NetGain Systems Enterprise Manager exec_jsp Command Execution (CVE-2017-16602)

A command execution vulnerability exists in NetGain Systems Enterprise Manager. The vulnerability is due improper validation of command HTTP parameter. A remote, authenticated attacker can exploit this vulnerability by sending crafted requests to a vulnerable server...

putlocker.co XSS vulnerability

Open Bug Bounty ID: OBB-453985 Description| Value ---|--- Affected Website:| putlocker.co Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Remediation Guide:| OWASP XSS Prevention Cheat Shee...

HackerOne: HTTP Parameter Pollution using semicolons in iframe element at hackerone.com/careers allows loading external Greenhouse forms

Summary: I noticed that HackerOne career pages loads it's application forms from Greenhouse.io via an iframe. The ghjid parameter value is taken into the iframe element for the token parameter in the iframe URL boards.greenhouse.io. Any html characters are escaped in order to avoid XSS and possib...

Wireless Repeater BE126 - Local File Inclusion

Wireless Repeater BE126 - Local File Inclusion Exploit Title: WIFI Repeater BE126 – Local File Inclusion Date Publish: 23/08/2017 Exploit Authors: Hay Mizrachi, Omer Kaspi Contact: [email protected], [email protected] Vendor Homepage: http://www.twsz.com Category: Webapps Version: 1.0 Tested...

Wireless Repeater BE126 - Local File Inclusion

Exploit Title: WIFI Repeater BE126 – Local File Inclusion Date Publish: 23/08/2017 Exploit Authors: Hay Mizrachi, Omer Kaspi Contact: [email protected], [email protected] Vendor Homepage: http://www.twsz.com Category: Webapps Version: 1.0 Tested on: Windows/Ubuntu 16.04 CVE: CVE-2017-8770 1 -...

CVE-2017-12439

SocuSoft Flash Slideshow Maker Professional through v5.20, when the advanced configuration is used, has an xmlpath HTTP parameter that trusts user-supplied input, in conjunction with an unsafe XML configuration file. This has resultant content forgery, cross site scripting, and unvalidated...

CVE-2016-9717

HTTP Parameter Override is identified in the IBM Infosphere Master Data Management MDM 10.1. 11.0. 11.3, 11.4, 11.5, and 11.6 product. It enables attackers by exposing the presence of duplicated parameters which may produce an anomalous behavior in the application that can be potentially exploite...

CVE-2016-9717

HTTP Parameter Override is identified in the IBM Infosphere Master Data Management MDM 10.1. 11.0. 11.3, 11.4, 11.5, and 11.6 product. It enables attackers by exposing the presence of duplicated parameters which may produce an anomalous behavior in the application that can be potentially exploite...

CVE-2016-10223

An issue was discovered in BigTree CMS before 4.2.15. The vulnerability exists due to insufficient filtration of user-supplied data in the "id" HTTP GET parameter passed to the "core/admin/adjax/dashboard/check-module-integrity.php" URL. An attacker could execute arbitrary HTML and script code in...

CVE-2017-5961

An issue was discovered in ionize through 1.0.8. The vulnerability exists due to insufficient filtration of user-supplied data in the "path" HTTP GET parameter passed to the "ionize-master/themes/admin/javascript/tinymce/jscripts/tinymce/plugins/codemirror/dialog.php" URL. An attacker could execu...

Cross-site Scripting (XSS)

Mattermost is vulnerable to cross-site scripting XSS. It does not properly validate and sanitize user-supplied input to the HTTP GET parameter link in "/error" page. It is possible to set the return link, which is part of the error page, to a base64 encoded DATA URI. This could be used to execute...

family.tgifridays.co.uk XSS vulnerability

Vulnerable URL: https://family.tgifridays.co.uk/search?actions=search%2Fmap=%22%3E%3Cscript%3Ealert%28%22OPENBUGBOUNTY%22%29%3C%2Fscript%3E%3Cdiv+id%3D%22=10 Details: Description| Value ---|--- Patched:| No Latest check for patch:| 27.07.2017 Vulnerability type:| XSS Vulnerability status:| Public...

ESF pfSense status_rrd_graph_img.php Command Injection

A Command Injection vulnerability has been reported in ESF pfSense. This vulnerability is due to statusrrdgraphimg.php incorrectly validating the graph HTTP parameter. A remote, authenticated attacker can exploit this vulnerability by sending crafted requests to the statusrrdgraphimg.php URI...

auto24.ee XSS vulnerability

Vulnerable URL: http://www.auto24.ee/new/list.php?dmake=10mvid=2100%22%3E%3Cscript%3Ealert%28%22XSSPOSED%22%29%3C/script%3E Details: Description| Value ---|--- Patched:| Yes, at 14.03.2016 Latest check for patch:| 14.03.2016 19:23 GMT Vulnerability type:| XSS Vulnerability status:| Publicly...

RXTEC RXAdmin SQL Injection Vulnerability

RXTEC RXAdmin login page from UPDATE 06 / 2012 suffers from a remote SQL injection vulnerability. RXTEC20150513 Title: SQL injection vulnerability in the RXTEC RXAdmin Login Page allows remote attackers to execute arbitrary SQL commands via several HTTP parameter. Type of vulnerability: SQL...

Multiple SQL Injection Vulnerabilities in mcart.xls Bitrix Module

High-Tech Bridge Security Research Lab discovered multiple SQL Injection vulnerabilities in mcart.xls Bitrix module, which can be exploited to execute arbitrary SQL queries and obtain potentially sensitive data, modify information in database and gain complete control over the vulnerable website...

Reflected XSS in Role Scoper WordPress Plugin

High-Tech Bridge Security Research Lab discovered Cross-Site scripting vulnerability in a popular Role Scoper WordPress plugin, present on more than 10 000 websites. The vulnerability can be exploited by anonymous attackers against website administrators. Successful attack may allow to steal...

OpenEMR globals.php Authentication Bypass (CVE-2015-4453)

An authentication weakness vulnerability exists in OpenEMR, specifically in the globals.php script. The vulnerability is due to variable name collision during HTTP parameter extraction. Successful exploitation will bypass authentication and allow the attacker to gain unauthorized access to the...

Remote File Inclusion in Gwolle Guestbook WordPress Plugin

High-Tech Bridge Security Research Lab discovered a critical Remote File Inclusion RFI in Gwolle Guestbook WordPress plugin, which can be exploited by non-authenticated attacker to include remote PHP file and execute arbitrary code on the vulnerable system. HTTP GET parameter "abspath" is not bei...

Reprise License Manager HTTP Parameter Parsing Stack Buffer Overflow

A stack buffer overflow vulnerability exists in the Reprise License Manager. The vulnerability is due to insufficient input validation of the licfile and debuglog parameters while processing an HTTP request. Successful exploitation would lead to arbitrary code execution under the security context...