Cross-Site Tracing (XST)

spring-web is vulnerable to cross-site tracing XST attacks. The vulnerability exists as HiddenHttpMethodFilter allows web applications to change existing HTTP request method to any HTTP method, causing applications with existing cross-site scripting XSS vulnerability to be vulnerable to XST...

Domains & Hostings Manager PRO 3.0 - Authentication Bypass Vulnerability

Exploit for php platform in category web applications Exploit Title: Domains & Hostings Manager PRO v 3.0 - Authentication Bypass Date: 13.01.2018 Vendor Homepage: http://endavi.com/ Software Buy: https://codecanyon.net/item/advanced-domains-and-hostings-pro-v3-multiuser/10368735 Demo:...

Taxi Booking Script 1.0 Cross Site Scripting

Exploit Title: Taxi Booking Script v1.0 - Cross-site Scripting XSS Date: 11.01.2018 Vendor Homepage: https://www.phpjabbers.com/taxi-booking-script/ Software Link: Demo: http://demo.phpjabbers.com/1515648238792/index.php?controller=pjAdminUsers&action=pjActionIndex&err=AU01 Version: 1.0 Category:...

FortiCloud Cross Site Scripting

Document Title: =============== FortiCloud - Reports Summary Multiple Persistent Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1735 Release Date: ============= 2016-08-05 Vulnerability Laboratory ID VL-ID:...

PressePortal NewsAktuell (DPA) - Multiple Vulnerabilities

Document Title: =============== PressePortal NewsAktuell DPA - Multiple Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1676 Vulnerability Magazine:...

File Manager PRO v1.3 iOS - Multiple Web Vulnerabilities

Document Title: =============== File Manager PRO v1.3 iOS - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1704 Release Date: ============= 2016-02-03 Vulnerability Laboratory ID VL-ID: ====================================...

Y-R-S CMS 2015Q4 - (ID) SQL Injection Web Vulnerability

Document Title: =============== Y-R-S CMS 2015Q4 - ID SQL Injection Web Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1644 Release Date: ============= 2015-11-17 Vulnerability Laboratory ID VL-ID: ==================================== 1644...

ABH WORLD SQL Injection

========================================================= + Title :- ABH WORLD CMS - SQL Injection Vulnerability + Date :- 19 - June - 2015 + Vendor Homepage: :- https://abhworld.com/ + Version :- All Versions + Tested on :- Nginx/1.4.5, PHP/5.2.17, Linux - Windows + Category :- webapps + Google...

Sitefinity Enterprise v7.2.53 - Persistent Vulnerability

Document Title: =============== Sitefinity Enterprise v7.2.53 - Persistent Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1369 Release Date: ============= 2015-01-06 Vulnerability Laboratory ID VL-ID: ====================================...

Konakart v7.3.0.1 CMS - CS Cross Site Web Vulnerability

Document Title: =============== Konakart v7.3.0.1 CMS - CS Cross Site Web Vulnerability References Source: ==================== http://vulnerability-lab.com/getcontent.php?id=1362 Release Date: ============= 2014-12-04 Vulnerability Laboratory ID VL-ID: ==================================== 1362...

E-Journal CMS (ID) - Multiple Web Vulnerabilities

Document Title: =============== E-Journal CMS ID - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1380 Release Date: ============= 2014-12-17 Vulnerability Laboratory ID VL-ID: ==================================== 1380 Commo...

BiWEB最新商城版绕过过滤注入漏洞大礼包

简要描述： BiWEB最新商城版绕过过滤注入漏洞大礼包 详细说明： 在wooyun上看到了有人提了BiWEB商城版的一个XSS漏洞： WooYun: BIWEB商城版XSS盲打cookie ，也有人提了SQL注入，我来找找其他的漏洞吧。去官网下BiWEB商城版最新的5.8.4来看看。 BiWEB对用户输入进行了全局过滤，但是这种过滤方法比较NC，这个漏洞就是来绕过全局过滤的。先来看看这个全局过滤方法吧/config/filtrate.inc.php...

FreeDisk v1.01 iOS - Multiple Web Vulnerabilities

Document Title: =============== FreeDisk v1.01 iOS - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1287 Release Date: ============= 2014-08-01 Vulnerability Laboratory ID VL-ID: ==================================== 1287...

WiFi HD v7.3.0 iOS - Multiple Web Vulnerabilities

Document Title: =============== WiFi HD v7.3.0 iOS - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1283 Release Date: ============= 2014-07-29 Vulnerability Laboratory ID VL-ID: ==================================== 1283...

iShare Your Moving Library 1.0 iOS - Multiple Vulnerabilities

No description provided by source. Document Title: =============== iShare Your Moving Library 1.0 iOS - Multiple Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1240 Release Date: ============= 2014-03-31 Vulnerability Laboratory ID VL-ID...

NG WifiTransfer Pro 1.1 Local File Inclusion

Document Title: =============== NG WifiTransfer Pro 1.1 - File Include Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1260 Release Date: ============= 2014-04-28 Vulnerability Laboratory ID VL-ID: ==================================== 1260...

iShare Your Moving Library 1.0 iOS - Multiple Vulnerabilities

iShare Your Moving Library 1.0 iOS - Multiple Vulnerabilities Document Title: =============== iShare Your Moving Library 1.0 iOS - Multiple Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1240 Release Date: ============= 2014-03-31...

gpEasy 4.3.x XSS / File Inclusion / Shell Upload

Document Title: =============== gpEasy v4.3.x CMS - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1189 Release Date: ============= 2014-02-06 Vulnerability Laboratory ID VL-ID: ==================================== 1189 Comm...

CVE-2011-5009

The CVE-2011-5009 vulnerability affects 3S CoDeSys CmpWebServer (Control service) as part of CoDeSys 3.4 SP4 Patch 2. It stems from insufficient validation of incoming HTTP requests, leading to a NULL pointer dereference when handling a crafted Content-Length in an HTTP POST or an invalid HTTP me...

Caucho Technology Resin digest.php Cross Site Scripting Vulnerability

This vulnerability do not need to login.digest.php use the REQUEST method in a wrong way to accept parametersthe malicious user could submit xss code on this page and an attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. exp:...