Open-AuditIT Professional 2.1 - Cross-Site Scripting

Exploit Title: Open-AuditIT Professional 2.1 - Stored Cross site scripting XSS Date: 27-03-2018 Exploit Author: Nilesh Sapariya Contact: https://twitter.com/nileshloganx Website: https://nileshsapariya.blogspot.com Vendor Homepage: https://www.open-audit.org/ Version: 2.1 CVE : CVE-2018-8903...

October CMS < 1.0.431 - Cross-Site Scripting Vulnerability

Exploit for php platform in category web applications Exploit Title: October CMS Stored Code Injection Exploit Author: Samrat Das Contact: http://twitter.com/SamratDas93 Website: https://securitywarrior9.blogspot.in/ Vendor Homepage: https://octobercms.com/ Version: All versions till date from...

October CMS Cross Site Scripting

Exploit Title: October CMS Stored Code Injection Date: 16-02-2018 Exploit Author: Samrat Das Contact: http://twitter.com/SamratDas93 Website: https://securitywarrior9.blogspot.in/ Vendor Homepage: https://octobercms.com/ Version: All versions till date from 1.0.431 CVE : CVE- 2018-7198 Category:...

October CMS 1.0.431 - Cross-Site Scripting

October CMS 1.0.431 - Cross-Site Scripting ​​ Exploit Title: October CMS Stored Code Injection Date: 16-02-2018 Exploit Author: Samrat Das Contact: http://twitter.com/SamratDas93 Website: https://securitywarrior9.blogspot.in/ Vendor Homepage: https://octobercms.com/ Version: All versions till dat...

October CMS &lt; 1.0.431 - Cross-Site Scripting

​​ Exploit Title: October CMS Stored Code Injection Date: 16-02-2018 Exploit Author: Samrat Das Contact: http://twitter.com/SamratDas93 Website: https://securitywarrior9.blogspot.in/ Vendor Homepage: https://octobercms.com/ Version: All versions till date from 1.0.431 CVE : CVE- 2018-7198 Categor...

Front Accounting ERP 2.4.3 Cross Site Request Forgery

!-- 2 This hosted page upon being clicked by an logged in admin user will lead to creation of a new...

Front Accounting ERP 2.4.3 - Cross-Site Request Forgery Vulnerability

Exploit for php platform in category web applications input type="submit" va...

Front Accounting ERP 2.4.3 - Cross-Site Request Forgery

Front Accounting ERP 2.4.3 - Cross-Site Request Forgery...

Front Accounting ERP 2.4.3 - Cross-Site Request Forgery

...

TypeSetter CMS 5.1 - &#039;Host&#039; Header Injection

​ Exploit Title: TypeSetter CMS 5.1 Host Header Injection Date: 10-02-2018 Exploit Author: Navina Asrani Contact: https://twitter.com/NavinaSanjay Website: https://securitywarrior9.blogspot.in/ Vendor Homepage: https://www.typesettercms.com/ Version: 5.1 CVE : NA Category: Webapp CMS 1. Descripti...

TypeSetter CMS 5.1 - Host Header Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: TypeSetter CMS 5.1 Host Header Injection Exploit Author: Navina Asrani Contact: https://twitter.com/NavinaSanjay Website: https://securitywarrior9.blogspot.in/ Vendor Homepage: https://www.typesettercms.com/ Version: 5.1 CVE : N...

das-buchhaus.de XSS vulnerability

Open Bug Bounty ID: OBB-555529 Description| Value ---|--- Affected Website:| das-buchhaus.de Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

Wonder CMS 2.3.1 Host Header Injection

Exploit Title: Wonder CMS 2.3.1 Host Header Injection Date: 30-01-2018 Exploit Author: Samrat Das Contact: http://twitter.com/SamratDas93 Website: https://securitywarrior9.blogspot.in/ Vendor Homepage: https://www.wondercms.com/ Version: 2.3.1 CVE : CVE-2017-14523 Category: Webapp CMS 1...

Wonder CMS 2.3.1 - Host Header Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: Wonder CMS 2.3.1 Host Header Injection Exploit Author: Samrat Das Contact: http://twitter.com/SamratDas93 Website: https://securitywarrior9.blogspot.in/ Vendor Homepage: https://www.wondercms.com/ Version: 2.3.1 CVE :...

Wonder CMS 2.3.1 - Host Header Injection

Wonder CMS 2.3.1 - Host Header Injection Exploit Title: Wonder CMS 2.3.1 Host Header Injection Date: 30-01-2018 Exploit Author: Samrat Das Contact: http://twitter.com/SamratDas93 Website: https://securitywarrior9.blogspot.in/ Vendor Homepage: https://www.wondercms.com/ Version: 2.3.1 CVE :...

Citrix NetScaler VPX Server-Side Request Forgery Vulnerability

NetScaler VPX provides complete NetScaler Web and application load balancing, security and remote access, acceleration, security and offloading capabilities in a simple, easy-to-install virtual appliance. A server-side request forgery vulnerability exists in Citrix NetScaler VPX. An authenticated...

CVE-2018-6186

Citrix NetScaler VPX through NS12.0 53.13.nc allows an SSRF attack via the /rapi/readurl URI by an authenticated attacker who has a webapp account. The attacker can gain access to the nsroot account, and execute remote commands with root privileges...

Server side request forgery (ssrf)

Citrix NetScaler VPX through NS12.0 53.13.nc allows an SSRF attack via the /rapi/readurl URI by an authenticated attacker who has a webapp account. The attacker can gain access to the nsroot account, and execute remote commands with root privileges...

CVE-2018-6186

CVE-2018-6186 affects Citrix NetScaler VPX through NS12.0 53.13.nc, enabling an SSRF attack via the /rapi/read_url URI by an authenticated user with a webapp account. The attacker can gain nsroot access and execute remote commands with root privileges. The issue is addressed by upgrading to Citri...

CVE-2017-7997

Multiple SQL injection vulnerabilities in Gespage before 7.4.9 allow remote attackers to execute arbitrary SQL commands via the 1 showprn parameter to webapp/users/prnow.jsp or showmonth parameter to 2 webapp/users/blhistory.jsp or 3 webapp/users/prhistory.jsp...