Widget Bundle <= 2.0.0 - Unauthencated Reflected XSS

Description The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against only unauthenticated users On a site with the User Login/Registration widget active, have an unauthenticated user send a...

Mattermost Server Access Control Error Vulnerability (CNVD-2024-26106)

Mattermost Server is the United States Mattermost company's set of open source messaging platform. Mattermost Server suffers from an Access Control Error vulnerability that can be exploited by an attacker to bypass access restrictions and link their operation to a private channel to which they do...

Exploit for Unrestricted Upload of File with Dangerous Type in Hashthemes Hash_Form

🚀 HashForm Exploit Script This script demonstrates the exploi...

Pray For Me <= 1.0.4 - Settings Update via CSRF

Description The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack Make a logged in admin open an HTML file containing:...

Amen <= 3.3.1 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup 1. Go to...

CVE-2024-35550

idccms v1.35 was discovered to contain a Cross-Site Request Forgery CSRF via the component /admin/infoWebdeal.php?mudi=rev...

CVE-2024-34949

SQL injection vulnerability in Likeshop before 2.5.7 allows attackers to run abitrary SQL commands via the function OrderLogic::getOrderList function, exploited at the /admin/order/lists.html endpoint...

WP Stacker <= 1.8.5 - Stored XSS via CSRF

Description The plugin does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack Make an admin open an HTML document containing: alert888' / alert2' /...

Siemens SIMATIC RTLS Locating Manager Insufficient Protected Credentials Vulnerability

SIMATIC RTLS Locating Manager is used to configure, operate and maintain the SIMATIC RTLS unit, a real-time wireless positioning system that provides locating solutions. A security vulnerability exists in Siemens SIMATIC RTLS Locating Manager due to an affected SIMATIC RTLS Locating Manager...

GHSA-93X3-M7PW-PPQM Mantis Bug Tracker (MantisBT) allows user account takeover in the signup/reset password process

Insufficient access control in the registration and password reset process allows an attacker to reset another user's password and takeover their account, if the victim has an incomplete request pending. The exploit is only possible while the verification token is valid, i.e for 5 minutes after t...

Kemp LoadMaster Local sudo Privilege Escalation Exploit

This Metasploit module abuses a feature of the sudo command on Progress Kemp LoadMaster. Certain binary files are allowed to automatically elevate with the sudo command. This is based off of the file name. Some files have this permission are not write-protected from the default bal user. As such,...

Elber Cleber/3 Broadcast Multi-Purpose Platform 1.0.0 - Device Config Disclosure

Elber Cleber/3 Broadcast Multi-Purpose Platform 1.0.0 Device Config Vendor: Elber S.r.l. Product web page: https://www.elber.it Affected version: 1.0.0 Revision 7304 1.0.0 Revision 7284 1.0.0 Revision 6505 1.0.0 Revision 6332 1.0.0 Revision 6258 XS2DAB v1.50 rev 6267 Summary: Cleber offers a...

Conform contains a Prototype Pollution Vulnerability in `parseWith...` function

Summary Conform allows the parsing of nested objects in the form of object.property. Due to an improper implementation of this feature, an attacker can exploit it to trigger prototype pollution by passing a crafted input to parseWith... functions. PoC javascript const parseWithZod =...

FlatPress 1.3 Shell Upload

Exploit Title: FlatPress v1.3 - Remote Command Execution Discovered by: Ahmet Ümit BAYRAM Discovered Date: 19.04.2024 Vendor Homepage: https://www.flatpress.org Software Link: https://github.com/flatpressblog/flatpress/archive/1.3.zip Tested Version: 1.3 latest Tested on: MacOS import requests...

PYSEC-2024-243

mlflow/mlflow is vulnerable to Local File Inclusion LFI due to improper parsing of URIs, allowing attackers to bypass checks and read arbitrary files on the system. The issue arises from the 'islocaluri' function's failure to properly handle URIs with empty or 'file' schemes, leading to the...

MGASA-2024-0134 Updated upx packages fix security vulnerability

A vulnerability was found in UPX up to 4.2.2. It has been rated as critical. This issue affects the function getne64 of the file bele.h. The manipulation leads to heap-based buffer overflow. The exploit has been disclosed to the public and may be used. The associated identifier of this...

MF Gig Calendar <= 1.2.1 - Arbitrary Event Deletion via CSRF

Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in Contributors and above delete arbitrary events via a CSRF attack Make a contributor or higher user open a link where is a valid event:...

CVE-2024-32000

Matrix-appservice-irc (Node.js IRC bridge) before version 2.0.0 could leak the truncated body of a message when a malicious user replies to an event they shouldn’t access, provided they know the event ID and are in both the Matrix room and the bridged IRC channel. The root cause involved reliance...

WordPress Geo Controller < 8.6.5 - PHP Object Injection

Description The plugin unserializes user input via some of its AJAX actions and REST API routes, which could allow unauthenticated users to perform PHP Object Injection when a suitable gadget is present on the blog...

Exploit for Command Injection in Dlink Dns-320L_Firmware

CVE-2024-3273 Proof of Concept PoC This repository contains...