Samsung SyncThruWeb suffers from an SMB hash disclosure vulnerability.
Monthly Archives: August 2015
KnowledgeTree OSS 3.0.3b Reflected XSS (Cross-site Scripting) Web Application 0-Day Security Bug
Posted by Jing Wang on Aug 30
*KnowledgeTree OSS 3.0.3b Reflected XSS (Cross-site Scripting) Web
Application 0-Day Security Bug*
Exploit Title: KnowledgeTree login.php &errorMessage parameter Reflected
XSS Web Security Vulnerability
Product: Knowledge Tree Document Management System
Vendor: Knowledge Inc
Vulnerable Versions: OSS 3.0.3b
Tested Version: OSS 3.0.3b
Advisory Publication: August 22, 2015
Latest Update: August 31, 2015
Vulnerability Type: Cross-Site Scripting…
Winmail Server 4.2 Reflected XSS (Cross-site Scripting) Web Application 0-Day Security Bug
Posted by Jing Wang on Aug 30
*Winmail Server 4.2 Reflected XSS (Cross-site Scripting) Web Application
0-Day Security Bug*
Exploit Title: Winmail Server badlogin.php &lid parameter Reflected XSS Web
Security Vulnerability
Product: Winmail Server
Vendor: Winmail Server
Vulnerable Versions: 4.2 4.1
Tested Version: 4.2 4.1
Advisory Publication: August 24, 2015
Latest Update: August 30, 2015
Vulnerability Type: Cross-Site Scripting [CWE-79]
CVE Reference:
Impact CVSS…
Edimax PS-1206MF Authentication Bypass
Edimax PS-1206MF suffers from a web admin authentication bypass vulnerability.
Microsoft Office 2007 msxml5.dll Crash Proof Of Concept
Microsoft Office 2007 msxml5.dll crash proof of concept exploit.
Joomla GoogleSearch (CSE) 3.0.2 Cross Site Scripting
Joomla GoogleSearch (CSE) component version 3.0.2 suffers from a cross site scripting vulnerability.
Boxoft WAV To MP3 Converter Buffer Overflow
Boxoft WAV to MP3 Converter SEH bypass buffer overflow exploit.
WordPress Testimonial Slider 1.2.1 Cross Site Scripting
WordPress Testimonial Slider plugin version 1.2.1 suffers from a stored cross site scripting vulnerability.
DSA-3346 drupal7 – security update
Several vulnerabilities were discovered in Drupal, a content management
framework:
Winmail Server 4.2 Cross Site Scripting
Winmail Server version 4.2 suffers from a cross site scripting vulnerability.