[FD] Paypal Inc Bug Bounty #109 Multi Shipping Application API - Filter Bypass & Persistent Vulnerability

ty is estimated as medium. Credits & Authors: == Vulnerability Laboratory [Research Team] - Ateeq ur Rehman Khan (at...@evolution-sec.com) (www.vulnerability-lab.com) Disclaimer & Information: = The information provided in this advisory is provided as it is

[FD] PayPal Inc Bug Bounty #74 - Persistent Core Backend Vulnerability

tory [Research Team] - Benjamin Kunz Mejri (b...@vulnerability-lab.com) [www.vulnerability-lab.com] Disclaimer & Information: = The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties, either expressed or im

[FD] Yahoo! Bug Bounty #25 Flickr API - Persistent Service Vulnerability

man Khan - Vulnerability Lab) 2013-11-04: Vendor Notification (Yahoo! Security Team - Bug Bounty Program) 2014-01-09: Vendor Response/Feedback (Yahoo! Security Team - Bug Bounty Program) 2014-06-22: Vendor Fix/Patch (Yahoo! Developer Team - HackerOne Reward: 1000$) 2014-07-06: Public Di

[FD] Photo Org WonderApplications v8.3 iOS - File Include Vulnerability

include web vulnerability in the filename value is estimated as high. Credits & Authors: == Vulnerability Laboratory [Research Team] - Benjamin Kunz Mejri (b...@evolution-sec.com) [www.vulnerability-lab.com] Disclaimer & Information: ===== The information pro

[FD] Yahoo! Bug Bounty #29 YM - Filter Bypass & Persistent Web Vulnerability

of the persistent exception-handling web vulnerability is estimated as high(-). Credits & Authors: == Vulnerability Laboratory [Research Team] - Ateeq ur Rehman Khan (at...@evolution-sec.com) [www.vulnerability-lab.com] Disclaimer & Information: =====

[FD] Yahoo! Bug Bounty #30 YM - Application Side Mail Encoding (File Attachment) Vulnerability

Document Title: === Yahoo! Bug Bounty #30 YM - Application-Side Mail Encoding (File Attachment) Vulnerability References (Source): http://www.vulnerability-lab.com/get_content.php?id=1137 Release Date: = 2014-07-08 Vulnerability Laboratory ID (VL-

[FD] Barracuda Networks Message Archiver 650 - Persistent Input Validation Vulnerability (BNSEC 703)

sk of the application-side input validation web vulnerability is estimated as medium. Credits & Authors: == Vulnerability Laboratory [Research Team] - Benjamin Kunz Mejri (b...@evolution-sec.com) [www.vulnerability-lab.com] Disclaimer & Information: =

[FD] Microsoft MSN HBE - Blind SQL Injection Vulnerability

..@evolution-sec.com] (@OhTheITGuy) [www.vulnerability-lab.com] Disclaimer & Information: = The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties, either expressed or implied, including the warrantie

[FD] Barracuda Networks Spam&Virus Firewall v6.0.2 (600 & Vx) - Client Side Cross Site Vulnerability

.vulnerability-lab.com) Disclaimer & Information: = The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties, either expressed or implied, including the warranties of merchantability an

[FD] Barracuda Networks #35 Web Firewall 610 v6.0.1 - Filter Bypass & Persistent Vulnerability

e: Advanced >Firmware Updates Page http://www.barracuda.com/kb?id=50160013m4O Security Risk: == The security risk of the persistent input validation web vulnerabilities and estimated as medium(+). Credits & Authors: == Vulnerability Laboratory [Research Tea

[FD] Barracuda Networks Firewall 6.1.2 #36 - Filter Bypass & Exception Handling Vulnerability + PoC Video BNSEC-2398

bility-lab.com] Disclaimer & Information: = The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties, either expressed or implied, including the warranties of merchantability and capability for

[FD] Barracuda Networks Firewall v6.1.5 - Filter Bypass & Persistent Vulnerabilities

put validation web vulnerabilities in connection with the input filter bypass are estimated as medium. Credits & Authors: == Vulnerability Laboratory [Research Team] - Benjamin Kunz Mejri (b...@evolution-sec.com) [www.vulnerability-lab.com] Disclaimer & Information: ==

[FD] Barracuda Networks Spam&Virus Firewall v5.1.3 - Client Side Cross Site Vulnerability

