Concrete CMS version 9.2.7 suffers from information disclosure, open redirection, and persistent cross site scripting vulnerabilities.
a4e09ec269b6fd6e7d21fa37778ad6cc59fa7c6ed21097b3b6e52c179ba94e14
BoidCMS version 2.0.1 suffers from multiple cross site scripting vulnerabilities. Original discovery of cross site scripting in this version is attributed to Rahad Chowdhury in December of 2023, though this advisory provides additional vectors of attack.
399c7d150c74e14ff960b4352508c5f4a2a59bf2bfe1f4f390b71685d91640df
XAMPP version 5.6.40 suffers from a remote SQL injection vulnerability.
388ddb4dde51e1972477265a1ca501e1b0ccc13ac7cdae3357edbf821cc9e47b
Adapt CMS version 3.0.3 suffers from persistent cross site scripting and remote shell upload vulnerabilities.
ec4109d350da52c327fa8e68529d724cdbaf75ad4605a394f2c19b7289932d0a
This archive holds a whitepaper called Introduction to Web Pentesting. It provides basic configuration for Burpsuite Proxy along with basic exploitation cross site scripting, SQL injection, cross site request forgery, and open redirects. Two copies of the whitepaper are included. One is in English and one is in Bulgarian.
1f0745a5f6bf458420ce54f01247d5149ab58cb8886e6f6c015a8dbfc0d9a6de
Perch CMS version 3.2 suffers from a persistent cross site scripting vulnerability.
586bd1206b838db2276e13fced4b53256b8b848641a29e35a78967042d604683
Availability Booking Calendar PHP suffers from cross site scripting and arbitrary file upload vulnerabilities. This was tested in July of 2023 but it is unclear what versions are affected.
e67ac34384ab2be0d18a5bd94e4c7187126859aaf2b755a195aa0c55fd5cf914
WBCE version 1.6.1 suffers from a persistent cross site scripting vulnerability.
c17b616715baffae3d84e0d4550487c0ddcd5bf0f23819f9fafe7404baa9ed74
XAMPP version 8.2.4 suffers from an unquoted service path vulnerability.
013b0dbd256f27abaa69c15d5aeec4553beac733154cfc7e150b3559ea0da2d5
Faculty Evaluation System version 1.0 suffers from a remote SQL injection vulnerability.
7bc59cd66aeba7e9b21206240985c2d932ac5f46cc03f4460693c631b14c393d
myBB forums version 1.8.26 suffers from a persistent cross site scripting vulnerability.
49b4fc9b3db0a04ca44a9ec1d64e1ec281a090a818f848111b735b27147db2e9
Fastly suffers from the poor practice of sending a temporary password in plaintext.
09181b45538cae9f3688cd0f1f65f20913277a3c96827c11f9df3ad8004ab8bc
Shopify suffers from a cross site scripting vulnerability.
dcca389f2f44bc6e6960d4aefe61cbb9c3906a55351986f2a658754795ce9f62
4images version 1.9 suffers from a remote command execution vulnerability.
d876d4e5b40a274d6db099e265423f9f96e10557a0bc7523e13fbd5618f59557
Shoplazza version 1.1 suffers from a persistent cross site scripting vulnerability.
45b096fd0c06d29314c47d3820cded151b1d0ea4c399a761b64fcc8eebcca9fe
4images version 1.8 suffers from a remote SQL injection vulnerability.
c9c2aa91ec745bbdba6b1c78ba101be04ed9dc59fee041d1a36097cb86d846a9
Whitepaper called Practical PHP Security.
197e4ac0326bbfca74f1394ddd7a80a6c26652441548adc45d5fc3339e7c5fd7
CMS Made Simple version 2.2.15 suffers from an authenticated remote command execution vulnerability.
f81ab1c1e2ff5e2fa026def00f13ab6e4b6c7c7b23c69a25b39e1e7b1af8c1c3
BlogEngine version 3.3.8 suffers from a persistent cross site scripting vulnerability.
aa9030bfadf39927f86c29d447c3d4d846efbfc9fa4bf002e5a8f9a03481201f
BoltWire version 6.03 suffers from a local file inclusion vulnerability.
5bccddcdf955aa9e8c8ca3bf0f7f17107851ff49aa2ae6656444a81d38391290
Cyberoam Authentication Client version 2.1.2.7 suffers from a buffer overflow vulnerability.
8de7e2da3c8e229cd09e1484f910a5e1e10dde2d8754d786bf6d3a031f64da4f
ATutor version 2.2.4 suffers from a remote SQL injection vulnerability.
e1926912b31ec559709af89d502a88acfe99b72aab9f35f9d21f289e65d21149
Streamripper version 2.6 Song Pattern buffer overflow exploit.
ef83fc76efb2de2e63f756763b24c71a9ec0d5274e3cb615c01c2164e72a8401