47473 matches found
GHSA-8PJX-JJ86-J47P Grafana path traversal
Today we are releasing Grafana 8.3.1, 8.2.7, 8.1.8, 8.0.7. This patch release includes a high severity security fix that affects Grafana versions from v8.0.0-beta1 through v8.3.0. Release v8.3.1, only containing a security fix: - Download Grafana 8.3.1 - Release notes Release v8.2.7, only...
CVE-2023-48484
Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting DOM-based XSS vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the...
CVE-2023-48486
Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting DOM-based XSS vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the...
CVE-2023-48482
Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting DOM-based XSS vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the...
CVE-2023-28017
HCL Connections is vulnerable to a cross-site scripting attack where an attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user after visiting the vulnerable URL which leads to executing malicious script code. This may let the attacker steal...
mooSocial 3.1.8 - Reflected XSS
Exploit Title: mooSocial 3.1.8 - Reflected XSS Exploit Author: CraCkEr Date: 28/07/2023 Vendor: mooSocial Vendor Homepage: https://moosocial.com/ Software Link: https://travel.moosocial.com/ Version: 3.1.8 Tested on: Windows 10 Pro Impact: Manipulate the content of the site CVE: CVE-2023-4173...
mooSocial 3.1.8 Cross Site Scripting
Exploit Title: mooSocial 3.1.8 - Reflected XSS Exploit Author: CraCkEr Date: 28/07/2023 Vendor: mooSocial Vendor Homepage: https://moosocial.com/ Software Link: https://travel.moosocial.com/ Tested on: Windows 10 Pro Impact: Manipulate the content of the site CVE: CVE-2023-4173 Greetings...
PHPJabbers Shuttle Booking Software 1.0 - Reflected XSS
Exploit Title: PHPJabbers Shuttle Booking Software 1.0 - Reflected XSS Exploit Author: CraCkEr Date: 20/07/2023 Vendor: PHPJabbers Vendor Homepage: https://www.phpjabbers.com/ Software Link: https://www.phpjabbers.com/shuttle-booking-software/ Version: 1.0 Tested on: Windows 10 Pro Impact:...
PHPJabbers Shuttle Booking Software 1.0 Cross Site Scripting
Exploit Title: PHPJabbers Shuttle Booking Software 1.0 - Reflected XSS Exploit Author: CraCkEr Date: 20/07/2023 Vendor: PHPJabbers Vendor Homepage: https://www.phpjabbers.com/ Software Link: https://www.phpjabbers.com/shuttle-booking-software/ Tested on: Windows 10 Pro Impact: Manipulate the...
Insurance 1.2 Cross Site Scripting
Exploit Title: Insurance 1.2 - Reflected XSS Exploit Author: CraCkEr Date: 16/07/2023 Vendor: phpscriptpoint Vendor Homepage: https://phpscriptpoint.com/ Software Link: https://demo.phpscriptpoint.com/insurance/ Tested on: Windows 10 Pro Impact: Manipulate the content of the site Description The...
Groomify 1.0 SQL Injection
Exploit Title: Groomify v1.0 - SQL Injection Date: 2023-06-17 Exploit Author: Ahmet Ümit BAYRAM Vendor: https://codecanyon.net/item/groomify-barbershop-salon-spa-booking-and-ecommerce-platform/45808114 Demo Site: https://script.bugfinder.net/groomify Tested on: Kali Linux CVE: N/A Vulnerable URL...
Groomify v1.0 - SQL Injection
Exploit Title: Groomify v1.0 - SQL Injection Date: 2023-06-17 Exploit Author: Ahmet Ümit BAYRAM Vendor: https://codecanyon.net/item/groomify-barbershop-salon-spa-booking-and-ecommerce-platform/45808114 Demo Site: https://script.bugfinder.net/groomify Tested on: Kali Linux CVE: N/A Vulnerable URL...
CVE-2023-29322
Adobe Experience Manager versions 6.5.16.0 and earlier is affected by a reflected Cross-Site Scripting XSS vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the...
Music Gallery Site v1.0 - SQL Injection Vulnerability (3)
Exploit Title: Music Gallery Site v1.0 - SQL Injection on page Master.php Exploit Author: Muhammad Navaid Zafar Ansari CVE Assigned: CVE-2023-0962 mitre.org nvd.nist.org Vendor Homepage: https://www.sourcecodester.com Software Link: Music Gallery Site Version: v 1.0 Tested on: Windows 11 SQL...
Music Gallery Site v1.0 - SQL Injection on page Master.php
Exploit Title: Music Gallery Site v1.0 - SQL Injection on page Master.php Exploit Author: Muhammad Navaid Zafar Ansari Date: 21 February 2023 CVE Assigned: CVE-2023-0962 mitre.org nvd.nist.org Vendor Homepage: https://www.sourcecodester.com Software Link: Music Gallery Site Version: v 1.0 Tested...
Remote code execution
Array Networks Array AG Series and vxAG 9.4.0.481 and earlier allow remote code execution. An attacker can browse the filesystem on the SSL VPN gateway using a flags attribute in an HTTP header without authentication. The product could then be exploited through a vulnerable URL. The 2023-03-09...
U.S. Dept Of Defense: DoS at █████(CVE-2018-6389)
A vulnerability in WordPress allowed unauthenticated attackers to launch a denial of service attack by listing a large number of registered .js files from wp-includes/script-loader.php. The vulnerability was assigned CVE-2018-6389. Attackers could use this function to deplete server resources and...
Brave Software: S3 Bucket Takeover "brave-browser-rpm-staging-release-test"
An unclaimed S3 bucket was found on the domain hosting services of brave.com, which could have been taken over by an attacker to spread malware using the keyrings of the brave browser. The bucket was used to get keyrings of the browser in Linux distros, and it was pointing towards an unclaimed S3...
CVE-2022-42345
Adobe Experience Manager version 6.5.14 and earlier is affected by a reflected Cross-Site Scripting XSS vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the...
XVIDEOS: Self-XSS on Suggest Tag dialog box
Summary: Stored cross-site scripting arises when an application receives data from an untrusted source and includes that data within its later HTTP responses in an unsafe way. vulnerable URL : https://www.xvideos.com/video57921571/friendb.ifd. Vulnerability Description : Application have a add ta...