Nextcloud: Reflected XSS in U2F plugin by shipping the example endpoints

While running a RIPS scan against our instrumentalized source code it noticed that the file /apps/twofactoru2f/vendor/yubico/u2flib-server/examples/localstorage/index.php echoes on user input: F145451 I was first a tad confused because the examples have been removed from our Git repository, but t...

ip-geolocation-map-bing NSE Script

This script queries the Nmap registry for the GPS coordinates of targets stored by previous geolocation scripts and renders a Bing Map of markers representing the targets. The Bing Maps REST API has a limit of 100 markers, so if more coordinates are found, only the top 100 markers by number of IP...

Chaordic Search 1.1 Cross Site Scripting

Cross Site Scripting on Chaordic Search v1.1 + Date: 09/12/2016 + Risk: LOW + CWE number: CWE-79 + Author: Felipe Andrian Peixoto + Vendor Homepage: https://www.chaordic.com.br/ + Contact: [email protected] + Tested on: Gnu/Linux + Exploit : http://busca.host/?q= XSS PAYLOAD + Payload :...

tso-brute NSE Script

TSO account brute forcer. This script relies on the NSE TN3270 library which emulates a TN3270 screen for NMAP. TSO user IDs have the following rules: - it cannot begin with a number - only contains alpha-numeric characters and @, , $. - it cannot be longer than 7 chars Script Arguments...

creak - Poison, Reset, Spoof, Redirect MITM Script

Performs some of the most famous MITM attack on target addresses located in a local network. Among these, deny navigation and download capabilities of a target host in the local network performing an ARP poison attack and sending reset TCP packets to every request made to the router. Born as a...

pcre: inefficient posix character class syntax check (8.38/16)

The pcrecompile function in pcrecompile.c in PCRE before 8.38 mishandles certain : nesting, which allows remote attackers to cause a denial of service CPU consumption or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object...

Axessh 4.2 - Denial Of Service

Exploit for windows platform in category dos / poc + Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/AXESSH-DENIAL-OF-SERVICE.txt + ISR: ApparitionSec Vendor: ============ www.labf.com Product: ============= Axessh 4.2.2...

arch-audit - An utility like pkg-audit for Arch Linux

An utility like pkg-audit for Arch Linux. Based on Arch CVE Monitoring Team data Uses data collected by the awesome Arch CVE Monitoring Team . Installation From AUR The PKGBUILD is available on AUR . After the installation just execute arch-audit . From sources git clone...

WordPress Newsletter 4.6.0 Cross Site Request Forgery / Cross Site Scripting

Exploit for php platform in category web applications Wordpress Plugin: Newsletter 4.6.0 https://wordpress.org/plugins/newsletter/ is vulnerable to CSRF and XSS. The issue is supposed to be fixed in version 4.6.1 . See https://wordpress.org/plugins/newsletter/changelog/ for more details. 1. Store...

Simple Shopping Cart Application 0.1 - SQL Injection

Simple Shopping Cart Application 0.1 - SQL Injection Exploit Title.............. Simple Shopping Cart Application SQL Injection Google Dork................ inurl:"product-details.php?prodid=" "Designed by FBC Students" Date....................... 14/10/2016 Exploit Author............. lahilote...

Web Based Alumni Tracking System 0.1 - SQL Injection

Web Based Alumni Tracking System 0.1 - SQL Injection Exploit Title.............. Web Based Alumni Tracking System Multiple Vulnerability Google Dork................ N/A Date....................... 14/10/2016 Exploit Author............. lahilote Vendor Homepage...

Simple Shopping Cart Application 0.1 - SQL Injection

Exploit Title.............. Simple Shopping Cart Application SQL Injection Google Dork................ inurl:"product-details.php?prodid=" "Designed by FBC Students" Date....................... 14/10/2016 Exploit Author............. lahilote Vendor Homepage...

Web Based Alumni Tracking System 0.1 - SQL Injection

Exploit Title.............. Web Based Alumni Tracking System Multiple Vulnerability Google Dork................ N/A Date....................... 14/10/2016 Exploit Author............. lahilote Vendor Homepage............ http://www.sourcecodester.com/php/10832/web-based-alumni-tracking-system.html...

WordPress Newsletter 4.6.0 Cross Site Request Forgery / Cross Site Scripting

Hello, Wordpress Plugin: Newsletter 4.6.0 https://wordpress.org/plugins/newsletter/ is vulnerable to CSRF and XSS. The issue is supposed to be fixed in version 4.6.1 . See https://wordpress.org/plugins/newsletter/changelog/ for more details. 1. Stored Cross-Site Scripting XSS Authenticated...

Raptor Web Application Firewall

Raptor Web Application Firewall Raptor Web Application Firewall is a simple web application firewall made in C, using KISS principle , to make poll use select function, is not better than epoll or kqueue from BSD but is portable, the core of match engine using DFA to detect XSS, SQLi and path...

coap-resources NSE Script

Dumps list of available resources from CoAP endpoints. This script establishes a connection to a CoAP endpoint and performs a GET request on a resource. The default resource for our request is code/.well-known/core/core, which should contain a list of resources provided by the endpoint. For...

TikiWiki 15.1 ELFinder Unauthenticated File Upload

Description A file upload vulnerability in Tiki Wiki --Part83012510490351498898101-- 3. Info Author: Mehmet Ince https://www.exploit-db.com/exploits/40091/...

Informatica: [careers.informatica.com] Reflected Cross Site Scripting to XSS Shell Possible

Description Cross-site Scripting XSS refers to client-side code injection attack wherein an attacker can execute malicious scripts also commonly referred to as a malicious payload into a legitimate website or web application. XSS is amongst the most rampant of web application vulnerabilities and...

pcre: buffer overflow caused by recursive back reference by name within certain group (8.38/4)

PCRE before 8.38 mishandles the /?J?'d'?'d'\gd/ pattern and related patterns with certain recursive back references, which allows remote attackers to cause a denial of service buffer overflow or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScri...

Debian Security Advisory DSA 3582-1 (expat - security update)

Gustavo Grieco discovered that Expat, an XML parsing C library, does not properly handle certain kinds of malformed input documents, resulting in buffer overflows during processing and error reporting. A remote attacker can take advantage of this flaw to cause an application using the Expat libra...