6 matches found
Cross-site Scripting (XSS) - Stored in evereux/flicket
Description Stored XSS in deleting departments page due to unsanitized input in many places. Proof of Concept 1. Create a new department with name 2. After creating the above department, Click on delete icon next to it and see the pop up. 3. Create a new ticket with title 4. View the ticket and s...
CVE-2017-8102
Stored XSS in Serendipity v2.1-rc1 allows an attacker to steal an admin's cookie and other information by composing a new entry as an editor user. This is related to lack of the serendipityeventxsstrust plugin and a setconfig error in that plugin...
vBulletin Announcements Cookie Steal Vulnerability
If you get access to a forum with an acc that only has default acp, you can get all users information by creating a cookie stealer in announcements. vBulletin Announcements, by default has html enabled, so if you get access to a forum using other exploits and get a user with acp info, but it only...
PiXie CMS v1.04 <= Multiple CSRF Vulnerabilities
Exploit for php platform in category web applications Add Super User: Add Post: !-- Exploit Title: PiXie CMS v1.04 = CSRF Add Post Google Dork: allintext: "Pixie Powered" Date: 28/12/2010 Author: Ali Raheem AKA wolfmankurd Software Link: http://pixie-cms.googlecode.com/files/pixiev1.04.zip Versio...
PiXie CMS 1.04 - Multiple Cross-Site Request Forgery Vulnerabilities
Add Super User: Add Post: !-- Exploit Title: PiXie CMS v1.04 = CSRF Add Post Google Dork: allintext: "Pixie Powered" Date: 28/12/2010 Author: Ali Raheem AKA wolfmankurd Software Link: http://pixie-cms.googlecode.com/files/pixiev1.04.zip Version: =1.04 Tested on: Linux sheevaplug-debian...
PiXie CMS 1.04 - Multiple Cross-Site Request Forgery Vulnerabilities
PiXie CMS 1.04 - Multiple Cross-Site Request Forgery Vulnerabilities Add Super User: Add Post: !-- Exploit Title: PiXie CMS v1.04 = CSRF Add Post Google Dork: allintext: "Pixie Powered" Date: 28/12/2010 Author: Ali Raheem AKA wolfmankurd Software Link:...