golang: net/url: Memory exhaustion in query parameter parsing in net/url

A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted...

EUVD-2015-5412

Malware in sbrugna...

PDF-XChange Editor 缓冲区错误漏洞

Tracker Software PDF-XChange Editor is a suite of software for viewing and editing PDF format files from Tracker Software, a Canadian company. A buffer error vulnerability exists in PDF-XChange Editor, which is caused by a buffer overflow problem in the submitForm method...

GetSimple CMS Custom JS 0.1 Cross Site Request Forgery / Cross Site Scripting

Exploit Title: GetSimple CMS Custom JS Plugin 0.1 - CSRF to Persistent XSS Exploit Author: Abhishek Joshi Date: March 25, 2021 Vendor Homepage: http://get-simple.info/extend/plugin/custom-js/1267 / http://get-simple.info/download Software Link:...

Stock Management System 1.0 - Cross-Site Request Forgery (Change Username)

Exploit Title: Stock Management System 1.0 - Cross-Site Request Forgery Change Username Exploit Author: Bobby Cooke & Adeeb Shah @hyd3sec CVE ID: N/A Date: 2020-09-01 Vendor Homepage: https://www.sourcecodester.com/php/14366/stock-management-system-php.html Software Link:...

GetSimple CMS Plugin Multi User 1.8.2 - Cross-Site Request Forgery (Add Admin) Vulneraility

Exploit for php platform in category web applications Exploit Title: GetSimple CMS Plugin Multi User v1.8.2 - Cross-Site Request Forgery Add Admin Exploit Author: Bobby Cooke boku & Adeeb Shah @hyd3sec Vendor Homepage: http://get-simple.info/extend/plugin/multi-user/133/ Software Link:...

CVE-2019-16550

A cross-site request forgery vulnerability in a connection test form method in Jenkins Maven Release Plugin 0.16.1 and earlier allows attackers to have Jenkins connect to an attacker specified web server and parse XML documents...

XSSCon - Simple XSS Scanner Tool

Powerfull Simple XSS Scanner made with python 3.7 Installing Requirements: BeautifulSoup4 pip install bs4 requests pip install requests python 3.7 Commands: git clone https://github.com/menkrep1337/XSSCon cd XSSCon python3 xsscon.py --help Usage Basic usage: python3 xsscon.py -u...

Pivotx Cross-Site Scripting Vulnerability

Pivotx is an open source blog content management system Blog CMS. The system supports built-in comment review, spam protection and template replacement. A cross-site scripting vulnerability exists in the 'form' method in the modules/formclass.php script in versions prior to Pivotx 2.3.11. A remot...

Traidnt up 2.0 (report.php trtext) Blind SQL Injection Vulnerability

Traidnt up is a php online upload script assignmessage,charset$errors."انتظر سوف يتم تحويلك للملف مرة أخري".""; $traidnt-display"message.tpl"; else $ip = getenv'REMOTEADDR'; $reportquery = $db-query" INSERT INTO report reportkey ,reportwhy ,reportip VALUES '$fileid', '$trtext', '$ip';";...

Ghost Phisher

Ghost Phisher is a computer security application that comes inbuilt with a Fake DNS Server, Fake DHCP Server, Fake HTTP server and also has an integrated area for automatic capture and logging of HTTP form method credentials to a database. The program could be used as an honey pot,could be used t...

micecms a"tasteless"vulnerability and the Fix attached to the EXP-bug warning-the black bar safety net

| Not to say thisloophole. what are the requirements but directly change the administrator password such as you into the background after the real administrator are not more don't know the new password is what, so only tasteless Classic white look at the code！.......... index\setpwdAction.php The...

PHP Jokesite 2.0 Command Execution

======================================================================================== | Title : PHP Jokesite V 2.0 exec command EXploit | Author : indoushka | email : [email protected] | Home : www.iqs3cur1ty.com | Tested on: windows SP2 Français V.Pnx2 2.0 + Lunix Français v.9.4 Ubuntu |...

cmail534-xss.txt

//'=============================================================================================== //'Script Name: CmailServer WebMail Cmail XSS JavaScript:alertdocument.cookie;"...