845 matches found
CVE-2019-10655
Grandstream GAC2500 1.0.3.35, GXP2200 1.0.3.27, GVC3202 1.0.3.51, GXV3275 before 1.0.3.219 Beta, and GXV3240 before 1.0.3.219 Beta devices allow unauthenticated remote code execution via shell metacharacters in a /manager?action=getlogcat priority field, in conjunction with a buffer overflow via...
Huawei E5330 21.210.09.00.158 Cross Site Request Forgery
Exploit Title: Huawei E5330 Cross-Site Request Forgery Send SMS Date: 01/07/2019 Exploit Author: Nathu Nandwani Website: http://nandtech.co/ Vendor Homepage: https://consumer.huawei.com/in/mobile-broadband/e5330/ Version: 21.210.09.00.158 Tested on: Windows 10 x64 CVE: CVE-2014-5395 Note: The...
Leica Geosystems GR10/GR25/GR30/GR50 GNSS 4.30.063 - JS/HTML Code Injection
function submitRequest...
Embed Video Scripts - Persistent Cross-Site Scripting
Exploit Title: Embed Video Scripts - Cross-site Script stored Google Dork: N/A Date: 1 Jan 2019 Exploit Author: Deyaa Muhammad Author EMail: contact at deyaa.me Author Blog: http://deyaa.me POC Video: https://youtu.be/2CFJLwkxpT8 Vendor Homepage: https://codeawesome.in/embed/ Software Link:...
CVE-2018-19249
The Stripe API v1 allows remote attackers to bypass intended access restrictions by replaying api.stripe.com /v1/tokens XMLHttpRequest data, parsing the response under the object card, and reading the cvccheck information if the creation is successful without charging the actual card used in the...
Information disclosure
The Stripe API v1 allows remote attackers to bypass intended access restrictions by replaying api.stripe.com /v1/tokens XMLHttpRequest data, parsing the response under the object card, and reading the cvccheck information if the creation is successful without charging the actual card used in the...
CVE-2018-19249
The CVE-2018-19249 entry concerns Stripe API v1, where remote attackers could bypass access restrictions by replaying XMLHttpRequest data to /v1/tokens. The vulnerability involves parsing the response under the card object and reading cvc_check information when a token is created without charging...
CVE-2018-19249
The Stripe API v1 allows remote attackers to bypass intended access restrictions by replaying api.stripe.com /v1/tokens XMLHttpRequest data, parsing the response under the object card, and reading the cvccheck information if the creation is successful without charging the actual card used in the...
Voyager 1.1.3 Shell Upload
Exploit Title: Voyager 1.1.3 - Arbitrary File Upload Google Dork: N/A Date: 1 Jan 2019 Exploit Author: Deyaa Muhammad Author EMail: contact at deyaa.me Author Blog: http://deyaa.me Poc Video: https://youtu.be/5GnHbFqRP9M Vendor Homepage: https://laravelvoyager.com/ Software Link:...
bludit Pages Editor 3.0.0 - Arbitrary File Upload
Exploit Title: bludit Pages Editor 3.0.0 - Arbitrary File Upload Date: 2018-10-02 Google Dork: N/A Exploit Author: BouSalman Vendor Homepage: https://www.bludit.com/ Software Link: N/A Version: 3.0.0 Tested on: Ubuntu 18.04 CVE : 2018-1000811 POST /admin/ajax/upload-files HTTP/1.1 Host:...
Sessions never expire due to continuous XHR
Summary Sessions in Bamboo are supposed to have a default inactivity timeout of 30 minutes see https://confluence.atlassian.com/bamkb/how-to-change-bamboo-user-session-timeout-848977292.html, however regardless of which timeout period is set, sessions never time out if a user doesn't close their...
Library CMS 2.1.1 - Cross-Site Scripting Vulnerability
Exploit for php platform in category web applications Exploit Title: Library CMS 2.1.1 - Cross-Site Scripting Exploit Author: Ismail Tasdelen Vendor Homepage: https://kaasoft.pro/ Software Link : https://library.kaasoft.pro/ Software : Library CMS - Powerful Book Management System Version : v 2.1...
CAMALEON CMS 2.4 Cross Site Scripting Vulnerability
Exploit for php platform in category web applications Exploit Title: CAMALEON CMS 2.4 - Cross-Site Scripting Exploit Author: Ismail Tasdelen Vendor Homepage: http://camaleon.tuzitio.com/ Software Link : https://github.com/owen2345/camaleon-cms Software : CAMALEON CMS Version : 2.4 Vulernability...
Wikidforum 2.20 - Cross-Site Scripting Vulnerability
Exploit for php platform in category web applications Exploit Title: Wikidforum 2.20 - Cross-Site Scripting Exploit Author: Amir Hossein Mahboubi Vendor Homepage: https://sourceforge.net/projects/wikidforum/ Software Link:...
Cross site scripting
On D-Link DIR-620 devices with a certain customized by ISP variant of firmware 1.0.3, 1.0.37, 1.3.1, 1.3.3, 1.3.7, 1.4.0, and 2.0.22, a reflected Cross-Site Scripting XSS attack is possible as a result of missed filtration for special characters in the "Search" field and incorrect processing of t...
CVE-2018-6212
On D-Link DIR-620 devices with a certain customized by ISP variant of firmware 1.0.3, 1.0.37, 1.3.1, 1.3.3, 1.3.7, 1.4.0, and 2.0.22, a reflected Cross-Site Scripting XSS attack is possible as a result of missed filtration for special characters in the "Search" field and incorrect processing of t...
CVE-2018-6212
On D-Link DIR-620 devices with a certain customized by ISP variant of firmware 1.0.3, 1.0.37, 1.3.1, 1.3.3, 1.3.7, 1.4.0, and 2.0.22, a reflected Cross-Site Scripting XSS attack is possible as a result of missed filtration for special characters in the "Search" field and incorrect processing of t...
WebKit not_number defineProperties Use-After-Free Exploit
Exploit for multiple platform in category dos / poc This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'WebKit notnumber defineProperties UAF', 'Description' = %q This module exploits a UAF...
Grid Pro Big Data 1.0 - SQL Injection
Exploit Title: Grid Pro Big Data 1.0 - 'test.php' SQL Injection Dork: N/A Date: 30.05.2018 Exploit Author: Kağan Çapar Vendor Homepage: https://codecanyon.net/item/grid-pro-big-data-table-view-data-grid-with-sort-search-and-filter-for-large-mysql-tables/20395348 Version: 1.0 Category: Webapps...
Grid Pro Big Data 1.0 SQL Injection
Exploit Title: Grid Pro Big Data 1.0 - 'test.php' SQL Injection Dork: N/A Date: 30.05.2018 Exploit Author: Kağan Çapar Vendor Homepage: https://codecanyon.net/item/grid-pro-big-data-table-view-data-grid-with-sort-search-and-filter-for-large-mysql-tables/20395348 Version: 1.0 Category: Webapps...