Cross site scripting

An XSS issue was discovered in Catfish CMS 4.8.30, related to "write source code," a similar issue to CVE-2018-13999...

Card Payment 1.0 - Cross-Site Request Forgery (Update Admin)

Card Payment 1.0 - Cross-Site Request Forgery Update Admin Exploit Title: Card Payment 1.0 - Cross-Site Request Forgery Update Admin Dork: N/A Date: 2018-10-29 Exploit Author: Ihsan Sencan Vendor Homepage: https://www.sourcecodester.com/users/janobe Software Link:...

Library Management System 1.0 - frmListBooks SQL Injection

Library Management System 1.0 - frmListBooks SQL Injection Exploit Title: Library Management System 1.0 - 'frmListBooks' SQL Injection Dork: N/A Date: 2018-10-29 Exploit Author: Ihsan Sencan Vendor Homepage: https://www.sourcecodester.com/users/janobe Software Link:...

Curriculum Evaluation System 1.0 - SQL Injection

Curriculum Evaluation System 1.0 - SQL Injection Exploit Title: Curriculum Evaluation System 1.0 - SQL Injection Dork: N/A Date: 2018-10-29 Exploit Author: Ihsan Sencan Vendor Homepage: https://www.sourcecodester.com/users/janobe Software Link:...

Aplaya Beach Resort Online Reservation System 1.0 CSRF / SQL Injection

Exploit Title: Aplaya Beach Resort Online Reservation System 1.0 - Multiple Vulnerabilities Dork: N/A Date: 2018-10-29 Exploit Author: Ihsan Sencan Vendor Homepage: https://www.sourcecodester.com/users/janobe Software Link:...

PayPal-Credit Card-Debit Card Payment 1.0 - SQL Injection

PayPal-Credit Card-Debit Card Payment 1.0 - SQL Injection Exploit Title: PayPal/Credit Card/Debit Card Payment 1.0 - SQL Injection Dork: N/A Date: 2018-10-29 Exploit Author: Ihsan Sencan Vendor Homepage: https://www.sourcecodester.com/users/janobe Software Link:...

Point of Sales (POS) in VB.Net MySQL Database 1.0 - SQL Injection

Exploit Title: Point of Sales POS in VB.Net MySQL Database 1.0 - SQL Injection Dork: N/A Date: 2018-10-29 Exploit Author: Ihsan Sencan Vendor Homepage: https://www.sourcecodester.com/users/janobe Software Link: https://www.sourcecodester.com/sites/default/files/download/janobe/poinofsales0.zip...

School Event Management System 1.0 - SQL Injection

School Event Management System 1.0 - SQL Injection Exploit Title: School Event Management System 1.0 - SQL Injection Dork: N/A Date: 2018-10-29 Exploit Author: Ihsan Sencan Vendor Homepage: https://www.sourcecodester.com/users/janobe Software Link:...

CVE-2018-18736

CVE-2018-18736 corresponds to an XSS vulnerability in catfish blog 2.0.33 (described as related to “write source code”). Affected component: catfish blog (version 2.0.33). Root cause details are not fully specified in the provided documents beyond the XSS note. Potential impact is cross-site scri...

CVE-2018-18736

An XSS issue was discovered in catfish blog 2.0.33, related to "write source code."...

Information Disclosure

Apache Spark is vulnerable to information disclosure. The convenience script build/mvn runs a zinc server which will accept connections from external hosts by default. This vulnerability affects developers when building Spark from source code. A specially crafted request to the zinc server will...

Eaton UPS 9PX 8000 SP Password Disclosure Vulnerability

The Eaton UPS 9PX 8000 SP is a power management device from Eaton USA. The Eaton UPS 9PX 8000 SP suffers from a password disclosure vulnerability that originates from a web page displayed by the device containing a clear-text password, which can be exploited to retrieve a user's password by...

CVE-2018-9279

An issue was discovered on Eaton UPS 9PX 8000 SP devices. The appliance discloses the user's password. The web page displayed by the appliance contains the password in cleartext. Passwords could be retrieved by browsing the source code of the webpage...

CVE-2018-9280

An issue was discovered on Eaton UPS 9PX 8000 SP devices. The appliance discloses the SNMP version 3 user's password. The web page displayed by the appliance contains the password in cleartext. Passwords of the read and write users could be retrieved by browsing the source code of the webpage...

CVE-2018-11804

Spark's Apache Maven-based build includes a convenience script, 'build/mvn', that downloads and runs a zinc server to speed up compilation. It has been included in release branches since 1.3.x, up to and including master. This server will accept connections from external hosts by default. A...

CVE-2018-11804

Spark's Apache Maven-based build includes a convenience script, 'build/mvn', that downloads and runs a zinc server to speed up compilation. It has been included in release branches since 1.3.x, up to and including master. This server will accept connections from external hosts by default. A...

jQuery File Upload

File upload vulnerability in jQuery File Upload server/php/index.php Vulnerability Type: File Upload For the exploit source code contact DSquare Security sales team...

GPlayed Trojan - .Net playing with Google Market

This blog post is authored by Vitor Ventura. Introduction In a world where everything is always connected, and mobile devices are involved in individuals' day-to-day lives more and more often, malicious actors are seeing increased opportunities to attack these devices. Cisco Talos has identified...

DNSDiag - DNS Diagnostics And Performance Measurement Tools

Ever been wondering if your ISP is hijacking your DNS traffic? Ever observed any misbehavior with your DNS responses? Ever been redirected to wrong address and suspected something is wrong with your DNS? Here we have a set of tools to perform basic audits on your DNS requests and responses to mak...

h1-5411-CTF: H1-5411 CTF Writeup

So, Hackerone posted a tweet about the Meme CTF Where barcode was in the tweet image by scanning it and decoding from hex I found this link : https://h1-5411.h1ctf.com/ where we can create/generate a memes and for generating the meme this was used form GitHub which i found in source code analysis...