ChurchCRM 4.5.3 SQL Injection Vulnerability

Title: ChurchCRM-4.5.3-121fcc1-SQLi Author: nu11secur1ty Vendor: http://churchcrm.io/ Software: https://github.com/ChurchCRM/CRM Reference: https://portswigger.net/web-security/sql-injection Description: In the manual insertion point 1 - parameter EID appears to be vulnerable to SQL injection...

ZIP File Raider - Burp Extension For ZIP File Payload Testing

ZIP File Raider is a Burp Suite extension for attacking web application with ZIP file upload functionality. You can easily inject Burp Scanner/Repeater payloads in ZIP content of the HTTP requests which is not feasible by default. This extension helps to automate the extraction and compression...

X (Formerly Twitter): Html Injection and Possible XSS in sms-be-vip.twitter.com

Hi, I would like to report HTML Injection and possible cross site scripting XSS vulnerability in sms-be-vip.twitter.com Overview The sms-be-vip.twitter.com 404 error page appears to be vulnerable to XSS and HTML Injection as it doesn't encode the HTML tags in the path name such as...

Mozilla layout engine crashes

The browser engine in Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8 allows remote attackers to cause a denial of service crash and possibly trigger memory corruption via vectors related to the 1 nsTableFrame::GetFrameAtOrBefore, 2...