30 matches found
Clip Share 4.1.4 Cross Site Scripting
==================================================================================================================================== | Title : Clip Share 4.1.4 XSS Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 66.0.264-bit | | Vendor :...
CVE-2022-27546
HCL iNotes is susceptible to a Reflected Cross-site Scripting XSS vulnerability caused by improper validation of user-supplied input supplied with a form POST request. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's web browser with...
CVE-2018-0390
A vulnerability in the web framework of Cisco Webex could allow an unauthenticated, remote attacker to conduct a Document Object Model-based DOM-based cross-site scripting XSS attack against the user of the web interface of an affected system. The vulnerability is due to insufficient input...
AllMyGuests 0.4.1 XSS / SQL Injection / Insecure Cookie Handling
AllMyGuests0.4.1 Multi Vulnerability ==================================== Author : indoushka Vondor : http://www.php-resource.net/ Dork: powered by AllMyGuests © 2003, voice of web ========================== php info : http://localhost/AllMyGuests0.4.1/tools/phpinfo.php Cross site scripting also...
VM Turbo Operations Manager 4.5x - Directory Traversal
Product: VM Turbo Operations Manager Vendor: VM Turbo Vulnerable Versions: 4.5.x earlier Tested Version: 4.0 Advisory Publication: April 11, 2014 Vendor Notification: April 11, 2014 Public Disclosure: May 8, 2014 Vulnerability Type: Directory Traversal Discovered and Provided: Jamal Pecou Securit...
GeoCore MAX DB Ver. 7.3.3 - Blind SQL Injection
GeoCore MAX DB Ver. 7.3.3 - Blind SQL Injection Exploit Title: GeoCore MAX DB Ver. 7.3.3 - Time-Based Blind Injection Official site: http://geodesicsolutions.com Risk Level: High Vendor : http://geodesicsolutions.com Exploit Author: Esac Homepage author : www.iss4m.ma Last Checked: 25/04/2014...
No-CMS 0.6.6 Cross Site Scripting
Exploit Title: No-CMS 0.6.6 Cross site scripting Date: 2014 18 March Author: Dr.3v1l Vendor Homepage: http://getnocms.com Version : 0.6.6 Tested on: Windows Category: webapps Google Dork: intext:"Powered by No-CMS" + Exploit : http:///No-CMS-master/No-CMS-master/index.php/installer/install URL...
Chat2 Cross Site Scripting / SQL Injection
Exploit Title: Chat2 Blind SQL Injection Chat2 Cross site scripting Date: 2014 18 March Author: Dr.3v1l Tested on: Windows Category: webapps Google Dork: inurl:"/chatrooms.php" + Exploit SQL: http:///Chat2/jumpin.php URL encoded POST input userid was set to :...
CVE-2007-0970
Multiple SQL injection vulnerabilities in WebTester 5.0.20060927 and earlier allow remote attackers to execute arbitrary SQL commands via the testID parameter to directions.php, and unspecified parameters to other files that accept GET or POST input...
PT-2006-2100 · Daverave · Daverave Simplog
Name of the Vulnerable Software and Affected Versions: Daverave Simplog versions 1.0.2 and earlier Description: A cross-site scripting XSS issue allows remote attackers to inject arbitrary web script or HTML via a blog post. This could potentially lead to unauthorized actions on the affected...