26 matches found
MilleGPG5 5.9.2 Local Privilege Escalation
Exploit Title: MilleGPG5 5.9.2 Gennaio 2023 - Local Privilege Escalation / Incorrect Access Control Date: 2023-04-28 Exploit Author: Andrea Intilangelo Vendor Homepage: https://millegpg.it/ Software Homepage: https://millegpg.it - https://millewin.it/prodotti/governo-clinico-3/ Software Link:...
sherlock SherlockIM 跨站脚本漏洞
sherlock SherlockIM is an application from sherlock USA. It is used to manage various conversations with customers in WhatsApp. Sherlock SherlockIM through 2021-03-29 A cross-site scripting vulnerability exists, which can be exploited by an attacker to attach URIs to api files...
CVE-2020-5505
Freelancy v1.0.0 allows remote command execution via the "file":"data:application/x-php;base64 substring in conjunction with "type":"application/x-php" to the /api/files/ URI...
Freelancy 1.0.0 Remote Code Execution
Exploit Title: Freelancy - Freelance Management App v1.0.0 - RCE Authenticated Arbitrary File Download Date: 03-01-2019 Exploit Author: Ismail Tasdelen Vendor Homepage: https://vaaip.com/ Software Link: https://codecanyon.net/item/freelancy-freelance-project-management-application/25288636...
Elasticsearch files access
snapshot API files access...
CVE-2013-4302
1 ApiBlock.php, 2 ApiCreateAccount.php, 3 ApiLogin.php, 4 ApiMain.php, 5 ApiQueryDeletedrevs.php, 6 ApiTokens.php, and 7 ApiUnblock.php in includes/api/ in MediaWiki 1.19.x before 1.19.8, 1.20.x before 1.20.7, and 1.21.x before 1.21.2 allow remote attackers to obtain CSRF tokens and bypass the...