Axil CMS 3.0 Cross Site Scripting

Exploit Title : Axil CMS 3.0 Cross Site Scripting Exploit Author : Persian Hack Team Vendor Homepage : http://www.axilcreations.com/ Date: 2016/03/31 Version : 3.0 PoC: Search Box Vulnerable To XSS Payload = "Hacked By D: Demo : http://www.excelsior.edu.np/ http://jmeremit.com.np/ http://nrnil.co...

Shopify: xss in the all widgets of shopifyapps.com

i found xss in all widgets.shopifyapps.com/ google dork:site:widgets.shopifyapps.com the parameter "padding" is vulnerable,xss payload - %0ax:expressionalert1%0a xss does work in inetrnet explorer browsers for ie10,ie11 in compatibility mode , for ie5,ie6,ie7 for ie8,ie9 javascript is disabled, t...

Black Box AlertWerks ServSensor Credential Management Vulnerability

OVERVIEW Independent researcher Lee Ryman has identified a credential management vulnerability in Black Box’s AlertWerks ServSensor devices. ICS-CERT and CERT Australia have coordinated with Black Box that has produced a new firmware version to mitigate this vulnerability. Lee Ryman has tested th...

webSPELL SQL Injection Vulnerability

webSPELL is a WEB-based content management program. A SQL injection vulnerability exists in webSPELL. Input passed to the "/cashbox.php" script via the "payid" HTTP POST parameter is not sufficiently filtered, allowing an attacker to query the application's database and execute arbitrary SQL...

Unspecified vulnerability in Mozilla Firefox protocol-handler dialog box

Mozilla Firefox is an open source web browser developed by the Mozilla Foundation in the United States. A security vulnerability exists in the protocol-handler dialog box in Mozilla Firefox versions prior to 44.0. The vulnerability can be exploited by remote attackers to conduct clickjacking...

the-open-box.com XSS vulnerability

Open Bug Bounty ID: OBB-129715 Description| Value ---|--- Affected Website:| the-open-box.com Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Remediation Guide:| OWASP XSS Prevention Cheat...

jspxcms admin backend login page cross-site scripting vulnerability

jspxcms is an open source, Java-based content management system CMS. A cross-site scripting vulnerability exists in the administration backend login page of jspxcms version v5.2.4, due to analyzing the search box on the front page of Jspxcms for user inputs that are not input filtered. This...

OpenSSH CVE-2 0 1 6-0 7 7 7 private key to steal technical analysis-vulnerability warning-the black bar safety net

Remembered used to write a lot of advertising procedures, estimation also not many people see. Then see“days eye APT the Team”and“3 6 0 security suit team”of people for black output only wrote the phrase“people do, day in see”, a bit of sentiment. Quickly put the sb type of ad deleted, cannot be...

Shell In A Box HTTPS fallback DNS binding vulnerability

Shell In A Box is a soft SSH terminal product for accessing remote Linux servers. A security vulnerability in the HTTPS fallback implementation of Shell In A Box allows remote attackers to perform DNS rebinding attacks using the '/plain' URL...

Manage Engine Applications Manager 12 - Multiple Vulnerabilities

Exploit for multiple platform in category web applications Manage Engine Applications Manager 12 Multiple Vulnerabilities Vendor Product Description - ManageEngine Applications Manager is an application performance monitoring solution that proactively monitors business applications and help...

DEBIAN-CVE-2015-8400

The HTTPS fallback implementation in Shell In A Box aka shellinabox before 2.19 makes it easier for remote attackers to conduct DNS rebinding attacks via the "/plain" URL...

CVE-2015-8400

The HTTPS fallback implementation in Shell In A Box aka shellinabox before 2.19 makes it easier for remote attackers to conduct DNS rebinding attacks via the "/plain" URL...

CVE-2015-8400

The HTTPS fallback implementation in Shell In A Box aka shellinabox before 2.19 makes it easier for remote attackers to conduct DNS rebinding attacks via the "/plain" URL...

Hardcoded credentials

The HTTPS fallback implementation in Shell In A Box aka shellinabox before 2.19 makes it easier for remote attackers to conduct DNS rebinding attacks via the "/plain" URL...

CVE-2015-8400

The HTTPS fallback implementation in Shell In A Box aka shellinabox before 2.19 makes it easier for remote attackers to conduct DNS rebinding attacks via the "/plain" URL...

CVE-2015-8400

Shell In A Box (shellinabox) prior to version 2.19 contains an HTTPS fallback mechanism that allows DNS rebinding attacks via the /plain URL. The vulnerability is triggered when the client can revert HTTPS requests to HTTP, enabling remote attackers to exploit DNS rebinding. Public references in ...

CVE-2015-8400

The HTTPS fallback implementation in Shell In A Box aka shellinabox before 2.19 makes it easier for remote attackers to conduct DNS rebinding attacks via the "/plain" URL...

CVE-2015-8400

The HTTPS fallback implementation in Shell In A Box aka shellinabox before 2.19 makes it easier for remote attackers to conduct DNS rebinding attacks via the "/plain" URL...

[SECURITY] Fedora 22 Update: shellinabox-2.19-1.fc22

Shell In A Box implements a web server that can export arbitrary command li ne tools to a web based terminal emulator. This emulator is accessible to any JavaScript and CSS enabled web browser and does not require any additional browser plugins...

o2 DSL Auto Configuration Server Credential Disclosure

Advisory: o2/Telefonica Germany: ACS Discloses VoIP/SIP Credentials The o2 Auto Configuration Server ACS discloses VoIP/SIP credentials of arbitrary customers when receiving manipulated CWMP packets. These credentials can then be used by an attacker to register any VoIP number of the victim. This...