Stored Cross Site Scripting (XSS) via "properties" during creating new users

Description From demo url login click people icon at the left bar click "Customers" Click "New Customer" button from page Fill up the "Edit" tab Click "Save" button above Click "Properties" tab From "Add a custom Property" field , add "Test" on the first field Click and select "text" on the secon...

tiendapablus.com XSS vulnerability

Open Bug Bounty ID: OBB-674490 Description| Value ---|--- Affected Website:| tiendapablus.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

mooSocial Store 2.6 SQL Injection

Exploit Title: mooSocial Store Plugin 2.6 - SQL Injection Exploit Author: Andrea Bocchetti Date: 2018-08-28 Google Dork: N/A - Vendor: https://moosocial.com/product/store-plugins/ Software Link: https://moosocial.com/product/store-plugins/ Demo URL: http://addons.moosocial.com/stores Purchase lin...

Brother HL-L2340D / HL-L2380DW Cross Site Scripting

Exploit Title: XSS at Brother HL-L2340D & HL-L2380DW series Date: 30.05.2018 Exploit Author: Huy Kha Vendor Homepage: http://support.brother.com Software Link: Website Version: HL-L2340D & HL-L2380DW series Tested on: Mozilla FireFox Reflected XSS Payload : "--!" Description : Starting searching...

WordPress PopCash.Net Publisher Code Integration 1.0 Cross Site Scripting

Class Input Validation Error Remote Yes Reflected Yes Credit Ricardo Sanchez Vulnerable PopCash.Net Publisher Code Integration plugin 1.0 PopCash.Net Publisher Code Integration plugin is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An...

Joomla! Component LMS King Professional 3.2.4.0 - SQL Injection

Joomla! Component LMS King Professional 3.2.4.0 - SQL Injection Exploit Title: Joomla! Component LMS King Professional v3.2.4.0 - SQL Injection Dork: N/A Date: 02.08.2017 Vendor : http://king-products.net/ Software:...

Airbnb Crashpadder Clone Script - SQL Injection

Exploit Title: Airbnb Crashpadder Clone Script - SQL Injection Google Dork: N/A Date: 05.04.2017 Vendor Homepage: http://bimedia.info/ Software: http://bimedia.info/airbnb-premium-clone-script/ Demo: http://airbnb.clonedemo.com/ Version: N/A Tested on: Win7 x64, Kali Linux x64 Exploit Author: Ihs...

CLUB-8 EMS - SQL Injection

Exploit Title: CLUB-8 EMS - Event Management System - SQL Injection Google Dork: N/A Date: 10.02.2017 Vendor Homepage: http://rexbd.net/ Software Buy: https://codecanyon.net/item/club8-ems-event-management-system-a-to-z/14067759 Demo: http://ems.rexbd.net/ Version: N/A Tested on: Win7 x64, Kali...

Funny Image And Video Script 2.0.0 SQL Injection

Exploit Title: Flippy ChillOut a Funny Image and Video Script v2.0.0 - SQL Injection Google Dork: N/A Date: 06.02.2017 Vendor Homepage: https://www.flippyscripts.com/ Software Buy: https://www.flippyscripts.com/flippy-chillout-funny-image-and-video-script/ Demo: http://chillout.flippydemos.com/...

Joomla Event Booking 2.10.1 SQL Injection

Exploit Title : Joomla Event Booking Component - SQL Injection Exploit Author : Persian Hack Team Homepage : http://persian-team.ir Vendor Homepage : http://extensions.joomla.org/extension/event-booking Category Webapps Tested on Win Version : 2.10.1 Date 2016/09/25 PoC = Sql Injection : Date...

AN IT CMS - SQL Injection Vulnerability

========================================================== + Title :- WAN IT CMS - SQL Injection Vulnerability + Date :- 23 - July - 2015 + Vendor Homepage :- http://www.wanitltd.com/ + Version :- All Versions + Tested on :- Nginx/1.4.5, PHP/5.2.17, Linux - Windows + Category :- webapps + Google...

Joomla ContusHDVideoShare com_contushdvideoshare - Arbitrary File Download Vulnerability

Exploit for php platform in category web applications Exploit Title: Joomla component comcontushdvideoshare - Arbitrary File Download Vulnerability Google Dork: "comcontushdvideoshare" Date: 25/01/2015 Exploit Author: X-Line Empire North - Tetouan Vendor Homepage: Dork : www.hdflvplayer.net...

Joomla Joomanager SQL Injection Vulnerability

No description provided by source. Note from the vendor received 10Mar11: The old code was using JReguest::GetVar and we change it to JReguest::GetInt so the catid must be an integer only and not text. We updated this over 6 months ago in version 1.1.1 1 1 0 I'm Sid3^effects member from Inj3ct0r...

joomla com_jsubscription SQLi Vulnerability

No description provided by source. ============================================ joomla comjsubscription SQLi Vulnerability ============================================ 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /...

Micronetsoft RV Dealer Website SQL Injection Vulnerability

No description provided by source. Author: L0rd CrusAd3r aka VSN [email protected] Exploit Title: Micronetsoft RV Dealer Website SQLi Vulnerability Vendor url:http://www.micronetsoft.com Version:1 Price:199$ Published: 2010-09-06 GThanx to:r0073r inj3ct0r.com, Sid3^effects, MaYur, MA1201, Son...

Eyeland Studio Inc. SQL Injection Vulnerability

No description provided by source. Title: Eyeland Studio Inc. SQL Injection Vulnerability Version: 2.0 Author: Mr.P3rfekT Software Site:http://www.eyeland.com/ Tested on Lunix CVE : N/A Home :www.realmadridsy.com & www.v4-team.com/cc Founded By Mr.P3rfekT Dork :Eyeland Studio Inc. All Rights...

Bs Realtor_Web Script SQL Injection Vulnerability

No description provided by source. 1 1 0 I'm Sid3^effects member from Inj3ct0r Team 1 1 0 0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1 Name : Bs RealtorWeb Script Sqli Vulnerability Date : july 5,2010 Critical Level : HIGH vendor URL :http://www.brotherscripts.com/...

PenPals Authentication Bypass

No description provided by source. Author: L0rd CrusAd3r aka VSN [email protected] Exploit Title: PenPals Authentication Bypass Vendor url:http://www.anblik.com Version:1.0 Price:1200$ Published: 2010-06-17 Greetz to:Sid3^effects, MaYur, M4n0j, Dark Blue, S1ayer,d3c0d3r,KD and to all ICW...

Inout Ad server Ultimate Shell Upload Vulnerabilty

No description provided by source. ============================================================== Inout Ad server Ultimate -- Shell upload Vulnerabilty ============================================================== Name : Inout Ad server Ultimate Shell upload Vulnerabilty Date : july 9,2010...

KMSoft GB SQL Injection Vulnerabilty

No description provided by source. ============================================================== KMSoft GB --SQl iNjection Vulnerabilty ============================================================== Name : KMSoft GB --SQl iNjection Vulnerabilty Date : july 9,2010 Critical Level :VERY HIGH vendor...