Alhotphp Article CMS 1.0 Cross Site Request Forgery

==================================================================================================================================== | Title : Alhotphp article CMS 1.0 CSRF Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 66.0.332-bit | |...

WooCommerce Stripe Payment Gateway < 7.4.1 - Subscriber+ Order Intent Update

The plugin does not properly restrict users from making a certain set of changes to other customers' orders. TODO: ADD link to Patchstack's post instead of H1 Affected functions: createpaymentintentajax updatepaymentintentajax saveupeappearanceajax updateorderstatusajax updatefailedorderajax As a...

Super Socializer 7.13.52 - Reflected XSS Exploit

Exploit Title: Super Socializer 7.13.52 - Reflected XSS Dork: inurl: https://example.com/wp-admin/admin-ajax.php?action=thechampsharingcount&urls%3Cimg%20src%3Dx%20onerror%3Dalert%28document%2Edomain%29%3E=https://www.google.com Exploit Author: Amirhossein Bahramizadeh Category : Webapps Vendor...

Patched OpenSSH Exploited for IoT, Linux Cryptomining

By Deeba Ahmed According to Microsoft, the new campaign is ongoing and uses a backdoor to install a patched version of OpenSSH to hijack targeted devices. This is a post from HackRead.com Read the original post: Patched OpenSSH Exploited for IoT, Linux Cryptomining...

Exploit for Cross-Site Request Forgery (CSRF) in Issabel Pbx

issabel-pbx 4.0.0-6 - Cross Site Request Forgery CSRF to Pr...

PHPJabbers Forum Script 3.0 Persistent Cross Site Scripting

┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...

CVE-2023-26435

Open-Xchange App Suite vulnerability (CVE-2023-26435) arises from a code issue related to processing ODT documents via a local LibreOffice instance. The root cause is insufficient validation of filesystem and network references, enabling an attacker to discover restricted network topology and ser...

Exploit for Special Element Injection in Rocket.Chat

CVE-2021-22911 If you have already registered...

CVE-2023-2527 Integration for Contact Form 7 and Zoho CRM, Bigin < 1.2.4 - Admin+ SQLi

The Integration for Contact Form 7 and Zoho CRM, Bigin WordPress plugin before 1.2.4 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin...

Companion Sitemap Generator < 4.5.3 - Reflected XSS

The plugin does not sanitise and escape some parameters before outputting them back in pages, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin. Make a logged-in admin open: https://example.com/wp-admin/tools.php?page=csg-sitemap&tabbed=...

EventON < 2.1.2 - Unauthenticated Event Access

The plugin lacks authentication and authorization in its eventonicsdownload ajax action, allowing unauthenticated visitors to access private and password protected Events by guessing their numeric id. https://example.com/wp-admin/admin-ajax.php?action=eventonicsdownload&eventid=value...

Diafan CMS 6.0 - Reflected Cross-Site Scripting (XSS)

Exploit Title: Diafan CMS 6.0 - Reflected Cross-Site Scripting XSS Exploit Author: tmrswrr / Hulya Karabag Vendor Homepage: https://www.diafancms.com/ Version: 6.0 Tested on: https://demo.diafancms.com Description: 1 https://demo.diafancms.com/ Go to main page and write your payload in Search in...

EventON < 2.1.2 - Unauthenticated Post Access via IDOR

The plugin does not validate that the eventid parameter in its eventonicsdownload ajax action is a valid Event, allowing unauthenticated visitors to access any Post including unpublished or protected posts content via the ics export functionality by providing the numeric id of the post...

Unspecified Vulnerability in Google Android (CNVD-2023-52840)

Google Android is a Linux-based open source operating system from Google. Google Android has a security vulnerability that can be exploited by attackers to cause local elevation of privilege...

Online Art gallery project 1.0 - Arbitrary File Upload (Unauthenticated) Exploit

Exploit Title: Online Art gallery project 1.0 - Arbitrary File Upload Unauthenticated Google Dork: n/a Exploit Author: Ramil Mustafayev Vendor Homepage: https://github.com/projectworldsofficial Software Link: https://github.com/projectworlds32/Art-Gallary-php/archive/master.zip Version: 1.0 Teste...

HTTPS Fetch, Linux Command Shell, Find Tag Inline

Fetch and execute an x86 payload from an HTTPS server. Spawn a shell on an established connection proxy/NAT safe Module Options msf use payload/cmd/linux/https/x86/shellfindtag msf payloadshellfindtag show actions ...actions... msf payloadshellfindtag set ACTION msf payloadshellfindtag show optio...

Mozilla Firefox Buffer Overflow Vulnerability (CNVD-2023-52697)

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. A security vulnerability exists in Mozilla Firefox, which arises from a failure to validate a member of the DEVMODEW structure set by a printer device driver, which could be exploited by an attacker to...

Linux Kernel Resource Management Error Vulnerability (CNVD-2023-51384)

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux Kernel that originates from a mix-up in the program's instructions responsible for freeing memory. An attacker could exploit the...

KiviCare Management System < 3.2.1 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as administrator Make a logged in admin open...

Barebones CMS v2.0.2 - Stored Cross-Site Scripting (XSS) (Authenticated)

Exploit Title: Barebones CMS v2.0.2 - Stored Cross-Site Scripting XSS Authenticated Date: 2023-06-03 Exploit Author: tmrswrr Vendor Homepage: https://barebonescms.com/ Software Link: https://github.com/cubiclesoft/barebones-cms/archive/master.zip Version: v2.0.2 Tested :...