CVE-2018-3810

Authentication Bypass vulnerability in the Oturia Smart Google Code Inserter plugin before 3.5 for WordPress allows unauthenticated attackers to insert arbitrary JavaScript or HTML code via the sgcgoogleanalytic parameter that runs on all pages served by WordPress. The saveGoogleCode function in...

CVE-2018-3811

SQL Injection vulnerability in the Oturia Smart Google Code Inserter plugin before 3.5 for WordPress allows unauthenticated attackers to execute SQL queries in the context of the web server. The saveGoogleAdWords function in smartgooglecode.php did not use prepared statements and did not sanitize...

CVE-2018-3810

Authentication Bypass vulnerability in the Oturia Smart Google Code Inserter plugin before 3.5 for WordPress allows unauthenticated attackers to insert arbitrary JavaScript or HTML code via the sgcgoogleanalytic parameter that runs on all pages served by WordPress. The saveGoogleCode function in...

CVE-2018-3810

CVE-2018-3810 covers the Oturia WordPress Smart Google Code Inserter plugin before 3.5. An authentication bypass allows unauthenticated users to update the sgcgoogleanalytic parameter, causing arbitrary JavaScript/HTML to run on all WordPress pages via saveGoogleCode() which does not verify autho...

Smart Google Code Inserter <= 3.4 - Unauthenticated SQL Injection

The Smart Google Code Inserter WordPress plugin was affected by an Unauthenticated SQL Injection security vulnerability...

XSS vulnerabilities in ZeroClipboard and multiple web applications

Hello 3APA3A! In February I've wrote about Cross-Site Scripting vulnerabilities in ZeroClipboard and multiple web applications. This is additional information on this topic. XSS vulnerabilities in ZeroClipboard http://securityvulns.ru/docs29105.html XSS vulnerabilities in YAML, Multiproject for...

[theHarvester v2.2a] Tool for Gathering

theHarvester is a tool for gather emails, subdomains, hosts, employee names, open ports and banners from different public sources like search engines, PGP key servers and SHODAN computer database. This tool is intended to help Penetration testers in the early stages of the penetration test in ord...

ProQuiz v2.0.2 CSRF Vulnerability

Exploit for php platform in category web applications Exploit Title: ProQuiz v2.0.2 CSRF Vulnerability Author: DaOne Date: 19/8/2012 Software Link: http://code.google.com/p/proquiz/downloads/list CSRF Change Admin Password 0day.today 2018-02-17...

XSS Vulnerability in Google Code site

XSS Cross site Scripting Vulnerability discovered on Google Code website as shown. Claimed to be Discovered by Vansh Sharma & Vaibhuv Sharma. Proof Of Concept: Just go to and then click on edit HTML after that remove all the codes and type this script: img src="img src=search"/onerror=alert"XSS"/...

XSS Vulnerability in Google Code site

XSS Cross site Scripting Vulnerability discovered on Google Code website as shown. Claimed to be Discovered by Vansh Sharma & Vaibhuv Sharma. Proof Of Concept: Just go to https://code.google.com/apis/ajax/playground/ and then click on edit HTML after that remove all the codes and type this script...

Nmap NSE net: modbus-discover

Enumerates SCADA Modbus slave ids sids and collects their device information. Modbus is one of the popular SCADA protocols. This script does Modbus device information disclosure. It tries to find legal sids slave ids of Modbus devices and to get additional information about the vendor and firmwar...

Hackers Use Google Code to Distribute Malware, zScaler Reports

Last year, there were discussions about Google Code—a platform that lets developers host their projects—being exploited to distribute malware. Research by zScaler has identified yet another instance where this platform has been misused. According to the Google Code site: "Project Hosting on Googl...

Collaborative Passwords Manager (cPassMan) Multiple Local File Include Vulnerabilities

cPassMan is prone to multiple local file-include vulnerabilities because it fails to properly sanitize user-supplied input. SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

Researchers Find Malware on My Opera Page

Researchers have discovered that a page on the My Opera community Web site is hosting malware related to an IRC botnet. The discovery comes just a couple of weeks after malicious code also was found on Google Code servers. On Thursday, a researcher perusing a page on the My Opera community site...

Google Code Discovered Serving Malware

Google has removed malicious programs from its Google Code platform after Web firm zScaler said the company’s servers were being used to serve malicious code. HED: Google serving up malware from Google Code project, firm alleges DEK: Web firm zScaler says that Google’s CODE platform is being used...

Softsaurus 2.01 Remote File Inclusion

SOFTSAURUS 2.01 Multiple Remote File Include Vulnerabilities 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /' \ /\ //\ Exploit database separated by exploit 0 0 // type local, remote, DoS, etc. 1...

7 php scripts File Inclusion / Source disclosure Vuln

Title..: 7 php scripts File Inclusion Vuln / Source disclosure Credits: DarkFig Og.link: http://acid-root.new.fr/poc/13061007.txt Using http://www.google.com/codesearch Few examples about what we can do with a code search engine For educational purpose only. You can use regex in your research, th...

registroTL - main.php Remote File Inclusion

registroTL - main.php Remote File Inclusion Title..: 7 php scripts File Inclusion Vuln / Source disclosure Credits: DarkFig Og.link: http://acid-root.new.fr/poc/13061007.txt Using http://www.google.com/codesearch Few examples about what we can do with a code search engine For educational purpose...

JASmine 0.0.2 - index.php Remote File Inclusion

JASmine 0.0.2 - index.php Remote File Inclusion Title..: 7 php scripts File Inclusion Vuln / Source disclosure Credits: DarkFig Og.link: http://acid-root.new.fr/poc/13061007.txt Using http://www.google.com/codesearch Few examples about what we can do with a code search engine For educational...

compteur 2.0 - param_editor.php Remote File Inclusion

compteur 2.0 - parameditor.php Remote File Inclusion Title..: 7 php scripts File Inclusion Vuln / Source disclosure Credits: DarkFig Og.link: http://acid-root.new.fr/poc/13061007.txt Using http://www.google.com/codesearch Few examples about what we can do with a code search engine For educational...