The security risk of the client-side cross site scripting web vulnerability is estimated as medium. Credits & Authors: == Vulnerability Laboratory [Research Team] - Ateeq ur Rehman Khan (at...@evolution-sec.com) [www.vulnerability-lab.com] Disclaimer & Informatio

[FD] WiFi HD v7.3.0 iOS - Multiple Web Vulnerabilities

i (b...@evolution-sec.com) [www.vulnerability-lab.com] Disclaimer & Information: ===== The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties, either expressed or implied, including the warranties o

[FD] (BNSEC-1263) Barracuda Networks Web Application Firewall v6.1.5 & LoadBalancer v4.2.2 #37 - Filter Bypass & Multiple Vulnerabilities

Document Title: === Barracuda Networks Web Application Firewall v6.1.5 & LoadBalancer v4.2.2 #37 - Filter Bypass & Multiple Vulnerabilities References (Source): http://www.vulnerability-lab.com/get_content.php?id=1103 Barracuda Networks Security ID (BNSEC): BNSE

[FD] TigerCom iFolder+ v1.2 iOS - Multiple Vulnerabilities

ulnerability is estimated as critical. Credits & Authors: == Vulnerability Laboratory [Research Team] - Benjamin Kunz Mejri (b...@evolution-sec.com) [www.vulnerability-lab.com] Disclaimer & Information: = The information provided in this advisory is provi

[FD] Photo WiFi Transfer 1.01 - Directory Traversal Vulnerability

ed as high. Credits & Authors: == Vulnerability Laboratory [Research Team] - Benjamin Kunz Mejri (b...@evolution-sec.com) [www.vulnerability-lab.com] Disclaimer & Information: ===== The information provided in this advisory is provided as it is without

[FD] Video WiFi Transfer 1.01 - Directory Traversal Vulnerability

n is estimated as high. Credits & Authors: == Vulnerability Laboratory [Research Team] - Benjamin Kunz Mejri (b...@evolution-sec.com) [www.vulnerability-lab.com] Disclaimer & Information: ===== The information provided in this advisory is provided

[FD] FreeDisk v1.01 iOS - Multiple Web Vulnerabilities

Laboratory [Research Team] - Benjamin Kunz Mejri (b...@evolution-sec.com) [www.vulnerability-lab.com] Disclaimer & Information: ===== The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties, either e

[FD] Ebay Inc Magento ProStore CP #4 - Filter Validation Bypass & Persistent (Payment Information) Vulnerability

jri (b...@evolution-sec.com) [ad...@vulnerability-lab.com] [www.vulnerability-lab.com] Disclaimer & Information: ========= The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties, either expressed or implied, including

[FD] PhotoSync Wifi & Bluetooth v1.0 - File Include Vulnerability

stimated as high. Credits & Authors: == Vulnerability Laboratory [Research Team] - Benjamin Kunz Mejri (b...@evolution-sec.com) [www.vulnerability-lab.com] Disclaimer & Information: = The information provided in this advisory is provided as it i

[FD] PhotoSync v2.2 iOS - Command Inject Web Vulnerability

r & Information: = The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties, either expressed or implied, including the warranties of merchantability and capability for a particular purpose. Vulnerabil

[FD] Easy FTP Pro v4.2 iOS - Command Inject Vulnerabilities

[LOCAL COMMAND INJECT VULNERABILITY!]"> 06.08.14 12:27 Solution - Fix & Patch: === The vulnerabilities can be patched by a sec

[FD] Barracuda Networks Web Security Flex Appliance Application v4.x - Filter Bypass & Persistent Vulnerabilities (BNSEC 707)

ities are estimated as medium. Credits & Authors: == Vulnerability Laboratory [Research Team] - Benjamin Kunz Mejri (b...@evolution-sec.com) [www.vulnerability-lab.com] Disclaimer & Information: = The information provided in this advisory is provide

[FD] Barracuda Networks Web Security Flex v4.1 - Persistent Vulnerabilities (BNSEC-699)

b.com] Disclaimer & Information: ===== The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties, either expressed or implied, including the warranties of merchantability and capability for a particular pu

[FD] Avira License Application - Cross Site Request Forgery Vulnerability

timated as medium. Credits & Authors: == Mazen Gamal - http://www.vulnerability-lab.com/show.php?user=Mazen%20Gamal Disclaimer & Information: = The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warra

