161 matches found
Cross-site Scripting (XSS) - Generic in frappe/charts
Description frappe-charts is vulnerable to Cross-Site Scripting XSS. Steps To Reproduce 1. Open NPM repo https://www.npmjs.com/package/frappe-charts 2. Open the Explore demos https://frappe.io/charts 3. At the bottom find the sandbox Ref:...
Pwndoc - Pentest Report Generator
PwnDoc is a pentest reporting application making it simple and easy to write your findings and generate a customizable Docx report. The main goal is to have more time to Pwn and less time to Doc by mutualizing data like vulnerabilities between users. Documentation Installation Data Vulnerabilitie...
Intrinsic Security at VMworld 2020
VMworld 2020 kicked off today and for the first time ever, hundreds of security experts took the virtual stage to unveil how organizations can build a future read business with a truly unified security approach. Not able to attend all the sessions you wanted to today? Check out our highlights bel...
demos.9lessons.info Cross Site Scripting vulnerability OBB-1336709
Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website operator about its existence...
demos-server.com Cross Site Scripting vulnerability OBB-1275487
Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website operator about its existence...
Join us at Black Hat USA 2020!
Qualys is excited to present two sponsored sessions at the Black Hat USA 2020 virtual event, open to all attendees with the free Business Hall pass. Register or log in to Black Hat USA 2020, and then view and register for these free sessions. Join us to learn about our new multi-vector EDR soluti...
Webexcels Ecommerce CMS 2.x SQL Injection / Cross Site Scripting
Exploit Title: Webexcels Ecommerce CMS SQL Injection & XSS Vulnerability Google Dork: intext:intext:" By WEB EXCELS "+inurl:"?Id=" Date: 2020-03-27 Exploit Author: @ThelastVvV Vendor Homepage: https://www.webexcels.com/ Version: 2.x 2017,2018,2019,2020 Tested on: Ubuntu...
Webexcels Ecommerce CMS 2.x SQL Injection / Cross Site Scripting Vulnerabilities
Exploit for php platform in category web applications Exploit Title: Webexcels Ecommerce CMS SQL Injection & XSS Vulnerability Google Dork: intext:intext:" By WEB EXCELS "+inurl:"?Id=" Exploit Author: @ThelastVvV Vendor Homepage: https://www.webexcels.com/ Version: 2.x 2017,2018,2019,2020 Tested...
CVE-2014-4544
Cross-site scripting XSS vulnerability in the Podcast Channels plugin 0.20 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the Filename parameter to getid3/demos/demo.write.php...
CVE-2014-4539
CVE-2014-4539 : A cross-site scripting (XSS) flaw in the WordPress Movies plugin (versions 0.6 and earlier) exists due to insufficient validation in the filename parameter of getid3/demos/demo.mimeonly.php. This allows remote attackers to inject arbitrary script/HTML, potentially executing code i...
Visit Akamai at AWS re:Invent 2019
From December 2-6, the Las Vegas Strip will be jam-packed with tens of thousands of developers, engineers, admins, architects, and other technologists for AWS re:Invent, the annual learning conference hosted by Amazon Web Services for the global cloud computing community. Akamai is excited to be ...
Visit Wallarm at Google Cloud Next
April 9–11, San Francisco, CA We are excited to join the community of the GCP professionals and demonstrate Wallarm web and API protection solutions custom-built for Google Cloud-powered applications. A certified GCP-partner, Wallarm delivers AI-powered security solution built to help your busine...
Commix v2.7 - Automated All-in-One OS Command Injection And Exploitation Tool
Commix short for command injection exploiter is an automated tool written by Anastasios Stasinopoulos @ancst that can be used from web developers, penetration testers or even security researchers in order to test web-based applications with the view to find bugs, errors or vulnerabilities related...
org.apache.karaf.demos:web (=4.1.0) potentially affected by CVE-2018-11787 via org.apache.karaf:apache-karaf (=4.1.0)
org.apache.karaf:apache-karaf MAVEN version =4.1.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.karaf:apache-karaf and may be impacted: - org.apache.karaf.demos:web =4.1.0 Source cves: CVE-2018-11787 Source advisory: OSV:GHSA-CQ9C-55R7-45...
CVE-2018-19340
Guriddo Form PHP 5.3 has XSS via the demos/jqform/defaultnodb/default.php OrderID, ShipName, ShipAddress, ShipCity, ShipPostalCode, ShipCountry, Freight, or details parameter...
CVE-2018-19340
Guriddo Form PHP 5.3 has XSS via the demos/jqform/defaultnodb/default.php OrderID, ShipName, ShipAddress, ShipCity, ShipPostalCode, ShipCountry, Freight, or details parameter...
X.org X11 security, bug fix, and enhancement update
freeglut 3.0.0-8 - HTTPS URLs - Pin soname to libglut.so.3 in the %files glob 3.0.0-7 - Rebuilt for https://fedoraproject.org/wiki/Fedora28MassRebuild 3.0.0-6 - Rebuilt for https://fedoraproject.org/wiki/Fedora27BinutilsMassRebuild 3.0.0-5 - Rebuilt for...
My short review of “The Forrester Wave: Vulnerability Risk Management, Q1 2018”
Last week, March 14, Forrester presented new report about Vulnerability Risk Management VRM market. You can purchase it on official site for $2495 USD or get a free reprint on Rapid7 site. Thanks, Rapid7! I've read it and what to share my impressions. I was most surprised by the leaders of the...
demos.9lessons.info XSS vulnerability
Open Bug Bounty ID: OBB-457737 Description| Value ---|--- Affected Website:| demos.9lessons.info Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Remediation Guide:| OWASP XSS Prevention Che...
Girls Who Code: That's a Wrap!
The Summer Immersion Program for Girls Who Code at Akamai wrapped up this past week. The girls finished their final projects and presented them at a graduation ceremony attended by friends and family as well as supporters and mentors from Akamai. The girls were divided into five teams for their...