Node.js: Slowloris, body parsing

Summary: add summary of the vulnerability Attackers can cause a Denial of Service by sending HTTP request body data extremely slowly to keep a connection open by maintaining activity, and use resources over an extended period. Description: add more details about this vulnerability Body data is se...

WordPress WP Sitemap Page 1.6.2 Cross Site Scripting

Exploit Title: WordPress Plugin WP Sitemap Page 1.6.2 - Persistent Cross-Site Scripting Dork:N/A Date: 2020-02-17 Exploit Author: UltraSecurityTeam Team Member = Ashkan Moghaddas , AmirMohammad Safari , Behzad khalife , Milad Ranjbar Vendor Homepage: UltraSec.Org Software Link:...

Avaya Aura Communication Manager 5.2 Remote Code Execution

Exploit Title: Avaya Aura Communication Manager 5.2 - Remote Code Execution Exploit Author: Sarang Tumne a.k.a SarT Date: 2020-02-14 Confirmed on release 5.2 Vendor: https://www.avaya.com/en/ Avaya's advisory: https://downloads.avaya.com/css/P8/documents/100183151 Exploit generates a reverse shel...

LabVantage 8.3 - Information Disclosure

Exploit Title: LabVantage 8.3 - Information Disclosure Google Dork: N/A Date: 2020-02-16 Exploit Author: Joel Aviad Ossi Vendor Homepage: labvantage.com Software Link: N/A Version: LabVantage 8.3 Tested on: CVE : N/A import requests import operator def exploittarget: print"+ Fetching LabVantage...

Cisco Prime Infrastructure runrshell Local Privilege Escalation Vulnerability

Cisco Prime Infrastructure CPI is a wired and wireless network management software suite that consists of different networking applications from Cisco Systems. The system is used across various industries, from healthcare, manufacturing, government, IT, etc. A vulnerability was found in the...

CVE-2012-2216

...

Design/Logic Flaw

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2013-4267. Reason: This issue was MERGED into CVE-2013-4267 in accordance with CVE content decisions, because it is the same type of vulnerability and affects the same versions. Notes: All CVE users should reference CVE-2013-4267...

textura-interiors.com Open Redirect vulnerability

Open Bug Bounty ID: OBB-1089458 Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website...

Hackers caught using CNET website to spread nasty malware

By Sudais Asif Yet another attempt by hackers to drop malware through CNET's download section that leaves a question mark on whether to download anything from CNET? This is a post from HackRead.com Read the original post: Hackers caught using CNET website to spread nasty malware...

juaramovie.org Cross Site Scripting vulnerability

Open Bug Bounty ID: OBB-1087399 Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website...

phpList 3.5.0 - Authentication Bypass

phpList 3.5.0 - Authentication Bypass Exploit Title: phpList 3.5.0 - Authentication Bypass Google Dork: N/A Date: 2020-02-03 Exploit Author: Suvadip Kar Author Contact: https://twitter.com/spidersec Vendor Homepage: https://www.phplist.org Software Link: https://www.phplist.org/download-phplist/...

ethicalshop.org Cross Site Scripting vulnerability OBB-1082017

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

PYSEC-2020-212

Multiple cross-site scripting XSS vulnerabilities in Roundup before 1.4.20 allow remote attackers to inject arbitrary web script or HTML via the 1 @okmessage or 2 @errormessage parameter to issue...

hotelcristallobrescia.com Cross Site Scripting vulnerability

Open Bug Bounty ID: OBB-1076992 Security Researcher metamorfosec Helped patch 1973 vulnerabilities Received 9 Coordinated Disclosure badges Received 31 recommendations , a holder of 9 badges for responsible and coordinated disclosure, found a security vulnerability affecting...

debenhams.com Cross Site Scripting vulnerability

Open Bug Bounty ID: OBB-1075397 Security Researcher 4NCURZE Helped patch 1540 vulnerabilities Received 7 Coordinated Disclosure badges Received 13 recommendations , a holder of 7 badges for responsible and coordinated disclosure, found a security vulnerability affecting debenhams.com website and...

CVE-2019-0970

...

h1-ctf: [h1-415 2020] Spent a week and failed at solving the last step.

Summary: I found something interesting with Headless chrome debugging in the last step, I am sure I am going to solve this after trying very hard for about a week, I don't know when this CTF is going to end, that's why I am submitting a summary of how to solve this so that I can write the full...

KeePass 2.44 Denial Of Service

Exploit Title : KeePass 2.44 - Denial of Service PoC Product : KeePass Password Safe Version : Help About KeePass Help any local help area Drag&Drop HTML File Save the contents to html. Payload-1: DoS & Run Cmd //=0;i-- tryo+=x.c" + "harAti;catchereturn o;f"\"function fx,yvar i,o=\"\\\""+...

Yelp: Multiple Vulnerabilities in (*.blog.yelp.com) - Leakage user admin Sensitive Exposure

Hi! Team @yelp, We Found Multiple Vulnerabilities in you websites , Username Admin Login Sensitive Exposure Refferals Hackerone 753725 Platforms Affected: website . https://blog.yelp.com/wp-json/ user-admin sensitive exposure . https://blog.yelp.com/wp-login.php Admin-Page disclousure Steps To...

CVE-2019-5711

...