3100 matches found
WP Fastest Cache < 0.9.0.3 - Cross-Site Request Forgery (CSRF) Arbitrary File Deletion
The plugin did not have a CSRF nonce check on the "wpfcdeletecurrentpagecache" action, allowing CSRF attacks against authenticated users to delete arbitrary files, including the wp-config.php file. document.form.submit;...
Auth0 < 3.11.3 - Unauthenticated Reflected XSS via wle Parameter
XSS via a wle parameter associated with wp-login.php. WP/wp-login.php?wle=%22%20onEvent%3DX186697040Y2Z%20...
FlexNet Publisher 11.12.1 - Cross-Site Request Forgery (Add Local Admin)
FlexNet Publisher 11.12.1 - Cross-Site Request Forgery Add Local Admin Exploit Title: FlexNet Publisher 11.12.1 - Cross-Site Request Forgery Add Local Admin Date: 2019-12-29 Exploit Author: Ismail Tasdelen Vendor Homepage: https://www.flexerasoftware.com/ Software : FlexNet Publisher Product...
Adive Framework 2.0.8 - Cross-Site Request Forgery (Change Admin Password)
Adive Framework 2.0.8 - Cross-Site Request Forgery Change Admin Password Exploit Title: Adive Framework 2.0.8 - Cross-Site Request Forgery Change Admin Password Exploit Author: Sarthak Saini Date: 2020-01-18 Vendor Link : https://www.adive.es/ Software Link:...
Centreon 19.04 - Authenticated Remote Code Execution Exploit
Exploit for php platform in category web applications This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "Centreon Authenticated Macro Expression Location Setting Handler Code Execution",...
Rukovoditel Project Management CRM 2.5.2 - (reports_id) SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: Rukovoditel Project Management CRM 2.5.2 - 'reportsid' SQL Injection Blog: https://fatihhcelik.blogspot.com/ Exploit Author: Fatih Çelik Vendor Homepage: https://www.rukovoditel.net/ Software Link:...
Exploit for Improper Certificate Validation in Microsoft
No d...
ListingPro < 2.5.4 - Unauthenticated Reflected Cross-Site Scripting
Reflected XSS was discovered in the «ListingPro - WordPress Directory Theme», tested version — v2.5.3 Edit - WPScanTeam: January 13th, 2020 - Report Received & Envato Contacted January 13th, 2020 - Envato Investigating January 15th, 2020 - Theme updated, v2.5.4, fixing the issue ----- Info: -----...
Redir 3.3 - Denial of Service Exploit
Exploit Title: Redir 3.3 - Denial of Service PoC Exploit Author: hieubl from HPT Cyber Security Vendor Homepage: https://github.com/troglobit/redir Software Link: https://github.com/troglobit/redir Version: 3.3 Tested on: Kali GNU/Linux Rolling 2019.4 CVE : if applicable The source code of redir....
Exploit for Path Traversal in Citrix Application_Delivery_Controller_Firmware
citrixdirtraversalrce A directory traversal was discovered...
ASTPP 4.0.1 VoIP Billing - Database Backup Download
Exploit Title: ASTPP 4.0.1 VoIP Billing - Database Backup Download Date: 2019-11-18 Exploit Author: Fabien AUNAY Vendor Homepage: https://www.astppbilling.org/ Software Link: https://github.com/iNextrix/ASTPP/tree/v4.0.1 Version: 4.0.1 vendor default setup script Tested on: Debian 9 - CentOS 7 CV...
Online Book Store 1.0 - Unauthenticated Remote Code Execution
Exploit Title: Online Book Store 1.0 - Unauthenticated Remote Code Execution Google Dork: N/A Date: 2020-01-07 Exploit Author: Tib3rius Vendor Homepage: https://projectworlds.in/free-projects/php-projects/online-book-store-project-in-php/ Software Link:...
Voyager 1.3.0 - Directory Traversal
Voyager 1.3.0 - Directory Traversal Exploit Title: Voyager 1.3.0 - Directory Traversal Google Dork: N/A Date: January 2020-01-06 Exploit Author: NgoAnhDuc Vendor Homepage: https://voyager.devdojo.com/ Software...
Shopping Portal ProVersion 3.0 - Authentication Bypass
Exploit Title: Shopping Portal ProVersion 3.0 - Authentication Bypass Exploit Author: Metin Yunus Kandemir kandemir Vendor Homepage: https://phpgurukul.com/ Software Link: https://phpgurukul.com/shopping-portal-free-download/ Version: v4.0 Category: Webapps Tested on: Xampp for Windows Descriptio...
Stripo Inc: CSRF - Modify Project Settings
Target Url/Endpoint https://my.stripo.email/cabinet/stripeapi/v1/projects/ProjectId Note Attacker just need to know victim project Id. Summary: This CSRF Vulnerability leads to change user's project settings including General Information, Contacts, Social Networks and Other Options. Steps To...
Wordpress Ultimate Addons for Beaver Builder 1.2.4.1 - Authentication Bypass
Wordpress Ultimate Addons for Beaver Builder 1.2.4.1 - Authentication Bypass Exploit Title: Wordpress Ultimate Addons for Beaver Builder 1.2.4.1 - Authentication Bypass Date: 2019-12-21 Exploit Authors: Raphael Karger & Nathan Hrncirik Vendor Homepage: https://www.ultimatebeaver.com/ Version:...
CVE-2019-5596
creationtimestamp| type| source ---|---|--- 2019-12-30 00:00:00+00:00| exploited| https://www.exploit-db.com/exploits/47829...
Exploit for OS Command Injection in Docker
No d...
GitLab: Steal private objects of other projects via project import
Summary An attacker could transfer issues, merge requests of another project to the imported project by importing a crafted GitLab export. Steps to reproduce 1. Import the attached tarball as GitLab export. 2. Check the issues page of the imported project. You will see an private issue created by...
Network Management Card 6.2.0 - Host Header Injection
Network Management Card 6.2.0 - Host Header Injection Exploit Title: Network Management Card 6.2.0 - Host Header Injection Google Dork: Date: 2019-11-21 Exploit Author: Amal E Thamban,Kamal Paul Vendor Homepage: https://www.apc.com/in/en/ Software Link:...