Simple Attendance System 1.0 - Authenticated bypass Vulnerability

Exploit Title: Simple Attendance System 1.0 - Authenticated bypass Exploit Author: Abdullah Khawaja hax.3xploit Vendor Homepage: https://www.sourcecodester.com/php/14948/simple-attendance-system-php-and-sqlite-free-source-code.html Software Link:...

Library Management System 1.0 - Blind Time-Based SQL Injection (Unauthenticated) Exploit

Exploit Title: Library Management System 1.0 - Blind Time-Based SQL Injection Unauthenticated Exploit Author: Bobby Cooke @0xBoku & Adeeb Shah @hyd3sec Vendor Homepage: https://www.sourcecodester.com/php/12469/library-management-system-using-php-mysql.html Software Link:...

DNSTake - A Fast Tool To Check Missing Hosted DNS Zones That Can Lead To Subdomain Takeover

A fast tool to check missing hosted DNS zones that can lead to subdomain takeover. What is a DNS takeover? DNS takeover vulnerabilities occur when a subdomain subdomain.example.com or domain has its authoritative nameserver set to a provider e.g. AWS Route 53, Akamai, Microsoft Azure, etc. but th...

Azure Zero-Day Bugs Show Lurking Supply-Chain Risk

Four Microsoft zero-day vulnerabilities in the Azure cloud platform’s Open Management Infrastructure OMI — a software that many don’t know is embedded in a host of services — show that OMI represents a significant security blind spot, researchers said. Collectively dubbed “OMIGOD” because of the...

Huawei EulerOS: Security Advisory for tomcat (EulerOS-SA-2021-2435)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

“Secret” Agent Exposes Azure Customers To Unauthorized Code Execution

Wiz Research recently discovered a series of alarming vulnerabilities that highlight the supply chain risk of open source code, particularly for customers of cloud computing services...

EulerOS 2.0 SP2 : tomcat (EulerOS-SA-2021-2435)

According to the versions of the tomcat packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - When serving resources from a network location using the NTFS file system, Apache Tomcat versions 10.0.0-M1 to 10.0.0-M9, 9.0.0.M1 to 9.0.39,...

Patient Appointment Scheduler System 1.0 Shell Upload

Exploit Title: Patient Appointment Scheduler System 1.0 - Unauthenticated File Upload & Remote Code Execution RCE Date: 03/09/2021 Exploit Author: a-rey Vendor Homepage: https://www.sourcecodester.com/php/14928/patient-appointment-scheduler-system-using-php-free-source-code.html Software Link:...

Patient Appointment Scheduler System 1.0 - Persistent Cross-Site Scripting

Exploit Title: Patient Appointment Scheduler System 1.0 - Persistent/Stored XSS Date: 03/09/2021 Exploit Author: a-rey Vendor Homepage: https://www.sourcecodester.com/php/14928/patient-appointment-scheduler-system-using-php-free-source-code.html Software Link:...

Patient Appointment Scheduler System 1.0 - Persistent / Stored XSS Exploit

Exploit Title: Patient Appointment Scheduler System 1.0 - Persistent/Stored XSS Exploit Author: a-rey Vendor Homepage: https://www.sourcecodester.com/php/14928/patient-appointment-scheduler-system-using-php-free-source-code.html Software Link: https://www.sourcecodester.com/download-code?nid=1492...

in leantime/leantime

✍️ Description In the source code of the application, the Secret Hash value and the initialization vector is being hardcoded. 🕵️‍♂️ Proof of Concept In the following code snippet, we can see the hard-coded secret hash and IV. private $encryptionMethod = 'AES-256-CBC'; private $secrethash =...

Traffic Offense Management System 1.0 SQL Injection / Remote Code Execution

Exploit Title: Traffic Offense Management System 1.0 - SQLi to Remote Code Execution RCE Unauthenticated Date: 19.08.2021 Exploit Author: Tagoletta Tağmaç Software Link: https://www.sourcecodester.com/php/14909/online-traffic-offense-management-system-php-free-source-code.html Version: 1.0 Tested...

Traffic Offense Management System 1.0 - SQL Injection to Remote Code Execution Exploit

Exploit Title: Traffic Offense Management System 1.0 - SQLi to Remote Code Execution RCE Unauthenticated Exploit Author: Tagoletta Tağmaç Software Link: https://www.sourcecodester.com/php/14909/online-traffic-offense-management-system-php-free-source-code.html Version: 1.0 Tested on: Linux import...

Traffic Offense Management System 1.0 - Remote Code Execution (RCE) (Unauthenticated)

Exploit Title: Traffic Offense Management System 1.0 - SQLi to Remote Code Execution RCE Unauthenticated Date: 19.08.2021 Exploit Author: Tagoletta Tağmaç Software Link: https://www.sourcecodester.com/php/14909/online-traffic-offense-management-system-php-free-source-code.html Version: 1.0 Tested...

Ship Ferry Ticket Reservation System 1.0 SQL Injection

Exploit Title: Ship Ferry Ticket Reservation System v1.0 SQL-Injection-Bypass-Authentication in /shipticketing/classes/Login.php. Author: nu11secur1ty Testing and Debugging: nu11secur1ty Date: 08.30.2021 Vendor:...

Source code is downloaded over cleartext HTTP in portaudio

An issue was discovered in the portaudio crate through 0.7.0 for Rust. There is a man-in-the-middle issue because the source code is downloaded over cleartext HTTP...

Compilation database: An alternative way to configure your C or C++ analysis

Analyzing C or C++ code requires - in addition to the source code - the configuration that is used to build the code. At SonarSource, we have provided a tool to automate the extraction of this information, the build wrapper. This tool has been used successfully with many projects, yet there are...

Laundry Booking Management System 1.0 - Multiple Stored Cross-Site Scripting Vulnerability

Exploit Title: Laundry Booking Management System 1.0 - 'Multiple' Stored Cross-Site Scripting XSS Exploit Author: Azumah Foresight Xorlali Vendor Homepage: https://www.sourcecodester.com/php/14400/laundry-booking-management-system-php-source-code.html Software Link:...

Laundry Booking Management System 1.0 Cross Site Scripting

Exploit Title: Laundry Booking Management System 1.0 - 'Multiple' Stored Cross-Site Scripting XSS Date: 2021-08-19 Exploit Author: Azumah Foresight Xorlali Vendor Homepage: https://www.sourcecodester.com/php/14400/laundry-booking-management-system-php-source-code.html Software Link:...

Simple Image Gallery 1.0 - Remote Code Execution (Unauthenticated) Exploit

Exploit Title: Simple Image Gallery 1.0 - Remote Code Execution RCE Unauthenticated Exploit Author: Tagoletta Tağmaç Software Link: https://www.sourcecodester.com/php/14903/simple-image-gallery-web-app-using-php-free-source-code.html Version: V 1.0 Tested on: Ubuntu import requests import random...