DerbyNet 9.0 inc/kisosks.inc Cross Site Scripting

CVE ID: CVE-2024-30926 Description: A Cross-Site Scripting XSS vulnerability has been identified in DerbyNet version 9.0, affecting the ./inc/kiosks.inc component. This vulnerability permits remote attackers to execute arbitrary code by exploiting the addressforcurrentkiosk function. The issue...

Wordpress Plugin - Membership For WooCommerce < v2.1.7 - Arbitrary File Upload to Shell (Unauthenticated)

Exploit Title: Wordpress Plugin - Membership For WooCommerce Resultz Uploader Uploaded ?PHP...

Siklu MultiHaul TG Series Credential Disclosure

Exploit Title: Siklu MultiHaul TG series - unauthenticated credential disclosure Date: 28-02-2024 Exploit Author: semaja2 Vendor Homepage: https://siklu.com/ Software Link: https://partners.siklu.com/home/frontdoor Version: 2.0.0 Tested on: 2.0.0 CVE : None assigned Instructions 1. Perform IPv6...

CVE-2024-2894

The CVE-2024-2894 entry affects Tenda AC7, specifically the stack-based buffer overflow in the function formSetQosBand within /goform/SetNetControlList (version 15.03.06.44). The vulnerability can be triggered remotely by manipulating the list argument, leading to potential full confidentiality, ...

Responsive Tabs < 4.0.7 - Contributor+ Stored XSS

Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks 1. Go to "Tab Sets Add New" in W...

CSZCMS v1.3.0 - SQL Injection (Authenticated)

Title: CSZCMS v1.3.0 - SQL Injection Authenticated Author: Abdulaziz Almetairy Date: 27/01/2024 Vendor: https://www.cszcms.com/ Software: https://sourceforge.net/projects/cszcms/files/install/CSZCMS-V1.3.0.zip/download Reference: https://github.com/oh-az Tested on: Windows 11, MySQL, Apache 1 - L...

Lektor Static CMS 3.3.10 Arbitrary File Upload / Remote Code Execution

Exploit Title: Lektor static content management system Version: 3.3.10 Arbitrary File upload Date: 20/03/2024 Exploit Author: kai6u Vendor Homepage: https://www.getlektor.com/ Software Link: https://github.com/lektor/lektor/releases/tag/v3.3.10 Version: 3.3.10 Tested on: Ubuntu 22.04 Summary:...

Unspecified Vulnerability in Palo Alto Networks PAN-OS (CNVD-2024-20507)

Palo Alto Networks PAN-OS is a next-generation firewall software from Palo Alto Networks, USA. A security vulnerability exists in Palo Alto Networks PAN-OS. An attacker could exploit the vulnerability to store a JavaScript payload using the web interface on the Panorama device...

Quick.CMS 6.7 - SQL Injection Login Bypass

Exploit Title: Quick.CMS 6.7 SQL Injection Login Bypass Google Dork: N/A Date: 02-03-2024 Exploit Author: ./H4X.Forensics - Diyar Vendor Homepage: https://www.opensolution.org Software Link: https://opensolution.org/download/home.html?sFile=Quick.Cmsv6.7-en.zip Version: 6.7 Tested on: Windows CVE...

WPB Show Core < 2.7 - Reflected XSS

Description The plugin does not sanitise and escape the parameters before outputting it back in the response of an unauthenticated request, leading to a Reflected Cross-Site Scripting Open an HTML file containing the following: alert/XSS/' / var form1 = document.getElementById'hack'; form1.submit...

UPS Network Management Card 4 - Path Traversal

Exploit Title: UPS Network Management Card 4 - Path Traversal Google Dork: inurl:nmc inurl:logon.htm Date: 2023-12-19 Exploit Author: Víctor García Vendor Homepage: https://www.apc.com/ Version: 4 Tested on: Kali Linux CVE: N/A PoC: curl -k...

Unspecified vulnerability in wolfSSL (CNVD-2024-37452)

wolfSSL CyaSSL is the United States wolfSSL company for embedded systems developers to use a small, portable embedded SSL programming library. A security vulnerability exists in wolfSSL versions prior to 5.6.6, which can be exploited by an attacker to trigger a 5-byte buffer out-of-bounds read...

Pz-LinkCard < 2.5.3 - Reflected XSS

Description The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin Make a logged in admin open a page containing the code below ' /...

BIT-GOLANG-2022-41720 Restricted file access on Windows in os and net/http

On Windows, restricted files can be accessed via os.DirFS and http.Dir. The os.DirFS function and http.Dir type provide access to a tree of files rooted at a given directory. These functions permit access to Windows device files under that root. For example, os.DirFS"C:/tmp".Open"COM1" opens the...

Testimonial Slider < 2.3.7 - Author+ Settings Update

Description The plugin does not properly ensure that a user has the necessary capabilities to edit certain sensitive plugin settings, making it possible for users with at least the Author role to edit them. 1 Go to a page where one of the sliders is already in use and intercept the nonce tss 2...

Real Estate Management System v1.0 - Remote Code Execution via File Upload

Exploit Title: Real Estate Management System v1.0 - Remote Code Execution via File Upload Date: 2/11/2024 Exploit Author: Diyar Saadi Vendor Homepage: https://codeastro.com Version: V1.0 Tested on: Windows 11 + XAMPP 8.0.30 + Burp Suite Professional v2023.12.1.3 Description This Vulnerability all...

Simple Student Attendance System v1.0 - Time Based Blind SQL Injection

Exploit Title: Simple Student Attendance System - Time Based Blind SQL Injection Date: 26 December 2023 Exploit Author: Gnanaraj Mauviel @0xm3m Vendor: oretnom23 Vendor Homepage: https://www.sourcecodester.com/php/17018/simple-student-attendance-system-using-php-and-mysql.html Software Link:...

Travelpayouts < 1.1.17 - Open Redirect

Description The plugin is vulnerable to Open Redirect due to insufficient validation on the travelpayoutsredirect variable. This makes it possible for unauthenticated attackers to redirect users to potentially malicious sites if they can successfully trick them into performing an action...

CVE-2024-21502

CVE-2024-21502 affects the fastecdsa library prior to 2.3.2. The root cause is a Use of Uninitialized Variable on the stack in the curvemath_mul function (src/curveMath.c), where a value is interpreted as a user-defined type. Depending on the value, an attacker-controlled stack can cause arbitrar...

Fancy Product Designer < 6.1.5 - Admin+ SQL Injection

Description The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by adminstrators. - Log in as an administrator, and visit /wp-admin/. - Add a Catalog Product in /wp-admin/admin.php?page=fancyproductdesigner - Sear...