Lucene search
K

575 matches found

Packet Storm
Packet Storm
added 2021/05/27 12:0 a.m.220 views

Pandora FMS 6.0SP3 Cross Site Scripting

Exploit Title: XSS vulnerability for keywords searching parameter in pandorafms-6.0SP3/pandoraconsole Author: @nu11secur1ty Testing and Debugging: @nu11secur1ty Date: 05.27.2021 Vendor: https://pandorafms.com/ Link: https://github.com/pandorafms/pandorafms/releases CVE: 2021-0527-nu11secur1ty...

0.1AI score0.00116EPSS
Exploits2
0day.today
0day.today
added 2021/05/21 12:0 a.m.18 views

Spotweb 1.4.9 - DOM Based Cross-Site Scripting Vulnerability

Exploit Title: Spotweb 1.4.9 - DOM Based Cross-Site Scripting XSS Exploit Author: @nu11secur1ty Software Link: https://github.com/spotweb/spotweb Proof: https://streamable.com/hix5o1 + Exploit Source: !/usr/bin/python3 Author: @nu11secur1ty from selenium import webdriver import time import os, sy...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/05/21 12:0 a.m.188 views

Spotweb 1.4.9 - DOM Based Cross-Site Scripting (XSS)

Exploit Title: Spotweb 1.4.9 - DOM Based Cross-Site Scripting XSS Exploit Author: @nu11secur1ty Date: 05.20.2021 Software Link: https://github.com/spotweb/spotweb Proof: https://streamable.com/hix5o1 + Exploit Source: !/usr/bin/python3 Author: @nu11secur1ty from selenium import webdriver import...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/05/03 12:0 a.m.211 views

Piwigo 11.3.0 - 'language' SQL

Exploit Title: Piwigo 11.3.0 - 'language' SQL Author: @nu11secur1ty Testing and Debugging: nu11secur1ty Date: 04.30.2021 Vendor: https://piwigo.org/ Link: https://github.com/Piwigo/Piwigo/releases/tag/11.3.0 CVE: CVE-2021-27973 + Exploit Source: !/usr/bin/python3 Author: @nu11secur1ty Debug:...

7.2CVSS7AI score0.11046EPSS
Exploits4
Packet Storm
Packet Storm
added 2021/04/30 12:0 a.m.200 views

Piwigo 11.3.0 SQL Injection

Exploit Title: SQL injection in language parameter to admin.php?page=languages.on Piwigo 11.3.0 Author: @nu11secur1ty Testing and Debugging: nu11secur1ty Date: 04.30.2021 Vendor: https://piwigo.org/ Link: https://github.com/Piwigo/Piwigo/releases/tag/11.3.0 CVE: CVE-2021-27973 + Exploit Source:...

6.5CVSS0.1AI score0.11046EPSS
Exploits4
0day.today
0day.today
added 2021/04/30 12:0 a.m.55 views

Piwigo 11.3.0 SQL Injection Exploit

Exploit Title: SQL injection in language parameter to admin.php?page=languages.on Piwigo 11.3.0 Testing and Debugging: nu11secur1ty Vendor: https://piwigo.org/ Link: https://github.com/Piwigo/Piwigo/releases/tag/11.3.0 CVE: CVE-2021-27973 + Exploit Source: !/usr/bin/python3 Author: @nu11secur1ty...

7.2CVSS0.5AI score0.11046EPSS
Exploits4
0day.today
0day.today
added 2021/04/26 12:0 a.m.54 views

SEO Panel 4.8.0 - (order_col) Blind SQL Injection Exploit (2)

Exploit Title: SEO Panel 4.8.0 - 'ordercol' Blind SQL Injection 2 Author: nu11secur1ty Testing and Debugging: nu11secur1ty Vendor: https://www.seopanel.org/ Link: https://www.seopanel.org/spdownload/4.8.0 CVE: CVE-2021-28419 + Exploit Source: !/usr/bin/python3 Author: @nu11secur1ty CVE-2021-28419...

7.2CVSS0.4AI score0.10672EPSS
Exploits4
Packet Storm
Packet Storm
added 2021/04/26 12:0 a.m.264 views

SEO Panel 4.8.0 SQL Injection

Exploit Title: blind SQL injection on archive.php of SEO Panel 4.8.0 Author: nu11secur1ty Testing and Debugging: nu11secur1ty Date: 04.25.2021 Vendor: https://www.seopanel.org/ Link: https://www.seopanel.org/spdownload/4.8.0 CVE: CVE-2021-28419 + Exploit Source: !/usr/bin/python3 Author:...

6.5CVSS0.3AI score0.10672EPSS
Exploits4
0day.today
0day.today
added 2021/04/23 12:0 a.m.52 views

DzzOffice 2.02.1 - (Multiple) Cross-Site Scripting Exploit

Exploit Title: DzzOffice 2.02.1 - 'Multiple' Cross-Site Scripting XSS Author: @nu11secur1ty Testing and Debugging: @nu11secur1ty, g3ck0dr1v3r Vendor: http://www.dzzoffice.com/ Link: https://github.com/zyx0814/dzzoffice CVE: CVE-2021-3318 + Exploit Source: !/usr/bin/python3 Author: @nu11secur1ty...

