EUVD-2018-13030

Malware in sbrugna...

CSRF Leading to reset Boxes

Description Hello everyone, During my testing on LimeSurvey's admin demo, it's found that the Boxes part of the application is vulnerable to CSRF affecting reset boxes functionality meaning that if an admin created some boxes an attacker could trick the admin to reset the boxes by following a lin...

com.liferay:com.liferay.users.admin.demo (>=1.0.5 <=1.0.6) potentially affected by CVE-2022-26596 via com.liferay:com.liferay.journal.content.web (>=1.0.0 <=2.0.0)

com.liferay:com.liferay.journal.content.web MAVEN version =1.0.0, =1.0.5, =1.0.6 Source cves: CVE-2022-26596 Source advisory: OSV:GHSA-W7F2-6896-6MM2...

CVE-2018-20476

An issue was discovered in S-CMS 3.0. It allows XSS via the admin/demo.php Tid parameter...

S-CMS Cross-Site Scripting Vulnerability (CNVD-2018-26677)

S-CMS is a content management system CMS based on PHP and MySQL. A cross-site scripting vulnerability exists in the admin/demo.php file in S-CMS version 3.0, which stems from the program's failure to filter the 'Tid' parameter, which can be exploited by remote attackers to inject arbitrary Web...

PT-2018-15401 · S Cms · S-Cms

Name of the Vulnerable Software and Affected Versions: S-CMS version 3.0 Description: An issue in S-CMS allows cross-site scripting XSS attacks via the T id parameter in the "admin/demo.php" API endpoint. Recommendations: For S-CMS version 3.0, avoid using the T id parameter in the "admin/demo.ph...

Reflected Cross-Site Scripting Vulnerability in S-CMS V3.0 build20170808 /admin/demo.asp Page

S-CMS is a corporate website building system developed by Zibo Shining Network Technology Co. A reflective cross-site scripting vulnerability exists in the /admin/demo.asp page in S-CMS V3.0 build20170808. This vulnerability allows an attacker to construct XSS statements and perform pop-up box...

qibocmsV7整站系统任意文件下载导致无限制注入多处(可提升自己为管理 Demo演示)

简要描述： 我擦 写完标题后发现标题如此的长。 应该是qibo中用得最多的系统了把。 与之前我发的那个有所不同。 Fuzz。 发现qibo是不是换人了? 给分给的越来越低? 之前18 到 10 到现在的5分了? 用demo来演示演示把。 应该可以直接登录后台 懒得弄了。 如果这个洞还不给20的话 我只能呵呵了。 详细说明： http://bbs.qibosoft.com/down2.php?v=v7down 下载地址 刚下载的。 在inc/job/download.php中 $url=trimbase64decode$url;...

Product Sale Framework 0.1b (forum_topic_id) SQL Injection Vulnerability

No description provided by source. +++++++++++++++++++++++In The Name Of Allah+++++++++++++++++++++++++++ + + + Product Sale Framework sql injection Vulnerability + + + + Discovered by b3hz4d + + + + WwW.DeltaHacking.Net + + + + + + +...