Cacti Cross-Site Scripting Vulnerability

Cacti is a set of open source network traffic monitoring and analysis tools from the Cacti team. The tool obtains data via snmpget, analyzes it using RRDtool drawing graphs, and provides data and user management features. Cacti suffers from a cross-site scripting vulnerability that stems from the...

Subrion CMS 4.2.1 - Stored Cross-Site Scripting Vulnerability

Exploit Title: Subrion CMS 4.2.1 - Stored Cross-Site Scripting XSS Exploit Author: Sinem Şahin Vendor Homepage: https://intelliants.com/ Version: 4.2.1 Tested on: Windows & XAMPP == Tutorial http://HOST/panel/fields/add 2- Write XSS Payload into the tooltip value of the field add page. 3- Press...

Kwayy HTML Sitemap < 4.0 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. 1. Click the 'Settings' button of this plugin. 2...

Stored Cross Site Scripting (XSS) via "properties" during creating new users

Description From demo url login click people icon at the left bar click "Customers" Click "New Customer" button from page Fill up the "Edit" tab Click "Save" button above Click "Properties" tab From "Add a custom Property" field , add "Test" on the first field Click and select "text" on the secon...

Cluevo < 1.8.1 - Admin+ Stored Cross Site Scripting

The plugin does not sanitise and escape Course's module, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed On the Learning Management page /wp-admin/admin.php?page=cluevo-lms, click Add Course, then put the followi...

Cross-site Scripting (XSS) - Generic in blackcatdevelopment/blackcatcms

✍️ Description 'Display name' Cross Site Scripting XSS 🕵️‍♂️ Proof of Concept 1. To exploit this vulnerability an attacker has a login in the admin panel and clicks on the admin profile button. Then use " onmouseover=alert1 " this XSS payload on Display name field and click on the Save button. 2...

Textpattern CMS 4.8.4 Cross Site Scripting

Exploit Title: Textpattern CMS 4.8.4 - 'Comments' Persistent Cross-Site Scripting XSS Date: 2021-03-04 Exploit Author: Tushar Vaidya Vendor Homepage: https://textpattern.com Software Link: https://textpattern.com/start Version: v 4.8.4 Tested on: Windows Steps-To-Reproduce: 1. Login into...

BlackCat CMS 1.3.6 - &#039;Display name&#039; Cross Site Scripting (XSS)

Exploit Title: BlackCat CMS 1.3.6 - 'Display name' Cross Site Scripting XSS Date: 16-02-2021 Exploit Author: Kamaljeet Kumar - TATA Advanced Systems Limited Vendor Homepage: https://blackcat-cms.org/ Software Link: https://blackcat-cms.org/page/download.php Version: BlackCat CMS - 1.3.6 Tested on...

BlackCat CMS 1.3.6 - (Display name) XSS Vulnerability

Exploit Title: BlackCat CMS 1.3.6 - 'Display name' Cross Site Scripting XSS Exploit Author: Kamaljeet Kumar - TATA Advanced Systems Limited Vendor Homepage: https://blackcat-cms.org/ Software Link: https://blackcat-cms.org/page/download.php Version: BlackCat CMS - 1.3.6 Tested on: Windows Steps t...

Invision Community 4.5.4 - &#039;Field Name&#039; Stored Cross-Site Scripting

Exploit Title: Invision Community 4.5.4 - 'Field Name' Stored Cross-Site Scripting Date: 02-12-2020 Exploit Author: Hemant Patidar HemantSolo Vendor Homepage: https://invisioncommunity.com/ Software Link: https://invisioncommunity.com/buy Version: 4.5.4 Tested on: Windows 10/Kali Linux CVE:...

DiskBoss 7.7.14 - &#039;Reports and Data Directory&#039; Buffer Overflow (SEH Egghunter)

Exploit Title: DiskBoss 7.7.14 - 'Reports and Data Directory' Buffer Overflow SEH Egghunter Date: 2020-07-26 Exploit Author: MasterVlad Vendor Homepage: https://www.diskboss.com/ Software Link: https://github.com/x00x00x00x00/diskboss7.7.14/raw/master/diskbosssetupv7.7.14.exe Version: 7.7.14...

Custom Header - Automatic Add New Header To Entire BurpSuite HTTP Requests

This Burp Suite extension allows you to customize header with put a new header into HTTP REQUEST BurpSuite Scanner, Intruder, Repeater, Proxy History and also you can choose whatever HTTP VERB what do you want to customize. Usage Easy to use ! : Don't forget to click save button ! Changelog 24...

Debian DLA-278-2 : cacti regression update

The last update of cacti in squeeze-lts, version 0.8.7g-1+squeeze7, had two regressions that caused certain output of scripts to not be processed and caused the save button of graphs.php to not save the changes. The regressions have been fixed in 0.8.7g-1+squeeze8. NOTE: Tenable Network Security...

[SECURITY] [DLA 278-2] cacti regression update

Package : cacti Version : 0.8.7g-1+squeeze8 The last update of cacti in squeeze-lts, version 0.8.7g-1+squeeze7, had two regressions that caused certain output of scripts to not be processed and caused the save button of graphs.php to not save the changes. The regressions have been fixed in...

Link Up Gold CSRF Vulnerability

Exploit for php platform in category web applications Exploit Title: Link Up Gold CSRF Author: Jonturk75 Category:: webapps Demo : http://demo.scripts-gate.com/LinkUpGold/administration Greetz: Inj3ct0r Exploit DataBase 1337day.com 0day.today 2018-04-14...

CVE-2004-2225

Mozilla Firefox before 0.10.1 allows remote attackers to delete arbitrary files in the download directory via a crafted data: URI that is not properly handled when the user clicks the Save button...