CVE-2018-10255

CVE-2018-10255 affects clustercoding Blog Master Pro v1.0 with a CSV Injection flaw that lets a user with low privileges inject commands into exported CSVs, potentially enabling code execution. Exploitation details are provided in PoC/articles (e.g., PoC showing commands like cmd|'/C calc'). Root...

Linux/x86 execve /bin/sh Encoded Shellcode (44 bytes)

/ ; Title : Execve /bin/sh Shellcode encoded with ROT-13 + RShift-2 + XOR ; Date : April, 2018 ; Author : Nuno Freitas ; Blog Post : https://bufferoverflowed.wordpress.com/slae32/slae-32-shellcode-encoder/ ; Twitter : @nunof11 ; SLAE ID : SLAE-1112 ; Size : 44 bytes ; Tested on : i686 GNU/Linux...

Blog Master Pro 1.0 - CSV Injection

Exploit Title: Blog Master Pro v1.0 - CSV Injection Date: 2018-04-23 Exploit Author: 8bitsec CVE: CVE-2018-10255 Vendor Homepage: https://codecanyon.net/ Software Link: https://codecanyon.net/item/blog-master-pro/21689781 Version: 1.0 Tested on: Kali Linux 2.0 | Mac OS 10.13 Release Date:...

buywords.de XSS vulnerability

Open Bug Bounty ID: OBB-606887 Description| Value ---|--- Affected Website:| buywords.de Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

Monstra cms 3.0.4 - Persitent Cross-Site Scripting

Monstra cms 3.0.4 - Persitent Cross-Site Scripting Exploit Title: Monstra cms 3.0.4 - Persitent Cross-Site Scripting Date: 2018-04-14 Exploit Author: Wenming Jiang Vendor Homepage: https://github.com/monstra-cms/monstra Software Link: https://github.com/monstra-cms/monstra Version: 3.0.4 Tested o...

Monstra CMS 3.0.4 Cross Site Scripting

Exploit Title: Monstra cms 3.0.4 - Persitent Cross-Site Scripting Date: 2018-04-14 Exploit Author: Wenming Jiang Vendor Homepage: https://github.com/monstra-cms/monstra Software Link: https://github.com/monstra-cms/monstra Version: 3.0.4 Tested on: php 5.6, apache2.2.29, macos 10.12.6 CVE...

Monstra cms 3.0.4 - Persitent Cross-Site Scripting

Exploit Title: Monstra cms 3.0.4 - Persitent Cross-Site Scripting Date: 2018-04-14 Exploit Author: Wenming Jiang Vendor Homepage: https://github.com/monstra-cms/monstra Software Link: https://github.com/monstra-cms/monstra Version: 3.0.4 Tested on: php 5.6, apache2.2.29, macos 10.12.6 CVE...

Beers with Talos EP27: Smart Install, Vuln Process Realities, and Professional Wrestling

Beers with Talos BWT Podcast Episode 27 is now available. Download this episode and subscribe to Beers with Talos: If iTunes and Google Play aren't your thing: www.talosintelligence.com/podcast EP27 Show Notes: Recorded 4/13/18 - We just upgraded all our gear, so naturally we had a straight tech...

Google Chrome Security Updates (stable-channel-update-for-desktop-2018-04) - Mac OS X

Google Chrome is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:google:chrome"; ifdescription...

Catfish(鲶鱼) Blog V1.3.15存储型 xss

...

CVE-2018-10109

Monstra CMS 3.0.4 has a stored XSS vulnerability when an attacker has access to the editor role, and enters the payload in the content section of a new page in the blog catalog...

CVE-2018-9153

The plugin upload component in Z-BlogPHP 1.5.1 allows remote attackers to execute arbitrary PHP code via the appid parameter to zbusers/plugin/AppCentre/pluginedit.php because of an unanchored regular expression, a different vulnerability than CVE-2018-8893. The component must be accessed directl...

Cross site scripting

Monstra CMS 3.0.4 has a stored XSS vulnerability when an attacker has access to the editor role, and enters the payload in the content section of a new page in the blog catalog...

Sophos Cyberoam UTM CR25iNG - 10.6.3 MR-5 - Direct Object Reference

Exploit Title: Sophos Cyberoam UTM - Privilege Escalation Date: 31/08/2016 Exploit Author: Chintan Gurjar Frogy Vendor Homepage: http://www.sophos.com/ Software Link: https://www.cyberoam.com/downloads/datasheet/CR25iNG.html Version: Cyberoam CR25iNG - 10.6.3 MR-5 CVE : CVE-2016-7786 Category :...

CVE-2018-10109

Monstra CMS 3.0.4 has a stored XSS vulnerability when an attacker has access to the editor role, and enters the payload in the content section of a new page in the blog catalog...

CVE-2018-10109

Monstra CMS 3.0.4 is affected by a stored XSS (CVE-2018-10109). An attacker with the editor role can inject a payload into the content section when creating a new page in the blog catalog; the payload is stored and later rendered, enabling JavaScript execution. Multiple sources corroborate the ed...

blog-poll.com XSS vulnerability

Open Bug Bounty ID: OBB-601227 Description| Value ---|--- Affected Website:| blog-poll.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

CVE-2018-7035

Cross-site scripting XSS vulnerability in Gleez CMS 1.2.0 and 2.0 might allow remote attackers users to inject JavaScript via HTML content in an editor, which will result in Stored XSS when an Administrator tries to edit the same content, as demonstrated by use of the source editor for HTML mode ...

Cross site scripting

Cross-site scripting XSS vulnerability in Gleez CMS 1.2.0 and 2.0 might allow remote attackers users to inject JavaScript via HTML content in an editor, which will result in Stored XSS when an Administrator tries to edit the same content, as demonstrated by use of the source editor for HTML mode ...

CVE-2018-7035

Cross-site scripting XSS vulnerability in Gleez CMS 1.2.0 and 2.0 might allow remote attackers users to inject JavaScript via HTML content in an editor, which will result in Stored XSS when an Administrator tries to edit the same content, as demonstrated by use of the source editor for HTML mode ...