Server-side Request Forgery (SSRF)

org.apache.cxf:cxf-rt-rs-service-description is vulnerable to Server-side Request Forgery SSRF. The vulnerability is due to insufficient validation of the stylesheetReference and path parameters, which can be exploited by an attacker to perform SSRF style attacks. Note that this vulnerability is...

Engel & Völkers Technology GmbH: [go3-intern.engelvoelkers.com] - Reflected XSS in /dGPS3/default.jsp

Summary: The application fails to sanitize user input in https://go3-intern.engelvoelkers.com/dGPS3/default.jsp and reflect the input directly in the HTTP response, allowing the hacker to exploit the vulnerable parameter and have malicious content executed in the victim's browser. Description: A...

U.S. Dept Of Defense: SQL Injection in ████

Summary There is an SQL injection vulnerability in ████████ in the /█████/recruiter/updapp.aspx page, exploitable through the appid form parameter. Impact An attacker could use this vulnerability to control the content in the database, exfiltrate information, and obtain remote code execution...

Sitemakin SLAC 1.0 - my_item_search SQL Injection

Sitemakin SLAC 1.0 - myitemsearch SQL Injection Exploit Title: SLAC v1.0: Blind SQL Injection / XPath Injection Date: 29-05-2018 Vendor Homepage: https://sitemakin.com/login-script-demo Exploit Author: Divya Jain Version: v1.0 CVE: CVE-2018-11535 Category: Webapps Severity: High Tested on: KaLi...