CVE-2020-17451

flatCore before 1.5.7 allows XSS by an admin via the acp/acp.php?tn=pages&sub=edit&editpage=1 pagelinkname, pagetitle, pagecontent, or pageextracontent parameter, or the acp/acp.php?tn=system&sub=syspref prefspagename, prefspagetitle, or prefspagesubtitle parameter...

Baldr Botnet Panel Shell Upload Exploit

This module exploits an arbitrary file upload vulnerability within the Baldr stealer malware control panel when uploading victim log files which are uploaded as ZIP files. Attackers can turn this vulnerability into an RCE by first registering a new bot to the panel and then uploading a ZIP file...

CVE-2020-15612 — CentOS Web Panel Authentication Bypass/RCE

This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajaxftpmanager.php. When parsing the userLogin parameter, the process...

Unauthorized Access Vulnerability in websoft9 Control Panel of Changsha Netjou Software Co.

Websoft9 is an open source project dedicated to simplifying the installation and deployment of open source web applications. Hundreds of open source software have been sorted and categorized, security settings, performance optimization and Chinese, and released to mainstream public cloud platform...

Online Polling System 1.0 - Authentication Bypass Vulnerability

Exploit for php platform in category web applications Exploit Title: Online Polling System 1.0 - Authentication Bypass Author: AppleBois Version: NULL Software Link: https://www.sourcecodester.com/php/14330/online-polling-system.html Administration Control Panel || Authentication Bypass...

Online Polling System 1.0 - Authentication Bypass

Exploit Title: Online Polling System 1.0 - Authentication Bypass Date: 2020-07-20 Author: AppleBois Version: NULL Software Link: https://www.sourcecodester.com/php/14330/online-polling-system.html Administration Control Panel || Authentication Bypass Unthenticated User perform SQL Injection bypas...

D-Link DSL-2750U Access Control Error Vulnerability

The D-Link DSL-2750U is a wireless router from AUO D-Link of Taiwan, China. An access control error vulnerability exists in the D-link DSL-2750U ISL2750UEME version 3.V1E, which can be exploited by an attacker to gain access to the control panel for approximately 90 seconds when the device is...

Online Polling System SQL Injection

Exploit Title: Online Polling System Authentication Bypass SQL Injection Date: July 2020 Author: AppleBois Version: NULL Software Link: https://www.sourcecodester.com/php/14330/online-polling-system.html Administration Control Panel || Authentication Bypass Unthenticated User perform SQL Injectio...

NVIDIA Windows GPU Display Driver (June 2020)

A display driver installed on the remote Windows host is affected by multiple vulnerabilities: - A privilege escalation vulnerability exists in the Control Panel component. An authenticated, local attacker can exploit this via corrupting a system file, to gain privileged access to the system or...

Unspecified Vulnerability in NVIDIA Windows GPU Display Driver NVIDIA Control Panel

NVIDIA Windows GPU Display Driver is a graphics processor GPU graphics card driver from NVIDIA dedicated to the Windows platform.NVIDIA Control Panel is one of the NVIDIA Control Panels. A security vulnerability exists in the NVIDIA Control Panel component of the NVIDIA Windows GPU Display Driver...

CVE-2020-5962

NVIDIA Windows GPU Display Driver, all versions, contains a vulnerability in the NVIDIA Control Panel component, in which an attacker with local system access can corrupt a system file, which may lead to denial of service or escalation of privileges...

CVE-2020-5962

NVIDIA Windows GPU Display Driver, all versions, contains a vulnerability in the NVIDIA Control Panel component, in which an attacker with local system access can corrupt a system file, which may lead to denial of service or escalation of privileges...

Design/Logic Flaw

NVIDIA Windows GPU Display Driver, all versions, contains a vulnerability in the NVIDIA Control Panel component, in which an attacker with local system access can corrupt a system file, which may lead to denial of service or escalation of privileges...

CVE-2020-13150

D-link DSL-2750U ISL2750UEME3.V1E devices allow approximately 90 seconds of access to the control panel, after a restart, before MAC address filtering rules become active...

CVE-2020-13150

D-link DSL-2750U ISL2750UEME3.V1E devices allow approximately 90 seconds of access to the control panel, after a restart, before MAC address filtering rules become active...

We-Com OpenData CMS 2.0 SQL Injection

Exploit Title: We-com OpenData CMS 2.0 Authentication Bypass / SQL Injection Google Dork:N/A Date: 2020-04-17 Exploit Author: @ThelastVvV Vendor Homepage: https://www.we-com.it/ Version: 2.0 Tested on: 5.5.0-kali1-amd64 --------------------------------------------------------- Vendor contact...

Plesk/myLittleAdmin - ViewState .NET Deserialization Exploit

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule VIEWSTATEGENERATOR = 'CA0B0334'.freeze VIEWSTATEVALIDATIONKEY = "\x5c\x7e\xef\x66\x50\x63\x9d\x2c\xb8\xfa\xa0\xda\x36\xaf\x24\x45\x2d\xcf" ...

Plesk/myLittleAdmin ViewState .NET Deserialization

This module exploits a ViewState .NET deserialization vulnerability in web-based MS SQL Server management tool myLittleAdmin, for version 3.8 and likely older versions, due to hardcoded parameters in the web.config file for ASP.NET. Popular web hosting control panel Plesk offers myLittleAdmin as ...

Anubis Malware Upgrade Logs When Victims Look at Their Screens

The Anubis malware, which threat actors use to persistently attack Google’s Android-based smartphones, is set to evolve once again, this time adding a feature that allows the malware to identify if a victim is looking at his or her screen. The new feature is one of several that haven’t been...

Vesta Control Panel Elevation of Privilege Vulnerability

Vesta Control Panel VestaCP is an open source web hosting control panel. A security vulnerability exists in Vesta Control Panel 0.9.8-26 and earlier versions. The vulnerability can be exploited by an attacker to gain root privileges on the system with the help of v-change-user-password user...