328 matches found
Cross-site Scripting (XSS) - Stored
Description The stored XSS vulnerability found in the caliber-web application is a security flaw that allows an attacker to execute malicious code in a user's browser. The vulnerability affects the "/ajax/pathchooser/" endpoint and is present in the "path" parameter, which is sent via the GET...
SUSE CVE-2016-2812
Race condition in the get implementation in the ServiceWorkerManager class in the Service Worker subsystem in Mozilla Firefox before 46.0 allows remote attackers to execute arbitrary code or cause a denial of service buffer overflow and application crash via a crafted web site...
Inout Search Engine 10.1.3 Cross Site Scripting
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ โโ C r a C k E r โโ โโ T H E C R A C K O F E T E R N A L M I G H T โโ โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ โโโโโ From The Ashes and Dust Rises An...
Cross-Site Request Forgery (CSRF)
apache-superset is vulnerable to Cross-Site Request Forgery CSRF. The vulnerability exists due to the use of the HTTP GET method for the legacy REST API endpoints in the requestaccess and approve functions of core.py, allowing an attacker to redirect to the malicious URL through the GET request...
Security feature bypass
Dangerous method exposed which can lead to RCE in qmpass/leadshop v1.4.15 allows an attacker to control the target host by calling any function in leadshop.php via the GET method...
Joomla RAXO All-Mode PRO 2.01 Cross Site Scripting
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ โโ C r a C k E r โโ โโ T H E C R A C K O F E T E R N A L M I G H T โโ โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ โโโโโ From The Ashes and Dust Rises An...
Joomla jMarket 5.15 Cross Site Scripting Vulnerability
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ โโ Exploits โโ โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ : Author : CraCkEr : โ Website : extensions.joomla.org โ โ Vendor : Joobi โ โ Software : jMarket 5.1...
Joomla Easy Shop 1.4.1 Cross Site Scripting
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ โโ C r a C k E r โโ โโ T H E C R A C K O F E T E R N A L M I G H T โโ โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ โโโโโ From The Ashes and Dust Rises An...
Joomla EDocman 1.23.3 Cross Site Scripting
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ โโ C r a C k E r โโ โโ T H E C R A C K O F E T E R N A L M I G H T โโ โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ โโโโโ From The Ashes and Dust Rises An...
Marty Marketplace Multi Vendor Ecommerce Script 1.2 SQL Injection Vulnerability
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ โโ C r a C k E r โโ โโ T H E C R A C K O F E T E R N A L M I G H T โโ โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ โโโโโ From The Ashes and Dust Rises An...
CRLFsuite - Fast CRLF Injection Scanning Tool
CRLFsuite is a fast tool specially designed to scan CRLF injection. Installation $ git clone https://github.com/Nefcore/CRLFsuite.git $ cd CRLFsuite $ sudo python3 setup.py install $ crlfsuite -h Features Single URL scanning Multiple URL scanning Stdin supported GET & POST method supported...
Cross Site Request Forgery in acknowledging Toast
Description Hi there linkding maintainers, I would like to report a Cross site request forgery in acknowledging toast. This is due to the use of GET method. Proof of Concept 1. Install a local instance of linkding 2. Create admin user admin 3. Log in as admin and create a new toast 4. Go back to...
Cross-site Request Forgery (CSRF)
Overview org.jenkins-ci.main:jenkins-core is an open source automation server. Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF via the HTTP GET method. An attacker can hijack the authentication of administrators by exploiting the vulnerability through crafted...
GHSA-799H-QR84-PCRP Kallithea Routes CSRF Bypass
Routes in Kallithea before 0.3.2 allows remote attackers to bypass the CSRF protection by using the GET HTTP request method...
PT-2022-16937 ยท Unknown ยท Http-Swagger
Name of the Vulnerable Software and Affected Versions: http-swagger versions prior to 1.2.6 Description: The issue allows an attacker to perform a denial of service attack consisting of memory exhaustion on the host system due to improper handling of HTTP methods. This can also lead to other...
Cross-Site Request Forgery (CSRF) in janeczku/calibre-web
Description CSRF on various endpoints Summary Pretty recently CSRF protection in calibre-web was implemented. However, there are some state-changing endpoints that accept GET requests instead of POST. The most impactful route so far, that allows to completely shutdown the server:...
Cross-Site Request Forgery (CSRF) in patrowl/patrowlmanager
Description Hi there, there is a CSRF in duplicating rule due to the usage of GET method. Proof of Concept 1. Install a local instance of PatrowlManager 2. Go to list rule and create a new rule 3. Access this link http://localhost:8083/rules/api/v1/alerting/duplicate/1 and see that the rule is...
TotoLink A702r ๅฎๅ จๆผๆด
TOTOLINK A702r is a router device from China-based Gion Electronics TOTOLINK.A security vulnerability exists in TOTOLINK A702r, which stems from the product's login page that does not add effective permission control for directory access. An attacker can access the /add/, /img/, /js/, /mobile...
CVE-2020-27379
Cross Site Request Forgery CSRF vulnerability in Booking Core - Ultimate Booking System Booking Core 1.7.0 . The CSRF token is not being validated when the request is sent as a GET method. This results in an unauthorized change in the user's email ID, which can later be used to reset the password...
CVE-2021-23389
The package total.js before 3.4.9 are vulnerable to Arbitrary Code Execution via the U.set and U.get functions...