The vulnerability of the Device Integration component of the Oracle MES for Process Manufacturing software solution, which is part of the Oracle E-Business Suite. This component allows a malicious individual to gain access to read, modify, and delete data.

The vulnerability of the Device Integration component in the Oracle MES for Process Manufacturing software solution is related to the manipulation of inter-site requests. Exploiting this vulnerability can allow an attacker to gain read, modify, and delete access to data...

The vulnerability of the GraphQL API interface of the software platform based on git for collaborative code development on GitLab allows a hacker to perform a CSRF attack.

The vulnerability of the GraphQL API interface of a software platform based on Git for collaborative code development on GitLab is related to the manipulation of inter-site requests. Exploiting this vulnerability allows an attacker operating remotely to perform a CSRF attack...

Exploit for CVE-2024-4439

Exploit CVE-2024-4439 This Python script demonstrates an exp...

AccPack Khanepani 1.0 Cross Site Request Forgery

============================================================================================================================================= | Title : AccPack Khanepani v1.0 CSRF Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 128.0.3 64 bits | |...

SASS BILLER 1.0 Cross Site Scripting

Exploit Title: SASS BILLER 1.0 - Stored XSS Exploit Author: CraCkEr Date: 12/07/2023 Vendor: Bug Finder Vendor Homepage: https://bugfinder.net/ Software Link: https://bugfinder.net/product/sass-biller-a-sass-based-invoicing-and-billing-platform/19 Tested on: Windows 10 Pro Impact: Manipulate the...

PHP Car Dealer 3.0 Cross Site Scripting

┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...

The vulnerability of the init() method in the Zabbix monitoring system allows a hacker to gain access to confidential data, compromise its integrity, and cause service failures.

The vulnerability of the init method in the Zabbix monitoring system is related to the manipulation of inter-site requests. Exploiting this vulnerability allows a malicious actor to gain access to confidential data, compromise its integrity, and cause service failures...

Rocket.Chat Cross-Site Scripting Vulnerability (CNVD-2022-70579)

Rocket.Chat is an open source team chat software. Chat suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the chat window, which can be exploited by an attacker to manipulate its style, block functionality, and...

OOApp Guestbook Multiple HTML Injection Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/12647/info OOApp Guestbook is reportedly affected by multiple HTML injection vulnerabilities. These issues occur because the application fails to properly sanitize user-supplied input. The attacker-supplied HTML and scrip...

AZ Bulletin Board 1.0.x/1.1 Post.PHP HTML Injection Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/16351/info AZbb is prone to HTML-injection vulnerabilities. These issues are due to a lack of proper sanitization of user-supplied input before using it in dynamically generated content. Attacker-supplied HTML and script...

Croogo CMS 1.3.4 - Multiple HTML Injection Vulnerabilities

Croogo CMS 1.3.4 - Multiple HTML Injection Vulnerabilities source: https://www.securityfocus.com/bid/53287/info Croogo CMS is prone to multiple HTML-injection vulnerabilities because it fails to properly sanitize user-supplied input. Successful exploits will allow attacker-supplied HTML and scrip...

OSQAs CMS - Multiple HTML Injection Vulnerabilities

OSQAs CMS - Multiple HTML Injection Vulnerabilities source: https://www.securityfocus.com/bid/52184/info OSQA's CMS is prone to multiple HTML-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data. Attacker-supplied HTML or JavaScript code could run in the context ...

Apache Traffic Server Remote DNS Cache Poisoning Vulnerability

Apache Traffic Server is prone to a remote DNS cache-poisoning vulnerability. An attacker can exploit this issue to divert data from a legitimate site to an attacker-specified site. Successful exploits will allow the attacker to manipulate cache data, potentially facilitating man-in-the-middle,...

Axigen Mail Server HTML Injection Vulnerability

Axigen Mail Server is prone to an HTML-injection vulnerability because the application fails to properly sanitize user-supplied input. Attacker-supplied HTML and script code would run in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication...

Nuke ET 3.4 - 'mensaje' HTML Injection

source: https://www.securityfocus.com/bid/28614/info Nuke ET is prone to an HTML-injection vulnerability because it fails to sufficiently sanitize user-supplied input data. Attackers will likely require access to a user account to perform attacks. Exploiting this issue may allow an attacker to...

427BB 2.x - Multiple Remote HTML Injection Vulnerabilities

source: https://www.securityfocus.com/bid/12693/info 427BB is reportedly affected by multiple remote HTML injection vulnerabilities. These issues occur because the application fails to properly sanitize user-supplied input before using it in dynamically generated content. The attacker-supplied HT...