Responsive Menu < 4.0.4 - CSRF to Arbitrary File Upload

"Attackers could craft a request and trick an administrator into uploading a zip archive containing malicious PHP files. The attacker could then access those files to achieve remote code execution and further infect the targeted site." function submitRequest var xhr = new XMLHttpRequest;...

Modern Events Calendar Lite < 5.16.5 - Authenticated Arbitrary File Upload leading to RCE

The plugin did not properly check the imported file, allowing PHP ones to be uploaded by administrator by using the 'text/csv' content-type in the request. The issue could also be exploited via a CRSF attack, as such check was also missing...

The vulnerability of the XMLHttpRequest component in browsers such as Firefox, Firefox ESR, and the email client Thunderbird allows a hacker to trigger a service failure.

The vulnerability of the XMLHttpRequest component in browsers such as Firefox, Firefox ESR, and the email client Thunderbird is related to the use of memory after it is freed. Exploiting this vulnerability can allow a malicious actor to cause service failures remotely...

h1-ctf: [h1-ctf] 12 Days of Adventure to stop Grinch from ruining Christmas

--------------------------------------------------------------------------------------------------------------------------------------------------- Day 1: https://hackyholidays.h1ctf.com/robots.txt User-agent: Disallow: /s3cr3t-ar3a Flag: flag48104912-28b0-494a-9995-a203d1e261e7 Here we go with t...

ILIAS Learning Management System 4.3 - SSRF

Exploit Title: ILIAS Learning Management System 4.3 - SSRF Date: 10-08-2020 Exploit Author: Dot/kx1z0 Vendor Homepage: https://www.ilias.de/ Software Link: https://github.com/ILIAS-eLearning/ILIAS/tree/release4-3 Version: 4.3-5.1 Tested on: Linux Description We can create portfolios, export them ...

ILIAS Learning Management System 4.3 Server-Side Request Forgery

Exploit Title: ILIAS Learning Management System 4.3 - SSRF Date: 10-08-2020 Exploit Author: Dot/kx1z0 Vendor Homepage: https://www.ilias.de/ Software Link: https://github.com/ILIAS-eLearning/ILIAS/tree/release4-3 Version: 4.3-5.1 Tested on: Linux Description We can create portfolios, export them ...

OpenCart 3.0.3.6 - &#039;subject&#039; Stored Cross-Site Scripting

Exploit Title: OpenCart 3.0.3.6 - 'subject' Stored Cross-Site Scripting Date: 24-11-2020 Exploit Author: Hemant Patidar HemantSolo Vendor Homepage: https://www.opencart.com/ Software Link: https://www.opencart.com/index.php?route=cms/download Version: 3.0.3.6 Tested on: Windows 10/Kali Linux CVE:...

28motivos.com Cross Site Scripting vulnerability OBB-1496289

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

InoERP 0.7.2 - Remote Code Execution (Unauthenticated)

!/usr/bin/python -- coding: UTF-8 -- Exploit Title: InoERP 0.7.2 Unauthenticated Remote Code Execution Date: March 14, 2020 Exploit Author: Lyhin's Lab Detailed Bug Description: https://lyhinslab.org/index.php/2020/03/14/inoerp-ab-rce/ Software Link: https://github.com/inoerp/inoERP Version: 0.7....

Comment Press < 2.7.2 - Unauthenticated Cross-Frame Scripting

An Unauthenticated Cross-Frame Scripting vulnerability was discovered in the Comment Press plugin v2.7.0 for WordPress. ! :: PoC Burp Suite: POST /wp-comments-post.php HTTP/1.1 Host: example.com Content-Type: application/x-www-form-urlencoded; charset=UTF-8 X-Requested-With: XMLHttpRequest...

fivetech.net Cross Site Scripting vulnerability OBB-1353279

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

GHSA-FJ93-7WM4-8X2G Cross-Site Scripting in jquery-mobile

All version of jquery-mobile are vulnerable to Cross-Site Scripting. The package checks for content in location.hash and if a URL is found it does an XmlHttpRequest XHR to the URL and renders the response with innerHTML. It fails to validate the Content-Type of the response, allowing attackers to...

Cross-Site Scripting in jquery-mobile

All version of jquery-mobile are vulnerable to Cross-Site Scripting. The package checks for content in location.hash and if a URL is found it does an XmlHttpRequest XHR to the URL and renders the response with innerHTML. It fails to validate the Content-Type of the response, allowing attackers to...

Quiz and Survey Master < 7.0.1 - Arbitrary File Upload

This flaw made it possible for unauthenticated attackers to upload arbitrary files and achieve remote code execution. Set-up quiz that accepts file uploads, then upload file and change content-type to one set as approved. history.pushState'', '', '/' function submitRequest var xhr = new...

Email Subscribers & Newsletters < 4.5.1 - Cross-site Request Forgery in send_test_email()

An attacker could exploit this issue by convincing a user to click a specially crafted URL, which will send emails from the affected user’s WordPress email account. function run var targetUrl = "http://example.com/webpage"; var email = "[email protected]"; var subject = "PoC"; var content = "add...

Pandora FMS 7.0 NG 746 Script Insertion / Code Execution Vulnerability

Pandora FMS 7.0 NG versions 746 and below remote code execution exploit that leverages cross site scripting. Requires administrator to perform an snmp scan with a cross site scripting payload. Exploit Title: PandoraFMS 7.0 NG ≤ 746 Remote Code Execution Date: July 2020 Author: AppleBois Version:...

Navigate CMS 2.8.7 - Cross-Site Request Forgery (Add Admin) Vulnerability

Exploit for php platform in category web applications Exploit Title: Navigate CMS 2.8.7 - Cross-Site Request Forgery Add Admin Exploit Author: Gus Ralph Vendor Homepage: https://www.navigatecms.com/en/home Software Link:...

NOKIA VitalSuite SPM 2020 - SQL Injection

NOKIA VitalSuite SPM 2020 suffers from a remote SQL injection vulnerability. Exploit Title: NOKIA VitalSuite SPM 2020 - 'UserName' SQL Injection Exploit Author: Berk Dusunur Google Dork: N/A Type: Web App Date: 2020-05-28 Vendor Homepage: https://www.nokia.com Software Link:...

NOKIA VitalSuite SPM 2020 - (UserName) SQL Injection Vulnerability

Exploit for multiple platform in category web applications Exploit Title: NOKIA VitalSuite SPM 2020 - 'UserName' SQL Injection Exploit Author: Berk Dusunur Vendor Homepage: https://www.nokia.com Software Link: https://www.nokia.com/networks/products/vitalsuite-performance-management-software/...

EyouCMS 1.4.6 - Persistent Cross-Site Scripting Vulnerability

Exploit for php platform in category web applications Exploit Title: EyouCMS 1.4.6 - Persistent Cross-Site Scripting Exploit Author: China Banking and Insurance Information Technology Management Co.,Ltd. Vendor Homepage: https://eyoucms.com Software Link:...