dsmall cross-site scripting vulnerability (CNVD-2018-07558)

dsmall is a multi-user platform-level online shopping mall system. A cross-site scripting vulnerability exists in dsmall version 20180320. A remote attacker can inject arbitrary HTML/JavaScript code to obtain sensitive information via the member query box in the...

CVE-2018-9015

dsmall v20180320 allows XSS via the public/index.php/home/predeposit/index.html pdrsn parameter aka the CMS search box...

CVE-2018-9017

dsmall v20180320 allows XSS via the member search box at the public/index.php/home/membersnsfriend/findlist.html URI...

CVE-2018-9017

dsmall v20180320 allows XSS via the member search box at the public/index.php/home/membersnsfriend/findlist.html URI...

CVE-2018-9015

dsmall v20180320 allows XSS via the public/index.php/home/predeposit/index.html pdrsn parameter aka the CMS search box...

Code injection

dsmall v20180320 allows XSS via the member search box at the public/index.php/home/membersnsfriend/findlist.html URI...

CVE-2018-9015

dsmall v20180320 allows XSS via the public/index.php/home/predeposit/index.html pdrsn parameter aka the CMS search box...

CVE-2018-9015

CVE-2018-9015 affects dsmall v20180320, with a cross-site scripting (XSS) vulnerability exploitable via the public/index.php/home/predeposit/index.html page’s pdr_sn parameter (the CMS search box). The issue stems from unsanitized input in the pdr_sn field, enabling injection of arbitrary web scr...

CVE-2018-9017

CVE-2018-9017 affects dsmall v20180320 with a cross-site scripting (XSS) vulnerability可 in the public/index.php/home/membersnsfriend/findlist.html page via the member search box. CNVD/CNVD-2018-07558 describe a remote attacker injecting HTML/JavaScript to obtain sensitive information. The provide...

CVE-2018-8957

CVE-2018-8957 affects CoverCMS v1.1.6. The vulnerability is a Cross-Site Scripting (XSS) flaw exploitable via the fourth input box on index.php, linked to admina/mconfigs.inc.php. The affected component is the input handling on the administrative config interface; root cause is improper input san...

GreyKey iPhone Unlocker

Some details about the iPhone unlocker from the US company Greyshift, with photos. Little is known about Grayshift or its sales model at this point. We don't know whether sales are limited to US law enforcement, or if it is also selling in other parts of the world. Regardless of that, it's highly...

WPSeku v0.4 - Wordpress Security Scanner

WPSeku is a black box WordPress vulnerability scanner that can be used to scan remote WordPress installations to find security issues. Installation $ git clone https://github.com/m4ll0k/WPSeku.git wpseku $ cd wpseku $ pip3 install -r requirements.txt $ python3 wpseku.py Usage Generic Scan python3...

CVE-2017-8176

Huawei IPTV STB with earlier than IPTV STB V100R003C01LMYTa6SPC001 versions has an authentication bypass vulnerability. An attacker could exploit this vulnerability to access the serial interface and modify the configuration. Successful exploit could lead to the authentication bypass and view...

Mobile's customized "Magic Box" smart set-top box has smart hardware vulnerabilities

Smart Set Top Box is a set top box product from ZTE Corporation. A smart hardware vulnerability exists in the mobile customized "Magic Box" smart set-top box. An attacker can use the vulnerability to communicate with the device using a ttl line, log in to the operating system without password...

CredsLeaker - Tool to Display A Powershell Credentials Box

This script will display a powershell credentials box that will ask the user for his credentials. The box cannot be closed only by killing the process will keeps checking the credentials against the DC. When validated, it will close and leak it to a web server outside. How To: 1. Start a web...

telugu.filmibeat.com XSS vulnerability

Open Bug Bounty ID: OBB-578389 Description| Value ---|--- Affected Website:| telugu.filmibeat.com Open Bug Bounty Program:| Not created yet Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N...

CVE-2018-7996

Eramba e1.0.6.033 has Stored XSS on the tooltip box via the /programScopes description parameter...

Application Security Testing — The Wallarm Approach

Testing the security of the corporate applications is a part of every-day life for Ops and DevOps professionals. Larger companies have whole teams dedicated to independent security testing, called Red Teams. These folks use various tools at their disposal to discover the flaws in both application...

Shopify: myshopify.com domain takeover

Hello Shopify Security Team, I just received your email and I'm sorry for any inconvenience. Yes, it was me. Basically, I just tried to audit your website using some black box testing. Unfortunately, I didn't read about those guidelines, such as creating a store on https://partners.shopify.com/ a...

WAScan - Web Application Scanner

WAScan Web Application Scanner is a Open Source web application security scanner. It is designed to find various vulnerabilities using "black-box" method, that means it won't study the source code of web applications but will work like a fuzzer, scanning the pages of the deployed web application,...