254 matches found
Reflected Cross-Site Scripting (XSS) in SourceBans
High-Tech Bridge Security Research Lab discovered vulnerability in SourceBans, which can be exploited to perform Cross-Site Scripting XSS attacks against web application users. The vulnerability exists due to insufficient filtration of input-data passed via the "advSearch" HTTP GET parameter to...
Cross-Site Scripting (XSS) in qTranslate WordPress Plugin
High-Tech Bridge Security Research Lab discovered vulnerability in qTranslate WordPress plugin, which can be exploited to perform Cross-Site Scripting XSS attacks against website administrators. Successful exploitation of this vulnerability may allow a remote attacker to gain complete control ove...
Local PHP File Inclusion in ResourceSpace
Advisory ID: HTB23258 Product: ResourceSpace Vendor: Montala Limited Vulnerable Versions: 7.1.6513 and probably prior Tested Version: 7.1.6513 Advisory Publication: May 6, 2015 without technical details Vendor Notification: May 6, 2015 Vendor Patch: June 1, 2015 Public Disclosure: June 3, 2015...
u-Auctions - Multiple Vulnerabilities
Exploit for php platform in category web applications Exploit Title: u-Auctions Multiple Vulnerabilities Google Dork: "Powered by u-Auctions ©" Date: 03 April 2015 Exploit Author: Don Vendor Homepage: https://www.u-auctions.com / Version: ALL Tested on: Debian 1. Blind SQL injection: This...
u-Auctions - Multiple Vulnerabilities
u-Auctions - Multiple Vulnerabilities Exploit Title: u-Auctions Multiple Vulnerabilities Google Dork: "Powered by u-Auctions ©" Date: 03 April 2015 Exploit Author: Don Vendor Homepage: https://www.u-auctions.com / Version: ALL Tested on: Debian 1. Blind SQL injection: This vulnerability affects...
u-Auctions - Multiple Vulnerabilities
Exploit Title: u-Auctions Multiple Vulnerabilities Google Dork: "Powered by u-Auctions ©" Date: 03 April 2015 Exploit Author: Don Vendor Homepage: https://www.u-auctions.com / Version: ALL Tested on: Debian 1. Blind SQL injection: This vulnerability affects /adsearch.php URL encoded POST input...
Modx CMS 2.2.14 - CSRF Bypass, Reflected XSS, Stored XSS Vulnerability
Exploit for php platform in category web applications Product: MODX Revolution Vendor: MODX Vulnerable Versions: 2.0.02.2.14 Tested Version: 2.2.14 Advisory Publication: 16 July, 2014 without technical details Vendor Notification: 16 July, 2014 Vendor Patch: 15 July, 2014 Public Disclosure: 2...
pornblink.com Open Redirect vulnerability
Open Bug Bounty ID: OBB-52135 Description| Value ---|--- Affected Website:| pornblink.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| Open Redirect / CWE-601 CVSSv3 Score:| 3.4...
Drupal HTTP Parameter Key/Value SQL Injection
This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'Drupal HTTP Parameter Key/Value SQL Injection', 'Description' = %q This module exploits the Drupal HTTP Parameter Key/Value SQL...
Drupal HTTP Parameter Key/Value SQL Injection
This module exploits the Drupal HTTP Parameter Key/Value SQL Injection aka Drupageddon in order to achieve a remote shell on the vulnerable instance. This module was tested against Drupal 7.0 and 7.31 was fixed in 7.32. Two methods are available to trigger the PHP payload on the target: - set...
Sierra Library Services Platform Multiple Vulnerability Disclosure
Product: Sierra Library Services Platform Vendor: Innovative Interfaces Inc Vulnerable Version: 1.23 Tested Version: 1.23 Vendor Notification: June 19, 2014 Public Disclosure: August 26, 2014 Vulnerability Type: Cross-Site Scripting CWE-79 CVE Reference: CVE-2014-5136 Risk Level: Medium CVSSv2 Ba...
Oscommerce 2.3.4 XSS / HPP / File Inclusion
Oscommerce2.3.4 multi Vulnerability 0-Day ========================================= Author : indoushka Vondor : http://www.oscommerce.com/ Dork : Powered by osCommerce ========================================= File inclusion : It seems that this script includes a file which name is determined usi...
Symantec Web Gateway dbutils.php SQL Injection (CVE-2014-1651)
An SQL injection vulnerability exists in Symantec Web Gateway. The vulnerability is due to lack of proper sanitization of the "hostname" HTTP parameter passed to some PHP pages. A remote, authenticated attacker could exploit this vulnerability by sending a crafted HTTP request to the vulnerable...
Reflected Cross-Site Scripting (XSS) in Google Calendar Events WordPress Plugin
High-Tech Bridge Security Research Lab discovered vulnerability in Google Calendar Events WordPress plugin, which can be exploited to perform Cross-Site Scripting XSS attacks against administrator of a WordPress website with vulnerable plugin. 1 Reflected Cross-Site Scripting XSS in Google Calend...
OctavoCMS <= 3.1.1 XSS Vulnerability - Active Check
OctavoCMS is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
VICIDIAL Call Center Suite <= 2.2.1-237 - Multiple Vulnerabilities
No description provided by source. ...:::::VICIDIAL call center suite Blind SQL Injection Vulnerability::::.... Sepahan TelCom IT Group septelcom ------------------------------------------------------- Date: 2012-09-07 Exploit Author: Sepahan TelCom IT Group septelcom Vendor Homepage:...
Scout Portal Toolkit <= 1.4.0 (ParentId) Remote SQL Injection Exploit
No description provided by source. !/usr/bin/perl Scout Portal Toolkit = 1.4.0 ParentId Remote SQL Injection Exploit Discovered & Coded by JosS Contact: sys-projectathotmail.com Spanish Hackers Team / Sys - Project / EspSeC http://www.spanish-hackers.com rgod forever :D print \t\t\n\n; print \t\t...
C-News 1.0.1 - 'install.php' Cross Site Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/28989/info C-News is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an...
[SECURITY] Stored Cross Site Scripting in Ektron CMS 8.7
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Stored Cross Site Scripting in Ektron CMS 8.7 CVE reference: CVE-2014-2729 Affected platforms: Ektron Web Content Management System Version: 8.7.0 Date: 2013-December-19 Security risk: Medium CVSS - AV:N/AC:L/Au:S/C:P/I:P/A:N Researcher: Joseph Zeng...
Ektron CMS 8.7 Cross Site Scripting
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Stored Cross Site Scripting in Ektron CMS 8.7 CVE reference: CVE-2014-2729 Affected platforms: Ektron Web Content Management System Version: 8.7.0 Date: 2013-December-19 Security risk: Medium CVSS - AV:N/AC:L/Au:S/C:P/I:P/A:N Researcher: Joseph Zeng...