CVE-2018-17128

A Persistent XSS issue was discovered in the Visual Editor in MyBB before 1.8.19 via a Video MyCode...

Netis ADSL Router DL4322D RTK 2.1.1 - Cross-Site Scripting Vulnerability

Exploit for hardware platform in category web applications Exploit Title: Netis ADSL Router DL4322D RTK 2.1.1 - Cross-Site Scripting Author: Cakes Vendor Homepage: http://www.netis-systems.com Software Link: http://www.netis-systems.com/Home/detail/id/74.html Tested Version: RTK 2.1.1 Tested on O...

Netis ADSL Router DL4322D RTK 2.1.1 Cross Site Scripting

Exploit Title: Netis ADSL Router DL4322D RTK 2.1.1 - Cross-Site Scripting Author: Cakes Discovery Date: 2018-09-16 Vendor Homepage: http://www.netis-systems.com Software Link: http://www.netis-systems.com/Home/detail/id/74.html Tested Version: RTK 2.1.1 Tested on OS: Kali Linux CVE: N/A...

CVE-2018-14638

A flaw was found in 389-ds-base before version 1.3.8.4-13. The process ns-slapd crashes in deletepasswdPolicy function when persistent search connections are terminated unexpectedly leading to remote denial of service...

UBUNTU-CVE-2018-14638

A flaw was found in 389-ds-base before version 1.3.8.4-13. The process ns-slapd crashes in deletepasswdPolicy function when persistent search connections are terminated unexpectedly leading to remote denial of service...

CVE-2018-14638

A flaw was found in 389-ds-base before version 1.3.8.4-13. The process ns-slapd crashes in deletepasswdPolicy function when persistent search connections are terminated unexpectedly leading to remote denial of service...

CVE-2018-14638

The CVE-2018-14638 issue affects 389-ds-base; the root cause is a crash in delete_passwdPolicy when persistent search connections terminate unexpectedly, leading to remote denial of service. The vulnerability is described for versions before 1.3.8.4-13, and multiple connected advisories note fixe...

CVE-2018-14638

A double-free of a password policy structure was found in the way slapd was handling certain errors during persistent search. A unauthenticated attacker could use this flaw to crash Directory Server...

MediaTek Wireless Utility rt2870 Denial Of Service

Exploit Title: MediaTek Wirless Utility rt2870 - Denial of Service PoC Autor: Lawrence Amer Date: 2018-09-13 Vendor: MediaTek Software url: https://click.pstmrk.it/2ts/d86o2zu8ugzlg.cloudfront.net%2Fmediatek-craft%2Fdrivers%2FRT27702870RT307x.zip/K94pHAI/oTs1/oC6CdN114w Tested on OS: Windows 7...

Jorani Leave Management 0.6.5 - Cross-Site Scripting Vulnerability

Exploit for php platform in category web applications Exploit Title: Jorani Leave Management System 0.6.5 – Cross-Site Scripting Exploit Author: Javier Olmedo Website: https://hackpuntes.com Vendor: Benjamin BALET Software Link: https://jorani.org/download.html Affected Version: 0.6.5 and possibl...

Jorani Leave Management System 0.6.5 Cross Site Scripting

Exploit Title: Jorani Leave Management System 0.6.5 a Cross-Site Scripting Exploit Author: Javier Olmedo Website: https://hackpuntes.com Date: 2018-09-06 Google Dork: N/A Vendor: Benjamin BALET Software Link: https://jorani.org/download.html Affected Version: 0.6.5 and possibly before Patched...

Jorani Leave Management 0.6.5 - Cross-Site Scripting

Jorani Leave Management 0.6.5 - Cross-Site Scripting Exploit Title: Jorani Leave Management System 0.6.5 – Cross-Site Scripting Exploit Author: Javier Olmedo Website: https://hackpuntes.com Date: 2018-09-06 Google Dork: N/A Vendor: Benjamin BALET Software Link: https://jorani.org/download.html...

Jorani Leave Management 0.6.5 - Cross-Site Scripting

Exploit Title: Jorani Leave Management System 0.6.5 – Cross-Site Scripting Exploit Author: Javier Olmedo Website: https://hackpuntes.com Date: 2018-09-06 Google Dork: N/A Vendor: Benjamin BALET Software Link: https://jorani.org/download.html Affected Version: 0.6.5 and possibly before Patched...

CVE-2018-15917

CVE-2018-15917 affects Jorani Leave Management System v0.6.5. The issue is a persistent XSS in the language parameter (session/language) that stores user input in the session, enabling an attacker to inject arbitrary script executed by other users (including admins). Evidence across sources confi...

Vox TG790 ADSL Router - Cross-Site Scripting Vulnerability

Exploit for hardware platform in category web applications Title: Vox TG790 ADSL Router - Cross-Site Scripting Author: Cakes Vendor: Vox Telecom Link: https://www.vox.co.za/ Firmware Version: 6.2.W.1 CVE: N/A Description Due to improper user iunput management low privilege users are able to creat...

Vox TG790 ADSL Router - Cross-Site Scripting

Vox TG790 ADSL Router - Cross-Site Scripting Title: Vox TG790 ADSL Router - Cross-Site Scripting Author: Cakes Exploit Date: 2018-08-01 Vendor: Vox Telecom Link: https://www.vox.co.za/ Firmware Version: 6.2.W.1 CVE: N/A Description Due to improper user iunput management low privilege users are ab...

Vox TG790 ADSL Router Cross Site Scripting

Title: Vox TG790 ADSL Router - Cross-Site Scripting Author: Cakes Exploit Date: 2018-08-01 Vendor: Vox Telecom Link: https://www.vox.co.za/ Firmware Version: 6.2.W.1 CVE: N/A Description Due to improper user iunput management low privilege users are able to create a persistent Cross-Site scriptin...

FreeBSD : Gitlab -- multiple vulnerabilities (ffeb25d0-ac94-11e8-ab15-d8cb8abf62dd)

Gitlab reports : Persistent XSS in Pipeline Tooltip GitLab.com GCP Endpoints Exposure Persistent XSS in Merge Request Changes View Sensitive Data Disclosure in Sidekiq Logs Missing CSRF in System Hooks Orphaned Upload Files Exposure Missing Authorization Control API Repository Storage C Tenable...

Vox TG790 ADSL Router - Cross-Site Scripting

Title: Vox TG790 ADSL Router - Cross-Site Scripting Author: Cakes Exploit Date: 2018-08-01 Vendor: Vox Telecom Link: https://www.vox.co.za/ Firmware Version: 6.2.W.1 CVE: N/A Description Due to improper user iunput management low privilege users are able to create a persistent Cross-Site scriptin...

Gitlab -- multiple vulnerabilities

Gitlab reports: Persistent XSS in Pipeline Tooltip GitLab.com GCP Endpoints Exposure Persistent XSS in Merge Request Changes View Sensitive Data Disclosure in Sidekiq Logs Missing CSRF in System Hooks Orphaned Upload Files Exposure Missing Authorization Control API Repository Storage...