VULNERABILITY LAB - SECURITY VULNERABILITY RESEARCH LABORATORY

Account [Registration] Role [Anonymous] Researcher: 1281 Advisories: 953 Documents: 34 Videos: 194 Date: 24.08.2017 TZ: 06:44

[ Home ] [ Mobile ] [ Vendor ] [ Web-Application ] [ Remote ] [ Local ] [ Websites ] [ Documents ] [ Videos ] [ Search ] [ FAQ ]

[ Web Application Vulnerabilities ]
D Date R Advisory Name VS Type Views Author
D 2017-08-18

WpJobBoard v4.5.1 - Multiple Cross Site Web Vulnerabilities 3.6 Remote 1257 Benjamin K.M.
D 2017-07-06

e107 v2 Bootstrap CMS - CSRF Web Vulnerability 3.2 Remote 3102 NirmalThapa
D 2017-07-03

e107 v2 Bootstrap CMS - Cross Site Scripting Vulnerability 3.3 Remote 3173 NirmalThapa
D 2017-06-09

Zenbership 1.0.8 CMS - Multiple SQL Injection Vulnerabilities 5.3 Remote 5347 N/A - Anonymous
D 2017-06-08

Composr CMS v10.0.0 - Cross Site Scripting Vulnerability 3.3 Remote 4955 Benjamin K.M.
D 2017-06-07

Evolution Script CMS v5.3 - Cross Site Scripting Vulnerability 3.3 Remote 4982 Benjamin K.M.
D 2017-06-06

Xavier v2.4 PHP MP - SQL Injection Web Vulnerabilities 5.3 Remote 5391 Benjamin K.M.
D 2017-05-29

Perch v3.0.3 CMS - Multiple Web Vulnerabilities 3.8 Remote 4563 S.AbenMassaoud
D 2017-05-23

Wordpress Contentive Theme - Cross Site Web Vulnerability 3.2 Remote 4193 ZwX
D 2017-05-21

Simple ASC CMS v1.2 - (Guestbook) Persistent Vulnerability 3.8 Remote 4112 Benjamin K.M.
D 2017-05-16

WP Newsletter Supsystic 1.1.7 - Cross Site Vulnerability 3.2 Remote 4415 King Coder
D 2017-05-15

Wordpress EELV Newsletter v4.5 - Multiple Vulnerabilities 3.3 Remote 4547 King Coder
Note: The web-application vulnerabilities section impact only web vulnerabilities in web-applications products or services.

[ Vendor Vulnerabilities ]
D Date R Advisory Name VS Type Views Author
D 2017-06-21

PayPal Inc BB #149 - (Gift) Insufficient Authentication 4.2 Remote 4379 Chamli
D 2017-02-09

Telekom Cloud SSO - Multiple Persistent XSS Vulnerabilities 4.3 Remote 5861 Benjamin K.M.
D 2017-01-16

Apple iOS (Notify iTunes) - Bypass & Persistent Vulnerability 4.4 Remote 7771 Benjamin K.M.
D 2017-01-11

Salesforce (Event Registration) - Persistent Vulnerability 3.8 Remote 6352 Benjamin K.M.
D 2017-01-09

Bit Defender #39 - Auth Token Bypass Vulnerability 5.9 Remote 17461 Lawrence Amer
D 2016-11-14

Adobe Marketing Cloud - Bypass & Persistent Vulnerability 3.5 Remote 6413 Benjamin K.M.
D 2016-11-09

Adobe Connect & Desktop v9.5.6 - Persistent Vulnerability 4.3 Remote 13731 Benjamin K.M.
D 2016-11-04

Edusson (Robotdon) BB - Client Side Cross Site Vulnerability 3.4 Remote 8883 Benjamin K.M.
D 2016-11-03

Edusson (Robotdon) BB - Bypass & Persistent Vulnerability 4.3 Remote 8737 Benjamin K.M.
D 2016-10-10

Facebook API v2.1 - RFC6749 Open Redirect Vulnerability 3.2 Remote 9158 S.AbenMassaoud
D 2016-10-04

Cyberoam iview UTM v0.1.2.7 - (Ajax) XSS Web Vulnerability 3.3 Remote 11826 Lawrence Amer
D 2016-08-22

Edmodo BB#1 - Persistent Input Validation Vulnerability 3.3 Remote 8175 S.AbenMassaoud
Note: The vendor vulnerabilities section impact vulnerabilities in well-known or famous manufacturer products.

