7657 matches found
Grav CMS 1.4.2 Admin Plugin - Cross-Site Scripting
Exploit Title: GravCMS Core Admin Plugin v1.4.2 - Persistent Cross-Site Scripting Date: 2017-06-07 Exploit Author: Ahsan Tahir Vendor Homepage: https://getgrav.org/ Software Link: https://getgrav.org/download/core/grav-admin/1.2.4 Version: 1.4.2 Tested on: Kali Linux 2.0 | Windows 8.1 Email:...
Evolution Script CMS v5.3 - Cross Site Scripting Vulnerability
Document Title: =============== Evolution Script CMS v5.3 - Cross Site Scripting Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2075 Release Date: ============= 2017-06-06 Vulnerability Laboratory ID VL-ID:...
CIA's Pandemic Toolkit
WikiLeaks is still dumping CIA cyberweapons on the Internet. Its latest dump is something called "Pandemic": The Pandemic leak does not explain what the CIA's initial infection vector is, but does describe it as a persistent implant. "As the name suggests, a single computer on a local network wit...
Subsonic 6.1.1 - Cross-Site Request Forgery Cross-Site Scripting
Subsonic 6.1.1 - Cross-Site Request Forgery Cross-Site Scripting + Credits: John Page a.k.a hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/SUBSONIC-CSRF-PERSISTENT-XSS.txt + ISR: ApparitionSec Vendor: ================ www.subsonic.org Product:...
Subsonic 6.1.1 - Cross-Site Request Forgery / Cross-Site Scripting Vulnerabilities
Exploit for windows platform in category web applications + Credits: John Page a.k.a hyp3rlinx Vendor: ================ www.subsonic.org Product: =============== subsonic v6.1.1 Subsonic is a media streaming server. You install it on your own computer where you keep your music or video collection...
Subsonic 6.1.1 - Server-Side Request Forgery Vulnerability
Exploit for windows platform in category web applications + Credits: John Page a.k.a hyp3rlinx Vendor: ================ www.subsonic.org Product: =============== subsonic v6.1.1 Subsonic is a media streaming server. You install it on your own computer where you keep your music or video collection...
Subsonic 6.1.1 - Cross-Site Request Forgery / Cross-Site Scripting
Credits: John Page a.k.a hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/SUBSONIC-CSRF-PERSISTENT-XSS.txt + ISR: ApparitionSec Vendor: ================ www.subsonic.org Product: =============== subsonic v6.1.1 Subsonic is a media streaming...
Subsonic 6.1.1 Persistent XSS
Credits: John Page a.k.a hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/SUBSONIC-CSRF-PERSISTENT-XSS.txt + ISR: ApparitionSec Vendor: ================ www.subsonic.org Product: =============== subsonic v6.1.1 Subsonic is a media streaming...
Piwigo Plugin Facetag 0.0.3 - Cross-Site Scripting
Piwigo Plugin Facetag 0.0.3 - Cross-Site Scripting Exploit Title: Piwigo plugin Facetag , Persistent XSS Date: 31-05-2017 Extension Version: 0.0.3 Software Link: http://piwigo.org/basics/downloads Extension link : http://piwigo.org/ext/extensionview.php?eid=845 Exploit Author: Touhid M.Shaikh...
Piwigo Plugin Facetag 0.0.3 - Cross-Site Scripting
Exploit Title: Piwigo plugin Facetag , Persistent XSS Date: 31-05-2017 Extension Version: 0.0.3 Software Link: http://piwigo.org/basics/downloads Extension link : http://piwigo.org/ext/extensionview.php?eid=845 Exploit Author: Touhid M.Shaikh Contact: http://twitter.com/touhidshaikh22 Website:...
Design/Logic Flaw
An issue was discovered in Contiki Operating System 3.0. A Persistent XSS vulnerability is present in the MQTT/IBM Cloud Config page aka mqtt.html of cc26xx-web-demo. The cc26xx-web-demo features a webserver that runs on a constrained device. That particular page allows a user to remotely configu...
CVE-2017-7296
An issue was discovered in Contiki Operating System 3.0. A Persistent XSS vulnerability is present in the MQTT/IBM Cloud Config page aka mqtt.html of cc26xx-web-demo. The cc26xx-web-demo features a webserver that runs on a constrained device. That particular page allows a user to remotely configu...
CVE-2017-7296
An issue was discovered in Contiki Operating System 3.0. A Persistent XSS vulnerability is present in the MQTT/IBM Cloud Config page aka mqtt.html of cc26xx-web-demo. The cc26xx-web-demo features a webserver that runs on a constrained device. That particular page allows a user to remotely configu...
CVE-2017-7296
An issue was discovered in Contiki Operating System 3.0. A Persistent XSS vulnerability is present in the MQTT/IBM Cloud Config page aka mqtt.html of cc26xx-web-demo. The cc26xx-web-demo features a webserver that runs on a constrained device. That particular page allows a user to remotely configu...
Weblate: Improper Cookie expiration | Cookies Expiration Set to Future
Hi Team, I have found at many instances or places from signup till getting logged into application in domain "demo.weblate.org" that session maintaining cookies such as csrf token and session id's expiration dates are set to future date. As part of secure session management one should prohibit or...
Simple ASC CMS 1.2 Cross Site Scripting
Document Title: =============== Simple ASC CMS v1.2 - Guestbook Persistent Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2072 Release Date: ============= 2017-05-21 Vulnerability Laboratory ID VL-ID: ====================================...
Simple ASC CMS v1.2 - (Guestbook) Persistent Vulnerability
Document Title: =============== Simple ASC CMS v1.2 - Guestbook Persistent Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2072 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-15947 CVE-ID: ======= CVE-2017-15947 Release Date:...
Simple ASC CMS v1.2 - Guestbook Persistent Vulnerability
Document Title: =============== Simple ASC CMS v1.2 - Guestbook Persistent Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2072 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-15947 CVE-ID: ======= CVE-2017-15947 Release Date:...
WordPress EELV Newsletter 4.5 XSS / CSRF
Document Title: =============== Wordpress EELV Newsletter v4.5 - Multiple Vulnerabilities References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2069 Release Date: ============= 2017-05-15 Vulnerability Laboratory ID VL-ID: ====================================...
INFOR EAM 11.0 Build 201410 - Persistent Cross-Site Scripting via Comment Fields
Stored XSS in INFOR EAM V11.0 Build 201410 via comment fields ------------------- Assigned CVE: CVE-2017-7953 Reproduction steps: ------------------- 1. Log in with your EAM account 2. Go to the jobs page 3. Click on a record and open its page 4. Go to "Comments" tab 4. Click the add new comment...