Lucene search
K

186 matches found

Kitploit
Kitploit
added 2017/07/28 3:7 p.m.16 views

Pythem - Penetration Testing Framework

pythem is a multi-purpose pentest framework written in Python. It has been developed to be used by security researchers and security professionals. The tool intended to be used only for acts within the law. I am not liable for any undue and unlawful act practiced by this tool, for more informatio...

7.5AI score
Exploits0References50
Hacker One
Hacker One
added 2017/05/19 11:19 p.m.18 views

U.S. Dept Of Defense: Insecure Direct Object Reference on in-scope .mil website

Summary: A web form in a .mil website doesn't implement restriction against multiple failed attempts to place an ID in order to obtain users information or cancel an ongoing process. Description: Websites https://█████████/appointment/lookup.aspx?a=f and...

6.4AI score
Exploits0
CNVD
CNVD
added 2017/04/21 12:0 a.m.3 views

PHPCMS V9 Full Version Has Reflective XSS Vulnerability

PHPCMS is a web content management system based on PHP and Mysql architecture. PHPCMS V9 full version of the existence of reflective XSS vulnerability, an attacker can use this vulnerability to web form to insert XSS execution code, pop-up box operation, access to user cookies and other sensitive...

6.4AI score
Exploits0
OSV
OSV
added 2017/04/20 6:59 p.m.4 views

CVE-2016-8721

An exploitable OS Command Injection vulnerability exists in the web application 'ping' functionality of Moxa AWK-3131A Wireless Access Points running firmware 1.1. Specially crafted web form input can cause an OS Command Injection resulting in complete compromise of the vulnerable device. An...

9.1CVSS5.8AI score0.0328EPSS
Exploits2References1
CNVD
CNVD
added 2017/04/18 12:0 a.m.4 views

Reflected Cross-Site Scripting Vulnerability in 'keyword' Parameter of Qibo Classifieds Information System

Zibo classification information system is an open source content management system. Qibo Classifieds Information System 'keyword' parameter has a reflective cross-site scripting vulnerability that allows an attacker to insert XSS execution code into a web form, which poses a security risk of...

6AI score
Exploits0
0day.today
0day.today
added 2015/12/19 12:0 a.m.29 views

GoAutoDial CE 3.3 - Multiple Vulnerabilities

Exploit for php platform in category web applications Title : GoAutoDial CE 3.3 Multiple SQL injections, Command Injection Date : 06/12/2015 Author : R-73eN Tested on : goautodial-32bit-ce-3.3-final Software : http://goautodial.org/ | | / | / | / \ | | | || ' | | / | | / \ ' \ / \ | | | || | | |...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2015/12/06 12:0 a.m.47 views

GoAutoDial CE 3.3 SQL Injection / Command Injection

Title : GoAutoDial CE 3.3 Multiple SQL injections, Command Injection Date : 06/12/2015 Author : R-73eN Tested on : goautodial-32bit-ce-3.3-final Software : http://goautodial.org/ | | / | / | / \ | | | || ' | | / | | / \ ' \ / \ | | | || | | | | | || | / | | | / | | ||| ||| / ||| || // \|...

0.2AI score
Exploits0
CNVD
CNVD
added 2015/09/25 12:0 a.m.5 views

Drupal amoCRM module cross-site scripting vulnerability

Drupal is a free, open source content management system developed in PHP. amoCRM module for Drupal is a sales management Web service for Drupal. A cross-site scripting vulnerability in Drupal amoCRM module 7.x-1.2 before 7.x-1.x allows remote attackers to inject arbitrary web script or HTML via...

2.6CVSS6AI score0.00913EPSS
Exploits0References1
Kitploit
Kitploit
added 2015/06/09 10:21 p.m.44 views

Medusa - Speedy, Parallel and Modular Login Brute-Forcer

Medusa is intended to be a speedy, massively parallel, modular, login brute-forcer. The goal is to support as many services which allow remote authentication as possible. The author considers following items as some of the key features of this application: Thread-based parallel testing. Brute-for...

7.5AI score
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2015/03/26 12:0 a.m.28 views

Debian DLA-113-1 : bsd-mailx security update

It was discovered that bsd-mailx, an implementation of the 'mail' command, had an undocumented feature which treats syntactically valid email addresses as shell commands to execute. Users who need this feature can re-enable it using the 'expandaddr' in an appropriate mailrc file. This update also...

