Smoothwall Express 3.1-SP4 - Cross-Site Scripting

Exploit Title: Smoothwall Express 3.1-SP4-polar-x8664-update9 | Cross-Site Scripting Date: 06.02.2019 Exploit Author: Ozer Goker Vendor Homepage: http://www.smoothwall.org Software Link: https://sourceforge.net/projects/smoothwall/files/SmoothWall/3.1%20SP4/Express-3.1-SP4-x8664.iso/download...

IPFire 2.21 - Cross-Site Scripting

IPFire 2.21 - Cross-Site Scripting Exploit Title: IPFire 2.21 - Core Update 127 | Cross-Site Scripting Date: 08.02.2019 Exploit Author: Ozer Goker Vendor Homepage: https://www.ipfire.org Software Link: https://downloads.ipfire.org/releases/ipfire-2.x/2.21-core127/ipfire-2.21.x8664-full-core127.is...

Nessus 8.2.1 - Cross-Site Scripting

Exploit Title: Nessus 8.2.1 | Stored Cross-Site Scripting Date: 29.01.2019 Exploit Author: Ozer Goker Vendor Homepage: https://www.tenable.com Software Link: https://www.tenable.com/downloads/nessus Version: 8.2.1 Introduction Nessus is 1 For Vulnerability Assessment From the beginning, we've...

Nessus 8.2.1 Cross Site Scripting

Exploit Title: Nessus 8.2.1 | Stored Cross-Site Scripting Date: 29.01.2019 Exploit Author: Ozer Goker Vendor Homepage: https://www.tenable.com Software Link: https://www.tenable.com/downloads/nessus Version: 8.2.1 Introduction Nessus is 1 For Vulnerability Assessment From the beginning, we've...

CMSsite 1.0 SQL Injection

Exploit Title: CMSsite 1.0 - 'search' SQL injection Exploit Author : Majid kalantari [email protected] Date: 2019-01-27 Vendor Homepage : https://github.com/VictorAlagwu/CMSsite Software link: https://github.com/VictorAlagwu/CMSsite/archive/master.zip Version: 1.0 Tested on: Windows 10 CVE: N/A...

Fortify Software Security Center (SSC) 17.1017.2018.10 - Information Disclosure (2)

Fortify Software Security Center SSC 17.1017.2018.10 - Information Disclosure 2 Details ================ Software: Fortify SSC Software Security Center Version: 17.10, 17.20 & 18.10 Homepage: https://www.microfocus.com Advisory report: https://github.com/alt3kx/CVE-2018-7691 CVE: CVE-2018-7691...

Fortify SSC 17.10 / 17.20 / 18.10 User Detail Insecure Direct Object Reference

Details ================ Software: Fortify SSC Software Security Center Version: 17.10, 17.20 & 18.10 Homepage: https://www.microfocus.com Advisory report: https://github.com/alt3kx/CVE-2018-7691 CVE: CVE-2018-7691 CVSS: 6.5 Medium; AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CWE-639 Description...

MiniShare 1.4.1 HEAD / POST Buffer Overflow

Hi!!! playing in 2006.... I have adapted the exploit to python Not only the GET method is vulnerable to BOF CVE-2004-2271. HEAD and POST methods are also vulnerable. The difference is minimal, both are exploited in the same way. Only 1 byte difference: GET = 3, HEAD and POST = 4 length...

2-Plan Team 1.0.4 - Arbitrary File Upload

2-Plan Team 1.0.4 - Arbitrary File Upload Exploit Title: 2-Plan Team 1.0.4 - Arbitrary File Upload Dork: N/A Date: 2018-11-15 Exploit Author: Ihsan Sencan Vendor Homepage: http://2-plan.com/ Software Link: https://datapacket.dl.sourceforge.net/project/to-plan-team/1.1.0/2-plan-team.tgz Version:...

Aron - A GO Script For Finding Hidden GET & POST Parameters

Aron is a simple GO script for finding hidden GET & POST parameters with bruteforce. Installation $ git clone https://github.com/m4ll0k/Aron.git aron $ cd aron $ go get github.com/m4ll0k/printer now check if $GOPATH is set $ go env | grep -i gopath if $GOPATH not set, try with: $ export...

Barracuda Cloud ESS 2.x - Multiple Cross Site Vulnerabilities

Document Title: =============== Barracuda Cloud ESS 2.x - Multiple Cross Site Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=742 Barracuda Networks Security ID: BNSEC-671 Release Date: ============= 2018-07-23 Vulnerability Laboratory ID...

Cross site scripting

A vulnerability in the web framework of Cisco Webex could allow an unauthenticated, remote attacker to conduct a Document Object Model-based DOM-based cross-site scripting XSS attack against the user of the web interface of an affected system. The vulnerability is due to insufficient input...

Cross site scripting

An XSS issue was discovered in Advanced Electron Forum AEF v1.0.9. A persistent XSS vulnerability is located in the FTP Link element of the Private Message module. The editor of the private message module allows inserting links without sanitizing the content. This allows remote attackers to injec...

CVE-2018-13002

An XSS issue was discovered in Inhaltsprojekte in Weblication CMS Core & Grid v12.6.24. The vulnerability is located in the wFilemanager.php and index.php files of the /grid5/scripts/ modules. The injection point is located in the Project Title and the execution point occurs in the Inhaltsprojekt...

CVE-2018-0356

A vulnerability in the web framework of Cisco WebEx could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against the user of the web interface of an affected system. The vulnerability is due to insufficient input validation of certain parameters that are...

Command injection

The '/common/ajaxemailconnectiontest.php' script in the Quest KACE System Management Appliance 8.0.318 is accessible by any authenticated user and can be abused to execute arbitrary commands on the system. This script is vulnerable to command injection via the unsanitized user input 'TESTSERVER'...

GSA Bounty: Multiple Bugs in api.data.gov/signup endpoint leads to send custom messages to Anyone

Hey there, while signing for new api key, i have found two bugs that is unusual and make anyone to send crafted or customised email to someone. Bug 1: - low 1. Go to https://api.data.gov/signup/ 2. Enter first and last name , then enter email id and get api key. Bug: You can use the same email id...

ASP.NET jVideo Kit - 'query' SQL Injection

Exploit Title: ASP.NET jVideo Kit - 'query' SQL Injection Dork: N/A Date: 23.05.2018 Exploit Author: Özkan Mustafa Akkuş AkkuS Vendor: MediaSoft Pro Vendor Homepage: https://www.mediasoftpro.com/video-sharing-script/mvc/ Version: v1.0 Category: Webapps Tested on: Kali linux Description : The...

KeystoneJS 4.0.0-beta.7 - Cross-Site Request Forgery

KeystoneJS 4.0.0-beta.7 - Cross-Site Request Forgery Exploit Title: Application wide CSRF Bypass Date: Sep, 2017 Exploit Author: Saurabh Banawar Vendor Homepage: http://keystonejs.com/ Software Link: https://github.com/keystonejs/keystone Version: 4.0.0 Tested on: Windows 8.1 CVE : 2017-16570 Lin...

CentOS Web Panel v0.9.8.12 - SQL Injection Vulnerabilities

Document Title: =============== CentOS Web Panel v0.9.8.12 - SQL Injection Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1833 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5960 CVE-ID: ======= CVE-2018-5960 Release Date:...