[FD] WWW File Share Pro v7.0 - Denial of Service Vulnerability

== The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties, either expressed or implied, including the warranties of merchantability and capability for a particular purpose. Vulnerability-Lab or its suppliers are not

[FD] Apple iOS v7.1.2 - Merge Apps Service Local Bypass Vulnerability

is estimated as high(-). Credits & Authors: == Vulnerability Laboratory [Research Team] - Benjamin Kunz Mejri (b...@evolution-sec.com) [www.vulnerability-lab.com] Disclaimer & Information: = The information provided in this advisory is provided as it i

[FD] Photorange v1.0 iOS - File Include Web Vulnerability

E INCLUDE VULNERABILITY!]%3E.TXT] Content-Type[application/download] Date[Sat, 06 Sep 2014 00:13:00 GMT] Reference(s): Links http://localhost:9900/ http://localhost:9900/Download/ Solution - Fix & Patch: === The vulnerability can be pactehd by a secure parse and enc

[FD] ChatSecure IM v2.2.4 iOS - Persistent Web Vulnerability

laimer & Information: = The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties, either expressed or implied, including the warranties of merchantability and capability for a particular purpose. Vulnerability-Lab o

[FD] Briefcase 4.0 iOS - Code Execution & File Include Vulnerability

e. Filter and restrict the filename input. validate the output names in the main item list of the application index. Security Risk: == 1.1 The security risk of the local code execution web vulnerability is estimated as critical. 1.2 The security risk of the local file include web vulne

[FD] USB&WiFi Flash Drive v1.3 iOS - Code Execution Vulnerability

== Vulnerability Laboratory [Research Team] - Benjamin Kunz Mejri (b...@evolution-sec.com) [www.vulnerability-lab.com] Disclaimer & Information: = The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all w

[FD] Oracle Corporation MyOracle - Persistent Vulnerability

ame input fields in the myoracle application. Encode stored data of user in the dbms when processing to send service notifications by the mail info@oracle email to prevent persistent injection attacks. Security Risk: == The security risk of the persistent mail encoding web vulne

[FD] GS Foto Uebertraeger v3.0 iOS - File Include Vulnerability

ed in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties, either expressed or implied, including the warranties of merchantability and capability for a particular purpose. Vulnerability-Lab or its suppliers are not liable in any case of damage, including

[FD] Oracle Corporation MyOracle - Persistent Vulnerability

s by the mail info@oracle email to prevent persistent injection attacks. Security Risk: == The security risk of the persistent mail encoding web vulnerability in the myoracle account system web-server is estimated as medium. Credits & Authors: == Vulnerability Laboratory

[FD] SmarterTools Smarter Track 6-10 - Information Disclosure Vulnerability

www.linkedin.com/profile/view?id=305567696) Disclaimer & Information: = The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties, either expressed or implied, including the warranties of merchanta

[FD] Paypal Inc Bug Bounty #16 - Persistent Mail Encoding Vulnerability

erability-lab.com] Disclaimer & Information: = The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties, either expressed or implied, including the warranties of merchantability and capability for a parti

[FD] Paypal Inc Bug Bounty #32 - Multiple Persistent Vulnerabilities

y and developer team. Security Risk: == The security risk of the both application-side input validation web vulnerabilities is estimated as medium. Credits & Authors: == Vulnerability Laboratory [Research Team] - Benjamin Kunz Mejri (b...@evolution-sec.co

[FD] All In One Wordpress Firewall 3.8.3 - Persistent Vulnerability

imated as medium. Credits & Authors: == Vulnerability Laboratory [Research Team] - Benjamin Kunz Mejri (b...@evolution-sec.com) [www.vulnerability-lab.com] Disclaimer & Information: = The information provided in this advisory is provided as it is

[FD] PayPal Inc Bug Bounty #59 - Persistent Mail Encoding Vulnerability

of 3.5. Credits & Authors: == Vulnerability Laboratory [Research Team] - Benjamin Kunz Mejri (b...@evolution-sec.com) [www.vulnerability-lab.com] Disclaimer & Information: = The information provided in this advisory is provided as it is without any wa

[FD] PayPal Inc Bug Bounty #71 PPM - Persistent Filter Vulnerability

c.com) [www.vulnerability-lab.com] Disclaimer & Information: = The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties, either expressed or implied, including the warranties of merchantability and capability for

