836 matches found
Kuicms PHP EE 2.0 - Persistent Cross-Site Scripting Vulnerability
Exploit for php platform in category web applications Exploit Title: Kuicms Php EE 2.0 - Persistent Cross-Site Scripting Vendor Homepage: https://kuicms.com Software Link: https://kuicms.com/kuicms.zip Version: Kuicms Php EE 2.0 Tested on: Windows CVE : N/A Vulnerable Request: POST...
Cross-Site Request Forgery (CSRF)
@rails/ujs is vulnerable to cross-site request forgery CSRF. The same-origin header in XMLHttpRequest requests are not validated before including the CSRF token, potentially allowing remote attackers to submit requests on behalf of the user...
ACal 2.2.6 Remote Code Execution Exploit
Exploit Title: ACal v2.2.6 - 1-Click Remote Code Execution Exploit Author: Bobby Cooke Date: May 14th, 2020 Vendor Homepage: http://acalproj.sourceforge.net/ Software Link: http://prdownloads.sourceforge.net/acalproj/ACal-2.2.6.tar.gz?download Version: 2.2.6 Tested On: Windows 10 Pro 1909 x6486 +...
ACal 2.2.6 Remote Code Execution
Exploit Title: ACal v2.2.6 - 1-Click Remote Code Execution Exploit Author: Bobby Cooke Date: May 14th, 2020 Vendor Homepage: http://acalproj.sourceforge.net/ Software Link: http://prdownloads.sourceforge.net/acalproj/ACal-2.2.6.tar.gz?download Version: 2.2.6 Tested On: Windows 10 Pro 1909 x6486 +...
Shopify: XSS within Shopify Email App - Admin
The Shopify Email Application is vulnerable to XSS A user with only Settings https://hackerone.myshopify.com/admin/settings/general access can inject html within the Apartment, suite, etc. optional of the Store address section that will then be displayed in the Shopify Email Template edition Step...
i-doit Open Source CMDB 1.14.1 - Arbitrary File Deletion
Exploit Title: i-doit Open Source CMDB 1.14.1 - Arbitrary File Deletion Date: 2020-05-02 Author: Besim ALTINOK Vendor Homepage: https://www.i-doit.org/ Software Link: https://sourceforge.net/projects/i-doit/ Version: v1.14.1 Tested on: Xampp Credit: İsmail BOZKURT...
jizhi CMS 1.6.7 - Arbitrary File Download
Exploit Title: jizhi CMS 1.6.7 - Arbitrary File Download Google Dork: jizhicms Date: 2020-04-18 Exploit Author: iej1ctk1g Vendor Homepage: https://www.jizhicms.cn/ Software Link: http://down.jizhicms.cn/jizhicmsBeta1.6.7.zip Version: 1.6.7 Tested on: Mac OS CVE : N/A Data 1. POST...
one2web.co.uk Open Redirect vulnerability
Open Bug Bounty ID: OBB-1145777 Security Researcher myNickName Helped patch 200 vulnerabilities Received 2 Coordinated Disclosure badges , a holder of 2 badges for responsible and coordinated disclosure, found a security vulnerability affecting one2web.co.uk website and its users. Following...
Information Disclosure
firefox is vulnerable to information disclosure. A flaw was found in the Firefox XMLHttpRequest object. A remote site could use this flaw to gather information about servers on an internal private network...
CVE-2019-11691
A use-after-free vulnerability can occur when working with XMLHttpRequest XHR in an event loop, causing the XHR main thread to be called after it has been freed. This results in a potentially exploitable crash. This vulnerability affects Thunderbird 60.7, Firefox 67, and Firefox ESR 60.7...
Arbitrary File Read
html-pdf is vulnerable to arbitrary file read. An attacker is able to view local files by sending an XMLHttpRequest to fetch the contents and writing it into the HTML document during conversion of a file from HTML to PDF. This is due to using an emulated scriptable headless browser known as...
Code Snippets < 2.14.0 - CSRF to RCE
This "flaw allowed anybody to forge a request on behalf of an administrator and inject executable code on a vulnerable site." function submitRequest var xhr = new XMLHttpRequest; xhr.open"POST", "http://waftesting.vhx.cloud:8080/wp-admin/admin.php?page=import-snippets", true;...
Adive Framework 2.0.8 - Persistent Cross-Site Scripting Vulnerability
Exploit for php platform in category web applications Exploit Title: Adive Framework 2.0.8 - Persistent Cross-Site Scripting Exploit Author: Sarthak Saini Vendor Link : https://www.adive.es/ Software Link: https://github.com/ferdinandmartin/adive-php7 Version: 2.0.8 Category: Webapps Tested on:...
Adive Framework 2.0.8 - Persistent Cross-Site Scripting
Exploit Title: Adive Framework 2.0.8 - Persistent Cross-Site Scripting Exploit Author: Sarthak Saini Dork: N/A Date: 2020-01-18 Vendor Link : https://www.adive.es/ Software Link: https://github.com/ferdinandmartin/adive-php7 Version: 2.0.8 Category: Webapps Tested on: windows64bit / mozila firefo...
Adive Framework 2.0.8 - Persistent Cross-Site Scripting
Adive Framework 2.0.8 - Persistent Cross-Site Scripting Exploit Title: Adive Framework 2.0.8 - Persistent Cross-Site Scripting Exploit Author: Sarthak Saini Dork: N/A Date: 2020-01-18 Vendor Link : https://www.adive.es/ Software Link: https://github.com/ferdinandmartin/adive-php7 Version: 2.0.8...
Advie Framework 2.0.8 Cross Site Scripting
Exploit Title: Adive Framework 2.0.8 - Persistent Cross-Site Scripting Exploit Author: Sarthak Saini Dork: N/A Date: 2020-01-18 Vendor Link : https://www.adive.es/ Software Link: https://github.com/ferdinandmartin/adive-php7 Version: 2.0.8 Category: Webapps Tested on: windows64bit / mozila firefo...
Subrion CMS 4.0.5 - Cross-Site Request Forgery (Add Admin) Vulnerability
Exploit for php platform in category web applications Exploit Title: Subrion CMS 4.0.5 - Cross-Site Request Forgery Add Admin Exploit Author: Ismail Tasdelen Vendor Homepage: https://intelliants.com/ Software Link : https://github.com/intelliants/subrion/releases/tag/v4.0.5 Software : Subrion CMS...
Prima Access Control 2.3.35 Cross Site Scripting
Prima Access Control 2.3.35 Authenticated Stored XSS CVE: CVE-2019-7671 Advisory: https://applied-risk.com/resources/ar-2019-007 Discovered by Gjoko 'LiquidWorm' Krstic POST /bin/sysfcgi.fx HTTP/1.1 Host: 192.168.13.37 Connection: keep-alive Content-Length: 265 Origin: https://192.168.13.37...
CVE-2019-17221
PhantomJS through 2.1.1 has an arbitrary file read vulnerability, as demonstrated by an XMLHttpRequest for a file:// URI. The vulnerability exists in the page.open function of the webpage module, which loads a specified URL and calls a given callback. An attacker can supply a specially crafted HT...
CVE-2019-17221
PhantomJS through 2.1.1 has an arbitrary file read vulnerability, as demonstrated by an XMLHttpRequest for a file:// URI. The vulnerability exists in the page.open function of the webpage module, which loads a specified URL and calls a given callback. An attacker can supply a specially crafted HT...