exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 100 RSS Feed

Files

Sophos Cyberoam NG Series Cross Site Scripting
Posted Apr 5, 2016
Authored by LiquidWorm | Site zeroscience.mk

Multiple reflected cross site scripting issues were discovered in Cyberoam NG appliances. Input passed via the 'ipFamily', 'applicationname' and 'username' GET parameters to LiveConnections.jsp and LiveConnectionDetail.jsp is not properly sanitized before being returned to the user. Adding arbitrary 'X-Forwarded-For' HTTP header to a request makes the appliance also prone to a XSS issue. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

tags | exploit, web, arbitrary, xss
SHA-256 | 76576be8630c45295bbad88ae0ff962e2700d9f8ae39ccd8dac71c467da5f8b9

Related Files

Adtran Personal Phone Manager 10.8.1 Cross Site Scripting
Posted Apr 21, 2021
Authored by 3ndG4me

Adtran Personal Phone Manager version 10.8.1 suffers from multiple reflective cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
advisories | CVE-2021-25680
SHA-256 | 91eb377154488ec7c016952ffe3b4ebf2791bd6838a98d08693e4ebf4db983ba
WordPress Photo Gallery 1.5.69 Cross Site Scripting
Posted Apr 19, 2021
Authored by ThuraMoeMyint

WordPress Photo Gallery plugin versions 1.5.69 and below suffer from multiple reflective cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | f5cee129a211aee4e8107180c84597f0d60b54808dacf0f7a05afefadeaa5233
Revive Adserver 5.1.0 Cross Site Scripting
Posted Jan 27, 2021
Authored by Matteo Beccati

Revive Adserver versions 5.1.0 and below suffer from multiple reflective cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
advisories | CVE-2021-22874, CVE-2021-22875
SHA-256 | 190f88d88bd59a6e458fe50325d73d4011e9b7ef2b33f6962a495f46bb142f9a
OpenAsset Digital Asset Management Cross Site Scripting
Posted Dec 11, 2020
Authored by Jack Misiura

The OpenAsset Digital Asset Management web application suffers from multiple reflected and persistent cross site scripting vulnerabilities. Vulnerable versions include 12.0.19 (Cloud) and 11.2.1 (On-premise).

tags | exploit, web, vulnerability, xss
advisories | CVE-2020-28857, CVE-2020-28859
SHA-256 | f23463f784d061541c79ecdec79a17114bfcaa396f5627dde1e0c79a90a2ae45
WebPort 1.19.1 Cross Site Scripting
Posted Jun 22, 2020
Authored by Emre OVUNC

WebPort version 1.19.1 suffers from multiple reflective cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
advisories | CVE-2019-12460, CVE-2019-12461
SHA-256 | 41cb6485bf5e035d4851be24eb39824dc1a47ab1146412bf9506a4d7447ad66d
Hospital Management System 4.0 Cross Site Scripting
Posted Jan 13, 2020
Authored by FULLSHADE

Hospital Management System version 4.0 suffers from multiple reflective cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
advisories | CVE-2020-5193
SHA-256 | 577785f9f7a77543366601d345329f948706e972436cf56919df3d22f41fd7d4
SugarCRM 9.0.1 Cross Site Scripting
Posted Oct 11, 2019
Authored by EgiX | Site karmainsecurity.com

SugarCRM versions 9.0.1 and below suffer from multiple reflective cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | 7d09c62859ee6df54d6c301681c3cf8c05bd10fec1feda4693b0c5f024b83971
VFront 0.99.5 Reflective Cross Site Scripting
Posted May 28, 2019
Authored by Omer Citak | Site netsparker.com

VFront version 0.99.5 suffers from multiple reflective cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
advisories | CVE-2019-9839
SHA-256 | 0d216805ffd29114e6cd997888f40343e29ba2dc8cd90edfb1e67454e391efa7
Microhard Systems 3G/4G Cellular Ethernet And Serial Gateway XSS
Posted Jul 16, 2018
Authored by LiquidWorm | Site zeroscience.mk

Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway systems are prone to multiple reflected and stored cross-site scripting vulnerabilities due to a failure to properly sanitize user-supplied input to several parameters that are handled by various servlets. Attackers can exploit this issue to execute arbitrary HTML and script code in a user's browser session. Many versions are affected.

