Muviko 1.0 - (q) Parameter SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: Muviko - Video CMS v1.0 – 'q' Parameter SQL Injection Date: 02.08.2017 Vendor Homepage: https://muvikoscript.com/ Exploit Author: Kaan KAMIS Contact: iletisimatk2andotcom Website: http://k2an.com Category: Web Application Exploi...

CVE-2017-9822

DNN aka DotNetNuke before 9.1.1 has Remote Code Execution via a cookie, aka “2017-08 Critical Possible remote code execution on DNN sites.” Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

WakaTime: JSON CSRF on POST Heartbeats API

Thanks @sp1d3rs! WakaTime API used JSON for communications and supported cookie-based authentication/CSRF protection on https://api.wakatime.com. Usually, JSON is CSRF-safe, but only when requests with content-type other than application/json gets rejected or additional CSRF protection is in plac...

Fortinet FortiOS Cross-Site Scripting Vulnerability (CNVD-2017-11806)

Fortinet FortiOS is a set of security operating system developed by the U.S. Fiat Fortinet company dedicated to FortiGate network security platform. The system provides users with firewall, antivirus, IPSec/SSL VPN, Web content filtering and anti-spam and other security features. A cross-site...

XOOPS <= 2.5.8.1 XSS Vulnerability

XOOPS is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:xoops:xoops";...

REST API attachment request still works with wrong/expired cookie

h3. Summary If you perform a REST API attachment request using Cookie Based Authentication with wrong/expired cookie it will still return results with 200 status code. h3. Environment JIRA v1000.892.2 h3. Steps to Reproduce Use Cookie Based Authentication using a wrong/expired cookie Perform a RE...

CMS Made Simple Cross-Site Scripting Vulnerability (CNVD-2017-05372)

CMS Made Simple CMSMS is an open source content management system CMS developed by the CMSMS team. The system supports role-based rights management system , wizard-based installation and update mechanism , intelligent caching mechanism and so on. A cross-site scripting vulnerability exists in CMS...

PT-2017-2833 · Citrix · Citrix Netscaler Sd-Wan +1

Name of the Vulnerable Software and Affected Versions: Citrix NetScaler SD-WAN devices through v9.1.2.26.561201 Description: The issue exists due to insufficient input validation in the management interface component of Citrix NetScaler SD-WAN. This allows a remote attacker to execute arbitrary...

CVE-2016-0305

IBM Connections is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the U...

Drupal OpenLucius module cross-site request forgery vulnerability

Drupal is a free, open source content management system developed in PHP and maintained by the Drupal community.OpenLucius is one of the work management platforms for social communication, documentation and projects. A cross-site request forgery vulnerability exists in the Drupal OpenLucius modul...

Cross site scripting

IBM Cognos Business Intelligence and IBM Cognos Analytics are vulnerable to stored cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to inject malicious script into a Web page which would be executed in a victim's Web...

Cisco Unified Communications Manager Cross-Site Scripting Vulnerability (CNVD-2017-01082)

Cisco Unified Communications Manager is a call processing component of a Cisco IP telephony solution. A cross-site scripting vulnerability exists in Cisco Unified Communications Manager that stems from a failure to validate user input. An attacker could use this vulnerability to execute arbitrary...

Splunk 6.1.1 - &#039;Referer&#039; Header Cross-Site Scripting

Exploit Title: Splunk 'Referer' Header Cross Site Scripting Vulnerability Date: 7th January 2017 Exploit Author: justpentest Vendor Homepage: http://www.splunk.com/ Version: Splunk 6.1.1 other versions may also be affected. Contact: [email protected] Source:...

Mozilla Thunderbird Security Advisories (MFSA2016-96, MFSA2016-96) - Windows

Mozilla Thunderbird is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mozilla:thunderbird";...

IBM iNotes and Domino Cross-Site Scripting Vulnerability (CNVD-2016-11819)

IBM iNotes and Domino are both products of IBM Corporation in the U.S. iNotes is a suite of Web-based e-mail software; Domino is a platform for hosting social business applications. A cross-site scripting vulnerability exists in IBM iNotes and Domino that stems from the program failing to properl...

Kmail HTML Injection Vulnerability

KMail is a mail client for KDE that supports protocols such as IMAP and POP3. An HTML injection vulnerability exists in Kmail, which can be exploited by an attacker to steal cookie-based authentication credentials...

Juniper Junos J-Web Cross-Site Scripting Attack Vulnerability

Juniper Junos is a Juniper Networks network operating system designed for the company's hardware systems. The operating system provides a secure programming interface and the Junos SDK. A cross-site scripting attack vulnerability exists in Juniper Junos J-Web, which could be exploited by an...

IBM UrbanCode Deploy Cross-Site Scripting Vulnerability

IBM UrbanCode Deploy UCD is a set of application automation deployment tools from IBM in the United States. The tool is based on an application deployment automation management information model, and through remote agent technology, to realize the complex application in different environments, su...

Infoblox Network Automation Cross-Site Scripting Vulnerability

Infoblox Network Automation is a suite of automated network configuration and change management software from Infoblox USA. The software has the ability to automate the review and analysis of network changes using built-in expert topics. A cross-site scripting vulnerability exists in Infoblox...

ClipBucket < 2.8.1 XSS Vulnerability

ClipBucket is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...