HTTP Parameter Pollution

form-data is vulnerable to HTTP Parameter Pollution HPP. The vulnerability is due to the use of weak randomness in generating boundary values in lib/formdata.js, which allows an attacker to perform HTTP Parameter Pollution HPP by manipulating form data...

CVE-2017-15204

In Kanboard before 1.0.47, by altering form data, an authenticated user can add automatic actions to a private project of another user...

CVE-2017-15208

In Kanboard before 1.0.47, by altering form data, an authenticated user can remove automatic actions from a private project of another user...

Reservation Management System 1.0 Cross Site Request Forgery

============================================================================================================================================= | Title : Reservation Management System 1.0 CSRF Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 129.0.1 ...

PPDB 2.4-update 6118-1 Cross Site Request Forgery

============================================================================================================================================= | Title : ppdb v2.4-update 6118-1 CSRF Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 125.0.1 64 bits | ...

CVE-2024-45233

An issue was discovered in powermail extension through 12.3.5 for TYPO3. Several actions in the OutputController can directly be called, due to missing or insufficiently implemented access checks, resulting in Broken Access Control. Depending on the configuration of the Powermail Frontend plugins...

JobSearch WP Job Board < 2.3.4 - Arbitrary File Upload to RCE

Description The plugin does not validate files to be uploaded, which could allow unauthenticated attackers to upload arbitrary files such as PHP on the server Navigate to the site, and paste the following in your browser's console: fetch'/wp-admin/admin-ajax.php', method: 'POST', headers:...

Feehi CMS 2.1.1 - Remote Code Execution (Authenticated)

Exploit Title: Feehi CMS 2.1.1 - Remote Code Execution RCE Authenticated Date: 22-08-2022 Exploit Author: yuyudhn Vendor Homepage: https://feehi.com/ Software Link: https://github.com/liufee/cms Version: 2.1.1 REQUIRED Tested on: Linux, Docker CVE : CVE-2022-34140 Proof of Concept: 1. Login using...

Simple CRM 3.0 Cross Site Request Forgery

Exploit Title: Simple CRM 3.0 - 'Change user information' Cross-Site Request Forgery CSRF Date: 20/06/2021 Exploit Author: Riadh Benlamine rbn0x00 Vendor Homepage: https://phpgurukul.com/ Software Link: https://phpgurukul.com/small-crm-php/ Version: 3.0 Category: Webapps Tested on: Apache2+MariaD...

Code injection

In Kanboard before 1.0.47, by altering form data, an authenticated user can edit a category of a private project of another user...

CVE-2017-15198

In Kanboard before 1.0.47, by altering form data, an authenticated user can edit a category of a private project of another user...

CVE-2017-15197

CVE-2017-15197 affects Kanboard pre-1.0.47. An authenticated user can bypass input checks by altering form data to add a new category to another user’s private project. The root cause is a lack of proper validation for form submissions that modify project metadata, enabling unauthorized category ...

CVE-2017-12851

An authenticated standard user could reset the password of the admin by altering form data. Affects kanboard before 1.0.46...

Safari < 5.1.7 Multiple Vulnerabilities

Binary data 800989.prm...