6 matches found
CVE-2021-21660
Jenkins Markdown Formatter Plugin 0.1.0 and earlier does not sanitize crafted link target URLs, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with the ability to edit any description rendered using the configured markup formatter...
Exploit for Insertion of Sensitive Information into Log File in Paloaltonetworks Expedition
CVE-2024-9466 CVE-2024-9466 Proof of Concept PoC Descrip...
chromium-browser: Validation issue in debugger
The DebuggerFunction::InitAgentHost function in browser/extensions/api/debugger/debuggerapi.cc in Google Chrome before 41.0.2272.76 does not properly restrict what URLs are available as debugger targets, which allows remote attackers to bypass intended access restrictions via a crafted extension...
Fabran CMS SQL Injection
Exploit Title : Fabran CMS SQL Injection Vulnerability Author : Secure-Land Security Team Discovered By : farbodmahini Home : Secure-Land.net Vendor : www.Fabran.com Contact : [email protected] , [email protected] Security Risk : High DorK : inurl:index.asp "Powered by Fabran.com" Expl0i...
PHPNews 1.3.0 XSS
PHP Script: PHPNews 1.3.0 Class: XSS Website: http://newsphp.sourceforge.net Found by: Detefix dork: inurl:phpnews ----- - Vulnerable Code: ?php printEOT a href="$url?action=fullnewsshowcomments=1id=$id"$subject/a by $username on $timebr / ----- - Exploits:...
uPhotoGallery (v 1.1) SQL Injection
Aria-Security Team Advisory www.Aria-security.Com For English www.Aria-Security.net For Persian ----------------------------------------------------------- Software: uPhotoGallery 1.1 Method: SQL injection PoC: http://target/slideshow.asp?imgid=290&ci=SQL Injection...