7.8CVSS7.1AI score0.06858EPSS
Exploits1References3
Packet Storm
Packet Storm
added 2015/03/17 12:0 a.m.19 views

Mambo 4.6.5 Cross Site Request Forgery / SQL Injection

Affected software: Mambo Type of vulnerability: csrf to sql injection URL: http://source.mambo-foundation.org/ Discovered by: Provensec Website: http://www.provensec.com version 4.6.5 Proof of concept no csrf token were used on sql query form so attacker can leverage csrf to execute sql query on...

0.5AI score
Exploits0
CNVD
CNVD
added 2015/03/02 12:0 a.m.3 views

Cisco Unified Web Interaction Manager Cross-Site Scripting Vulnerability

Cisco Unified Web and E-mail Interaction Manager are both products in Cisco's Customer Collaboration Contact Center.Web Interaction Manager is a product that helps call center agents answer customer questions using websites and text chat or real-time Web collaboration; E-mail Interaction Manager ...

4.3CVSS6.3AI score0.01773EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2014/12/17 12:0 a.m.21 views

Debian DSA-3104-1 : bsd-mailx - security update

It was discovered that bsd-mailx, an implementation of the 'mail' command, had an undocumented feature which treats syntactically valid email addresses as shell commands to execute. Users who need this feature can re-enable it using the 'expandaddr' in an appropriate mailrc file. This update also...

7.8CVSS7.3AI score0.06858EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2014/12/17 12:0 a.m.40 views

Debian DSA-3105-1 : heirloom-mailx - security update

Two security vulnerabilities were discovered in Heirloom mailx, an implementation of the 'mail' command : - CVE-2004-2771 mailx interprets shell meta-characters in certain email addresses. - CVE-2014-7844 An unexpected feature of mailx treats syntactically valid email addresses as shell commands ...

7.8CVSS7.5AI score0.06858EPSS
Exploits1References6
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.10 views

Business Objects Crystal Reports 9/10 Web Form Viewer Directory Traversal Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/10260/info Crystal Reports and Crystal Enterprise Web Form Viewer is prone to a directory traversal vulnerability. This issue can allow an attacker to retrieve and delete files, allowing for information disclosure and...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.24 views

Zoom VoIP Phone Adapater ATA1+1 1.2.5 - CSRF Exploit

No description provided by source. Written By Michael Brooks Special thanks to str0ke! Zoom VoIP Phone Adapater ATA1+1 XSRF voip provider change xsrf version 1.2.5 html form action=http://10.1.1.165/callwzd.html method=post input name=DIRTYPAGE value=3 input name=HELPPAGE value=html.html input...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.20 views

vanilla forum tagging plug-in enchanced 1.0.1 - Stored XSS

No description provided by source. Title: Vanilla Tagging Enchanced 1.0.1 Stored XSS Date: 1/6/12 Author: Henry Hoggard Author URL: henryhoggard.co.uk Author Twitter: @henryhoggard Software: Vanilla Version 2.0.18.4 + Tagging Enhanced plugin 1.0.1 http://vanillaforums.org/download...

7.1AI score
Exploits0
Cvelist
Cvelist
added 2014/05/27 2:0 p.m.23 views

CVE-2014-3840

Multiple cross-site scripting XSS vulnerabilities in apps/common/templates/calculateformtitle.html in Mayan EDMS 0.13 allow remote authenticated users to inject arbitrary web script or HTML via a 1 tag or the 2 title of a source in a Staging folder, 3 Name field in a bootstrap setup, or Title fie...

5.4AI score0.03476EPSS
Exploits1References8
CVE
CVE
added 2014/05/27 2:0 p.m.64 views

CVE-2014-3840

CVE-2014-3840 affects Mayan EDMS 0.13, with multiple stored XSS vulnerabilities in apps/common/templates/calculate_form_title.html. The issue allows remote authenticated users to inject arbitrary script/HTML via several vectors: (1) a tag, (2) the title of a source in a Staging folder, (3) the Na...

3.5CVSS5.4AI score0.03476EPSS
Exploits1References8Affected Software1
NVD
NVD
added 2014/05/27 1:55 p.m.19 views

CVE-2014-3840

Multiple cross-site scripting XSS vulnerabilities in apps/common/templates/calculateformtitle.html in Mayan EDMS 0.13 allow remote authenticated users to inject arbitrary web script or HTML via a 1 tag or the 2 title of a source in a Staging folder, 3 Name field in a bootstrap setup, or Title fie...

3.5CVSS5.4AI score0.03476EPSS
Exploits1References8
Rows per page
Query Builder