Lucene search
K

1178 matches found

Kitploit
Kitploit
added 2018/06/02 2:10 p.m.28 views

BurpBounty - A Extension Of Burp Suite That Improve An Active And Passive Scanner

This extension allows you, in a quick and simple way, to improve the active and passive burpsuite scanner by means of personalized rules through a very intuitive graphical interface. Through an advanced search of patterns and an improvement of the payload to send, we can create our own issue...

8AI score
Exploits0References1
0day.today
0day.today
added 2018/05/29 12:0 a.m.42 views

Sitemakin SLAC 1.0 - my_item_search SQL Injection Vulnerability

CVE-2018-11535 Exploit Title: SLAC v1.0: Blind SQL Injection / XPath Injection Vendor Homepage: https://sitemakin.com/login-script-demo Exploit Author: Divya Jain Version: v1.0 CVE: CVE-2018-11535 Category: Webapps Severity: High Tested on: KaLi LinuXx64 Proof of Concept:...

0.2AI score0.0328EPSS
Exploits5
exploitpack
exploitpack
added 2018/05/29 12:0 a.m.26 views

Sitemakin SLAC 1.0 - my_item_search SQL Injection

Sitemakin SLAC 1.0 - myitemsearch SQL Injection Exploit Title: SLAC v1.0: Blind SQL Injection / XPath Injection Date: 29-05-2018 Vendor Homepage: https://sitemakin.com/login-script-demo Exploit Author: Divya Jain Version: v1.0 CVE: CVE-2018-11535 Category: Webapps Severity: High Tested on: KaLi...

7.5CVSS0.0328EPSS
Exploits5
Packet Storm
Packet Storm
added 2018/05/29 12:0 a.m.34 views

Sitemakin SLAC 1.0 SQL Injection

Exploit Title: SLAC v1.0: Blind SQL Injection / XPath Injection Date: 29-05-2018 Vendor Homepage: https://sitemakin.com/login-script-demo Exploit Author: Divya Jain Version: v1.0 CVE: CVE-2018-11535 Category: Webapps Severity: High Tested on: KaLi LinuXx64 Proof of Concept:...

0.0328EPSS
Exploits5
Exploit DB
Exploit DB
added 2018/05/29 12:0 a.m.46 views

Sitemakin SLAC 1.0 - 'my_item_search' SQL Injection

Exploit Title: SLAC v1.0: Blind SQL Injection / XPath Injection Date: 29-05-2018 Vendor Homepage: https://sitemakin.com/login-script-demo Exploit Author: Divya Jain Version: v1.0 CVE: CVE-2018-11535 Category: Webapps Severity: High Tested on: KaLi LinuXx64 Proof of Concept:...

9.8CVSS9.7AI score0.0328EPSS
Exploits5
exploitpack
exploitpack
added 2018/05/22 12:0 a.m.17 views

Auto Car 1.2 - car_title SQL Injection Cross-Site Scripting

Auto Car 1.2 - cartitle SQL Injection Cross-Site Scripting Exploit Title: Auto car 1.2 - 'cartitle' SQL Injection / Cross-Site Scripting Date: 2018-05-22 Exploit Author: Borna nematzadeh L0RD Vendor Homepage: https://codecanyon.net/item/auto-car-car-listing-script/19221368?srank=1159 Version: 1.2...

0.7AI score
Exploits0
Packet Storm
Packet Storm
added 2018/05/22 12:0 a.m.25 views

Auto Car 1.2 Cross Site Scripting / SQL Injection

Exploit Title: Auto car 1.2 - 'cartitle' SQL Injection / Cross-Site Scripting Date: 2018-05-22 Exploit Author: Borna nematzadeh L0RD Vendor Homepage: https://codecanyon.net/item/auto-car-car-listing-script/19221368?srank=1159 Version: 1.2 Tested on: Win 10 POC 1: SQLi: Parameter: cartitle Type:...

0.7AI score
Exploits0
n0where
n0where
added 2018/04/11 10:18 p.m.28 views

Web Service Security Assessment Tool: WSSAT

WSSAT is an open source web service security scanning tool which provides a dynamic environment to add, update or delete vulnerabilities by just editing its configuration files. This tool accepts WSDL address list as input file and for each service, it performs both static and dynamic tests again...

Exploits0References2
RedhatCVE
RedhatCVE
added 2018/04/06 4:20 a.m.33 views

CVE-2018-1284

In Apache Hive 0.6.0 to 2.3.2, malicious user might use any xpath UDFs xpath/xpathstring/xpathboolean/xpathnumber/xpathdouble/xpathfloat/xpathlong/xpathint/xpathshort to expose the content of a file on the machine running HiveServer2 owned by HiveServer2 user usually hive if...

