Huawei DG8045 Authentication Bypass

Title: Huawei dg8045 - Authentication Bypass Date: 2020-06-24 Author: Abdalrahman Gamal Vendor Homepage: www.huawei.com Version: dg8045 Hardware Version: VER.A POC: The default password of this router is the last 8 characters of the device's serial number which exist in the back of the device. An...

Online Library Management System 1.0 - Arbitrary File Upload Remote Code Execution Exploit

Exploit Title: Online Library Management System 1.0 - Arbitrary File Upload Remote Code Execution Unauthenticated Exploit Author: Berk Can Geyikci Vendor Homepage: https://www.sourcecodester.com/ Software Link: https://www.sourcecodester.com/sites/default/files/download/janobe/ols.zip Version: 1....

Glass <= 1.3.2 - CSRF to Stored Cross-Site Scripting (XSS)

The plugin does not sanitise or escape its "Glass Pages" setting before outputting in a page, leading to a Stored Cross-Site Scripting issue. Furthermore, the plugin did not have CSRF check in place when saving its settings, allowing the issue to be exploited via a CSRF attack. Add the following...

Cisco HyperFlex HX Data Platform unauthenticated file upload to RCE (CVE-2021-1499)

This module exploits an unauthenticated file upload vulnerability in Cisco HyperFlex HX Data Platform's /upload endpoint to upload and execute a payload as the Tomcat user. Module Options msf use exploit/linux/http/ciscohyperflexfileuploadrce msf exploitciscohyperflexfileuploadrce show targets...

Dlink DSL2750U - &#039;Reboot&#039; Command Injection

Exploit Title: Dlink DSL2750U - 'Reboot' Command Injection Date: 17-06-2021 Exploit Author: Mohammed Hadi HadiMed Vendor Homepage: https://me.dlink.com/consumer Software Link: https://dlinkmea.com/index.php/product/details?det=c0lvN0JoeVVhSXh4TVhjTnd1OUpUUT09 Version: ME1.16 Tested on: firmware...

Request a Quote < 2.3.4 - Authenticated Stored XSS

The plugin did not sanitise and escape some of its quote fields when adding/editing a quote as admin, leading to Stored Cross-Site scripting issues when the quote is output in the 'All Quotes" table. Note: By default, admins and editors are allowed to use JavaScript in posts and page, unless the...

Filebird 4.7.3 - Unauthenticated SQL Injection

The Filebird Plugin 4.7.3 introduced a SQL injection vulnerability as it is making SQL queries without escaping user input data from a HTTP post request. This is a major vulnerability as the user input is not escaped and passed directly to the getcol function and it allows SQL injection. The Rest...

BCS BatchLine Book Importer < 1.5.8 - Unauthenticated Product Import

The plugin did not correctly check for permission in its wc/v3/bcsbertlinebookimport REST route, allowing unauthenticated to import arbitrary products or update existing ones POST /wp-json/wc/v3/bcsbertlinebookimport HTTP/1.1 Accept: / Accept-Language: en-GB,en;q=0.5 Accept-Encoding: gzip, deflat...

Stripe Payment Gateway for WooCommerce < 3.6.0 - Reflected Cross-Site Scripting (XSS)

The plugin did not sanitise or escape the page parameter before outputting back in an attribute, leading to a reflected Cross-Site Scripting issue alert/XSS/"' /...

Jannah < 5.4.4 - Reflected Cross-Site Scripting (XSS)

The theme did not properly sanitize the options JSON parameter in its tiegetuserweather AJAX action before outputting it back in the page, leading to a Reflected Cross-Site Scripting XSS vulnerability. via GET:...

Exploit for Deserialization of Untrusted Data in Apache Ofbiz

CVE-2020-9496 XML-RPC request are vulnerable to unsafe deseria...

Monstra CMS 3.0.4 Remote Code Execution

Exploit Title: Monstra CMS 3.0.4 - Remote Code Execution Authenticated Date: 03.06.2021 Exploit Author: Ron Jost hacker5preme Vendor Homepage: https://monstra.org/ Software Link: https://monstra.org/monstra-3.0.4.zip Version: 3.0.4 Tested on: Ubuntu 20.04 CVE: CVE-2018-6383 Documentation:...

Unspecified vulnerability in Nextcloud (CNVD-2021-39033)

Nextcloud is a set of open source self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. A security vulnerability exists in Nextcloud Server, which stems from the fact that when a sharing user opens the sharing panel and attempts to delete the...

Reddit: IDOR to pay less for coin purchases on oauth.reddit.com via /api/v2/gold/paypal/create_coin_purchase_order in `order_id` parameter

Summary: This vulnerability consist of modifying the PayPal transaction ID to buy a big coin pack but paying the small price for it. Impact: The only impact here could be that you don't earn the money you deserve, and users can offer a lot of presents to other users, breaking the magic of the...

ProjeQtOr Project Management 9.1.4 Shell Upload

Exploit Title: ProjeQtOr Project Management 9.1.4 - Remote Code Execution Date: 29.05.2021 Exploit Author: Temel Demir Vendor Homepage: https://www.projeqtor.org Software Link: https://sourceforge.net/projects/projectorria/files/projeqtorV9.1.4.zip Version: v9.1.4 Tested on: Laragon @WIN10...

FFmpeg heap buffer overflow vulnerability (CNVD-2021-39766)

FFmpeg is a complete solution for recording, converting and streaming audio and video. A heap buffer overflow vulnerability exists in gaussianblur in libavfilter/vfedgedetect.c in FFmpeg version 4.2. An attacker can exploit this vulnerability to cause memory corruption...

Stock in & out <= 1.0.4 - Reflected Cross-Site Scripting (XSS)

The plugin has a search functionality, the lowest accessible level to it being contributor. The srch POST parameter is not validated, sanitised or escaped before using it in the echo statement, leading to a reflected XSS issue POST /wp-admin/admin.php?page=stockin HTTP/1.1 Content-Length: 66...

Gallery From Files <= 1.6.0 - Unauthenticated RCE

The upload feature of the plugin does not properly check for the allowed extensions, allowing them to be set in the request and attempting to remove the dangerous ones such as .php and .js, but forgetting about .php4, .html etc. As a result, unauthenticated users could upload arbitrary .php4 file...

Pluck CMS 4.7.13 - File Upload Remote Code Execution (Authenticated)

Exploit Title: Pluck CMS 4.7.13 - File Upload Remote Code Execution Authenticated Date: 25.05.2021 Exploit Author: Ron Jost Hacker5preme Vendor Homepage: https://github.com/pluck-cms/pluck Software Link: https://github.com/pluck-cms/pluck/releases/tag/4.7.13 Version: 4.7.13 Tested on Xubuntu 20.0...

Codiad 2.8.4 - Remote Code Execution (Authenticated) (3)

Exploit Title: Codiad 2.8.4 - Remote Code Execution Authenticated 3 Date: 24.05.2021 Exploit Author: Ron Jost Hacker5preme Vendor Homepage: http://codiad.com/ Software Link: https://github.com/Codiad/Codiad/releases/tag/v.2.8.4 Version: 2.8.4 Tested on Xubuntu 20.04 CVE: CVE-2018-19423 '''...