Lucene search
K

59 matches found

Node.js
Node.js
added 2018/05/15 11:48 p.m.15 views

Malicious Package

Overview Version 0.4.8 of s3asy contained malicious code. The code when executed in the browser would enumerate password, cvc, cardnumber fields from forms and send the extracted values to https://js-metrics.com/minjs.php?pl= Recommendation If version 0.4.8 of this module is found installed you...

6.9AI score
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2018/02/08 12:0 a.m.18 views

Login Form Detected

This is an informational notice that the scanner identified a potential login form that could be used by the scanner to authenticate and have access to additional pages for extending its coverage. No source data...

7.2AI score
Exploits0
0day.today
0day.today
added 2017/09/07 12:0 a.m.31 views

WordPress Cool Flickr Slideshow 1.0 Cross Site Scripting Vulnerability

WordPress Cool Flickr Slideshow plugin version 1.0 suffers from a cross site scripting vulnerability. | Exploit Title: Wordpress cool-flickr-slideshow Plugin Cross Site Scriptingxss | Exploit Author: Ashiyane Digital security Team | Vendor...

6.7AI score
Exploits0
Fedora
Fedora
added 2016/04/24 8:56 p.m.18 views

[SECURITY] Fedora 23 Update: python-tgcaptcha2-0.3.1-1.fc23

TGCaptcha2 is a TurboGears widget that provides an easy way to incorporate a captcha as part a form in an attempt to reduce spam or malicious activity. Features include: Relatively pain-free usage and validation inside of a regular widget-based form Flexibility to add or extend image generation...

2.5AI score
Exploits0
0day.today
0day.today
added 2016/01/15 12:0 a.m.7802 views

phpDolphin 2.0.5 - Multiple Vulnerabilities

Exploit for php platform in category web applications Exploit Title: phpDolphin http://target.com/index.php?a=search&q=teste&filter=m"XSS CSRF ==== We've found no protection against CSRF Cross-site Request Forgery, which made possible to do any kind of act on a user or admin account. NO FORMS are...

7.1AI score
Exploits0
Openbugbounty
Openbugbounty
added 2015/05/05 2:2 p.m.76 views

toronto-theatre.com XSS vulnerability

Vulnerable URL: http://www.toronto-theatre.com/review/reviewform.php?itemid=%27%22%3E%3Csvg/onload=alert%28/XSSPOSED/%29%3E Details: Description| Value ---|--- Patched:| Yes, at 21.11.2017 Latest check for patch:| 21.11.2017 21:42 GMT Vulnerability type:| XSS Vulnerability status:| Publicly...

6.3AI score
Exploits0
exploitpack
exploitpack
added 2014/09/08 12:0 a.m.19 views

WordPress Plugin Ninja Forms 2.7.7 - Authentication Bypass

WordPress Plugin Ninja Forms 2.7.7 - Authentication Bypass source: https://www.securityfocus.com/bid/69740/info The Ninja Forms Plugin for WordPress is prone to an authorization-bypass vulnerability. An attacker can exploit this issue to bypass certain security restrictions and perform unauthoriz...

0.7AI score
Exploits0
securityvulns
securityvulns
added 2012/11/06 12:0 a.m.49 views

XSS in answer my question plugin

Exploit Title : Answer my question wordpress plugin Multiple Cross-Site Scripting Vulnerabilities Author:Marcela Benetrix home:www.girlinthemiddle.net Date: 09/19/12 version: 1.1 software link:http://wordpress.org/extend/plugins/answer-my-question/ Answer my question plugin description This plugi...

6.1AI score
Exploits0
myhack58
myhack58
added 2011/08/12 12:0 a.m.20 views

DEDECMS get SHELL EXP-vulnerability warning-the black bar safety net

Network transmission is said to know the background to use, but don't, as long as the plus the directory exists, the server can even outside, you can get the shell www.t00ls.net5 G$ w& h" m! n9 S: G Before the title conditions, you must ready yourself for the dede database, and then insert the...

