Enfold Theme < 4.2.1 - Rewrite Portfolio Permalink Structure & Information Disclosure

The changelog describes two security fixes: - fixed: security issue that would allow an attacker to export your enfold theme settings - fixed: security issue that allowed an attacker to rewrite the portfolio permalink structure...

MantisBT Cross-Site Scripting Vulnerability (CNVD-2017-28224)

MantisBT is a Web-based open source defect tracking system of the MantisBT team . The system provides project management and defect tracking services in the form of Web operations. A cross-site scripting vulnerability exists in MantisBT versions prior to 1.2.19 and prior to 1.3.0-beta.2. A remote...

CVE-2017-10678

Cross-site request forgery CSRF vulnerability in Piwigo through 2.9.1 allows remote attackers to hijack the authentication of users for requests to delete permalinks via a crafted request...

CVE-2017-10678

Cross-site request forgery CSRF vulnerability in Piwigo through 2.9.1 allows remote attackers to hijack the authentication of users for requests to delete permalinks via a crafted request...

Design/Logic Flaw

Piwigo through 2.9.1 allows remote attackers to obtain sensitive information about the descriptive name of a permalink by examining the redirect URL that is returned in a request for the permalink ID number of a private album. The permalink ID numbers are easily guessed...

CVE-2017-10679

Piwigo through 2.9.1 allows remote attackers to obtain sensitive information about the descriptive name of a permalink by examining the redirect URL that is returned in a request for the permalink ID number of a private album. The permalink ID numbers are easily guessed...

Mantis Bug Tracker 1.3.10 / 2.3.0 Cross Site Request Forgery

Credits: John Page a.k.a hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/MANTIS-BUG-TRACKER-CSRF-PERMALINK-INJECTION.txt + ISR: ApparitionSec Vendor: ================ www.mantisbt.org Product: ========= Mantis Bug Tracker 1.3.10 / v2.3.0 MantisBT...

Open redirect

MantisBT before 1.3.11, 2.x before 2.3.3, and 2.4.x before 2.4.1 omits a backslash check in stringapi.php and consequently has conflicting interpretations of an initial / substring as introducing either a local pathname or a remote hostname, which leads to 1 arbitrary Permalink Injection via CSRF...

CVE-2017-7620

MantisBT before 1.3.11, 2.x before 2.3.3, and 2.4.x before 2.4.1 omits a backslash check in stringapi.php and consequently has conflicting interpretations of an initial / substring as introducing either a local pathname or a remote hostname, which leads to 1 arbitrary Permalink Injection via CSRF...

CVE-2017-7620

MantisBT before 1.3.11, 2.x before 2.3.3, and 2.4.x before 2.4.1 omits a backslash check in stringapi.php and consequently has conflicting interpretations of an initial / substring as introducing either a local pathname or a remote hostname, which leads to 1 arbitrary Permalink Injection via CSRF...

Mantis Bug Tracker 1.3.10/2.3.0 - Cross-Site Request Forgery Vulnerability

Exploit for php platform in category web applications + Credits: John Page a.k.a hyp3rlinx Vendor: ================ www.mantisbt.org Product: ========= Mantis Bug Tracker 1.3.10 / v2.3.0 MantisBT is a popular free web-based bug tracking system. It is written in PHP works with MySQL, MS SQL, and...

Mantis Bug Tracker 1.3.10/2.3.0 - Cross-Site Request Forgery

Credits: John Page a.k.a hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/MANTIS-BUG-TRACKER-CSRF-PERMALINK-INJECTION.txt + ISR: ApparitionSec Vendor: ================ www.mantisbt.org Product: ========= Mantis Bug Tracker 1.3.10 / v2.3.0 MantisBT...

Mantis Bug Tracker 1.3.102.3.0 - Cross-Site Request Forgery

Mantis Bug Tracker 1.3.102.3.0 - Cross-Site Request Forgery + Credits: John Page a.k.a hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/MANTIS-BUG-TRACKER-CSRF-PERMALINK-INJECTION.txt + ISR: ApparitionSec Vendor: ================ www.mantisbt.org...

MC Smart Shop Script - SQL Injection Vulnerability

Exploit for php platform in category web applications Vulnerability: SQL Injection Web Vulnerability Date: 15.01.2017 Vendor Homepage: http://microcode.ws/ Script Name: MC Smart Shop Script Script Buy Now: http://microcode.ws/product/mc-smart-shop-php-script/3855 Author: İhsan Şencan Author Web:...

MC Buy And Sell Cars 1.1 SQL Injection

Vulnerability: SQL Injection Web Vulnerability Date: 15.01.2017 Vendor Homepage: http://microcode.ws/ Script Name: MC Buy and Sell Cars Script Script Version: V1.1 Script Buy Now: http://microcode.ws/product/mc-buy-and-sell-cars-php-script/3878 Author: Adeghsan Aencan Author Web: http://ihsan.net...

phpfreeBB 1.0 - Remote BLIND SQL Injection Vulnerability

No description provided by source. / | | \ \ / / | | \ \ / / | |\ \ /\ / / | | | | | | \ V /| | | \ V V / | | || | || / ||| // ,|, | |/ | | | |/ / | ' \ | | / | | | | | | | |||,|| || || phpfreeBB 1.0 Remote BLIND SQL Injection Vulnerability Discovered By : Moudi Contact : [email protected]...

GetSimple CMS 3.3.1 - Persistent Cross Site Scripting

No description provided by source. Exploit Title: etSimple CMS v3.3.1 Persistent Cross Site Scripting Google Dork: N/A Date: 24-03-2014 Exploit Author: Jeroen - IT Nerdbox Vendor Homepage: http://get-simple.info/ Software Link: http://get-simple.info/download/ Version: v3.3.1 Tested on: N/A CVE :...

GetSimple CMS 3.3.1 - Persistent Cross Site Scripting Vulnerability

Exploit for php platform in category web applications Exploit Title: etSimple CMS v3.3.1 Persistent Cross Site Scripting Google Dork: N/A Date: 24-03-2014 Exploit Author: Jeroen - IT Nerdbox Vendor Homepage: http://get-simple.info/ Software Link: http://get-simple.info/download/ Version: v3.3.1...

Getsimple CMS 3.3.1 - Persistent Cross-Site Scripting

Getsimple CMS 3.3.1 - Persistent Cross-Site Scripting Exploit Title: etSimple CMS v3.3.1 Persistent Cross Site Scripting Google Dork: N/A Date: 24-03-2014 Exploit Author: Jeroen - IT Nerdbox Vendor Homepage: http://get-simple.info/ Software Link: http://get-simple.info/download/ Version: v3.3.1...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in GetSimple CMS 3.1.2 and 3.2.3 allow remote attackers to inject arbitrary web script or HTML via the 1 post-menu field to edit.php or 2 Display name field to settings.php. NOTE: The Custom Permalink Structure and Email Address fields are already...