12 matches found
0ch BBS Script (0ch) vulnerable to cross-site scripting
Overview 0ch BBS Script 0ch according to the original report submitted by the reporter provided by Zerochannel according to the original report submitted by the reporter is bulletin board software. 0ch BBS Script 0ch contains a cross-site scripting vulnerability CWE-79. During the meeting of...
Trojan-Spy.Win32.Xspyout.a Unauthenticated Open Proxy
Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/d1791ca15c5df6f8f5d007518efd65b6.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Trojan-Spy.Win32.Xspyout.a Vulnerability: Unauthenticated Open Proxy Description: The malware listen...
yappa-ng vulnerable to cross-site scripting
Overview yappa-ng provided by yet another PHP photo album next generation according to the original report submitted by the reporter is a PHP photo gallery. yappa-ng contains a cross-site scripting vulnerability CWE-79 which allows unintentional script execution on the user's web browser. During...
Trojan.Win32.Hosts2.yqf Insecure Permissions
Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/274a6e846c5a4a2b3281198556e5568b.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Trojan.Win32.Hosts2.yqf Vulnerability: Insecure Permissions Description: Hosts2.yqf creates an...
Click Ranker vulnerable to cross-site scripting
Overview Click Ranker contains a stored cross-site scripting vulnerability CWE-79 which allows unintentional script execution on the web browser of user who accesses a page ranking screen. During the meeting of Committee for authorizing the disclosure of unresolved vulnerabilities held on January...
Kagemai vulnerable to cross-site scripting
Overview Kagemai provided by daifukuya.com is a bug tracking system to share bug information of the software being developed among its development team. Kagemai contains a stored cross-site scripting vulnerability CWE-79 which allows an unintended script execution on the web browser of the user w...
Composr CMS 10.0.30 - Persistent Cross-Site Scripting
Title: Composr CMS 10.0.30 - Persistent Cross-Site Scripting Author: Manuel Garcia Cardenas Date: 2020-02-06 Vendor: https://compo.sr/ CVE: N/A ============================================= MGC ALERT 2020-001 - Original release date: February 06, 2020 - Last revised: May 21, 2020 - Discovered by:...
Metasploit Web UI Static secret_key_base Value
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule NullSerializer @serializer = options:serializer || Marshal end def encryptandsignvalue...
INSTEON Hub 2242-222 - Lack of Web and API Authentication
Exploit for hardware platform in category web applications The INSTEON Hub allows users to control their home automation devices from their home, and across the Internet. To allow control of the devices from the Internet requires that a user create a port forward from the Internet to the Hub on...
WingFTP 3.2.4 Cross Site Request Forgery
Application: WingFTP Server 3.2.4 maybe earlier versions too Link: http://www.wftpserver.com/ Vulnerability: CSRF Author: Ams Contact: mail: ax330d at gmail dot com site: http://www.0x416d73.name/ 1. About software "Wing FTP server is not only a FTP server. It's a multi-protocol file serverFTP,...
IXXO Cart SQL Injection
Original advisory at: http://www.davidsopas.com/2009/07/25/ixxo-cart-standalone-and-joomla-component-sql-injection/ Ref. DSF-03-2009 IXXO Cart! Standalone and Joomla Component SQL Injection Vendor: IXXO Internet Solutions Status: Patched by vendor IXXO Cart! IXXO Cart is an extremely powerful p...
faqmaster-multi.txt
Security Advisory - - FAQMasterFlexPlus multiple vulnerabilities - --------------------------------------------------------------- Product: FAQMasterFlexPlus Version: Latest version is affected, other not tested Vendor: http://www.netbizcity.com Affected by: Cross-Site Scripting & SQL injection...