GHSA-RP89-32RP-QPQ2 Pagekit Weak Password Recovery Mechanism for Forgotten Password

An issue was discovered in Pagekit CMS before 1.0.11. In this vulnerability the remote attacker is able to reset the registered user's password, when the debug toolbar is enabled. The password is successfully recovered using this exploit. The SecureLayer7 ID is SL7PGKT01...

Linux/x86 - Add User to /etc/passwd Shellcode (59 bytes)

Exploit Title: Linux/x86 - Add User to /etc/passwd Shellcode 59 bytes Exploit Author: sagar.offsec VL43CK Guided by: Touhid M.Shaikh Designation: Security Consultant at SecureLayer7 Website: https://www.sagaroffsec.com Tested on: Ubuntu i386 GNU/LINUX Shellcode Length: 59...

Cross-Site Scripting

Overview Versions of keystone prior to 4.0.0 are vulnerable to Cross-Site Scripting XSS. The package fails to sanitize user input on the Contact Us page, allowing attackers to submit contact forms with malicious JavaScript in the message field. The output is not properly encoded leading an admin...

CVE-2017-16570

KeystoneJS before 4.0.0-beta.7 allows application-wide CSRF bypass by removing the CSRF parameter and value, aka SecureLayer7 issue number SL7KEYJS03. In other words, it fails to reject requests that lack an x-csrf-token header...

CVE-2017-16570

KeystoneJS before 4.0.0-beta.7 allows application-wide CSRF bypass by removing the CSRF parameter and value, aka SecureLayer7 issue number SL7KEYJS03. In other words, it fails to reject requests that lack an x-csrf-token header...

CVE-2017-16570

KeystoneJS vulnerability CVE-2017-16570 affects KeystoneJS before 4.0.0-beta.7. The issue is a Cross-Site Request Forgery (CSRF) bypass where requests can bypass CSRF protection by removing the CSRF parameter/value, effectively not rejecting requests that lack an X-CSRF-Token header. Public detai...

KeystoneJS 4.0.0-beta.5 - CSV Excel Macro Injection

Exploit Title: KeystoneJS 4.0.0-beta.5 Unauthenticated CSV Injection Vendor Homepage: http://keystonejs.com/ Exploit Author: Ishaq Mohammed Contact: https://twitter.com/securityprince Website: https://about.me/security-prince Category: WEBAPPS Platform: Node.js CVE: CVE-2017-15879 Vendor...

KeystoneJS 4.0.0-beta.5 - Cross-Site Scripting

Exploit Title: KeystoneJS 4.0.0-beta.5 Unauthenticated Stored XSS Vendor Homepage: http://keystonejs.com/ Exploit Author: Ishaq Mohammed Contact: https://twitter.com/securityprince Website: https://about.me/security-prince Category: WEBAPPS Platform: Node.js CVE: CVE-2017-15878 Vendor Description...

Design/Logic Flaw

An issue was discovered in Pagekit CMS before 1.0.11. In this vulnerability the remote attacker is able to reset the registered user's password, when the debug toolbar is enabled. The password is successfully recovered using this exploit. The SecureLayer7 ID is SL7PGKT01...

CVE-2017-5594

The Pagekit CMS

CVE-2017-5594

An issue was discovered in Pagekit CMS before 1.0.11. In this vulnerability the remote attacker is able to reset the registered user's password, when the debug toolbar is enabled. The password is successfully recovered using this exploit. The SecureLayer7 ID is SL7PGKT01...

PageKit 1.0.10 - Password Reset

Exploit Title: Remote PageKit Password Reset Vulnerability Date:​21-01-2017 Software Link: http://pagekit.com/ Exploit Author: Saurabh Banawar from SecureLayer7​ Contact: http://twitter.com/​securelayer7 Website: http​s://securelayer7.net​ Category: webapps 1. Description Anyremote user can reset...

PageKit 1.0.10 - Password Reset

PageKit 1.0.10 - Password Reset Exploit Title: Remote PageKit Password Reset Vulnerability Date:​21-01-2017 Software Link: http://pagekit.com/ Exploit Author: Saurabh Banawar from SecureLayer7​ Contact: http://twitter.com/​securelayer7 Website: http​s://securelayer7.net​ Category: webapps 1...