pentest-scripts

Pentest Scripts - Unified Security Testing Framework 🎯 Qui...

EUVD-2025-12104

Malicious code in bioql PyPI...

EUVD-2024-21979

Malicious code in bioql PyPI...

EUVD-2024-19764

Malicious code in bioql PyPI...

CVE-2025-10136

CVE-2025-10136 concerns the WordPress plugin TweetThis Shortcode. The TweetThis Shortcode plugin is vulnerable to Stored Cross-Site Scripting via its tweetthis shortcode in all versions up to and including 1.8.0 due to insufficient input sanitization and output escaping on user-supplied attribute...

CVE-2025-48127 WordPress Push notification for Mobile and Web app plugin <= 2.0.3 - Broken Access Control vulnerability

Missing Authorization vulnerability in App Cheap Push notification for Mobile and Web app push-notification-mobile-and-web-app allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Push notification for Mobile and Web app: from n/a through = 2.0.3...

MAL-2023-8035 Malicious code in some_crucial_web_app_new (npm)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx ccdfaaee4aea58e70c939bbfb4ebf1b0e2bf0cd4ce9918422a25e37c7ac59071 Malicious packages campaign since 2021 targeting developers, steals source code and secrets...

CVE-2023-33524

Advent/SSC Inc. Tamale RMS 23.1 is vulnerable to Directory Traversal. If one traverses to the affected URL, one enumerates Contact information on the host which contains usernames, e-mail addresses, and other internal information stored within the web app...

PT-2022-21677 · Unknown · Zoo Management System

Name of the Vulnerable Software and Affected Versions: Zoo Management System version 1.0 Description: A stored cross-site scripting XSS issue in the Add Classification function allows attackers to execute arbitrary web scripts or HTML via unspecified vectors. This could potentially lead to the...

Server side template injection — SSTI vulnerability ⚠️

Server side template injection — SSTI vulnerability ⚠️ Introduction There is hardly any software development or other linked elements that haven’t fallen into the trap of cyber vulnerabilities. Templates, used for HTML code management on the server-side, are amongst them. The attack targeting the...

CVE-nu11-100421

The search parameter appears to be vulnerable to time-based blind SQL injection attacks, on the web app “Local Offices Contact Directories Site” by oretnom23. The malicious attacker can execute a malicious payload and he can dump hashes authentication credentials. Then the attacker can to take...

Securing Your Web App, One Robot at a Time

Modern web apps are two things: complex, and under persistent attack. Any publicly accessible web application can receive up to tens of thousands of attacks a month. While that sounds like a reason to immediately pull the plug and find a safe space to hide, these are likely spread across the...

How to Be Resilient to Data Theft

Page Integrity Manager is now PCI compliant -- a strong starting point to harden your web applications...

CVE-2018-1000812

The CVE-2018-1000812 entry concerns Artica Integria IMS (versions around 5.0 MR56 Package 58 and likely earlier) with a CWE-640 Weak Password Recovery Mechanism in the Password recovery process. The vulnerability in general/password_recovery.php (line 45) can allow takeover of IntegriaIMS web app...

Countdown to GDPR: For GDPR Compliance, Web App Security Is a Must

With web and mobile apps becoming a preferred vector for data breaches, organizations must include application security in their plans for complying with the EU's General Data Protection Regulation GDPR. First discussed in the 1990s and turned into law in 2016, GDPR goes into effect in May of thi...

Lessons from the Equifax Breach

When we see a car wreck it’s very easy to slow down and gawk. The first thing we think is “Wow, that’s awful,” quickly followed by “Whew… glad that wasn’t me,” and then we drive on. Most of us don’t spend time thinking about how the wreck happened -- we were just glad it wasn’t us. A similar...

Description of the security update for SharePoint Server 2010 Excel Web App: April 11, 2017

Description of the security update for SharePoint Server 2010 Excel Web App: April 11, 2017 Summary This security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file. To learn more about these vulnerabilities,...

Traffic CMS 1.4.x Local File Inclusion Vulnerability

Traffic CMS version 1.4.x suffers from a local file inclusion vulnerability. Traffic CMS v1.4.x = Local File Inclusion Vulnerability My + Author : KnocKout Contact : email protected HomePage : http://milw00rm.com - http://h4x0resec.blogspot.com Þeker Insanlar : ZoRLu, milw00rm.com , Septemb0x ,...

Acunetix v10 - Web Application Security Testing Tool

Acunetix, the pioneer in automated web application security software, has announced the release of version 10 of its Vulnerability Scanner. New features are designed to prevent the risk of hacking for all customers; from small businesses up to large enterprises, including WordPress users, web...

CVE-2015-0343

Cross-site scripting XSS vulnerability in admin/home/homepage/search in the web app in Adobe Connect before 9.4 allows remote attackers to inject arbitrary web script or HTML via the query parameter...