Typo3 CMS YAG Themepack jQuery 1.3.2 Database Disclosure

Exploit Title : Typo3 CMS YAG Themepack jQuery Extension 1.3.2 Database Disclosure Author Discovered By : KingSkrupellos from Cyberizm Digital Security Army Date : 02/01/2019 Vendor Homepage : typo3.org yag-gallery.de Software Download Link :...

SmartWorks Systems Pakistan 1.0 SQL Injection

Exploit Title : SmartWorks Systems Pakistan 1.0 SQL Injection Author Discovered By : KingSkrupellos Date : 30/12/2018 Vendor Homepage : smartworks.pk Tested On : Windows Exploit Risk : Medium Category : WebApps Version Information : Nginx 1.14.1 - jQuery 1.11.1 - jQuery UI 1.10.4 CWE : CWE-89...

WordPress Firma Rehberi 4.9.9 Shell Upload / SQL Injection

Exploit Title : WordPress Firma Rehberi Themes 4.9.9 SQL Injection and Remote Shell Upload Vulnerability Author Discovered By : KingSkrupellos from Cyberizm Digital Security Army Date : 22/12/2018 Vendor Homepage : wordpress.org temafabrika.com/demo/rehber3/ Software Download Link :...

WordPress Cvp-Adegrontec 4.8.3 Shell Upload

Exploit Title : WordPress Cvp-Adegrontec Themes 4.8.3 Remote Shell Upload Vulnerability Author Discovered By : KingSkrupellos from Cyberizm Digital Security Army Date : 22/12/2018 Vendor Homepage : wordpress.org Software Download Link : N/A Tested On : Windows and Linux Category : WebApps Version...

Unrestricted Upload of File with Dangerous Type in jquery-file-upload

Arbitrary file upload in jQuery Upload File = 4.0.2...

GHSA-MXR5-P36V-479M Unrestricted Upload of File with Dangerous Type in jquery-file-upload

Arbitrary file upload in jQuery Upload File = 4.0.2...

Responsive FileManager 9.13.4 XSS / File Manipulation / Traversal

Responsive FileManager 9.13.4 - Multiple Vulnerabilities Date: December 12, 2018 Author: farisv Vendor Homepage: https://www.responsivefilemanager.com/ Vulnerable Package Link: https://github.com/trippo/ResponsiveFilemanager/releases/download/v9.13.4/responsivefilemanager.zip Responsive FileManag...

Security Bulletin: jQuery UI title/default content cross-site scripting (CVE-2012-6662 and CVE-2010-5312)

Question Security Bulletin: jQuery UI title/default content cross-site scripting CVE-2012-6662 and CVE-2010-5312 Answer Abstract: The jQuery UI is vulnerable to cross-site scripting which is caused by improper validation of user-supplied input as well as input by the default content. A remote...

Node.js third-party modules: Prototype pollution attack through jQuery $.extend

I would like to report prototype pollution in jQuery. It allows an attacker to inject properties on Object.prototype. Module module name: jquery version: 3.3.1 npm page: https://www.npmjs.com/package/jquery Module Description jQuery is a fast, small, and feature-rich JavaScript library. Module...

Arbitrary File Upload

jquery-file-upload is vulnerable to arbitrary file upload attacks. The vulnerability exists in upload.php where an unauthenticated user can upload arbitrary files to the /uploads/ directory...

Default credentials

Arbitrary file upload in jQuery Upload File = 4.0.2...

CVE-2018-9207

Arbitrary file upload in jQuery Upload File = 4.0.2...

CVE-2018-9207

Arbitrary file upload in jQuery Upload File = 4.0.2...

CVE-2018-9207

Arbitrary file upload in jQuery Upload File = 4.0.2...

CVE-2018-9207

CVE-2018-9207 refers to an arbitrary file upload vulnerability in jquery-file-upload (

CVE-2018-9207

Arbitrary file upload in jQuery Upload File = 4.0.2...

jQuery Upload File 4.0.2 File Upload

File upload vulnerability in jQuery Upload File php/upload.php Vulnerability Type: File Upload For the exploit source code contact DSquare Security sales team...

jQuery File Upload < 9.24.1 Arbitrary File Upload

According to its self-reported version number, jQuery File Upload is prior to 9.24.1. Therefore, it may be affected by an arbitrary file upload vulnerability on a web server that executes files with .php as part of the file extension. An unauthenticated attacker could leverage this vulnerability ...

jQuery File Upload < 9.25.1 Potential Vulnerability With ImageMagick

According to its self-reported version number, jQuery File Upload is prior to 9.25.1. Therefore, it may be used to exploit remote code execution in an unpatched ImageMagick version. An unauthenticated attacker could leverage this vulnerability to gain access to the host in the context of the web...

jQuery File Upload < 9.22.1 Arbitrary File Upload

According to its self-reported version number, jQuery File Upload is prior to 9.22.1. Therefore, it may be affected by an arbitrary file upload vulnerability. An unauthenticated attacker could leverage this vulnerability to gain access to the host in the context of the web application user. Note...