15 matches found
CVE-2024-50278 dm cache: fix potential out-of-bounds access on the first resume
In the Linux kernel, the following vulnerability has been resolved: dm cache: fix potential out-of-bounds access on the first resume Out-of-bounds access occurs if the fast device is expanded unexpectedly before the first-time resume of the cache table. This happens because expanding the fast...
U.S. Dept Of Defense: Parâmetro XSS: Nome de usuário - █████████
The report describes a cross-site scripting XSS vulnerability in the username parameter of an application. The vulnerability was demonstrated using Burp Suite, where the attacker was able to inject malicious JavaScript code into the username field. No further details were provided about the...
Aiven Ltd: 0-day Cross Origin Request Forgery vulnerability in Grafana 8.x .
Disclaimer To triage, please note that this is still a 0-day that was alerted to Grafana already, in order to make sure the client is safe I report this issue now, please make sure to not spread it further or leak it, as the best interest is to let you be aware and safer from any potential attack...
Exploit for Path Traversal in Microsoft
CVE-2021-40444 PoC Malicious docx generator to exploit CVE-20...
Cross-site Scripting (XSS) - Stored in bigprof-software/online-rental-property-manager
💥 BUG Stored xss via group name 💥 TESTED VERSION latest version as of 01/07/21 💥 STEP TO REPRODUCE 1. create a group with bellow xss payload in name.\ group1"'.\ 2. Now add a new user called user-B to the above group .\ 3. Finally visit...
in dolibarr/dolibarr
💥 BUG unprivileged user can upload file to a task associated with a project. 💥 IMPACT user who has read-only access to a project can add file to task associated with this project 💥 TESTED VERSION dolibarr 14.0.0-beta 💥 STEP TO REPRODUCE 1. First goto admin account and add user B as normal user ....
COVID19 Testing Management System 1.0 - (Admin name) Cross-Site Scripting Vulnerability
Exploit Title: COVID19 Testing Management System 1.0 - 'Admin name' Cross-Site Scripting XSS Exploit Author: Rohit Burke Vendor Homepage: https://phpgurukul.com Software Link: https://phpgurukul.com/covid19-testing-management-system-using-php-and-mysql/ Version: 1.0 Tested on: Windows 10 == Store...
Customer Relationship Management (CRM) System 1.0 - (Category) Persistent Cross site Scripting
Exploit Title: Customer Relationship Management CRM System 1.0 - 'Category' Persistent Cross site Scripting Exploit Author: Vani K G Vendor Homepage: https://www.sourcecodester.com/ Software Link:...
WebDamn User Registration And Login System With User Panel SQL Injection
Exploit Title: WebDamn User Registration & Login System with User Panel - SQLi Auth Bypass Date: 18-11-2020 Exploit Author: Aakash Madaan Vendor Homepage: https://webdamn.com/ Software Link : https://webdamn.com/user-management-system-with-php-mysql/ Version: N/A Default Tested on: Windows 10...
Streamripper 2.6 Buffer Overflow
!/usr/bin/python Exploit Title: StreamRipper32 Buffer Overflow Date: 07/2019 Exploit Author: Andrey Stoykov OSCP Tested On: Win7 SP1 x64 Software Link: http://streamripper.sourceforge.net/sr32/StreamRipper3226.exe Version: 2.6 Steps To Reproduce: Double click on "Add" in the "Station/Song Section...
Wedding Slideshow Studio 1.36 Buffer Overflow
Exploit Title: Socumsoft Wedding Slideshow Studio 1.36 Date: 02.08.2018 Exploit Author: Achilles Vendor Homepage: http://www.socusoft.com Vulnerable Software: http://www.socusoft.com/down/wedding-slideshow-studio.exe Tested on OS: Windows 7 64-bit DE Steps to reproduce: Copy the contents of the...
Aspen: Email Spoofing
There is an Email Spoofing Vulnerability. Steps to reproduce: 1 Go to http://emkei.cz/ 2 Fill "From Email" field to [email protected] or any other aspen email. 3 Fill the victim's address your address to "TO" field and fill in other details as you wish. You will receive email from aspen admin...
Gratipay: self cross site scripting
Vulnerability Exploited : cross site scripting using csrf Vulnerable URL:https://gratipay.com/search Vulnerability Explanation :The application is vulnerable with Reflected Cross Site Scripting. Here application fails to validate user supplied inputs due to which an attacker can inject his own...
WordPress Buddypress 1.9.1 Cross Site Scripting
Vulnerability: Wordpress plugin Buddypress = 1.9.1 stored xss Date: 13/02/2014 Author: Pietro Oliva Vendor Homepage: http://buddypress.org Software Link: http://downloads.wordpress.org/plugin/buddypress.1.9.1.zip Version: 1.9.1 CVE : CVE-2014-1888 Responsibly disclosed and patched in version 1.9....
"Contact Administrators" Process Doesn't Exclude Disabled Administrators
h3. Steps to Reproduce: Create a new test user Add the newly created user into confluence-administrators group Disabled the new test user Access the following URL code/500page.jspcode Click the "Confluence Administrators" link which will redirect you to this URL...