7647 matches found
Moodle CMS 3.1.2 Cross Site Scripting / File Upload
Title: Multiple Vulnerabilities - Moodle CMS -3.1.2 Application: Moodle CMS Versions Affected: = 3.1.2 Vendor URL: https://moodle.org/ Software URL: https://download.moodle.org/ Discovered by: Joel Vadodil Varghese Tested on: Windows 10 Pro Bugs: Persistent Cross Site Scripting, Non-Persistent...
Cross site scripting
A persistent XSS vulnerability exists in the User-Agent header of the login process of AlienVault OSSIM and USM before 5.3.2 that allows an attacker to steal session IDs of logged in users when the current sessions are viewed by an administrator...
Command injection
In Bitcoin Knots v0.11.0.ljr20150711 through v0.13.0.knots20160814 fixed in v0.13.1.knots20161027, the debug console stores sensitive information including private keys and the wallet passphrase in its persistent command history...
CVE-2016-8581
A persistent XSS vulnerability exists in the User-Agent header of the login process of AlienVault OSSIM and USM before 5.3.2 that allows an attacker to steal session IDs of logged in users when the current sessions are viewed by an administrator...
CVE-2016-8581
CVE-2016-8581 is a stored XSS vulnerability in the User-Agent header of the login process of AlienVault OSSIM/USM up to version 5.3.1, allowing an attacker to steal session IDs when an admin views current sessions. Root cause: improper handling of the User-Agent header enabling script injection. ...
Zenbership 107 - Multiple Vulnerabilities
Exploit for php platform in category web applications 1. ADVISORY INFORMATION ======================================== Title: Zenbership latest version - Multiple Vulnerabilities Application: Zenbership Class: Sensitive Information disclosure Versions Affected: alert'ExploitDB' HTTP Request POST...
Windows Manage Persistent EXE Payload Installer
This Module will upload an executable to a remote host and make it Persistent. It can be installed as USER, SYSTEM, or SERVICE. USER will start on user login, SYSTEM will start on system boot but requires privs. SERVICE will create a new service which will start the payload. Again requires privs...
Zenbership 107 Cross Site Request Forgery / Cross Site Scripting
ADVISORY INFORMATION ======================================== Title: Zenbership latest version - Multiple Vulnerabilities Application: Zenbership Class: Sensitive Information disclosure Versions Affected: alert'ExploitDB' HTTP Request POST /zenbership/pp-functions/formprocess.php HTTP/1.1 Host:...
Zenbership 107 - Multiple Vulnerabilities
ADVISORY INFORMATION ======================================== Title: Zenbership latest version - Multiple Vulnerabilities Application: Zenbership Class: Sensitive Information disclosure Versions Affected: alert'ExploitDB' HTTP Request POST /zenbership/pp-functions/formprocess.php HTTP/1.1 Host:...
XhP CMS 0.5.1 - Cross-Site Request Forgery Persistent Cross-Site Scripting
XhP CMS 0.5.1 - Cross-Site Request Forgery Persistent Cross-Site Scripting Exploit Title: XhP CMS 0.5.1 - Cross-Site Request Forgery to Persistent Cross-Site Scripting Exploit Author: Ahsan Tahir Date: 19-10-2016 Software Link: https://sourceforge.net/projects/xhp/ Vendor:...
XhP CMS 0.5.1 Cross Site Request Forgery / Cross Site Scripting
Exploit Title: XhP CMS 0.5.1 - Cross-Site Request Forgery to Persistent Cross-Site Scripting Exploit Author: Ahsan Tahir Date: 19-10-2016 Software Link: https://sourceforge.net/projects/xhp/ Vendor: https://sourceforge.net/projects/xhp/ Google Dork: inurl:Powered by XHP CMS Contact:...