[FD] BulletProof Security Wordpress v50.8 - POST Inject Vulnerability

== Vulnerability Laboratory [Research Team] - Benjamin Kunz Mejri (b...@evolution-sec.com) [www.vulnerability-lab.com] Disclaimer & Information: = The information provided in this advisory is provided as it is without any warranty. Vulnerability La

[FD] HTTP Commander AJS v3.1.9 - Client Side Exception Vulnerability

Document Title: === HTTP Commander AJS v3.1.9 - Client Side Exception Vulnerability References (Source): http://www.vulnerability-lab.com/get_content.php?id=1329 Release Date: = 2014-10-02 Vulnerability Laboratory ID (VL-ID): ==

[FD] PayPal Inc Bug Bounty Issue #70 France - Persistent (Escape Shopping) Mail Vulnerability

ity Laboratory [Research Team] - Benjamin Kunz Mejri (b...@evolution-sec.com) [www.vulnerability-lab.com] Disclaimer & Information: = The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties, either expressed or implied,

[FD] Paypal Inc Bug Bounty #30 - Filter Bypass & Persistent Vulnerabilities

======== The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties, either expressed or implied, including the warranties of merchantability and capability for a particular purpose. Vulnerability-Lab or its suppliers are

[FD] PayPal Inc Bug Bounty #53 - Multiple Persistent Vulnerabilities

issue. Security Risk: == The security risk of the persistent input validation vulnerabilities and filter bypass method are estimated as medium. (CVSS 4.3) Credits & Authors: == Vulnerability Laboratory [Research Team] - Benjamin Kunz Mejri (b...@evolution

[FD] PayPal Inc BB #85 MB iOS 4.6 - Auth Bypass Vulnerability

njamin Kunz Mejri (b...@vulnerability-lab.com) Disclaimer & Information: = The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties, either expressed or implied, including the warranties of mercha

[FD] PayPal Inc BB #98 MOS - Persistent Settings Vulnerability

Vulnerability Laboratory [Research Team] - Benjamin Kunz Mejri (b...@vulnerability-lab.com) [www.vulnerability-lab.com] Disclaimer & Information: = The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warra

[FD] Indeed Job Search 2.5 iOS API - Multiple Vulnerabilities

tion-sec.com) [www.vulnerability-lab.com] Disclaimer & Information: = The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties, either expressed or implied, including the warranties of merchantabil

[FD] Paypal Inc MultiOrderShipping API - Filter Bypass & Persistent XML Vulnerability

. Credits & Authors: == Vulnerability Laboratory [Research Team] - Ateeq ur Rehman Khan (at...@evolution-sec.com) [www.vulnerability-lab.com] Disclaimer & Information: = The information provided in this advisory is provided as it is without any

[FD] Files Document & PDF 2.0.2 iOS - Multiple Vulnerabilities

1.3 The security risk of the local command inject web vulnerability in the devicename value is etimated as medium. Credits & Authors: == Vulnerability Laboratory [Research Team] - Benjamin Kunz Mejri (b...@evolution-sec.com) [www.vulnerability-lab.com] Disclaimer & Information

[FD] FileBug v1.5.1 iOS - Path Traversal Web Vulnerability

ri (b...@evolution-sec.com) [www.vulnerability-lab.com] Disclaimer & Information: = The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties, either expressed or implied, including the warranties

[FD] iFunBox Free v1.1 iOS - File Include Vulnerability

lnerability-lab.com] Disclaimer & Information: = The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties, either expressed or implied, including the warranties of merchantability and capability for a par

[FD] File Manager v4.2.10 iOS - Code Execution Vulnerability

enjamin Kunz Mejri (b...@evolution-sec.com) [www.vulnerability-lab.com] Disclaimer & Information: = The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties, either expressed or implied, including the war

[FD] Dell SonicWall GMS v7.2.x - Persistent Web Vulnerability

input values in the message body context Filter and restrict context of send mails through the application and the web-server of the sonicwall gms appliance. The issue has already been patched by the dell security team in cooperation with the vulnerability-lab during the year 2014. Security

[FD] File Manager v4.2.10 iOS - Code Execution Vulnerability

enjamin Kunz Mejri (b...@evolution-sec.com) [www.vulnerability-lab.com] Disclaimer & Information: = The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties, either expressed or implied, including the war

