[FD] Heroku API Deep Dive Bug Bounty #3 - Persistent UI Vulnerability

Document Title: === Heroku API Deep Dive Bug Bounty #3 - Persistent UI Vulnerability References (Source): http://vulnerability-lab.com/get_content.php?id=1398 BugCrowd ID: 6b37910a3c5685b944a3ad65068aa251af47450953a06b8b13d74b35d708f6b0 Acknowledgement (Hall of

[FD] ZTE Datacard PCW(Telecom MF180) - Multiple Software Vulnerabilities

Document Title: === ZTE Datacard PCW(Telecom MF180) - Multiple Software Vulnerabilities References (Source): http://www.vulnerability-lab.com/get_content.php?id=1405 Release Date: = 2015-01-12 Vulnerability Laboratory ID (VL-ID): ==

[FD] Heroku API Bug Bounty #1 - Persistent Invitation Vulnerability

Document Title: === Heroku API Bug Bounty #1 - Persistent Invitation Vulnerability References (Source): http://www.vulnerability-lab.com/get_content.php?id=1300 Video: http://www.vulnerability-lab.com/get_content.php?id=1335 BugCrowd ID: e8a8ecb81b9bf115226ed2ff

[FD] Wordpress plugin Pods <= 2.4.3 XSS and CSRF vulnerabilities

Vulnerability title: Wordpress plugin Pods <= 2.4.3 XSS and CSRF vulnerabilities vulnerabilities Author: Pietro Oliva CVE: CVE-2014-7956, CVE-2014-7957 Product: pods Affected version: pods <= 2.4.3 Vulnerabilities fixed in version: 2.5 XSS vulnerability (CVE-2014-7956, authentication is needed):

[FD] Reflecting XSS vulnerability in CMS PHPKit WCMS v. 1.6.6

Advisory: Reflecting XSS vulnerability in CMS PHPKit WCMS v. 1.6.6 Advisory ID: SROEADV-2014-07 Author: Steffen Rösemann Affected Software: CMS PHPKit WCMS v. 1.6.6 [Build: 1660014] Vendor URL: http://www.phpkit.com/de/ Vendor Status: did not respond to issue CVE-ID: - == V

[FD] Reflecting XSS vulnerability in CMS Croogo v.2.2.0

Advisory: Reflecting XSS vulnerability in CMS Croogo v.2.2.0 Advisory ID: SROEADV-2015-02 Author: Steffen Rösemann Affected Software: CMS Croogo v.2.20 Vendor URL: https://croogo.org Vendor Status: solved CVE-ID: - == Vulnerability Description: == T