7648 matches found
CVE-2018-18868
No-CMS 1.1.3 is prone to Persistent XSS via a contactus name parameter, as demonstrated by the VG48Z5PqVWname parameter...
CVE-2018-18868
No-CMS 1.1.3 is affected by CVE-2018-18868: a Persistent XSS vulnerability via the contact_us name parameter. Affected component/entry is the input handling for the contact_us form; the underlying cause is improper input handling that allows script content to be stored/executed in the user’s brow...
MyBB Downloads 2.0.3 - SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: MyBB Downloads 2.0.3 - SQL Injection Exploit Author: Lucian Ioan Nitescu Contact: https://twitter.com/LucianNitescu Webiste: https://nitesculucian.github.io Vendor Homepage: https://github.com/vintagedaddyo/MyBBPlugin-Downloads...
FreeBSD : Gitlab -- multiple vulnerabilities (b9591212-dba7-11e8-9416-001b217b3468)
Gitlab reports : RCE in Gitlab Wiki API SSRF in Hipchat integration Cleartext storage of personal access tokens Information exposure through stack trace error message Persistent XSS autocomplete Information exposure in stored browser history Information exposure when replying to issues through...
MyBB Downloads 2.0.3 - SQL Injection
Exploit Title: MyBB Downloads 2.0.3 - SQL Injection Date: 28-10-2018 Exploit Author: Lucian Ioan Nitescu Contact: https://twitter.com/LucianNitescu Webiste: https://nitesculucian.github.io Vendor Homepage: https://github.com/vintagedaddyo/MyBBPlugin-Downloads Software Link:...
Gitlab -- multiple vulnerabilities
Gitlab reports: RCE in Gitlab Wiki API SSRF in Hipchat integration Cleartext storage of personal access tokens Information exposure through stack trace error message Persistent XSS autocomplete Information exposure in stored browser history Information exposure when replying to issues through ema...
CVE-2018-18551
ServersCheck Monitoring Software through 14.3.3 has Persistent and Reflected XSS via the sensors.html status parameter, sensors.html type parameter, sensors.html device parameter, report.html location parameter, groupdelete.html group parameter, reportsave.html query parameter, sensors.html...
CVE-2018-18551
ServersCheck Monitoring Software through 14.3.3 has Persistent and Reflected XSS via the sensors.html status parameter, sensors.html type parameter, sensors.html device parameter, report.html location parameter, groupdelete.html group parameter, reportsave.html query parameter, sensors.html...
Cross site scripting
ServersCheck Monitoring Software through 14.3.3 has Persistent and Reflected XSS via the sensors.html status parameter, sensors.html type parameter, sensors.html device parameter, report.html location parameter, groupdelete.html group parameter, reportsave.html query parameter, sensors.html...
CVE-2018-18551
ServersCheck Monitoring Software through 14.3.3 has Persistent and Reflected XSS via the sensors.html status parameter, sensors.html type parameter, sensors.html device parameter, report.html location parameter, groupdelete.html group parameter, reportsave.html query parameter, sensors.html...
ServersCheck Monitoring Software 14.3.3 Cross Site Scripting Vulnerability
Exploit for multiple platform in category web applications + ServersCheck Monitoring Software 14.3.3 Cross Site Scripting Vulnerability + Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source:...
ServersCheck Monitoring Software 14.3.3 Cross Site Scripting
Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/CVE-2018-18551-SERVERSCHECK-MONITORING-SOFTWARE-CROSS-SITE-SCRIPTING.txt + ISR: ApparitionSec Greetz: Greetz: indoushka | Eduardo B. Vendor www.serverscheck.com Product...
Medium: 389-ds-base
Issue Overview: A vulnerability was discovered in 389-ds-base. The lock controlling the error log was not correctly used when re-opening the log file in logerroremergency. An attacker could send a flood of modifications to a very large DN, which would cause slapd to crash.CVE-2018-14624 A race...
Information operations on Twitter: new data released on election tampering
Back in April, we talked about the wealth of options available to Russian hackers and others launching social engineering campaigns, whether on social networks or through clever attacks launched via Advanced Persistent Threats. Some of that was information published by Twitter at the time in...
ManageEngine OPManager 12.3 Cross Site Scripting Vulnerability
ManageEngine OPManager version 12.3 suffers from a persistent cross site scripting vulnerability...
Threats in the Netherlands
Introduction On October 4, 2018, the MIVD held a press conference about an intercepted cyberattack on the OPWC in the Netherlands, allegedly by the advanced threat actor Sofacy also known as APT28 or Fancy Bear, among others. According to the MIVD, four suspects were caught red handed trying to...
Chamilo LMS 1.11.8 firstname Cross Site Scripting
Exploit Title: Chamilo LMS 1.11.8 - 'firstname' Cross-Site Scripting Author: Cakes Discovery Date: 2018-10-06 Vendor Homepage: https://chamilo.org Software Link: https://github.com/chamilo/chamilo-lms/releases/download/v1.11.8/chamilo-1.11.8-php5.zip Tested Version: 1.11.8 for php5 Tested on OS:...
CVE-2018-1812
IBM Robotic Process Automation with Automation Anywhere Enterprise 10 is vulnerable to persistent cross-site scripting, caused by missing escaping of a database field. An attacker that has access to the Control Room database could exploit this vulnerability to execute script in a victim's web...
CVE-2018-1812
CVE-2018-1812 affects IBM Robotic Process Automation with Automation Anywhere Enterprise (V10.0). The vulnerability is a persistent cross-site scripting flaw caused by missing escaping of a database field in the Control Room, allowing an attacker with database access to execute scripts in a victi...
Chamilo LMS 1.11.8 Cross Site Scripting
Exploit Title: Chamilo LMS 1.11.8 - Cross-Site Scripting Author: Cakes Discovery Date: 2018-10-05 Vendor Homepage: https://chamilo.org Software Link: https://github.com/chamilo/chamilo-lms/releases/download/v1.11.8/chamilo-1.11.8-php5.zip Tested Version: 1.11.8 for php5 Tested on OS: Kali Linux...