Perfex CRM 2.4.4 Cross Site Scripting

Document Title: =============== Perfex v2.4.4 CRM - Print Persistent Web Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2231 Release Date: ============= 2020-06-24 Vulnerability Laboratory ID VL-ID: ==================================== 22...

User Registration & Login and User Management System 2.1 - Cross Site Request Forgery

Exploit Title: User Registration & Login and User Management System 2.1 - Cross Site Request Forgery Exploit Author: Dipak Panchalth3.d1p4k Vendor Homepage: https://phpgurukul.com Software Link: http://user-registration-login-and-user-management-system-with-admin-panel Version: 5 Tested on Window...

EgavilanMedia User Registration And Login System With Admin Panel 1.0 CSRF

Exploit Title: EgavilanMedia User Registration & Login System with Admin Panel 1.0 - CSRF Date: 01-12-2020 Exploit Author: Hardik Solanki Vendor Homepage: http://egavilanmedia.com Software Link:...

Online News Portal System 1.0 - 'Title' Stored Cross Site Scripting

Exploit Title: Online News Portal System 1.0 - 'Title' Stored Cross Site Scripting Date: 24-11-2020 Exploit Author: Parshwa Bhavsar Vendor Homepage: https://www.sourcecodester.com/php/14600/online-news-portal-using-phpmysqli-source-code.html Software Link:...

Under Construction Page with CPanel 1.0 - SQL injection

Exploit Title: Under Construction Page with CPanel 1.0 - SQL injection Date: 17-11-2020 Exploit Author: Mayur Parmarth3cyb3rc0p Vendor Homepage: http://egavilanmedia.com Software Link : http://egavilanmedia.com/under-construction-page-with-cpanel/ Version: 1.0 Tested on: PopOS SQL Injection: SQL...

CVE-2020-8539

CVE-2020-8539 affects Kia Motors head units (SOP.003.30.18.0703, SOP.005.7.181019, SOP.007.1.191209). The vulnerability arises from an arbitrary command execution via the micomd daemon, enabling an attacker with local access to inject commands and generate CAN frames on the M-CAN multimedia bus. ...

WonderCMS 3.1.3 - 'page' Persistent Cross-Site Scripting

Exploit Title: WonderCMS 3.1.3 - 'page' Persistent Cross-Site Scripting Date: 20-11-2020 Exploit Author: Mayur Parmar Vendor Homepage: https://www.wondercms.com/ Version: 3.1.3 Tested on: PopOS Stored Cross-site scriptingXSS: Stored attacks are those where the injected script is permanently store...

Task Center has an unauthorized access vulnerability

Task Center is a management system. An unauthorized access vulnerability exists in Task Center. An attacker could exploit this vulnerability to obtain sensitive information...

OpenCart 3.0.3.6 - 'subject' Stored Cross-Site Scripting

Exploit Title: OpenCart 3.0.3.6 - 'subject' Stored Cross-Site Scripting Date: 24-11-2020 Exploit Author: Hemant Patidar HemantSolo Vendor Homepage: https://www.opencart.com/ Software Link: https://www.opencart.com/index.php?route=cms/download Version: 3.0.3.6 Tested on: Windows 10/Kali Linux CVE:...

Wonder CMS 3.1.3 Cross Site Scripting

Exploit Title: WonderCMS 3.1.3 - 'content' Persistent Cross-Site Scripting Date: 20-11-2020 Exploit Author: Hemant Patidar HemantSolo Vendor Homepage: https://www.wondercms.com/ Version: 3.1.3 Tested on: Windows 10/Kali Linux Stored Cross-site scriptingXSS: Stored XSS, also known as persistent XS...

WonderCMS 3.1.3 - 'content' Persistent Cross-Site Scripting

Exploit Title: WonderCMS 3.1.3 - 'content' Persistent Cross-Site Scripting Date: 20-11-2020 Exploit Author: Hemant Patidar HemantSolo Vendor Homepage: https://www.wondercms.com/ Version: 3.1.3 Tested on: Windows 10/Kali Linux CVE: CVE-2020-29233 Stored Cross-site scriptingXSS: Stored XSS, also...

SugarCRM 6.5.18 - Persistent Cross-Site Scripting

Exploit Title: SugarCRM 6.5.18 - Persistent Cross-Site Scripting Exploit Author: Vulnerability-Lab Date: 2020-11-16 Vendor Homepage: https://www.sugarcrm.com Version: 6.5.18 Document Title: =============== SugarCRM v6.5.18 - Contacts Persistent Cross Site Web Vulnerability References Source:...

Froxlor Froxlor Server Management Panel 0.10.16 - Persistent Cross-Site Scripting

Exploit Title: Froxlor Froxlor Server Management Panel 0.10.16 - Persistent Cross-Site Scripting Exploit Author: Vulnerability-Lab Date: 2020-11-12 Vendor Homepage: https://froxlor.org/ Software Link: https://froxlor.org/download/ Version: 0.10.16 Document Title: =============== Froxlor v0.10.16 ...

CVE-2020-27484

Garmin Forerunner 235 before 8.20 is affected by: Integer Overflow. The component is: ConnectIQ TVM. The attack vector is: To exploit the vulnerability, the attacker must upload a malicious ConnectIQ application to the ConnectIQ store. The ConnectIQ program interpreter fails to check for overflow...

Out-of-bounds

Garmin Forerunner 235 before 8.20 is affected by: Array index error. The component is: ConnectIQ TVM. The attack vector is: To exploit the vulnerability, the attacker must upload a malicious ConnectIQ application to the ConnectIQ store. The ConnectIQ program interpreter fails to check the index...

CVE-2020-27483

Garmin Forerunner 235 before 8.20 is affected by: Array index error. The component is: ConnectIQ TVM. The attack vector is: To exploit the vulnerability, the attacker must upload a malicious ConnectIQ application to the ConnectIQ store. The ConnectIQ program interpreter trusts the offset provided...

CVE-2020-27484

Garmin Forerunner 235 before 8.20 is affected by: Integer Overflow. The component is: ConnectIQ TVM. The attack vector is: To exploit the vulnerability, the attacker must upload a malicious ConnectIQ application to the ConnectIQ store. The ConnectIQ program interpreter fails to check for overflow...

Vulnerability Descriptions in the New Version of the Security Update Guide

With the launch of the new version of the Security Update Guide, Microsoft is demonstrating its commitment to industry standards by describing the vulnerabilities with the Common Vulnerability Scoring System CVSS. This is a precise method that describes the vulnerability with attributes such as t...

Vulnerability Descriptions in the New Version of the Security Update Guide

With the launch of the new version of the Security Update Guide, Microsoft is demonstrating its commitment to industry standards by describing the vulnerabilities with the Common Vulnerability Scoring System CVSS. This is a precise method that describes the vulnerability with attributes such as t...

File Upload Vulnerability in easySite Content Management System

CSCL is a provider of artificial intelligence technology and informatization software and platforms. A file upload vulnerability exists in easySite Content Management System, which can be exploited by attackers to gain control of the server...