - Critical Sql Injection in NukeSentinel 2.5.11
Author: Janek Vind waraxe
Date: 25. September 2007
Location: Estonia, Tartu
Web: http://www.waraxe.us/advisory-53.html
Target software description:
[waraxe-2007-SA#054] - Local File Inclusion in Dance Music module for phpNuke
Author: Janek Vind waraxe
Date: 25. September 2007
Location: Estonia, Tartu
Web: http://www.waraxe.us/advisory-54.html
Target software
[waraxe-2007-SA#052] - dBlog CMS Open Source database retrieval
Author: Janek Vind waraxe
Date: 19. September 2007
Location: Estonia, Tartu
Web: http://www.waraxe.us/advisory-52.html
Target software description:
[waraxe-2007-SA#051] - Sql Injection in 2z Project 0.9.5
Author: Janek Vind waraxe
Date: 23. May 2007
Location: Estonia, Tartu
Web: http://www.waraxe.us/advisory-51.html
Target software description:
[waraxe-2007-SA#050] - Sql Injection in WordPress 2.1.3
Author: Janek Vind waraxe
Date: 21. May 2007
Location: Estonia, Tartu
Web: http://www.waraxe.us/advisory-50.html
Target software description:
[waraxe-2007-SA#049] - Multiple vulnerabilities in Phorum 5.1.20
Author: Janek Vind waraxe
Date: 19. April 2007
Location: Estonia, Tartu
Web: http://www.waraxe.us/advisory-49.html
Target software description:
[waraxe-2007-SA#048] - Multiple vulnerabilities in Virtual War 1.5 module for
PhpNuke
Author: Janek Vind waraxe
Date: 13. April 2007
Location: Estonia, Tartu
Web: http://www.waraxe.us/advisory-48.html
Target software description:
VWar
{}
{ [waraxe-2006-SA#047]
}
{}
{
{}
{ [waraxe-2006-SA#045]
}
{}
{
{}
{ [waraxe-2006-SA#044]
}
{}
{
55 matches
Mail list logo
