Wordfence <= 7.1.12 - Username Enumeration Prevention Bypass

The Wordfence Security – Firewall & Malware Scan WordPress plugin was affected by an Username Enumeration Prevention Bypass security vulnerability. Wordfence blocks: http://www.example.com/?author=1 But allowed: http://www.example.com/?author=1...

CVE-2018-0105

A vulnerability in the web framework of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to view sensitive data. The vulnerability is due to insufficient protection of database tables. An attacker could exploit this vulnerability by browsing to a specific URL. ...

Zurmo Cross-Site Scripting Vulnerability

Zurmo is the United States Zurmo company's set of open source PHP-based customer relationship management system CRM. A cross-site scripting vulnerability exists in Zurmo version 3.2.1.57987acc3018. A remote attacker can exploit this vulnerability by sending a 'redirectUrl' parameter with a data:...

Horde_Image Denial of Service Vulnerability

HordeImage is an image editing package from Horde USA, which can provide color highlighting, image effect editing and other functions. A denial of service vulnerability exists in version 2.x of HordeImage prior to 2.5.0. An attacker can exploit this vulnerability to cause a denial of service with...

CVE-2016-7434

creationtimestamp| type| source ---|---|--- 2016-11-21 00:00:00+00:00| exploited| https://www.exploit-db.com/exploits/40806 2016-11-22 09:36:10+00:00| published-proof-of-concept| https://t.me/FullDisclosure/341...

IBM QRadar SIEM Web UI Cross-Site Scripting Vulnerability

IBM QRadar SIEM is an IBM USA solution that utilizes security intelligence to protect assets and information from advanced threats. The solution provides oversight of the entire scope of the IT architecture, generates detailed reports on data access and user activity, and more. A cross-site...

SoundTap 2.27 - Code Execution Vulnerability

Exploit for windows platform in category remote exploits Launch Url 3. Paste malicious url in input "Enter url Launch" 4. Click ok 5. PHP code executed successfully Code Execution Calculator By ZwX - Vulnerability Lab.com evalbase64decode'ZXZhbChiYXNlNjRfZGVjb2RlKCdaWFpoYkNoaVlYTmxOalJmWkdWamIy...

MGASA-2015-0232 Updated phpmyadmin packages fix security vulnerabilities

Updated phpmyadmin package fixes security vulnerabilities: In phpMyAdmin before 4.2.13.3, by deceiving a user to click on a crafted URL, it is possible to alter the configuration file being generated with phpMyAdmin setup CVE-2015-3902. In phpMyAdmin before 4.2.13.3, a vulnerability in the API ca...

Kolibri <= 2.0 - HTTP Server HEAD Buffer Overflow

No description provided by source. $Id: kolibrihttp.rb 10887 2011-08-03 12:19:19Z mrme $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...

NAI Net Tools PKI Server 1.0 Format String Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/1538/info Certain versions of Network Associates Inc.'s Net Tools PKI Public Key Infrastructure server ship with a vulnerability which allows remote attackers to execute arbitrary commands on the system which the PKI serv...

Cloudflare: Security issue with your "bag" script

This is an old issue that has been fixed, but in since I reported it before you started your Bug Bounty program I was advised to report it here again. These are the requests in your issue tracker: http://support.cloudflare.com/tickets/44767 original vulnerability report...

Simple, but Critical vulnerability in Verizon Portal revealed users' SMS History

A Security researcher discovered a critical privacy vulnerability on Verizon Wireless's Web-based customer portal that allows anyone to download user's SMS History and Numbers of other users he communicated with. Back in August, researcher 'Cody Collier' found that a simple URL exploit could allo...

CVE-2011-3201

GNOME Evolution before 3.2.3 allows user-assisted remote attackers to read arbitrary files via the attachment parameter to a mailto: URL, which attaches the file to the email...

Hotfm.com.my Cross Site Scripting

Exploit Title: Hotfm.com.my Cross Site Scripting Vulnerability Date: 08/11/2011 - 04:00am Author: Ryuzaki Lawlet Website: http://jusryuz.blogspot.com Tested On: WinXP Platform: ASP Email: [email protected] $ Vulnerable : http://site.com.my/path/galeri.asp?galleryType= $ Preview Sites:...

Office^2 iPhone - .XLS Denial of Service

Office^2 iPhone - .XLS Denial of Service I wrote a fuzzer "dumb fuzzer" and used a sample from http://www.ccp14.ac.uk/ccp/web-mirrors/bca-spreadsheets/scanplot101.xls which I randomly found on the internet. I mutated the data and tested roughly 1000 cases on several Document Reader Applications f...

PHP Scripts Now Hangman - index.php?letters Cross-Site Scripting

PHP Scripts Now Hangman - index.php?letters Cross-Site Scripting source: https://www.securityfocus.com/bid/43513/info TOPHangman is prone to an SQL-injection vulnerability and an HTML-injection vulnerability because it fails to sufficiently sanitize user-supplied input. An attacker may leverage...

TinyButStrong 3.4.0 File Disclosure

' -. ,'-. ,' ' .--.===.--. ' .%%. .. -'=' /%%/ \ |%%/ local | |%%| ||.,-. %%| file |/ %\ // ' %\ include // , -'-. ,-. %\ /' ' |/' -=--=' ' -=-=- .' ||/ |||/ o o -=-=-=-==-=-=-=-=-=-=-=+-oooO---------+-=-=-=-=-=-=- | | | | script:TinyButStrong version 3.4.0...

Text Lines Rearrange Script (filename) File Disclosure Vulnerability

No description provided by source. + Text Lines Rearrange Script download.php filename File Disclosure Vulnerability + Discovered By SirGod + Visit : www.h4cky0u.org + Greetz : All my friends + File Disclosure Vulnerability Vulnerable Code in download.php :...

Links Pile - link.php SQL Injection

Links Pile - link.php SQL Injection source: https://www.securityfocus.com/bid/29223/info Links Pile is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise...

TalkBack 2.2.7 - Multiple Remote File Inclusions

================================================================================================================================== TalkBack 2.2.7 Remote File Include Vulnerability Software : TalkBack version 2.2.7 Developer : http://www.scripts.oldguy.us/talkback Discovered by : NoGe Contact :...