Online Movie Streaming 1.0 - Admin Authentication Bypass

Exploit Title: Online Movie Streaming 1.0 - Admin Authentication Bypass Exploit Author: Richard Jones Date: 2021-01-13 Vendor Homepage: https://www.sourcecodester.com/php/14640/online-movie-streaming-php-full-source-code.html Software Link:...

Online Hotel Reservation 1.0 SQL Injection

Exploit Title: Online Hotel Reservation 1.0 - Admin Authentication Bypass Exploit Author: Richard Jones Note: Shout out to boku Bobby Cooke for helping me get started on 0day's!! Date: 2021-01-13 Vendor Homepage:...

Online Hotel Reservation System 1.0 - Admin Authentication Bypass

Exploit Title: Online Hotel Reservation System 1.0 - Admin Authentication Bypass Exploit Author: Richard Jones Date: 2021-01-13 Vendor Homepage: https://www.sourcecodester.com/php/13492/online-hotel-reservation-system-phpmysqli.html Software Link:...

The SolarWinds Investigation Ramps Up

Plus: Covid-19 contact tracing privacy, a Nissan source code leak, and more of the week's top security news...

Nissan source code leaked after it used “admin” as username, password

By Waqas The collection is 20 GB large and includes source code of a range of Nissan services including NissanConnect. This is a post from HackRead.com Read the original post: Nissan source code leaked after it used "admin" as username, password...

Doppler VDP: Bypass Email Verification.

steps to reproduce:- 1- sign up into doppler here https://dashboard.doppler.com/register. 2- then it will go to this page https://dashboard.doppler.com/confirm and ask you to confirm your email. 3- go to source code and search for tagsconfirmemail . 4- you will find the email Verification token...

CVE-2020-29041

A misconfiguration in Web-Sesame 2020.1.1.3375 allows an unauthenticated attacker to download the source code of the application, facilitating its comprehension code review. Specifically, JavaScript source maps were inadvertently included in the production Webpack configuration. These maps contai...

Code injection

A misconfiguration in Web-Sesame 2020.1.1.3375 allows an unauthenticated attacker to download the source code of the application, facilitating its comprehension code review. Specifically, JavaScript source maps were inadvertently included in the production Webpack configuration. These maps contai...

CVE-2020-29041

A misconfiguration in Web-Sesame 2020.1.1.3375 allows an unauthenticated attacker to download the source code of the application, facilitating its comprehension code review. Specifically, JavaScript source maps were inadvertently included in the production Webpack configuration. These maps contai...

CVE-2020-29041

The CVE-2020-29041 entry describes a misconfiguration in Web-Sesame 2020.1.1.3375 where JavaScript source maps were included in production Webpack config, allowing an unauthenticated attacker to download the application’s source code and related artifacts (bundle sources, configuration settings s...

Web-Sesame Security Vulnerability

TIL Web-Sesame is a device from the French company Avaya TIL that allows unified monitoring and management of all information and electronically controlled devices in a building. The device can be connected to several monitoring terminals for management. A security vulnerability exists in...

Responsive E-Learning System 1.0 Cross Site Scripting

Exploit Title: Responsive E-Learning System 1.0 – Stored Cross Site Scripting Date: 2020-12-24 Exploit Author: Kshitiz Rajmanitorpotterk Vendor Homepage: https://www.sourcecodester.com/php/5172/responsive-e-learning-system.html Software Link:...

Online Learning Management System 1.0 Remote Command Execution

Exploit Title: Online Learning Management System 1.0 - RCE Authenticated Date: 01.01.2021 Exploit Author: Bedri Sertkaya Vendor Homepage: https://www.sourcecodester.com/php/7339/learning-management-system.html Software Link:...

Online Movie Streaming 1.0 - Authentication Bypass

Exploit Title: Online Movie Streaming 1.0 - Authentication Bypass Date: 2020-12-27 Exploit Author: Kshitiz Raj manitorpotterk Vendor Homepage: https://www.sourcecodester.com/php/14640/online-movie-streaming-php-full-source-code.html Software Link:...

House Rental and Property Listing 1.0 - Multiple Stored XSS

Exploit Title: House Rental and Property Listing 1.0 - Multiple Stored XSS Tested on: Windows 10 Exploit Author: Mohamed habib Smidi Craniums Date: 2020-12-28 Google Dork: N/A Vendor Homepage: https://www.sourcecodester.com/php/14649/house-rental-and-property-listing-php-full-source-code.html...

CVE-2020-26292

Creeper is an experimental dynamic, interpreted language. The binary release of Creeper Interpreter 1.1.3 contains potential malware. The compromised binary release was available for a few hours between December 26, 2020 at 3:22 PM EST to December 26, 2020 at 11:00 PM EST. If you used the source...

Microsoft reveals hackers viewed its source code

By Deeba Ahmed Microsoft confirmed that viewing source code doesn’t elevate the risk. Here's what happened and what Mircosoft said about the attack. This is a post from HackRead.com Read the original post: Microsoft reveals hackers viewed its source code...

Microsoft Says SolarWinds Hackers Accessed Some of Its Source Code

Microsoft on Thursday revealed that the threat actors behind the SolarWinds supply chain attack were able to gain access to a small number of internal accounts and escalate access inside its internal network. The "very sophisticated nation-state actor" used the unauthorized access to view, but no...

Microsoft Says SolarWinds Hackers Accessed Some of Its Source Code

Microsoft on Thursday revealed that the threat actors behind the SolarWinds supply chain attack were able to gain access to a small number of internal accounts and escalate access inside its internal network. The "very sophisticated nation-state actor" used the unauthorized access to view, but no...

Code injection

The function, view the source code, of HGiga MailSherlock does not validate specific characters. Remote attackers can use this flaw to download arbitrary system files...