webapps (33988 exploits)

Title	Author	Platform	Source	Description	Date
Wordpress Newsletter 3.2.6 Cross Site Scripting	LiquidWorm	na	zeroscience.mk	Wordpress Newletter plugin version 3.2.6 suffers from a cross site scripting vulnerability.	May 14
Netcraft.com Cross Site Scripting	Stefan Schurtz	na	packetstormsecurity.org	www.netcraft.com suffered from a cross site scripting vulnerability.	May 14
Ruby Gem Creme Fraiche 0.6 Command Injection	Larry W. Cashdollar	na	packetstormsecurity.org	Ruby Gem Creme Fraiche version 0.6 suffers from a remote command injection vulnerability due to unsanitized input.	May 14
WordPress Video JS Cross Site Scripting	MustLive	na	packetstormsecurity.org	Various WordPress plugins that embed video-js.swf suffer from cross site scripting vulnerabilities. These include Video Embed and Thumbnail Generator, External "Video for Everybody", 1player, S3 Video and EasySqueezePage.	May 14
Kloxo 6.1.6 Privilege Escalation		na	packetstormsecurity.org	Kloxo version 6.1.6 suffers from a local privilege escalation vulnerability.	May 14
Joomla Jnews 8.0.1 Cross Site Scripting	Rafay Baloch	na	Deepankar Arora	Joomla Jnews version 8.0.1 suffers from an Open Flash-Chart cross site scripting vulnerability.	May 14
UMI.CMS 2.9 - CSRF Vulnerability	High-Tech Bridge .	php	exploit-db.com	Advisory ID: HTB23151 Product: UMI.CMS Vendor: OOO Umisoft Vulnerable Version(s): 2.9 and probably prior Tested Version: 2.9 Vendor Notification: April 3, 2013 Vendor Patch: May 7, 2013 Public Disclosure: May 8, 2013 Vulnerability Type: Cross-Site Request Forgery [CWE-352] CVE Reference:	May 14
AlienVault OSSIM 4.1.2 - Multiple SQL Injection Vulnerabilities	RunRunLevel	php	exploit-db.com	RunRunLevel Web Security Research - AlienVault OSSIM multiple SQL Injection vulnerabilities Vendor Website : http://www.alienvault.com INDEX --------------------------------------- 1. Background 2. Description 3. Affected Products 4. Vulnerabilities 5. Solution 6.	May 14
WHMCS 4.x (invoicefunctions.php, id param) - SQL Injection Vulnerability	Ahmed Aboul-Ela	php	exploit-db.com	Title: WHMCS 4.x SQL Injection Vulnerability Google Dork: intext:"Powered by WHMCompleteSolution" OR inurl:"submitticket.php‎"‎ Author: Ahmed Aboul-Ela Contact: Ahmed.Aboul3la[at]gmail[dot]com Date: 14/5/2013 Vendor: http://www.whmcs.com Version: 4.5.2 and perior versions should	May 14
IPB (Invision Power Board) all versions (1.x? / 2.x / 3.x) - Admin Account Takeover	John JEAN	php	exploit-db.com	IPB (Invision Power Board) all versions (1.x? / 2.x / 3.x) Admin account Takeover leading to code execution Written on : 2013/05/02 Released on : 2013/05/13 Author: John JEAN (@johnjean on twitter) Affected application: Invision Power Board <= 3.4.4 Type of vulnerability: Logical Vulnerabilit	May 14
WHMCS 4.5.2 SQL Injection	Ahmed Aboul-Ela	na	packetstormsecurity.org	WHMCS version 4.5.2 suffers from a remote SQL injection vulnerability.	May 14
Gallery Server Pro File Upload Filter Bypass	Drew Calcott	na	security-assessment.com	Gallery Server Pro suffers from a file upload filter bypass vulnerability.	May 14
Ajax Availability Calendar 3.X.X - Multiple Vulnerabilties	AtT4CKxT3rR0r1ST	php	exploit-db.com	Ajax Availability Calendar 3.X.X Multiple Vulnerabilties .:. Author : AtT4CKxT3rR0r1ST [F.Hack@w.cn] .:. Script : http://www.ajaxavailabilitycal	May 13
Joomla S5 Clan Roster com_s5clanroster (index.php, id param) - SQL Injection	AtT4CKxT3rR0r1ST	php	exploit-db.com	Joomla Component com_s5clanroster Sql Injection Vulnerability .:. Author : AtT4CKxT3rR0r1ST [F.Hack@w.cn] .:. Dork : inurl:"com_s5clanroster"	May 13
PayPal Ecommerce Script Insertion	Ibrahim El-Sayed	na	vulnerability-lab.com	PayPal suffered from a persistent cross site scripting vulnerability.	May 13

<< Newer posts

Older posts >>

Code Exploits Collection