Category Archives: Full Disclosure

Full Disclosure

Full Disclosure

Facebook Bug Bounty #16 (Studio) – Persistent Vulnerability

Leave a comment

Posted by Vulnerability Lab on Dec 18

Document Title:
===============
Facebook Bug Bounty #16 (Studio) – Persistent Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1368

Facebook Security ID: 219162244

Release Date:
=============
2014-12-10

Vulnerability Laboratory ID (VL-ID):
====================================
1368

Common Vulnerability Scoring System:
====================================
3.5

Product & Service…

Full Disclosure

E-Journal CMS (ID) – Multiple Web Vulnerabilities

Leave a comment

Posted by Vulnerability Lab on Dec 18

Document Title:
===============
E-Journal CMS (ID) – Multiple Web Vulnerabilities

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1380

Release Date:
=============
2014-12-17

Vulnerability Laboratory ID (VL-ID):
====================================
1380

Common Vulnerability Scoring System:
====================================
7

Product & Service Introduction:
===============================…

Full Disclosure

iTwitter v0.04 WP Plugin – XSS & CSRF Web Vulnerability

Leave a comment

Posted by Vulnerability Lab on Dec 18

Document Title:
===============
iTwitter v0.04 WP Plugin – XSS & CSRF Web Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1375

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9336

CVE-ID:
=======
CVE-2014-9336

Release Date:
=============
2014-12-15

Vulnerability Laboratory ID (VL-ID):
====================================
1375

Common Vulnerability Scoring System:…

Full Disclosure

Jease CMS v2.11 – Persistent UI Web Vulnerability

Leave a comment

Posted by Vulnerability Lab on Dec 17

Document Title:
===============
Jease CMS v2.11 – Persistent UI Web Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1373

Release Date:
=============
2014-12-12

Vulnerability Laboratory ID (VL-ID):
====================================
1373

Common Vulnerability Scoring System:
====================================
3.7

Product & Service Introduction:
===============================…

Full Disclosure

Morfy CMS v1.05 – Command Execution Vulnerability

Leave a comment

Posted by Vulnerability Lab on Dec 17

Document Title:
===============
Morfy CMS v1.05 – Command Execution Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1367

https://github.com/Awilum/monstra-cms/issues/351

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9185

CVE-ID:
=======
CVE-2014-9185

Release Date:
=============
2014-12-10

Vulnerability Laboratory ID (VL-ID):
====================================
1367…

Full Disclosure

Bird Feeder v1.2.3 WP Plugin – CSRF & XSS Vulnerability

Leave a comment

Posted by Vulnerability Lab on Dec 17

Document Title:
===============
Bird Feeder v1.2.3 WP Plugin – CSRF & XSS Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1372

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9334

CVE-ID:
=======
CVE-2014-9334

Release Date:
=============
2014-12-09

Vulnerability Laboratory ID (VL-ID):
====================================
1372

Common Vulnerability Scoring System:…

Full Disclosure

W3TotalFail: W3 Total Cache v 0.9.4 CSRF Vulnerability that Leads to Full Deface

Leave a comment

Posted by Mazin Ahmed on Dec 16

####
# Title: W3TotalFail: W3 Total Cache v 0.9.4 CSRF Vulnerability that Leads to Full Deface
# Author: Mazin Ahmed
##
# Date of Discovering: October 6th, 2014
# Date of Reporting to the Vendor: October 7th, 2014
# Date of Releasing a Patch: December 9th, 2014
##
# Vulnerability Type: Cross-Site Request Forgery (CSRF) – CWE-352
##
# Vendor Homepage: https://www.w3-edge.com/
##
# Affected Version: 0.9.4, previous versions might be vulnerable as…

Full Disclosure

RelateIQ Bug Bounty #1 – Persistent Signup Vulnerability

Leave a comment

Posted by Vulnerability Lab on Dec 16

Document Title:
===============
RelateIQ Bug Bounty #1 – Persistent Signup Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1320

Video: http://www.vulnerability-lab.com/get_content.php?id=1332

Release Date:
=============
2014-12-02

Vulnerability Laboratory ID (VL-ID):
====================================
1320

Common Vulnerability Scoring System:
====================================…

Full Disclosure

Konakart v7.3.0.1 CMS – CS Cross Site Web Vulnerability

Leave a comment

Posted by Vulnerability Lab on Dec 16

Document Title:
===============
Konakart v7.3.0.1 CMS – CS Cross Site Web Vulnerability

References (Source):
====================
http://vulnerability-lab.com/get_content.php?id=1362

Release Date:
=============
2014-12-04

Vulnerability Laboratory ID (VL-ID):
====================================
1362

Common Vulnerability Scoring System:
====================================
2.4

Product & Service Introduction:…