Lucene search
K

12 matches found

Hacker One
Hacker One
added 2020/12/12 5:1 p.m.143 views

Automattic: GET /api/v2/url_info endpoint is vulnerable to Blind SSRF

Summary: GET /api/v2/urlinfo endpoint is vulnerable to Blind SSRF. I am able to hit both Internal and External services via url parameter by replacing with internal and external url. Platforms Affected: https://www.tumblr.com/ Steps To Reproduce: 1. Login to https://www.tumblr.com/ 2. Follow any...

0.8AI score
Exploits0
Check Point Advisories
Check Point Advisories
added 2018/02/13 12:0 a.m.3 views

Adobe Acrobat and Reader Security bypass (APSB18-02: CVE-2018-4872)

This vulnerability is a security bypass vulnerability that leads to the Acrobat Reader sandbox escape. In this case, the cross call from the sandbox process to the embedded Internet Explorer process allows opening of a URL without a prompt for certain URLs. Due to the vulnerability, it is possibl...

10CVSS1.8AI score0.11735EPSS
Exploits0
Packet Storm
Packet Storm
added 2018/02/13 12:0 a.m.37 views

TypeSetter CMS 5.1 Host Header Injection

Exploit Title: TypeSetter CMS 5.1 Host Header Injection Date: 10-02-2018 Exploit Author: Navina Asrani Contact: https://twitter.com/NavinaSanjay Website: https://securitywarrior9.blogspot.in/ Vendor Homepage: https://www.typesettercms.com/ Version: 5.1 CVE : NA Category: Webapp CMS 1. Description...

8.7AI score0.06818EPSS
Exploits3
Hacker One
Hacker One
added 2016/07/22 7:20 a.m.18 views

Uber: Text Only Content Spoofing on ubermovement.com Community Page

Text Only Content Spoofing on ubermovement.com Community Page Vulnerable URL: http://ubermovement.com/community?tag=%20Stories%20have%20false%20information.%20Visit%20http://attacker.com%20for%20real%20stories. Content Spoofing is an attack technique that allows an attacker to inject a malicious...

0.3AI score
Exploits0
Hacker One
Hacker One
added 2016/07/11 11:57 a.m.33 views

OLX: Cross Site Scripting -> Reflected XSS

Steps:- 1. Go to http://www.olx.ba/pretraga?trazilica="PAYLOAD" 2.Payload :- "onmousemove=alert"XSSBYJASHWANTH" " 3. You will get Pop up 4. If the script should be trusted or not, it will execute the script in the user context allowing the attacker to access any cookies or session tokens retained...

0.3AI score
Exploits0
Packet Storm
Packet Storm
added 2016/07/11 12:0 a.m.25 views

LearnVest Cross Site Scripting

Exploit Title: LearnVest Web Application - Stored Cross-Site Scripting XSS Date: 07/04/16 Exploit Author: Omkar Joshi Vendor Homepage: https://www.learnvest.com Version: Latest Contacted Vendor Date: 07/04/16 Affected URL:- https://www.learnvest.com/mylv/money//settings/account My Profile Attack...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2016/03/29 12:0 a.m.43 views

Manage Engine Desktop Central 9.1.0 Build 91099 XSS

Overview----------------------------------------------------------------------------------------------------------------------------- Vendor: Manage Engine Vulnerable Product: Desktop Central v.9.1.0 Build 91099 Vulnerability Type : Reflected Cross Site Scripting Vulnerability Vulnerable Version ...

7.4AI score
Exploits0
0day.today
0day.today
added 2015/11/20 12:0 a.m.26 views

Netwin SurgeFTP Sever 23d6 - Stored Cross Site Scripting Vulnerabilities

Exploit for windows platform in category web applications Exploit Netwin SurgeFTP Sever Stored Cross Site Scripting Vulnerabilities Date: 11/18/2015 Exploit Author: UnN0n Vendor: NetWin Software Link: http://netwinsite.com/cgi-bin/keycgi.exe?cmd=download&product=surgeftp Version: 23d6 Tested on:...

7.1AI score
Exploits0
exploitpack
exploitpack
added 2015/11/19 12:0 a.m.13 views

Netwin SurgeFTP Sever 23d6 - Persistent Cross-Site Scripting

Netwin SurgeFTP Sever 23d6 - Persistent Cross-Site Scripting Exploit Netwin SurgeFTP Sever Stored Cross Site Scripting Vulnerabilities Date: 11/18/2015 Exploit Author: UnN0n Vendor: NetWin Software Link: http://netwinsite.com/cgi-bin/keycgi.exe?cmd=download&product=surgeftp Version: 23d6 Tested o...

6.8AI score
Exploits0
Exploit DB
Exploit DB
added 2015/11/19 12:0 a.m.21 views

Netwin SurgeFTP Sever 23d6 - Persistent Cross-Site Scripting

Exploit Netwin SurgeFTP Sever Stored Cross Site Scripting Vulnerabilities Date: 11/18/2015 Exploit Author: UnN0n Vendor: NetWin Software Link: http://netwinsite.com/cgi-bin/keycgi.exe?cmd=download&product=surgeftp Version: 23d6 Tested on: Windows 7 x6464bit Info Surgeftp web-interface suffers wit...

7.4AI score
Exploits0
exploitpack
exploitpack
added 2010/09/05 12:0 a.m.24 views

ChillyCMS 1.1.3 - Multiple Vulnerabilities

ChillyCMS 1.1.3 - Multiple Vulnerabilities www.BugReport.ir AmnPardaz Security Research Team Title: chillyCMS Multiple Vulnerabilities Vendor: http://frozenpepper.de/ Vulnerable Version: 1.1.3 Latest version till now Exploitation: Remote with browser Fix: N/A - Description: chillyCMS is a Content...

0.4AI score
Exploits0
securityvulns
securityvulns
added 2006/02/03 12:0 a.m.51 views

SoftMaker Shop is vulnerable to XSS

Inputs in the SoftMaker Shop is not properly sanitized, and XSS is possible in a lot of the systems input fields and url parameters. Some fields have been filtered in a basic form, so that simple scripting like "scriptalert'XSS'/script" is not possible. However, since the filtering is not based o...

0.3AI score
Exploits0
Rows per page
Query Builder