Netis-WF2419 HTML Injection

Exploit Title: Netis-WF2419 HTML Injection Date: 20/12/2017 Exploit Author: Sajibe Kanti Vendor Homepage: http://www.netis-systems.com/ Version: Netis-WF2419 , V2.2.36123 Tested on: Windows 8.1 HTML Injection in Netis-WF2419 Netis-WF2419 is prone to an HTML-injection vulnerability because it fail...

WordPress Itinerary 1.0.0 Cross Site Scripting

Class Input Validation Error Remote Yes Credit Ricardo Sanchez Vulnerable Itinerary 1.0.0 Itinerary is prone to a stored cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary script code in the...

WordPress Share This Image 1.03 Cross Site Scripting

Class Input Validation Error Remote Yes Credit Ricardo Sanchez Vulnerable Share This Image 1.03 Share This Image is prone to a stored cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary script co...

Information disclosure

An Information Disclosure vulnerability in Fortinet FortiClient for Windows 5.6.0 and below versions, FortiClient for Mac OSX 5.6.0 and below versions and FortiClient SSLVPN Client for Linux 4.4.2334 and below versions allows regular users to see each other's VPN authentication credentials due to...

WordPress Pinterest Badge 1.8.0 Cross Site Scripting Vulnerability

Exploit for php platform in category web applications Credit Ricardo Sanchez Vulnerable Pinterest Badge 1.8.0 Pinterest Badge is prone to a stored cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute...

WordPress Wunderbar Basic 1.1.3 Cross Site Scripting

Class Input Validation Error Remote Yes Credit Ricardo Sanchez Vulnerable Wunderbar Basic 1.1.3 Wunderbar Basic is prone to a stored cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary script cod...

WordPress WordApp Mobile 2.0.3 Cross Site Scripting

Title: WordPress WordApp Mobile App Plugin a Convert your WordPress Site to a Mobile App 2.0.3 Cross Site Scripting File: Class Input Validation Error Remote Yes Credit Ricardo Sanchez Vulnerable WordApp Mobile App Plugin a Convert your WordPress Site to a Mobile App 2.0.3 WordApp Mobile App Plug...

WordPress Qiniu Cloudtuchuang 1.8 Cross Site Scripting Vulnerability

Wordpress Qiniu Cloudtuchuang 七牛云图床 plugin version 1.8 is prone to a stored cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. Title: WordPress Qiniu Cloudtuchuang a,caoa3/4ao 1.8 Cross Site Scripting File: Class Input Validation Error Remote Yes Cred...

Authentication flaw

Versions of VASA Provider for Clustered Data ONTAP prior to 7.0P1 contain a web server that accepts plain text authentication. This could allow an unauthenticated attacker to obtain authentication credentials...

CVE-2016-6904

Versions of VASA Provider for Clustered Data ONTAP prior to 7.0P1 contain a web server that accepts plain text authentication. This could allow an unauthenticated attacker to obtain authentication credentials...

CVE-2016-6904

Versions of VASA Provider for Clustered Data ONTAP prior to 7.0P1 contain a web server that accepts plain text authentication. This could allow an unauthenticated attacker to obtain authentication credentials...

WordPress Z-URL Preview 1.6.1 Cross Site Scripting Vulnerability

Exploit for php platform in category web applications Vulnerable Z-URL Preview 1.6.1 Z-URL Preview is prone to a stored cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary script code in the...

WordPress Super Simple Custom CSS 1.2 Cross Site Scripting Vulnerability

WordPress Super Simple Custom CSS plugin version 1.2 suffers from a persistent cross site scripting vulnerability. Vulnerable Super Simple Custom CSS 1.2 Super Simple Custom CSS is prone to a stored cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. A...

WordPress Smart Marketing SMS And Newsletters Forms 1.1.1 XSS Vulnerability

WordPress Smart Marketing SMS and Newsletters Forms plugin version 1.1.1 suffers from a persistent cross site scripting vulnerability. Vulnerable Smart Marketing SMS and Newsletters Forms 1.1.1 Smart Marketing SMS and Newsletters Forms is prone to a stored cross-site scripting vulnerability becau...

WordPress 3rd-Party Inject Results 0.2 Cross Site Scripting

Class Input Validation Error Remote Yes Credit Ricardo Sanchez Vulnerable Forms: 3rd-Party Inject Results 0.2 Forms: 3rd-Party Inject Results is prone to a stored cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue t...

WordPress Breezing Forms 1.2.7.42 Cross Site Scripting Vulnerability

WordPress Breezing Forms plugin version 1.2.7.42 suffers from a cross site scripting vulnerability. Class Input Validation Error Remote Yes Credit Ricardo Sanchez Vulnerable Breezing Forms Plugin 1.2.7.42 Breezing Forms Plugin is prone to a stored cross-site scripting vulnerability because it fai...

CVE-2017-14111

The workstation logging function in Philips IntelliSpace Cardiovascular ISCV 2.3.0 and earlier and Xcelera R4.1L1 and earlier records domain authentication credentials, which if accessed allows an attacker to use credentials to access the application, or other user entitlements...

WordPress AMP Toolbox 1.9.4 Cross Site Scripting Vulnerability

Exploit for php platform in category web applications Credit Ricardo Sanchez Vulnerable AMP Toolbox Plugin 1.9.4 AMP Toolbox Plugin is prone to a stored cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute...

WordPress Cartogiraffe Map 1.0 Cross Site Scripting

Class Input Validation Error Remote Yes Credit Ricardo Sanchez Vulnerable Cartogiraffe Map Plugin 1.0 Cartogiraffe Map Plugin is prone to a stored cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute...

Joomla LDAP Information Disclosure (CVE-2017-14596)

A LADP information disclosure vulnerability exists in Joomla!. Successful exploitation of this vulnerability allows an unprivileged remote attacker to extract all authentication credentials of the effected system...