845 matches found
CVE-2019-10655
Grandstream GAC2500 1.0.3.35, GXP2200 1.0.3.27, GVC3202 1.0.3.51, GXV3275 before 1.0.3.219 Beta, and GXV3240 before 1.0.3.219 Beta devices allow unauthenticated remote code execution via shell metacharacters in a /manager?action=getlogcat priority field, in conjunction with a buffer overflow via...
Huawei E5330 21.210.09.00.158 Cross Site Request Forgery
Exploit Title: Huawei E5330 Cross-Site Request Forgery Send SMS Date: 01/07/2019 Exploit Author: Nathu Nandwani Website: http://nandtech.co/ Vendor Homepage: https://consumer.huawei.com/in/mobile-broadband/e5330/ Version: 21.210.09.00.158 Tested on: Windows 10 x64 CVE: CVE-2014-5395 Note: The...
Embed Video Scripts - Persistent Cross-Site Scripting
Exploit Title: Embed Video Scripts - Cross-site Script stored Google Dork: N/A Date: 1 Jan 2019 Exploit Author: Deyaa Muhammad Author EMail: contact at deyaa.me Author Blog: http://deyaa.me POC Video: https://youtu.be/2CFJLwkxpT8 Vendor Homepage: https://codeawesome.in/embed/ Software Link:...
Leica Geosystems GR10/GR25/GR30/GR50 GNSS 4.30.063 - JS/HTML Code Injection
function submitRequest...
Information disclosure
The Stripe API v1 allows remote attackers to bypass intended access restrictions by replaying api.stripe.com /v1/tokens XMLHttpRequest data, parsing the response under the object card, and reading the cvccheck information if the creation is successful without charging the actual card used in the...
CVE-2018-19249
The Stripe API v1 allows remote attackers to bypass intended access restrictions by replaying api.stripe.com /v1/tokens XMLHttpRequest data, parsing the response under the object card, and reading the cvccheck information if the creation is successful without charging the actual card used in the...
CVE-2018-19249
The Stripe API v1 allows remote attackers to bypass intended access restrictions by replaying api.stripe.com /v1/tokens XMLHttpRequest data, parsing the response under the object card, and reading the cvccheck information if the creation is successful without charging the actual card used in the...
CVE-2018-19249
The CVE-2018-19249 entry concerns Stripe API v1, where remote attackers could bypass access restrictions by replaying XMLHttpRequest data to /v1/tokens. The vulnerability involves parsing the response under the card object and reading cvc_check information when a token is created without charging...
Voyager 1.1.3 Shell Upload
Exploit Title: Voyager 1.1.3 - Arbitrary File Upload Google Dork: N/A Date: 1 Jan 2019 Exploit Author: Deyaa Muhammad Author EMail: contact at deyaa.me Author Blog: http://deyaa.me Poc Video: https://youtu.be/5GnHbFqRP9M Vendor Homepage: https://laravelvoyager.com/ Software Link:...
bludit Pages Editor 3.0.0 - Arbitrary File Upload
Exploit Title: bludit Pages Editor 3.0.0 - Arbitrary File Upload Date: 2018-10-02 Google Dork: N/A Exploit Author: BouSalman Vendor Homepage: https://www.bludit.com/ Software Link: N/A Version: 3.0.0 Tested on: Ubuntu 18.04 CVE : 2018-1000811 POST /admin/ajax/upload-files HTTP/1.1 Host:...
Sessions never expire due to continuous XHR
Summary Sessions in Bamboo are supposed to have a default inactivity timeout of 30 minutes see https://confluence.atlassian.com/bamkb/how-to-change-bamboo-user-session-timeout-848977292.html, however regardless of which timeout period is set, sessions never time out if a user doesn't close their...
Library CMS 2.1.1 - Cross-Site Scripting Vulnerability
Exploit for php platform in category web applications Exploit Title: Library CMS 2.1.1 - Cross-Site Scripting Exploit Author: Ismail Tasdelen Vendor Homepage: https://kaasoft.pro/ Software Link : https://library.kaasoft.pro/ Software : Library CMS - Powerful Book Management System Version : v 2.1...
CAMALEON CMS 2.4 Cross Site Scripting Vulnerability
Exploit for php platform in category web applications Exploit Title: CAMALEON CMS 2.4 - Cross-Site Scripting Exploit Author: Ismail Tasdelen Vendor Homepage: http://camaleon.tuzitio.com/ Software Link : https://github.com/owen2345/camaleon-cms Software : CAMALEON CMS Version : 2.4 Vulernability...
Wikidforum 2.20 - Cross-Site Scripting Vulnerability
Exploit for php platform in category web applications Exploit Title: Wikidforum 2.20 - Cross-Site Scripting Exploit Author: Amir Hossein Mahboubi Vendor Homepage: https://sourceforge.net/projects/wikidforum/ Software Link:...
Cross site scripting
On D-Link DIR-620 devices with a certain customized by ISP variant of firmware 1.0.3, 1.0.37, 1.3.1, 1.3.3, 1.3.7, 1.4.0, and 2.0.22, a reflected Cross-Site Scripting XSS attack is possible as a result of missed filtration for special characters in the "Search" field and incorrect processing of t...
CVE-2018-6212
On D-Link DIR-620 devices with a certain customized by ISP variant of firmware 1.0.3, 1.0.37, 1.3.1, 1.3.3, 1.3.7, 1.4.0, and 2.0.22, a reflected Cross-Site Scripting XSS attack is possible as a result of missed filtration for special characters in the "Search" field and incorrect processing of t...
CVE-2018-6212
On D-Link DIR-620 devices with a certain customized by ISP variant of firmware 1.0.3, 1.0.37, 1.3.1, 1.3.3, 1.3.7, 1.4.0, and 2.0.22, a reflected Cross-Site Scripting XSS attack is possible as a result of missed filtration for special characters in the "Search" field and incorrect processing of t...
WebKit not_number defineProperties Use-After-Free Exploit
Exploit for multiple platform in category dos / poc This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'WebKit notnumber defineProperties UAF', 'Description' = %q This module exploits a UAF...
Grid Pro Big Data 1.0 - SQL Injection
Exploit Title: Grid Pro Big Data 1.0 - 'test.php' SQL Injection Dork: N/A Date: 30.05.2018 Exploit Author: Kağan Çapar Vendor Homepage: https://codecanyon.net/item/grid-pro-big-data-table-view-data-grid-with-sort-search-and-filter-for-large-mysql-tables/20395348 Version: 1.0 Category: Webapps...
Grid Pro Big Data 1.0 SQL Injection
Exploit Title: Grid Pro Big Data 1.0 - 'test.php' SQL Injection Dork: N/A Date: 30.05.2018 Exploit Author: Kağan Çapar Vendor Homepage: https://codecanyon.net/item/grid-pro-big-data-table-view-data-grid-with-sort-search-and-filter-for-large-mysql-tables/20395348 Version: 1.0 Category: Webapps...