Netcore /param. file. tgz unauthorized download vulnerability

No description provided by source...

天融信TopScanner /task/htmlReport.php param参数命令执行漏洞

No description provided by source...

Uber: DOM based XSS on

Possible Remote code execution DOM based XSS Vuln Jquery param : var strliID=jQuerylocation.attr'hash'; Target: Logged admin Go url https://drive.uber.com/melbourne/wp-admin/admin.php?page=Optionsgallerystyles" Solution : Upgrade latest version gallery plugin Your version v1.9.55 Test my localhos...

X (Formerly Twitter): Incorrect param parsing in Digits web authentication

Hi, I would like to report an issue on Digits web authentication which allows attackers to retrieve the OAuth credential data of an application victims authorized. Detail Digits web authentication has strict validation on host and callbackurl. On the server side, the values are compared with the...

YouYaX_V5.47 YouYa.php param 参数 SQL 注入

问题出现在ORG/YouYa.php文件中。 第356行： public function find$table, $ext = "string", $param //在 param 中寻找与给定的正则表达式 pattern 所匹配的子串 if pregmatchall"/=/", $param, $tmp $sql = "select from " . $table . " where " . $param; //echo 'x'.$sql; else $param = "id=$param"; $sql = "select from " . $table . " where "...

HackerOne: Send AJAX request to external domain

Hello! I would like to report about ability to send AJAX request from hackerone.com to external domain. Here is PoC for the last version of Internet Explorer: https://hackerone.com/bugs?subject=%2Fbigbob.lv%2F1337.php%3Fdata%3D If You visit it, You can see Hello! This is custom text from external...

Snapchat: Password Reset - query param overrides postdata

Suppose a user were to reset their password at the following url with the given query parameters: https://accounts.snapchat.com/accounts/changepassword? newpassword=someNewPass&newpassword2=someNewPass Then regardless of the new password entered into the form, someNewPass becomes the user's new...

Mozilla Firefox AudioParamTimeline::AudioNodeInputValue function information disclosure vulnerability

Mozilla Firefox is a web browser/email client released by Mozilla. An information disclosure vulnerability exists in the Mozilla Firefox AudioParamTimeline::AudioNodeInputValue function due to a failure of the AudioParamTimeline::AudioNodeInputValue function to properly compute the ellipse...

Webshop Hun 1.062S Cross Site Scripting

Webshop hun v1.062S XSS Cross-site Scripting Security Vulnerabilities Exploit Title: Webshop hun v1.062S /index.php Multiple Parameters XSS Security Vulnerabilities Product: Webshop hun Vendor: Webshop hun Vulnerable Versions: v1.062S Tested Version: v1.062S Advisory Publication: Mar 04, 2015...

XSS vulnerability in login redirect param

Security advisory: XSS vulnerability in login redirect param ScnSocialAuth version 1.15.2 has been released and includes a security for this vulnerability. Fix has been applied in 4a00966 Affected versions All versions below 1.15.2 are affected. dev-master is fixed starting from 4a00966 Exploits...

XSS vulnerability in login redirect param

Security advisory: XSS vulnerability in login redirect param ScnSocialAuth version 1.15.2 has been released and includes a security for this vulnerability. Fix has been applied in https://github.com/SocalNick/ScnSocialAuth/commit/4a00966c41bc37251586d007564c5c891eba3700 Affected versions All...

XSS vulnerability in login redirect param

Security advisory: XSS vulnerability in login redirect param ZfcUser version 1.2.2 has been released and includes a security for this vulnerability. Fix has been applied in @baf0e460 Affected versions All versions below 1.2.2 are affected. dev-master is fixed starting from @2cc167a Exploits Becau...

ASUS-RT-AC66U-acsd-Param

TitleASUS RT-AC66U Remote Root Shell Exploit - acsd param command Discovered and ReportedJune 2013 Discovered/Exploited ByJacob Holcomb/Gimppy and Jacob Thompson Security Analsyts @ Independent Security Evaluators Software Vendorhttp://asus.com Exploit/Advisoryhttp://securityevaluators.com,...

get3.adobe.com Cross Site Scripting

Exploit Title: Adobe.com Flashplayer sub-domain Reflected XSS RXSS Date: 08/12/2014 Author: Yann CAM @ Synetis - ASafety Vendor or Software Link: www.adobe.com Version: / Category: Reflected Cross Site Scripting Google dork: Tested on: Adobe.com Flashplayer sub-domain Adobe description :...

HackerOne: Content Spoofing via reports

The reportid param simply returns whatever entered , instead of showing report id's only. This can result in content injection in the reports field. For example check this one : http://goo.gl/py2V8j...

DEBIAN-CVE-2014-3657

The virDomainListPopulate function in conf/domainconf.c in libvirt before 1.2.9 does not clean up the lock on the list of domains, which allows remote attackers to cause a denial of service deadlock via a NULL value in the second parameter in the virConnectListAllDomains API command...

WordPress Acento Theme (view-pdf.php, file param) - Arbitrary File Download

No description provided by source...

Mulitple WordPress Themes (admin-ajax.php, img param) - Arbitrary File Download

No description provided by source. WordPress CuckooTap Theme & eShop Arbitrary File Download Risk: High CWE number: CWE-200 Author: Hugo Santiago Contact: [email protected] Date: 31/08/2014 Vendor Homepage: http://themeforest.net/item/cuckootap-one-page-parallax-wp-theme-plus-eshop/3512405...

CVE-2014-4516

Cross-site scripting XSS vulnerability in bicm-carousel-preview.php in the BIC Media Widget plugin 1.0 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the param parameter...

Joomla JV Comment Extension 3.0.2 (index.php, id param) - SQL Injection

No description provided by source...