Sureshbabu Narvaneni

12 exploits Active since Mar 2018
CVE-2018-25327 EXPLOITDB MEDIUM text WORKING POC
Joomla! Component Js Jobs 1.2.0 Cross-Site Request Forgery
Joomla! Component Js Jobs 1.2.0 contains a cross-site request forgery vulnerability that allows attackers to perform state-changing actions without token validation. Attackers can craft malicious HTML forms targeting administrative endpoints like job.jobenforcedelete to delete job entries or modify component settings when administrators visit attacker-controlled pages.
CVSS 5.3
CVE-2018-9137 EXPLOITDB MEDIUM text WRITEUP
open-audit < 2.1 - CSV Injection
Open-AudIT before 2.2 has CSV Injection.
CVSS 6.8
EIP-2026-119383 EXPLOITDB text WORKING POC
iWay Data Quality Suite Web Console 10.6.1.ga - XML External Entity Injection
CVE-2018-8814 EXPLOITDB MEDIUM text WORKING POC
WolfCMS 0.8.3.1 - Cross-Site Request Forgery in Plugin Settings
Cross-site request forgery (CSRF) vulnerability in WolfCMS 0.8.3.1 allows remote attackers to hijack the authentication of users for requests that modify plugin/[pluginname]/settings by crafting a malicious request.
CVSS 6.5
CVE-2018-8813 EXPLOITDB MEDIUM text WRITEUP
WolfCMS 0.8.3.1 - Open Redirect via Login Redirect Parameter
Open redirect vulnerability in the login[redirect] parameter login functionality in WolfCMS 0.8.3.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a malformed URL.
CVSS 4.8
CVE-2018-8815 EXPLOITDB MEDIUM text WORKING POC
Alkacon OpenCMS 10.5.3 - Cross-Site Scripting via SVG Image in Gallery Function
Cross-site scripting (XSS) vulnerability in the gallery function in Alkacon OpenCMS 10.5.3 allows remote attackers to inject arbitrary web script or HTML via a malicious SVG image.
CVSS 4.6
CVE-2018-8811 EXPLOITDB HIGH html WORKING POC
OpenCMS 10.5.3 - Cross-Site Request Forgery in User Role Management
Cross-site request forgery (CSRF) vulnerability in system/workplace/admin/accounts/user_role.jsp in OpenCMS 10.5.3 allows remote attackers to hijack the authentication of administrative users for requests that perform privilege escalation. Note: It is argued that OpenCMS allows only registered users to upload different kind of content artifacts (SVG, .doc, .docx). The uploaded content is stored in the CMS content repository "as is". In case of scripts inside an SVG, this may or may not be "malicious", there is no way of knowing if the uploaded SVG contains the script for a reason. To exploit the "issue", a user must have an account in the CMS as a content manager
CVSS 8.8
CVE-2018-9183 EXPLOITDB MEDIUM text WRITEUP
Joom Sky JS Jobs < 1.2.1 - Cross-Site Scripting
The Joom Sky JS Jobs extension before 1.2.1 for Joomla! has XSS.
CVSS 5.4
CVE-2018-10068 EXPLOITDB MEDIUM text WRITEUP
jdownloads < 3.2.59 - Cross-Site Scripting
The jDownloads extension before 3.2.59 for Joomla! has XSS.
CVSS 6.1
CVE-2018-9106 EXPLOITDB HIGH text WRITEUP
Acyba AcySMS < 3.5.0 - CSV Injection via Export Feature
CSV Injection (aka Excel Macro Injection or Formula Injection) exists in the export feature in the Acyba AcySMS extension before 3.5.1 for Joomla! via a value that is mishandled in a CSV export.
CVSS 8.8
CVE-2018-9107 EXPLOITDB HIGH text WRITEUP
Acyba AcyMailing <5.9.6 - CSV Injection
CSV Injection (aka Excel Macro Injection or Formula Injection) exists in the export feature in the Acyba AcyMailing extension before 5.9.6 for Joomla! via a value that is mishandled in a CSV export.
CVSS 8.8
CVE-2018-9173 EXPLOITDB MEDIUM text WORKING POC
GetSimple CMS 3.3.13 - Cross-Site Scripting via uploadify.swf movieName Parameter
Cross-site scripting (XSS) vulnerability in admin/template/js/uploadify/uploadify.swf in GetSimple CMS 3.3.13 allows remote attackers to inject arbitrary web script or HTML, as demonstrated by the movieName parameter.
CVSS 6.1