ACME mini_httpd <1.30 - Local File Inclusion

ACME minihttpd before 1.30 is vulnerable to local file inclusion. id: CVE-2018-18778 info: name: ACME minihttpd 1.30 - Local File Inclusion author: DhiyaneshDK,dogasantos severity: medium description: ACME minihttpd before 1.30 is vulnerable to local file inclusion. impact: | Successful...

ColumnPack:ColumnPack-plugin (=1.0.3), CustomHistory:CustomHistory (>=1.1 <=1.3) +1886 more potentially affected by CVE-2025-67635 via org.jenkins-ci.main:cli (>=1.396 <=2.528.2)

org.jenkins-ci.main:cli MAVEN version =1.396, =1.1, =0.0.1, =1.0, =55.v51410e712e0c, =1.0, =0.0.1, =0.1.0, =1.0, =0.9, =1.3, =1.23 and more Source cves: CVE-2025-67635 Source advisory: OSV:GHSA-9P56-P6MW-W8QC...

Web Hacking Service ‘Araneida’ Tied to Turkish IT Firm

Cybercriminals are selling hundreds of thousands of credential sets stolen with the help of a cracked version of Acunetix , a powerful commercial web app vulnerability scanner, new research finds. The cracked software is being resold as a cloud-based attack tool by at least two different services...

AcuAutomate - Unofficial Acunetix CLI Tool For Automated Pentesting And Bug Hunting Across Large Scopes

AcuAutomate is an unofficial Acunetix CLI tool that simplifies automated pentesting and bug hunting across extensive targets. It's a valuable aid during large-scale pentests, enabling the easy launch or stoppage of multiple Acunetix scans simultaneously. Additionally, its versatile functionality...

YoroTrooper: Researchers Warn of Kazakhstan's Stealthy Cyber Espionage Group

A relatively new threat actor known as YoroTrooper is likely made up of operators originating from Kazakhstan. The assessment, which comes from Cisco Talos, is based on their fluency in Kazakh and Russian, use of Tenge to pay for operating infrastructure, and very limited targeting of Kazakhstani...

Winter Vivern APT Targets European Government Entities with Zimbra Vulnerability

The advanced persistent threat APT actor known as Winter Vivern is now targeting officials in Europe and the U.S. as part of an ongoing cyber espionage campaign. "TA473 since at least February 2023 has continuously leveraged an unpatched Zimbra vulnerability in publicly facing webmail portals tha...

Weak Password Policy

Description This application commafeed is using a weak password policy. Acunetix was able to guess the credentials required to access this page. A weak password is short, common, a system default, or something that could be rapidly guessed by executing a brute force attack using a subset of all...

Weak Password Policy

Description This page is using a weak password. Acunetix was able to guess the credentials required to access this page. A weak password is short, common, a system default, or something that could be rapidly guessed by executing a brute force attack using a subset of all possible passwords, such ...

ColumnPack:ColumnPack-plugin (=1.0.3), CustomHistory:CustomHistory (>=1.1 <=1.3) +2157 more potentially affected by CVE-2010-3700 via org.acegisecurity:acegi-security (>=1.0.0 <=1.0.7)

org.acegisecurity:acegi-security MAVEN version =1.0.0, =1.1, =0.0.1, =1.0, =1.0, =0.0.1, =0.1.1, =0.1.0, =1.0, =1.17.3 and more Source cves: CVE-2010-3700 Source advisory: OSV:GHSA-3295-H9QX-R82X...

CVE-2022-29315

CVE-2022-29315 : Invicti Acunetix before 14 is affected by a CSV injection vulnerability. The issue arises when exporting CSV and using the Description field on the Add Targets page, allowing injection into exported files. The CVSSv3.1 base score is 8.8 (HIGH) with network attack, no privileges r...

Cross-site Scripting (XSS) - Stored in imran300/inventory

✍️ Description Stored xss bug using a xss payload in the product name when adding a new categorie in the product page. 🕵️‍♂️ Proof of Concept Goto http://localhost/inventory/index.php/Category/listcategory and click on add category and copy paste the following xss payload and paste it in the...

Cross-site Scripting (XSS) - Stored in leantime/leantime

✍️ Description Stored xss bug using a xss payload in the todo name when adding a todo item 🕵️‍♂️ Proof of Concept Goto http://localhost/tickets/showKanban and add a todo item and copy paste the following xss payload in the todo-name javascript " Click on safe and go to the My Timesheets tab and see...

Cross-site Scripting (XSS) - Stored in omeka/omeka-s

✍️ Description Stored xss bug using a xss payload in the Title when adding a new site. the xss is getting executed when you are trying to delete the website, see the PoC for details. 🕵️‍♂️ Proof of Concept Goto http://localhost/omeka/omeka-s/admin/site and click on add new site copy paste the...

Cross-site Scripting (XSS) - Stored in leantime/leantime

✍️ Description Stored xss bug using a xss payload in the Hypothesis when adding a new Research 🕵️‍♂️ Proof of Concept Goto http://localhost/leancanvas/simpleCanvas and click on add new and copy paste the following xss payload javascript " Click on safe and see the xss popup with the cookie. 💥...

Cross-site Scripting (XSS) - Stored in devcode-it/openstamanager

✍️ Description Stored xss through file upload via anagrafiche 🕵️‍♂️ Proof of Concept Go to an existing Anagrafiche or create a new one. Upload a .svg file with the following content: javascript alertdocument.cookie; give a name you want ending with .svg store-xss.svg for example. when you click on...

GHSA-9CX9-X2GP-9QVH CRLF vulnerability in Fiber

Impact The filename that is given in c.Attachment is not escaped, and therefore vulnerable for a CRLF injection attack. I.e. an attacker could upload a custom filename and then give the link to the victim. With this filename, the attacker can change the name of the downloaded file, redirect to...

Acunetix Web Scanner Privilege Escalation (CVE-2015-4027)

A privilege escalation vulnerability exists in Acunetix Web Vulnerability Scanner. Successful exploitation of this vulnerability would allow a remote attacker to gain unauthorized access to the affected system...

Iranian Advanced Persistent Threat Actor Identified Obtaining Voter Registration Data

Summary This advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge ATT &CK® version 8 framework. See the ATT&CK for Enterprise version 8 for all referenced threat actor techniques. This joint cybersecurity advisory was coauthored by the Cybersecurity and Infrastructure...

Acunetix v13 - Web Application Security Scanner

Acunetix, the pioneer in automated web application security software, has announced the release of Acunetix Version 13. The new release comes with an improved user interface and introduces innovations such as the SmartScan engine, malware detection functionality, comprehensive network scanning,...

MTN Group: Information Disclosure Microsoft IIS Server service.cnf in a mtn website

Hi there i found a information disclosure Microsoft IIS Server service.cnf file in the website https://www.mtn.co.za/ using firefox. In the following steps i will demonstrate how to reproduce the vulnerability. POC: 1ºGo to the following url: https://www.mtn.co.za/vtipvt/service.cnf you will see:...