Dennis Veninga

4 exploits Active since Jan 2018
CVE-2018-5370 EXPLOITDB MEDIUM text WORKING POC
BizLogic xnami 1.0 - Cross-Site Scripting via Comment Parameter
BizLogic xnami 1.0 has XSS via the comment parameter in an addComment action to the /media/ajax URI.
CVSS 6.1
CVE-2018-5315 EXPLOITDB CRITICAL text WRITEUP
Wachipi WP Events Calendar <1.0 - SQL Injection
The Wachipi WP Events Calendar plugin 1.0 for WordPress has SQL Injection via the event_id parameter to event.php.
CVSS 9.8
CVE-2018-5705 EXPLOITDB MEDIUM text WORKING POC
Reservo Image Hosting 1.6 - Cross-Site Scripting via Search Parameter
Reservo Image Hosting 1.6 is vulnerable to XSS attacks. The affected function is its search engine (the t parameter to the /search URI). Since there is an user/admin login interface, it's possible for attackers to steal sessions of users and thus admin(s). By sending users an infected URL, code will be executed.
CVSS 6.1
CVE-2018-5479 EXPLOITDB MEDIUM text WORKING POC
FoxSash ImgHosting 1.5 - Cross-Site Scripting via Search Parameter
FoxSash ImgHosting 1.5 (according to footer information) is vulnerable to XSS attacks. The affected function is its search engine via the search parameter to the default URI. Since there is an user/admin login interface, it's possible for attackers to steal sessions of users and thus admin(s). By sending users an infected URL, code will be executed.
CVSS 6.1