Vertical News Scroller < 1.17 - Authenticated Reflected Cross-Site Scripting (XSS)

The plugin attempted to fix a reflected Cross-Site Scripting in v1.10, however the changes were insufficient, as sanitizetextfield was used, but output in an attribute without being escaped. For versions 1.17:...

TYPO3 File Upload Vulnerability

TYPO3 is a free and open source content management system framework CMS/CMF of the Swiss TYPO3 Typo3 Association. A file upload vulnerability exists in TYPO3, which can be exploited by an attacker to upload arbitrary data with arbitrary file extensions...

Cisco IOS XE Path Traversal Vulnerability (CNVD-2021-22913)

Cisco IOS XE is a set of modular operating system based on Linux kernel developed by Cisco for its network equipment. A path traversal vulnerability exists in the CLI for SD-WAN in Cisco IOS XE. The vulnerability stems from insufficient validation of user-supplied input. An attacker could exploit...

MyBB SQL注入漏洞（CVE-2021-27946）

...

Exploit for Unrestricted Upload of File with Dangerous Type in Cutephp Cutenews

CVE-2019-11447 Exploit/PoC - CuteNews 2.1.2 Avatar upload RCE...

Tutor LMS < 1.7.7 - Unprotected AJAX including Privilege Escalation

Several AJAX endpoints in the plugin were unprotected, allowing students to modify course information and elevate their privileges among many other actions. Only one PoC provided for privilege escalation. $wpuser, 'pwd' = $wppass, 'rememberme' = 'forever', 'wp-submit' = 'Log+In', ; $output =...

The vulnerability of the sixteen-bit text editor SweetScape 010 Editor, related to the execution of operations outside the buffer boundaries, allows a hacker to execute arbitrary code.

The vulnerability of the sixteen-bit text editor SweetScape 010 Editor is related to the execution of operations outside the buffer boundaries. Exploiting this vulnerability can allow an attacker to execute arbitrary code...

Fluig 1.7.0 - Path Traversal

Exploit Title: Fluig 1.7.0 - Path Traversal Date: 26/11/2020 Exploit Author: Lucas Souza Vendor Homepage: https://www.totvs.com/fluig/ Version: payload.txt curl -s https://raw.githubusercontent.com/lucxssouza/banners/main/xFluig/banner banner -- FUNCTIONS -- function create-payload wordlist.txt...

e107 CMS 2.3.0 Cross Site Request Forgery

Exploit Title: e107 CMS 2.3.0 - CSRF Date: 04/03/2021 Exploit Author: Tadjmen Vendor Homepage: https://e107.org Software Link: https://e107.org/download Version: 2.3.0 Tested on: Windows 10 CVE : CVE-2021-27885 CSRF vulnerability on e107 CMS Bug Description Hi. I found a CSRF on the e107 CMS...

Local Services Search Engine Management System (LSSMES) 1.0 - Blind &amp; Error based SQL injection (Authenticated)

Exploit Title: Local Services Search Engine Management System LSSMES 1.0 - Blind & Error based SQL injection Authenticated Date: 2021-03-02 Exploit Author: Tushar Vaidya Vendor Homepage: https://phpgurukul.com/local-services-search-engine-management-system-using-php-and-mysql/ Software Link:...

Simple Employee Records System 1.0 - File Upload RCE (Unauthenticated)

Exploit Title: Simple Employee Records System 1.0 - File Upload RCE Unauthenticated Date: 2021-02-25 Exploit Author: [email protected] Vendor Homepage: https://www.sourcecodester.com/php/11393/employee-records-system.html Software Link:...

Siemens SIMATIC WinCC Bypass Authentication Vulnerability

Siemens SIMATIC WinCC is an automated data acquisition and monitoring SCADA system from Siemens, Germany. A security vulnerability exists in Siemens SIMATIC WinCC. The vulnerability is caused due to an insecure password authentication process, which can be exploited by an attacker to bypass the...

Better Search < 2.5.3 - CSRF Nonce Bypass in Import/Export

The plugin did not properly check the CSRF nonces when exporting and importing settings, allowing attackers to make a logged in user with the manageoptions capability export and import arbitrary settings by not providing the nonce parameter in the request POST...

Pricing Table by Supsystic < 1.8.9 - Authenticated SQL Injections

The GET parameter sidx and sord are used in a SQL statement without being sanitised when searching for pricing tables in the dashboard, leading to an authenticated SQL Injection issues...

CVE-2021-22298

CVE-2021-22298 has two distinct threads in the provided connected documents. First, the initial Huawei ManageOne entry describes a logic vulnerability in Huawei Gauss100 OLTP Product (ManageOne) where an attacker with certain permissions could execute specific SQL statements, due to insufficient ...

Exploit for Path Traversal in Gitlab

The warn For demonstration purpose and ethical hacking only...

Super Forms < 4.9.703 - Unauthenticated PHP File Upload to RCE

The plugin uses the jQuery File Upload library, but does not properly ensure that PHP files are forbidden. Note: Exploitation of the issue is not as easy as the original advisory in the references states. If a form from the plugin with an upload field is present on the blog, and is used to upload...

WordPress Plugin SuperForms 4.9 - Arbitrary File Upload

Exploit Title: WordPress Plugin SuperForms 4.9 - Arbitrary File Upload to Remote Code Execution Exploit Author: ABDO10 Date : Jan - 28 - 2021 Google Dork : inurl:"/wp-content/plugins/super-forms/" Vendor Homepage : https://renstillmann.github.io/super-forms// Version : All = 4.9.X data in http...

Fuel CMS 1.4.1 - Remote Code Execution (2)

Title: Fuel CMS 1.4.1 - Remote Code Execution 2 Exploit Author: Alexandre ZANNI Date: 2020-11-14 Vendor Homepage: https://www.getfuelcms.com/ Software Link: https://github.com/daylightstudio/FUEL-CMS/releases/tag/1.4.1 Version: FILE -h | --help Options: Root URL base path including HTTP scheme,...

Openlitespeed Web Server 1.7.8 - Command Injection (Authenticated) (1)

Exploit Title: Openlitespeed WebServer 1.7.8 - Command Injection Authenticated Date: 26/1/2021 Exploit Author: cmOs - SunCSR Vendor Homepage: https://openlitespeed.org/ Software Link: https://openlitespeed.org/kb/install-from-binary/ Version: 1.7.8 Tested on Windows 10 Step 1: Log in to the...