GHSA-37Q6-576Q-VGR7 Missing Origin Validation in parcel-bundler

Versions of parcel-bundler before 1.10.0 are missing origin validation on the websocket server. This vulnerability allows a remote attacker to steal a developer's source code because the origin of requests to the websocket server that is used for Hot Module Replacement HMR are not validated...

Missing Origin Validation in parcel-bundler

Versions of parcel-bundler before 1.10.0 are missing origin validation on the websocket server. This vulnerability allows a remote attacker to steal a developer's source code because the origin of requests to the websocket server that is used for Hot Module Replacement HMR are not validated...

CVE-2018-18736

An XSS issue was discovered in catfish blog 2.0.33, related to "write source code."...

CVE-2018-18736

An XSS issue was discovered in catfish blog 2.0.33, related to "write source code."...

CVE-2018-18733

An XSS issue was discovered in Catfish CMS 4.8.30, related to "write source code," a similar issue to CVE-2018-13999...

CVE-2018-18733

An XSS issue was discovered in Catfish CMS 4.8.30, related to "write source code," a similar issue to CVE-2018-13999...

Cross site scripting

An XSS issue was discovered in catfish blog 2.0.33, related to "write source code."...

Cross site scripting

An XSS issue was discovered in Catfish CMS 4.8.30, related to "write source code," a similar issue to CVE-2018-13999...

Library Management System 1.0 - frmListBooks SQL Injection

Library Management System 1.0 - frmListBooks SQL Injection Exploit Title: Library Management System 1.0 - 'frmListBooks' SQL Injection Dork: N/A Date: 2018-10-29 Exploit Author: Ihsan Sencan Vendor Homepage: https://www.sourcecodester.com/users/janobe Software Link:...

Card Payment 1.0 - Cross-Site Request Forgery (Update Admin)

Card Payment 1.0 - Cross-Site Request Forgery Update Admin Exploit Title: Card Payment 1.0 - Cross-Site Request Forgery Update Admin Dork: N/A Date: 2018-10-29 Exploit Author: Ihsan Sencan Vendor Homepage: https://www.sourcecodester.com/users/janobe Software Link:...

Curriculum Evaluation System 1.0 - SQL Injection

Curriculum Evaluation System 1.0 - SQL Injection Exploit Title: Curriculum Evaluation System 1.0 - SQL Injection Dork: N/A Date: 2018-10-29 Exploit Author: Ihsan Sencan Vendor Homepage: https://www.sourcecodester.com/users/janobe Software Link:...

Aplaya Beach Resort Online Reservation System 1.0 CSRF / SQL Injection

Exploit Title: Aplaya Beach Resort Online Reservation System 1.0 - Multiple Vulnerabilities Dork: N/A Date: 2018-10-29 Exploit Author: Ihsan Sencan Vendor Homepage: https://www.sourcecodester.com/users/janobe Software Link:...

PayPal-Credit Card-Debit Card Payment 1.0 - SQL Injection

PayPal-Credit Card-Debit Card Payment 1.0 - SQL Injection Exploit Title: PayPal/Credit Card/Debit Card Payment 1.0 - SQL Injection Dork: N/A Date: 2018-10-29 Exploit Author: Ihsan Sencan Vendor Homepage: https://www.sourcecodester.com/users/janobe Software Link:...

Point of Sales (POS) in VB.Net MySQL Database 1.0 - SQL Injection

Exploit Title: Point of Sales POS in VB.Net MySQL Database 1.0 - SQL Injection Dork: N/A Date: 2018-10-29 Exploit Author: Ihsan Sencan Vendor Homepage: https://www.sourcecodester.com/users/janobe Software Link: https://www.sourcecodester.com/sites/default/files/download/janobe/poinofsales0.zip...

School Event Management System 1.0 - SQL Injection

School Event Management System 1.0 - SQL Injection Exploit Title: School Event Management System 1.0 - SQL Injection Dork: N/A Date: 2018-10-29 Exploit Author: Ihsan Sencan Vendor Homepage: https://www.sourcecodester.com/users/janobe Software Link:...

CVE-2018-18736

CVE-2018-18736 corresponds to an XSS vulnerability in catfish blog 2.0.33 (described as related to “write source code”). Affected component: catfish blog (version 2.0.33). Root cause details are not fully specified in the provided documents beyond the XSS note. Potential impact is cross-site scri...

CVE-2018-18736

An XSS issue was discovered in catfish blog 2.0.33, related to "write source code."...

Information Disclosure

Apache Spark is vulnerable to information disclosure. The convenience script build/mvn runs a zinc server which will accept connections from external hosts by default. This vulnerability affects developers when building Spark from source code. A specially crafted request to the zinc server will...

Eaton UPS 9PX 8000 SP Password Disclosure Vulnerability

The Eaton UPS 9PX 8000 SP is a power management device from Eaton USA. The Eaton UPS 9PX 8000 SP suffers from a password disclosure vulnerability that originates from a web page displayed by the device containing a clear-text password, which can be exploited to retrieve a user's password by...

CVE-2018-9279

An issue was discovered on Eaton UPS 9PX 8000 SP devices. The appliance discloses the user's password. The web page displayed by the appliance contains the password in cleartext. Passwords could be retrieved by browsing the source code of the webpage...