14 matches found
Moodle Authenticated Spelling Binary RCE
Moodle allows an authenticated user to define spellcheck settings via the web interface. The user can update the spellcheck mechanism to point to a system-installed aspell binary. By updating the path for the spellchecker to an arbitrary command, an attacker can run arbitrary commands in the...
blazingbucks.org Cross Site Scripting vulnerability OBB-1485587
Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website operator about its existence...
sso.petra.ac.id Cross Site Scripting vulnerability OBB-1399880
Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website operator about its existence...
sihuikaisuo.cn Cross Site Scripting vulnerability OBB-1276729
Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website operator about its existence...
CVE-2019-1000010
Summary (CVE-2019-1000010): phpIPAM versions 1.3.2 and earlier contain a Cross Site Scripting (XSS) vulnerability in the subnet-scan-telnet.php component. The issue allows an attacker to craft a link that, when visited by a user, can execute code in the victim’s browser. The vulnerability’s impac...
VK.com: HTML Injection possible due to bad filter
Hello, I have found an area where it may be possible to run certain HTML/JS scripts. TO REPRODUCE: 1. Go to documents 2. Upload anything and edit it 3. On the edit page in tags, enter code without a closing bracket ex. img src=x 4. Click enter 5. It will be parsed in that area, but after saving i...
Fixed XSS vulnerability at www.plusline.org
Security researcher jokers, has submitted on 20/02/2012 a cross-site-scripting XSS vulnerability affecting www.plusline.org, which at the time of submission ranked 0 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 10/03/2015. It is currently...
LayoutCMS 1.0 SQL Injection / Cross Site Scripting
+===================================================================================+ ./SEC-R1Z / / / / /\ \ |/ / \ \ / / / / | | / | | / / \ / / / / | || / | | / / \ \ \ \2009 | \ | | / / / \ /\ / ||\ \ ||/ \ R.I.P MichaelJackson !!!!!...
Alex Guestbook Multi Vulnerability
Exploit for unknown platform in category web applications ================================== Alex Guestbook Multi Vulnerability ================================== » Script: @lex Guestbook » Language: PHP » Download: http://scripti.org/scriptlex-guestbook61426.html === Exploit And Dork === »...
Alex Guestbook - Multiple Vulnerabilities
============================================================================== / \ | | | | / \ | | | | / \ | | | | / \ | || | / \ | | | | / \ | | // \ || || // \ || || ============================================================================== » Note : Forever RevengeHack.Com-Ar-Ge.Org Acildi...
PHPCalendars - Multiple Vulnerabilities
PHPCalendars - Multiple Vulnerabilities ============================================================================== / \ | | | | / \ | | | | / \ | | | | / \ | || | / \ | | | | / \ | | // \ || || // \ || || ============================================================================== » Note :...
PHPCalendars - Multiple Vulnerabilities
============================================================================== / \ | | | | / \ | | | | / \ | | | | / \ | || | / \ | | | | / \ | | // \ || || // \ || || ============================================================================== » Note : Forever RevengeHack.Com-Ar-Ge.Org Acildi...
SAMPLE Lord 1.0 Cross Site Scripting
+===================================================================================+ ./SEC-R1Z / / / / /\ \ |/ / \ \ / / / / | | / | | / / \ / / / / | || / | | / / \ \ \ \2009 | \ | | / / / \ /\ / ||\ \ ||/ \ R.I.P MichaelJackson !!!!!...
PHPClassifieds General
PHPClassifieds General v.n/a Homepage: http://www.phpclassifieds.info/ Affected files: search.php Posting classified ads ----------------------------------------- SQL injection on search.php via rate var: http://www.example.com/search.php?rate=sql ----------------------------------------- XSS vul...