CityBook < 2.4.4 - Unauthenticated Reflected XSS

Unauthenticated Reflected XSS vulnerability was discovered in the «CityBook - Directory & Listing WordPress Theme», tested version — v2.4.3. Edit WPScanTeam June 17th, 2020 - Confirmed & Escalated to Envato June 18th, 2020 - v2.4.4 released, fixing the issue...

Exploit for Missing Authentication for Critical Function in Atlassian Jira

CVE-2019-8449 Proof Of Concept Exploit f...

Malicious Package

Overview All versions of evil-package contain malicious code. The package uploads the contents of process.env to example.com/log. Recommendation Remove the package from your environment. Given the host where the information was uploaded to there is no further indication of compromise. References...

Advanced Access Manager < 5.9.9 - Arbitrary File Access/Download

Advanced Access Manager before Version 5.9.9 allows reading arbitrary files without checking whether a user is allowed to read the given file. This way one can download the wp-config.php file and get access to the database, which is publicly reachable on many servers...

CVE-2018-20857

Zendesk Samlr before 2.6.2 allows an XML nodes comment attack such as a nameid node with [email protected] followed by . and then the attacker's domain name...

Blog2Social <= 5.0.2 - Authenticated Cross-Site Scripting (XSS)

The Blog2Social: Social Media Auto Post & Scheduler WordPress plugin was affected by an Authenticated Cross-Site Scripting XSS security vulnerability. http://example.com/wp-admin/admin.php?page=blog2social-ship&postId=70&b2saction=1&b2supdatepublishdate='"...

Geutebrueck re_porter 16 - Cross-Site Scripting Vulnerability

Exploit for hardware platform in category web applications Exploit Title: Geutebrueck reporter 16 - Cross-Site Scripting Exploit Author: Kamil Suska Vendor: https://www.geutebrueck.com/enUS.html Link: https://www.sourcesecurity.com/geutebruck-re-porter-16-technical-details.html Version: prior...

GHSA-2J9C-9VMV-7M39 Missing Regex anchor in Rack-Cors allows malicious third party site to perform CORS request

Missing anchor in generated regex for rack-cors before 0.4.1 allows a malicious third-party site to perform CORS requests. If the configuration were intended to allow only the trusted example.com domain name and not the malicious example.net domain name, then example.com.example.net as well as...

example.com XSS vulnerability

Open Bug Bounty ID: OBB-328896 Description| Value ---|--- Affected Website:| example.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

CVE-2017-11173

Missing anchor in generated regex for rack-cors before 0.4.1 allows a malicious third-party site to perform CORS requests. If the configuration were intended to allow only the trusted example.com domain name and not the malicious example.net domain name, then example.com.example.net as well as...

CVE-2017-11173

Missing anchor in generated regex for rack-cors before 0.4.1 allows a malicious third-party site to perform CORS requests. If the configuration were intended to allow only the trusted example.com domain name and not the malicious example.net domain name, then example.com.example.net as well as...

Users to CSV <= 1.4.5 - Cross-Site Request Forgery (CSRF)

The users-to-csv WordPress plugin was affected by a Cross-Site Request Forgery CSRF security vulnerability. http://www.example.com/wp-admin/users.php?page=users2csv.php&csv=true&table=users http://www.example.com/wp-admin/users.php?page=users2csv.php&csv=true&table=comments...

HackerOne: Open-redirect on hackerone.com

Hello! I would like to report about open-redirect on hackerone.com Here is the PoC that redirects to example.com IP address: https://hackerone.com/%2F1572395042 There is one more strange behavior in URL. For example: https://hackerone.com//hackerone.com - works https://hackerone.com//hackerone1.c...

Zeeways ZeeJobsite 'basic_search_result.php' Cross Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/37290/info ZeeJobsite is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an...

VietPHP index.php language Parameter Remote File Inclusion

No description provided by source. source: http://www.securityfocus.com/bid/25226/info VietPHP is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues may allow an attacker to compromise the application and the...

phpBugTracker 0.9 bug.php Multiple Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/10153/info Reportedly phpBugTracker contains multiple input validation vulnerabilities; it is prone to multiple SQL injection, cross-site scripting and HTML injection issues. These issues are all due to a failure of the...

phpArcadeScript 2.0 displaygame.php gamefile Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/16957/info phpArcadeScript is prone to multiple cross-site scripting vulnerabilities. These issues are due to a lack of proper sanitization of user-supplied input. An attacker may leverage these issues to have arbitrary...

CubeCart 3.0.x admin/forgot_pass.php user_name Parameter SQL Injection

No description provided by source. source: http://www.securityfocus.com/bid/20215/info CubeCart is prone to multiple input-validation vulnerabilities, including information-disclosure, cross-site scripting, and SQL-injection issues, because the application fails to properly sanitize user-supplied...

Pre Studio Business Cards Designer SQL Injection

No description provided by source. =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Exploit Title: Pre Studio Business Cards Designer SQL Injection Vulnerability =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Author: drzig Date: 20-10-2011 Software Link:...

Magic Photo Storage Website user/upload_photo.php _config[site_path] Parameter Remote File Inclusion

No description provided by source. source: http://www.securityfocus.com/bid/21965/info Magic Photo Storage Website is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues may allow an attacker to compromise the...