78 matches found
divecenterforsale.com XSS vulnerability
Open Bug Bounty ID: OBB-657016 Description| Value ---|--- Affected Website:| divecenterforsale.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
Diving Log 6.0 - XML External Entity Injection
Exploit Title: Diving Log 6.0 XXE Injection + Date: 27-11-2017 + Exploit Author: Trent Gordon + Vendor Homepage: http://www.divinglog.de + Software Link: http://www.divinglog.de/english/download/ + Disclosed at: https://thenopsled.com/divinglog.txt + Version: 6.0 + Tested on: Windows 7 SP1,...
dive-arena.ru Open Redirect vulnerability
Open Bug Bounty ID: OBB-401600 Description| Value ---|--- Affected Website:| dive-arena.ru Vulnerable Application:| Custom Code Vulnerability Type:| Open Redirect / CWE-601 CVSSv3 Score:| 3.4 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:N Remediation Guide:| OWASP Open Redirect Cheat Sheet Vulnerab...
Blackware Dive Assistant XML External Entity Injection Vulnerability
Blackware Dive Assistant desktop version is a suite of dive assistant software from Blackware UK. The software is used to record, analyze and plan dive tools, dive tables etc. An XML external entity injection vulnerability exists in version 8.0 of Blackware Dive Assistant Desktop Edition. A remot...
CVE-2017-8918
XXE in Dive Assistant - Template Builder in Blackwave Dive Assistant - Desktop Edition 8.0 allows attackers to remotely view local files via a crafted template.xml file...
CVE-2017-8918
XXE in Dive Assistant - Template Builder in Blackwave Dive Assistant - Desktop Edition 8.0 allows attackers to remotely view local files via a crafted template.xml file...
Design/Logic Flaw
XXE in Dive Assistant - Template Builder in Blackwave Dive Assistant - Desktop Edition 8.0 allows attackers to remotely view local files via a crafted template.xml file...
CVE-2017-8918
XXE in Blackwave Dive Assistant – Desktop Edition 8.0 (Dive Assistant Template Builder) allows an attacker to view local files via a crafted template.xml. The vulnerability is XML External Entity (XXE) injection in the template builder that processes XML templates, enabling local-file disclosure....
CVE-2017-8918
XXE in Dive Assistant - Template Builder in Blackwave Dive Assistant - Desktop Edition 8.0 allows attackers to remotely view local files via a crafted template.xml file...
Dive Assistant Template Builder 8.0 - XML External Entity Injection
Dive Assistant Template Builder 8.0 - XML External Entity Injection + Exploit Title: Dive Assistant - Template Builder XXE Injection + Date: 12-05-2017 + Exploit Author: Trent Gordon + Vendor Homepage: http://www.blackwave.com/ + Software Link:...
Dive Assistant Template Builder 8.0 - XML External Entity Injection
Exploit Title: Dive Assistant - Template Builder XXE Injection + Date: 12-05-2017 + Exploit Author: Trent Gordon + Vendor Homepage: http://www.blackwave.com/ + Software Link: http://www.diveassistant.com/Products/DiveAssistantDesktop/index.aspx + Version: 8.0 + Tested on: Windows 7 SP1, Windows...
Tuscany Dive - Native code usage, Possible privilege escalation, SD-card access vulnerabilities
HackApp vulnerability scanner discovered that application Tuscany Dive published at the 'play' market has multiple vulnerabilities...
Heroku API Deep Dive Script Insertion
Document Title: =============== Heroku API Deep Dive Bug Bounty 3 - Persistent UI Vulnerability References Source: ==================== http://vulnerability-lab.com/getcontent.php?id=1398 BugCrowd ID: 6b37910a3c5685b944a3ad65068aa251af47450953a06b8b13d74b35d708f6b0 Acknowledgement Hall of Fame:...
CVE-2014-6913
The Dive The World aka com.paperton.wl.divetheworld application 1.53 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...
CVE-2014-6913
CVE-2014-6913 affects the Android app Dive The World (package com.paperton.wl.divetheworld) version 1.53. The vulnerability is that the app does not verify X.509 certificates from SSL servers, enabling man-in-the-middle attackers to spoof servers and exfiltrate sensitive information via a crafted...
[SECURITY] Fedora 20 Update: subsurface-4.2-1.fc20.1
Subsurface is an open source dive log program. Developed in C using GTK+-2.0, glib-2 and libxml-2, it relies on libdivecomputer to connect to the dive computer and thus support all the dive computer supported by libdivecomputer...
Dive Trip Calculator Cross Site Scripting / SQL Injection
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /' \ /\ //\ Exploit database separated by exploit 0 0 // type local, remote, DoS, etc. 1 1 1 0 + Site : Inj3ct0r.com 0 1 + Support e-mail :...
Dive Trip Calculator Xss & SQL Injection Vulnerabilities
Exploit for php platform in category web applications ======================================================== Dive Trip Calculator Xss & SQL Injection Vulnerabilities ======================================================== 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0...