7.2AI score
Exploits0
Prion
Prion
added 2011/05/13 10:55 p.m.12 views

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in the pieforms implementation in Mahara before 1.3.6 allows remote attackers to hijack the authentication of arbitrary users for requests to any form, related to inappropriate regeneration of session keys...

6.8CVSS7.6AI score0.01035EPSS
Exploits0References6Affected Software1
CVE
CVE
added 2011/04/27 12:0 a.m.41 views

CVE-2010-4797

CVE-2010-4797 : Public records indicate multiple SQL injection vulnerabilities in the login form of Truworth Flex Timesheet . Attacks can exploit the Username or Password fields to execute arbitrary SQL commands remotely. The provided documents do not specify affected versions, root cause detail,...

7.5CVSS8.8AI score0.01151EPSS
Exploits1References6Affected Software1
0day.today
0day.today
added 2010/02/26 12:0 a.m.16 views

AtACimo RC2 (index.php) XSS Vulnerability

Exploit for unknown platform in category web applications ========================================= AtACimo RC2 index.php XSS Vulnerability ========================================= Exploit Title: AtACimo RC2 index.php XSS Vulnerability Date: 2010-02-25 Author: sniper ip Software Link:...

7.1AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2008/09/15 12:0 a.m.14 views

Possible User ID and Password Sent Within a Web Form (GET)

Binary data 4673.prm...

7.3AI score
Exploits0
CVE
CVE
added 2007/04/24 8:0 p.m.46 views

CVE-2007-2207

CVE-2007-2207 involves a SQL injection in the Ripe Website Manager up to version 0.8.4, exploitable via the ripeformpost parameter in contact/index.php. The vulnerability allows remote attackers to manipulate SQL commands; impact details are cited as partial confidentiality/integrity/availability...

7.5CVSS8.4AI score0.01691EPSS
Exploits0References8Affected Software1
Exploit DB
Exploit DB
added 2006/12/23 12:0 a.m.29 views

Enthrallweb eCoupons 1.0 - 'myprofile.asp' Remote Pass Change

PASSWORD: Change Profile UserName= FIRST: LAST:...

7.4AI score
Exploits0
securityvulns
securityvulns
added 2006/06/10 12:0 a.m.159 views

P.A.I.D v2.2

P.A.I.D v2.2 Homepage: http://www.webexceluk.net Effected files: faq.php input form of logging in. index.php The input forms of logging into My Account do not sanatize user input. For PoC of a XSS attack simply put in: "IMG SRC=javascript:alert'XSS'" It also seems when logging in, even if your...

0.1AI score
Exploits0
seebug.org
seebug.org
added 2006/06/04 12:0 a.m.35 views

FunkBoard CF0.71 (profile.php) Remote User Pass Change Exploit

No description provided by source. !-- Change action="http://profile.php" under the form tags /str0ke -- !DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"htmlheadMETA http-equiv="Content-Type" content="text/html; charset=utf-8"/headbodyform enctype="multipart/form-data"...

7.1AI score
Exploits0
Exploit DB
Exploit DB
added 2006/06/04 12:0 a.m.33 views

FunkBoard CF0.71 - 'profile.php' Remote User Pass Change

/str0ke -- Profile User Name ajann Membership Number 247 First Registered Sat 03 Jun 2006 at 09:20:14 pm Last Login Sat 03 Jun 2006 at 09:21:45 pm Number of posts 0 Stat...

7.4AI score
Exploits0
securityvulns
securityvulns
added 2003/11/03 12:0 a.m.29 views

[Full-Disclosure] [bWM#017] Cross-Site-Scripting @ PHPKIT

http://badWebMasters.net ben moeckel security research ------------------------------------------------- badWebMasters security advisory 017 Cross Site Scripting @ PHP-Kit Discovery date: 2003-09 Original advisory: http://badwebmasters.net/advisory/017/ text/html Legal Notice: Copyright 2003 by...

0.6AI score
Exploits0
Rows per page
Query Builder