CVE-2019-11594

In AdBlock before 3.45.0, the $rewrite filter option allows filter-list maintainers to run arbitrary code in a client-side session when a web service loads a script for execution using XMLHttpRequest or Fetch, and the script origin has an open redirect...

CVE-2019-11593

In Adblock Plus before 3.5.2, the $rewrite filter option allows filter-list maintainers to run arbitrary code in a client-side session when a web service loads a script for execution using XMLHttpRequest or Fetch, and the script origin has an open redirect...

CVE-2019-11593

CVE-2019-11593 affects Adblock Plus prior to 3.5.2. The vulnerability arises from the $rewrite filter option , which can let filter-list maintainers execute arbitrary code in a client-side session when a service loads a script via XMLHttpRequest or Fetch if the script origin has an open redirect....

Embed Video Scripts - Persistent Cross-Site Scripting

Exploit Title: Embed Video Scripts - Cross-site Script stored Google Dork: N/A Date: 1 Jan 2019 Exploit Author: Deyaa Muhammad Author EMail: contact at deyaa.me Author Blog: http://deyaa.me POC Video: https://youtu.be/2CFJLwkxpT8 Vendor Homepage: https://codeawesome.in/embed/ Software Link:...

Leica Geosystems GR10/GR25/GR30/GR50 GNSS 4.30.063 - JS/HTML Code Injection

function submitRequest...

Huawei E5330 21.210.09.00.158 Cross Site Request Forgery

Exploit Title: Huawei E5330 Cross-Site Request Forgery Send SMS Date: 01/07/2019 Exploit Author: Nathu Nandwani Website: http://nandtech.co/ Vendor Homepage: https://consumer.huawei.com/in/mobile-broadband/e5330/ Version: 21.210.09.00.158 Tested on: Windows 10 x64 CVE: CVE-2014-5395 Note: The...

Information disclosure

The Stripe API v1 allows remote attackers to bypass intended access restrictions by replaying api.stripe.com /v1/tokens XMLHttpRequest data, parsing the response under the object card, and reading the cvccheck information if the creation is successful without charging the actual card used in the...

CVE-2018-19249

The Stripe API v1 allows remote attackers to bypass intended access restrictions by replaying api.stripe.com /v1/tokens XMLHttpRequest data, parsing the response under the object card, and reading the cvccheck information if the creation is successful without charging the actual card used in the...

CVE-2018-19249

The Stripe API v1 allows remote attackers to bypass intended access restrictions by replaying api.stripe.com /v1/tokens XMLHttpRequest data, parsing the response under the object card, and reading the cvccheck information if the creation is successful without charging the actual card used in the...

CVE-2018-19249

The CVE-2018-19249 entry concerns Stripe API v1, where remote attackers could bypass access restrictions by replaying XMLHttpRequest data to /v1/tokens. The vulnerability involves parsing the response under the card object and reading cvc_check information when a token is created without charging...

Voyager 1.1.3 Shell Upload

Exploit Title: Voyager 1.1.3 - Arbitrary File Upload Google Dork: N/A Date: 1 Jan 2019 Exploit Author: Deyaa Muhammad Author EMail: contact at deyaa.me Author Blog: http://deyaa.me Poc Video: https://youtu.be/5GnHbFqRP9M Vendor Homepage: https://laravelvoyager.com/ Software Link:...

bludit Pages Editor 3.0.0 - Arbitrary File Upload

Exploit Title: bludit Pages Editor 3.0.0 - Arbitrary File Upload Date: 2018-10-02 Google Dork: N/A Exploit Author: BouSalman Vendor Homepage: https://www.bludit.com/ Software Link: N/A Version: 3.0.0 Tested on: Ubuntu 18.04 CVE : 2018-1000811 POST /admin/ajax/upload-files HTTP/1.1 Host:...

Sessions never expire due to continuous XHR

Summary Sessions in Bamboo are supposed to have a default inactivity timeout of 30 minutes see https://confluence.atlassian.com/bamkb/how-to-change-bamboo-user-session-timeout-848977292.html, however regardless of which timeout period is set, sessions never time out if a user doesn't close their...

Library CMS 2.1.1 - Cross-Site Scripting Vulnerability

Exploit for php platform in category web applications Exploit Title: Library CMS 2.1.1 - Cross-Site Scripting Exploit Author: Ismail Tasdelen Vendor Homepage: https://kaasoft.pro/ Software Link : https://library.kaasoft.pro/ Software : Library CMS - Powerful Book Management System Version : v 2.1...

CAMALEON CMS 2.4 Cross Site Scripting Vulnerability

Exploit for php platform in category web applications Exploit Title: CAMALEON CMS 2.4 - Cross-Site Scripting Exploit Author: Ismail Tasdelen Vendor Homepage: http://camaleon.tuzitio.com/ Software Link : https://github.com/owen2345/camaleon-cms Software : CAMALEON CMS Version : 2.4 Vulernability...

Wikidforum 2.20 - Cross-Site Scripting Vulnerability

Exploit for php platform in category web applications Exploit Title: Wikidforum 2.20 - Cross-Site Scripting Exploit Author: Amir Hossein Mahboubi Vendor Homepage: https://sourceforge.net/projects/wikidforum/ Software Link:...

Grid Pro Big Data 1.0 - SQL Injection

Exploit Title: Grid Pro Big Data 1.0 - 'test.php' SQL Injection Dork: N/A Date: 30.05.2018 Exploit Author: Kağan Çapar Vendor Homepage: https://codecanyon.net/item/grid-pro-big-data-table-view-data-grid-with-sort-search-and-filter-for-large-mysql-tables/20395348 Version: 1.0 Category: Webapps...

Grid Pro Big Data 1.0 SQL Injection

Exploit Title: Grid Pro Big Data 1.0 - 'test.php' SQL Injection Dork: N/A Date: 30.05.2018 Exploit Author: Kağan Çapar Vendor Homepage: https://codecanyon.net/item/grid-pro-big-data-table-view-data-grid-with-sort-search-and-filter-for-large-mysql-tables/20395348 Version: 1.0 Category: Webapps...

GPSTracker 1.0 - id SQL Injection

GPSTracker 1.0 - id SQL Injection Exploit Title: GPSTracker v1.0 - Login Page SQL Injection Dork: N/A Date: 23.05.2018 Exploit Author: Özkan Mustafa Akkuş AkkuS Vendor Homepage: https://www.wecodex.com https://codecanyon.net/item/gpstracker-gps-trackgin-system/21873663 Version: 1.0 Category:...

Zenar Content Management System - Cross-Site Scripting

Exploit Title: Zenar Content Management System - Cross-Site Scripting Software Link: https://zenar.io/ Dork: N/A Author: Berk Dusunur Tested Website: http://demo.zenar.io Date: 2018-05-20 Category: Web App PoC GET Request: POST /zenario/ajax.php?methodcall=refreshPlugin&inIframe=true HTTP/1.1 Hos...