Lucene search
+L

87 matches found

Hacker One
Hacker One
added 2020/05/05 11:2 p.m.73 views

Topcoder: CSRF on https://apps.topcoder.com/wiki/plugins/socialbookmarking/updatebookmark.action

Summary: Hi : There is a CSRF on creating bookmarks form. Steps To Reproduce: There is no CSRF token or anything like that on https://apps.topcoder.com/wiki/plugins/socialbookmarking/updatebookmark.action. I added the poc html file below. When someone opens this html file, or we can add it into o...

0.9AI score
Exploits0
Hacker One
Hacker One
added 2020/05/05 10:26 p.m.70 views

Topcoder: Reflected XSS on https://apps.topcoder.com/wiki/plugins/socialbookmarking/updatebookmark.action

Summary: Hi : A reflected XSS occurs when creating bookmarks. Steps To Reproduce: A user can create bookmarks on https://apps.topcoder.com/wiki/plugins/socialbookmarking/updatebookmark.action. In this url redirect and url parameters are vulnerable to XSS. PoC:...

1AI score
Exploits0
CNVD
CNVD
added 2019/10/11 12:0 a.m.5 views

WordPress wp-social-bookmarking-light plugin cross-site request forgery vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. wp-social-bookmarking-light is a social sharing plugin that is used in it. A cross-site request forgery vulnerability exists in...

6.5CVSS6.7AI score0.00859EPSS
Exploits1References1
BDU FSTEC
BDU FSTEC
added 2019/10/09 12:0 a.m.9 views

The vulnerability of Firefox browsers arises from the possibility of executing scripts from the bookmarking panel on a page or through PDF viewing tools, allowing an attacker to execute arbitrary code.

The vulnerability of Firefox browsers arises from the possibility of executing scripts from the bookmarking buffer or during PDF file viewing. Exploiting this vulnerability allows a malicious actor to execute arbitrary code using a specially crafted website...

5CVSS6.2AI score0.01623EPSS
Exploits0References5Affected Software3
Prion
Prion
added 2019/09/26 2:15 a.m.14 views

Cross site request forgery (csrf)

The wp-social-bookmarking-light plugin before 1.7.10 for WordPress has CSRF with resultant XSS via configuration parameters for Tumblr, Twitter, Facebook, etc. in wp-admin/options-general.php?page=wp-social-bookmarking-light%2Fmodules%2Fadmin.php...

4.3CVSS6.2AI score0.00859EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2019/09/26 1:9 a.m.137 views

CVE-2015-9433

The wp-social-bookmarking-light plugin for WordPress is affected by a CSRF leading to XSS via configuration parameters in wp-admin/options-general.php?page=wp-social-bookmarking-light/modules/admin.php. This vulnerability exists in versions prior to 1.7.10. Root cause: CSRF enables insertion of m...

6.5CVSS6.2AI score0.00859EPSS
Exploits1References3Affected Software1
Packet Storm
Packet Storm
added 2019/03/05 12:0 a.m.39 views

vBulletin 4.2.5 Thread Post Bookmarking 1.2.0 Open Redirection

Exploit Title : vBulletin 4.2.5 Thread Post Bookmarking 1.2.0 Open Redirection Author Discovered By : KingSkrupellos Team : Cyberizm Digital Security Army Date : 04/03/2019 Vendor Homepages : vbulletin.com dragonbyte-tech.com Software Information Link :...

7.4AI score
Exploits0
OSV
OSV
added 2018/07/05 1:29 p.m.4 views

CVE-2018-9185

An information disclosure vulnerability in Fortinet FortiOS 6.0.0 and below versions reveals user's web portal login credentials in a Javascript file sent to client-side when pages bookmarked in web portal use the Single Sign-On feature...

8.1CVSS5.8AI score0.02149EPSS
Exploits0References3
CNVD
CNVD
added 2017/08/24 12:0 a.m.7 views

Newsbeuter Code Execution Vulnerability

Newsbeuter is an open source RSS/Atom reader for text terminals running on Unix-like operating systems such as Linux, FreeBSD, and Mac OS X. It can be used in a variety of applications, such as mobile phones, mobile devices, and mobile phones. A security vulnerability exists in the operating syst...