XhP CMS 0.5.1 - Cross-Site Request Forgery / Persistent Cross-Site Scripting
Exploit Title: XhP CMS 0.5.1 - Cross-Site Request Forgery to Persistent Cross-Site Scripting Exploit Author: Ahsan Tahir Date: 19-10-2016 Software Link: https://sourceforge.net/projects/xhp/ Vendor: https://sourceforge.net/projects/xhp/ Google Dork: inurl:Powered by XHP CMS Contact:...
Trend Micro DirectPass - Bypass & Persistent Vulnerability
Document Title: =============== Trend Micro DirectPass - Bypass & Persistent Vulnerability References: =========== https://www.vulnerability-lab.com/getcontent.php?id=1986 Video: https://www.youtube.com/watch?v=NImym71f3Bc Release Date: ============= 2016-10-17 Vulnerability Laboratory ID VL-ID:...
Subrion CMS 4.0.5 - Cross-Site Request Forgery Bypass Persistent Cross-Site Scripting
Subrion CMS 4.0.5 - Cross-Site Request Forgery Bypass Persistent Cross-Site Scripting Exploit Title: Subrion CMS 4.0.5 - CSRF Bypass to Persistent XSS and Add-Admin Date: 15-10-2016 Software Link: http://www.subrion.org/download/ Vendor: http://www.subrion.org Google Dork: "Powered by Subrion CMS...
Subrion CMS 4.0.5 - Cross-Site Request Forgery Bypass / Persistent Cross-Site Scripting
Exploit Title: Subrion CMS 4.0.5 - CSRF Bypass to Persistent XSS and Add-Admin Date: 15-10-2016 Software Link: http://www.subrion.org/download/ Vendor: http://www.subrion.org Google Dork: "Powered by Subrion CMS" Exploit Author: Ahsan Tahir Contact: https://twitter.com/AhsanTahirAT |...
Trend Micro DirectPass - Bypass & Persistent Vulnerability
Document Title: =============== Trend Micro DirectPass - Bypass & Persistent Vulnerability References: =========== https://www.vulnerability-lab.com/getcontent.php?id=1986 Video: https://www.youtube.com/watch?v=NImym71f3Bc Release Date: ============= 2016-10-16 Vulnerability Laboratory ID VL-ID:...
Subrion CMS 4.0.5 Cross Site Request Forgery / Cross Site Scripting
Exploit Title: Subrion CMS 4.0.5 - CSRF Bypass to Persistent XSS and Add-Admin Date: 15-10-2016 Software Link: http://www.subrion.org/download/ Vendor: http://www.subrion.org Google Dork: "Powered by Subrion CMS" Exploit Author: Ahsan Tahir Contact: https://twitter.com/AhsanTahirAT |...
YouTube Automated CMS 1.0.7 - Cross-Site Request Forgery / Persistent Cross-Site Scripting
Exploit for php platform in category web applications Exploit Title: YouTube Automated CMS 1.0.1 / 1.0.7 - CSRF to Persistent XSS Date: 14 October 2016 Exploit Author: Arbin Godar Website : ArbinGodar.com Software Link: https://codecanyon.net/item/youtube-automated-cms/12021939 Version: 1.0.1 to...
YouTube Automated CMS 1.0.7 - Cross-Site Request Forgery Persistent Cross-Site Scripting
YouTube Automated CMS 1.0.7 - Cross-Site Request Forgery Persistent Cross-Site Scripting Exploit Title: YouTube Automated CMS 1.0.1 / 1.0.7 - CSRF to Persistent XSS Date: 14 October 2016 Exploit Author: Arbin Godar Website : ArbinGodar.com Software Link:...
YouTube Automated CMS 1.0.7 - Cross-Site Request Forgery / Persistent Cross-Site Scripting
Exploit Title: YouTube Automated CMS 1.0.1 / 1.0.7 - CSRF to Persistent XSS Date: 14 October 2016 Exploit Author: Arbin Godar Website : ArbinGodar.com Software Link: https://codecanyon.net/item/youtube-automated-cms/12021939 Version: 1.0.1 to 1.0.7...