CVE-2019-20211

The CVE-2019-20211 entry affects WordPress themes CTHthemes CityBook (<2.3.4), TownHub (<1.0.6), and EasyBook (

CVE-2019-20211

The CTHthemes CityBook before 2.3.4, TownHub before 1.0.6, and EasyBook before 1.2.2 themes for WordPress allow Persistent XSS via Listing Address, Listing Latitude, Listing Longitude, Email Address, Description, Name, Job or Position, Description, Service Name, Address, Latitude, Longitude, Phon...

Travel Booking < 2.7.8.6 - Reflected & Persistent XSS Issues

Reflected & Persistent XSS vulnerability was discovered in the 'Travel Booking WordPress Theme', tested version — v2.7.8.5 Edit WPScanTeam: January 11th, 2020 - Report received & Envato contacted January 12th, 2020 - Report updated with Reflected XSS, Envato notified again. January 12th, 2020 -...

Travel Booking < 2.7.8.6 - Reflected & Persistent XSS Issues

Reflected & Persistent XSS vulnerability was discovered in the 'Travel Booking WordPress Theme', tested version — v2.7.8.5 Edit WPScanTeam: January 11th, 2020 - Report received & Envato contacted January 12th, 2020 - Report updated with Reflected XSS, Envato notified again. January 12th, 2020 -...

Security update for rubygem-excon (moderate)

openSUSE Security Update: Security update for rubygem-excon Announcement ID: openSUSE-SU-2020:0036-1 Rating: moderate References: 1159342 Cross-References: CVE-2019-16779 Affected Products: openSUSE Leap 15.1 An update that fixes one vulnerability is now available. Description: This update for...

Install OpenSSH for Windows

This module installs OpenSSH server and client for Windows using PowerShell. SSH on Windows can provide pentesters persistent access to a secure interactive terminal, interactive filesystem access, and port forwarding over SSH. This module requires Metasploit: https://metasploit.com/download...

EasyBook < 1.2.2 - Multiple Vulnerabilities

Multiple vulnerabilities was discovered in the 'EasyBook – Directory & Listing WordPress Theme', tested version — v1.2.1: - Unauthenticated Reflected XSS - Authenticated Persistent XSS - IDOR December 27th, 2019 - Envato Contacted January 6th, 2020 - Envato Investigating January ??th, 2020 -...

EasyBook < 1.2.2 - Multiple Vulnerabilities

Multiple vulnerabilities was discovered in the 'EasyBook – Directory & Listing WordPress Theme', tested version — v1.2.1: - Unauthenticated Reflected XSS - Authenticated Persistent XSS - IDOR December 27th, 2019 - Envato Contacted January 6th, 2020 - Envato Investigating January ??th, 2020 -...

CVE-2020-5205

In Pow Hex package before 1.0.16, the use of Plug.Session in Pow.Plug.Session is susceptible to session fixation attacks if a persistent session store is used for Plug.Session, such as Redis or a database. Cookie store, which is used in most Phoenix apps, doesn't have this vulnerability...

Session fixation

In Pow Hex package before 1.0.16, the use of Plug.Session in Pow.Plug.Session is susceptible to session fixation attacks if a persistent session store is used for Plug.Session, such as Redis or a database. Cookie store, which is used in most Phoenix apps, doesn't have this vulnerability...

CVE-2020-5205

CVE-2020-5205 affects Pow (Hex package) prior to 1.0.16 in Pow.Plug.Session when a persistent session store (e.g., Redis or database) is used. The vulnerability enables session fixation attacks due to how Plug.Session handles the session across persistent stores; cookie store usage (common in Pho...

CityBook < 2.3.4 - Multiple Vulnerabilities

Multiple vulnerabilities was discovered in the 'CityBook - Directory & Listing WordPress Theme', tested version — v2.3.3: - Unauthenticated Reflected XSS - Authenticated Persistent XSS - IDOR Edit WPScanTeam: December 27h, 2019 - Envato Contacted January 6th, 2020 - Envato Investigating January...

TownHub < 1.0.6 - Multiple Vulnerabilities

Multiple vulnerabilities was discovered in the 'TownHub - Directory & Listing WordPress Theme', tested version — v1.0.2: - Unauthenticated XSS - Authenticated Persistent XSS - IDOR Edit WPScanTeam: December 27h, 2019 - Envato Contacted January 5th, 2020 - Envato Investigating January 6th, 2020 -...

Cisco NX-OS Software Secure Configuration Bypass (cisco-sa-20190515-nxos-conf-bypass)

According to its self-reported version, Cisco NX-OS Software is affected by a configuration bypass vulnerability due to a lack of proper validation of system files when the persistent configuration information is read from the file system. An authenticated, local attacker can exploit this, by...

Codoforum 4.8.3 - (input_txt) Persistent Cross-Site Scripting Vulnerability

Exploit for php platform in category web applications Exploit Title: Codoforum 4.8.3 - Persistent Cross-Site Scripting Google Dork: intext:"Powered by Codoforum" Exploit Author: Vyshnav Vizz Vendor Homepage: https://codoforum.com/index.php Software Link: https://codoforum.com/buy Version: Codofor...

Codoforum 4.8.3 - input_txt Persistent Cross-Site Scripting

Codoforum 4.8.3 - inputtxt Persistent Cross-Site Scripting Exploit Title: Codoforum 4.8.3 - Persistent Cross-Site Scripting Google Dork: intext:"Powered by Codoforum" Date: 2020-01-07 Exploit Author: Vyshnav Vizz Vendor Homepage: https://codoforum.com/index.php Software Link:...

Codoforum 4.8.3 - &#039;input_txt&#039; Persistent Cross-Site Scripting

Exploit Title: Codoforum 4.8.3 - Persistent Cross-Site Scripting Google Dork: intext:"Powered by Codoforum" Date: 2020-01-07 Exploit Author: Vyshnav Vizz Vendor Homepage: https://codoforum.com/index.php Software Link: https://codoforum.com/buy Version: Codoforum 4.8.3 Tested on: Linux CVE : N/A...

Tricky Phish Angles for Persistence, Not Passwords

Late last year saw the re-emergence of a nasty phishing tactic that allows the attacker to gain full access to a user's data stored in the cloud without actually stealing the account password. The phishing lure starts with a link that leads to the real login page for a cloud email and/or file...

CVE-2013-5638

Transcend WiFiSD 1.8 has persistent XSS...

CVE-2013-5637

PQI AirCard has persistent XSS...