Acronis: [CVE-2021-44228] nps.acronis.com is vulnerable to the recent log4shell 0-day

Summary The website at nps.acronis.com is vulnerable to CVE-2021-44228 Steps To Reproduce I used this script to find this. It spins up an interact-sh server to receive the callback and send the payload in the query string and about 30 diffent headers. You can reproduce manually with curl and...

tnva.k12.com Cross Site Scripting vulnerability

Open Bug Bounty ID: OBB-1063469 Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website...

yo-movies.com XSS vulnerability

Open Bug Bounty ID: OBB-567077 Description| Value ---|--- Affected Website:| yo-movies.com Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Disclosure Standard:| Coordinated Disclosure based...

ibidi.com XSS vulnerability

Vulnerable URL: https://ibidi.com/search?controller=search=position=descquery=%27%22/%3E%3Cscript%3Ealert/OPENBUGBOUNTY/;%3C/script%3Esearch= Details: Description| Value ---|--- Patched:| Yes, at Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 489267 VIP website...

ballcharts.com XSS vulnerability

Vulnerable URL:...

apprece-cv.es XSS vulnerability

Vulnerable URL: http://www.apprece-cv.es/vernoticia.php?id=261%22%3E%3Csvg/onload=prompt%27OPENBUGBOUNTY%27%3E Details: Description| Value ---|--- Patched:| Yes, at 26.11.2017 Latest check for patch:| 26.11.2017 15:06 GMT Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa...

classifieds.greatfallstribune.com XSS vulnerability

Vulnerable URL: http://classifieds.greatfallstribune.com/category.php?ft=OPENBUGBOUNTY%22%3E%3Csvg%20onload=prompt%22OPENBUGBOUNTY%22%3E Details: Description| Value ---|--- Patched:| No Latest check for patch:| 28.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa...

free4kwallpapers.com XSS vulnerability

Vulnerable URL: https://free4kwallpapers.com/search?q=news1%3Cscript+src%3Dhttps%3A%2F%2Fopenbugbounty.org%2F1.js%3E Details: Description| Value ---|--- Patched:| Yes, at 28.07.2017 Latest check for patch:| 28.07.2017 11:17 GMT Vulnerability type:| XSS Vulnerability status:| Publicly disclosed...

finchfuneralchapels.com XSS vulnerability

Vulnerable URL: http://www.finchfuneralchapels.com/runtime.php?NavigatorId=%22%3E%3Csvg/onload=prompt%28/OPENBUGBOUNTY/%29%3E Details: Description| Value ---|--- Patched:| Yes, at Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 6488998 VIP website status:| No Check...

beachmodel.com XSS vulnerability

Vulnerable URL: http://www.beachmodel.com/freegalleries/sheerthongbikinis/index.php?ccbill=%22%3E%3Csvg/onload=prompt%28/XSSPOSED/%29%3E Details: Description| Value ---|--- Patched:| Yes, at 26.07.2017 Latest check for patch:| 26.07.2017 09:33 GMT Vulnerability type:| XSS Vulnerability status:|...

checkpagerank.net XSS vulnerability

Vulnerable URL: http://checkpagerank.net//index.php/xwx" Details: Description| Value ---|--- Patched:| Yes, at 23.11.2017 Latest check for patch:| 23.11.2017 09:01 GMT Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 6642 Google Pagerank| 5 VIP website status:| Yes...

mtn-investor.com XSS vulnerability

Vulnerable URL: http://www.mtn-investor.com/mtnar2012/reporttool.php?thisUrl="=xss Details: Description| Value ---|--- Patched:| Yes, at 01.09.2016 Latest check for patch:| 01.09.2016 15:35 GMT Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 1934407 Google Pagerank|...

roddyscheer.com XSS vulnerability

Vulnerable URL: http://roddyscheer.com/photosearchresult.php?txtkeyword=%27%22%3E%3Csvg/onload=prompt%28/XSSPOSED/%29%3E Details: Description| Value ---|--- Patched:| Yes, at 30.01.2016 Latest check for patch:| 30.01.2016 21:52 GMT Vulnerability type:| XSS Vulnerability status:| Publicly disclose...

boblog after the injection of COOKIE spoofing vulnerability-vulnerability warning-the black bar safety net

Published author: the mind Affected versions: boblog latest Official website: http://www.bo-blog.com// Vulnerability type: COOKIE spoofing Vulnerability description: Code index. php code if $go @list$job, $itemid=@explode'', basename$go; Originally injected into the statement for the index. php?...

Alguest 1.1c-Patched SQL Injection

www.eVuln.com advisory: "elimina" SQL Injection vulnerability in Alguest Summary: http://evuln.com/vulns/173/summary.html Details: http://evuln.com/vulns/173/description.html -----------Summary----------- eVuln ID: EV0173 Software: Alguest Vendor: n/a Version: 1.1c-patched Critical Level: medium...

PHP JOBWEBSITE PRO - forgot.php Cross-Site Scripting

PHP JOBWEBSITE PRO - forgot.php Cross-Site Scripting source: https://www.securityfocus.com/bid/32570/info PHP JOBWEBSITE PRO is prone to an SQL-injection vulnerability and multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these...

Bahar Download Script 2.0 - aspkat.asp SQL Injection

Bahar Download Script 2.0 - aspkat.asp SQL Injection source: https://www.securityfocus.com/bid/31852/info Bahar Download Script is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data. A successful exploit may allow an attacker to compromise the...

phpBazar 'adid' SQL注入漏洞

BUGTRAQ ID: 30773 CNCAN ID：CNCAN-2008082206 phpBazar是一款基于PHP的WEB应用程序。 phpBazar不正确过滤用户提交的输入，远程攻击者可以利用漏洞进行SQL注入攻击，获得敏感信息或操作数据库。 问题是脚本对用户提交的'adid'参数缺少过滤，提交恶意SQL查询作为参数数据，可更改原来的SQL逻辑，获得敏感信息或操作数据库。 SmartISoft phpBazar 2.0.2 目前没有解决方案提供： http://www.smartisoft.com/...

Unfixed XSS vulnerability at www.buffalo-shop.de

Security researcher Fabian Fingerle, has submitted on 15/02/2008 a cross-site-scripting XSS vulnerability affecting www.buffalo-shop.de, which at the time of submission ranked 107414 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 06/03/2008. I...

FAQ System 1.1 - index.php?category_id SQL Injection

FAQ System 1.1 - index.php?categoryid SQL Injection source: https://www.securityfocus.com/bid/15640/info FAQ System is prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query...