Tagstoo 2.0.1 - Stored XSS to Remote Command Execution Vulnerability

Exploit Title: Tagstoo 2.0.1 - Stored XSS to RCE Exploit Author: TaurusOmar CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Risk: High 8.8 Vendor Homepage: https://tagstoo.sourceforge.io/ Version: v2.0.1 Tested on: Windows, Linux, MacOs Software Description: Software to tag folders and files, with...

SOURCEFORGE LATRIX SQL Injection Vulnerability

SOURCEFORGE LATRIX is an open source application from the SOURCEFORGE organization. It provides presence and attendance records, attendance tracking, paperless leave requests with freely definable leave types, downtime, fire registration and extensive reporting options. LATRIX version 0.6.0 suffe...

OpenClinic GA web portal multiple SQL injection vulnerabilities in the 'getAssets.jsp' page

Summary Multiple exploitable SQL injection vulnerabilities exists in ‘getAssets.jsp’ page of OpenClinic GA 5.173.3. A specially crafted HTTP request can lead to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability. Tested Versions OpenClinic GA 5.173.3...

DMA Radius Manager 4.4.0 - Cross-Site Request Forgery (CSRF)

Exploit Title: DMA Radius Manager 4.4.0 - Cross-Site Request Forgery CSRF Date: April 8, 2021 04/08/2021 Exploit Author: Issac Briones Vendor Homepage: http://www.dmasoftlab.com/ Software Download: https://sourceforge.net/projects/radiusmanager/ Version: 4.4.0 CVE: CVE-2021-30147 input type="...

DMA Radius Manager 4.4.0 - Cross-Site Request Forgery Vulnerability

Exploit Title: DMA Radius Manager 4.4.0 - Cross-Site Request Forgery CSRF Exploit Author: Issac Briones Vendor Homepage: http://www.dmasoftlab.com/ Software Download: https://sourceforge.net/projects/radiusmanager/ Version: 4.4.0 CVE: CVE-2021-30147...

SOURCEFORGE 组织 SOURCEFORGE LATRIX SQL注入漏洞

SOURCEFORGE LATRIX is an open source application from the SOURCEFORGE organization. It provides presence and attendance records, attendance tracking, paperless leave requests with freely definable leave types, downtime, fire registration and extensive reporting options. LATRIX version 0.6.0 suffe...

SOURCEFORGE MagpieRSS 代码问题漏洞

SOURCEFORGE MagpieRSS is SOURCEFORGE open source an application . Used to parse RSS 1.0 and earlier versions of a simple , practical PHP interface . MagpieRSS 0.72 has a security vulnerability where the curl command in /extlib/Snoopy.class.inc is not validated...

CourseMS 2.1 - (name) Stored XSS Vulnerability

Exploit Title: CourseMS 2.1 - 'name' Stored XSS Exploit Author: cptsticky Vendor Homepage: http://sourceforge.net/projects/coursems Software Link: https://sourceforge.net/projects/coursems/files/latest/download Version: 2.1 Tested on: Ubuntu 20.04 POST /coursems/admin/addjobs.php HTTP/1.1 Host:...

SourceForge Kagemai Cross-Site Scripting Vulnerability

SourceForge Organization kagemai is an application of the Japanese open source SourceForge Organization . A Web-based bug tracking system BTS. Kagemai 0.8.6 suffers from a cross-site scripting vulnerability that could allow an attacker to execute arbitrary script in a user's web browser...

SourceForge Kagemai Cross-Site Scripting Vulnerability (CNVD-2021-24011)

SourceForge Organization kagemai is an application of the Japanese open source SourceForge Organization . A Web-based bug tracking system BTS. Kagemai 0.8.6 suffers from a cross-site scripting vulnerability that can be exploited by an attacker to execute arbitrary script in a user's web browser...

SourceForge Kagemai 跨站脚本漏洞

SourceForge Organization kagemai is an application of the Japanese open source SourceForge Organization . A Web-based bug tracking system BTS. Kagemai 0.8.6 suffers from a cross-site scripting vulnerability that could allow an attacker to execute arbitrary script in a user's web browser...

Kagemai 跨站脚本漏洞

SourceForge Organization kagemai is an application of the Japanese open source SourceForge Organization . A Web-based bug tracking system BTS. Kagemai 0.8.6 suffers from a cross-site scripting vulnerability that can be exploited by an attacker to execute arbitrary script in a user's web browser...

HFS (HTTP File Server) 2.3.x Remote Code Execution

Exploit Title: HFS HTTP File Server 2.3.x - Remote Command Execution 3 Google Dork: intext:"httpfileserver 2.3" Date: 20/02/2021 Exploit Author: Pergyz Vendor Homepage: http://www.rejetto.com/hfs/ Software Link: https://sourceforge.net/projects/hfs/ Version: 2.3.x Tested on: Microsoft Windows...

SOURCEFORGE Adminer Code Issue Vulnerability

SOURCEFORGE Adminer is an application from the American SOURCEFORGE community. It provides database management in a single PHP file. A code issue vulnerability exists in SOURCEFORGE Adminer that arises from improper design or implementation during code development of a web-based system or product...

PEEL Shopping 9.3.0 - 'address' Stored Cross-Site Scripting

Exploit Title: PEEL Shopping 9.3.0 - 'address' Stored Cross-Site Scripting Date: 2021-02-11 Exploit Author: Anmol K Sachan Vendor Homepage: https://www.peel.fr/ Software Link: https://sourceforge.net/projects/peel-shopping/ Software: : PEEL SHOPPING 9.3.0 Vulnerability Type: Stored Cross-site...

PEEL Shopping 9.3.0 Cross Site Scripting

Exploit Title: PEEL Shopping 9.3.0 - 'address' Stored Cross-Site Scripting Date: 2021-02-11 Exploit Author: Anmol K Sachan Vendor Homepage: https://www.peel.fr/ Software Link: https://sourceforge.net/projects/peel-shopping/ Software: : PEEL SHOPPING 9.3.0 Vulnerability Type: Stored Cross-site...

SOURCEFORGE Adminer Cross-Site Scripting Vulnerability

SOURCEFORGE Adminer is an application from the American SOURCEFORGE community. It provides database management in a single PHP file. A cross-site scripting vulnerability exists in Adminer, which stems from a lack of proper validation of client-side data by the web application. An attacker can...

Roundcube Webmail 1.2 - File Disclosure

Exploit Title: Roundcube Webmail 1.2 - File Disclosure Date: 09-11-2017 Exploit Author: stonepresto Vendor Homepage: https://roundcube.net/ Software Link: https://sourceforge.net/projects/roundcubemail/files/roundcubemail-beta/1.2-beta/ Version: 1.1.0 - 1.1.9, 1.2.0 - 1.2.6, 1.3.0 - 1.3.2 Tested...

Sourceforge PhpGACL Input Validation Error Vulnerability

Sourceforge PhpGACL is a pluggable platform based on Php, Mysql used to provide access control for platforms organized by Sourceforge. An input validation error vulnerability exists in phpGACL 3.3.7, which stems from an OPEN redirection vulnerability in the return page redirection feature. An...

Sourceforge PhpGACL Cross-Site Scripting Vulnerability

Sourceforge PhpGACL is a pluggable Php, Mysql based platform used to provide access control for platforms organized by Sourceforge. A cross-site scripting vulnerability exists in phpGACL 3.3.7, which stems from a specially designed HTTP request that could lead to arbitrary JavaScript execution...