20 matches found
PT-2026-26000
Summary /objects/phpsessionid.json.php exposes the current PHP session ID to any unauthenticated request. The allowOrigin function reflects any Origin header back in Access-Control-Allow-Origin with Access-Control-Allow-Credentials: true, enabling cross-origin session theft and full account...
EUVD-2012-2711
Malware in sbrugna...
Exploit for CVE-2024-22120
Usage bash python exploit.py --ip --sid --hostid --phps...
CodoForum v5.1 - Remote Code Execution Exploit
Exploit Title: CodoForum v5.1 - Remote Code Execution RCE Exploit Author: Krish Pandey @vikaran101 Vendor Homepage: https://codoforum.com/ Software Link: https://bitbucket.org/evnix/codoforumdownloads/downloads/codoforum.v.5.1.zip Version: CodoForum v5.1 Tested on: Ubuntu 20.04 CVE: CVE-2022-3185...
Xerte 3.10.3 - Directory Traversal (Authenticated) Exploit
Exploit Title: Xerte 3.10.3 - Directory Traversal Authenticated Exploit Author: Rik Lutz Vendor Homepage: https://xerte.org.uk Software Link: https://github.com/thexerteproject/xerteonlinetoolkits/archive/refs/heads/3.9.zip Version: up until 3.10.3 Tested on: Windows 10 XAMP CVE : CVE-2021-44665...
Xerte 3.10.3 Directory Traversal
Exploit Title: Xerte 3.10.3 - Directory Traversal Authenticated Date: 05/03/2021 Exploit Author: Rik Lutz Vendor Homepage: https://xerte.org.uk Software Link: https://github.com/thexerteproject/xerteonlinetoolkits/archive/refs/heads/3.9.zip Version: up until 3.10.3 Tested on: Windows 10 XAMP CVE ...
Xerte 3.9 - Remote Code Execution (RCE) (Authenticated)
Exploit Title: Xerte 3.9 - Remote Code Execution RCE Authenticated Date: 05/03/2021 Exploit Author: Rik Lutz Vendor Homepage: https://xerte.org.uk Software Link: https://github.com/thexerteproject/xerteonlinetoolkits/archive/refs/heads/3.8.5-33.zip Version: up until version 3.9 Tested on: Windows...
FlatCore CMS 2.0.7 Remote Code Execution
Exploit Title: FlatCore CMS 2.0.7 - Remote Code Execution RCE Authenticated Date: 04/10/2021 Exploit Author: Mason Soroka-Gill @sgizoid Vendor Homepage: https://flatcore.org/ Software Link: https://github.com/flatCore/flatCore-CMS/archive/refs/tags/v2.0.7.tar.gz Version: 2.0.7 Tested on: Ubuntu...
diia.de XSS vulnerability
Open Bug Bounty ID: OBB-446290 Description| Value ---|--- Affected Website:| diia.de Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
Timing Attack
craftcms/cms is vulnerable to timing attack. The application uses the strcmp function that compares hashes in non-constant time, allowing an attacker to use the timing of the request to progressively identify the current PHP session id...
Muviko 1.0 SQL Injection
Exploit Title: Muviko - Video CMS v1.0 a 'q' Parameter SQL Injection Date: 02.08.2017 Vendor Homepage: https://muvikoscript.com/ Exploit Author: Kaan KAMIS Contact: iletisimatk2andotcom Website: http://k2an.com Category: Web Application Exploits Overview Muviko is a movie & video content manageme...
NfSen 1.3.7 AlienVault OSSIM 4.3.1 - customfmt Command Injection
NfSen 1.3.7 AlienVault OSSIM 4.3.1 - customfmt Command Injection Exploit Title: NfSen/AlienVault remote root exploit command injection in customfmt parameter Version: NfSen 1.3.6p1, 1.3.7 and 1.3.7-1bpo80+1all. Previous versions are also likely to be affected. Version: AlienVault USM/OSSIM 4.3.1...
NfSen < 1.3.7 / AlienVault OSSIM 4.3.1 - 'customfmt' Command Injection
Exploit Title: NfSen/AlienVault remote root exploit command injection in customfmt parameter Version: NfSen 1.3.6p1, 1.3.7 and 1.3.7-1bpo80+1all. Previous versions are also likely to be affected. Version: AlienVault USM/OSSIM 4.3.1 Date: 2017-07-10 Vendor Homepage: http://nfsen.sourceforge.net/...
NfSen 1.3.7 / AlienVault OSSIM 4.3.1 customfnt Command Injection
Exploit Title: NfSen/AlienVault remote root exploit command injection in customfmt parameter Version: NfSen 1.3.6p1, 1.3.7 and 1.3.7-1bpo80+1all. Previous versions are also likely to be affected. Version: AlienVault USM/OSSIM 4.3.1 Date: 2017-07-10 Vendor Homepage: http://nfsen.sourceforge.net/...
NfSen 1.3.7 / AlienVault USM/OSSIM 5.3.4 Command Injection
Exploit Title: NfSen/AlienVault remote root exploit IPC query command injection Version: NfSen 1.3.6p1, 1.3.7 and 1.3.7-1bpo80+1all. Previous versions are also likely to be affected. Version: AlienVault 5.3.4 Date: 2017-07-10 Vendor Homepage: http://nfsen.sourceforge.net/ Vendor Homepage:...
NfSen 1.3.7 AlienVault OSSIM 5.3.4 - Command Injection
NfSen 1.3.7 AlienVault OSSIM 5.3.4 - Command Injection Exploit Title: NfSen/AlienVault remote root exploit IPC query command injection Version: NfSen 1.3.6p1, 1.3.7 and 1.3.7-1bpo80+1all. Previous versions are also likely to be affected. Version: AlienVault 5.3.4 Date: 2017-07-10 Vendor Homepage:...
CVE-2017-6971
AlienVault USM and OSSIM before 5.3.7 and NfSen before 1.3.8 allow remote authenticated users to execute arbitrary commands in a privileged context, or launch a reverse shell, via vectors involving the PHP session ID and the NfSen PHP code, aka AlienVault ID ENG-104862...
Symantec Endpoint Protection Manager and Client Unauthorized Access Vulnerability
Symantec Endpoint Protection SEP is a suite of antivirus software from Symantec, Inc.SEP Manager and Client are the management and client software. An unauthorized access vulnerability exists in SEP Manager and Client version 12.1, which can be exploited by an attacker to access the PHP JSESSIONI...
CVE-2012-2731
CVE-2012-2731 affects Ubercart AJAX Cart 6.x-2.x for Drupal prior to 6.x-2.1. The vulnerability stems from storing the PHP session ID in a JavaScript settings array on page loads, which could allow remote attackers to disclose sensitive information by sniffing or reading the HTML cache of a page....
Unfixed XSS vulnerability at www.kevinjwangler.com
Security researcher SaMTHG, has submitted on 26/08/2008 a cross-site-scripting XSS vulnerability affecting www.kevinjwangler.com, which at the time of submission ranked 0 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 20/09/2008. It is current...