CVE-2018-19274

Passing an absolute path to a fileexists check in phpBB before 3.2.4 allows Remote Code Execution through Object Injection by employing Phar deserialization when an attacker has access to the Admin Control Panel with founder permissions...

CVE-2018-19274

CVE-2018-19274 affects phpBB < 3.2.4: remote code execution via Phar deserialization when an attacker with founder permissions can access the Admin Control Panel. The issue arises from using an absolute path in a file_exists check, enabling Object Injection. NVD data shows CVSSv3.1 base score ...

Electricks eCommerce 1.0 - Persistent Cross-Site Scripting Vulnerability

Exploit for php platform in category web applications Exploit Title: Electricks eCommerce 1.0 - Cross-Site Scripting Exploit Author: Nawaf Alkeraithe Software Link: https://www.sourcecodester.com/sites/default/files/download/billyblue/electricks.zip Version: 1.0 When a user signs up for an accoun...

Electricks eCommerce 1.0 - Persistent Cross-Site Scripting

Exploit Title: Electricks eCommerce 1.0 - Cross-Site Scripting Date: 2018-11-12 Exploit Author: Nawaf Alkeraithe Software Link: https://www.sourcecodester.com/sites/default/files/download/billyblue/electricks.zip Version: 1.0 When a user signs up for an account on the following url:...

XAMPP Control Panel 3.2.2 - Buffer Overflow (SEH) (Unicode) Exploit

Exploit for windows platform in category local exploits Exploit Title: XAMPP Control Panel 3.2.2 - Buffer Overflow SEH Unicode Exploit Author: Gionathan "John" Reale 0-day DoS exploit, Semen Alexandrovich Lyhin 1-day fully working exploit. Shellcode Author: Giuseppe D'Amore EDB:28996 Software:...

CVE-2018-18547

Vesta Control Panel through 0.9.8-22 has XSS via the edit/web/ domain parameter, the list/backup/ backup parameter, the list/rrd/ period parameter, the list/directory/ dira parameter, or the filename to the list/directory/ URI...

CVE-2018-18547

Vesta Control Panel through 0.9.8-22 has XSS via the edit/web/ domain parameter, the list/backup/ backup parameter, the list/rrd/ period parameter, the list/directory/ dira parameter, or the filename to the list/directory/ URI...

PYSEC-2018-107

ajenticp aka Ajenti Docker control panel for Ajenti through v1.2.23.13 has XSS via a filename that is mishandled in File Manager...

PYSEC-2018-107

ajenticp aka Ajenti Docker control panel for Ajenti through v1.2.23.13 has XSS via a filename that is mishandled in File Manager...

Design/Logic Flaw

ajenticp aka Ajenti Docker control panel for Ajenti through v1.2.23.13 has XSS via a filename that is mishandled in File Manager...

Design/Logic Flaw

Vesta Control Panel through 0.9.8-22 has XSS via the edit/web/ domain parameter, the list/backup/ backup parameter, the list/rrd/ period parameter, the list/directory/ dira parameter, or the filename to the list/directory/ URI...

CVE-2018-18547

Vesta Control Panel through 0.9.8-22 has XSS via the edit/web/ domain parameter, the list/backup/ backup parameter, the list/rrd/ period parameter, the list/directory/ dira parameter, or the filename to the list/directory/ URI...

CVE-2018-18548

ajenticp aka Ajenti Docker control panel for Ajenti through v1.2.23.13 has XSS via a filename that is mishandled in File Manager...

CVE-2018-18547

Vesta Control Panel (VestaCP) up to version 0.9.8-22 is affected by a cross-site scripting (XSS) vulnerability. The issue arises from unsanitized input in multiple endpoints (edit/web/?domain=, list/backup/?backup=, list/rrd/?period=, list/directory/?dir_a=, and list/directory/ URIs), allowing an...

CVE-2018-18548

AjentiCP (Ajenti) up to version 1.2.23.13 contains a Cross-site Scripting (XSS) vulnerability in File Manager caused by mishandling a filename. The issue allows an attacker to inject JavaScript that can run in an Ajenti user’s browser, enabling potentially high-risk exploitation without privilege...

VestaCP Cross-Site Scripting Vulnerability

VestaCP is a hosting control panel. A cross-site scripting vulnerability exists in VestaCP 0.9.8-22 and prior versions. A remote attacker can exploit this vulnerability to execute JavaScript code in a user's browser...

Vesta control panel servers infected with DDoS malware after supply chain attack

By Waqas An open-source hosting panel software provider, Vesta Control Panel VestaCP, has admitted that the company became a victim of a supply chain attack. In an announcement made by VestaCP on its forum, it was revealed that the hacker managed to contaminate the source code of its project with...

On Heels of Criticism, Newly-Released Google Chrome 70 Prioritizes Privacy

Google has lifted the curtain on its latest version of Chrome, which the tech giant has pledged touts more data privacy features, as well as fixes for high-priority vulnerabilities. The release comes after Google had promised updates in Chrome 70 to “better communicate our changes and offer more...

XAMPP Control Panel 3.2.2 - Denial of Service (PoC)

Exploit Title: XAMPP Control Panel 3.2.2 - Denial of Service PoC Exploit Author: Gionathan "John" Reale Date: 2018-09-14 Software: XAMPP Version: 3.2.2 / 7.2.9 Newest version at time of writing Download:...

KLA11320 Obsolete Adobe Flash Player for Windows

Microsoft released update to address vulnerabilities in Flash Player. For details look at KLA11317. Original advisories ADV180023 Related products Microsoft-Windows Microsoft-Windows-Server CVE list KB list 4457146 Solution Install necessary updates from the KB section, that are listed in your...