Netsparker - Security Researcher - Exploit Intelligence Platform

CVE-2018-14485 EXPLOITDB CRITICAL text WRITEUP

BlogEngine.NET 3.3 - XML External Entity (XXE)

BlogEngine.NET 3.3 allows XXE attacks via the POST body to metaweblog.axd.

CVSS 9.8

View Code

CVE-2013-5020 EXPLOITDB text WORKING POC

MiniBB <3.0.1 - XSS

Multiple cross-site scripting (XSS) vulnerabilities in bb_admin.php in MiniBB before 3.0.1 allow remote attackers to inject arbitrary web script or HTML via the (1) forum_name, (2) forum_group, (3) forum_icon, or (4) forum_desc parameter. NOTE: the whatus vector is already covered by CVE-2008-2066.

View Code

CVE-2014-6308 EXPLOITDB text WRITEUP

OSClass <3.4.2 - Path Traversal

Directory traversal vulnerability in OSClass before 3.4.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter in a render action to oc-admin/index.php.

View Code

CVE-2018-19782 EXPLOITDB MEDIUM text WRITEUP

FreshRSS 1.11.1 - XSS

Multiple cross-site scripting (XSS) vulnerabilities in GET requests in FreshRSS 1.11.1 allow remote attackers to inject arbitrary web script or HTML via the (1) c parameter or (2) a parameter.

CVSS 6.1

View Code

EIP-2026-105992 EXPLOITDB text WORKING POC

CMS Mini 0.2.2 - 'index.php' Script Cross-Site Scripting

View Code