CVE-2017-9070

In MODX Revolution before 2.5.7, a user with resource edit permissions can inject an XSS payload into the title of any post via the pagetitle parameter to connectors/index.php...

srilakor.go.th XSS vulnerability

Open Bug Bounty ID: OBB-236743 Description| Value ---|--- Affected Website:| srilakor.go.th Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

Catfish CMS V4.3.4 '/application/multimedia/controller/Index.php' page has an arbitrary file read vulnerability

Catfish CMS is open source PHP content management system. An arbitrary file read vulnerability exists in the Catfish CMS V4.3.4 '/application/multimedia/controller/Index.php' page. The program fails to adequately filter user input, allowing an attacker to construct a file path and read arbitrary...

Cross site scripting

Invision Power Services IPS Community Suite 4.1.19.2 and earlier has stored XSS in the Announcements, allowing privilege escalation from an Invision Power Board moderator to an admin. An attack uses the announcecontent parameter in an index.php?/modcp/announcements/&action=create request. This is...

CVE-2017-8898

Invision Power Services IPS Community Suite 4.1.19.2 and earlier has stored XSS in the Announcements, allowing privilege escalation from an Invision Power Board moderator to an admin. An attack uses the announcecontent parameter in an index.php?/modcp/announcements/&action=create request. This is...

CVE-2017-8898

Invision Power Services IPS Community Suite 4.1.19.2 and earlier has stored XSS in the Announcements, allowing privilege escalation from an Invision Power Board moderator to an admin. An attack uses the announcecontent parameter in an index.php?/modcp/announcements/&action=create request. This is...

CVE-2017-8833

Zen Cart 1.6.0 has XSS in the mainpage parameter to index.php. NOTE: 1.6.0 is not an official release but the vendor's README.md file offers a link to v160.zip with a description of "Download latest in-development version from github."...

CVE-2017-8833

Zen Cart 1.6.0 (development version) contains a cross-site scripting (XSS) flaw in the main_page parameter of index.php. The vulnerability stems from insufficient sanitization of input to the main_page parameter, allowing injection of arbitrary script/HTML. Public references indicate 1.6.0 is in-...

CVE-2017-8833

Zen Cart 1.6.0 has XSS in the mainpage parameter to index.php. NOTE: 1.6.0 is not an official release but the vendor's README.md file offers a link to v160.zip with a description of "Download latest in-development version from github."...

punk.de XSS vulnerability

Open Bug Bounty ID: OBB-232679 Description| Value ---|--- Affected Website:| punk.de Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

Path traversal

A path traversal vulnerability exists in simple-file-manager before 2017-04-26, affecting index.php the sole "Simple PHP File Manager" component...

CVE-2017-8297

A path traversal vulnerability exists in simple-file-manager before 2017-04-26, affecting index.php the sole "Simple PHP File Manager" component...

CVE-2017-8297

A path traversal vulnerability exists in simple-file-manager before 2017-04-26, affecting index.php the sole "Simple PHP File Manager" component...

Joomla Component JobGrok Listing 3.1-1.2.58 - SQL Injection

sql: http://www.Target.com/index.php?option=comjobgroklist&view=posting&id=2:mechanic&Itemid=SQL...

Maian Survey 1.1 - survey SQL Injection

Maian Survey 1.1 - survey SQL Injection Exploit Title: Maian Survey v1.1 - SQL Injection Google Dork: N/A Date: 04.04.2017 Vendor Homepage: http://www.maiansoftware.com/ Software: http://www.maiansurvey.com/?dl=yes Demo: http://www.maiansoftware.com/demos/survey/ Version: 1.1 Tested on: Win7 x64,...

Maian Survey 1.1 SQL Injection

Exploit Title: Maian Survey v1.1 - SQL Injection Google Dork: N/A Date: 04.04.2017 Vendor Homepage: http://www.maiansoftware.com/ Software: http://www.maiansurvey.com/?dl=yes Demo: http://www.maiansoftware.com/demos/survey/ Version: 1.1 Tested on: Win7 x64, Kali Linux x64 Exploit Author: Ihsan...

Design/Logic Flaw

Pixie 1.0.4 allows remote authenticated users to upload and execute arbitrary PHP code via the POST data in an admin/index.php?s=publish&x=filemanager request for a filename with a double extension, such as a .jpg.php file with Content-Type of image/jpeg...

CVE-2017-7402

Pixie 1.0.4 allows remote authenticated users to upload and execute arbitrary PHP code via the POST data in an admin/index.php?s=publish&x=filemanager request for a filename with a double extension, such as a .jpg.php file with Content-Type of image/jpeg...

Design/Logic Flaw

Pixie 1.0.4 allows an admin/index.php s=publish&m=dynamic&x= XSS attack...

Design/Logic Flaw

Pixie 1.0.4 allows an admin/index.php s=publish&m=static&x= XSS attack...