[FD] iFileExplorer v6.51 iOS - File Include Web Vulnerability

redits & Authors: == Vulnerability Laboratory [Research Team] - Katharin S. L. (CH) (resea...@vulnerability-lab.com) [www.vulnerability-lab.com] Disclaimer & Information: = The information provided in this advisory is provided as it is without any

[FD] WebDisk+ v2.1 iOS - Code Execution Vulnerability

Credits & Authors: == Vulnerability Laboratory [Research Team] - Benjamin Kunz Mejri (b...@evolution-sec.com) [www.vulnerability-lab.com] Disclaimer & Information: = The information provided in this advisory is provided as it is without any warranty.

[FD] Apple iOS v8.0.2 - Silent Contact Denial of Service Vulnerability

Risk: == The security risk of the local denial of service vulnerability thats exploitable through the favorite message app is estimated as low. Credits & Authors: == Vulnerability Laboratory [Research Team] - Benjamin Kunz Mejri (b...@evolution-sec.com) [www.vuln

[FD] Folder Plus v2.5.1 iOS - Persistent Item Vulnerability

is advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties, either expressed or implied, including the warranties of merchantability and capability for a particular purpose. Vulnerability-Lab or its suppliers are not liable in any case of damage, including direct,

[FD] Google Youtube - Filter Bypass & Persistent Vulnerability [9-5942000004564] (PoC Video Demonstration)

Credits & Authors: == Jasminder Pal Singh - @singh_jasminder [http://jasminderpalsingh.info] Disclaimer & Information: = The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties, ei

[FD] SeasonApps iTransfer 1.1 - Persistent UI Vulnerability

lnerability in the wifi interface is estimated as medium(-). (CVSS 2.5) Credits & Authors: == Vulnerability Laboratory [Research Team] - Benjamin Kunz Mejri (b...@evolution-sec.com) [www.vulnerability-lab.com] Disclaimer & Information: ===== The information provided in thi

[FD] BookFresh - Persistent Clients Invite Vulnerability

Pragma[no-cache] status[200] Vary[Accept-Encoding,User-Agent] Content-Encoding[gzip] Reference(s): https://www.bookfresh.com/cindex.php https://www.bookfresh.com/cindex.php/backbone_api/clients/ https://www.bookfresh.com/cindex.php/backbone_api/clients/find?query=&

[FD] PayPal Inc BugBounty #107 MultiOrder Shipping (API) - Persistent History Vulnerability

er&victim). Credits & Authors: == Vulnerability Laboratory [Research Team] - Ateeq ur Rehman Khan (at...@evolution-sec.com) [www.vulnerability-lab.com] Disclaimer & Information: ===== The information provided in this advisory is provided a

[FD] PayPal Inc Bug Bounty #88 - Filter Bypass & Arbitrary Code Execution Vulnerability

ise because of attackers are able to access unauthorized server local files. Credits & Authors: == Vulnerability Laboratory [Research Team] -Benjamin Kunz Mejri (b...@vulnerability-lab.com) Disclaimer & Information: ========= The information provided in this advisory is

[FD] Supr Shopsystem - Persistent UI Vulnerability

=== The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties, either expressed or implied, including the warranties of merchantability and capability for a particular purpose. Vulnerability-Lab or its suppliers are not liable

[FD] NASA Orion - Bypass, Persistent Issue & Embed Code Execution Vulnerability

a boarding pass application is estimated as high. (CVSS 6.0) Credits & Authors: == Vulnerability Laboratory [Research Team] - Benjamin Kunz Mejri (b...@evolution-sec.com) [www.vulnerability-lab.com] Disclaimer & Information: = The information provided in thi

[FD] iUSB v1.2 iOS - Arbitrary Code Execution Vulnerability

Mejri (b...@evolution-sec.com) [www.vulnerability-lab.com] Disclaimer & Information: = The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties, either expressed or implied, including the warranties

[FD] iWifi for Chat v1.1 iOS - Denial of Service Vulnerability

ww.vulnerability-lab.com] Disclaimer & Information: = The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties, either expressed or implied, including the warranties of merchantability and capability for a pa

[FD] Fuzzylime v3.03b CMS - CS Cross Scripting Vulnerability

com) [www.vulnerability-lab.com] Disclaimer & Information: ========= The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties, either expressed or implied, including the warranties of merchantability and capab

