AZL-37087 CVE-2024-2004 affecting package cmake for versions less than 3.30.3-2

When a protocol selection parameter option disables all protocols without adding any then the default set of protocols would remain in the allowed set due to an error in the logic for removing protocols. The below command would perform a request to curl.se with a plaintext protocol which has been...

Usage of disabled protocol

When a protocol selection parameter option disables all protocols without adding any then the default set of protocols would remain in the allowed set due to an error in the logic for removing protocols. The below command would perform a request to curl.se with a plaintext protocol which has been...

Ultimate Member 2.1.3 - 2.8.2 - Unauthenticated SQL Injection

Description The plugin does not sanitize and escape the sorting parameter before using it in a SQL statement, allowing unauthenticated users to perform SQL injection attacks when the "Enable custom table for usermeta" option is enabled. PoC Requirement: "Enable custom table for usermeta" option t...

Ultimate Member 2.1.3 - 2.8.2 - Unauthenticated SQL Injection

Description The plugin does not sanitize and escape the sorting parameter before using it in a SQL statement, allowing unauthenticated users to perform SQL injection attacks when the "Enable custom table for usermeta" option is enabled. Requirement: "Enable custom table for usermeta" option to be...

Login as User or Customer <= 3.8 - Admin Account Takeover

Description The plugin does not prevent users to log in as any other user on the site. 1. As an admin, log in as some user. Note the user ID. 2. Run the following curl command, filling in the ADMINID and the USERID: curl -v https://example.com/wp-admin/admin-ajax.php -H 'Cookie:...

CVE-2023-38995

An issue in SCHUHFRIED v.8.22.00 allows remote attacker to obtain the database password via crafted curl command...

SCHUHFRIED Security Vulnerabilities

SCHUHFRIED is a psychometric testing system from the Austrian company SCHUHFRIED. A security vulnerability exists in SCHUHFRIED version v.8.22.00, which originated from a vulnerability that allows remote attackers to obtain database passwords via a specially crafted curl command...

CVE-2023-38995

An issue in SCHUHFRIED v.8.22.00 allows remote attacker to obtain the database password via crafted curl command...

CVE-2023-38995

An issue in SCHUHFRIED v.8.22.00 allows remote attacker to obtain the database password via crafted curl command...

The vulnerability lies in the implementation of the TLS protocol in the cURL command-line utility. This allows a hacker to circumvent security restrictions and gain unauthorized access to protected information.

The vulnerability of the TLS protocol’s command-line utility cURL stems from an erroneous preservation of the session identifier due to lack of verification of certificate revocation. Exploiting this vulnerability allows a malicious actor to circumvent security restrictions and gain unauthorized...

Exploit for CVE-2023-47400

CVE-2023-47400 Proof of Concept for the CVE-2023-47400 Aut...

Backup Migration < 1.3.8 - Unauthenticated RCE

Description The plugin is vulnerable to Remote Code Execution via the /includes/backup-heart.php file. This is due to an attacker being able to control the values passed to an include, and subsequently leverage that to achieve remote code execution. This makes it possible for unauthenticated...

Popup Builder < 4.2.3 - Unauthenticated Stored XSS

Description The plugin does not prevent simple visitors from updating existing popups, and injecting raw JavaScript in them, which could lead to Stored XSS attacks. 1 Create a popup using the plugin 2 Run the following curl command, switching $POPUPID with that popup's ID: curl --url...

WP Fastest Cache < 1.2.2 - Unauthenticated SQL Injection

Description The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by unauthenticated users. 1. Visit WP Fastest Cache Settings. Ensure "Cache System" is enabled, and "Logged-in Users" is disabled. Click "Submit" at...

Use After Free

vim is vulnerable to Use After Free. An attacker could exploit this vulnerability by tricking a user into opening a malicious URL or by sending a specially crafted HTTP request to a vulnerable web server. The request would contain a specially crafted curl command that would cause the curl library...

Exploit for Server-Side Request Forgery in Rbaskets Request_Baskets

This is a PoC exploit for CVE-2023-27163, a remote code executio...

Exploit for Out-of-bounds Write in Haxx Libcurl

CVE-2023-38545 POC for the curl command line tool This POC i...

The vulnerability of the implementation of the SOCKS5 protocol in the command-line utility cURL allows a hacker to trigger a service failure or execute arbitrary code.

The vulnerability of the SOCKS5 protocol implementation in the CURL command-line utility is related to the issue of the operation going beyond the buffer boundaries when processing the hostname length. Exploiting this vulnerability allows a remote attacker to cause service failures or execute...

Improper Encoding

firefox is vulnerable to Improper Encoding. The vulnerability exists due to improperly validating curl command which allows an attacker to cause unintended behavior in smart contracts that rely on the sender's accurate identification...

Maltrail 0.53 Remote Code Execution

Exploit Title: Maltrail v0.53 - Unauthenticated Remote Code Execution RCE Exploit Author: Iyaad Luqman K init6 Application: Maltrail v0.53 Tested on: Ubuntu 22.04 CVE: CVE-2023-27163 PoC import sys; import os; import base64; def main: listeningIP = None listeningPORT = None targetURL = None if...