61 matches found
Mongo Web Admin 6.0 Information Disclosure
Exploit Title: Mongo Web Admin 6.0 - Information Disclosure Dork: N/A Date: 2018-11-04 Exploit Author: Ihsan Sencan Vendor Homepage: http://www.mongoadmin.org/ Software Link: https://netix.dl.sourceforge.net/project/mongo-web-admin/mongoDesktopAdminSetup-beta-6.exe Version: 6.0 Category: Webapps...
scrmetal.de Improper Access Control vulnerability
Open Bug Bounty ID: OBB-677673 Description| Value ---|--- Affected Website:| scrmetal.de Open Bug Bounty Program:| View Open Bug Bounty Program Vulnerable Application:| Custom Code Vulnerability Type:| IAC Improper Access Control / CWE-284 CVSSv3 Score:| 6.5...
mcqforall.co.in XSS vulnerability
Open Bug Bounty ID: OBB-558252 Description| Value ---|--- Affected Website:| mcqforall.co.in Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
teacher.buet.ac.bd XSS vulnerability
Vulnerable URL: http://teacher.buet.ac.bd/sid/test.php?type=info=json=prompt/OPENBUGBOUNTY/...
Pligg CMS 2.0.2 CSRF漏洞
创建一个新文件,然后写入一个web后门,拿到webshell. 我们可以用另外一个方法也是可以用来getshell,先利用第一个漏洞编辑站点目录index.php,接着我们编辑保存下。 然后运保存成功后,查看index.php,然后就生成了test.php文件...
crackfind.com XSS vulnerability
Vulnerable URL: http://www.crackfind.com/test.php Details: Description| Value ---|--- Patched:| No Latest check for patch:| 25.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 153081 Google Pagerank| 2 VIP website status:| No Check crackfind.com SSL...
MyConnection Server (MCS) 9.7i Cross Site Scripting Vulnerability
Exploit for php platform in category web applications Author: 1N3 Website: http://treadstonesecurity.blogspot.ca Vender Website: http://www.visualware.com/ Affected Product: MyConnection Server Affected Version: 9.7i others may also be vulnerable ABOUT: MyConnection Server MCS delivers a broad...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in test.php in Visualware MyConnection Server 9.7i allow remote attackers to inject arbitrary web script or HTML via the 1 testtype, 2 ver, 3 cm, 4 map, 5 lines, 6 pps, 7 bpp, 8 codec, 9 provtext, 10 provtextextra, 11 provlink, or 12 duration...
CVE-2014-5113
Multiple cross-site scripting XSS vulnerabilities in test.php in Visualware MyConnection Server 9.7i allow remote attackers to inject arbitrary web script or HTML via the 1 testtype, 2 ver, 3 cm, 4 map, 5 lines, 6 pps, 7 bpp, 8 codec, 9 provtext, 10 provtextextra, 11 provlink, or 12 duration...
CVE-2014-4597
Affected software: WordPress WP Social Invitations Plugin. Vulnerable component: test.php parameter handling (xhrurl) in versions before 1.4.4.3. Root cause: cross-site scripting (XSS) vulnerability allowing remote attackers to inject arbitrary script/HTML via the xhrurl parameter. Impact: potent...
CVE-2014-4551
Cross-site scripting XSS vulnerability in diagnostics/test.php in the Social Connect plugin 1.0.4 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the testing parameter...
OmniHTTPd 1.1/2.0.x/2.4 test.shtml Sample Application XSS
No description provided by source. source: http://www.securityfocus.com/bid/5568/info Cross site scripting vulnerabilities have been reported in multiple sample scripts including with OmniHTTPD. In particular, test.shtml and test.php contain errors. This type of vulnerability may be used to steal...
php weather 2.2.2 (lfi/xss) Multiple Vulnerabilities
No description provided by source. Lfi/xss script: phpweather-2.2.2 download from:http://downloads.sourceforge.net/phpweather/phpweather-2.2.2.zip?modtime=1087430400&bigmirror=0 vul: /test.php line 48: requirePHPWEATHERBASEDIR . /output/pwtext$language.php; xpl:...
JFFNMS 0.8.3 admin/adm/test.php PHP Information Disclosure
No description provided by source. source: http://www.securityfocus.com/bid/24414/info Just For Fun Network Management and Monitoring System JFFNMS is prone to multiple remote vulnerabilities, including a cross-site scripting issue, an SQL-injection issue, and multiple information-disclosure...
OmniHTTPd 1.1/2.0.x/2.4 test.php Sample Application XSS
No description provided by source. source: http://www.securityfocus.com/bid/5568/info Cross site scripting vulnerabilities have been reported in multiple sample scripts including with OmniHTTPD. In particular, test.shtml and test.php contain errors. This type of vulnerability may be used to steal...
WordPress ZdStatistics Plugin <= 2.0.1 - XSS
Because of this vulnerability in cal/test.php, the attackers can inject arbitrary web script or HTML via the "lang" parameter. Solution Update the plugin...
WordPress WP Social Invitations Plugin <= 1.4.4.2 - XSS
Because of this vulnerability in test.php, the attackers can inject arbitrary web script or HTML via the "xhrurl" parameter. Solution Update the plugin...
WordPress Appointment Scheduler Plugin <= 1.5 - XSS
Because of this vulnerability in js/test.php, the attackers can inject arbitrary web script or HTML via the lang parameter. Solution Update the plugin...
cmseasy xss+csrf getshell
简要描述: 第一次XSS处就给了你了。 详细说明: lib/tool/frontclass.php None 访问http://localhost/template/default/test.php 漏洞证明: 第一次XSS处就给了你了。...
TDXK OA /general/workflow/plugin/turn/test.php SQL注入漏洞
No description provided by source...