419 matches found
FS Foodpanda Clone 1.0 SQL Injection
...
Cross site scripting
In Bludit v1.5.2 and v2.0.1, an XSS vulnerability is located in the new page, new category, and edit post function body message context. Remote attackers are able to bypass the basic editor validation to trigger cross site scripting. The XSS is persistent and the request method to inject via edit...
CVE-2017-16635
In TinyWebGallery v2.4, an XSS vulnerability is located in the mkname, mkitem, and item parameters of the Add/Create module. Remote attackers with low-privilege user accounts for backend access are able to inject malicious script codes into the TWG Explorer item listing. The request method to...
CVE-2017-16636
In Bludit v1.5.2 and v2.0.1, an XSS vulnerability is located in the new page, new category, and edit post function body message context. Remote attackers are able to bypass the basic editor validation to trigger cross site scripting. The XSS is persistent and the request method to inject via edit...
International Islamic University Chittagong: Reflected XSS
Summary: add summary of the vulnerability Description: search mechanism uses POST method to request for search . So if we change it to get normally the XSS dosen't popup . But if we break it with " this we can get XSS . Platforms Affected: https://ieeeiiucsb.org/search/" Steps To Reproduce: Visit...
Lansweeper 6.0.0.63 Cross Site Scripting
============================================= - Release date: October 05th, 2017 - Discovered by: Giovanni Cerrato, Giovanni Guido and BackBox team - Severity: Medium ============================================= I. VULNERABILITY ------------------------- Lansweeper XSS vulnerability. II...
CVE-2017-11611
Wolf CMS 0.8.3.1 allows Cross-Site Scripting XSS attacks. The vulnerability exists due to insufficient sanitization of the file name in a "create-file-popup" action, and the directory name in a "create-directory-popup" action, in the HTTP POST method to the "/plugin/filemanager/" script aka an...
SSRF vulnerability in Bycms user-post method
Bycms Beyoncms is a content management system based on thinkphp 5.0.9. An SSRF vulnerability exists in the Bycms user-post method. An attacker can exploit the vulnerability to detect the database version number and open port service information...
WordPress Plugin WatuPRO 5.5.1 - SQL Injection
Exploit Title: SQL Injection In WatuPRO WordPress Plugin to Create Exams, Tests and Quizzes Exploit Author: Manich Koomsusi Date: 03-07-2017 Software: WatuPRO Version: 5.5.1 Website: http://calendarscripts.info/watupro/ Tested on: WordPress 4.7.5 Software Link:...
Quora: Possibility of DOS Through logging System
The Quora is using HTTP post method to send logs to the Quora Server and save the logs on the server Which is not Validating the size of the log data and directly storing a large amount of data on the server. i mean when the logs are sended to the server a bad guy can use the same HTTP POST metho...
Easy File Sharing Web Server 'POST' Buffer Overflow Vulnerability
Easy File Sharing Web Server is a file sharing WEB service program. A buffer overflow vulnerability exists in Easy File Sharing Web Server 'POST'. This could be exploited by an attacker to cause the application to crash or execute arbitrary code...
Weblate: Logout CSRF
Hi Team, This is a low risk but want you to know that logout on this domain demo.weblate.org did not protect the logout form with csrf token, therefor i can logout any user by sending this url https://demo.webplate.org/accounts/logout/. Logout should have post method with a valid csrf token. Let ...
CVE-2017-7628
The "Smart related articles" extension 1.1 for Joomla! has SQL injection in dialog.php attacker must use searchcats variable in POST method to exploit this vulnerability...
Sql injection
The "Smart related articles" extension 1.1 for Joomla! has SQL injection in dialog.php attacker must use searchcats variable in POST method to exploit this vulnerability...
Telekom Cloud SSO - Multiple Persistent XSS Vulnerabilities
Document Title: =============== Telekom Cloud SSO - Multiple Persistent XSS Vulnerabilities References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2021 Incident ID: 20161205FKr02 Vulnerability Magazine:...
Tenda, Dlink & Tplink TD-W8961ND - DHCP XSS Vulnerability
Document Title: =============== Tenda, Dlink & Tplink TD-W8961ND - DHCP XSS Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=1990 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-20372...
Adobe Marketing Cloud - Bypass & Persistent Vulnerability
Document Title: =============== Adobe Marketing Cloud - Bypass & Persistent Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=1939 Release Date: ============= 2016-11-14 Vulnerability Laboratory ID VL-ID: ====================================...
Schoolhos CMS v2.29 - Data Siswa SQL injection Vulnerability
Document Title: =============== Schoolhos CMS v2.29 - Data Siswa SQL injection Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1931 Release Date: ============= 2016-11-07 Vulnerability Laboratory ID VL-ID: ==================================...
Schoolhos CMS 2.29 - (kelas) Parameter SQL Injection Vulneraility
Exploit for php platform in category web applications Document Title: =============== Schoolhos CMS v2.29 - kelas Data Siswa SQL Injection Vulnerability Product & Service Introduction: =============================== Schoolhos CMS is alternative to developing School Website. It's Free and Open...
Schoolhos CMS 2.29 - 'kelas' SQL Injection
Document Title: =============== Schoolhos CMS v2.29 - kelas Data Siswa SQL Injection Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1931 Release Date: ============= 2016-11-07 Vulnerability Laboratory ID VL-ID:...