Cross-site Scripting (XSS) via Cookie Value

Description The is an XSS could be trigger via cookie value. Cross-site Scripting XSS refers to client-side code injection attack wherein an attacker can execute malicious scripts into a legitimate website or web application. XSS occurs when a web application makes use of unvalidated or unencoded...

GitLab: Command injection by overwriting authorized_keys file through GitLab import

The Projects::GitlabProjectsImportService contains a vulnerability that allows an attacker to write files to arbitrary directories on the server. This leads to an arbitrary command execution vulnerability by overwriting the authorizedkeys file. To reproduce, sign in to a GitLab instance that has...

WordPress Levo-Slideshow 2.3 Shell Upload

Exploit Name: Wordpress Levo-Slideshow 2.3 Shell Upload by Unprivileged user Exploit Date: 5/6/2016 Author: Aaditya Purani Author Blog: https://aadityapurani.com Vendor: https://wordpress.org/plugins/wp-levoslideshow Version: 2.3 Tested on: Wordpress 4.5.2 Hi This is Aaditya Purani, Let's have lo...