CVE-2022-0199

The Coming soon and Maintenance mode WordPress plugin before 3.6.8 does not have CSRF check in its comingsoonsendmail AJAX action, allowing attackers to make logged in admin to send arbitrary emails to all subscribed users via a CSRF attack...

Ec-cube 跨站脚本漏洞

Ec-Cube is an open source system for creating shopping websites. A cross-site scripting vulnerability exists in Ec-Cube. An attacker can exploit this vulnerability by tricking an administrator or user into visiting a specially crafted page and performing certain actions to execute arbitrary scrip...

Cross-site Scripting (XSS) - Stored in polonel/trudesk

💥 BUG Stored xss using ticket content in markdown 💥 IMPACT There is no xss filter present . Using this stored xss external user can attack admin and can execute arbitary javascript code in vicitm account . TESTED VERSION ========== trudesk 1.1.5 💥 STEP TO REPRODUCE 1. First goto...

CVE-2019-16686

Dolibarr 9.0.5 has stored XSS in a User Note section to note.php. A user with no privileges can inject script to attack the admin...

CVE-2019-16686

Dolibarr 9.0.5 has stored XSS in a User Note section to note.php. A user with no privileges can inject script to attack the admin...

Cross site scripting

Dolibarr 9.0.5 has stored XSS in a User Note section to note.php. A user with no privileges can inject script to attack the admin...

UBUNTU-CVE-2019-16688

Dolibarr 9.0.5 has stored XSS in an Email Template section to mailstemplates.php. A user with no privileges can inject script to attack the admin. This stored XSS can affect all types of user privilege from Admin to users with no permissions...

CVE-2019-16688

Dolibarr 9.0.5 has stored XSS in an Email Template section to mailstemplates.php. A user with no privileges can inject script to attack the admin. This stored XSS can affect all types of user privilege from Admin to users with no permissions...

UBUNTU-CVE-2019-16686

Dolibarr 9.0.5 has stored XSS in a User Note section to note.php. A user with no privileges can inject script to attack the admin...

PT-2019-14770 · Dolibarr · Dolibarr

Name of the Vulnerable Software and Affected Versions: Dolibarr version 9.0.5 Description: The issue concerns a stored XSS in the User Note section of the note.php file. This allows a user without privileges to inject a script, potentially attacking the admin. Recommendations: For Dolibarr versio...

CVE-2017-5368

ZoneMinder v1.30 and v1.29, an open-source CCTV server web application, is vulnerable to CSRF Cross Site Request Forgery which allows a remote attack to make changes to the web application as the current logged in victim. If the victim visits a malicious web page, the attacker can silently and...

Metyus Okul Yonetim 1.0 Sistemi Uye_giris_islem.ASP SQL Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/21418/info Metyus Okul Yonetim Sistemi is prone to an SQL-injection vulnerability because it fails to properly sanitize user-supplied input before using it in an SQL query. A successful exploit could allow an attacker to...

Emek Portal 2.1 Uyegiris.ASP SQL Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/20378/info Emek Portal is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query. A successful exploit could allow an attacker to...

Moodle 2.3.9 / 2.4.9 Javascript Insertion

Ciaran McNally Application: Moodle http://download.moodle.org/ Versions: parameter in an rss feed is vulnerable to javascript injection. This blog post is viewable by everyone on moodle and you can link to it directly. Upon clicking the "Link to original blog entry" link, you get javascript...

admin/dev/usermacros.jsp lacks an XSRF token to add and remove user macros from Confluence.

admin/dev/usermacros.jsp does not require a csrf token to add and remove user macros from Confluence. This could allow an attacker to introduce a malicious user macro with 'bad' html and or javascript into a confluence instance through a csrf attack on an admin user...

CVE-2007-0192

Cross-site request forgery CSRF vulnerability in the savemain operation in the adperms section in admin.php in MKPortal allows remote attackers to modify privilege settings, as demonstrated using a getURL of admin.php within a .swf file contained in an IFRAME element, aka the "All Guests are Admi...

CVE-2007-0192

The CVE-2007-0192 CSRF vulnerability affects MKPortal’s admin.php in the save_main operation (ad_perms) where an attacker can induce privilege changes. The issue is exposed via a crafted getURL in a .swf loaded in an IFRAME, enabling remote modification of privilege settings (All Guests are Admin...

chatwm10-sql.txt

LiderHack.Org & BhhGroup.Org & Bilgi-Yonetimi.Org.Tr script name : chatwm V1.0 Script Download : http://maxiasp.com/scyorum.asp?scno=225 Risk : High GoogLe Dork : chatwm Found By : ShaFuck31 Thanks : | Dekolax | The RéD | CyBorG | DesquneR | f1r3b0y | BaZaL | SaboTaqe | ST@ReXT | BLaSTER | B1G B0...

Chatwm SelGruFra.ASP SQL注入漏洞

Chatwm是一款基于ASP的WEB应用程序。 Chatwm不正确过滤用户提交的输入，远程攻击者可以利用漏洞进行SQL注入攻击，获得敏感信息。 问题是'SelGruFra.ASP'脚本对用户提交的WEB参数缺少过滤，提交恶意脚本代码作为参数数据，可导致获得敏感信息。 Chatwm Chatwm 1.0 目前没有解决方案提供： http://maxiasp.com/scyorum.asp?scno=225 titleRemote Admin Attack - LiderHack.Org // Hacking & Security PortaL/title centerShaFuck31 -...

Doğantepe Ziyareti Defteri (tr) Sql Injection Vuln.

LiderHack.Org & BhhGroup.Org script name : Doantepe Ziyaretзi Defteri tr Script Download : http://aspindir.com/Goster/4485 Risk : High Found By : ShaFuck31 Thanks : | Dekolax | The RйD | CyBorG | DesquneR | f1r3b0y | BaZaL | SaboTaqe | ST@ReXT | BLaSTER | B1G B0SS | UNiKnoX | Vulnerable file :...