Joomla Matukio Events 7.0.5 Cross Site Scripting

Exploit Title:Joomla Matukio Events 7.0.5 Stored XSS Date:08.03.2021 Author: Vincent666 ibn Winnie Software Link: https://matukio.compojoom.com/ Tested on: Windows 10 Web Browser: Mozilla Firefox My Youtube Channel : https://www.youtube.com/channel/UCZOWpC2dW9sipPq5z63C2rQ Google Dorks:...

CVE-2020-7749

This affects all versions of package osm-static-maps. User input given to the package is passed directly to a template without escaping ... . As such, it is possible for an attacker to inject arbitrary HTML/JS code and depending on the context. It will be outputted as an HTML on the page which...

vBulletin 5.6.2 Persistent Cross Site Scripting

Exploit Title: vBulletin 5.6.2 Stored XSS Date:15.08.2020 Author: Vincent666 ibn Winnie Software Link: https://www.vbulletin.com/en/features/ Tested on: Windows 10 Web Browser: Mozilla Firefox Blog : https://pentest-vincent.blogspot.com/ PoC:...

PT-2020-10296 · Froala · Froala Editor

Name of the Vulnerable Software and Affected Versions: Froala Editor versions prior to 3.2.3 Description: A DOM-based cross-site scripting XSS issue exists because HTML code in the editor is not correctly sanitized when inserted into the DOM. This allows an attacker that can control the editor...

TP-Link TL-WR740N and TL-WR740ND Injection Vulnerability

The TP-Link TL-WR740N and TP-Link TL-WR740ND are both wireless routers from China's P&L TP-Link. A security vulnerability exists in TP-Link TL-WR740N v4 and TL-WR740ND v4. The vulnerability can be exploited by an attacker to inject HTML code and change the HTML context of target pages and sites...

ZTE MF65 BD_HDV6MF65V1.0.0B05 - Cross-Site Scripting

Exploit Title: Reflected Cross-Site Scripting on ZTE MF65 Date: 01/09/2019 Exploit Author: Nathu Nandwani Website: http://nandtech.co/ Vendor Homepage: http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1009483 Version: BDHDV6MF65V1.0.0B05 Tested on: Windows 10 x64 CVE:...

ZTE MF65 BD_HDV6MF65V1.0.0B05 - Cross-Site Scripting Vulnerability

Exploit for hardware platform in category web applications Exploit Title: Reflected Cross-Site Scripting on ZTE MF65 Exploit Author: Nathu Nandwani Website: http://nandtech.co/ Vendor Homepage: http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1009483 Version:...

CVE-2018-3770

markdown-pdf versions prior to 9.0.0 are vulnerable to path traversal and potential remote code execution due to insufficient sanitization of HTML in Markdown files. Concrete details across multiple connected documents show that injecting malicious HTML can lead to reading local files and, in som...

Cross site scripting

Ubiquiti UCRM versions 2.5.0 to 2.7.7 are vulnerable to Stored Cross-site Scripting. Due to the lack sanitization, it is possible to inject arbitrary HTML code by manipulating the uploaded filename. Successful exploitation requires valid credentials to an account with "Edit" access to "Scheduling...

Joomla JS Support Ticket 1.1.0 Component - Cross-Site Request Forgery Vulnerability

Exploit for php platform in category web applications CODE input type="hidden" name="task" id="task" value="sa...

Joomla! Component JS Support Ticket 1.1.0 - Cross-Site Request Forgery

CODE input type="hidden" name="uid" id="uid"...

Logitech Media Server 7.9.0 Cross Site Scripting

Exploit Title: Logitech Media Server : Persistent Cross Site ScriptingXSS Shodan Dork: Search Logitech Media Server Date: 11/03/2017 Exploit Author: Dewank Pant Vendor Homepage: www.logitech.com Software Link: download link if available Version: 7.9.0 Tested on: Windows 10, Linux CVE : Applied Fo...

Logitech Media Server 7.9.0 - Radio URL Cross-Site Scripting Vulnerability

Exploit for multiple platform in category web applications Exploit Title: Logitech Media Server : HTML code injection and execution. Shodan Dork: Search Logitech Media Server Date: 11/03/2017 Exploit Author: Dewank Pant Vendor Homepage: www.logitech.com Version: 7.9.0 Tested on: Windows 10, Linux...

Logitech Media Server 7.9.0 - Radio URL Cross-Site Scripting

Logitech Media Server 7.9.0 - Radio URL Cross-Site Scripting Exploit Title: Logitech Media Server : HTML code injection and execution. Shodan Dork: Search Logitech Media Server Date: 11/03/2017 Exploit Author: Dewank Pant Vendor Homepage: www.logitech.com Version: 7.9.0...

Logitech Media Server 7.9.0 - 'Radio URL' Cross-Site Scripting

Exploit Title: Logitech Media Server : HTML code injection and execution. Shodan Dork: Search Logitech Media Server Date: 11/03/2017 Exploit Author: Dewank Pant Vendor Homepage: www.logitech.com Version: 7.9.0 Tested on: Windows 10, Linux CVE : Applied For. POC: 1. Access and go to the Radio URL...

SUSE-SU-2017:2453-1 Security update for SUSE Manager Server 3.0

This update for the SUSE Manager Server 3.0 provides several fixes and improvements. The following security issue has been fixed: spacewalk-java: - CVE-2017-7538: Do not allow HTML code injection via Cross Site Scripting XSS in the Organization Name. bsc1048968 Additionally, the following...

Debian DSA-3697-1 : kdepimlibs - security update

Roland Tapken discovered that insufficient input sanitising in KMail's plain text viewer allowed the injection of HTML code. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian Security Advisory DSA-3697. The text...

Debian Security Advisory DSA 3697-1 (kdepimlibs - security update)

Roland Tapken discovered that insufficient input sanitising in KMail OpenVAS Vulnerability Test $Id: deb3697.nasl 6608 2017-07-07 12:05:05Z cfischer $ Auto-generated from advisory DSA 3697-1 using nvtgen 1.0 Script version: 1.0 Author: Greenbone Networks Copyright: Copyright c 2016 Greenbone...

DSA-3697-1 kdepimlibs - security update

Bulletin has no description...

Xerosploit - Efficient And Advanced Man In The Middle Framework

Xerosploit is a penetration testing toolkit whose goal is to perform man in the middle attacks for testing purposes. It brings various modules that allow to realise efficient attacks, and also allows to carry out denial of service attacks and port scanning. Powered by bettercap and nmap...