[ Remote Vulnerabilities ]
D Date R Advisory Name VS Type Views Author
D 2017-01-12

Huawei Flybox B660 - (POST SMS) CSRF Web Vulnerability 4.4 Remote 7534 S.AbenMassaoud
D 2017-01-10

Huawei Flybox B660 - (POST Reboot) CSRF Vulnerability 4.4 Remote 6786 S.AbenMassaoud
D 2016-11-28

Tenda, Dlink & Tplink TD-W8961ND - DHCP XSS Vulnerability 3.5 Remote 8015 Lawrence Amer
D 2016-11-18

Huawei Flybox B660 Router - Auth Bypass Vulnerability 7.4 Remote 7399 S.AbenMassaoud
D 2016-07-06

Teampass 2.1.26 - Authenticated File Upload Vulnerability 7.2 Remote 10060 Peter Kok
D 2016-07-05

Teampass v2.1.26 - Privilege Escalate Vulnerability 5.6 Remote 9217 Peter Kok
D 2016-05-18

Teampass v2.1.25 - Unauthenticated Access Vulnerability 6.8 Remote 11507 Peter Kok
D 2016-05-17

Teampass v2.1.25 - Arbitrary File Download Vulnerability 8.1 Remote 12481 Peter Kok
D 2016-03-07

Yahoo Bug Bounty #37 - Sender Spoofing Vulnerability 3 Remote 14639 Lawrence Amer
D 2016-02-10

Apache Sling Framework v2.3.6 - Information Disclosure 6.4 Remote 28908 Ateeq Khan
D 2016-02-03

Compal ConnectBox - Wireless Passphrase Filter Bypass 5.8 Remote 17057 Marco Onorati
D 2015-11-23

Vbulletin 5.x - Remote Code Execution Exploit (PL) 8.3 Remote 22842 Reza Espargham
Note: The remote vulnerabilities section impact only remote exploitable vulnerabilities in software products or services.

[ Local Vulnerabilities ]
D Date R Advisory Name VS Type Views Author
D 2017-08-14

Apple iOS 10.3 - UI SMS Access Permission Vulnerability 4.5 Local 1473 Benjamin K.M.
D 2017-06-26

Microsoft Skype v7.3.6 - Stack Buffer Overflow Vulnerability 7.2 Remote 21700 Benjamin K.M.
D 2017-05-22

HTTrack v3.x - Stack Buffer Overflow Vulnerability 6.1 Local 4491 Hosein Askari
D 2017-05-09

MikroTik RouterBoard v6.38.5 - Denial of Service 3.8 Remote 5372 Hosein Askari
D 2017-05-04

Mozilla Firefox v52.02 - (Stack Overflow) DoS Vulnerability 3 Local 5209 S.AbenMassaoud
D 2017-05-03

Hola VPN v1.34 - Privilege Escalation Vulnerability 3.2 Local 5231 S.AbenMassaoud
D 2017-04-27

Icecream v4.53 & Pro - File Permission Privilege Escalation 4.1 Local 4259 S.AbenMassaoud
D 2017-03-29

Sync Breeze v9.5.16 - Buffer Overflow Vulnerabilities 5.2 Local 5653 S.AbenMassaoud
D 2017-01-30

PDFMate PDF Converter Pro 1.7.5.0 - Buffer Overflow 5.9 Local 6047 Benjamin K.M.
D 2017-01-09

Boxoft Wav v1.1.0.0 - Buffer Overflow Vulnerability 5.8 Local 5682 S.AbenMassaoud
D 2016-11-17

Apple iOS 10.1 - Multiple Access Permission Vulnerabilities 6.3 Local 9617 Benjamin K.M.
D 2016-11-14

Reason Core Security v1.2.0.1 - Path Privilege Escalation 4 Local 5956 ZwX
Note: The local vulnerabilities section impact only the local exploitable vulnerabilities in software products or services.

