Exploit for Deserialization of Untrusted Data in Apache Tomcat

CVE-2020-9484 Click the image to watch the vide...

Binary Vulnerability in Avira Antivirus

Avira AntiVirus is a suite of antivirus programs. A binary vulnerability exists in Avira Antivirus. An attacker can exploit the vulnerability to write to arbitrary files with system privileges...

Apartment Visitors Management System 1.0 - 'email' SQL Injection

Exploit Title: Apartment Visitors Management System 1.0 - 'email' SQL Injection Date: 20.01.2021 Exploit Author: CANKAT ÇAKMAK Vendor Homepage: https://phpgurukul.com/apartment-visitors-management-system-using-php-and-mysql/ Software Link:...

The vulnerability of the Windows operating system, related to errors in the code, allows a hacker to bypass Windows’ screen lock security features.

The vulnerability of the Windows operating system is related to errors in the code. Exploiting this vulnerability can allow an attacker to bypass Windows’ screen lock security features...

Modal Survey < 2.0.1.8.2 - Authenticated PHP Object Injection

The Unserialize function is used multiple times in the code, for example when importing custom surveys. This could allow a malicious administrator to import a crafted JSON to trigger a PHP Object Injection vulnerability "name":"Open Text Answer Sample", "id":"924478511", "options":"", "global":"0...

H2 Database 1.4.199 JNI Code Execution

Exploit Title: H2 Database 1.4.199 - JNI Code Execution Exploit Author: 1F98D Original Author: Markus Wulftange Date: 28 April 2020 Vendor Hompage: https://www.h2database.com/ Tested on: Windows 10 x64, Java 1.8, H2 1.4.199 References:...

Baby Care System 1.0 - &#039;Post title&#039; Stored XSS

Exploit Title: Baby Care System 1.0 - 'Post title' Stored XSS Exploit Author: Hardik Solanki Vendor Homepage: https://www.sourcecodester.com/php/14622/baby-care-system-phpmysqli-full-source-code.html Software Link:...

Tencent Conference for Windows suffers from DLL hijacking vulnerability

Tencent Conference is an audio and video conferencing product under Tencent Cloud. A DLL hijacking vulnerability exists in the Windows version of Tencent Conference, which can be exploited by an attacker to gain control of the server...

WordPress Plugin Adning Advertising 1.5.5 - Arbitrary File Upload

Exploit Title: WordPress Plugin Adning Advertising 1.5.5 - Arbitrary File Upload Google Dork: inurl:/wp-content/plugins/angwp Date: 23/12/2020 Exploit Author: spacehen Vendor Homepage: http://adning.com/ Version: spacehen www.lunar.sh" def printusage: print"Usage: python3 exploit.py target url ph...

Arteco Web Client DVR/NVR Session Hijacking

!/usr/bin/env python3 Arteco Web Client DVR/NVR 'SessionId' Cookie Brute Force Session Hijacking Exploit Vendor: Arteco S.U.R.L. Product web page: https://www.arteco-global.com Affected version: n/a Summary: Arteco DVR/NVR is a mountable industrial surveillance server ideal for those who need to...

Arteco Web Client DVR/NVR Session Hijacking Vulnerability

The session identifier used by Arteco Web Client DVR/NVR is of an insufficient length and can be brute forced, allowing a remote attacker to obtain a valid session, bypass authentication, and disclose the live camera stream. !/usr/bin/env python3 Arteco Web Client DVR/NVR 'SessionId' Cookie Brute...

Academy-LMS 4.3 - Stored XSS

Exploit Title: Academy-LMS 4.3 - Stored XSS Date: 19/12/2020 Vendor page: https://academy-lms.com/ Version: 4.3 Tested on Win10 and Google Chrome Exploit Author: Vinicius Alves XSS Payload: 1 Access LMS and log in to admin panel 2 Access courses page 3 Open course manager and SEO menu 4 Paste the...

Limit Login Attempts Reloaded < 2.16.0 - Authenticated Reflected Cross-Site Scripting

The plugin does not properly sanitise user input in its options page, which could allow attackers to perform XSS attacks against logged in administrator by making them open a malicious URL The issue was partially fixed in 2.15.1, and fully remediated in 2.16.0...

vBulletin 5.6.3 - &#039;group&#039; Cross Site Scripting

Exploit Title: vBulletin 5.6.3 - 'group' Cross Site Scripting Date: 05.09.2020 Author: Vincent666 ibn Winnie Software Link: https://www.vbulletin.com/en/features/ Tested on: Windows 10 Web Browser: Mozilla Firefox & Opera Google Dorks: "Powered by vBulletin® Version 5.6.3" Blog:...

Invision Community 4.5.4 Cross Site Scripting

Exploit Title: Invision Community 4.5.4 - 'Field Name' Stored Cross-Site Scripting Date: 02-12-2020 Exploit Author: Hemant Patidar HemantSolo Vendor Homepage: https://invisioncommunity.com/ Software Link: https://invisioncommunity.com/buy Version: 4.5.4 Tested on: Windows 10/Kali Linux Vulnerable...

Coaster CMS 5.8.18 Cross Site Scripting

Exploit Title: Coastercms 5.8.18 - Stored XSS Exploit Author: Hardik Solanki Vendor Homepage: https://www.coastercms.org/ Software Link: https://www.coastercms.org/ Version: 5.8.18 Tested on Windows 10 XSS IMPACT: 1: Steal the cookie 2: User redirection to a malicious website Vulnerable Parameter...

Online Voting System Project in PHP - &#039;username&#039; Persistent Cross-Site Scripting

Exploit Title: Online Voting System Project in PHP - 'username' Persistent Cross-Site Scripting Date: 27-11-2020 Exploit Author: Sagar Banwa Vendor Homepage: https://projectworlds.in/ Software Link: https://projectworlds.in/free-projects/php-projects/online-voting-system-project-in-php-2/ Tested...

Potential file overwrite if archive filename starts with file://

I have submitted this to the PEAR bug tracker as well as the PEAR group mailing list, and I'm not sure if either has gone through, so opening an issue here with the hope that this is the right place for it. While auditing a separate application which uses ArchiveTar internally, I found that...

Ultimate Member < 2.1.12 - Unauthenticated Privilege Escalation via User Meta

An attacker could supply an array parameter for sensitive meta data such as the wpcapabilities user meta which defines a user’s role. During the registration process, submitted registration details were passed to the updateprofile function, and any respective metadata that was submitted, regardle...

CVE-2020-15986

CVE-2020-15986 affects Chromium's media component. An integer overflow in media before 86.0.4240.75 could enable a remote attacker to potentially cause heap corruption and arbitrary code execution. Public records in connected documents reference Chrome/Chromium updates fixing this in version 86.0...