CVE-2016-10763

The CampTix Event Ticketing plugin before 1.5 for WordPress allows XSS in the admin section via a ticket title or body...

Design/Logic Flaw

The CampTix Event Ticketing plugin before 1.5 for WordPress allows XSS in the admin section via a ticket title or body...

CVE-2016-10763

The CampTix Event Ticketing plugin before 1.5 for WordPress allows XSS in the admin section via a ticket title or body...

Sitecore 8.x - Deserialization Remote Code Execution Vulnerability

Exploit for asp platform in category web applications Exploit Title: Sitecore v 8.x Deserialization RCE Date: Reported to vendor October 2018, fix released April 2019. Exploit Author: Jarad Kopf Vendor Homepage: https://www.sitecore.com/ Software Link: Sitecore downloads:...

Sitecore 8.x - Deserialization Remote Code Execution

Sitecore 8.x - Deserialization Remote Code Execution Exploit Title: Sitecore v 8.x Deserialization RCE Date: Reported to vendor October 2018, fix released April 2019. Exploit Author: Jarad Kopf Vendor Homepage: https://www.sitecore.com/ Software Link: Sitecore downloads:...

Sitecore 8.x Deserialization Remote Code Execution

Exploit Title: Sitecore v 8.x Deserialization RCE Date: Reported to vendor October 2018, fix released April 2019. Exploit Author: Jarad Kopf Vendor Homepage: https://www.sitecore.com/ Software Link: Sitecore downloads: https://dev.sitecore.net/Downloads.aspx Version: Sitecore 8.0 Revision 150802...

Sitecore 8.x - Deserialization Remote Code Execution

Exploit Title: Sitecore v 8.x Deserialization RCE Date: Reported to vendor October 2018, fix released April 2019. Exploit Author: Jarad Kopf Vendor Homepage: https://www.sitecore.com/ Software Link: Sitecore downloads: https://dev.sitecore.net/Downloads.aspx Version: Sitecore 8.0 Revision 150802...

CVE-2018-17300

Stored XSS exists in CuppaCMS through 2018-09-03 via an administrator//component/tablemanager/view/cumenus section name...

CVE-2018-9155

Cross-site scripting XSS vulnerability in Open-AudIT Professional 2.1.1 allows remote attackers to inject arbitrary web script or HTML via a crafted name of a component, as demonstrated by the Admin-Logs section with a logs?logs.type= URI and the Manage-Attributes section via the "Name display"...

Online Ticket Booking Cross-Site Scripting Vulnerability (CNVD-2018-01215)

Advanced Real Estate Script is a ready-made real estate website script.Online Ticket Booking is one of the online booking systems. A cross-site scripting vulnerability exists in Online Ticket Booking in Advanced Real Estate Script. The vulnerability can be exploited to conduct cross-site scriptin...

WP Site Protect 1.0 - Cross-Site Scripting (XSS)

The wp-site-protect allows to protect the access to a wordpress website with a global password. Passwords can be randomly generated or manually set, the "password" field is not properly sanitized, allowing some XSS in different views of the plugins in the administration section. It seems that the...

Cross site request forgery (csrf)

In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery CSRF in admin/news.php...

gohargroup.in XSS vulnerability

Open Bug Bounty ID: OBB-242240 Description| Value ---|--- Affected Website:| gohargroup.in Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

windprospect.com XSS vulnerability

Vulnerable URL: https://www.windprospect.com/admin/index?logout=1signin=1=code=4234"'--!confirmOPENBUGBOUNTY...

CVE-2017-6068

Subrion CMS 4.0.5 has CSRF in admin/blocks/add/. The attacker can create any block, and can optionally insert XSS via the content parameter...

Lian Li NAS - Multiple Vulnerabilities

No description provided by source. Exploit Title: Lian Li NAS Multiple vulnerabilities Date: 21/07/2014 Exploit Author: pws Vendor Homepage: http://www.lian-li.com/en/dtportfoliocategory/nas/ Firmware Link: https://www.dropbox.com/s/imvkndl8m5yj7qp/G5S604121826700.tar.gz Tested on: Latest version...

VisualSite CMS 1.3 - Multiple Vulnerabilities

No description provided by source. ''' | / |/ \ /\ | | | | \ | \ / | | | | / \ | | | | | | | |/| | | | |/ /\ | | | | | | | | || / \ || | | | || ||// \/|/ http://www.exploit-db.com/moaub-25-visualsite-cms-multiple-vulnerabilities/ ''' Abysssec Inc Public Advisory Title : VisualSite CMS Multiple...

nabopoll 1.2 - Remote Unprotected Admin Section Vulnerability

No description provided by source. nabopoll 1.1.2 sensitive file admin without password By : sn0oPy Risk : high site : http://nabocorp.com/ Dork : inurl:nabopoll/ exploit : acces without password to : http://target/nabopoll/admin/configedit.php http://target/nabopoll/admin/templateedit.php...

Omnistar Document Manager 8.0 LFI / XSS / SQL Injection

Title: ====== Omnistar Document Manager v8.0 - Multiple Vulnerabilities Date: ===== 2012-10-03 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=712 VL-ID: ===== 712 Common Vulnerability Scoring System: ==================================== 8.3 Introduction: =============...

Omnistar Document Manager v8.0 - Multiple Vulnerabilities

Document Title: =============== Omnistar Document Manager v8.0 - Multiple Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=712 Release Date: ============= 2012-10-02 Vulnerability Laboratory ID VL-ID: ==================================== 7...