tags | exploit, arbitrary, vulnerability, xss
SHA-256 | 2c2c864e961de08f8e726f2b647913aff2b13bf29b8cce66e3aa650d3bd351e5
Monstra CMS 3.0.4 Cross Site Scripting
Posted May 20, 2018
Authored by Ismail Tasdelen

Monstra CMS version 3.0.4 suffers from multiple reflective and persistent cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | 3bfe1c63389f9f72b080996c4451b43f30d95003183be45dbe4978c930bf897b
ZKTeco ZKBioSecurity 3.0 Cross Site Scripting
Posted Aug 31, 2016
Authored by LiquidWorm | Site zeroscience.mk

ZKBioSecurity suffers from multiple reflected cross site scripting vulnerabilities when input passed via several parameters to several scripts is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. Version 3.0.1.0_R_230 is affected.

tags | exploit, arbitrary, vulnerability, xss
SHA-256 | 661201e7c27f788dde650a2d5226bddfa2456cc33d8e22a68d5114c6bd2a7de2
Iris ID IrisAccess ICU 7000-2 XSS / Cross Site Request Forgery
Posted Jul 27, 2016
Authored by LiquidWorm | Site zeroscience.mk

Iris ID IrisAccess ICU 7000-2 is prone to multiple reflected cross site scripting vulnerabilities due to a failure to properly sanitize user-supplied input to the 'HidChannelID' and 'HidVerForPHP' POST parameters in the 'SetSmarcardSettings.php' script. Attackers can exploit this issue to execute arbitrary HTML and script code in a user's browser session. The application also allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain actions with administrative privileges if a logged-in user visits a malicious web site.

tags | exploit, web, arbitrary, php, vulnerability, xss
SHA-256 | e7183b03f0ff99292c399fd3826568ee44c2d72211f15de97442670cff6e2a47
Wowza Streaming Engine 4.5.0 Cross Site Scripting
Posted Jul 20, 2016
Authored by LiquidWorm | Site zeroscience.mk

Wowza Streaming Engine suffers from multiple reflected cross site scripting vulnerabilities when input passed via several parameters to several scripts is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. Version 4.5.0 build 18676 is affected.

tags | exploit, arbitrary, vulnerability, xss
SHA-256 | 2523e79ab44f97c6ba12c7d6cca69bcb2705a67438d5e18cab9228b1987fd2b6
Release Automation XSS / XXE Injection
Posted Jul 1, 2016
Authored by Kevin Kotas | Site www3.ca.com

CA Technologies Support is alerting customers to multiple potential risks with CA Release Automation. Three vulnerabilities exist that can allow a remote attacker to potentially gain sensitive information or cause a denial of service condition. CA has fixes available. The first vulnerability occurs due to the inclusion of a vulnerable 3rd party component, Open Flash Chart. A remote attacker can conduct cross-site scripting attacks The second vulnerability occurs due to insufficient verification of requests to the web server, which can lead to limited XML external entity attacks. An authenticated attacker in the local network can potentially gain sensitive information or cause a denial of service condition. The third vulnerability occurs due to insufficient verification of requests to the web interface, which leads to multiple reflected cross-site scripting vulnerabilities and one stored cross-site scripting vulnerability.

tags | advisory, remote, web, denial of service, local, vulnerability, xss, xxe
advisories | CVE-2015-7370, CVE-2015-8698, CVE-2015-8699
SHA-256 | 2ef5f54923997660f51cadb44ff051e243c99d18929f23a00717e9198858f0d9
Log2Space Central 6.2 Cross Site Scripting
Posted Jan 28, 2016
Authored by Rahul Pratap Singh

Log2Space Central version 6.2 suffers from multiple reflective cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | dba77879de8c9efbd44b477ecd995853b0c1e6b8aff0aaba5e2d0c6d5ec3134f
WordPress ResAds 1.0.1 Cross Site Scripting
Posted Oct 6, 2015
Authored by Iberia Medeiros

WordPress ResAds plugin version 1.0.1 suffers from multiple reflective cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
advisories | CVE-2015-7667
SHA-256 | 77dc179cb529b870639eb019931596493779f2f1e32d9bd99a03db17385a4abc
Zurmo CRM 2.8.5 Cross Site Scripting
Posted Jan 7, 2015
Authored by LiquidWorm | Site zeroscience.mk

