EUVD-2019-0169

Malware in sbrugna...

CVE-2022-43782

Affected versions of Atlassian Crowd allow an attacker to authenticate as the crowd application via security misconfiguration and subsequent ability to call privileged endpoints in Crowd's REST API under the usermanagement path. This vulnerability can only be exploited by IPs specified under the...

Crowd DC Critical Security Misconfiguration Vulnerability - CVE-2022-43782

Affected versions of Atlassian Crowd allow an attacker to authenticate as the crowd application via security misconfiguration and call privileged endpoints in Crowd's REST API under the usermanagement path. This vulnerability can only be exploited by IPs specified under the crowd application...

iTop Remote Command Execution Exploit

!/usr/bin/env ruby Exploit Title: iTop p...

CVE-2021-44892

A Remote Code Execution RCE vulnerability exists in ThinkPHP 3.x.x via valuefilename in index.php, which could let a malicious user obtain server control privileges...

Remote code execution

A Remote Code Execution RCE vulnerability exists in ThinkPHP 3.x.x via valuefilename in index.php, which could let a malicious user obtain server control privileges...

CVE-2019-14901

A heap overflow flaw was found in the Linux kernel, all versions 3.x.x and 4.x.x before 4.18.0, in Marvell WiFi chip driver. The vulnerability allows a remote attacker to cause a system crash, resulting in a denial of service, or execute arbitrary code. The highest threat with this vulnerability ...

Design/Logic Flaw

A flaw was found in the Linux kernel's Bluetooth implementation of UART, all versions kernel 3.x.x before 4.18.0 and kernel 5.x.x. An attacker with local access and write permissions to the Bluetooth hardware could use this flaw to issue a specially crafted ioctl function call and cause the syste...

Opencart 3.x - Cross-Site Scripting Vulnerability

Exploit for php platform in category web applications Exploit Title: Opencart 3.x.x Authenticated Stored XSS Exploit Author: Nipun Somani Author Web: http://thehackerstore.net Vendor Homepage: https://www.opencart.com/ Software Link: https://github.com/opencart/opencart Version: 3.x.x Tested on:...

Opencart 3.x - Cross-Site Scripting

Exploit Title: Opencart 3.x.x Authenticated Stored XSS Date: 08/15/2019 Exploit Author: Nipun Somani Author Web: http://thehackerstore.net Vendor Homepage: https://www.opencart.com/ Software Link: https://github.com/opencart/opencart Version: 3.x.x Tested on: Debian 9, Windows 10 x64 CVE :...

Upgrading Crowd via XML Data Transfer reactivate disabled user from OpenLDAP - CVE-2019-20902

h3. Issue Summary Upgrading Crowd via XML Data Transfer can reactivate a disabled user from OpenLDAP. h3. Environment Crowd 3.x.x OpenLDAP h3. Steps to Reproduce Install Crowd 3.1.1 and connect with OpenLDAP directory. Synchronise the OpenLDAP directory. Disable one of the user from OpenLDAP...

Remote Code Execution in pg

Affected versions of pg contain a remote code execution vulnerability that occurs when the remote database or query specifies a crafted column name. There are two specific scenarios in which it is likely for an application to be vulnerable: 1. The application executes unsafe, user-supplied sql...

LimeSurvey 2.6.x < 2.6.7, 2.7x.x < 2.73.1, 3.x.x < 3.4.2 File Disclosure Vulnerability

LimeSurvey mishandles application/controller/InstallerController.php after installation, which allows remote attackers to access the configuration file. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the...

CVE-2018-6200

vBulletin 3.x.x and 4.2.x through 4.2.5 has an open redirect via the redirector.php url parameter...

Open redirect

vBulletin 3.x.x and 4.2.x through 4.2.5 has an open redirect via the redirector.php url parameter...

Apps industrial OT over Server: Anti-Web Remote Command Execution(CVE-2017-17888)

Exploit Title: Apps industrial OT over Server: "Anti-Web 3.x.x 3.8.x" vuln: Remote Command Execution Date: 15/05/2017 Exploit Author: Fernandez Ezequiel @capitanalfa && Bertin Jose @bertinjoseb Vendor: Multiples vendors Category: Industrial OT webapps + DESCRIPTION: vulnerability: RCE REMOTE...

ApPHP Hotel Site 3.x.x SQL Injection

ApPHP Hotel site SQLi Vulnerability ApPHP Hotel Site is an Hotel application programs using PHP Language. title : ApPHP Hotel Site v.3.x.x. godork : ".php?pid=" "ApPHP Hotel Site" Affected version : v.3.x.x tested site : http://www.hotelbran.com/index.php?pid=%27null python sqlmap.py -u...

WHMCompleteSolution (cart.php) 3.x.x - 4.0.x Local File Disclosure

No description provided by source. Title : WHMCompleteSolution cart.php Local File Disclosure Author : Lagripe-Dz Product : WHMCS WHMCompleteSolution Vendor : http://whmcs.com/ Date : 10/01/2011 Version : 3.x.x , 4.0.x Tested on : linux+apache...

Linux 2.6.37-3.x.x PERF_EVENTS - Local Root Exploit

No description provided by source. / linux 2.6.37-3.x.x x8664, 100 LOC gcc-4.6 -O2 semtex.c && ./a.out 2010 [email protected], salut! update may 2013: seems like centos 2.6.32 backported the perf bug, lol. jewgold to 115T6jzGrVMgQ2Nt1Wnua7Ch1EuL9WXT2g if you insist. / define GNUSOURCE 1 include...

WHMCS 3.x.x (clientarea.php) Local File Disclosure

No description provided by source. Title : WHMCS clientarea.php Local File Disclosure Author : Red Virus [email protected] Product : WHMCS WHMCompleteSolution Vendor : http://whmcs.com/ Date : 11/04/2011 Version : 3.X.x Tested on : linux+apache Homepage : www.alm3refh.com...