9.3CVSS8.6AI score0.06404EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2017/08/23 2:29 p.m.20 views

CVE-2017-12904

Improper Neutralization of Special Elements used in an OS Command in bookmarking function of Newsbeuter versions 0.7 through 2.9 allows remote attackers to perform user-assisted code execution by crafting an RSS item that includes shell code in its title and/or URL...

9.3CVSS7.6AI score0.06404EPSS
Exploits0References4
OSV
OSV
added 2017/08/23 2:29 p.m.2 views

ALPINE-CVE-2017-12904

Improper Neutralization of Special Elements used in an OS Command in bookmarking function of Newsbeuter versions 0.7 through 2.9 allows remote attackers to perform user-assisted code execution by crafting an RSS item that includes shell code in its title and/or URL...

8.8CVSS7.8AI score0.06404EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2017/08/23 2:0 p.m.15 views

CVE-2017-12904

Removed by vendor...

9.3CVSS8.7AI score0.06404EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2017/08/23 2:0 p.m.52 views

CVE-2017-12904

Improper Neutralization of Special Elements used in an OS Command in bookmarking function of Newsbeuter versions 0.7 through 2.9 allows remote attackers to perform user-assisted code execution by crafting an RSS item that includes shell code in its title and/or URL...

9.3CVSS9AI score0.06404EPSS
Exploits0
Packet Storm
Packet Storm
added 2017/01/21 12:0 a.m.43 views

Social News And Bookmarking Script SQL Injection

Vulnerability: SQL Injection Date: 19.01.2017 Vendor Homepage: http://www.scriptfolder.com/ Script Name: Social News and Bookmarking Script Script Buy Now: http://www.scriptfolder.com/scriptfolder-bookmark-drive-social-news-and-bookmarking-script/ Author: Ihsan Sencan Author Web: http://ihsan.net...

0.5AI score
Exploits0
0day.today
0day.today
added 2017/01/20 12:0 a.m.21 views

Social News and Bookmarking Script - SQL Injection Vulnerability

Exploit for php platform in category web applications Vulnerability: SQL Injection Date: 19.01.2017 Vendor Homepage: http://www.scriptfolder.com/ Script Name: Social News and Bookmarking Script Script Buy Now:...

7.1AI score
Exploits0
Exploit DB
Exploit DB
added 2017/01/19 12:0 a.m.31 views

Social News and Bookmarking Script - SQL Injection

Vulnerability: SQL Injection Date: 19.01.2017 Vendor Homepage: http://www.scriptfolder.com/ Script Name: Social News and Bookmarking Script Script Buy Now: http://www.scriptfolder.com/scriptfolder-bookmark-drive-social-news-and-bookmarking-script/ Author: Ihsan Sencan Author Web: http://ihsan.net...

7.4AI score
Exploits0
Hacker One
Hacker One
added 2016/12/20 4:3 a.m.13 views

Discourse: Users can bookmark other user's messages

If you could guess a personal message post ID, you could bookmark it via a specially formatted URL and see the first 200 chars of the personal message in your bookmarks...

2AI score
Exploits0
NVD
NVD
added 2016/12/15 6:59 a.m.19 views

CVE-2016-7867

Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable buffer overflow / underflow vulnerability in the RegExp class related to bookmarking in searches. Successful exploitation could lead to arbitrary code execution...

8.8CVSS9.1AI score0.10701EPSS
Exploits0References9
OSV
OSV
added 2016/12/15 6:59 a.m.2 views

CVE-2016-7867

Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable buffer overflow / underflow vulnerability in the RegExp class related to bookmarking in searches. Successful exploitation could lead to arbitrary code execution...

8.8CVSS6.3AI score0.10701EPSS
Exploits0References9
RedHat Linux
RedHat Linux
added 2016/12/14 1:2 p.m.14 views

flash-plugin: multiple code execution issues fixed in APSB16-39

Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable buffer overflow / underflow vulnerability in the RegExp class related to bookmarking in searches. Successful exploitation could lead to arbitrary code execution...

8.8CVSS6.3AI score0.10701EPSS
Exploits0References5
Rows per page
Query Builder