ManhNho

16 exploits Active since Apr 2018
CVE-2019-25605 EXPLOITDB HIGH text WORKING POC
EquityPandit 1.0 Insecure Logging Information Disclosure
EquityPandit 1.0 contains an insecure logging vulnerability that allows attackers to capture sensitive user credentials by accessing developer console logs via Android Debug Bridge. Attackers can use adb logcat to extract plaintext passwords logged during the forgot password function, exposing user account credentials.
CVSS 7.5
CVE-2018-11544 EXPLOITDB CRITICAL text WORKING POC
Theolivetree FTP Server - Insufficiently Protected Credentials
The Olive Tree Ftp Server application 1.32 for Android has Insecure Data Storage because a username and password are stored in the /data/data/com.theolivetree.ftpserver/shared_prefs/com.theolivetree.ftpserver_preferences.xml file as the prefUsername and prefUserpass strings.
CVSS 9.8
CVE-2018-9236 EXPLOITDB MEDIUM text WORKING POC
Iscripts Easycreate - XSS
iScripts EasyCreate 3.2.1 has Stored Cross-Site Scripting in the "Site title" field.
CVSS 5.4
CVE-2018-12524 EXPLOITDB MEDIUM text WRITEUP
perfSONAR MaDDash <2.0.2 - Info Disclosure
An issue was discovered in perfSONAR Monitoring and Debugging Dashboard (MaDDash) 2.0.2. A direct request to /lib/ provides a directory listing.
CVSS 5.3
CVE-2018-12523 EXPLOITDB MEDIUM text WRITEUP
perfSONAR MaDDash <2.0.2 - Info Disclosure
An issue was discovered in perfSONAR Monitoring and Debugging Dashboard (MaDDash) 2.0.2. A direct request to /etc/ provides a directory listing.
CVSS 5.3
CVE-2018-12522 EXPLOITDB MEDIUM text WRITEUP
perfSONAR MaDDash <2.0.2 - Info Disclosure
An issue was discovered in perfSONAR Monitoring and Debugging Dashboard (MaDDash) 2.0.2. A direct request to /style/ provides a directory listing.
CVSS 5.3
CVE-2018-10752 EXPLOITDB MEDIUM text WRITEUP
Tagregator - XSS
The Tagregator plugin 0.6 for WordPress has stored XSS via the title field in an Add New action.
CVSS 4.8
CVE-2018-9238 EXPLOITDB MEDIUM text WORKING POC
Yahei Php Prober - XSS
proberv.php in Yahei-PHP Proberv 0.4.7 has XSS via the funName parameter.
CVSS 6.1
CVE-2018-9844 EXPLOITDB MEDIUM text WORKING POC
Iptanus Wordpress File Upload < 4.3.4 - XSS
The Iptanus WordPress File Upload plugin before 4.3.4 for WordPress mishandles Settings attributes, leading to XSS.
CVSS 6.1
CVE-2018-9172 EXPLOITDB MEDIUM text WRITEUP
Iptanus Wordpress File Upload < 4.3.3 - XSS
The Iptanus WordPress File Upload plugin before 4.3.3 for WordPress mishandles shortcode attributes.
CVSS 5.4
CVE-2018-9857 EXPLOITDB MEDIUM text WORKING POC
Match Clone Script - XSS
PHP Scripts Mall Match Clone Script 1.0.4 has XSS via the search field to searchbyid.php (aka the "View Search By Id" screen).
CVSS 6.1
CVE-2018-9235 EXPLOITDB MEDIUM text WORKING POC
Iscripts Sonicbb - XSS
iScripts SonicBB 1.0 has Reflected Cross-Site Scripting via the query parameter to search.php.
CVSS 6.1
CVE-2018-9237 EXPLOITDB MEDIUM text WORKING POC
Iscripts Easycreate - XSS
iScripts EasyCreate 3.2.1 has Stored Cross-Site Scripting in the "Site Description" field.
CVSS 5.4
CVE-2019-9625 EXPLOITDB HIGH text WORKING POC
JBMC DirectAdmin 1.55 - CSRF
JBMC DirectAdmin 1.55 allows CSRF via the /CMD_ACCOUNT_ADMIN URI to create a new admin account.
CVSS 8.8
CVE-2018-12525 EXPLOITDB MEDIUM text WRITEUP
perfSONAR MaDDash <2.0.2 - Info Disclosure
An issue was discovered in perfSONAR Monitoring and Debugging Dashboard (MaDDash) 2.0.2. A direct request to /images/ provides a directory listing.
CVSS 5.3
CVE-2018-11505 EXPLOITDB HIGH text WORKING POC
Werewolf Online - Information Disclosure
The Werewolf Online application 0.8.8 for Android allows attackers to discover the Firebase token by reading logcat output.
CVSS 7.5