1178 matches found
BurpBounty - A Extension Of Burp Suite That Improve An Active And Passive Scanner
This extension allows you, in a quick and simple way, to improve the active and passive burpsuite scanner by means of personalized rules through a very intuitive graphical interface. Through an advanced search of patterns and an improvement of the payload to send, we can create our own issue...
Sitemakin SLAC 1.0 - my_item_search SQL Injection Vulnerability
CVE-2018-11535 Exploit Title: SLAC v1.0: Blind SQL Injection / XPath Injection Vendor Homepage: https://sitemakin.com/login-script-demo Exploit Author: Divya Jain Version: v1.0 CVE: CVE-2018-11535 Category: Webapps Severity: High Tested on: KaLi LinuXx64 Proof of Concept:...
Sitemakin SLAC 1.0 - my_item_search SQL Injection
Sitemakin SLAC 1.0 - myitemsearch SQL Injection Exploit Title: SLAC v1.0: Blind SQL Injection / XPath Injection Date: 29-05-2018 Vendor Homepage: https://sitemakin.com/login-script-demo Exploit Author: Divya Jain Version: v1.0 CVE: CVE-2018-11535 Category: Webapps Severity: High Tested on: KaLi...
Sitemakin SLAC 1.0 SQL Injection
Exploit Title: SLAC v1.0: Blind SQL Injection / XPath Injection Date: 29-05-2018 Vendor Homepage: https://sitemakin.com/login-script-demo Exploit Author: Divya Jain Version: v1.0 CVE: CVE-2018-11535 Category: Webapps Severity: High Tested on: KaLi LinuXx64 Proof of Concept:...
Sitemakin SLAC 1.0 - 'my_item_search' SQL Injection
Exploit Title: SLAC v1.0: Blind SQL Injection / XPath Injection Date: 29-05-2018 Vendor Homepage: https://sitemakin.com/login-script-demo Exploit Author: Divya Jain Version: v1.0 CVE: CVE-2018-11535 Category: Webapps Severity: High Tested on: KaLi LinuXx64 Proof of Concept:...
Auto Car 1.2 - car_title SQL Injection Cross-Site Scripting
Auto Car 1.2 - cartitle SQL Injection Cross-Site Scripting Exploit Title: Auto car 1.2 - 'cartitle' SQL Injection / Cross-Site Scripting Date: 2018-05-22 Exploit Author: Borna nematzadeh L0RD Vendor Homepage: https://codecanyon.net/item/auto-car-car-listing-script/19221368?srank=1159 Version: 1.2...
Auto Car 1.2 Cross Site Scripting / SQL Injection
Exploit Title: Auto car 1.2 - 'cartitle' SQL Injection / Cross-Site Scripting Date: 2018-05-22 Exploit Author: Borna nematzadeh L0RD Vendor Homepage: https://codecanyon.net/item/auto-car-car-listing-script/19221368?srank=1159 Version: 1.2 Tested on: Win 10 POC 1: SQLi: Parameter: cartitle Type:...
Web Service Security Assessment Tool: WSSAT
WSSAT is an open source web service security scanning tool which provides a dynamic environment to add, update or delete vulnerabilities by just editing its configuration files. This tool accepts WSDL address list as input file and for each service, it performs both static and dynamic tests again...
CVE-2018-1284
In Apache Hive 0.6.0 to 2.3.2, malicious user might use any xpath UDFs xpath/xpathstring/xpathboolean/xpathnumber/xpathdouble/xpathfloat/xpathlong/xpathint/xpathshort to expose the content of a file on the machine running HiveServer2 owned by HiveServer2 user usually hive if...
CVE-2018-1284
In Apache Hive 0.6.0 to 2.3.2, malicious user might use any xpath UDFs xpath/xpathstring/xpathboolean/xpathnumber/xpathdouble/xpathfloat/xpathlong/xpathint/xpathshort to expose the content of a file on the machine running HiveServer2 owned by HiveServer2 user usually hive if...
CVE-2018-1284
In Apache Hive 0.6.0 to 2.3.2, malicious user might use any xpath UDFs xpath/xpathstring/xpathboolean/xpathnumber/xpathdouble/xpathfloat/xpathlong/xpathint/xpathshort to expose the content of a file on the machine running HiveServer2 owned by HiveServer2 user usually hive if...
CVE-2018-1284
CVE-2018-1284 affects Apache Hive versions 0.6.0 through 2.3.2. A malicious user can leverage any of the xpath UDFs (xpath, xpath_string, xpath_boolean, xpath_number, xpath_double, xpath_float, xpath_long, xpath_int, xpath_short) to expose the content of a local file on the machine running HiveSe...
CVE-2018-1284
In Apache Hive 0.6.0 to 2.3.2, malicious user might use any xpath UDFs xpath/xpathstring/xpathboolean/xpathnumber/xpathdouble/xpathfloat/xpathlong/xpathint/xpathshort to expose the content of a file on the machine running HiveServer2 owned by HiveServer2 user usually hive if...
Directory Traversal Through XML External Entity (XXE)
wiremock is vulnerable to directory traversal through XML External Entity XXE attacks. The application does not disable DTD during XPATH Evaluation, allowing a malicious user to traverse the directory...
20minutos.es Cross Site Scripting vulnerability
Security Researcher SabioHat Helped patch 103 vulnerabilities Received 2 Coordinated Disclosure badges Received 5 recommendations , a holder of 2 badges for responsible and coordinated disclosure, found a security vulnerability affecting 20minutos.es website and its users. Following coordinated a...
CVE-2016-6272
XPath injection vulnerability in Epic MyChart allows remote attackers to access contents of an XML document containing static display strings, such as field labels, via the topic parameter to help.asp. NOTE: this was originally reported as a SQL injection vulnerability, but this may be inaccurate...
Sql injection
XPath injection vulnerability in Epic MyChart allows remote attackers to access contents of an XML document containing static display strings, such as field labels, via the topic parameter to help.asp. NOTE: this was originally reported as a SQL injection vulnerability, but this may be inaccurate...
CVE-2016-6272
XPath injection vulnerability in Epic MyChart allows remote attackers to access contents of an XML document containing static display strings, such as field labels, via the topic parameter to help.asp. NOTE: this was originally reported as a SQL injection vulnerability, but this may be inaccurate...
CVE-2016-6272
CVE-2016-6272 concerns Epic MyChart, where an XPath injection vulnerability exists in the help.asp topic parameter. The underlying issue allows remote attackers to access contents of an XML document containing static display strings (e.g., field labels). The vulnerability is reported as pre-authe...
whiteint.com.au XSS vulnerability
Open Bug Bounty ID: OBB-563303 Description| Value ---|--- Affected Website:| whiteint.com.au Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...