600 matches found
CVE-2019-18383
An issue was discovered on TerraMaster FS-210 4.0.19 devices. One can download backup files remotely from terramasterTNAS-00E43Aconfigbackup.bin without permission...
CVE-2019-18370
An issue was discovered on Xiaomi Mi WiFi R3G devices before 2.28.23-stable. The backup file is in tar.gz format. After uploading, the application uses the tar zxf command to decompress, so one can control the contents of the files in the decompressed directory. In addition, the application's sh...
CVE-2019-18370
The Xiaomi Mi WiFi R3G vulnerability (CVE-2019-18370) affects versions prior to 2.28.23-stable. The backup file (tar.gz) can be manipulated during upload, allowing control of contents in the decompressed directory via tar zxf. Additionally, the sh script used for testing speeds reads URLs from /t...
Prima Systems FlexAir
1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Prima Systems Equipment: FlexAir Vulnerabilities : OS Command Injection, Unrestricted Upload of File with Dangerous Type, Cross-site Request Forgery, Small Space of Random Values, Cross-site...
ChurchCRM Software 3.3.2 Database Disclosure
Exploit Title : ChurchCRM Software 3.3.2 Database Disclosure Author Discovered By : KingSkrupellos Team : Cyberizm Digital Security Army Date : 20/04/2019 Vendor Homepage : churchcrm.io Software Download Link : github.com/ChurchCRM/CRM/releases/download/3.3.2/ChurchCRM-3.3.2.zip Software...
OpenDocMan Document Management System 1.3.5 Database Disclosure
Exploit Title : OpenDocMan Document Management System 1.3.5 Database Disclosure Author Discovered By : KingSkrupellos Team : Cyberizm Digital Security Army Date : 20/04/2019 Vendor Homepage : opendocman.com Software Download Link : opendocman.com/free-download/...
YiiCMS JetBrains PHPStorm 6.0.3 Database Disclosure
Exploit Title : YiiCMS JetBrains PHPStorm 6.0.3 Database Disclosure Author Discovered By : KingSkrupellos Team : Cyberizm Digital Security Army Date : 10/04/2019 Vendor Homepage : jetbrains.com - yiiframework.com Software Download Link : github.com/johannesMatevosyan/yii-cms/archive/master.zip...
NekoCMS 2.5 Database Disclosure
Exploit Title : NekoCMS 2.5 Database Disclosure Author Discovered By : KingSkrupellos Team : Cyberizm Digital Security Army Date : 10/04/2019 Vendor Homepage : osdn.net nekocms.osdn.jp Software Download Link : github.com/novhex/NekoCMS-v2.5/archive/master.zip Software Information Link :...
Joomla FPSS Art Frontpage Slideshow 1.6.0 Database Disclose / SQL Injection
Exploit Title : Joomla FPSS Art Frontpage Slideshow Components 1.6.0 Database Disclosure / Open Redirection / SQL Injection Author Discovered By : KingSkrupellos Team : Cyberizm Digital Security Army Date : 19/01/2019 Vendor Homepage : artetics.com Software Information Link :...
Joomla ZHYandexMap 8.0.0.2 Database Disclosure
Exploit Title : Joomla ZHYandexMap Components 8.0.0.2 Database Disclosure Author Discovered By : KingSkrupellos Team : Cyberizm Digital Security Army Date : 18/01/2019 Vendor Homepage : joomla.org Software Information Link : extensions.joomla.org/extension/zh-yandexmap/ Software Download Link :...
Wordpress CherryFramework Theme Backup File Download Vulnerability
WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. A backup file download vulnerability exists in Wordpress CherryFramework Theme. An attacker can exploit the vulnerability to...
Across DR-810 ROM-0 - Backup File Disclosure
Exploit Title: Across DR-810 ROM-0 Backup - File DisclosureSensitive Information Date: 2019-01-11 Exploit Author: SajjadBnd My Email: [email protected] Vendor Homepage: http://www.ac.i8i.ir/ Version: DR-810 Tested on: DR-810 RomPager/4.07 UPnP/1.0 + About ========== this hardware is a SIM card...
ITAdvisorsNepal 9Qube Testimonials 1.0 Database Disclosure
Exploit Title : ITAdvisorsNepal 9Qube Testimonials Modules 1.0 Database Backup Disclosure Author Discovered By : KingSkrupellos from Cyberizm Digital Security Army Date : 17/12/2018 Vendor Homepage : itadvisorsnepal.com 9qube.com Software Download Link : N/A Tested On : Windows and Linux Category...
WordPress Mirrorwp-Backups 4.8 Database Disclosure
Exploit Title : WordPress Mirrorwp-Backups 4.8 Database Backup Disclosure Author Discovered By : KingSkrupellos from Cyberizm Digital Security Army Date : 17/12/2018 Vendor Homepage : wordpress.org codecanyon.net/tags/wpmirror wpmirrorobj.com Software Download Link : N/A Tested On : Windows and...
WordPress HighStand 4.6.1 Database Disclosure
Exploit Title : WordPress HighStand Themes 4.6.1 Database Backup Disclosure Author Discovered By : KingSkrupellos from Cyberizm Digital Security Army Date : 08/12/2018 Vendor Homepage : wordpress.org Software Download Link :...
WordPress Disqus Comment System 2.87 Database Disclosure
Exploit Title : WordPress Disqus Comment System Plugins 2.87 Database Backup Disclosure Author Discovered By : KingSkrupellos from Cyberizm Digital Security Army Date : 08/12/2018 Vendor Homepage : disqus.com wordpress.org/plugins/disqus-comment-system/ Software Download Link :...
Joomal Migrator 1.5 Database Disclosure
Exploit Title : Joomla ComMigrator Components 1.5 Database Backup Disclosure Author Discovered By : KingSkrupellos from Cyberizm Digital Security Army Date : 08/12/2018 Vendor Homepage : extensions.joomla.org/category/joomla-migration/ Software Download Link : docs.joomla.org/Migration Tested On ...
WordPress Custom-Blocks SypexGeo 1.0 Database Disclosure
Exploit Title : WordPress Custom-Blocks SypexGeo Plugins 1.0 Database Backup Disclosure Author Discovered By : KingSkrupellos from Cyberizm Digital Security Army Date : 08/12/2018 Vendor Homepage : wordpress.org Software Download Link : N/A Tested On : Windows and Linux Category : WebApps Version...
WordPress Jupiter Child 1.0 Database Disclosure
Exploit Title : WordPress Jupiter Child Themes 1.0 Database Backup Disclosure Author Discovered By : KingSkrupellos from Cyberizm Digital Security Army Date : 08/12/2018 Vendor Homepage : themeforest.net/user/artbees + themes.artbees.net/docs/installing-theme-and-child-theme/ Software Download Li...
WordPress Simple-E-Commerce-Shopping-Cart 2.2.5 Database Disclosure
Exploit Title : WordPress Simple-E-Commerce-Shopping-Cart Plugins 2.2.5 Database Backup Disclosure Author Discovered By : KingSkrupellos from Cyberizm Digital Security Army Date : 08/12/2018 Vendor Homepage : wordpress.org/plugins/simple-e-commerce-shopping-cart/ Owner of the Script : Niaz Showke...