Pluck CMS 4.7.13 - File Upload Remote Code Execution (Authenticated) Exploit

Exploit Title: Pluck CMS 4.7.13 - File Upload Remote Code Execution Authenticated Exploit Author: Ron Jost Hacker5preme Vendor Homepage: https://github.com/pluck-cms/pluck Software Link: https://github.com/pluck-cms/pluck/releases/tag/4.7.13 Version: 4.7.13 Tested on Xubuntu 20.04 CVE:...

Simple 301 Redirects by BetterLinks - 2.0.0 – 2.0.3 - Unauthenticated Redirect Import

The importdata function of the plugin had no capability or nonce checks making it possible for unauthenticated users to import a set of site redirects. curl -i -s -k -X $'POST' \ -H $'Host: URLHERE' -H $'Content-Length: 379' -H $'Cache-Control: max-age=0' -H $'Upgrade-Insecure-Requests: 1' -H...

Solaris SunSSH 11.0 x86 - libpam Remote Root (2)

Exploit Title: Solaris SunSSH 11.0 x86 - libpam Remote Root 2 Original Exploit Author: Hacker Fantastic Metasploit Module Author: wvu Vendor Homepage: https://www.oracle.com/solaris/technologies/solaris10-overview.html Version: 10 Tested on: SunOS solaris 10 CVE: CVE-2020-14871 Ported By: legend...

XStream upgrade to 1.4.17

h3. Problem XStream is vulnerable to security exploits including CVE-2021-29505|http://x-stream.github.io/CVE-2021-29505.html. This ticket tracks it's upgrade to 1.4.17 panel:title=Atlassian Update - July 2021|borderStyle=solid|borderColor=6554c0|titleBGColor=6554c0|bgColor=eae6ff We have upgrade...

Arbitrary File Read Vulnerability in H3C SecPath ACG1000

The H3C SecPath ACG1000 is a next-generation application control gateway. An arbitrary file read vulnerability exists in the H3C SecPath ACG1000. An attacker can exploit the vulnerability to read arbitrary files...

COVID19 Testing Management System 1.0 - 'Admin name' Cross-Site Scripting (XSS)

Exploit Title: COVID19 Testing Management System 1.0 - 'Admin name' Cross-Site Scripting XSS Date: 19/05/2021 Exploit Author: Rohit Burke Vendor Homepage: https://phpgurukul.com Software Link: https://phpgurukul.com/covid19-testing-management-system-using-php-and-mysql/ Version: 1.0 Tested on:...

Google TensorFlow unicode ops heap out-of-bounds access vulnerability

Google TensorFlow is an end-to-end open source machine learning platform. A heap out-of-bounds access vulnerability exists in Google TensorFlow unicode ops. An attacker can exploit the vulnerability to access data outside of heap allocation array boundaries in tf.raw\u ops.unicodeNCode...

Google TensorFlow QuantizedResizeBilinear Denial of Service Vulnerability

Google TensorFlow is an end-to-end open source machine learning platform. A security vulnerability exists in Google TensorFlow QuantizedResizeBilinear. An attacker can exploit the vulnerability by passing an invalid quantization threshold to cause a heap buffer overflow...

Bello < 1.6.0 - Unauthenticated Reflected XSS & XFS

The theme did not properly sanitise and escape its listinglistview, btbblistingfieldmylat, btbblistingfieldmylng, btbblistingfielddistancevalue, btbblistingfieldmylatdefault, btbblistingfieldkeyword, btbblistingfieldlocationautocomplete, btbblistingfieldpricerangefrom and...

Scheme Flooding Allows User Tracking Across Browsers

A security researcher has discovered a vulnerability that allows websites to track users across a number of different desktop browsers — including Apple Safari, Google Chrome, Microsoft Edge, Mozilla Firefox and Tor — posing a threat to cross-browser anonymity. Called “scheme flooding,” the flaw...

External Media < 1.0.34 - Authenticated Arbitrary File Upload

The wpajaxupload-remote-file AJAX action of the plugin was vulnerable to arbitrary file uploads via any authenticated users. $wpuser, 'pwd' = $wppass, 'rememberme' = 'forever', 'wp-submit' = 'Log+In', ; $output = curlexec$ch; curlclose$ch; // Upload File $ch = curlinit; curlsetopt$ch, CURLOPTURL,...

Exploit for OS Command Injection in Cacti

Cacti-CVE-2020-8813 Usage: cactirce.py options Op...

Microweber CMS 1.1.20 - Remote Code Execution (Authenticated) Exploit

Exploit Title: Microweber CMS 1.1.20 - Remote Code Execution Authenticated Exploit Author: sl1nki Vendor Homepage: https://microweber.org/ Software Link: https://github.com/microweber/microweber/tree/1.1.20 Version: " . shellexec$REQUEST"fexec" . ""; ?' Notes: SSL verification is disabled by...

Schlix CMS 2.2.6-6 - &#039;title&#039; Persistent Cross-Site Scripting (Authenticated)

Exploit Title: Schlix CMS 2.2.6-6 - 'title' Persistent Cross-Site Scripting Authenticated Date: 2021-05-05 Exploit Author: Emircan Baş Vendor Homepage: https://www.schlix.com/ Software Link: https://www.schlix.com/downloads/schlix-cms/schlix-cms-v2.2.6-6.zip Version: 2.2.6-6 Tested on: Windows &...

CVE-2021-29921

In Python before 3,9,5, the ipaddress library mishandles leading zero characters in the octets of an IP address string. This in some situations allows attackers to bypass access control that is based on IP addresses...

Schlix CMS 2.2.6-6 - Remote Code Execution (Authenticated)

Exploit Title: Schlix CMS 2.2.6-6 - Remote Code Execution Authenticated Date: 2021-05-06 Exploit Author: Eren Saraç Vendor Homepage: https://www.schlix.com/ Software Link: https://www.schlix.com/downloads/schlix-cms/schlix-cms-v2.2.6-6.zip Version: 2.2.6-6 Tested on: Windows & WampServer ==...

Moeditor 0.2.0 - XSS to Remote Command Execution Vulnerability

Exploit Title: Moeditor 0.2.0 - XSS to RCE Exploit Author: TaurusOmar CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Risk: High 8.8 Vendor Homepage: https://moeditor.js.org/ Version: 0.2.0 Tested on: Windows, Linux, MacOs Software Description: Software to view and edit sales documentation Moeditor...

Freeter 1.2.1 - Persistent Cross-Site Scripting

Exploit Title: Freeter 1.2.1 - Persistent Cross-Site Scripting Exploit Author: TaurusOmar Date: 04/05/2021 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Risk: High 8.8 Vendor Homepage: https://freeter.io/ Version: 1.2.1 Tested on: Windows, Linux, MacOs Software Description: It is an organizer for...

Exploit for CVE-2021-31728

CVE-2021-31727 and CVE-2021-31728 Public Reference f...

Montiorr 1.7.6m - Persistent Cross-Site Scripting

Exploit Title: Montiorr 1.7.6m - Persistent Cross-Site Scripting Date: 25/4/2021 Exploit Author: Ahmad Shakla Software Link: https://github.com/Monitorr/Monitorr Tested on: Kali GNU/Linux 2020.2 Detailed Bug Description :...