LibreNMS vulnerable to Reflected Cross-Site Scripting (XSS) in endpoint `/maps/nodeimage` parameter `Image Name`

Summary A Reflected Cross-Site Scripting XSS vulnerability was identified in the LibreNMS application at the /maps/nodeimage endpoint. The Image Name parameter is reflected in the HTTP response without proper output encoding or sanitization, allowing an attacker to craft a URL that, when visited ...

Stored Cross-Site Scripting (XSS)

Description It is possible to upload HTML files containing JavaScript Payload to the FileStorage as a low-privilege user with the corresponding permissions. When opening the HTML file via an indirect link, the JavaScript Code is executed. Proof of Concept Steps to reproduce: 1. Login to the backe...

Semrush: Remote Code Execution on www.semrush.com/my_reports on Logo upload

The Logo upload in the report constructor at: https://www.semrush.com/myreports/constructor F340480 is passed through a not properly patched version of ImageMagick. You can use Postscript to get Ghostscript to run which in return allows to trigger arbitrary commands on the server, leading to Remo...

SQLBuddy 1.3.3 - Directory Traversal

SQLBuddy 1.3.3 - Directory Traversal Exploit Title: Path traversal vulnerability Google Dork: intitle:path traversal Date: 05-08-2015 Exploit Author: John Page hyp3rlinx Website: hyp3rlinx.altervista.org/ Vendor Homepage: http://www.sqlbuddy.com Software Link: http://www.sqlbuddy.com Version: 1.3...

Apache OFBiz - FULLADMIN Creator PoC Payload

No description provided by source. / Apache OFBiz FULLADMIN Creator PoC Payload. CVE: CVE-2010-0432 By: Lucas Apa lucas -at- bonsai-sec.com . Bonsai Information Security http://www.bonsai-sec.com/ / var username = 'bonsaiUser'; var password = 'bonsaiPass'; var nodes =...

IRCCloud: Host Header Injection - irccloud.com

Host Header Injection Attack - irccloud.com An attacker can manipulate the Host header as seen by the web application and cause the application to behave in unexpected ways. Very often multiple websites are hosted on the same IP address. This is where the Host Header comes in. This header specifi...

Several XSS flaws in the /rest/tinymce/1

I've found several XSS in the urls and parameters listed below. The criticality of the issues is moderated since only browsers that perform content sniffing would be affected e.g. IE7. This limitation comes from the response's Content Type header being set as text/plain. The classical payload...

Webby WebServer - Overflow (SEH) (PoC)

!/usr/bin/python POC details: SEH overwritten contact: [email protected] http://www.s3cur1ty.de App detail: http://www.shareware.de/webby-webserver/ Version 1.01 Autor Timo Gaik Lizenzart Freeware Plattformen Win XP, Win 98, Win ME Letztes Update 19.10.2004 Dateigroesse 701 KB import socket import sys...

Apache OFBiz - Admin Creator

/ Apache OFBiz FULLADMIN Creator PoC Payload. CVE: CVE-2010-0432 By: Lucas Apa lucas -at- bonsai-sec.com . Bonsai Information Security http://www.bonsai-sec.com/ / var username = 'bonsaiUser'; var password = 'bonsaiPass'; var nodes = document.getElementsByClassName'fieldWidth300'; for var i=0;...