Simple Phone Book/Directory 1.0 SQL Injection

Exploit Title: Simple Phone book/directory 1.0 - 'Username' SQL Injection Unauthenticated Date: 21/08/2021 Exploit Author: Justin White Vendor Homepage: https://www.sourcecodester.com Software Link: https://www.sourcecodester.com/php/13011/phone-bookphone-directory.html Version: 1.0 Testeted on:...

jetty: Symlink directory exposes webapp directory contents

If the $jetty.base directory or the $jetty.base/webapps directory is a symlink the contents of the $jetty.base/webapps directory may be deployed as a static web application, exposing the content of the directory for download. The highest threat from this vulnerability is to data confidentiality...

bivouac-framework (=0.1.0a0), cornerstonecms (>=0.1.0 <=0.1.20) +6 more potentially affected by CVE-2021-23401 via flask-user (>=0.6.1 <=1.0.2.2)

flask-user PYPI version =0.6.1, =0.1.0, =0.1.0, =0.0.39, =0.8.8, =0.1.0, =0.1.1a6 Source cves: CVE-2021-23401 Source advisory: OSV:GHSA-4298-89HC-6RFV...

openSUSE 15 Security Update : jetty-minimal (openSUSE-SU-2021:2005-1)

The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:2005-1 advisory. - In Eclipse Jetty 9.4.32 to 9.4.38, 10.0.0.beta2 to 10.0.1, and 11.0.0.beta2 to 11.0.1, if a user uses a webapps directory that is a...

Cartadis Gespage 路径遍历漏洞

cartadis Cartadis Gespage is an application from cartadis Inc. a print management software that includes features such as print accounting, printer monitoring, user management, payments, quotas, and redirection rules for complete management of copies and prints. A path traversal vulnerability...

Mattermost: Specially crafted message request crashes the webapp for users who view the message

A specially crafted message request with a modified deletedat JSON parameter could crash the webapp for all users viewing the channel, or for anyone viewing a different channel if they switch to that channel afterward. This vulnerability could be exploited to prevent users from accessing a channe...

b2evolution 7.2.2 - (edit account details) Cross-Site Request Forgery Vulnerability

Exploit Title: b2evolution 7.2.2 - 'edit account details' Cross-Site Request Forgery CSRF Exploit Author: Alperen Ergel @alpernae Vendor Homepage: https://b2evolution.net/ Software Link: https://b2evolution.net/downloads/7-2-2 Version : 7.2.2 Tested on: Kali Linux Category: WebApp Description...

b2evolution 7.2.2 Cross Site Request Forgery

Exploit Title: b2evolution 7.2.2 - 'edit account details' Cross-Site Request Forgery CSRF Exploit Author: Alperen Ergel @alpernae Vendor Homepage: https://b2evolution.net/ Software Link: https://b2evolution.net/downloads/7-2-2 Version : 7.2.2 Tested on: Kali Linux Category: WebApp Description...

CVE-2021-32683

wire-webapp is the web version of Wire, an open-source messenger. A cross-site scripting vulnerability exists in wire-webapp prior to version 2021-06-01-production.0. If a user is instructed to open an image in a new tab right click - open in new tab, or copy the URL and paste it in the URL bar, ...

Cross site scripting

wire-webapp is the web version of Wire, an open-source messenger. A cross-site scripting vulnerability exists in wire-webapp prior to version 2021-06-01-production.0. If a user is instructed to open an image in a new tab right click - open in new tab, or copy the URL and paste it in the URL bar, ...

CVE-2021-32683

Affected software: wire-webapp (web version of Wire). Vulnerability: cross-site scripting (CVE-2021-32683) present in versions prior to 2021-06-01-production.0 due to image handling (createObjectURL) that can execute malicious code on app.wire.com when an image is opened in a new tab or URL paste...

CVE-2021-32683 XSS through createObjectURL

wire-webapp is the web version of Wire, an open-source messenger. A cross-site scripting vulnerability exists in wire-webapp prior to version 2021-06-01-production.0. If a user is instructed to open an image in a new tab right click - open in new tab, or copy the URL and paste it in the URL bar, ...

Wire 跨站脚本漏洞

Wire is a chat software by an individual developer. The program supports Web, WindowsiOS, Android, and OS X platforms, has a group feature, allows voice calls, sends photos, and its original way of saying hello, PING. A cross-site scripting vulnerability exists in wire-webapp, which can be...

Apache Tapestry Information Disclosure (CVE-2021-30638)

An information disclosure vulnerability exists in Apache Tapestry. A URL manipulation via smuggled backslashes allows Java webapp files inside WEB-INF to be listed and downloaded...

Remote Code Execution

libraw is vulnerable to remote code execution. An authenticated user can inject additional commands into normal webapp query...

Information Disclosure

tapestry-core is vulnerable to information disclosure. Mishandling of URL allows an attacker to use malicious URL to list and download the JAVA webapp files from WEB-INF of the WAR being run. This CVE exists due to an incomplete fix for CVE-2020-13953...

cobalt-bin (>=0.7.4 <=0.17.5), hyper-static-server (>=0.1.1 <=0.5.1) +10 more potentially affected by unknown CVE via sass-rs (=0.2.2)

sass-rs CARGO version =0.2.2 is affected by a known vulnerability. The following packages have a transitive dependency on sass-rs and may be impacted: - cobalt-bin =0.7.4, =0.1.1, =0.1.6, =0.1.0, =0.1.0, =0.1.2, =0.1.1-alpha1, =0.7.0, =0.1.0, =0.1.2, =0.1.8 Source cves: unknown CVE Source advisor...

CVE-2021-21400

wire-webapp is an open-source front end for Wire, a secure collaboration platform. In wire-webapp before version 2021-03-15-production.0, when being prompted to enter the app-lock passphrase, the typed passphrase will be sent into the most recently used chat when the user does not actively give...

CVE-2021-21400

The CVE-2021-21400 issue affects wire-webapp (open-source front end for Wire) prior to 2021-03-15-production.0. The vulnerability arises because, when prompted for the app-lock passphrase, the input is sent to the most recently used chat if the input field does not have focus; input focus is enfo...

CVE-2021-21400 Entering code in App Lock modal sends input to conversation

wire-webapp is an open-source front end for Wire, a secure collaboration platform. In wire-webapp before version 2021-03-15-production.0, when being prompted to enter the app-lock passphrase, the typed passphrase will be sent into the most recently used chat when the user does not actively give...