[FD] Elefant CMS v1.3.9 - Persistent Name Update Vulnerability

lity Laboratory [Research Team] - Benjamin Kunz Mejri (b...@evolution-sec.com) [www.vulnerability-lab.com] Disclaimer & Information: = The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties, either expre

[FD] Konakart v7.3.0.1 CMS - CS Cross Site Web Vulnerability

Kunz Mejri (b...@evolution-sec.com) [www.vulnerability-lab.com] Disclaimer & Information: = The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties, either expressed or implied, including the warranties

[FD] RelateIQ Bug Bounty #1 - Persistent Signup Vulnerability

e relateiq web-application is estimated as medium (cvss 3.4) Credits & Authors: == Vulnerability Laboratory [Research Team] - Benjamin Kunz Mejri (b...@evolution-sec.com) [www.vulnerability-lab.com] Disclaimer & Information: = The information provided in

[FD] Bird Feeder v1.2.3 WP Plugin - CSRF & XSS Vulnerability

inkedin.com/in/manideepk] Disclaimer & Information: = The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties, either expressed or implied, including the warranties of merchantability and capabilit

[FD] Morfy CMS v1.05 - Command Execution Vulnerability

ode and parse the vulnerable site_url in the add input field of the installation module (install.php). Restrict the input fields and disallow special chars to prevent system specific command executions. Security Risk: == The security risk of the remote command execution vulnerab

[FD] Jease CMS v2.11 - Persistent UI Web Vulnerability

= Manideep K. - Information Security Researcher [https://in.linkedin.com/in/manideepk] Disclaimer & Information: = The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties, either expressed o

[FD] iTwitter v0.04 WP Plugin - XSS & CSRF Web Vulnerability

nformation Security Researcher [https://in.linkedin.com/in/manideepk] Disclaimer & Information: = The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties, either expressed or implied, including the warranti

[FD] E-Journal CMS (ID) - Multiple Web Vulnerabilities

= X-Cisadane - Stefanus (steevee@gmail.com) Greetz to: X-Code YogyaFree, Explore Crew, CodeNesia, Bogor Hackers Community, Tomi Zaoldyeck and Winda Utari Disclaimer & Information: ========= The information provided in this advisory is provided as it is without any warr

[FD] Facebook Bug Bounty #16 (Studio) - Persistent Vulnerability

= The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties, either expressed or implied, including the warranties of merchantability and capability for a particular purpose. Vulnerability-Lab or its suppliers are not liable in any ca

[FD] Apple iOS v8.x - Message Context & Privacy Vulnerability

ion provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties, either expressed or implied, including the warranties of merchantability and capability for a particular purpose. Vulnerability-Lab or its suppliers are not liable in any case of da

[FD] iBackup v10.0.0.45 - Privilege Escalation Vulnerability

isclaimer & Information: = The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties, either expressed or implied, including the warranties of merchantability and capability for a particular purpose. Vulner

[FD] Mobilis 3g MobiConnect 3G++ ZDServer v1.0.1.2 - Privilege Escalation Vulnerability

servés. C:\Windows\system32>whoami whoami autorite nt\système C:\Windows\system32> Security Risk: == The security risk of the local privilege escalation vulnerability in the software is estimated as high. (CVSS 6.4) Credits & Authors: == Hadji Samir s...@hotm

[FD] Facebook BB #18 - IDOR Issue & Privacy Vulnerability

er & Information: = The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties, either expressed or implied, including the warranties of merchantability and capability for a particular purpose. Vuln

[FD] Facebook Bug Bounty #17 - Migrate Privacy Vulnerability

network is estimated as medium. (CVSS 4.9) Credits & Authors: == Paulos Yibelo (paulosyibelo.com) Disclaimer & Information: = The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warran

[FD] Mobilis MobiConnect 3G ZDServer 1.x - Privilege Escalation Vulnerability

ws\system32>whoami whoami autorite nt\système C:\Windows\system32> Security Risk: == The security risk of the local privilege escalation vulnerability in the software is estimated as high. (CVSS 6.4) Credits & Authors: == Hadji Samir s...@hotmail.fr Di

[FD] ZTE Ucell 3G Modem App - Privilege Escalation Vulnerability

...@hotmail.fr Disclaimer & Information: = The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties, either expressed or implied, including the warranties of merchantability and capability for a particular pu

