7649 matches found
Sentrifugo 3.2 - Persistent Cross-Site Scripting
Exploit Title: Sentrifugo 3.2 - Persistent Cross-Site Scripting Google Dork: N/A Date: 8/29/2019 Exploit Author: creosote Vendor Homepage: http://www.sentrifugo.com/ Version: 3.2 Tested on: Ubuntu 18.04 CVE : CVE-2019-15814 Multiple Stored XSS vulnerabilities were found in Sentrifugo 3.2. In most...
Cross site scripting
The rsvp plugin before 2.3.8 for WordPress has persistent XSS via the note field on the attendee-list screen...
CVE-2017-18563
The rsvp plugin before 2.3.8 for WordPress has persistent XSS via the note field on the attendee-list screen...
CVE-2017-18563
The CVE-2017-18563 issue affects the WordPress RSVP plugin prior to version 2.3.8, where the attendee-list screen note field is vulnerable to persistent XSS. The vulnerability stems from unsanitized input stored and later rendered in the attendee list; impact is user-facing XSS. A fix is availabl...
Kimai 2 - Persistent Cross-Site Scripting
Exploit Title: Kimai 2- persistent cross-site scripting XSS Date: 07/15/2019 Exploit Author: osamaalaa Vendor Homepage: link Software Link: https://github.com/kevinpapst/kimai2 Fixed on Github : https://github.com/kevinpapst/kimai2/pull/962 Version: 2 1-Normal user will try to add timesheet from...
Neo Billing 3.5 - Persistent Cross-Site Scripting
Neo Billing 3.5 - Persistent Cross-Site Scripting Exploit Title: Neo Billing 3.5 - Stored Cross Site Scripting Vulnerability Date: 18.8.2019. Exploit Author: n1x MS-WEB Vendor Homepage: https://codecanyon.net/item/neo-billing-accounting-invoicing-and-crm-software/20896547 Version: 3.5 CWE : CWE-7...
CB TAU Threat Intelligence Notification: Sodinokibi Ransomware
Sodinokibi otherwise known as Sodin or REvil is a ransomware variant that has recently been observed evolving its delivery techniques, leveraging fake antivirus software and PowerShell droppers. This malware appears to be related to GandCrab and is likely a result of their operation closing up...
UNA 10.0.0 RC1 - (polyglot.php) Persistent Cross-Site Scripting Vulnerability
Exploit for php platform in category web applications Exploit Title: UNA - 10.0.0-RC1 stored XSS vuln. Exploit Author: Greg.Priest Vendor Homepage: https://una.io/ Software Link: https://github.com/unaio/una/tree/master/studio Version: UNA - 10.0.0-RC1 Tested on: Windows/Linux CVE : CVE-2019-1480...
osTicket 1.12 - Persistent Cross-Site Scripting via File Upload Vulnerability
Exploit for php platform in category web applications Exploit Title: osTicket-v1.12 Stored XSS via File Upload Vendor Homepage: https://osticket.com/ Software Link: https://osticket.com/download/ Exploit Author: Aishwarya Iyer Contact: https://twitter.com/aish9524 Website: https://about.me/aishiy...
BSI Advance Hotel Booking System 2.0 - (booking_details.php) Persistent Cross-Site Scripting Vulnera
Exploit for php platform in category web applications Exploit Title:BSI Advance Hotel Booking System Persistent XSS Google Dork: intext:Hotel Booking System v2.0 © 2008 - 2012 Copyright Best Soft Inc Exploit Author: Angelo Ruwantha Vendor Homepage: http://www.bestsoftinc.com Software Link:...
UNA 10.0.0 RC1 - polyglot.php Persistent Cross-Site Scripting
UNA 10.0.0 RC1 - polyglot.php Persistent Cross-Site Scripting Exploit Title: UNA - 10.0.0-RC1 stored XSS vuln. Date: 2019 08 10 Exploit Author: Greg.Priest Vendor Homepage: https://una.io/ Software Link: https://github.com/unaio/una/tree/master/studio Version: UNA - 10.0.0-RC1 Tested on:...
osTicket 1.12 - Persistent Cross-Site Scripting via File Upload
Exploit Title: osTicket-v1.12 Stored XSS via File Upload Vendor Homepage: https://osticket.com/ Software Link: https://osticket.com/download/ Exploit Author: Aishwarya Iyer Contact: https://twitter.com/aish9524 Website: https://about.me/aishiyer Category: webapps CVE: CVE-2019-14748 1. Descriptio...
osTicket 1.12 - Persistent Cross-Site Scripting
Exploit Title: osTicket-v1.12 Stored XSS Vendor Homepage: https://osticket.com/ Software Link: https://osticket.com/download/ Exploit Author: Aishwarya Iyer Contact: https://twitter.com/aish9524 Website: https://about.me/aishiyer Category: webapps CVE: CVE-2019-14750 1. Description An issue was...
FreeBSD : Gitlab -- Multiple Vulnerabilities (1cd89254-b2db-11e9-8001-001b217b3468)
Gitlab reports : GitHub Integration SSRF Trigger Token Impersonation Build Status Disclosure SSRF Mitigation Bypass Information Disclosure New Issue ID IDOR Label Name Enumeration Persistent XSS Wiki Pages User Revokation Bypass with Mattermost Integration Arbitrary File Upload via Import Project...
BSI Advance Hotel Booking System 2.0 - 'booking_details.php Persistent Cross-Site Scripting
Exploit Title:BSI Advance Hotel Booking System Persistent XSS Google Dork: intext:Hotel Booking System v2.0 © 2008 - 2012 Copyright Best Soft Inc Date: Wed Jun 4 2014 Exploit Author: Angelo Ruwantha Vendor Homepage: http://www.bestsoftinc.com Software Link:...
osTicket 1.12 File Upload Cross Site Scripting
Exploit Title: osTicket-v1.12 Stored XSS via File Upload Vendor Homepage: https://osticket.com/ Software Link: https://osticket.com/download/ Exploit Author: Aishwarya Iyer Contact: https://twitter.com/aish9524 Website: https://about.me/aishiyer Category: webapps CVE: CVE-2019-14748 1. Descriptio...
osTicket < 1.10.7, 1.12.x < 1.12.1 Multiple Vulnerabilities
osTicket is prone to multiple vulnerabilities. Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
CVE-2019-14748
An issue was discovered in osTicket before 1.10.7 and 1.12.x before 1.12.1. The Ticket creation form allows users to upload files along with queries. It was found that the file-upload functionality has fewer or no mitigations implemented for file content checks; also, the output is not handled...
CVE-2019-14748
An issue was discovered in osTicket before 1.10.7 and 1.12.x before 1.12.1. The Ticket creation form allows users to upload files along with queries. It was found that the file-upload functionality has fewer or no mitigations implemented for file content checks; also, the output is not handled...
Unrestricted file upload
An issue was discovered in osTicket before 1.10.7 and 1.12.x before 1.12.1. The Ticket creation form allows users to upload files along with queries. It was found that the file-upload functionality has fewer or no mitigations implemented for file content checks; also, the output is not handled...