186 matches found
Pythem - Penetration Testing Framework
pythem is a multi-purpose pentest framework written in Python. It has been developed to be used by security researchers and security professionals. The tool intended to be used only for acts within the law. I am not liable for any undue and unlawful act practiced by this tool, for more informatio...
U.S. Dept Of Defense: Insecure Direct Object Reference on in-scope .mil website
Summary: A web form in a .mil website doesn't implement restriction against multiple failed attempts to place an ID in order to obtain users information or cancel an ongoing process. Description: Websites https://█████████/appointment/lookup.aspx?a=f and...
PHPCMS V9 Full Version Has Reflective XSS Vulnerability
PHPCMS is a web content management system based on PHP and Mysql architecture. PHPCMS V9 full version of the existence of reflective XSS vulnerability, an attacker can use this vulnerability to web form to insert XSS execution code, pop-up box operation, access to user cookies and other sensitive...
CVE-2016-8721
An exploitable OS Command Injection vulnerability exists in the web application 'ping' functionality of Moxa AWK-3131A Wireless Access Points running firmware 1.1. Specially crafted web form input can cause an OS Command Injection resulting in complete compromise of the vulnerable device. An...
Reflected Cross-Site Scripting Vulnerability in 'keyword' Parameter of Qibo Classifieds Information System
Zibo classification information system is an open source content management system. Qibo Classifieds Information System 'keyword' parameter has a reflective cross-site scripting vulnerability that allows an attacker to insert XSS execution code into a web form, which poses a security risk of...
GoAutoDial CE 3.3 - Multiple Vulnerabilities
Exploit for php platform in category web applications Title : GoAutoDial CE 3.3 Multiple SQL injections, Command Injection Date : 06/12/2015 Author : R-73eN Tested on : goautodial-32bit-ce-3.3-final Software : http://goautodial.org/ | | / | / | / \ | | | || ' | | / | | / \ ' \ / \ | | | || | | |...
GoAutoDial CE 3.3 SQL Injection / Command Injection
Title : GoAutoDial CE 3.3 Multiple SQL injections, Command Injection Date : 06/12/2015 Author : R-73eN Tested on : goautodial-32bit-ce-3.3-final Software : http://goautodial.org/ | | / | / | / \ | | | || ' | | / | | / \ ' \ / \ | | | || | | | | | || | / | | | / | | ||| ||| / ||| || // \|...
Drupal amoCRM module cross-site scripting vulnerability
Drupal is a free, open source content management system developed in PHP. amoCRM module for Drupal is a sales management Web service for Drupal. A cross-site scripting vulnerability in Drupal amoCRM module 7.x-1.2 before 7.x-1.x allows remote attackers to inject arbitrary web script or HTML via...
Medusa - Speedy, Parallel and Modular Login Brute-Forcer
Medusa is intended to be a speedy, massively parallel, modular, login brute-forcer. The goal is to support as many services which allow remote authentication as possible. The author considers following items as some of the key features of this application: Thread-based parallel testing. Brute-for...
Debian DLA-113-1 : bsd-mailx security update
It was discovered that bsd-mailx, an implementation of the 'mail' command, had an undocumented feature which treats syntactically valid email addresses as shell commands to execute. Users who need this feature can re-enable it using the 'expandaddr' in an appropriate mailrc file. This update also...
Mambo 4.6.5 Cross Site Request Forgery / SQL Injection
Affected software: Mambo Type of vulnerability: csrf to sql injection URL: http://source.mambo-foundation.org/ Discovered by: Provensec Website: http://www.provensec.com version 4.6.5 Proof of concept no csrf token were used on sql query form so attacker can leverage csrf to execute sql query on...
Cisco Unified Web Interaction Manager Cross-Site Scripting Vulnerability
Cisco Unified Web and E-mail Interaction Manager are both products in Cisco's Customer Collaboration Contact Center.Web Interaction Manager is a product that helps call center agents answer customer questions using websites and text chat or real-time Web collaboration; E-mail Interaction Manager ...
Debian DSA-3104-1 : bsd-mailx - security update
It was discovered that bsd-mailx, an implementation of the 'mail' command, had an undocumented feature which treats syntactically valid email addresses as shell commands to execute. Users who need this feature can re-enable it using the 'expandaddr' in an appropriate mailrc file. This update also...
Debian DSA-3105-1 : heirloom-mailx - security update
Two security vulnerabilities were discovered in Heirloom mailx, an implementation of the 'mail' command : - CVE-2004-2771 mailx interprets shell meta-characters in certain email addresses. - CVE-2014-7844 An unexpected feature of mailx treats syntactically valid email addresses as shell commands ...
Business Objects Crystal Reports 9/10 Web Form Viewer Directory Traversal Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/10260/info Crystal Reports and Crystal Enterprise Web Form Viewer is prone to a directory traversal vulnerability. This issue can allow an attacker to retrieve and delete files, allowing for information disclosure and...
Zoom VoIP Phone Adapater ATA1+1 1.2.5 - CSRF Exploit
No description provided by source. Written By Michael Brooks Special thanks to str0ke! Zoom VoIP Phone Adapater ATA1+1 XSRF voip provider change xsrf version 1.2.5 html form action=http://10.1.1.165/callwzd.html method=post input name=DIRTYPAGE value=3 input name=HELPPAGE value=html.html input...
vanilla forum tagging plug-in enchanced 1.0.1 - Stored XSS
No description provided by source. Title: Vanilla Tagging Enchanced 1.0.1 Stored XSS Date: 1/6/12 Author: Henry Hoggard Author URL: henryhoggard.co.uk Author Twitter: @henryhoggard Software: Vanilla Version 2.0.18.4 + Tagging Enhanced plugin 1.0.1 http://vanillaforums.org/download...
CVE-2014-3840
Multiple cross-site scripting XSS vulnerabilities in apps/common/templates/calculateformtitle.html in Mayan EDMS 0.13 allow remote authenticated users to inject arbitrary web script or HTML via a 1 tag or the 2 title of a source in a Staging folder, 3 Name field in a bootstrap setup, or Title fie...
CVE-2014-3840
CVE-2014-3840 affects Mayan EDMS 0.13, with multiple stored XSS vulnerabilities in apps/common/templates/calculate_form_title.html. The issue allows remote authenticated users to inject arbitrary script/HTML via several vectors: (1) a tag, (2) the title of a source in a Staging folder, (3) the Na...
CVE-2014-3840
Multiple cross-site scripting XSS vulnerabilities in apps/common/templates/calculateformtitle.html in Mayan EDMS 0.13 allow remote authenticated users to inject arbitrary web script or HTML via a 1 tag or the 2 title of a source in a Staging folder, 3 Name field in a bootstrap setup, or Title fie...