[FD] Pimcore v3.0 & v2.3.0 CMS - SQL Injection Vulnerability

urity risk of the sql injection web vulnerability in the pimcore content management system is estimated as high. (CVSS 6.4) Credits & Authors: == Vulnerability Laboratory [Research Team] - Benjamin Kunz Mejri (b...@evolution-sec.com) [www.vulnerability-lab.com] Disclaimer & Inf

[FD] PHPLIST v3.0.6 & v3.0.10 - SQL Injection Vulnerability

Vulnerability Laboratory [Research Team] - Benjamin Kunz Mejri (b...@evolution-sec.com) [www.vulnerability-lab.com] Disclaimer & Information: = The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all

[FD] Lazarus Guestbook v1.22 - Multiple Web Vulnerabilities

t.blogspot.com] Disclaimer & Information: = The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties, either expressed or implied, including the warranties of merchantability and capability for a

[FD] Wickr Desktop v2.2.1 Windows - Denial of Service Vulnerability

@evolution-sec.com) [www.vulnerability-lab.com] Disclaimer & Information: = The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties, either expressed or implied, including the warranties of merchantabil

[FD] Wickr Desktop v2.2.1 Windows - Denial of Service Vulnerability

@evolution-sec.com) [www.vulnerability-lab.com] Disclaimer & Information: = The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties, either expressed or implied, including the warranties of merchantabil

[FD] Wickr Desktop v2.2.1 Windows - Denial of Service Vulnerability

ability Laboratory [Research Team] - Benjamin Kunz Mejri (b...@evolution-sec.com) [www.vulnerability-lab.com] Disclaimer & Information: = The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties

[FD] ZTE Datacard MF19 0V1.0.0B PCW - Multiple Vulnerabilities

erability, dos issue and ddl injection bug in the software are estimated as high. (CVSS 6.0) Credits & Authors: == Hadji Samir s...@hotmail.fr Disclaimer & Information: ===== The information provided in this advisory is provided as it is withou

[FD] Heroku API Bug Bounty #1 - Persistent Invitation Vulnerability

`Invite to collaborate` and `Invite to heroku` mail context to prevent persistent script code execution, hijacking attacks or phishing attempts. Security Risk: == The security risk of the persistent mail encoding web vulnerability in the notification service (api) is estimated as medium. (C

[FD] ZTE Datacard PCW(Telecom MF180) - Multiple Software Vulnerabilities

vulnerability in the xml configuration file of the software is estimated as medium. (CVSS 2.2) Credits & Authors: == Hadji Samir s...@hotmail.fr Disclaimer & Information: = The information provided in this advisory is provided as it is without any

[FD] Heroku API Deep Dive Bug Bounty #3 - Persistent UI Vulnerability

w.vulnerability-lab.com] Disclaimer & Information: = The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties, either expressed or implied, including the warranties of merchantability and capability for a

[FD] Blitz CMS Community - SQL Injection Web Vulnerability

emote sql injection web vulnerability in the community post file is estimated as critical. (CVSS 8.3) Credits & Authors: == IranGuard Security Team - P0!s0nC0d3 Disclaimer & Information: = The information provided in this advisory is provided as i

[FD] Foxit MobilePDF v4.4.0 iOS - Multiple Web Vulnerabilities

=== Vulnerability Laboratory [Research Team] - Benjamin Kunz Mejri (b...@evolution-sec.com) [www.vulnerability-lab.com] Disclaimer & Information: = The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab di

[FD] Sitefinity Enterprise v7.2.53 - Persistent UI Vulnerability

80/Sitefinity/ http://site16408192010623.srv03.sandbox.localhost:8080/Sitefinity/Administration/ http://site16408192010623.srv03.sandbox.localhost:8080/Sitefinity/Services/Content/DocumentLibraryService.svc http://site16408192010623.srv03.sandbox.localhost:8080/Sitefinity/Services/Content/DocumentLibraryService.svc/000

[FD] ZTE Datacard PCW(Telecom MF180) - Multiple Vulnerabilities

al of service vulnerability in the xml configuration file of the software is estimated as medium. (CVSS 2.2) Credits & Authors: == Hadji Samir s...@hotmail.fr Disclaimer & Information: = The information provided in this advisory is provided as it is w

<    1   2   3   4   5   6   7   8   9   >