20 matches found
Username spoofing in OnionShare
Between September 26, 2021 and October 8, 2021, Radically Open Security conducted a penetration test of OnionShare 2.4, funded by the Open Technology Fund's Red Team lab. This is an issue from that penetration test. - Vulnerability ID: OTF-005 - Vulnerability type: Improper Input Sanitization -...
V-CMS 1.0 Cross Site Scripting
------------------------------------------------------------------------ Software................V-CMS 1.0 Vulnerability...........Reflected Cross-site Scripting Threat Level............Low 1/5 Download................http://v-cms.org/ Discovery Date..........11/13/2011 Tested...
Kryn.cms 0.9 Cross Site Scripting
------------------------------------------------------------------------ Software................Kryn.cms 0.9 Vulnerability...........Reflected Cross-site Scripting Threat Level............Low 1/5 Download................http://www.kryn.org/ Discovery Date..........5/19/2011 Tested...
docMGR 1.1.2 Cross Site Scripting
------------------------------------------------------------------------ Software................docMGR 1.1.2 Vulnerability...........Reflected Cross-site Scripting Threat Level............Low 1/5 Download................http://www.docmgr.org/ Discovery Date..........5/12/2011 Tested...
Gelsheet 1.02 Cross Site Scripting
------------------------------------------------------------------------ Software................Gelsheet 1.02 Vulnerability...........Reflected Cross-site Scripting Threat Level............Low 1/5 Download................http://www.gelsheet.org/ Discovery Date..........5/5/2011 Tested...
LDAP Account Manager 3.4.0 Cross Site Scripting
------------------------------------------------------------------------ Software................LDAP Account Manager 3.4.0 Vulnerability...........Reflected Cross-site Scripting Threat Level............Low 1/5 Download................http://www.ldap-account-manager.org/ Discovery...
Time And Expense Management System Cross Site Scripting
------------------------------------------------------------------------ Software................Time and Expense Management System Vulnerability...........Reflected Cross-site Scripting Threat Level............Low 1/5 Download................http://sourceforge.net/projects/tems/ Discovery...
phpmychat plus 1.93 - Multiple Vulnerabilities
------------------------------------------------------------------------ Software................phpMyChat Plus 1.93 Vulnerability...........Blind SQL Injection Threat Level............Serious 3/5 Download................http://sourceforge.net/projects/phpmychat/ Discovery Date..........4/25/2011...
webERP 4.03.08 Cross Site Scripting
------------------------------------------------------------------------ --Description-- A reflected cross-site scripting vulnerability in webERP 4.03.8 can be exploited to execute arbitrary JavaScript. --PoC-- alert0" /...
Todayu 2.0.8 Cross Site Scripting
------------------------------------------------------------------------ Software................Todoyu 2.0.8 Vulnerability...........Reflected Cross-site Scripting Threat Level............Low 1/5 Download................http://www.todoyu.com Discovery Date..........4/21/2011 Tested...
Dolibarr 3.0.0 Cross Site Scripting
------------------------------------------------------------------------ Software................Dolibarr 3.0.0 Vulnerability...........Reflected Cross-site Scripting Threat Level............Low 1/5 Download................http://www.dolibarr.org/ Discovery Date..........4/21/2011 Tested...
eGroupware 1.8.001 Cross Site Scripting
------------------------------------------------------------------------ Software................eGroupware 1.8.001 Vulnerability...........Reflected Cross-site Scripting Threat Level............Low 1/5 Download................http://www.egroupware.org/ Discovery Date..........4/7/2011 Tested...
eyeOS 2.3 Multiple Vulnerabilities
Exploit for php platform in category web applications ------------------------------------------------------------------------ Software................eyeOS 2.3 Vulnerability...........Local File Inclusion Threat Level............Critical 4/5 Download................http://www.eyeos.org/ Discover...
eXtplorer 2.1 RC3 Cross Site Request Forgery
------------------------------------------------------------------------ --Description-- A cross-site request forgery vulnerability in eXtplorer 2.1 RC3 can be exploited to create a new admin. --PoC-- input type="hidden"...
OpenEMR 4.0.0 Database Manipulation
------------------------------------------------------------------------ Software................OpenEMR 4.0.0 Vulnerability...........Arbitrary Database Creation/Database Enumeration Threat Level............Low 1/5 Download................http://www.oemr.org/ Discovery Date..........4/2/2011...
osCSS2 2.1.0 RC12 Cross Site Scripting
------------------------------------------------------------------------ Software................osCSS2 2.1.0 RC12 Vulnerability...........Reflected Cross-site Scripting Threat Level............Low 1/5 Download................http://www.oscss.org/ Disclosure Date.........4/6/2011 Tested...
FengOffice 1.7.4 Cross Site Scripting
------------------------------------------------------------------------ --Description-- A reflected cross-site scripting vulnerability in FengOffice 1.7.4 can be exploited to execute arbitrary JavaScript. --PoC-- alert0" / alert0" /...
Interleave 5.5.0.2 Cross Site Scripting
------------------------------------------------------------------------ Software................Interleave 5.5.0.2 Vulnerability...........Reflected Cross-site Scripting Threat Level............Low 1/5 Download................http://www.interleave.nl/en/ Release Date............3/3/2011 Tested...
Support Incident Tracker 3.62 Cross Site Scripting
------------------------------------------------------------------------ Software................Support Incident Tracker 3.62 Vulnerability...........Reflected Cross-site Scripting Threat Level............Low 1/5 Download................http://sitracker.org/ Release Date............3/3/2011 Test...
Security Advisory: (BEA04-60.00)
Security Advisory: BEA04-60.00 From: BEA Systems Inc. Minor Subject: Patches are available to protect user authorizations. Products Affected: WebLogic Server and WebLogic Express Threat level: Low - The vulnerability requires an attacker to be assigned the Admin or Operator security role. Severit...