2033 matches found
Quiz And Survey Master < 7.1.18 - Reflected Cross-Site Scripting (XSS)
The plugin did not sanitise or escape its resultid parameter when displaying an existing quiz result page, leading to a reflected Cross-Site Scripting issue. This could allow for privilege escalation by inducing a logged in admin to open a malicious link...
Path traversal
Envoy is a cloud-native edge/middle/service proxy. Envoy does not decode escaped slash sequences %2F and %5C in HTTP URL paths in versions 1.18.2 and before. A remote attacker may craft a path with escaped slashes, e.g. /something%2F..%2Fadmin, to bypass access control, e.g. a block on /admin. A...
PT-2021-13833 · Red Hat · Keycloak
Name of the Vulnerable Software and Affected Versions: keycloak versions prior to 13.0.0 Description: A flaw in keycloak allows for a Self Stored XSS attack vector, which can escalate to a complete account takeover. This is due to user-supplied data fields not being properly encoded and the use o...
Gadget Works Online Ordering System 1.0 - (Category) Persistent Cross-Site Scripting Vulnerability
Exploit Title: Gadget Works Online Ordering System 1.0 - 'Category' Persistent Cross-Site Scripting XSS Exploit Author: Vinay H C Vendor Homepage: https://www.sourcecodester.com/ Software Link: https://www.sourcecodester.com/php/13093/gadget-works-online-ordering-system-phpmysqli.html Version: 1....
The Gig Economy Creates Novel Data-Security Risks
As businesses strive to move faster and faster, many are adopting a “just-in-time” strategy of spinning up human resources on demand – a phenomenon known as the gig economy, familiar to most via Uber, Instacart or DoorDash. But it’s a concept that enterprises are embracing too – inadvertently...
PT-2021-5464 · Apache +8 · Apache Http Server +8
Name of the Vulnerable Software and Affected Versions: Apache HTTP Server versions 2.4.41 through 2.4.46 Description: The issue is related to the mod proxy http function in the Apache HTTP Server, which can be made to crash due to a NULL pointer dereference when handling specially crafted request...
COVID19 Testing Management System 1.0 - SQL Injection (Auth Bypass) Vulnerability
Exploit Title: COVID19 Testing Management System 1.0 - SQL Injection Auth Bypass Exploit Author: Rohit Burke Vendor Homepage: https://phpgurukul.com Software Link: https://phpgurukul.com/covid19-testing-management-system-using-php-and-mysql/ Version: 1.0 Tested on: Windows 10 SQL Injection:...
COVID19 Testing Management System 1.0 SQL Injection
Exploit Title: COVID19 Testing Management System 1.0 - SQL Injection Auth Bypass Date: 19/05/2021 Exploit Author: Rohit Burke Vendor Homepage: https://phpgurukul.com Software Link: https://phpgurukul.com/covid19-testing-management-system-using-php-and-mysql/ Version: 1.0 Tested on: Windows 10 SQL...
GHSA-6QMF-FJ6M-686C Open Redirect in Flask-Security-Too
Impact Flask-Security allows redirects after many successful views e.g. /login by honoring the ?next query param. There is code in FS to validate that the url specified in the next parameter is either relative OR has the same netloc network location as the requesting URL. This check utilizes...
Cross site scripting
The Python "Flask-Security-Too" package is used for adding security features to your Flask application. It is an is an independently maintained version of Flask-Security based on the 3.0.0 version of Flask-Security. All versions of Flask-Security-Too allow redirects after many successful views e....
Customer Relationship Management (CRM) System 1.0 - (Category) Persistent Cross site Scripting
Exploit Title: Customer Relationship Management CRM System 1.0 - 'Category' Persistent Cross site Scripting Exploit Author: Vani K G Vendor Homepage: https://www.sourcecodester.com/ Software Link:...
Simple Chatbot Application 1.0 - (Category) Stored Cross site Scripting Vulnerability
Exploit Title: Simple Chatbot Application 1.0 - 'Category' Stored Cross site Scripting Exploit Author: Vani K G Vendor Homepage: https://www.sourcecodester.com/ Software Link: https://www.sourcecodester.com/php/14788/simple-chatbot-application-using-php-source-code.html Version: 1.0 Tested on:...
Customer Relationship Management (CRM) System 1.0 - 'Category' Persistent Cross site Scripting
Exploit Title: Customer Relationship Management CRM System 1.0 - 'Category' Persistent Cross site Scripting Date: 14-05-2021 Exploit Author: Vani K G Vendor Homepage: https://www.sourcecodester.com/ Software Link:...
Simple Chatbot Application 1.0 - 'Category' Stored Cross site Scripting
Exploit Title: Simple Chatbot Application 1.0 - 'Category' Stored Cross site Scripting Date: 16-05-2021 Exploit Author: Vani K G Vendor Homepage: https://www.sourcecodester.com/ Software Link: https://www.sourcecodester.com/php/14788/simple-chatbot-application-using-php-source-code.html Version:...
Open Redirect in Flask-Security-Too
Flask-Security allows redirects after many successful views e.g. /login by honoring the ?next query param. There is code in FS to validate that the url specified in the next parameter is either relative OR has the same netloc network location as the requesting URL. This check utilizes Pythons...
Simple Chatbot Application 1.0 Cross Site Scripting
Exploit Title: Simple Chatbot Application 1.0 - 'Category' Stored Cross site Scripting Date: 16-05-2021 Exploit Author: Vani K G Vendor Homepage: https://www.sourcecodester.com/ Software Link: https://www.sourcecodester.com/php/14788/simple-chatbot-application-using-php-source-code.html Version:...
Cross-site Scripting (XSS) - Generic in utmsigep/member-directory
✍️ Description Administrative functions display success banners after multiple actions that reflect user-input directly without sanitization. 🕵️♂️ Proof of Concept Member-status Creation and Update - Directory Admin - Member Statuses - Create New Member Status - Code: Enter a string, Label: Enter...
Customer Relationship Management System 1.0 Cross Site Scripting
Exploit Title: Customer Relationship Management CRM System 1.0 - 'Category' Persistent Cross site Scripting Date: 14-05-2021 Exploit Author: Vani K G Vendor Homepage: https://www.sourcecodester.com/ Software Link:...
PYSEC-2021-162
TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a division by 0 in tf.rawops.Conv2DBackpropInput. This is because the...
PYSEC-2021-224
TensorFlow is an end-to-end open source platform for machine learning. The Prepare step of the SpaceToDepth TFLite operator does not check for 0 before divisionhttps://github.com/tensorflow/tensorflow/blob/5f7975d09eac0f10ed8a17dbb6f5964977725adc/tensorflow/lite/kernels/spacetodepth.ccL63-L67. An...