6.1CVSS6.4AI score0.02848EPSS
Exploits4
Packet Storm
Packet Storm
added 2021/04/23 12:0 a.m.295 views

DzzOffice 2.02.1 Cross Site Scripting

Exploit Title: XSS attack app/setting in DzzOffice-2.02.1 Author: @nu11secur1ty Testing and Debugging: @nu11secur1ty, g3ck0dr1v3r Date: 04.23.2021 Vendor: http://www.dzzoffice.com/ Link: https://github.com/zyx0814/dzzoffice CVE: CVE-2021-3318 + Exploit Source: !/usr/bin/python3 Author:...

4.3CVSS6.4AI score0.02848EPSS
Exploits4
Exploit DB
Exploit DB
added 2021/04/23 12:0 a.m.325 views

DzzOffice 2.02.1 - 'Multiple' Cross-Site Scripting (XSS)

Exploit Title: DzzOffice 2.02.1 - 'Multiple' Cross-Site Scripting XSS Author: @nu11secur1ty Testing and Debugging: @nu11secur1ty, g3ck0dr1v3r Date: 04/23/2021 Vendor: http://www.dzzoffice.com/ Link: https://github.com/zyx0814/dzzoffice CVE: CVE-2021-3318 + Exploit Source: !/usr/bin/python3 Author...

6.1CVSS6.3AI score0.02848EPSS
Exploits4
Packet Storm
Packet Storm
added 2021/04/21 12:0 a.m.251 views

RemoteClinic 2 Cross Site Scripting

Exploit Title: Cross Site Scripting XSS RemoteClinic on register.php Author: nu11secur1ty Debug: g3ck0dr1v3r Date: 04.21.2021 Vendor: RemoteClinic Link: https://github.com/remoteclinic/RemoteClinic CVE: CVE-2021-30044 + Exploit Source:...

3.5CVSS5.6AI score0.01773EPSS
Exploits4
Packet Storm
Packet Storm
added 2021/04/15 12:0 a.m.279 views

htmly 2.8.0 Cross Site Scripting

Exploit Title: htmly 2.8.0 allows stored XSS Authors: @nu11secur1ty & G.Dzhankushev Date: 04.15.2021 Vendor: htmly Link: https://github.com/danpros/htmly CVE: CVE-2021-30637 + Exploit Source: https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2021-26929 Exploit Program Code !/usr/bin/python3...

4.3CVSS5.8AI score0.04944EPSS
Exploits9
0day.today
0day.today
added 2021/04/15 12:0 a.m.62 views

htmly 2.8.0 Cross Site Scripting Exploit

Exploit Title: htmly 2.8.0 allows stored XSS Authors: @nu11secur1ty & G.Dzhankushev Date: 04.15.2021 Vendor: htmly Link: https://github.com/danpros/htmly CVE: CVE-2021-30637 Software Link: https://github.com/danpros/htmly Video: https://www.youtube.com/watch?v=xKRQZYqVlS4 Steps to Reproduce:...

6.1CVSS5.8AI score0.04944EPSS
Exploits9
Exploit DB
Exploit DB
added 2021/04/15 12:0 a.m.264 views

htmly 2.8.0 - 'description' Stored Cross-Site Scripting (XSS)

Exploit Title: htmly 2.8.0 - 'description' Stored Cross-Site Scripting XSS Authors: @nu11secur1ty & G.Dzhankushev Date: 04.15.2021 Vendor Homepage: https://www.htmly.com/ Software Link: https://github.com/danpros/htmly CVE: CVE-2021-30637 !/usr/bin/python3 from selenium import webdriver from...

5.4CVSS5.7AI score0.01898EPSS
Exploits4
Hacker One
Hacker One
added 2020/12/31 9:57 p.m.111 views

h1-ctf: H1 Hackyholidays CTF - The Grinch was defeated

The following writeup will underline all the steps and tools used to solve the 12 challenges of the H1 Holidays CTF. The theme of the competition was the Grinch. How it is possible to read from the competition blog post https://www.hackerone.com/blog/12-days-hacky-holidays-ctf , the goal was to...

8.2AI score
Exploits0
Hacker One
Hacker One
added 2020/11/25 3:24 p.m.15 views

GitLab: Remote hacker can download all the files of master branch in public projects where everything is members only.

Summary Hi team, I found this weird behavior which I thought I should report, a malicious hacker can remotely download files of any branch in a public project where all permissions are ==member-only==, Gitlab uses a link to download files of a branch, normally ==an unauthenticated user will not b...

7AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2020/10/22 1:16 p.m.23 views

What’s New in InsightAppSec and tCell: Q3 2020 in Review

Here at Rapid7, we’ve been quite busy continuously improving, expanding functionality, and testing new features for feedback with our customers across our application security portfolio. This includes InsightAppSec, our leading DAST solution, tCell by Rapid7, our next-gen cloud WAF and RASP...

7.5AI score
Exploits0
Kitploit
Kitploit
added 2020/10/07 11:30 a.m.111 views

GHunt - Investigate Google Accounts With Emai

GHunt is an OSINT tool to extract a lot of informations of someone's Google Account email. It can currently extract : Owner's name Last time the profile was edited Google ID If the account is an Hangouts Bot Activated Google services Youtube, Photos, Maps, News360, Hangouts, etc. Possible Youtube...

6.7AI score
Exploits0References1
Huntr
Huntr
added 2020/09/17 12:0 a.m.22 views

in seleniumhq/selenium

Description Selenium is an umbrella project encapsulating a variety of tools and libraries enabling web browser automation. Selenium specifically provides infrastructure for the W3C WebDriver specification — a platform and language-neutral coding interface compatible with all major web browsers...

2.3AI score
Exploits0
Rows per page
Query Builder