3100 matches found
Exploit for Path Traversal in Apache Http_Server
Apachuk - CVE-2021-41773 Grabber with Shodan Grabber Apache Di...
Pie Register < 3.7.1.6 - Unauthenticated Arbitrary Login
The plugin has a flaw in the social login implementation, allowing unauthenticated attacker to login as any user on the site by only knowing their user ID or username /pie-register-login/ is the login page of the plugin, ie the one with pieregisterlogin v 3.7.1.5 POST /pie-register-login/ HTTP/1....
Simple Online College Entrance Exam System 1.0 - Account Takeover
Exploit Title: Simple Online College Entrance Exam System 1.0 - Account Takeover Date: 07.10.2021 Exploit Author: Amine ismail @aminei Vendor Homepage: https://www.sourcecodester.com/php/14976/simple-online-college-entrance-exam-system-php-and-sqlite-free-source-code.html Software Link:...
Simple Online College Entrance Exam System 1.0 - Unauthenticated Admin Creation
Exploit Title: Simple Online College Entrance Exam System 1.0 - Unauthenticated Admin Creation Date: 07.10.2021 Exploit Author: Amine ismail @aminei Vendor Homepage: https://www.sourcecodester.com/php/14976/simple-online-college-entrance-exam-system-php-and-sqlite-free-source-code.html Software...
Online DJ Booking Management System 1.0 - 'Multiple' Blind Cross-Site Scripting
Exploit Title: Online DJ Booking Management System 1.0 - 'Multiple' Blind Cross-Site Scripting Date: 2021-10-06 Exploit Author: Yash Mahajan Vendor Homepage: https://phpgurukul.com/ Software Link: https://phpgurukul.com/online-dj-booking-management-system-using-php-and-mysql/ Version: V 1.0...
Online Traffic Offense Management System 1.0 - Multiple XSS Vulnerability
Exploit Title: Online Traffic Offense Management System 1.0 - Multiple XSS Unauthenticated Exploit Author: Hubert Wojciechowski Contact Author: email protected Vendor Homepage: https://www.sourcecodester.com Software Link:...
Exploit for Path Traversal in Apache Http_Server
CVE-2021-41773 Path Traversal vulnerability...
Redirect 404 Error Page to Homepage or Custom Page with Logs < 1.7.9 - Log Deletion via CSRF
The plugin does not check for CSRF when deleting logs, which could allow attacker to make a logged in admin delete them via a CSRF attack csrf.submit...
TheCartPress eCommerce Shopping Cart <= 1.5.3.6 - Unauthenticated Arbitrary Admin Account Creation
The tcpregisterandloginajax AJAX action of the plugin allows unauthenticated users to create accounts with an arbitrary role such as admin POST /wp-admin/admin-ajax.php HTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/;q=0.8 Accept-Language: en-GB,en;q=0.5...
Simple Download Monitor < 3.9.6 - Arbitrary Thumbnails Removal
The plugin allows users with a role as low as Contributor to remove thumbnails from downloads they do not own, even if they cannot normally edit the download. jQuery.postajaxurl, action: "sdmremovethumbnailimage", postiddel: 613 // not owned by the user POST /wp-admin/admin-ajax.php HTTP/1.1...
Batch Cat <= 0.3 - Subscriber+ Arbitrary Categories Add/Set/Delete to Posts
The plugin defines 3 custom AJAX actions, which both require authentication but are available for all roles. As a result, any authenticated user including simple subscribers can add/set/delete arbitrary categories to posts. Set the category 107 to the post 1537: POST /wp-admin/admin-ajax.php...
Themify Builder < 5.3.2 - Reflected Cross-Site Scripting
The plugin does not escape some parameters before outputting them back in attributes and tags in an admin page, leading to Reflected Cross-Site Scripting issues https://example.com/wp-admin/admin.php?page=themify-global-styles&status="alert/XSS/...
BP Better Messages < 1.9.9.41 - Multiple CSRF
The plugin does not check for CSRF in multiple of its AJAX actions: bpbettermessagesleavechat, bpbettermessagesjoinchat, bpmessagesleavethread, bpmessagesmutethread, bpmessagesunmutethread, bpbettermessagesaddusertothread, bpbettermessagesexcludeuserfromthread. This could allow attackers to make...
Easy PayPal Buy Now Button < 1.7.3 - CSRF to Stored Cross-Site Scripting
The plugin does not have CSRF check in place when saving its settings, and does not sanitise as well as escape them when output in the page. As a result, an attacker could make a logged in admin change them via. CSRF attack and perform Cross-Site Scripting attacks. The plugin also fixed a Reflect...
Phpwcms 1.9.30 Cross Site Scripting
Exploit Title: Phpwcms 1.9.30 - File Upload to XSS Date: 30/9/2021 Exploit Author: Okan Kurtulus | okankurtulus.com.tr Software Link: http://www.phpwcms.org/ Version: 1.9.30 Tested on: Ubuntu 16.04 Steps: 1- You need to login to the system. http://target.com/phpwcms/login.php 2- Creating payload...
Cyber Cafe Management System Project (CCMS) 1.0 - SQL Injection Authentication Bypass
Exploit Title: Cyber Cafe Management System Project CCMS 1.0 - SQL Injection Authentication Bypass Date: 29-09-2021 Exploit Author: sudoninja Vendor Homepage: https://phpgurukul.com Product link: https://phpgurukul.com/cyber-cafe-management-system-using-php-mysql/ Version: 1.0 Tested on: XAMPP /...
Stylish Price List < 6.9.0 - Unauthenticated Arbitrary Image Upload
The plugin does not perform capability checks in its spluploadserimg AJAX action available to both unauthenticated and authenticated users, which could allow unauthenticated users to upload images. v6.9.0 removed the unauthenticated hook, however, no capability and CSRF checks were implemented,...
Exploit for Out-of-bounds Write in Google Chrome
CVE-2021-30632 Chrome V8 RCE Exploit for Windows Tested V...
NinjaForms < 3.5.8.2 - Admin+ Stored Cross-Site Scripting
The plugin does not sanitise and escape the custom class name of the form field created, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. With the Form Builder "Dev Mode” setting enabled, create a form and a fiel...
WP Table Builder < 1.3.10 - Reflected Cross-Site Scripting
The plugin does not escape a page parameter before outputting it back in an admin dashboard page, leading to a Reflected Cross-Site Scripting issue alert/XSS/' /...