[ Mobile Vulnerabilities ]
D Date R Advisory Name VS Type Views Author
D 2017-02-23

Super File Explorer 1.0.1 - Arbitrary File Upload Vulnerability 7 Remote 6949 Benjamin K.M.
D 2017-02-22

Air Transfer 1.2.1 & 1.0.14 - Multiple XSS Web Vulnerabilities 3.2 Remote 5964 Vulnerability-Lab
D 2017-02-21

Lock Photos Album&Videos Safe v4.3 - Directory Traversal 7.8 Remote 5650 Vulnerability-Lab
D 2017-02-20

Album Lock v4.0 iOS - Directory Traversal Vulnerability 7.2 Remote 5166 Vulnerability-Lab
D 2017-01-10

Cobi Tools v1.0.8 iOS - Persistent Web Vulnerability 3.5 Local 6397 Vulnerability-Lab
D 2016-08-01

Zoll ePCR v2.6.4 iOS - Multiple Persistent Vulnerabilities 3.5 Local 8653 Vulnerability-Lab
D 2016-07-27

Zoll Checklist v1.2.2 iOS - Multiple Persistent Vulnerabilities 3.6 Remote 8439 Vulnerability-Lab
D 2016-05-25

Bashi v1.6 iOS - Persistent Mail Encoding Vulnerability 3.4 Local 11431 Vulnerability-Lab
D 2016-05-02

WK UDID v1.0.1 iOS - Command Inject Vulnerability 5.6 Local 25595 Vulnerability-Lab
D 2016-04-25

Notes v4.5 iOS - Arbitrary File Upload Vulnerability 6 Remote 13212 Vulnerability-Lab
D 2016-04-14

C & C++ for OS - Filter Bypass & Persistent Vulnerability 3.5 Remote 12574 Vulnerability-Lab
D 2016-04-05

Perli v2.6 iOS - Filter Bypass & Persistent Vulnerability 3.5 Remote 13198 Vulnerability-Lab
Note: The mobile vulnerabilities section impact vulnerabilities in operating systems, applications, software & hardware.

[ Website Vulnerabilities ]
D Date R Advisory Name VS Type Views Author
D 2017-08-16

Microsoft Resnet - DNS Configuration Web Vulnerability 6.4 Remote 2399 S.AbenMassaoud
D 2017-06-12

123ContactForm - Cross Site Scripting Web Vulnerability 3.3 Remote 4217 ZwX
D 2017-05-23

Lufthansa AG - (Limbo) Open Redirect Web Vulnerability 2.8 Remote 3970 Benjamin K.M.
D 2017-05-03

Stanford University (MBC) - SQL Injection Web Vulnerability 7.1 Remote 4464 Ahsan Tahir
D 2017-01-19

FullContact BB #2 - CSV Excel Macro Injection Vulnerability 3.7 Remote 7179 S.AbenMassaoud
D 2016-12-14

Microsoft (MEPN EDU) - Client Side Cross Site Vulnerability 3 Remote 6171 MOHDAQEELAHMED
D 2016-08-30

Kaspersky Company Account - FileManager Vulnerability 3.5 Remote 8482 Lawrence Amer
D 2016-08-29

Kaspersky Company Account - Response XSS Vulnerability 3.5 Remote 8264 Lawrence Amer
D 2016-07-07

BMW ConnectedDrive - (Update) VIN Session Vulnerability 6 Remote 30149 Benjamin K.M.
D 2016-07-06

BMW - (Token) Client Side Cross Site Scripting Vulnerability 3.6 Remote 24786 Benjamin K.M.
D 2016-05-25

AVAST (Shop) #18 - Multiple Client Side XSS Vulnerabilities 3.3 Remote 21443 Karim Rahal
D 2016-05-24

AVAST (Business) #17 - Persistent Web Vulnerability 3.7 Remote 21117 Karim Rahal
Note: The website vulnerabilities section impact vulnerabilities in website services and well-known service applications.