Zurmo CRM version 2.8.5 suffers from multiple reflective cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | e8ad5e444260d1a470d810f235c031ebb743e78b01cfff15a78d14dcdbfa4353
Concrete5 CMS 5.7.2 / 5.7.2.1 Cross Site Scripting
Posted Dec 9, 2014
Authored by Simo Ben Youssef | Site morxploit.com

Concrete5 CMS versions 5.7.2 and 5.7.2.1 suffer from multiple reflective cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | 38fa7b6e86beb417bcaeb373a842e9a87af92a2f22c02289fbb095fad3e118d7
SAP HANA Reflective Cross Site Scripting
Posted Oct 8, 2014
Authored by Will Vandevanter | Site onapsis.com

Onapsis Security Advisory - The SAP HANA Developer Edition contains multiple reflected cross site scripting vulnerabilities (XSS) in the democontent area.

tags | advisory, vulnerability, xss
SHA-256 | d98ec0c662aa2e76ea7c61dcd491019b639f2b4fe8e0fc31991ae7f856d4d36a
ManageEngine EventLog Analyzer 7 Cross Site Scripting
Posted Aug 27, 2014
Authored by Rodrigo Contarino

ManageEngine EventLog Analyzer version 7.2.2 suffers from multiple reflective cross site scripting vulnerabilities.

tags | advisory, vulnerability, xss
advisories | CVE-2014-4930
SHA-256 | 0bf36f68da768952108b58e9e72774b2bf741922f4c175919319cf299d4fe76d
SonicWALL GMS 7.2 Build 7221.1701 Cross Site Scripting
Posted Jul 22, 2014
Authored by William Costa

DELL SonicWALL GMS version 7.2 build 7221.1701 suffers from multiple reflective cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | 8c628a32636a204c5621e732a5912dbe9bec353645b48fb912eabe6942908969
BarracudaDrive 6.7.2 Cross Site Scripting
Posted May 16, 2014
Authored by Manish Tanwar

BarracudaDrive version 6.7.2 suffers from multiple reflective and persistent cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | d41472b73eb1e68306169abb69831256e5000c2d91afe4d895f79081b2bd8cb6
AKER Secure Mail Gateway 2.5.2 Cross Site Scripting
Posted Mar 7, 2014
Authored by William Costa

AKER Secure Mail Gateway versions 2.5.2 and below suffer from multiple reflective cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
advisories | CVE-2013-6037
SHA-256 | ab5924cb2e8e920bf0c586e1b34dba02ede340dc74de1607cbabdf1fa1986191
Vtiger 5.4.0 Cross Site Scripting
Posted Dec 12, 2013
Authored by Sojobo Dev Team

Vtiger version 5.4.0 suffers from multiple reflective cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | 46e34297293eac83bae71ead7c25d12b59b59c45ffcc8e3a0a616f838ad25e3f
MODx 2.2.10 Cross Site Scripting
Posted Oct 23, 2013
Authored by Sojobo Dev Team

MODx version 2.2.10 suffers from multiple reflective cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | 7c57fe4cd97450b18471d0a901f38ba5ae88a8ad2b1ace28ba3b004660316352
Page 1 of 4
Back1234Next

File Archive:

February 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    11 Files
  • 2
    Feb 2nd
    9 Files
  • 3
    Feb 3rd
    5 Files
  • 4
    Feb 4th
    0 Files
  • 5
    Feb 5th
    0 Files
  • 6
    Feb 6th
    0 Files
  • 7
    Feb 7th
    0 Files
  • 8
    Feb 8th
    0 Files
  • 9
    Feb 9th
    0 Files
  • 10
    Feb 10th
    0 Files
  • 11
    Feb 11th
    0 Files
  • 12
    Feb 12th
    0 Files
  • 13
    Feb 13th
    0 Files
  • 14
    Feb 14th
    0 Files
  • 15
    Feb 15th
    0 Files
  • 16
    Feb 16th
    0 Files
  • 17
    Feb 17th
    0 Files
  • 18
    Feb 18th
    0 Files
  • 19
    Feb 19th
    0 Files
  • 20
    Feb 20th
    0 Files
  • 21
    Feb 21st
    0 Files
  • 22
    Feb 22nd
    0 Files
  • 23
    Feb 23rd
    0 Files
  • 24
    Feb 24th
    0 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    0 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close