CVE-2025-53891

The timelineofficial/Time-Line- repository contains the source code for the TIME LINE website. A vulnerability was found in the TIME LINE website where uploaded files instruction/message media are not strictly validated for type and size. A user may upload renamed or oversized files that can...

CVE-2025-53891 TIME LINE has Improper File Validation in Upload Section

The timelineofficial/Time-Line- repository contains the source code for the TIME LINE website. A vulnerability was found in the TIME LINE website where uploaded files instruction/message media are not strictly validated for type and size. A user may upload renamed or oversized files that can...

CVE-2025-53891 TIME LINE has Improper File Validation in Upload Section

The timelineofficial/Time-Line- repository contains the source code for the TIME LINE website. A vulnerability was found in the TIME LINE website where uploaded files instruction/message media are not strictly validated for type and size. A user may upload renamed or oversized files that can...

PT-2025-29531 · Unknown · Time-Line-

Name of the Vulnerable Software and Affected Versions: TIME LINE versions prior to 1.0.5 Description: The TIME LINE website has a flaw where uploaded files instruction/message media lack strict validation for type and size. This allows a user to upload renamed or oversized files, potentially...

Time Line 代码问题漏洞

Time Line is a timeline application from the Time Line Official individual developer. A code issue vulnerability exists in Time Line that stems from insufficient file upload validation, which could result in a malicious file upload or denial of service...

Vehicle Sales Management System - Multiple Vulnerabilities

Exploit Title: VSMS Multiple Vulnerabilities Google Dork: N/A Date: 16-3-2018 Exploit Author: Sing Vendor Homepage: https://sourceforge.net/projects/vsms-php/?source=typredirect Software Link: https://sourceforge.net/projects/vsms-php/?source=typredirect Version: 07/2017 possible v1.2 Tested on:...

Microsoft Edge - CMarkup::Ensure­Delete­CFState Use-After-Free (MS15-125)

Microsoft Edge - CMarkup::Ensure­Delete­CFState Use-After-Free MS15-125 Source: http://blog.skylined.nl/20161201001.html Synopsis A specially crafted web-page can trigger a memory corruption vulnerability in Microsoft Edge. I did not investigate this vulnerability thoroughly, so I cannot speculat...

CS-Cart 4.3.10 - XML External Entity Injection Vulnerability

Exploit for php platform in category web applications Software : CS-Cart Ahmed sultan 0x4148 "; echo rawurlencodebase64encode$xml; ? change YOURHOST to your server address , use the output in the following POST request Action - HOST/cs-cart/index.php?dispatch=twigmo.post Data -...

WordPress Plugin Ultimate Membership Pro 3.3 - SQL Injection

Vendor Homepage: http://wpindeed.com/ Software Link: http://codecanyon.net/item/ultimate-membership-pro-wordpress-plugin/12159253 Version: 3.3 Tested on: Debian 8, PHP 5.6.17-3 Type: Unauthenticated Blind SQLi, Unauthenticated Payment Bypass Time line: Found 07-Jun-2016, Vendor notified...

WordPress Ultimate Membership Pro 3.3 Plugin - SQL Injection

Exploit for php platform in category web applications Vendor Homepage: http://wpindeed.com/ Software Link: http://codecanyon.net/item/ultimate-membership-pro-wordpress-plugin/12159253 Version: 3.3 Tested on: Debian 8, PHP 5.6.17-3 Type: Unauthenticated Blind SQLi, Unauthenticated Payment Bypass...

harwintonsports.com Open Redirect vulnerability

Vulnerable URL: http://harwintonsports.com/Goto.asp?URL=https://www.xssposed.org/=19303 Details: Description| Value ---|--- Patched:| No Latest check for patch:| 26.07.2017 Vulnerability type:| Open Redirect Vulnerability status:| Publicly disclosed Alexa Rank| Unknown / Not calculated Google...

