Booked Scheduler version 2.8.5 suffers from cross site scripting and open redirection vulnerabilities.
d3d9005e2a6e24e94ad011793b6cdb8a9d7d946e48d81aeec76d221cdc3c47d9
htmly version 2.9.9 suffers from multiple persistent cross site scripting vulnerabilities.
b19a6a9192ab7fdb974bbaace4e6310aa155520d7f2a2c087e43a0e209b862b0
HTMLy version 2.9.9 suffers from a persistent cross site scripting vulnerability that can lead to account takeover.
6bb08fb3fda4692b34b179dbafc8e6a3f67eca89052852c0d0f06bb6f11cdaa8
Simple Machines Forum version 2.1.4 suffers from an authenticated code injection vulnerability.
5b1fd0910e2bd48c0826ea39984cc8e3a3f91f47ca1adbd1800aace768d2f620
Dolphin version 7.4.2 suffers from a remote blind SQL injection vulnerability.
8248fa7dd2014942fa684fcf3a8e321be37bb5444685be1d6befc1212eec50e8
SPA-CART CMS version 1.9.0.6 suffers from business logic and user enumeration flaws.
c07ecb52014c29ee2ae79ddc27279f57e1299334d6615202ed7fd43f0bfec058
FengOffice version 3.11.1.2 suffers from a remote blind SQL injection vulnerability.
a4d631d58217a0dbbc02735845f2ba3b26d4f99ae6e147a480b6f0cfcdae05fe
Concrete CMS version 9.2.7 suffers from information disclosure, open redirection, and persistent cross site scripting vulnerabilities.
a4e09ec269b6fd6e7d21fa37778ad6cc59fa7c6ed21097b3b6e52c179ba94e14
BoidCMS version 2.0.1 suffers from multiple cross site scripting vulnerabilities. Original discovery of cross site scripting in this version is attributed to Rahad Chowdhury in December of 2023, though this advisory provides additional vectors of attack.
399c7d150c74e14ff960b4352508c5f4a2a59bf2bfe1f4f390b71685d91640df
XAMPP version 5.6.40 suffers from a remote SQL injection vulnerability.
388ddb4dde51e1972477265a1ca501e1b0ccc13ac7cdae3357edbf821cc9e47b
Adapt CMS version 3.0.3 suffers from persistent cross site scripting and remote shell upload vulnerabilities.
ec4109d350da52c327fa8e68529d724cdbaf75ad4605a394f2c19b7289932d0a
This archive holds a whitepaper called Introduction to Web Pentesting. It provides basic configuration for Burpsuite Proxy along with basic exploitation cross site scripting, SQL injection, cross site request forgery, and open redirects. Two copies of the whitepaper are included. One is in English and one is in Bulgarian.
1f0745a5f6bf458420ce54f01247d5149ab58cb8886e6f6c015a8dbfc0d9a6de
Perch CMS version 3.2 suffers from a persistent cross site scripting vulnerability.
586bd1206b838db2276e13fced4b53256b8b848641a29e35a78967042d604683
Availability Booking Calendar PHP suffers from cross site scripting and arbitrary file upload vulnerabilities. This was tested in July of 2023 but it is unclear what versions are affected.
e67ac34384ab2be0d18a5bd94e4c7187126859aaf2b755a195aa0c55fd5cf914
WBCE version 1.6.1 suffers from a persistent cross site scripting vulnerability.
c17b616715baffae3d84e0d4550487c0ddcd5bf0f23819f9fafe7404baa9ed74
XAMPP version 8.2.4 suffers from an unquoted service path vulnerability.
013b0dbd256f27abaa69c15d5aeec4553beac733154cfc7e150b3559ea0da2d5
Faculty Evaluation System version 1.0 suffers from a remote SQL injection vulnerability.
7bc59cd66aeba7e9b21206240985c2d932ac5f46cc03f4460693c631b14c393d
myBB forums version 1.8.26 suffers from a persistent cross site scripting vulnerability.
49b4fc9b3db0a04ca44a9ec1d64e1ec281a090a818f848111b735b27147db2e9
Fastly suffers from the poor practice of sending a temporary password in plaintext.
09181b45538cae9f3688cd0f1f65f20913277a3c96827c11f9df3ad8004ab8bc
Shopify suffers from a cross site scripting vulnerability.
dcca389f2f44bc6e6960d4aefe61cbb9c3906a55351986f2a658754795ce9f62
4images version 1.9 suffers from a remote command execution vulnerability.
d876d4e5b40a274d6db099e265423f9f96e10557a0bc7523e13fbd5618f59557
Shoplazza version 1.1 suffers from a persistent cross site scripting vulnerability.
45b096fd0c06d29314c47d3820cded151b1d0ea4c399a761b64fcc8eebcca9fe
4images version 1.8 suffers from a remote SQL injection vulnerability.
c9c2aa91ec745bbdba6b1c78ba101be04ed9dc59fee041d1a36097cb86d846a9
Whitepaper called Practical PHP Security.
197e4ac0326bbfca74f1394ddd7a80a6c26652441548adc45d5fc3339e7c5fd7
CMS Made Simple version 2.2.15 suffers from an authenticated remote command execution vulnerability.
f81ab1c1e2ff5e2fa026def00f13ab6e4b6c7c7b23c69a25b39e1e7b1af8c1c3