taskhub 2.8.7 - SQL Injection

Exploit Title: taskhub 2.8.7 - SQL Injection Exploit Author: CraCkEr Date: 05/09/2023 Vendor: Infinitie Technologies Vendor Homepage: https://www.infinitietech.com/ Software Link: https://codecanyon.net/item/taskhub-project-management-finance-crm-tool/25685874 Demo: https://taskhub.company/auth...

CVE-2024-22455

Dell Mobility - E-Lab Navigator (versions 3.1.9 and 3.2.0) contains an Authorization Bypass Through User-Controlled Key vulnerability. Multiple connected sources describe an Insecure Direct Object Reference in Feedback submission that could allow an unauthenticated, locally positioned attacker to...

Design/Logic Flaw

phpMyFAQ is an Open Source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. The 'sharing FAQ' functionality allows any unauthenticated actor to misuse the phpMyFAQ application to send arbitrary emails to a large range of targets. The phpMyFAQ application has a...

CVE-2024-22208 phpMyFAQ sharing FAQ functionality can easily be abused for phishing purposes

phpMyFAQ is an Open Source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. The 'sharing FAQ' functionality allows any unauthenticated actor to misuse the phpMyFAQ application to send arbitrary emails to a large range of targets. The phpMyFAQ application has a...

How to Manage Your Security Risks

Deciphering the Criticality of Safeguarding Against Security Threats As digital natives, we are well aware that the urgency and importance of ensuring digital safety can't be minimized. The escalating vector of sophisticated digital attacks has brandished a double-edged sword, threatening both...

CVE-2023-49281 Open Redirect in Login Function of Calendarinho

Calendarinho is an open source calendaring application to manage large teams of consultants. An Open Redirect issue occurs when a web application redirects users to external URLs without proper validation. This can lead to phishing attacks, where users are tricked into visiting malicious sites,...

CVE-2023-5607

An improper limitation of a path name to a restricted directory path traversal vulnerability in the TACC ePO extension, for on-premises ePO servers, prior to version 8.4.0 could lead to an authorised administrator attacker executing arbitrary code through uploading a specially crafted GTI...

CVE-2023-5607

An improper limitation of a path name to a restricted directory path traversal vulnerability in the TACC ePO extension, for on-premises ePO servers, prior to version 8.4.0 could lead to an authorised administrator attacker executing arbitrary code through uploading a specially crafted GTI...

PT-2023-32210 · Tacc · Tacc Epo Extension

Name of the Vulnerable Software and Affected Versions: TACC ePO extension versions prior to 8.4.0 Description: The issue is related to an improper limitation of a path name to a restricted directory, which could allow an authorized administrator attacker to execute arbitrary code by uploading a...

reputation.dentrix.com Cross Site Scripting vulnerability OBB-3773864

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Khan Academy: Text Injection/ Content Spoofing on https://cloud.e.khanacademy.org by breaking out of input tag.

A vulnerability was discovered on https://cloud.e.khanacademy.org that allowed text injection via breaking out of an input tag. By inserting a closing angle bracket in a parameter value, an attacker could inject arbitrary text that would be reflected on the page, enabling phishing attacks. The...

Front-running the Vault721.sol::build(address _user) can DoS the protocol for new users

Lines of code Vulnerability details Impact New users can't register and use the protocol until they discover the deployed address of their proxy, which is detrimental to the protocol's reputation Proof of Concept Attackers/bots are able to DOS the protocol for the new users who wants to create...

Nextcloud: Delete external storage of any user

An external storage vulnerability was discovered that allowed standard users to delete external storage resources from any user account in the application. By modifying a system-generated ID, unauthorized users could remove externally linked storage without special privileges, potentially resulti...

curl: [Critical] Curl CVE-2023-38545 vulnerability code changes are disclosed on the internet

Vulnerability description not provided...

Clcknshop 1.0.0 - SQL Injection

Exploit Title: Clcknshop 1.0.0 - SQL Injection Exploit Author: CraCkEr Date: 16/08/2023 Vendor: Infosoftbd Solutions Vendor Homepage: https://infosoftbd.com/ Software Link: https://infosoftbd.com/multitenancy-e-commerce-solution/ Demo: https://kidszone.clckn.shop/ Version: 1.0.0 Tested on: Window...

U.S. Dept Of Defense: Subdomain Takeover via Host Header Injection on www.█████

The vulnerability was a subdomain takeover due to a CNAME record pointing to an unclaimed domain. This allowed malicious individuals to potentially take control of the affected subdomain and use it for malicious purposes...

Rouge ward can remove auth permission from other wards and then remove themselves

Lines of code Vulnerability details In a protocol, the deny function is used to remove the ward permissions from an address. This is actually a serious thing to consider that can actually occur, if a ward contract or account is obtained and other wards are not aware, the rogue ward can actually...

Mars: **"CSRF Vulnerability in ███████ Website Allows Attackers to Change User Profile Picture at ███████"**

The identified vulnerability is a CSRF vulnerability that allowed an attacker to change the user's profile picture on the ███████ website. The vulnerability was successfully reproduced by creating an account, navigating to the profile picture upload section, and utilizing the provided exploit cod...

How to Prevent API Breaches: A Guide to Robust Security

With the growing reliance on web applications and digital platforms, the use of application programming interfaces APIs has become increasingly popular. If you aren't familiar with the term, APIs allow applications to communicate with each other and they play a vital role in modern software...

Credit Lite 1.5.4 - SQL Injection

Exploit Title: Credit Lite 1.5.4 - SQL Injection Exploit Author: CraCkEr Date: 31/07/2023 Vendor: Hobby-Tech Vendor Homepage: https://codecanyon.net/item/credit-lite-micro-credit-solutions/39554392 Software Link: https://credit-lite.appshat.xyz/ Version: 1.5.4 Tested on: Windows 10 Pro Impact:...