Mitsubishi Electric SmartRTU Forced Browsing (CVE-2018-16060)

Mitsubishi Electric SmartRTU devices allow remote attackers to obtain sensitive information directory listing and source code via a direct request to the /web URI. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL...

Directory traversal

Directory travesal in /northstar/filemanager/download.jsp in Northstar Technologies Inc NorthStar Club Management 6.3 allows remote unauthenticated users to download arbitrary files, including JSP source code, across the filesystem of the host of the web application...

Cloudflare Public Bug Bounty: Blind SSRF on platform.dash.cloudflare.com Due to Sentry misconfiguration

Cloudflare uses Sentry for application monitoring and error tracking. Due to the tool's misconfiguration source code scraping feature enabled, it was possible to sent blind requests to any endpoints using the Cloudflare infrastructure. The issue has been fixed by the Engineering team and the sour...

CVE-2020-36064

Online Course Registration v1.0 was discovered to contain hardcoded credentials in the source code which allows attackers access to the control panel if compromised...

Hardcoded credentials

Online Course Registration v1.0 was discovered to contain hardcoded credentials in the source code which allows attackers access to the control panel if compromised...

Improper Privilege Management in liangliangyy/djangoblog

Description Hi there, I would like to report an improper privilege management vulnerability in djangoblog source code. This would allow an attacker to create comment on behalf of anyone. Proof of Concept 1. Install a local instance of djangoblog, login as admin and create an article 2. Create a n...

Exploit for Out-of-bounds Write in Polkit_Project Polkit

polkit-0.96-CVE-2021-4034 CentOS 7.x already has the RPM pack...

Mageia: Security Advisory (MGASA-2017-0352)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Exploit for Off-by-one Error in Sudo_Project Sudo

CVE-2021-3156 toc Vulnerability profile Vulnerabilit...

Online Project Time Management System 1.0 Cross Site Scripting

Exploit Title: Online Project Time Management System 1.0 - Multiple Stored XSS Authenticated Date: 19/01/2022 Exploit Author: Felipe Alcantara Filiplain Vendor Homepage: https://www.sourcecodester.com/ Software Link:...

Anti-Malware Security and Brute-Force Firewall < 4.20.94 - Admin+ Reflected Cross-Site Scripting

The plugin does not sanitise and escape the POST data before outputting it back in attributes of an admin page, leading to a Reflected Cross-Site scripting. Due to the presence of specific parameter value, available to admin users, this can only be exploited by an admin against another admin user...

CVE-2021-45781

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none...

Hardcoded credentials

The Le-yan dental management system contains a hard-coded credentials vulnerability in the web page source code, which allows an unauthenticated remote attacker to acquire administrator’s privilege and control the system or disrupt service...

The FTC Wants Companies to Find Log4j Fast. It Won't Be Easy

The critical vulnerability is buried among endless open source code, and many cyber experts are stumped...

Online Railway Reservation System 1.0 - Admin Account Creation Vulnerability

Exploit Title: Online Railway Reservation System 1.0 - Admin Account Creation Unauthenticated Exploit Author: Zachary Asher Vendor Homepage: https://www.sourcecodester.com/php/15121/online-railway-reservation-system-phpoop-project-free-source-code.html Software Link:...

Dart has an unspecified vulnerability

Dart is an open source programming language. A security vulnerability exists in the Dart SDK, which could be exploited by an attacker to embed source code that is not visible to code reviewers to modify the behavior of the program in unexpected ways...

Malicious code in bootstrap-feature (npm)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 3db5e43a78e41f050b0e265c951bc776e693abd20a01108e6c8ea2e15a5e7c4d Malicious packages campaign since 2021 targeting developers, steals source code and secrets...

MAL-2022-7431 Malicious code in bootstrap-feature (npm)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 3db5e43a78e41f050b0e265c951bc776e693abd20a01108e6c8ea2e15a5e7c4d Malicious packages campaign since 2021 targeting developers, steals source code and secrets...

PayPal Free Source Code Access Control Error Vulnerability

PayPal Free Source Code is an online registration management system. An access control error vulnerability exists in PayPal Free Source Code, which stems from the product's failure to validate privileges when obtaining PHP and PayPal Free Source 1.0 product code, and can be exploited by an attack...

CVE-2021-40579

The CVE-2021-40579 entry concerns the PayPal Free Source Code Online Enrollment Management System in PHP (version 1.0) and related components, affected by Incorrect Access Control. The underlying impact is remote privilege gain through improper privilege validation when obtaining PHP and PayPal F...