Wordpress CP Image Store with Slideshow Plugin 1.0.5 Arbitrary File Download Vulnerability

Exploit for php platform in category web applications Exploit Title: WordPress CP Image Store with Slideshow 1.0.5 Arbitrary file download vulnerability Date: 2015-07-10 Google Dork: Exploit Author: Joaquin Ramirez Martinez i0akiN SEC-LABORATORY Vendor Homepage: http://wordpress.dwbooster.com/...

Elastix 2.x - Blind SQL Injection

Elastix 2.x - Blind SQL Injection Title: Elastix v2.x Blind SQL Injection Vulnerability Author: Ahmed Aboul-Ela Twitter: https://twitter.com/aboul3la Vendor : http://www.elastix.org Version: v2.5.0 and prior versions should be affected too - Vulnerable Source Code snippet in...

Elastix 2.5.0 SQL Injection

Title: Elastix v2.x Blind SQL Injection Vulnerability Author: Ahmed Aboul-Ela Twitter: https://twitter.com/aboul3la Vendor : http://www.elastix.org Version: v2.5.0 and prior versions should be affected too - Vulnerable Source Code snippet in "a2billing/customer/iridiumthreed.php": SQLExec...

WordPress Plugin cp-multi-view-calendar 1.1.4 - SQL Injection

WordPress Plugin cp-multi-view-calendar 1.1.4 - SQL Injection Exploit Title: WordPress: cp-multi-view-calendar.1.1.4 SQL Injection vulnerabilities Date: 2015-02-28 Google Dork: Index of /wordpress/wp-content/plugins/cp-multi-view-calendar Exploit Author: Joaquin Ramirez Martinez i0akiN...

OpenSupports 2.x - Auth Bypass/CSRF Vulnerabilities

No description provided by source. + Author: TUNISIAN CYBER + Exploit Title: OpenSupports v2.x AuthBypass/CSRF Vulnerabilities + Date: 15-03-2014 + Category: WebApp + Version: 2.x + Tested on: KaliLinux/Windows 7 Pro + CWE: CWE-302/CWE-89 + Vendor: http://www.opensupports.com/ + Friendly Sites:...

LuxCal 3.2.2 - Multiple Vulnerabilities (CSRF/Blind SQL Injection)

No description provided by source. + Author: TUNISIAN CYBER + Exploit Title: LuxCal v3.2.2 CSRF/Blind SQL Injection Vulnerabilities + Date: 09-03-2014 + Category: WebApp + Tested on: KaliLinux/Windows 7 Pro + CWE: CWE-352/CWE-89 + Vendor: http://www.luxsoft.eu/ + Friendly Sites:...

Comtrend CT 5361T Password Disclosure

Author: TUNISIAN CYBER + Exploit Title: Comtrend CT 5361T Password Disclosure Vulnerability + Date: 07-04-2014 + Category: WebApp + Tested on: Windows 7 Pro + Vendor: http://www.comtrend.com/ + Product:...

osCmax 2.5.x Cross Site Request Forgery

Author: TUNISIAN CYBER + Exploit Title: osCmax 2.5.X Cross-Site Request Forgery Add Admin Vulnerability + Date: 15-03-2014 + Category: WebApp + Version: 2.5.X + Tested on: KaliLinux/Windows 7 Pro + CWE: CWE-302 + Vendor: http://www.oscmax.com/ + Friendly Sites: na3il.com,th3-creative.com +...

OpenSupports 2.x - Authentication Bypass Cross-Site Request Forgery

OpenSupports 2.x - Authentication Bypass Cross-Site Request Forgery + Author: TUNISIAN CYBER + Exploit Title: OpenSupports v2.x AuthBypass/CSRF Vulnerabilities + Date: 15-03-2014 + Category: WebApp + Version: 2.x + Tested on: KaliLinux/Windows 7 Pro + CWE: CWE-302/CWE-89 + Vendor:...