5327 matches found
Open Redirect in erudika/scoold
Description Hi erudika scoold team, there is an Open redirect in your source code at question url Proof of Concept 1. Go to this link https://pro.scoold.com/questions/space?returnto=https://google.com 2. Observe that you are redirected to google.com Impact This vulnerability is capable of Open...
NotLegit: Azure App Service vulnerability exposed hundreds of source code repositories
Read about the NotLegit vulnerability discovered by the Wiz Research Team, where the Azure App Service exposed hundreds of source code repositories...
Gumtree exposed users’ personal and GPS location via source code
By Waqas Gumtree.com or Gumtree is a London, England-based online classified advertisement website with millions of registered users. This is a post from HackRead.com Read the original post: Gumtree exposed users personal and GPS location via source code...
Enalean Tuleap Injection Vulnerability
Enalean Tuleap is a set of open source software development and project management tools from the French company Enalean. The tool provides enterprise application lifecycle management, as well as project tracking, source code management, and team collaboration.Enalean Tuleap suffers from an...
Enalean Tuleap SQL Injection Vulnerability (CNVD-2021-103507)
Enalean Tuleap is a set of open source software development and project management tools from the French company Enalean. The tool provides enterprise application lifecycle management, as well as project tracking, source code management and team collaboration.Enalean Tuleap is vulnerable to SQL...
Child's Day Care Management System 1.0 SQL Injection
Title: Child's Day Care Management System 1.0 SQL - Injection Author: nu11secur1ty Date: 12.16.2021 Vendor: https://www.sourcecodester.com/users/tips23 Software: https://www.sourcecodester.com/php/15085/childs-day-care-management-system-phpoop-free-source-code.html Description: The username in...
Hackers Using Malicious IIS Server Module to Steal Microsoft Exchange Credentials
Malicious actors are deploying a previously undiscovered binary, an Internet Information Services IIS webserver module dubbed "Owowa," on Microsoft Exchange Outlook Web Access servers with the goal of stealing credentials and enabling remote command execution. "Owowa is a C-developed .NET v4.0...
Side-Channel Attack
github.com/sourcegraph/sourcegraph is vulnerable to side channel attack. The attack is possible because the library does not properly exclude the private source code search results in 'searchresults.go' , allowing an authenticated attacker to check specific string and API keys exists in private...
CVE-2021-43823
Sourcegraph is a code search and navigation engine. Sourcegraph prior to version 3.33.2 is vulnerable to a side-channel attack where strings in private source code could be guessed by an authenticated but unauthorized actor. This issue affects the Saved Searches and Code Monitoring features. A...
CVE-2021-43823
Sourcegraph is a code search and navigation engine. Sourcegraph prior to version 3.33.2 is vulnerable to a side-channel attack where strings in private source code could be guessed by an authenticated but unauthorized actor. This issue affects the Saved Searches and Code Monitoring features. A...
Code injection
Sourcegraph is a code search and navigation engine. Sourcegraph prior to version 3.33.2 is vulnerable to a side-channel attack where strings in private source code could be guessed by an authenticated but unauthorized actor. This issue affects the Saved Searches and Code Monitoring features. A...
CVE-2021-43823 Side-channel attack in Sourcegraph
Sourcegraph is a code search and navigation engine. Sourcegraph prior to version 3.33.2 is vulnerable to a side-channel attack where strings in private source code could be guessed by an authenticated but unauthorized actor. This issue affects the Saved Searches and Code Monitoring features. A...
Information disclosure
An information disclosure vulnerability in the login page of Huntflow Enterprise before 3.10.4 could allow an unauthenticated, remote user to get information about the domain name of the configured LDAP server. An attacker could exploit this vulnerability by requesting the login page and searchin...
Free School Management Software 1.0 Shell Upload
Exploit Title: Free School Management Software 1.0 - Remote Code Execution RCE Exploit Author: fuuzap1 Date: 7-12-2021 Category: Web application Vendor Homepage: https://www.sourcecodester.com/php/15073/free-school-management-software.html Software Link:...
Inclusion of Sensitive Information in Source Code in pimcore/demo
Description API Keys is hard coded in the application source code. The use of a hard-coded API Key has many negative implications. Proof of Concept "security" = "method" = "datahubapikey", "apikey" = "6332aa5e6d3d6c0be31da2a8b3442113", "skipPermissionCheck" = FALSE...
PayPal Free Source Code has an unspecified vulnerability
PayPal Free Source Code is an online registration management system. A security vulnerability exists in PayPal Free Source Code 1.0 online registration management system, which allows attackers to obtain sensitive information and execute arbitrary SQL commands via the IDNO parameter...
Employees Daily Task Management System 1.0 - (username) SQL injection Authentication Bypass
Exploit Title: Employees Daily Task Management System 1.0 - 'username' SQLi Authentication Bypass Exploit Author: able403 Vendor Homepage: https://www.sourcecodester.com/php/15030/employee-daily-task-management-system-php-and-sqlite-source-code.html Software Link:...
PayPal Free Source Code SQL注入漏洞
PayPal Free Source Code is an online registration management system. A security vulnerability exists in PayPal Free Source Code 1.0 online registration management system, which allows attackers to obtain sensitive information and execute arbitrary SQL commands via the IDNO parameter...
Online Pre-owned/Used Car Showroom Management System 1.0 - SQL injection Authentication Bypass
Exploit Title: Online Pre-owned/Used Car Showroom Management System 1.0 - SQLi Authentication Bypass Exploit Author: Mohamed habib Smidi Craniums Vendor Homepage: https://www.sourcecodester.com/php/15067/online-pre-ownedused-car-showroom-management-system-php-free-source-code.html Software Link:...
UBUNTU-CVE-2020-36129
AOM v2.0.1 was discovered to contain a stack buffer overflow via the component src/aomimage.c...