Hgiga MailSherlock 输入验证错误漏洞

HGiga MailSherlock is an email archiving and auditing system that provides a complete email security solution. An arbitrary file download vulnerability exists in HGiga MailSherlock. The vulnerability stems from MailSherlock's View Source Code feature not validating specific characters. An attacke...

CVE-2020-35284

Flamingo aka FlamingoIM through 2020-09-29 allows ../ directory traversal because the only ostensibly unpredictable part of a file-transfer request is an MD5 computation; however, this computation occurs on the client side, and the computation details can be easily determined because the product'...

CVE-2020-35284

Flamingo aka FlamingoIM through 2020-09-29 allows ../ directory traversal because the only ostensibly unpredictable part of a file-transfer request is an MD5 computation; however, this computation occurs on the client side, and the computation details can be easily determined because the product'...

CVE-2020-35284

Flamingo aka FlamingoIM through 2020-09-29 allows ../ directory traversal because the only ostensibly unpredictable part of a file-transfer request is an MD5 computation; however, this computation occurs on the client side, and the computation details can be easily determined because the product'...

h1-ctf: Invading Grinch Network and Saving Christmas

How we saved Christmas As usual with H1 CTF challenges we are provided with a target URL. In our case it is the following: https://hackyholidays.h1ctf.com/ We started by visiting the URL and see what is going on. All we could see is a page with an image with a warning message. F1125722 We quickly...

Faculty Evaluation System 1.0 Cross Site Scripting

Exploit Title: Faculty Evaluation System 1.0 - Stored XSS Exploit Author: Vijay Sachdeva pwnshell Date: 2020-12-22 Vendor Homepage: https://www.sourcecodester.com/php/14635/faculty-evaluation-system-using-phpmysqli-source-code.html Software Link:...

Point Of Sale System 1.0 Cross Site Scripting

Exploit Title: Point of Sale System 1.0 - Multiple Stored XSS Exploit Author: Saeed Bala Ahmed r0b0tG4nG Date: 2020-12-18 Vendor Homepage: https://www.sourcecodester.com/php/9620/point-sale-system-pos.html Software Link:...

Point of Sale System 1.0 - Multiple Stored XSS

Exploit Title: Point of Sale System 1.0 - Multiple Stored XSS Exploit Author: Saeed Bala Ahmed r0b0tG4nG Date: 2020-12-18 Vendor Homepage: https://www.sourcecodester.com/php/9620/point-sale-system-pos.html Software Link:...

Alumni Management System 1.0 - "Course Form" Stored XSS

Exploit Title: Alumni Management System 1.0 - "Course Form" Stored XSS Exploit Author: Aakash Madaan Date: 2020-12-10 Vendor Homepage: https://www.sourcecodester.com/php/14524/alumni-management-system-using-phpmysql-source-code.html Software Link:...

Content Management System 1.0 SQL Injection

Exploit Title: Content Management System 1.0 - 'email' SQL Injection Exploit Author: Zhayi Zeo Date: 2020-12-14 Vendor Homepage: https://www.sourcecodester.com/php/14625/content-management-system-using-phpmysqli-source-code.html Software Link:...

Content Management System 1.0 Cross Site Scripting

Exploit Title:Content Management System 1.0 - 'First Name' Stored XSS Exploit Author: Zhayi Zeo Date: 2020-12-14 Vendor Homepage: https://www.sourcecodester.com/php/14625/content-management-system-using-phpmysqli-source-code.html Software Link:...

New Evidence Suggests SolarWinds' Codebase Was Hacked to Inject Backdoor

The investigation into how the attackers managed to compromise SolarWinds' internal network and poison the company's software updates is still underway, but we may be one step closer to understanding what appears to be a very meticulously planned and highly-sophisticated supply chain attack. A ne...

Task Management System 1.0 - 'page' Local File Inclusion

Exploit Title: Task Management System 1.0 - 'page' Local File Inclusion Exploit Author: İsmail BOZKURT Date: 2020-12-15 Vendor Homepage: https://www.sourcecodester.com/php/14615/task-management-system-using-phpmysqli-source-code.html Software Link:...

WSMan-WinRM - A Collection Of Proof-Of-Concept Source Code And Scripts For Executing Remote Commands Over WinRM Using The WSMan.Automation COM Object

A collection of proof-of-concept source code and scripts for executing remote commands over WinRM using the WSMan.Automation COM object. Background For background information, please refer to the following blog post: WS-Management COM: Another Approach for WinRM Lateral Movement Notes...

Apache Tomcat 8.5.0 < 8.5.60 multiple vulnerabilities

The version of Tomcat installed on the remote host is prior to 8.5.60. It is, therefore, affected by multiple vulnerabilities as referenced in the fixedinapachetomcat8.5.60security-8 advisory. - When serving resources from a network location using the NTFS file system, Apache Tomcat versions...

Apache Tomcat 9.0.0.M1 < 9.0.40 multiple vulnerabilities

The version of Tomcat installed on the remote host is prior to 9.0.40. It is, therefore, affected by multiple vulnerabilities as referenced in the fixedinapachetomcat9.0.40security-9 advisory. - When serving resources from a network location using the NTFS file system, Apache Tomcat versions...

Library Management System 2.0 SQL Injection

Exploit Title: Library Management System 2.0 - Auth Bypass SQL Injection Date: 2020-12-09 Exploit Author: Manish Solanki Vendor Homepage: https://www.sourcecodester.com/php/6849/library-management-system.html Software Link:...

Online Bus Ticket Reservation 1.0 - SQL Injection

Exploit Title: Online Bus Ticket Reservation 1.0 - SQL Injection Date: 2020-12-07 Exploit Author: Sakshi Sharma Vendor Homepage: https://www.sourcecodester.com/php/5012/online-bus-ticket-reservation-using-phpmysql.html Software Link:...

Employee Performance Evaluation System 1.0 - &#039;Task and Description&#039; Persistent Cross Site Scripting

Exploit Title: Employee Performance Evaluation System 1.0 - ' Task and Description' Persistent Cross Site Scripting Date: 08/12/2020 Exploit Author: Ritesh Gohil Vendor Homepage: https://www.sourcecodester.com Software Link:...

Online Bus Ticket Reservation 1.0 SQL Injection

Exploit Title: Online Bus Ticket Reservation 1.0 - SQL Injection Date: 2020-12-07 Exploit Author: Sakshi Sharma Vendor Homepage: https://www.sourcecodester.com/php/5012/online-bus-ticket-reservation-using-phpmysql.html Software Link:...