Lucene search
K

140 matches found

GithubExploit
GithubExploit
added 2024/01/31 4:58 p.m.387 views

Exploit for Incorrect Authorization in Miniorange Web3_-_Crypto_Wallet_Login_\&_Nft_Token_Gating

CVE-2023-6036 POC about Wordpress plugin Web3 – Crypto wallet...

9.8CVSS6.7AI score0.01773EPSS
Exploits3
NVD
NVD
added 2023/06/30 2:15 a.m.19 views

CVE-2023-3249

The Web3 – Crypto wallet Login & NFT token gating plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.6.0. This is due to incorrect authentication checking in the 'hiddenformdata' function. This makes it possible for authenticated attackers to log in as...

9.8CVSS9.5AI score0.01108EPSS
Exploits0References3
WPVulnDB
WPVulnDB
added 2023/06/29 12:0 a.m.14 views

Web3 – Crypto wallet Login & NFT token gating < 2.7.0 - Authentication Bypass

The plugin does not properly perform authentication in the 'hiddenformdata' function, allowing an unauthenticated user to log in as any existing user on the site, such as an administrator, if they have access to the username...

9.8CVSS7.2AI score0.01108EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/04/19 12:0 a.m.16 views

RapidExpCart <= 1.0 - Stored XSS via CSRF

The plugin does not sanitize and escape the url parameter in the rapidexpcart endpoint before storing it and outputting it back in the page, leading to a Stored Cross-Site Scripting vulnerability which could be used against high-privilege users such as admin, furthermore lack of csrf protection...

5.4CVSS8.1AI score0.00239EPSS
Exploits2Affected Software1
SUSE CVE
SUSE CVE
added 2023/02/15 6:0 a.m.4 views

SUSE CVE-2010-1125

The JavaScript implementation in Mozilla Firefox 3.x before 3.5.10 and 3.6.x before 3.6.4, and SeaMonkey before 2.0.5, allows remote attackers to send selected keystrokes to a form field in a hidden frame, instead of the intended form field in a visible frame, via certain calls to the focus metho...

5.8CVSS8.9AI score0.02018EPSS
Exploits0References5
OSV
OSV
added 2022/05/18 4:15 p.m.1 views

CVE-2022-30105

In Belkin N300 Firmware 1.00.08, the script located at /settinghidden.asp, which is accessible before and after configuring the device, exhibits multiple remote command injection vulnerabilities. The following parameters in the form name form; list vulnerable parameters, are not properly sanitize...

9.8CVSS7.3AI score0.02766EPSS
Exploits1References1
0day.today
0day.today
added 2019/04/02 12:0 a.m.185 views

WordPress PayPal Checkout Payment Gateway 1.6.8 Plugin - Parameter Tampering Vulnerability

Exploit for php platform in category web applications WordPress PayPal Checkout Payment Gateway 1.6.8 Plugin - Parameter Tampering Exploit Title: cgi-bin/webscr?cmd=cart in the WooCommerce PayPal Checkout Payment Gateway plugin 1.6.8 for WordPress allows Parameter Tampering in an amount parameter...

4CVSS6.5AI score0.06049EPSS
Exploits5
Hacker One
Hacker One
added 2016/11/02 8:41 p.m.16 views

LocalTapiola: Suspicious browser fingerprinting(?) scripts on http://www.lahitapiola.fi/ redirector

I was doing some routine scanning of my Internet traffic at work I work as a Security Researcher for Forcepoint and noticed that my IDS popped up alarms of a ton of suspicious behaviour when I was trying to access http://www.lahitapiola.fi/ front page. It turned out that there seems to be a lot o...

7.8AI score
Exploits0
CNVD
CNVD
added 2016/05/26 12:0 a.m.2 views

OurPHP Profile Modification Function SQL Injection Vulnerability

OurPHP 傲派建站系统 is a website content management system developed using PHP language, the developer is Harbin Weicheng Technology Co. The registered members of OurPHP OurPHP website builder system do not have anti-injection processing for the hidden form password when modifying their information...

7AI score
Exploits0
n0where
n0where
added 2015/10/22 9:5 p.m.16 views

Deliberately Insecure Web Application: OWASP WebGoat

WebGoat is a deliberately insecure web application maintained by OWASP designed to teach web application security lessons. You can install and practice with WebGoat in either J2EE or WebGoat for .Net in ASP.NET. In each lesson, users must demonstrate their understanding of a security issue by...

