Clik here to view.
userSpice 4.3.24 Username Enumeration
userSpice version 4.3.24 suffers from a username enumeration vulnerability.MD5 | 17be15fe8153f38e23cc6eb9a86bb0fbDownload# Exploit Title: userSpice 4.3.24 - Username Enumeration# Date: 2018-06-10#...
View ArticleClik here to view.
Splunk 6.2.3 / 7.0.1 Information Disclosure
Splunk versions 6.2.3 through 7.0.1 suffer from an information disclosure vulnerability.MD5 | 404164fd30bf60e95bc74b23f1b9106fDownload# Exploit Title: Splunk < 7.0.1 - Information Disclosure# Date:...
View ArticleClik here to view.
ESPN Cross Site Scripting
ESPN's CDN suffers from a cross site scripting vulnerability.MD5 | cb6c8b895a34118ac66e8eb571793e21DownloadDocument Title:===============Reflected XSS on ESPN sitePoC:===============1) Navigate to the...
View ArticleClik here to view.
libpff 2018-04-28 Information Disclosure
The libpff_name_to_id_map_entry_read function in libpff_name_to_id_map.c in libyal libpff through 2018-04-28 allows remote attackers to cause an information disclosure (heap-based buffer over-read) via...
View ArticleClik here to view.
libmobi 0.3 Information Disclosure
The mobi_parse_index_entry function in index.c in Libmobi 0.3 allows remote attackers to cause an information disclosure (heap-based buffer over-read) via a crafted mobi file. The mobi_pk1_decrypt...
View ArticleClik here to view.
libfsntfs 20180420 Information Disclosure
The libfsntfs_attribute_read_from_mft function in libfsntfs_attribute.c in libfsntfs through 2018-04-20 allows remote attackers to cause an information disclosure (heap-based buffer over-read) via a...
View ArticleClik here to view.
ClassLink OneClick Browser Extension / Agent Universal XSS / Remote Code...
The ClassLink OneClick browser extension and the ClassLink Agent are vulnerable to universal cross site scripting and remote code execution.MD5 | e8835af6f7679093a0b4696ac326601bDownloadThe ClassLink...
View ArticleClik here to view.
OX App Suite 7.8.4 XSS / Privilege Management / SSRF / Traversal
OX App Suite versions 7.8.4 and below suffer from cross site scripting, improper privilege management, content spoofing, server-side request forgery, and path traversal vulnerabilities.MD5 |...
View ArticleClik here to view.
Joomla 2.4.0 Gridbox Cross Site Scripting
Joomla versions 2.4.0 and below suffer from a cross site scripting vulnerability in the Gridbox extension.MD5 | a67e61410dc53b192fa83ce0ba67d2d0DownloadI. VULNERABILITY-------------------------Gridbox...
View ArticleClik here to view.
WebCTRL Out-Of-Band XML Injection
WebCTRL suffers from an out-of-band XML external entity injection vulnerability.MD5 | 03cfec119fa40216a34ec56c09b73a26Download# (CVE-2018-8819)## Product DescriptionWebCTRL is a BACnet native,...
View ArticleClik here to view.
SensioLabs Symfony 3.3.6 Cross Site Scripting
SensioLabs Symfony version 3.3.6 suffers from a cross site scripting vulnerability.MD5 | c2146dcabb8e4fbb8941ce5b5e3b88e5DownloadSensioLabs Symfony version 3.3.6 - Cross-Site Scripting (Reflect)#...
View ArticleClik here to view.
WebKitGTK+ WebKitFaviconDatabase Denial Of Service
This Metasploit module exploits a vulnerability in WebKitFaviconDatabase when pageURL is unset. If successful, it could lead to application crash, resulting in denial of service.MD5 |...
View ArticleClik here to view.
Joomla! Component EkRishta 2.10 - 'username' SQL Injection
EDB-ID: 44877Author: L0RDPublished: 2018-06-12CVE: N/A Type: WebappsPlatform: PHPVulnerable App: N/A # Date: 2018-06-11 # Exploit Author: L0RD # Software Link:...
View ArticleClik here to view.
Siaberry 1.2.2 Command Injection
Siaberry version 1.2.2 suffers from a command injection vulnerability.MD5 | 5fcaec40356eac764bc5e28f9aecb476Download## Siaberry's Command Injection VulnerabilityToday, Iad like to share several...
View ArticleClik here to view.
Joomla EkRishta 2.10 SQL Injection
Joomla EkRishta component version 2.10 suffers from a remote SQL injection vulnerability in the username field.MD5 | 82d923c4d123057bc23ac8506615a660Download# Exploit Title: Joomla! Component EkRishta...
View ArticleClik here to view.
OEcms 3.1 Cross Site Scripting
OEcms version 3.1 suffers from a cross site scripting vulnerability.MD5 | 2e0a4d802f2a1f69263f125fb4983364DownloadTitle:=======OEcms v3.1 - Reflected Cross-Site Scripting Introduction:==============A...
View ArticleClik here to view.
Dimofinf CMS 3.0.0 Cross Site Scripting
Dimofinf CMS version 3.0.0 suffers from a cross site scripting vulnerability.MD5 | 884af4ff41aa0f5005c70242476ed52aDownloadTitle:=======Dimofinf CMS Version 3.0.0 - Reflected Cross-Site Scripting...
View ArticleClik here to view.
WordPress Ultimate Form Builder Lite 1.3.7 XSS / SQL Injection
WordPress Ultimate Form Builder Lite versions 1.3.7 and below suffer from cross site scripting and remote SQL injection vulnerabilities.MD5 | 4147f9e58f55a85f9e33e394450a0f3aDownloadDefenseCode...
View ArticleClik here to view.
WordPress WP Google Map 4.0.4 SQL Injection
WordPress WP Google Map plugin versions 4.0.4 and below suffer from remote SQL injection vulnerabilities.MD5 | 2456732033e558ec555c1b594d000411DownloadDefenseCode ThunderScan SAST Advisory: WordPress...
View ArticleClik here to view.
Canon PrintMe EFI Cross Site Scripting
Canon PrintMe EFI suffers from a cross site scripting vulnerability.MD5 | 1b32c8d5e91282bc9f3a9fa12654d6f4Download# Title: Canon PrintMe EFI - Cross-Site Scripting # Date: 9.6.2018-06-09 # Exploit...
View Article