Lucene search
+L

523 matches found

hackapp
hackapp
added 2016/04/01 9:5 a.m.10 views

TyA Showcase - External URLs, GPL license, Suspicious files vulnerabilities

HackApp vulnerability scanner discovered that application TyA Showcase published at the 'play' market has multiple vulnerabilities...

0.5AI score
Exploits0References1Affected Software1
seebug.org
seebug.org
added 2015/11/26 12:0 a.m.27 views

PHPOK企业建站系统(支付漏洞1元任意买);

简要描述: PHPOK企业建站系统PHPOK4.4.010支付漏洞1元任意买最新版 详细说明: 1.来到产品展示随便选入一件商品进购物车下订单 2.来到之类点确认支付抓包修改金额 3.改成1元然会出现链接点开就好了 只要1元就可以 漏洞证明: 1.来到产品展示随便选入一件商品进购物车下订单 img src="https://images.seebug.org/upload/201511/0919554096547d3a4eb6da54be5276c7ad0c1967.jpg" a...

7.1AI score
Exploits0
CNVD
CNVD
added 2015/01/06 12:0 a.m.4 views

WordPress Plugin Our Team Showcase (our-team-enhanced) Cross-Site Request Forgery Vulnerability

WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. A cross-site request forgery vulnerability in WordPress plugin Our Team Showcase our-team-enhanced versions prior to 1.3 allo...

6.8CVSS6.7AI score0.01001EPSS
Exploits1References1
NVD
NVD
added 2015/01/05 8:59 p.m.20 views

CVE-2014-9523

Multiple cross-site request forgery CSRF vulnerabilities in the Our Team Showcase our-team-enhanced plugin before 1.3 for WordPress allow remote attackers to hijack the authentication of administrators for requests that 1 change plugin settings via unspecified vectors or 2 conduct cross-site...

6.8CVSS6.7AI score0.01001EPSS
Exploits1References1
Prion
Prion
added 2015/01/05 8:59 p.m.13 views

Cross site request forgery (csrf)

Multiple cross-site request forgery CSRF vulnerabilities in the Our Team Showcase our-team-enhanced plugin before 1.3 for WordPress allow remote attackers to hijack the authentication of administrators for requests that 1 change plugin settings via unspecified vectors or 2 conduct cross-site...

6.8CVSS7AI score0.01001EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2015/01/05 8:0 p.m.43 views

CVE-2014-9523

The CVE-2014-9523 entries describe CSRF and XSS vulnerabilities affecting the WordPress plugin Our Team Showcase (our-team-enhanced) in versions before 1.3. An attacker can hijack administrator sessions to change plugin settings via unspecified vectors and trigger XSS through the sc_our_team_memb...

6.8CVSS6.8AI score0.01001EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2015/01/05 12:0 a.m.23 views

WordPress Our Team Showcase Plugin <= 1.2 - Multiple CSRF and XSS

Because of these cross-site request forgery vulnerabilities, the attackers can hijack the authentication of administrators for requests. In that way, they can change plugin settings via unspecified vectors or conduct cross-site scripting attacks. Solution Update the plugin...

6.8CVSS5.1AI score0.01001EPSS
Exploits1References1Affected Software1
Packet Storm
Packet Storm
added 2014/12/12 12:0 a.m.27 views

WordPress Our Team Showcase 1.2 CSRF / XSS

Title: WordPress 'Our Team Showcase' plugin - CSRF/XSS Version: 1.2 Author: Morten Nørtoft, Kenneth Jepsen, Mikkel Vej Date: 2014/12/12 Download: https://wordpress.org/plugins/our-team-enhanced/ Notified WordPress: 2014/11/27 ----------------------------------------------------------------...

7.4AI score
Exploits0
CVE
CVE
added 2014/11/07 11:0 a.m.36 views

CVE-2014-8671

CVE-2014-8671 is a cross-site scripting (XSS) vulnerability in the Android version of the GWT Mobile PhoneGap Showcase application. The issue allows remote attackers to inject arbitrary web script or HTML via a crafted Bluetooth Device Name field. The connected sources confirm the vulnerability a...

4.3CVSS5.8AI score0.0096EPSS
Exploits1References2Affected Software1
Dsquare
Dsquare
added 2013/10/17 12:0 a.m.46 views

Apache-Struts Showcase < 2.3.14.1 RCE Linux

Apache Struts Crafted Parameter Arbitrary OGNL Code Execution Vulnerability Type: Remote Command Execution For the exploit source code contact DSquare Security sales team...

