[FD] CVE-2019-18346 Cross-Site Request Forgery (CSRF) vulnerability in DAViCal CalDAV Server

Original text at: https://hackdefense.com/publications/cve-2019-18346-davical-caldav-server-vulnerability/ At HackDefense, we were evaluating various calendaring solutions, and during installation and configuration of DAViCal we discovered three (severe) vulnerabilities. We reported these

[FD] CVE-2019-18347 Persistent Cross-Site Scripting (XSS) vulnerability in DAViCal CalDAV Server

Original text at: https://hackdefense.com/publications/cve-2019-18347-davical-caldav-server-vulnerability/ At HackDefense, we were evaluating various calendaring solutions, and during installation and configuration of DAViCal we discovered three (severe) vulnerabilities. We reported these

[FD] CVE-2019-18345 Reflected Cross-Site Scripting (XSS) vulnerability in DAViCal CalDAV Server

Original text at: https://hackdefense.com/publications/cve-2019-18345-davical-caldav-server-vulnerability/ At HackDefense, we were evaluating various calendaring solutions, and during installation and configuration of DAViCal we discovered three (severe) vulnerabilities. We reported these

[FD] BigBlueButton - Stored XSS in username (CVE-2022-31064)

CVE-2022-31064 - Stored Cross-Site Scripting in BigBlueButton. = Exploit Title: Stored Cross-Site Scripting (XSS) in BigBlueButton Product: BigBlueButton Vendor: BigBlueButton Vulnerable Versions: 2.3, <2.4.8, <2.5.0 Tested Version: 2.4.7 Advisory Publication: Jun

[FD] CVE-2023-28130 - Hostname injection leads to Remote Code Execution RCE (Authenticated)

= Exploit Title: Hostname injection leads to Remote Code Execution RCE (Authenticated) Product: Gaia Portal Vendor: Checkpoint Vulnerable Versions: R81.20 < Take 14, R81.10 < Take 95, R81 < Take 82 and R80.40 < Take 198 Tested Version: R81.10 (take 335) Advisory