933 matches found
Bolt Directory Traversal Vulnerability
Bolt is a simple CMS written in PHP. A directory traversal vulnerability exists in Controller/Backend/FileEditController.php and Controller/Backend/FilemanagerController.php in versions of Bolt prior to 4.1.13. No detailed vulnerability details are provided at this time...
School File Management System 1.0 - 'multiple' Stored Cross-Site Scripting
Exploit Title: School File Management System 1.0 - 'multiple' Stored Cross-Site Scripting Date: 2021-02-11 Exploit Author: Pintu Solanki Vendor Homepage: https://www.sourcecodester.com/ Software Link: https://www.sourcecodester.com/php/14155/school-file-management-system.html Software: : School...
ToRat - A Remote Administation Tool Written In Go Using Tor As A Transport Mechanism And RPC For Communication
A Cross Platform Remote Administration tool written in Go using Tor as its transport mechanism currently supporting Windows, Linux, MacOS clients. How to How to use ToRat Preview Current Features RPC Remote procedure Call based communication for easy addition of new functionallity Automatic upx...
Secure File Manager < 2.8.2 - Authenticated Remote Command Execution
The Secure File Manager uses the elFinder libraries in an insecure way, allowing authenticated users to execute arbitrary file management commands. v2.6 attempted to fix the issue by adding a CSRF nonce, however the nonce is displayed for all users in the Dashboard via the Secure File Manager men...
PCWT - A Web Application That Makes It Easy To Run Your Pentest And Bug Bounty Projects
A web application that makes it easy to run your pentest and bug bounty projects. Description The app provides a convenient web interface for working with various types of files that are used during the pentest, automate port scan and subdomain search. Main page Project settings Domains dashboard...
Basecamp: User can upload files even after closing his account
Summary: =========================== Hello @basecamp This is my first report on your program and I hope to end well : . I was testing https://app.hey.com/ and I my account has been closed, so I back to the requests history, and I tried to send these requests even my account closed. and I found th...
[SECURITY] Fedora 31 Update: python-flask-admin-1.5.6-1.fc31
Flask-Admin is advanced, extensible and simple to use administrative interf ace building extension for Flask framework. It comes with batteries included: model scaffolding for SQLAlchemy, MongoEngine, MongoDB and Peewee ORMs, simple file management interface and a lot of usage samples. You're not...
[SECURITY] Fedora 32 Update: python-flask-admin-1.5.6-1.fc32
Flask-Admin is advanced, extensible and simple to use administrative interf ace building extension for Flask framework. It comes with batteries included: model scaffolding for SQLAlchemy, MongoEngine, MongoDB and Peewee ORMs, simple file management interface and a lot of usage samples. You're not...
Fedora: Security Advisory for python-flask-admin (FEDORA-2020-e8f384af5f)
The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
File Management System 1.1 Cross Site Scripting
Exploit Title: File Management System 1.1 - Persistent Cross-Site Scripting Date: 2020-06-30 Exploit Author: KeopssGroup0day,Inc Vendor Homepage: https://www.sourcecodester.com/download-code?nid=13333&title=File+Management+System+Very+Complete+Using+PHP%2FMySQLi+version+1.1 Software Link:...
Unspecified Vulnerability in Monsta FTP
Monsta FTP is a lightweight file manager from Monsta New Zealand. It supports file transfer, file management and document editing. A security vulnerability exists in Monsta FTP 2.10.1 and earlier versions, which originates from an external user being able to control the paths used in file system...
Monsta FTP Server-Side Request Forgery Vulnerability
Monsta FTP is a lightweight file manager from Monsta New Zealand. It supports file transfer, file management and document editing. A server-side request forgery vulnerability exists in Monsta FTP 2.10.1 and earlier versions, which stems from the program's insufficient restriction of Web crawling...
Monsta FTP Cross-Site Scripting Vulnerability
Monsta FTP is a lightweight file manager from Monsta New Zealand. It supports file transfer, file management and document editing. A cross-site scripting vulnerability exists in Monsta FTP 2.10.1 and earlier versions, which can be exploited by attackers to inject arbitrary web script or HTML...
June 9, 2020—KB4561649 (OS Build 10240.18608)
June 9, 2020—KB4561649 OS Build 10240.18608 For more information about the various types of Windows updates, such as critical, security, driver, service packs, and so on, please see the following article. Highlights Updates to improve security when using Internet Explorer. Updates to improve...
April 14, 2020—KB4549951 (OS Builds 18362.778 and 18363.778) - EXPIRED
April 14, 2020—KB4549951 OS Builds 18362.778 and 18363.778 - EXPIRED NEW 8/5/21 EXPIRATION NOTICEIMPORTANT As of 8/5/2021, this KB is no longer available from Windows Update, the Microsoft Update Catalog, or other release channels. We recommend that you update your devices to the latest security...
School File Management System 1.0 SQL Injection
Exploit Title: School File Management System 1.0 - 'username' SQL Injection Date: 2020-05-04 Exploit Author: Tarun Sehgal Vendor Homepage: https://www.sourcecodester.com/php/14155/school-file-management-system.html Software Link:...
School File Management System 1.0 - 'username' SQL Injection
Exploit Title: School File Management System 1.0 - 'username' SQL Injection Date: 2020-05-04 Exploit Author: Tarun Sehgal Vendor Homepage: https://www.sourcecodester.com/php/14155/school-file-management-system.html Software Link:...
iCATCH DVR Access Control Error Vulnerability
The iCATCH DVR is a digital video recorder DVR from China Desirable International iCATCH. A security vulnerability exists in the firmware of iCATCH DVR prior to version 20200103, which stems from the lack of proper access control in the file management interface. An attacker can exploit the...
CVE-2020-10513 iCatch DVR - Broken Access Control
The file management interface of iCatch DVR firmware before 20200103 contains broken access control which allows the attacker to remotely manipulate arbitrary file...
CVE-2019-6477
A flaw was found in the way bind limited the number of TCP clients that can be connected at any given time. A remote attacker could use one TCP client to send a large number of DNS requests over a single connection, causing exhaustion of the pool of file descriptors available to named, and...