9.3CVSS1.6AI score0.93813EPSS
Exploits1References3
UbuntuCve
UbuntuCve
added 2013/07/10 7:55 p.m.37 views

CVE-2013-1965

Apache Struts Showcase App 2.0.0 through 2.3.13, as used in Struts 2 before 2.3.14.3, allows remote attackers to execute arbitrary OGNL code via a crafted parameter name that is not properly handled when invoking a redirect...

9.3CVSS7.5AI score0.93813EPSS
Exploits1References3
Prion
Prion
added 2013/07/10 7:55 p.m.27 views

Design/Logic Flaw

Apache Struts Showcase App 2.0.0 through 2.3.13, as used in Struts 2 before 2.3.14.3, allows remote attackers to execute arbitrary OGNL code via a crafted parameter name that is not properly handled when invoking a redirect...

9.3CVSS7.8AI score0.93813EPSS
Exploits1References3Affected Software2
CVE
CVE
added 2013/07/10 7:0 p.m.145 views

CVE-2013-1965

CVE-2013-1965 affects Apache Struts 2, specifically the Struts Showcase App 2.0.0 through 2.3.13 (Struts 2 before 2.3.14.3). The vulnerability allows remote attackers to execute arbitrary OGNL code via a crafted parameter name that is mishandled during a redirect, enabling remote code execution o...

9.3CVSS8AI score0.93813EPSS
Exploits1References3Affected Software2
OpenVAS
OpenVAS
added 2012/03/13 12:0 a.m.25 views

Apache Struts2 Showcase Arbitrary Java Method Execution vulnerability

This host is running Apache Struts Showcase and is prone to java method execution vulnerability. OpenVAS Vulnerability Test $Id: gbapachestrutsshowcasejavamethodexecvuln.nasl 5841 2017-04-03 12:46:41Z cfi $ Apache Struts2 Showcase Arbitrary Java Method Execution vulnerability Authors: Antu Sanadi...

10CVSS0.5AI score0.1388EPSS
Exploits0References3
seebug.org
seebug.org
added 2012/02/09 12:0 a.m.36 views

Apache Struts多个HTML代码注入漏洞

BUGTRAQ ID: 51902 CVE ID: CVE-2012-1006 Apache Struts是一款开发Java web应用程序的开源Web应用框架。 Apache Struts在实现上存在多个HTML注入漏洞,攻击者可利用这些漏洞在受影响浏览器中运行HTML和脚本代码,窃取Cookie身份验证凭证或控制站点外观。 0 Apache Group Struts 2.2.3 Apache Group Struts 2.0.14 厂商补丁: Apache Group ------------ 目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版...

4.3CVSS9AI score0.58476EPSS
Exploits1
NVD
NVD
added 2012/02/07 4:9 a.m.25 views

CVE-2012-1006

Multiple cross-site scripting XSS vulnerabilities in Apache Struts 2.0.14 and 2.2.3 allow remote attackers to inject arbitrary web script or HTML via the 1 name or 2 lastName parameter to struts2-showcase/person/editPerson.action, or the 3 clientName parameter to struts2-rest-showcase/orders...

4.3CVSS8.3AI score0.58476EPSS
Exploits1References4
The Hacker News
The Hacker News
added 2011/09/08 7:48 p.m.3 views

Hacker Halted USA 2011 - 10 Reasons Why You Should Attend

Hacker Halted USA 2011 - 10 Reasons Why You Should Attend Hacker Halted is a global series of Computer and Information Security conferences presented by EC-Council. The objective of the Hacker Halted conferences is to raise international awareness towards increased education and ethics in IT...

6.9AI score
Exploits0
myhack58
myhack58
added 2011/08/28 12:0 a.m.21 views

Pole Rui enterprise website system proof the library 0day-vulnerability warning-the black bar safety net

Pole Rui enterprise website system is for small and medium businesses specially tailored to the small business Station source code, The code is all free and open, you can modify their own learning Use, but prohibited for commercial use. The system front interface clean and simple, the background ...

7.8AI score
Exploits0
myhack58
myhack58
added 2011/06/17 12:0 a.m.14 views

Pole Rui enterprise website system v1. 0 cookie injection vulnerability-vulnerability warning-the black bar safety net

Pole Rui enterprise website system is for small and medium businesses specially tailored to the small business Station source code, The code is all free and open, you can modify their own learning to use, but it is strictly prohibited for commercial purposes. System Systems front Desk interface i...

0.1AI score
Exploits0
NVD
NVD
added 2010/03/08 3:30 p.m.17 views

CVE-2010-0943

Directory traversal vulnerability in the JA Showcase comjashowcase component for Joomla! allows remote attackers to read arbitrary files via a .. dot dot in the controller parameter in a jashowcase action to index.php...

5CVSS6.7AI score0.16358EPSS
Exploits1References5
Rows per page
Query Builder