523 matches found
TyA Showcase - External URLs, GPL license, Suspicious files vulnerabilities
HackApp vulnerability scanner discovered that application TyA Showcase published at the 'play' market has multiple vulnerabilities...
PHPOK企业建站系统(支付漏洞1元任意买);
简要描述: PHPOK企业建站系统PHPOK4.4.010支付漏洞1元任意买最新版 详细说明: 1.来到产品展示随便选入一件商品进购物车下订单 2.来到之类点确认支付抓包修改金额 3.改成1元然会出现链接点开就好了 只要1元就可以 漏洞证明: 1.来到产品展示随便选入一件商品进购物车下订单 img src="https://images.seebug.org/upload/201511/0919554096547d3a4eb6da54be5276c7ad0c1967.jpg" a...
WordPress Plugin Our Team Showcase (our-team-enhanced) Cross-Site Request Forgery Vulnerability
WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. A cross-site request forgery vulnerability in WordPress plugin Our Team Showcase our-team-enhanced versions prior to 1.3 allo...
CVE-2014-9523
Multiple cross-site request forgery CSRF vulnerabilities in the Our Team Showcase our-team-enhanced plugin before 1.3 for WordPress allow remote attackers to hijack the authentication of administrators for requests that 1 change plugin settings via unspecified vectors or 2 conduct cross-site...
Cross site request forgery (csrf)
Multiple cross-site request forgery CSRF vulnerabilities in the Our Team Showcase our-team-enhanced plugin before 1.3 for WordPress allow remote attackers to hijack the authentication of administrators for requests that 1 change plugin settings via unspecified vectors or 2 conduct cross-site...
CVE-2014-9523
The CVE-2014-9523 entries describe CSRF and XSS vulnerabilities affecting the WordPress plugin Our Team Showcase (our-team-enhanced) in versions before 1.3. An attacker can hijack administrator sessions to change plugin settings via unspecified vectors and trigger XSS through the sc_our_team_memb...
WordPress Our Team Showcase Plugin <= 1.2 - Multiple CSRF and XSS
Because of these cross-site request forgery vulnerabilities, the attackers can hijack the authentication of administrators for requests. In that way, they can change plugin settings via unspecified vectors or conduct cross-site scripting attacks. Solution Update the plugin...
WordPress Our Team Showcase 1.2 CSRF / XSS
Title: WordPress 'Our Team Showcase' plugin - CSRF/XSS Version: 1.2 Author: Morten Nørtoft, Kenneth Jepsen, Mikkel Vej Date: 2014/12/12 Download: https://wordpress.org/plugins/our-team-enhanced/ Notified WordPress: 2014/11/27 ----------------------------------------------------------------...
CVE-2014-8671
CVE-2014-8671 is a cross-site scripting (XSS) vulnerability in the Android version of the GWT Mobile PhoneGap Showcase application. The issue allows remote attackers to inject arbitrary web script or HTML via a crafted Bluetooth Device Name field. The connected sources confirm the vulnerability a...
Apache-Struts Showcase < 2.3.14.1 RCE Linux
Apache Struts Crafted Parameter Arbitrary OGNL Code Execution Vulnerability Type: Remote Command Execution For the exploit source code contact DSquare Security sales team...
CVE-2013-1965
Apache Struts Showcase App 2.0.0 through 2.3.13, as used in Struts 2 before 2.3.14.3, allows remote attackers to execute arbitrary OGNL code via a crafted parameter name that is not properly handled when invoking a redirect...
Design/Logic Flaw
Apache Struts Showcase App 2.0.0 through 2.3.13, as used in Struts 2 before 2.3.14.3, allows remote attackers to execute arbitrary OGNL code via a crafted parameter name that is not properly handled when invoking a redirect...
CVE-2013-1965
CVE-2013-1965 affects Apache Struts 2, specifically the Struts Showcase App 2.0.0 through 2.3.13 (Struts 2 before 2.3.14.3). The vulnerability allows remote attackers to execute arbitrary OGNL code via a crafted parameter name that is mishandled during a redirect, enabling remote code execution o...
Apache Struts2 Showcase Arbitrary Java Method Execution vulnerability
This host is running Apache Struts Showcase and is prone to java method execution vulnerability. OpenVAS Vulnerability Test $Id: gbapachestrutsshowcasejavamethodexecvuln.nasl 5841 2017-04-03 12:46:41Z cfi $ Apache Struts2 Showcase Arbitrary Java Method Execution vulnerability Authors: Antu Sanadi...
Apache Struts多个HTML代码注入漏洞
BUGTRAQ ID: 51902 CVE ID: CVE-2012-1006 Apache Struts是一款开发Java web应用程序的开源Web应用框架。 Apache Struts在实现上存在多个HTML注入漏洞,攻击者可利用这些漏洞在受影响浏览器中运行HTML和脚本代码,窃取Cookie身份验证凭证或控制站点外观。 0 Apache Group Struts 2.2.3 Apache Group Struts 2.0.14 厂商补丁: Apache Group ------------ 目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版...
CVE-2012-1006
Multiple cross-site scripting XSS vulnerabilities in Apache Struts 2.0.14 and 2.2.3 allow remote attackers to inject arbitrary web script or HTML via the 1 name or 2 lastName parameter to struts2-showcase/person/editPerson.action, or the 3 clientName parameter to struts2-rest-showcase/orders...
Hacker Halted USA 2011 - 10 Reasons Why You Should Attend
Hacker Halted USA 2011 - 10 Reasons Why You Should Attend Hacker Halted is a global series of Computer and Information Security conferences presented by EC-Council. The objective of the Hacker Halted conferences is to raise international awareness towards increased education and ethics in IT...
Pole Rui enterprise website system proof the library 0day-vulnerability warning-the black bar safety net
Pole Rui enterprise website system is for small and medium businesses specially tailored to the small business Station source code, The code is all free and open, you can modify their own learning Use, but prohibited for commercial use. The system front interface clean and simple, the background ...
Pole Rui enterprise website system v1. 0 cookie injection vulnerability-vulnerability warning-the black bar safety net
Pole Rui enterprise website system is for small and medium businesses specially tailored to the small business Station source code, The code is all free and open, you can modify their own learning to use, but it is strictly prohibited for commercial purposes. System Systems front Desk interface i...
CVE-2010-0943
Directory traversal vulnerability in the JA Showcase comjashowcase component for Joomla! allows remote attackers to read arbitrary files via a .. dot dot in the controller parameter in a jashowcase action to index.php...