ManhNho

16 exploits Active since Apr 2018
CVE-2019-25605 EXPLOITDB HIGH text WORKING POC
EquityPandit 1.0 Insecure Logging Information Disclosure
EquityPandit 1.0 contains an insecure logging vulnerability that allows attackers to capture sensitive user credentials by accessing developer console logs via Android Debug Bridge. Attackers can use adb logcat to extract plaintext passwords logged during the forgot password function, exposing user account credentials.
CVSS 7.5
CVE-2018-11544 EXPLOITDB CRITICAL text WORKING POC
The Olive Tree Ftp Server 1.32 - Insufficiently Protected Credentials in Shared Preferences
The Olive Tree Ftp Server application 1.32 for Android has Insecure Data Storage because a username and password are stored in the /data/data/com.theolivetree.ftpserver/shared_prefs/com.theolivetree.ftpserver_preferences.xml file as the prefUsername and prefUserpass strings.
CVSS 9.8
CVE-2018-9236 EXPLOITDB MEDIUM text WORKING POC
iScripts EasyCreate 3.2.1 - Stored Cross-Site Scripting via Site Title Field
iScripts EasyCreate 3.2.1 has Stored Cross-Site Scripting in the "Site title" field.
CVSS 5.4
CVE-2018-12524 EXPLOITDB MEDIUM text WRITEUP
perfSONAR MaDDash <2.0.2 - Info Disclosure
An issue was discovered in perfSONAR Monitoring and Debugging Dashboard (MaDDash) 2.0.2. A direct request to /lib/ provides a directory listing.
CVSS 5.3
CVE-2018-12523 EXPLOITDB MEDIUM text WRITEUP
perfSONAR MaDDash <2.0.2 - Info Disclosure
An issue was discovered in perfSONAR Monitoring and Debugging Dashboard (MaDDash) 2.0.2. A direct request to /etc/ provides a directory listing.
CVSS 5.3
CVE-2018-12522 EXPLOITDB MEDIUM text WRITEUP
perfSONAR MaDDash <2.0.2 - Info Disclosure
An issue was discovered in perfSONAR Monitoring and Debugging Dashboard (MaDDash) 2.0.2. A direct request to /style/ provides a directory listing.
CVSS 5.3
CVE-2018-10752 EXPLOITDB MEDIUM text WRITEUP
Tagregator 0.6 - Stored Cross-Site Scripting via Title Field
The Tagregator plugin 0.6 for WordPress has stored XSS via the title field in an Add New action.
CVSS 4.8
CVE-2018-9238 EXPLOITDB MEDIUM text WORKING POC
Yahei-PHP Proberv 0.4.7 - Cross-Site Scripting via funName Parameter
proberv.php in Yahei-PHP Proberv 0.4.7 has XSS via the funName parameter.
CVSS 6.1
CVE-2018-9844 EXPLOITDB MEDIUM text WORKING POC
Iptanus WordPress File Upload < 4.3.4 - Cross-Site Scripting via Settings Attributes
The Iptanus WordPress File Upload plugin before 4.3.4 for WordPress mishandles Settings attributes, leading to XSS.
CVSS 6.1
CVE-2018-9172 EXPLOITDB MEDIUM text WRITEUP
Iptanus WordPress File Upload < 4.3.3 - Cross-Site Scripting via Shortcode Attributes
The Iptanus WordPress File Upload plugin before 4.3.3 for WordPress mishandles shortcode attributes.
CVSS 5.4
CVE-2018-9857 EXPLOITDB MEDIUM text WORKING POC
Match Clone Script 1.0.4 - Cross-Site Scripting via Search Field
PHP Scripts Mall Match Clone Script 1.0.4 has XSS via the search field to searchbyid.php (aka the "View Search By Id" screen).
CVSS 6.1
CVE-2018-9235 EXPLOITDB MEDIUM text WORKING POC
iScripts SonicBB 1.0 - Reflected Cross-Site Scripting via Search Query Parameter
iScripts SonicBB 1.0 has Reflected Cross-Site Scripting via the query parameter to search.php.
CVSS 6.1
CVE-2018-9237 EXPLOITDB MEDIUM text WORKING POC
iScripts EasyCreate 3.2.1 - Stored Cross-Site Scripting in Site Description Field
iScripts EasyCreate 3.2.1 has Stored Cross-Site Scripting in the "Site Description" field.
CVSS 5.4
CVE-2019-9625 EXPLOITDB HIGH text WORKING POC
DirectAdmin 1.55 - Cross-Site Request Forgery via CMD_ACCOUNT_ADMIN URI
JBMC DirectAdmin 1.55 allows CSRF via the /CMD_ACCOUNT_ADMIN URI to create a new admin account.
CVSS 8.8
CVE-2018-12525 EXPLOITDB MEDIUM text WRITEUP
perfSONAR MaDDash <2.0.2 - Info Disclosure
An issue was discovered in perfSONAR Monitoring and Debugging Dashboard (MaDDash) 2.0.2. A direct request to /images/ provides a directory listing.
CVSS 5.3
CVE-2018-11505 EXPLOITDB HIGH text WORKING POC
Werewolf Online 0.8.8 - Exposure of Firebase Token via Logcat Output
The Werewolf Online application 0.8.8 for Android allows attackers to discover the Firebase token by reading logcat output.
CVSS 7.5