SecPod Research Team member (Deependra Bapna) has found Multiple Stored Cross-site Scripting Vulnerabilities in ClipBucket. The vulnerabilities are due to improper validation of various parameters in various pages. This may allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data. Complete Advisory information can be found here. Advisory in CVRF […]

Read More →

SecPod Research Team member (Thanga Prakash) has found Multiple Cross-site Scripting Vulnerabilities and SQL injection vulnerability in WordPress HTML5 MP3 Player with Playlist plugin. The vulnerability is caused by improper validation of various parameters in various pages. This may allow an attacker to steal cookie-based authentication credentials, inject or manipulate SQL queries in the back-end […]

Read More →

SecPod Research Team member (Thanga Prakash) has found Multiple Reflected Cross-site Scripting Vulnerabilities in ManageEngine Firewall Analyzer. The vulnerability is caused by improper validation of various parameters in various pages. This may allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data. Complete Advisory information can be found here. Advisory […]

Read More →

SecPod Research Team member (Shakeel Bhat) has found Multiple Stored Cross-Site Scripting Vulnerabilities in Dotclear CMS. The vulnerability is caused by improper validation of various parameter in various pages. This may allow an attacker to steal cookie-based authentication¬†credentials, compromise the application, access or modify data. Complete Advisory information can be found here. Advisory in CVRF […]

Read More →

SecPod Research Team member (Shakeel Bhat) has found Multiple Cross-Site Scripting Vulnerability in BarracudaDrive. The vulnerability is caused by improper validation of various parameter in various pages. This may allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data. Complete Advisory information can be found here. Advisory in CVRF format […]

Read More →

SecPod Research Team member (Prabhu S Angadi) has found Multiple Cross-Site Scripting Vulnerability in BarracudaDrive. The vulnerability is caused by improper validation of various parameter in various pages. This may allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data. Complete Advisory information can be found here. Advisory in CVRF […]

Read More →

SecPod Research Team member (Antu Sanadi) has found Persistence Cross-Site Scripting Vulnerability in Advantech WebAccess HMI/SCADA. The vulnerability is caused by improper validation ‘ProjDesc’ parameter in ‘broadWeb/include/gAddNew.asp’ (when tableName=pProject set). This may allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. […]

Read More →

SecPod Research Team member (Antu Sanadi) has found Cross-Site Scripting and SQL Injection Vulnerabilities in NetArt Media Pharmacy System. The vulnerability is caused by improper validation of various parameters in multiple pages. This may allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the […]

Read More →

SecPod Research Team member (Sooraj K.S) has found Cross-Site Scripting Vulnerabilities in Adiscon LogAnalyzer. The vulnerability is caused by improper validation of “highlight” parameter in “index.php”. This may allow an attacker to steal cookie-based authentication credentials or inject arbitrary HTML code and launch further attacks. More information can be found here. CVE Info : CVE-2012-3790 […]

Read More →

SecPod Research Team member (Sooraj K.S) has found Cross-Site Scripting Vulnerabilities in JAMWiki. The vulnerability is caused by improper validation of “num” parameter in “Special:AllPages” pages. This may allow an attacker to steal cookie-based authentication credentials or inject arbitrary HTML code and launch further attacks. More information can be found here. Welcome any feedback or […]

Read More →