6.5CVSS0.7AI score0.02272EPSS
Exploits0References2
NVD
NVD
added 2018/04/05 1:29 p.m.20 views

CVE-2018-1284

In Apache Hive 0.6.0 to 2.3.2, malicious user might use any xpath UDFs xpath/xpathstring/xpathboolean/xpathnumber/xpathdouble/xpathfloat/xpathlong/xpathint/xpathshort to expose the content of a file on the machine running HiveServer2 owned by HiveServer2 user usually hive if...

4.3CVSS4.1AI score0.02272EPSS
Exploits0References2
OSV
OSV
added 2018/04/05 1:29 p.m.18 views

CVE-2018-1284

In Apache Hive 0.6.0 to 2.3.2, malicious user might use any xpath UDFs xpath/xpathstring/xpathboolean/xpathnumber/xpathdouble/xpathfloat/xpathlong/xpathint/xpathshort to expose the content of a file on the machine running HiveServer2 owned by HiveServer2 user usually hive if...

3.7CVSS4.6AI score
Exploits0References2
CVE
CVE
added 2018/04/05 1:0 p.m.90 views

CVE-2018-1284

CVE-2018-1284 affects Apache Hive versions 0.6.0 through 2.3.2. A malicious user can leverage any of the xpath UDFs (xpath, xpath_string, xpath_boolean, xpath_number, xpath_double, xpath_float, xpath_long, xpath_int, xpath_short) to expose the content of a local file on the machine running HiveSe...

4.3CVSS4.2AI score0.02272EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2018/04/05 1:0 p.m.35 views

CVE-2018-1284

In Apache Hive 0.6.0 to 2.3.2, malicious user might use any xpath UDFs xpath/xpathstring/xpathboolean/xpathnumber/xpathdouble/xpathfloat/xpathlong/xpathint/xpathshort to expose the content of a file on the machine running HiveServer2 owned by HiveServer2 user usually hive if...

4AI score0.02272EPSS
Exploits0References2
Veracode
Veracode
added 2018/04/02 7:22 a.m.13 views

Directory Traversal Through XML External Entity (XXE)

wiremock is vulnerable to directory traversal through XML External Entity XXE attacks. The application does not disable DTD during XPATH Evaluation, allowing a malicious user to traverse the directory...

5.3CVSS5.5AI score0.02658EPSS
Exploits0References2Affected Software1
Openbugbounty
Openbugbounty
added 2018/03/10 9:9 p.m.14 views

20minutos.es Cross Site Scripting vulnerability

Security Researcher SabioHat Helped patch 103 vulnerabilities Received 2 Coordinated Disclosure badges Received 5 recommendations , a holder of 2 badges for responsible and coordinated disclosure, found a security vulnerability affecting 20minutos.es website and its users. Following coordinated a...

6.4AI score
Exploits0
NVD
NVD
added 2018/02/20 3:29 p.m.19 views

CVE-2016-6272

XPath injection vulnerability in Epic MyChart allows remote attackers to access contents of an XML document containing static display strings, such as field labels, via the topic parameter to help.asp. NOTE: this was originally reported as a SQL injection vulnerability, but this may be inaccurate...

7.5CVSS7.7AI score0.21255EPSS
Exploits5References2
Prion
Prion
added 2018/02/20 3:29 p.m.11 views

Sql injection

XPath injection vulnerability in Epic MyChart allows remote attackers to access contents of an XML document containing static display strings, such as field labels, via the topic parameter to help.asp. NOTE: this was originally reported as a SQL injection vulnerability, but this may be inaccurate...

5CVSS8AI score0.21255EPSS
Exploits5References2
Cvelist
Cvelist
added 2018/02/20 3:0 p.m.22 views

CVE-2016-6272

XPath injection vulnerability in Epic MyChart allows remote attackers to access contents of an XML document containing static display strings, such as field labels, via the topic parameter to help.asp. NOTE: this was originally reported as a SQL injection vulnerability, but this may be inaccurate...

7.7AI score0.21255EPSS
Exploits5References2
CVE
CVE
added 2018/02/20 3:0 p.m.73 views

CVE-2016-6272

CVE-2016-6272 concerns Epic MyChart, where an XPath injection vulnerability exists in the help.asp topic parameter. The underlying issue allows remote attackers to access contents of an XML document containing static display strings (e.g., field labels). The vulnerability is reported as pre-authe...

7.5CVSS7.7AI score0.21255EPSS
Exploits5References2Affected Software1
Openbugbounty
Openbugbounty
added 2018/02/19 1:12 a.m.11 views

whiteint.com.au XSS vulnerability

Open Bug Bounty ID: OBB-563303 Description| Value ---|--- Affected Website:| whiteint.com.au Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

6.3AI score
Exploits0
Rows per page
Query Builder