CVE-2017-20193

The Product Vendors is vulnerable to Reflected Cross-Site Scripting via the 'vendordescription' parameter in versions up to, and including, 2.0.35 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in...

WordPress plugin Product Vendors 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on servers running PHP and MySQL. WordPress plugin is an application plugin. A cross-site scripting vulnerability...

openVIVA c2 20220101 Cross Site Scripting

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Stored Cross-Site Scripting product: mb Support broker management solution openVIVA c2 vulnerable version: 20220801 CVE number: CVE-2022-39172 impact: Medium homepage:...

i-doit 1.12 - qr.php Cross-Site Scripting

i-doit 1.12 - qr.php Cross-Site Scripting Exploit Title: i-doit 1.12 Cross Site Scripting on qr.php file Date: 28-03-2019 Software Link: https://www.i-doit.org/ Version: 1.12 Exploit Author: BlackFog Team Contact: [email protected] Website: https://securelayer7.net Category: webapps Tested on...

SwitchVPN For MacOS 2.1012.03 Privilege Escalation Exploit

Exploit for macOS platform in category local exploits ======================================================================= Title: Privilege Escalation Vulnerability Product: SwitchVPN for MacOS Vulnerable version: 2.1012.03 CVE ID: CVE-2018-18860 Impact: Critical Homepage: https://switchvpn.ne...

DokuWiki 2018-04-22a Greebo Arbitrary Code Execution

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: CSV Formula Injection product: DokuWiki vulnerable version: 2018-04-22a "Greebo" and older versions fixed version: None CVE number: CVE-2018-15474 impact: Medium homepage...

WolfCMS 0.8.3.1 - Cross Site Request Forgery / Open Redirection Vulnerabilities

Exploit for php platform in category web applications Exploit Title: WolfCMS 0.8.3.1 Cross Site Request Forgery Google Dork: N/A Date: 04-04-2018 Exploit Author: Sureshbabu Narvaneni Author Blog : http://nullnews.in Vendor Homepage: http://www.wolfcms.org Software Link:...

Navarino Infinity Blind SQL Injection / Session Fixation

There is also a blog post about that on: https://medium.com/@evstykas/pwning-ships-vsat-for-fun-and-profit-ba0fe9f42fb3 Vulnerability Security Advisory ======================================================================= title: Multiple vulnerabilities product: All Navarino infinity products...

KeystoneJS 4.0.0-beta.5 Unauthenticated Stored Cross Site Scripting

Exploit Title: KeystoneJS 4.0.0-beta.5 Unauthenticated Stored XSS Vendor Homepage: http://keystonejs.com/ Exploit Author: Ishaq Mohammed Contact: https://twitter.com/securityprince Website: https://about.me/security-prince Category: WEBAPPS Platform: Node.js CVE: CVE-2017-15878 Vendor Description...

KeystoneJS 4.0.0-beta.5 - Cross-Site Scripting

KeystoneJS 4.0.0-beta.5 - Cross-Site Scripting Exploit Title: KeystoneJS 4.0.0-beta.5 Unauthenticated Stored XSS Vendor Homepage: http://keystonejs.com/ Exploit Author: Ishaq Mohammed Contact: https://twitter.com/securityprince Website: https://about.me/security-prince Category: WEBAPPS Platform:...

Opoint Media Intelligence Open Redirect

Opoint Media Intelligence Unvalidated Redirects and Forwards URL Redirection Security Vulnerabilities Exploit Title: Opoint Media Intelligence click.php? &noblink parameter URL Redirection Security Vulnerabilities Vendor: Opoint Product: Opoint Media Intelligence Vulnerable Versions: Tested...

ActiTime 2.0-MA CSRF Vulnerability

No description provided by source. |------------------------------------------------------------------| | | | / / / / | | / / / / / / / \ / / / / \ | | / // // / / / / / // / / / / / // / // / / / / / / | | /// //,// // //,// // // | | | | http://www.corelan.be:8800 | |...

DIMIN Viewer 5.4.0 <= WriteAV Arbitrary Code Execution

!/usr/bin/perl DIMIN Viewer 5.4.0 = WriteAV Arbitrary Code Execution Author: Jean Pascal Pereira [email protected] Vendor URI: http://www.dimin.net Vendor Decription: View images in countless formats, and apply a variety of effects with this small, fast, and powerful application. Dimin Viewer...

DIMIN Viewer 5.4.0 - Crash (PoC)

!/usr/bin/perl DIMIN Viewer 5.4.0 Vendor URI: http://www.dimin.net Vendor Decription: View images in countless formats, and apply a variety of effects with this small, fast, and powerful application. Dimin Viewer incorporates unique visualization ideas, like Panoramic Photographs Tool and Big Ima...

Arctic Torrent 1.2.3 - Memory Corruption (Denial of Service)

!/usr/bin/perl Arctic Torrent 1.2.3 Vendor URI: http://int64.org/projects/arctic-torrent/ Vendor Description: A minimal BitTorrent client. It wont have all the pretty features that other torrent apps have, but focuses on low memory and cpu usage. Because it was written in C++, you dont get the hi...

Useresponse 1.0.2 - Privilege Escalation / Remote Code Execution

!/usr/bin/python -------------------- | abuseresponse.py | -------------------- Useresponse = 1.0.2 privilege escalation & remote code execution exploit vendor: USWebStyle http://www.uswebstyle.com/ software: http://www.useresponse.com/ vulns found by bcoles @bclose and mrme @netninja exploit by...

ActiTime 2.0-MA Cross Site Request Forgery

|------------------------------------------------------------------| | | | / / / / | | / / / / / / / \ / / / / \ | | / // // / / / / / // / / / / / // / // / / / / / / | | /// //,// // //,// // // | | | | http://www.corelan.be:8800 | | [email protected] | | |...

Secunia Research: TaskFreak "password" SQL Injection Vulnerability

====================================================================== Secunia Research 29/06/2010 - TaskFreak "password" SQL Injection Vulnerability - ====================================================================== Table of Contents Affected...

Turbo FTP Server 1.20.745 Directory Traversal

Date of Discovery: 17-Jun-2010 Credits: leinakesiatgmail.com Vendor: Turbo FTP Server Affected: Turbo FTP Server 1.20.745. Earlier versions may also be affected. Overview: 1.vendor description of software ------------------------------------------------ TurboFTP Server is a high performance,...

Secunia Research: IrfanView PSD Image Parsing Sign-Extension Vulnerability

====================================================================== Secunia Research 12/05/2010 - IrfanView PSD Image Parsing Sign-Extension Vulnerability - ====================================================================== Table of Contents Affected...