WordPress Abandoned Cart Lite For WooCommerce 5.14.2 Authentication Bypass

Entering the URL in browser will give you access to the respective users account. If the wordpress admin user himself...

Cross-site Scripting (XSS) - Generic in bigprof-software/online-invoicing-system

✍️ Description A cross-site scripting XSS allows remote attackers to inject JavaScript via the "p0-end" Parameter 🕵️‍♂️ Proof of Concept You can find installation instructions here: https://bigprof.com/appgini/applications/online-invoicing-system Vulnerable Parameter: p0-end p1-end & p2-end end XSS...

Cross-site Scripting (XSS) - Generic in bigprof-software/online-invoicing-system

✍️ Description A cross-site scripting XSS issue in the Fork version 5.9.3 allows remote attackers to inject JavaScript via the "filtererclient" Parameter 🕵️‍♂️ Proof of Concept You can find installation instructions here: https://bigprof.com/appgini/applications/online-invoicing-system Vulnerable...

Cross-site Scripting (XSS) - Generic in bigprof-software/online-invoicing-system

✍️ Description A cross-site scripting XSS issue in the Fork version 5.9.3 allows remote attackers to inject JavaScript via the "filtereritem" Parameter 🕵️‍♂️ Proof of Concept You can find installation instructions here: https://bigprof.com/appgini/applications/online-invoicing-system Vulnerable...

U.S. Dept Of Defense: Reflected XSS in https://www.██████/

Hello Security Team, I would like to report the XSS vulnerability on your system. The i= parameter is not escaped properly for URL encoded values. Steps To Reproduce: Visit the following POC link:...

Razer US: Open redirect on oauth2.razerzone.com caused by server misconfiguration when using triple slash after hostname

Another solid report form this tester, who helped us nail down the issue when it was only intermittently reproducible. We appreciate the hard work. I discovered the Open Redirect on the oauth2.razerzone.com due to improper handling of multiple/encoded slashes and dots in the URL path. POC link:...

Coinbase: [buy.coinbase.com]Content Injection

Hello Coinbase Details I'm not sure if this issue will count, i just want to make sure that is why i submit it. The parameter code is Vulnerable in Content Injection allowing me to inject any Text. Proof Of Concept Here is my PoC: F173393 and this which the text overlaps on the modal. F173394 PoC...

FantasyTote: Bypass logout

Hi again , you can logout any user by sending him this link : Poc link : https://www.fantasytote.com/logout...

Nextcloud: Content Spoofing

Hi i got content spoofing vulnerability . Content spoofing, also referred to as content injection or virtual defacement, is an attack targeting a user made possible by an injection vulnerability in a web application. POC Link :- https://nextcloud.com/.htacess%20THIS%20IS%20CONTENT%20SPOOFING...

Vimeo: Vimeo.com - reflected xss vulnerability

Hi. I want to report a Reflected xss vulnerability that I found in www.vimeo.com website and which can affect the safety of your users. This vulnerability allows an attacker to inject in web pages javascript content for sending malicious scripts to an unsuspecting user. This flaw can access any...

Vimeo: Vimeo.com - Reflected XSS Vulnerability

Hi. I want to report a Reflected xss vulnerability that I found in www.vimeo.com website and which can affect the safety of your users. This vulnerability allows an attacker to inject in web pages javascript content for sending malicious scripts to an unsuspecting user. This flaw can access any...

CVE-2014-0117

The modproxy module in the Apache HTTP Server 2.4.x before 2.4.10, when a reverse proxy is enabled, allows remote attackers to cause a denial of service child-process crash via a crafted HTTP Connection header...

Khan Academy: Weak Ciphers Enabled

Vulnerability Details:- I detected that weak ciphers are enabled during secure communication SSL. You should allow only strong ciphers on your web server to protect secure communication with your visitors. Impact:- Attackers might decrypt SSL traffic between your server and your visitors. Remedy:...

Opencadastre 1.02 Local File Inclusion

================================================== Opencadastre 1.02 Local File Include Vulnerability ================================================== + Opencadastre 1.02 Local File Include Vulnerability 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ ...

CVE-2009-2535

Mozilla Firefox before 2.0.0.19 and 3.x before 3.0.5, SeaMonkey, and Thunderbird allow remote attackers to cause a denial of service memory consumption and application crash via a large integer value for the length property of a Select object, a related issue to CVE-2009-1692...

MS Windows GDI+ Proof of Concept (MS08-052) #2

No description provided by source. ------------------------------------------------------------------------------------------------------------ Operating System: XP SP2 Gdiplus.dll Version: 5.1.3102.2180 Credit: John Smith, Evil Fingers GIF Template Reference:...

mswingdi-poc.txt

------------------------------------------------------------------------------------------------------------ Operating System: XP SP2 Gdiplus.dll Version: 5.1.3102.2180 Credit: John Smith, Evil Fingers GIF Template Reference: http://www.sweetscape.com/010editor/templates/files/GIFTemplate.bt PoC...

Coppermine Photo Gallery <= 1.4.10 Remote SQL Injection Exploit

No description provided by source. !/usr/bin/php ?php if$argc 4 print "\n---------------------------------------------------------"; print "\nAffected.scr..: Coppermine Photo Gallery = 1.4.10"; print "\nPoc.ID........: 19070104"; print "\nType..........: SQL Injection"; print "\nRisk.level....:...

XOOPS myAds Module - 'lid' SQL Injection

Xoops myAds module SQL-Injection Discovered: KeyCoder Visit : www.grisapka.org Contact: [email protected] Thanx: SecretlyX-BeLa --------------------------------------- Details : Xoops myAds module SQL-Injection Vulnerability Website : http://www.xoops.org/ Vulnerable File : annonces-p-f.php PoC :...