[ IT-Security Documents ]
D Date R Advisory Name VS Type Views Author
D 2016-09-26

FaceDancer 21 - New Universal Case for PenTests 5.5 Tutorial 6224 Vulnerability-Lab
D 2016-09-24

Sparkasse (Bank) - Service Security Advisory WB021 2016 5.6 Remote 6495 Vulnerability-Lab
D 2015-11-17

Mobile Application Security - Main Issues & Vulnerabilities 3.3 Report 21768 Vulnerability-Lab
D 2015-08-09

Bettercap - New MITM Framework 3.5 Tutorial 24576 Rajivarnan R.
D 2015-01-30

Glibc Ghost Vulnerability (CVE-2015-0235) - How to Secure 6.8 Report 29122 Rajivarnan R.
D 2014-07-29

Wickr Announcement - Bug Bounty Program 2014 R Report 30296 Wickr Security
D 2014-05-12

Vulnerable Workers in Uncertain Times - 4th Conference CFP R Report 34161 ADAPT IT
D 2014-04-09

HeartBleed SSL CVE 20140160 - 10 Steps to Fix in Ubuntu R Report 32293 Vulnerability-Lab
D 2014-03-26

ES746 Support-Bulletin - EMS Vulnerability Resolved 3.5 Bulletins 31553 Vulnerability-Lab
D 2014-03-13

RFP - External Network Vulnerability Assessment & PenTest R Report 31816 Ismail Kaleem
D 2014-01-31

HackInTheBox Quartal Magazine - eZine Issue 10 R Magazin 31807 HITB TEAM
D 2013-05-28

Filter Evasion and Bypass Methods - Pentest Magazine R Report 37384 Vulnerability-Lab
Note: The documents section impact security reports, security analysis, vulnerability analysis or research reportages.

[ IT-Security Videos ]
D Date R Advisory Name VS Type Views Author
D 2017-08-19

PotPlayer 1.7.x - Stack Buffer Overflow Vulnerability 6.3 Local 1280 Sultan Albalawi
D 2017-08-18

RubyMine 2016.1 - CMD Manual Buffer Overflow Exploitation 6.1 Local 1239 Sultan Albalawi
D 2017-08-17

VLC Media Player v2.2.6 Umbrella - DoS Vulnerability 3.3 Remote 1332 Sultan Albalawi
D 2017-08-14

Apple iOS v10.3 - UI SMS Access Permission Vulnerability 4.3 Local 1230 Benjamin K.M.
D 2017-06-26

Microsoft Skype - v7.x Stack Buffer Overflow Vulnerability 7.2 Local 4490 Vulnerability-Lab
D 2017-05-31

Apple iOS 10.3 - MobileData Access Permission Vulnerability 3.8 Local 4397 Vulnerability-Lab
D 2017-05-03

Zomato Bug Bounty - Account Take Over Vulnerability 5.3 Remote 4583 N/A - Anonymous
D 2017-04-27

Apple iOS 10.3 - Control Panel Denial of Service Vulnerability 3.3 Local 6130 Vulnerability-Lab
D 2017-03-29

Sync Breeze v9.5 - Multiple Buffer Overflow Vulnerabilities 5.2 Local 6087 S.AbenMassaoud
D 2017-02-28

Bitdefender - Cross Site Request Forgery Vulnerability 3.2 Remote 6503 Vulnerability-Lab
D 2016-12-01

Apple iOS v10.1.1 - Access Permission via Buffer Overflow 6 Local 26428 Vulnerability-Lab
D 2016-11-18

CryptSetup Ubuntu 16.4 CVE2016-4484 - Privilege Escalate 6.2 Local 6502 Marco Onorati
Note: The security video section demonstrates live hacks, proof of concepts, reproduce videos & exploitation videos.

[ News ] [ Submit ] [ Statistics ] [ Team ] [ Partner ] [ Talks & Workshop ] [ Awards ] [ Customer ] [ Contact ] [ Impressum ]

[Vulnerability Magazine] [August] 7 Critical: 0 High: 3 Medium: 4 Low: 0 Best Researcher: [NirmalThapa] Threat:

© EVOLUTION SECURITY GmbH ™