Lucene search
K

7657 matches found

Exploit DB
Exploit DB
added 2017/06/07 12:0 a.m.60 views

Grav CMS 1.4.2 Admin Plugin - Cross-Site Scripting

Exploit Title: GravCMS Core Admin Plugin v1.4.2 - Persistent Cross-Site Scripting Date: 2017-06-07 Exploit Author: Ahsan Tahir Vendor Homepage: https://getgrav.org/ Software Link: https://getgrav.org/download/core/grav-admin/1.2.4 Version: 1.4.2 Tested on: Kali Linux 2.0 | Windows 8.1 Email:...

7.4AI score
Exploits0
Vulnerability Lab
Vulnerability Lab
added 2017/06/06 12:0 a.m.41 views

Evolution Script CMS v5.3 - Cross Site Scripting Vulnerability

Document Title: =============== Evolution Script CMS v5.3 - Cross Site Scripting Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2075 Release Date: ============= 2017-06-06 Vulnerability Laboratory ID VL-ID:...

7.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2017/06/05 11:16 a.m.22 views

CIA's Pandemic Toolkit

WikiLeaks is still dumping CIA cyberweapons on the Internet. Its latest dump is something called "Pandemic": The Pandemic leak does not explain what the CIA's initial infection vector is, but does describe it as a persistent implant. "As the name suggests, a single computer on a local network wit...

6.7AI score
Exploits0
exploitpack
exploitpack
added 2017/06/05 12:0 a.m.29 views

Subsonic 6.1.1 - Cross-Site Request Forgery Cross-Site Scripting

Subsonic 6.1.1 - Cross-Site Request Forgery Cross-Site Scripting + Credits: John Page a.k.a hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/SUBSONIC-CSRF-PERSISTENT-XSS.txt + ISR: ApparitionSec Vendor: ================ www.subsonic.org Product:...

6.8CVSS0.1AI score0.15676EPSS
Exploits5
0day.today
0day.today
added 2017/06/05 12:0 a.m.41 views

Subsonic 6.1.1 - Cross-Site Request Forgery / Cross-Site Scripting Vulnerabilities

Exploit for windows platform in category web applications + Credits: John Page a.k.a hyp3rlinx Vendor: ================ www.subsonic.org Product: =============== subsonic v6.1.1 Subsonic is a media streaming server. You install it on your own computer where you keep your music or video collection...

8.7AI score0.15676EPSS
Exploits5
0day.today
0day.today
added 2017/06/05 12:0 a.m.75 views

Subsonic 6.1.1 - Server-Side Request Forgery Vulnerability

Exploit for windows platform in category web applications + Credits: John Page a.k.a hyp3rlinx Vendor: ================ www.subsonic.org Product: =============== subsonic v6.1.1 Subsonic is a media streaming server. You install it on your own computer where you keep your music or video collection...

6.8CVSS8.7AI score0.01776EPSS
Exploits5
Exploit DB
Exploit DB
added 2017/06/05 12:0 a.m.44 views

Subsonic 6.1.1 - Cross-Site Request Forgery / Cross-Site Scripting

Credits: John Page a.k.a hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/SUBSONIC-CSRF-PERSISTENT-XSS.txt + ISR: ApparitionSec Vendor: ================ www.subsonic.org Product: =============== subsonic v6.1.1 Subsonic is a media streaming...

8.8CVSS9AI score0.15676EPSS
Exploits5
Packet Storm
Packet Storm
added 2017/06/03 12:0 a.m.49 views

Subsonic 6.1.1 Persistent XSS

Credits: John Page a.k.a hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/SUBSONIC-CSRF-PERSISTENT-XSS.txt + ISR: ApparitionSec Vendor: ================ www.subsonic.org Product: =============== subsonic v6.1.1 Subsonic is a media streaming...

8.9AI score0.15676EPSS
Exploits5
exploitpack
exploitpack
added 2017/05/31 12:0 a.m.11 views

Piwigo Plugin Facetag 0.0.3 - Cross-Site Scripting

Piwigo Plugin Facetag 0.0.3 - Cross-Site Scripting Exploit Title: Piwigo plugin Facetag , Persistent XSS Date: 31-05-2017 Extension Version: 0.0.3 Software Link: http://piwigo.org/basics/downloads Extension link : http://piwigo.org/ext/extensionview.php?eid=845 Exploit Author: Touhid M.Shaikh...

6.7AI score
Exploits0
Exploit DB
Exploit DB
added 2017/05/31 12:0 a.m.55 views

Piwigo Plugin Facetag 0.0.3 - Cross-Site Scripting

Exploit Title: Piwigo plugin Facetag , Persistent XSS Date: 31-05-2017 Extension Version: 0.0.3 Software Link: http://piwigo.org/basics/downloads Extension link : http://piwigo.org/ext/extensionview.php?eid=845 Exploit Author: Touhid M.Shaikh Contact: http://twitter.com/touhidshaikh22 Website:...

