gps-server.net GPS Tracking Software < 3.1 - Multiple Vulnerabilities

Exploit Title: GPS-SERVER.NET SAAS CMS Unfortunately each and every POST request in the CMS is going through function mysqlrealescapestring which will add slashes behind every quote in the payload. So you have to make sure your payload doesn't contain any quote. Fortunately, PHP is flexible enoug...

aruodas.lt XSS vulnerability

Vulnerable URL: https://www.aruodas.lt/butai/?obj=1=Importancetext=%22%3E%3Cscript%3Ealert/OPENBUGBOUNTY/%3C/script%3E Details: Description| Value ---|--- Patched:| Yes, at Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 28686 VIP website status:| Yes Coordinated...

danceofstreet.lv XSS vulnerability

Vulnerable URL: http://www.danceofstreet.lv/price.php?id=8%22%3E%3Csvg%3E%3Cscript%3E/%3C@/%3Eprompt/OPENBUGBOUNTY/%3C/script%3E Details: Description| Value ---|--- Patched:| Yes, at Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 6824640 VIP website status:| No...

boursorama.com XSS vulnerability

Vulnerable URL: http://www.boursorama.com/bourse/opcvm/?%27%22/%3E%3E%3C/script%3E%3Cscript%3Ealert/OPENBUGBOUNTY/%3C/script%3E Details: Description| Value ---|--- Patched:| Yes, at 12.10.2017 Latest check for patch:| 12.10.2017 06:48 GMT Vulnerability type:| XSS Vulnerability status:| Publicly...

Equifax Says 145.5M Affected by Breach, Ex-CEO Testifies

Equifax, the credit agency behind this summer’s breach of 143 million Americans, said this week the number of victims implicated in the breach has increased. Paulino do Rego Barros, Jr., the company’s interim CEO, announced Monday that 2.5 million additional Americans were also impacted, bringing...

haerlem.nl XSS vulnerability

Vulnerable URL: http://www.haerlem.nl/index.php?id=92%22%3E%3Csvg/onload=prompt%27OPENBUGBOUNTY%27%3E Details: Description| Value ---|--- Patched:| Yes, at 26.11.2017 Latest check for patch:| 26.11.2017 14:50 GMT Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank|...

SUSE-SU-2017:0586-1 Security update for ImageMagick

This update for ImageMagick fixes the following issues: - CVE-2016-10046: Prevent buffer overflow in draw.c caused by an incorrect length calculation bsc1017308 - CVE-2016-10048: Arbitrary module could have been load because relative path were not escaped bsc1017310 - CVE-2016-10049: Corrupt RLE...

ilmeteo.it XSS vulnerability

Vulnerable URL: http://www.ilmeteo.it/foto/Ancona/id/6527450%22%20onmouseover%3dalert%28String.fromCharCode%2888,83,83,80,79,83,69,68%29%29%20rest%3d%22-reporter Details: Description| Value ---|--- Patched:| Yes, at Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 18...

capture-room.com vulnerability

Vulnerable URL: http://www.capture-room.com/link.cgi?http://xssposed.org Details: Description| Value ---|--- Patched:| Yes, at 26.01.2016 Latest check for patch:| 26.01.2016 03:42 GMT Vulnerability status:| Publicly disclosed Alexa Rank| 827772 Google Pagerank| 1 VIP website status:| No Check...

luc.edu XSS vulnerability

Vulnerable URL: http://www.luc.edu/search/peopleresults.cfm?page=1=libraryname=name=%22%3E%3Csvg/onload=prompt%28/XSSPOSED/%29%3E Details: Description| Value ---|--- Patched:| Yes, at 26.07.2017 Latest check for patch:| 26.07.2017 11:15 GMT Vulnerability type:| XSS Vulnerability status:| Publicly...

yorkcountychamber.com vulnerability

Vulnerable URL: http://www.yorkcountychamber.com/CWT/External/WCPages/WCDirectory/Directory.aspx?listingid=200=219B583X=uweb=https://www.xssposed.org/ Details: Description| Value ---|--- Patched:| Yes, at 21.12.2015 Latest check for patch:| 21.12.2015 16:07 GMT Vulnerability status:| Publicly...

Ad Fraud Malware Updating Flash on Infected PCs

Ad fraud malware is one of the more profitable specialties in the cybercrime world, and the attackers who use it often have to adapt their tactics in order to keep the money rolling in. One of the tactics that they have adopted in recent months is that of updating the version of Flash that’s...

Fedora 21 : php-5.6.4-2.fc21 (2014-17241)

18 Dec 2014, PHP 5.6.4\r\n\r\nCore:\r\n Fixed bug 68091 Some Zend headers lack appropriate extern 'C' blocks. Adam\r\n Fixed bug 68104 Segfault while pre-evaluating a disabled function. Laruence\r\n Fixed bug 68185 'Inconsistent insteadof definition.'- incorrectly triggered. Julien\r\n Fixed bug...

WordPress LeagueManager Plugin 3.8 - SQL Injection

No description provided by source. !/usr/bin/ruby Exploit Title: WordPress LeagueManager Plugin v3.8 SQL Injection Google Dork: inurl:/wp-content/plugins/leaguemanager/ Date: 13/03/13 Exploit Author: Joshua Reynolds Vendor Homepage: http://wordpress.org/extend/plugins/leaguemanager/ Software Link...

Microsoft Internet Explorer CVE-2013-3205 Memory Corruption Vulnerability

Description Microsoft Internet Explorer is prone to a memory-corruption vulnerability due to a use-after-free error. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Failed attacks will cause denial-of-service conditions. Microsoft Interne...

CentOS Update for nspr CESA-2013:1135 centos5

The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[ONSEC-09-017] Blogolet PHP including

ONSEC-09-017 Blogolet PHP including Цель: Blogolet CMS Тип: PHP инъекция Угроза: Высокая Дата обнаружения: 21.09.2009 Дата оповещения разработчика: 21.09.2009 Дата выхода исправления: 21.09.2009 Автор: Vladimir Vorontsov OnSec Russian Security Group onsec dot ru Описание: Уязвимость существует...

HP Software Update client 3.0.8.4 Multiple Remote Vulnerabilities

Exploit for unknown platform in category dos / poc ================================================================= HP Software Update client 3.0.8.4 Multiple Remote Vulnerabilities ================================================================= Advisory: ///////// There is another remotely...

Fedora Core 5 : kernel-2.6.16-1.2122_FC5 (2006-572)

This update rebases to the latest upstream -stable release 2.6.16.17, where a number of security problems have been fixed, notably : SCTP: Validate the parameter length in HB-ACK chunk CVE-2006-1857 SCTP: Respect the real chunk length when walking parameters CVE-2006-1858 fs/locks.c: Fix leaseini...

Mandrake Linux Security Advisory : kdelibs (MDKSA-2004:022)

Corsaire discovered that a number of HTTP user agents contained a flaw in how they handle cookies. This flaw could allow an attacker to avoid the path restrictions specified by a cookie's originator. According to their advisory : 'The cookie specifications detail a path argument that can be used ...