Horde Groupware Web Mail Edition 5.1.2 - CSRF Vulnerability

#############################

Exploit Title : Multiple CSRF Horde Groupware Web mail Edition

Author:Marcela Benetrix

Date: 10/25/13

version: 5.1.2

software link:http://www.horde.org/apps/webmail

  

#############################

GroupWare Web mail Edition

  

Horde Groupware Webmail Edition is a free, enterprise ready, browser based
communication suite. Users can read, send and organize email messages and
manage and share calendars, contacts, tasks, notes, files, and bookmarks 
with the standards compliant components from the Horde Project

Retire.js - Command line Scanner and Chrome plugin

Retire.js identify JavaScript libraries with known vulnerabilities in your application  

Retire.js is a command line scanner that helps you identify dependencies with known vulnerabilites in your application. Using the provided Grunt plugin you can easily include Retire.js into your build process. Retire.js also provides a chrome extension allowing you to detect libraries while surfing your website. 

To detect a given version of a given component, Retire.js uses filename or URL. If that fails, it will download/open the file and look for specific comments within the file. If that also fails, there is the possibility to use hashes for minified files.

Quick Paypal Payments 3.0 - Presistant XSS (0day)

AFFECTED PRODUCT

================

  

Quick Paypal Payments  Wordpress Plugin Version 3.0 possibly earlier

  

  

VULNERABILITY CLASS

===================

  

Cross-Site Scripting

  

  

DESCRIPTION

===========

  

  

Quick Paypal Payments suffers from a persistent Cross-Site Scripting vulnerability due to a lack

of input validation and output sanitization of the "reference" and "amount" paramaters.

Other input fields are also effective to reflective cross site scripting.

Typo3 - Directory Traversal Vulnerability

EDB-ID: 29355 CVE: N/A OSVDB-ID: N/A
Author: Ali Morshedloo Published: 2013-11-01 Verified: Verified
Exploit Code:   Download Vulnerable App:   N/A

###########################
# Exploit Title : Typo3 File Disclosure
# Exploit Author : Iran Security Team
# Discovered By : Red.Eagle
# Home : WWW.IrSecTeam.org
# Dork1 : inurl:fileadmin/php/commun/download.php
# Dork2 : inurl:fileadmin/scripts/download.php

# Date: 2013 1 November
# Tested on:windows 7
# Software Link: http://typo3.org/
# Contact To Me: https://www.facebook.com/r3d.3agl3
###########################

ImpressPages CMS v3.6 Remote Arbitrary File Deletion Vulnerability

EDB-ID: 29328 CVE: N/A OSVDB-ID: N/A
Author: LiquidWorm Published: 2013-11-01 Verified: Not Verified
Exploit Code:   Download Vulnerable App:   N/A

Vendor: ImpressPages UAB
Product web page: http://www.impresspages.org
Affected version: 3.6

Summary: ImpressPages CMS is an open source web content
management system with revolutionary drag & drop interface.

WordPress Switchblade Themes Arbitrary File Upload Vulnerability

###################################################################################################
#_________            .___        _______                ___.   .__      
#\_   ___ \  ____   __| _/____    \      \   ______  _  _\_ |__ |__| ____
#/    \  \/ /  _ \ / __ |/ __ \   /   |   \_/ __ \ \/ \/ /| __ \|  |/ __ \
#\     \___(  <_> ) /_/ \  ___/  /    |    \  ___/\     / | \_\ \  \  ___/ 
# \______  /\____/\____ |\___  > \____|__  /\___  >\/\_/  |___  /__|\___  >
#        \/            \/    \/          \/     \/            \/        \/
###################################################################################################
# Exploit Title: WordPress Switchblade Themes Arbitrary File Upload Vulnerability
# Author: Byakuya
# Date: 11/01/2013
# Vendor Homepage: http://themeforest.net/
# Themes Link: http://themeforest.net/item/switchblade-powerful-wordpress-theme/761353
# Price: $50
# Affected Version: v1.3
# Infected File: php.php
# Category: webapps/php
# Google dork: inurl:/wp-content/themes/switchblade
# Tested on : Windows/Linux
###################################################################################################

WordPress Curvo Themes - CSRF File Upload Vulnerability

################################################################################ #_________ .___ _______ ___. .__ # #\_ ___ \ ____ __| _/____ \ \ ______ _ _\_ |__ |__| ____ # #/ \ \/ / _ \ / __ |/ __ \ / | \_/ __ \ \/ \/ /| __ \| |/ __ \ # #\ \___( <_> ) /_/ \ ___/ / | \ ___/\ / | \_\ \ \ ___/ # # \______ /\____/\____ |\___ / \____|__ /\___ /\/\_/ |___ /__|\___ / # # \/ \/ \/ \/ \/ \/ \/ # ################################################################################ # Exploit Title: WordPress Curvo Themes CSRF File Upload Vulnerability # Author: Byakuya # Date: 10/26/2013 # Vendor Homepage: http://themeforest.net/ # Themes Link: http://www.wphub.com/themes/curvo-by-themeforest/ # Price: $35 # Affected Version: Unknown # Infected File: upload_handler.php # Category: webapps/php # Google dork: inurl:/wp-content/themes/curvo/ ###################################################################################################

Elite Graphix ElitCMS 1.01 & PRO - Multiple Web Vulnerabilities

EDB-ID: 29034	CVE: N/A	OSVDB-ID: N/A
Author: Vulnerability-Lab	Published: 2013-10-18	Verified:
Exploit Code:	Vulnerable App:   N/A

Document Title:

===============

Elite Graphix ElitCMS 1.01 & PRO - Multiple Web Vulnerabilities

 

 

References (Source):

====================

http://www.vulnerability-lab.com/get_content.php?id=1117

 

 

Release Date:

=============

2013-10-18