CVE-2018-1000875

Berkeley Open Infrastructure for Network Computing BOINC Server and Website Code version 0.9-1.0.2 contains a CWE-302: Authentication Bypass by Assumed-Immutable Data vulnerability in Website Terms of Service Acceptance Page that can result in Access to any user account. This attack appear to be...

CVE-2018-1000219

OpenEMR version v5014 contains a Cross Site Scripting XSS vulnerability in The 'scan' parameter in line 41 of interface/fax/faxview.php that can result in The vulnerability could allow remote authenticated attackers to inject arbitrary web script or HTML.. This attack appear to be exploitable via...

mercurio.detran.pa.gov.br IFRAME Injection vulnerability

Open Bug Bounty ID: OBB-645729 Description| Value ---|--- Affected Website:| mercurio.detran.pa.gov.br Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| Iframe Injection / CWE-79 CVSSv3 Score:| 6.1...

koreatourcard.kr Open Redirect vulnerability

Open Bug Bounty ID: OBB-413658 Description| Value ---|--- Affected Website:| koreatourcard.kr Vulnerable Application:| Custom Code Vulnerability Type:| Open Redirect / CWE-601 CVSSv3 Score:| 3.4 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:N Remediation Guide:| OWASP Open Redirect Cheat Sheet...

khabarovsk.kassy.ru Open Redirect vulnerability

Open Bug Bounty ID: OBB-143114 Description| Value ---|--- Affected Website:| khabarovsk.kassy.ru Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| Open Redirect / CWE-601 CVSSv3 Score:| 3.4...

experts-exchange.com XSS vulnerability

Vulnerable URL: http://www.experts-exchange.com/searchResults.jsp?searchType=ALL=...

IceWarp Mail Server 10.4.5 XSS / XXE Injection

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple vulnerabilities in IceWarp Mail Server product: IceWarp Mail Server vulnerable version: =10.4.5 fixed version: 10.4.5-1 impact: Critical homepage:...

WordPress Plg Novana SQL Injection

Exploit Title : Wordpress plgnovana plugin Sql Injection Exploit Author : Ashiyane Digital Security Team Discovered By : sil3nt Home : www.ashiyane.org Security Risk : High - SQL Injection Dork : inurl:/plugins/plgnovana/novanadetail.php Expl0iTs :...

reflected xss in the pageId request parameter in 500page.jsp

A scanner picked up that the pageId parameter in 500page.jsp is a potentially reflected xss bug. This can be exploited through a url like the following: https://example.com/pages/viewtrash.vm;editpage?pageId=%22%3E%3Cscript%3Ealert1%3C/script%3E code /images/icons/emoticons/warning.png" You can...

Netplanet SQL Injection

IRANIAN THE BEST HACKERS IN THE WORLD Remote SQL injection Vulnerability netplanet dettaglio.asp?id AuTh0r : EhsanHp200 H0ME : www.ehsanhp.blogsky.com Email : [email protected] Vendor : http://www.netplanet.it/ Persian Gulf 4 Ever! Dork : "Powered by netplanet" "inurl:dettaglio.asp?id="...

Unfixed XSS vulnerability at tajeule.com

Security researcher Mystick, has submitted on 19/06/2009 a cross-site-scripting XSS vulnerability affecting tajeule.com, which at the time of submission ranked 0 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 13/01/2012. It is currently unfixe...

Cheap corporate network V1. 0 vulnerability analysis-vulnerability warning-the black bar safety net

QQ:7 9 5 8 6 0 0 products. the asp part of the code % pages=1 0 leixing=lcasetrimrequest"id" select case leixing case "big" anclassid=request"anid" set rs=server. createobject"adodb. recordset" rs. open "select from sort1 where anclassid="&anclassid,conn,1,1 if rs. bof and rs. eof then response...

Unfixed XSS vulnerability at www.familysecuritymatters.org

Security researcher APS, has submitted on 21/02/2008 a cross-site-scripting XSS vulnerability affecting www.familysecuritymatters.org, which at the time of submission ranked 336414 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 06/04/2008. It ...