7.4AI score
Exploits0
Prion
Prion
added 2017/05/28 12:29 a.m.15 views

Design/Logic Flaw

An issue was discovered in Contiki Operating System 3.0. A Persistent XSS vulnerability is present in the MQTT/IBM Cloud Config page aka mqtt.html of cc26xx-web-demo. The cc26xx-web-demo features a webserver that runs on a constrained device. That particular page allows a user to remotely configu...

4.3CVSS6.2AI score0.00761EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2017/05/28 12:29 a.m.3 views

CVE-2017-7296

An issue was discovered in Contiki Operating System 3.0. A Persistent XSS vulnerability is present in the MQTT/IBM Cloud Config page aka mqtt.html of cc26xx-web-demo. The cc26xx-web-demo features a webserver that runs on a constrained device. That particular page allows a user to remotely configu...

6.1CVSS5.9AI score0.00761EPSS
Exploits0References2
NVD
NVD
added 2017/05/28 12:29 a.m.22 views

CVE-2017-7296

An issue was discovered in Contiki Operating System 3.0. A Persistent XSS vulnerability is present in the MQTT/IBM Cloud Config page aka mqtt.html of cc26xx-web-demo. The cc26xx-web-demo features a webserver that runs on a constrained device. That particular page allows a user to remotely configu...

6.1CVSS6.3AI score0.00761EPSS
Exploits0References2
Cvelist
Cvelist
added 2017/05/28 12:0 a.m.24 views

CVE-2017-7296

An issue was discovered in Contiki Operating System 3.0. A Persistent XSS vulnerability is present in the MQTT/IBM Cloud Config page aka mqtt.html of cc26xx-web-demo. The cc26xx-web-demo features a webserver that runs on a constrained device. That particular page allows a user to remotely configu...

6.3AI score0.00761EPSS
Exploits0References2
Hacker One
Hacker One
added 2017/05/26 8:37 p.m.9 views

Weblate: Improper Cookie expiration | Cookies Expiration Set to Future

Hi Team, I have found at many instances or places from signup till getting logged into application in domain "demo.weblate.org" that session maintaining cookies such as csrf token and session id's expiration dates are set to future date. As part of secure session management one should prohibit or...

0.1AI score
Exploits0
Packet Storm
Packet Storm
added 2017/05/23 12:0 a.m.190 views

Simple ASC CMS 1.2 Cross Site Scripting

Document Title: =============== Simple ASC CMS v1.2 - Guestbook Persistent Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2072 Release Date: ============= 2017-05-21 Vulnerability Laboratory ID VL-ID: ====================================...

7.4AI score
Exploits0
Vulnerability Lab
Vulnerability Lab
added 2017/05/21 12:0 a.m.83 views

Simple ASC CMS v1.2 - (Guestbook) Persistent Vulnerability

Document Title: =============== Simple ASC CMS v1.2 - Guestbook Persistent Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2072 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-15947 CVE-ID: ======= CVE-2017-15947 Release Date:...

3.5CVSS5.9AI score0.00523EPSS
Exploits3
Vulnerability Lab
Vulnerability Lab
added 2017/05/20 12:0 a.m.49 views

Simple ASC CMS v1.2 - Guestbook Persistent Vulnerability

Document Title: =============== Simple ASC CMS v1.2 - Guestbook Persistent Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2072 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-15947 CVE-ID: ======= CVE-2017-15947 Release Date:...

5.4CVSS5.6AI score0.00523EPSS
Exploits3
Packet Storm
Packet Storm
added 2017/05/17 12:0 a.m.67 views

WordPress EELV Newsletter 4.5 XSS / CSRF

Document Title: =============== Wordpress EELV Newsletter v4.5 - Multiple Vulnerabilities References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2069 Release Date: ============= 2017-05-15 Vulnerability Laboratory ID VL-ID: ====================================...

Exploits0
Exploit DB
Exploit DB
added 2017/05/17 12:0 a.m.56 views

INFOR EAM 11.0 Build 201410 - Persistent Cross-Site Scripting via Comment Fields

Stored XSS in INFOR EAM V11.0 Build 201410 via comment fields ------------------- Assigned CVE: CVE-2017-7953 Reproduction steps: ------------------- 1. Log in with your EAM account 2. Go to the jobs page 3. Click on a record and open its page 4. Go to "Comments" tab 4. Click the add new comment...

5.4CVSS5.5AI score0.00954EPSS
Exploits5
Rows per page
Query Builder