179 matches found
Vulnerabilities fixed in GitLab CE and EE
Vulnerabilities have been fixed in GitLab Enterprise Edition EE and Community Edition CE. The vulnerabilities can be exploited by a malicious party to gain access to sensitive data, manipulate data without being authorized to do so be authorized, to perform a Cross-Site-Scripting XSS attack or to...
phpIPAM 1.4.5 Remote Code Execution
Exploit Title: phpIPAM 1.4.5 - Remote Code Execution RCE Authenticated Date: 2022-04-10 Exploit Author: Guilherme '@behiNdyk1' Alves Vendor Homepage: https://phpipam.net/ Software Link: https://github.com/phpipam/phpipam/releases/tag/v1.4.5 Version: 1.4.5 Tested on: Linux Ubuntu 20.04.3 LTS...
CVE-2022-27859
Multiple Authenticated contributor or higher user role Stored Cross-Site Scripting XSS vulnerabilities in Nicdark d.o.o. Travel Management plugin = 2.0 at WordPress...
Veeam Backup&Replication Path Traversal Vulnerability
Veeam Backup & Replication is a suite of data protection software from the Swiss company Veeam. The software provides backup, replication and recovery for VMware and Hyper-V VMs, physical and cloud environments. A path traversal vulnerability exists in Veeam Backup & Replication 9.5U3, 9.5U4, 10....
TP-Link WR886N 安全漏洞
TP-Link TL-WR886N is a wireless router from China Pulink.A buffer overflow vulnerability exists in TP-Link TL-WR886N 20190826 2.3.8, which originates from the /cloudconfig/routerpost/modifyaccountpwd function on memory execution An authenticated attacker could use this vulnerability to execute...
CVE-2021-44827
There is remote authenticated OS command injection on TP-Link Archer C20i 0.9.1 3.2 v003a.0 Build 170221 Rel.55462n devices vie the XTPExternalIPv6Address HTTP parameter, allowing a remote attacker to run arbitrary commands on the router with root privileges...
WebHMI 4.1.1 - Remote Code Execution (RCE) (Authenticated)
Exploit Title: WebHMI 4.1.1 - Remote Code Execution RCE Authenticated Date: 03/01/2022 Exploit Author: Antonio Cuomo arkantolo Vendor Homepage: https://webhmi.com.ua/en/ Version: WebHMI 4.1.1.7662 Tested on: WebHMI-4.1.1.7662 !/usr/bin/python import sys import re import argparse import requests...
Home Owners Collection Management System 1.0 - Remote Code Execution Vulnerability
Exploit Title: Home Owners Collection Management System 1.0 - Remote Code Execution RCE Authenticated Exploit Author: Saud Alenazi Vendor Homepage: https://www.sourcecodester.com/ Software Link:...
Chikitsa Patient Management System 2.0.2 - 'backup' Remote Code Execution (RCE) (Authenticated)
Exploit Title: Chikitsa Patient Management System 2.0.2 - 'plugin' Remote Code Execution RCE Authenticated Date: 03/12/2021 Exploit Author: 0z09e https://twitter.com/0z09e Vendor Homepage: https://sourceforge.net/u/dharashah/profile/ Software Link:...
Chikitsa Patient Management System 2.0.2 - 'plugin' Remote Code Execution (RCE) (Authenticated)
Exploit Title: Chikitsa Patient Management System 2.0.2 - Remote Code Execution RCE Authenticated Date: 03/12/2021 Exploit Author: 0z09e https://twitter.com/0z09e Vendor Homepage: https://sourceforge.net/u/dharashah/profile/ Software Link:...
Limesurvey-RCE
Limesurvey-RCE LimeSurvey Authenticated RCE Proof of Conce...
WordPress 跨站脚本漏洞
WordPress is the Wordpress Foundation's set of blogging platforms developed using the PHP language. The platform supports the hosting of personal blog sites on PHP and MySQL servers. WordPress plugin is a WordPress open source application plugin. WordPress Floating Social Media Icon plugin has a...
Froxlor 0.10.29.1 - SQL Injection (Authenticated)
Exploit Title: Froxlor 0.10.29.1 - SQL Injection Authenticated Exploit Author: Martin Cernac Date: 2021-11-05 Vendor: Froxlor https://froxlor.org/ Software Link: https://froxlor.org/download.php Affected Version: 0.10.28, 0.10.29, 0.10.29.1 Patched Version: 0.10.30 Category: Web Application Teste...
Vulnerabilities fixed in Microsoft Office
Microsoft has fixed vulnerabilities in Office products. The vulnerabilities allow a malicious person to carry out attacks execute attacks that lead to the following categories of damage: Remote code execution User Rights Spoofing Access to sensitive data The vulnerability with reference...
Exploit for Expression Language Injection in Atlassian Confluence_Data_Center
PoC exploit for CVE-2021-26084, an OGNL injection vulnerability in Confluence Server and Data Center. The exploit targets Confluence versions prior to 7.12.5, allowing an authenticated user to execute arbitrary code. The exploit is invoked using the ConfluenceOGNLInjection.py script, which takes...
F5 BIG-IP APM和F5 BIG-IP SQL注入漏洞
F5 BIG-IP is an application delivery platform from F5 that integrates network traffic orchestration, load balancing, intelligent DNS, remote access policy management, etc. A SQL injection vulnerability exists in F5 BIG-IP AFM. The vulnerability allows an authenticated attacker to execute maliciou...
CVE-2021-24476
The Steam Group Viewer WordPress plugin through 2.1 does not sanitise or escape its "Steam Group Address" settings before outputting it in the page, leading to an authenticated Stored Cross-Site Scripting issue...
TextPattern CMS 4.9.0-dev - Remote Command Execution (Authenticated) Exploit
Exploit Title: TextPattern CMS 4.9.0-dev - Remote Command Execution RCE Authenticated Exploit Author: Mevlüt Akçam Software Link: https://github.com/textpattern/textpattern Vendor Homepage: https://textpattern.com/ Version: 4.9.0-dev Tested on: 20.04.1-Ubuntu !/usr/bin/python3 import requests fro...
CVE-2020-20253
Mikrotik RouterOs before 6.47 stable tree suffers from a divison by zero vulnerability in the /nova/bin/lcdstat process. An authenticated remote attacker can cause a Denial of Service due to a divide by zero error...
Billing Management System 2.0 - Union based SQL injection (Authenticated) Vulnerability
Exploit Title: Billing Management System 2.0 - Union based SQL injection Authenticated Exploit Author: Mohammad Koochaki Vendor Homepage: https://www.sourcecodester.com/php/14380/billing-management-system-php-mysql-updated.html Software Link:...