87 matches found
Topcoder: CSRF on https://apps.topcoder.com/wiki/plugins/socialbookmarking/updatebookmark.action
Summary: Hi : There is a CSRF on creating bookmarks form. Steps To Reproduce: There is no CSRF token or anything like that on https://apps.topcoder.com/wiki/plugins/socialbookmarking/updatebookmark.action. I added the poc html file below. When someone opens this html file, or we can add it into o...
Topcoder: Reflected XSS on https://apps.topcoder.com/wiki/plugins/socialbookmarking/updatebookmark.action
Summary: Hi : A reflected XSS occurs when creating bookmarks. Steps To Reproduce: A user can create bookmarks on https://apps.topcoder.com/wiki/plugins/socialbookmarking/updatebookmark.action. In this url redirect and url parameters are vulnerable to XSS. PoC:...
WordPress wp-social-bookmarking-light plugin cross-site request forgery vulnerability
WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. wp-social-bookmarking-light is a social sharing plugin that is used in it. A cross-site request forgery vulnerability exists in...
The vulnerability of Firefox browsers arises from the possibility of executing scripts from the bookmarking panel on a page or through PDF viewing tools, allowing an attacker to execute arbitrary code.
The vulnerability of Firefox browsers arises from the possibility of executing scripts from the bookmarking buffer or during PDF file viewing. Exploiting this vulnerability allows a malicious actor to execute arbitrary code using a specially crafted website...
Cross site request forgery (csrf)
The wp-social-bookmarking-light plugin before 1.7.10 for WordPress has CSRF with resultant XSS via configuration parameters for Tumblr, Twitter, Facebook, etc. in wp-admin/options-general.php?page=wp-social-bookmarking-light%2Fmodules%2Fadmin.php...
CVE-2015-9433
The wp-social-bookmarking-light plugin for WordPress is affected by a CSRF leading to XSS via configuration parameters in wp-admin/options-general.php?page=wp-social-bookmarking-light/modules/admin.php. This vulnerability exists in versions prior to 1.7.10. Root cause: CSRF enables insertion of m...
vBulletin 4.2.5 Thread Post Bookmarking 1.2.0 Open Redirection
Exploit Title : vBulletin 4.2.5 Thread Post Bookmarking 1.2.0 Open Redirection Author Discovered By : KingSkrupellos Team : Cyberizm Digital Security Army Date : 04/03/2019 Vendor Homepages : vbulletin.com dragonbyte-tech.com Software Information Link :...
CVE-2018-9185
An information disclosure vulnerability in Fortinet FortiOS 6.0.0 and below versions reveals user's web portal login credentials in a Javascript file sent to client-side when pages bookmarked in web portal use the Single Sign-On feature...
Newsbeuter Code Execution Vulnerability
Newsbeuter is an open source RSS/Atom reader for text terminals running on Unix-like operating systems such as Linux, FreeBSD, and Mac OS X. It can be used in a variety of applications, such as mobile phones, mobile devices, and mobile phones. A security vulnerability exists in the operating syst...
CVE-2017-12904
Improper Neutralization of Special Elements used in an OS Command in bookmarking function of Newsbeuter versions 0.7 through 2.9 allows remote attackers to perform user-assisted code execution by crafting an RSS item that includes shell code in its title and/or URL...
ALPINE-CVE-2017-12904
Improper Neutralization of Special Elements used in an OS Command in bookmarking function of Newsbeuter versions 0.7 through 2.9 allows remote attackers to perform user-assisted code execution by crafting an RSS item that includes shell code in its title and/or URL...
CVE-2017-12904
Removed by vendor...
CVE-2017-12904
Improper Neutralization of Special Elements used in an OS Command in bookmarking function of Newsbeuter versions 0.7 through 2.9 allows remote attackers to perform user-assisted code execution by crafting an RSS item that includes shell code in its title and/or URL...
Social News And Bookmarking Script SQL Injection
Vulnerability: SQL Injection Date: 19.01.2017 Vendor Homepage: http://www.scriptfolder.com/ Script Name: Social News and Bookmarking Script Script Buy Now: http://www.scriptfolder.com/scriptfolder-bookmark-drive-social-news-and-bookmarking-script/ Author: Ihsan Sencan Author Web: http://ihsan.net...
Social News and Bookmarking Script - SQL Injection Vulnerability
Exploit for php platform in category web applications Vulnerability: SQL Injection Date: 19.01.2017 Vendor Homepage: http://www.scriptfolder.com/ Script Name: Social News and Bookmarking Script Script Buy Now:...
Social News and Bookmarking Script - SQL Injection
Vulnerability: SQL Injection Date: 19.01.2017 Vendor Homepage: http://www.scriptfolder.com/ Script Name: Social News and Bookmarking Script Script Buy Now: http://www.scriptfolder.com/scriptfolder-bookmark-drive-social-news-and-bookmarking-script/ Author: Ihsan Sencan Author Web: http://ihsan.net...
Discourse: Users can bookmark other user's messages
If you could guess a personal message post ID, you could bookmark it via a specially formatted URL and see the first 200 chars of the personal message in your bookmarks...
CVE-2016-7867
Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable buffer overflow / underflow vulnerability in the RegExp class related to bookmarking in searches. Successful exploitation could lead to arbitrary code execution...
CVE-2016-7867
Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable buffer overflow / underflow vulnerability in the RegExp class related to bookmarking in searches. Successful exploitation could lead to arbitrary code execution...
flash-plugin: multiple code execution issues fixed in APSB16-39
Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable buffer overflow / underflow vulnerability in the RegExp class related to bookmarking in searches. Successful exploitation could lead to arbitrary code execution...