Sureshbabu Narvaneni

12 exploits Active since Mar 2018
CVE-2018-9137 EXPLOITDB MEDIUM text WRITEUP
Open-AudIT <2.2 - Code Injection
Open-AudIT before 2.2 has CSV Injection.
CVSS 6.8
EIP-2026-119383 EXPLOITDB text WORKING POC
iWay Data Quality Suite Web Console 10.6.1.ga - XML External Entity Injection
CVE-2018-8814 EXPLOITDB MEDIUM text WORKING POC
WolfCMS 0.8.3.1 - CSRF
Cross-site request forgery (CSRF) vulnerability in WolfCMS 0.8.3.1 allows remote attackers to hijack the authentication of users for requests that modify plugin/[pluginname]/settings by crafting a malicious request.
CVSS 6.5
CVE-2018-8813 EXPLOITDB MEDIUM text WRITEUP
WolfCMS 0.8.3.1 - Open Redirect
Open redirect vulnerability in the login[redirect] parameter login functionality in WolfCMS 0.8.3.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a malformed URL.
CVSS 4.8
CVE-2018-8811 EXPLOITDB HIGH html WORKING POC
OpenCMS 10.5.3 - CSRF
Cross-site request forgery (CSRF) vulnerability in system/workplace/admin/accounts/user_role.jsp in OpenCMS 10.5.3 allows remote attackers to hijack the authentication of administrative users for requests that perform privilege escalation. Note: It is argued that OpenCMS allows only registered users to upload different kind of content artifacts (SVG, .doc, .docx). The uploaded content is stored in the CMS content repository "as is". In case of scripts inside an SVG, this may or may not be "malicious", there is no way of knowing if the uploaded SVG contains the script for a reason. To exploit the "issue", a user must have an account in the CMS as a content manager
CVSS 8.8
CVE-2018-8815 EXPLOITDB MEDIUM text WORKING POC
Alkacon OpenCMS 10.5.3 - XSS
Cross-site scripting (XSS) vulnerability in the gallery function in Alkacon OpenCMS 10.5.3 allows remote attackers to inject arbitrary web script or HTML via a malicious SVG image.
CVSS 4.6
EIP-2026-108759 EXPLOITDB text WORKING POC
Joomla! Component JS Jobs 1.2.0 - Cross-Site Request Forgery
CVE-2018-9183 EXPLOITDB MEDIUM text WRITEUP
Joomsky JS Jobs < 1.2.1 - XSS
The Joom Sky JS Jobs extension before 1.2.1 for Joomla! has XSS.
CVSS 5.4
CVE-2018-9107 EXPLOITDB HIGH text WRITEUP
Acyba AcyMailing <5.9.6 - CSV Injection
CSV Injection (aka Excel Macro Injection or Formula Injection) exists in the export feature in the Acyba AcyMailing extension before 5.9.6 for Joomla! via a value that is mishandled in a CSV export.
CVSS 8.8
CVE-2018-10068 EXPLOITDB MEDIUM text WRITEUP
jDownloads <3.2.59 - XSS
The jDownloads extension before 3.2.59 for Joomla! has XSS.
CVSS 6.1
CVE-2018-9106 EXPLOITDB HIGH text WRITEUP
AcySMS <3.5.1 - CSV Injection
CSV Injection (aka Excel Macro Injection or Formula Injection) exists in the export feature in the Acyba AcySMS extension before 3.5.1 for Joomla! via a value that is mishandled in a CSV export.
CVSS 8.8
CVE-2018-9173 EXPLOITDB MEDIUM text WORKING POC
Get-simple Getsimple Cms - XSS
Cross-site scripting (XSS) vulnerability in admin/template/js/uploadify/uploadify.swf in GetSimple CMS 3.3.13 allows remote attackers to inject arbitrary web script or HTML, as demonstrated by the movieName parameter.
CVSS 6.1