Lyst: DOM XSS on http://talks.lystit.com

Description DOM XSS can be achieved via a postMessage due to an insecure postMessage handler being registered. POC 1. Visit https://gamer7112.com/lyst1.html 2. Click the link 3. View alert Vulnerable Code Located at http://talks.lystit.com/data-saloon-presentation/plugin/notes/notes.html javascri...

SuiteCRM 7.11.15 - 'last_name' Remote Code Execution (Authenticated)

Exploit Title: SuiteCRM 7.11.15 - 'lastname' Remote Code Execution Authenticated Date: 08 NOV 2020 Exploit Author: M. Cory Billington @th3y Vendor Homepage: https://suitecrm.com/ Software Link: https://github.com/salesagility/SuiteCRM Version: 7.11.15 and below Tested on: Ubuntu 20.04 LTS CVE:...

c.gz.cn Cross Site Scripting vulnerability OBB-1491467

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

CMSUno 1.6.2 Remote Code Execution

Exploit Title: CMSUno 1.6.2 - 'lang' Remote Code Execution Authenticated Google Dork: N/A Date: 2020.09.30 Exploit Author: Fatih Çelik Vendor Homepage: https://github.com/boiteasite/cmsuno/ Software Link: https://github.com/boiteasite/cmsuno/ Blog:...

Dell OpenManage Server Administrator Path Traversal (DSA-2020-172)

The version of Dell OpenManage Server Administrator OMSA running on the remote host is affected by a path traversal vulnerability due to improper sanitization of user-supplied input to a web API request. An unauthenticated, remote attacker can exploit this, via a crafted request, to gain file...

CVE-2017-17380

...

CVE-2017-17362

...

CVE-2017-17333

...

CVE-2017-15181

...

Design/Logic Flaw

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none...

CVE-1999-1594

...

Winlogon Privilege Escalation (CVE-2020-1472)

A privilege escalation is the act of exploiting a bug, design flaw or configuration oversight in an operating system or software application to gain elevated access to resources that are normally protected. Successful exploitation of this vulnerability could allow an attacker to run arbitrary cod...

WordPress < 5.5.2 Multiple Vulnerabilities

According to its self-reported version number, the installation of WordPress installed on the remote host is affected by multiple vulnerabilities: - A deserialization vulnerability exists in wp-includes/Requests/Utility/FilteredIterator.php. An unauthenticated, remote attacker can exploit this, b...

ALBA-2020:4640 radvd bug fix and enhancement update

For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section...

ALBA-2020:4557 zstd bug fix and enhancement update

For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section...

Sphider Search Engine 1.3.6 Remote Code Execution

Exploit Title: Sphider Search Engine 1.3.6 - 'wordupperbound' RCE Authenticated Google Dork: intitle:"Sphider Admin Login" Date: 2014-07-28 Exploit Author: Gurkirat Singh Vendor Homepage: http://www.sphider.eu/ Software Link: http://www.sphider.eu/sphider-1.3.6.zip Version: v1.3.6 Tested on:...

Oracle Database Server Multiple Vulnerabilities (Oct 2020 CPU)

The versions of Oracle Database Server installed on the remote host are affected by multiple vulnerabilities as referenced in the October 2020 CPU advisory. - Vulnerability in the Core RDBMS bzip2 component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2,...

lookn4u.com Cross Site Scripting vulnerability OBB-1428481

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

Fedora 32 : 1:livecd-tools / createrepo_c / dnf / dnf-plugins-core / etc (2020-5d9f0ce2b3)

createrepoc 0.16.1 - Update to 0.16.1 - Add the section number to the manual pages - Parse xml snippet in smaller parts RhBug:1859689 - Add module metadata support to createrepoc RhBug:1795936 librepo 1.12.1 - Update to 1.12.1 - Validate path read from repomd.xml RhBug:1868639 libdnf 0.54.2 -...

Textpattern CMS 4.6.2 - Cross-site Request Forgery

Exploit Title: Textpattern CMS 4.6.2 - Cross-site Request Forgery Exploit Author: Alperen Ergel Contact: @alprenae Software Homepage: https://textpattern.com/ Version : 4.6.2 Tested on: windows 10 / xammp Category: WebApp Google Dork: intext:"Published with Textpattern CMS" Date: 2020-10-29...