7.5AI score
Exploits0References3
CNVD
CNVD
added 2015/07/21 12:0 a.m.1 views

TOTOLINK Router Models Backdoor Vulnerability

TOTOLINK manufactures routers, wireless access points and networking equipment. A backdoor vulnerability exists in TOTOLINK Router Models. An attacker can bypass the authentication system by using a hidden /boafrm/formSysCmd form and use a remote code execution in the HTTP remote management...

8.4AI score
Exploits0References1
Prion
Prion
added 2015/04/21 4:59 p.m.9 views

Cross site request forgery (csrf)

Multiple cross-site request forgery CSRF vulnerabilities in the Jammer module before 6.x-1.8 and 7.x-1.x before 7.x-1.4 for Drupal allow remote attackers to hijack the authentication of administrators for requests that delete a setting for 1 hidden form elements or 2 status messages via unspecifi...

6.8CVSS7.8AI score0.00656EPSS
Exploits0References5Affected Software1
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.15 views

MaxWebPortal 1.30 Remote Database Disclosure

No description provided by source. source: http://www.securityfocus.com/bid/7837/info A number of vulnerabilities have been discovered in the MaxWebPortal. The issues that have been discovered include: MaxWebPortal 'search.asp' has been reported prone to a cross-site scripting vulnerability. An...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.11 views

CGIScript.NET csMailto Hidden Form Field Remote Command Execution Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/4579/info CGIScript.NET csMailto is a Perl script designed to support multiple mailto: forms. A vulnerability has been reported in some versions of this script. Reportedly, configuration values used by the script are...

7.1AI score
Exploits0
myhack58
myhack58
added 2014/04/23 12:0 a.m.28 views

Discuz! X A XSS-vulnerability warning-the black bar safety net

Self XSS + Click Jacking == storage type XSS http://hi.baidu.com/hacklele/admin.php?frames=yes&action=moderate&operation=threads, the page has a hidden form"title", you can GET submitted, the Management click"Submit"after the trigger. Because it is a Self XSS, bad use, and Discuz the background i...

0.2AI score
Exploits0
Exploit DB
Exploit DB
added 2010/07/09 12:0 a.m.24 views

b2evolution 3.3.3 - Cross-Site Request Forgery

---------------------------------------------------------------------------- : Exploit Title: b2evolution 3.3.3 Cross site request forgery : : Date: 05/07/2010 & 23/07/1431 H : : Author: saudi0hacker : : Software Link: http://b2evolution.net/downloads/index.html : : Version: 3.3.3 : : Tested on:...

7AI score
Exploits0
exploitpack
exploitpack
added 2010/06/17 12:0 a.m.17 views

Planet 1.1 - Cross-Site Request Forgery (Add Admin)

Planet 1.1 - Cross-Site Request Forgery Add Admin Exploit Title: Planet 1.1 - CSRF Add Admin Account Date: 17-06-2010 Author: G0D-F4Th3r Software Link: http://php.femtolayer.com/planet11/ Version: 1.1 Tested on: http://php.femtolayer.com/planet11/ /cp/security.php?do=admins" Greetz to : AL-MoGrM ...

0.8AI score
Exploits0
exploitpack
exploitpack
added 2009/12/13 12:0 a.m.9 views

Acc PHP eMail 1.1 - Cross-Site Request Forgery

Acc PHP eMail 1.1 - Cross-Site Request Forgery /\ == \ /\ \ /\ \ \ \ // End of attack ------------------------------------------------------------------------------------------ EOF...

0.6AI score
Exploits0
NVD
NVD
added 2006/07/06 8:5 p.m.18 views

CVE-2006-3398

The "change password forms" in Taskjitsu before 2.0.1 includes password hashes in hidden form fields, which allows remote attackers to obtain sensitive information from the 1 Category Editor and 2 User Information editor...

5CVSS6.3AI score0.01351EPSS
Exploits0References3
CVE
CVE
added 2005/08/03 4:0 a.m.136 views

CVE-2005-2428

Lotus Domino R5/R6 WebMail with Generate HTML for all fields enabled can reveal sensitive data via names.nsf hidden fields. The connected nuclei template documents information disclosure: password hashes in HTTPPassword, password-change date in HTTPPasswordChangeDate, and client release in ClntBl...

5CVSS5.8AI score0.73635EPSS
Exploits10References10Affected Software1
Rows per page
Query Builder