Software License Manager < 4.4.6 - CSRF to Stored XSS

The plugin did not have CSRF check on its settings page, nor sanitisation when outputting user input back. Attackers could make a logged in administrator change the plugin's settings, and put XSS payload in them. alert/XSS-1/' / alert/XSS-2/' / alert/XSS-3/' / alert/XSS-4/' /...

Multiple WP-Buy Plugins - Arbitrary Plugin Installation/Activation via CSRF

The "cppluginsdobuttonjoblatercallback" AJAX action, from multiple plugins of the WP-Buy vendor, was lacking CSRF check, allowing attackers to make a logged in administrator install and active arbitrary plugins including specific version from the WordPress repository which could lead to more...

Imagemagick Studio ImageMagick Digital Error Vulnerability (CNVD-2021-36214)

Imagemagick Studio ImageMagick is a suite of open source image processing software from ImageMagick Studio Imagemagick Studio, an American company. The software can read, convert or write images in many formats. ImageMagick has a security vulnerability that can be exploited by an attacker to...

Woocommerce < 5.2.0 - Authenticated Stored Cross-Site Scripting (XSS)

When taxes are enabled, the "Additional tax classes" field was not properly sanitised or escaped before being output back in the admin dashboard, allowing high privilege users such as admin to use XSS payloads even when the unfilteredhtml is disabled Enable taxes...

Accordion < 2.2.30 - Authenticated Reflected Cross-Site Scripting (XSS)

The tab GET parameter of the settings page is not sanitised or escaped when being output back in an HTML attribute, leading to a reflected XSS issue. v 2.2.29 https://example.com/wp-admin/edit.php?posttype=accordions&page=settings&tab=a%22%3E%3Csvg%2Fonload%3Dalert%28123%29%3B%2F%2F%3E%3C%22 v...

Redmine Information Disclosure Vulnerability (CNVD-2021-30713)

Redmine is a set of open source Web-based project management and defect tracking tools . The product provides project management , issue tracking and role-based access control and other features . A security vulnerability exists in Redmine versions prior to 4.0.8 and versions prior to 4.1.x serie...

Redirection for Contact Form 7 < 2.3.4 - Authenticated PHP Object Injection

In the plugin, any authenticated user, such as a subscriber, could use the importfromdebug AJAX action to inject PHP objects. $wpuser, 'pwd' = $wppass, 'rememberme' = 'forever', 'wp-submit' = 'Log+In', ; $output = curlexec$ch; curlclose$ch; // OBJI $ch = curlinit; curlsetopt$ch, CURLOPTURL, $wpur...

Native Church Website 1.0 Shell Upload Exploit

Exploit Title: Native Church Website - Arbitrary File Upload Authenticated Exploit Author: Richard Jones Vendor Homepage: https://www.sourcecodester.com/php/11764/native-church-website-phpmysql.html Version: 1.0 Tested on: Windows 10 build 19041 + xampp 3.2.4 /usr/bin/python3 import requests impo...

IBM Jazz Team Server Weak Encryption Algorithm Vulnerability

IBM Jazz Team Server is an application server from IBM USA. Provides base services that enable a group of tools to work together as a single logical server and includes any number of Jazz Team Server Extensions that provide tool-specific functionality. A security vulnerability exists in IBM Jazz...

Unspecified Vulnerability in Liberty lisPBX

Common Lisp Lispbox is Common Lisp open source an IDE. A security vulnerability exists in Liberty lisPBX version 2.0-4, which can be exploited by an attacker to remotely retrieve configuration backup files from /backup/lispbx-CONF-YYYYY-MM-DD.tar or /backup/lispbx-CDR-YYYY-MM-DD.tar without...

Business Directory Plugin < 5.11.2 - Arbitrary Payment History Update

The plugin suffered from a Cross-Site Request Forgery issue, allowing an attacker to make a logged in administrator update arbitrary payment history, such as change their status from pending to completed to example Add a listing, don't complete payment status will be pending paymentcreatedatdate...

Business Directory Plugin < 5.11.1 - Arbitrary Add/Edit/Delete Form Field to Stored XSS

The plugin suffered from Cross-Site Request Forgery issues, allowing an attacker to make a logged in administrator add, edit or delete form fields, which could also lead to Stored Cross-Site Scripting issues. Note WPScanTeam: The CSRF has ben fixed and proper capability checks have also been adde...

Business Directory Plugin < 5.11 - Arbitrary File Upload to RCE

The plugin suffered from a Cross-Site Request Forgery issue, allowing an attacker to make a logged in administrator import files. As the plugin also did not validate uploaded files, it could lead to RCE. Note WPScanTeam: CSRF check and some file validation were added in v5.11, however a blacklist...

Composr CMS 10.0.36 - Cross Site Scripting

Exploit Title: Composr CMS 10.0.36 - Cross Site Scripting Date: 04/06/2021 Exploit Author: Orion Hridoy Vendor Homepage: https://compo.sr/ Software Link: https://compo.sr/download.htm Version: 10.0.36 Tested on: Windows/Linux CVE : CVE-2021-30150 Vulnerable Endpoint:...

Mini Mouse 9.2.0 - Path Traversal Vulnerability

Exploit Title: Mini Mouse 9.2.0 - Path Traversal Author: gosh Date: 02-04-2021 Vendor Homepage: http://yodinfo.com Software Link: https://imgv.oss-cn-hangzhou.aliyuncs.com/minimouse.msi Version: 9.2.0 Tested on: Windows 10 Pro build 19042.662 POC GET /file=C:%5CWindows%5Cwin.ini HTTP/1.1 Host:...

Realteo < 1.2.4 - Unauthenticated Reflected Cross-Site Scripting (XSS)

The plugin, used by the Findeo Theme, did not properly sanitise the keywordsearch, searchradius. bedrooms and bathrooms GET parameters before outputting them in its properties page, leading to an unauthenticated reflected Cross-Site Scripting issue...

Woocommerce Customers Manager < 26.6 - Authenticated Reflected Cross-Site Scripting (XSS)

The wccmcustomersids and wccmcustomersemails parameters are output in href attributes, after being sanitised with the sanitizetextfield function, which is not appropriate for such case, as payload such as ' injected-attribute=value will still be injected. This lead to a reflected XSS issue in the...

Linux kernel denial of service vulnerability (CNVD-2021-24347)

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A denial of service vulnerability exists in the Linux kernel. An attacker could exploit the vulnerability to cause a system crash...

Ivory Search < 4.6.1 - Reflected Cross Site Scripting (XSS)

The Search Forms page of the plugin did not properly sanitise the tab parameter before output it in the page, leading to a reflected Cross-Site Scripting issue when opening a malicious crafted link as a high privilege user. Knowledge of a form id is required to conduct the attack...

TIBCO Software TIBCO API Exchange Gateway Clickjacking Vulnerability

TIBCO Software TIBCO API Exchange Gateway is an application from TIBCO Software, Inc. It provides a central access point for managing enterprise APIs and provides an intermediary program between internal and external services, systems and devices. A security vulnerability exists in TIBCO API...