5327 matches found
Exploit for Improper Input Validation in Microsoft
This is an educational exercise. Use at your own risk. CVE-...
Visual Studio Code ESLint Extension Remote Code Execution Vulnerability
A remote code execution vulnerability exists in the ESLint extension for Visual Studio Code when it validates source code after opening a project. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on...
Smartwatch Hack Could Trick Dementia Patients into Overdosing
Researchers are warning vulnerabilities in a smartwatch application for dementia patients could allow an attacker to convince patients to overdose. The vulnerabilities stem from the SETracker application, which is developed by Chinese developer 3G Electronics based out of Shenzhen City. The app,...
Savsoft Quiz 5 - Persistent Cross-Site Scripting Vulnerability
Exploit for php platform in category web applications Exploit Title: Savsoft Quiz 5 - Persistent Cross-Site Scripting Exploit Author: Ogulcan Unverenth3d1gger Vendor Homepage: https://savsoftquiz.com/ Software Link: https://github.com/savsofts/savsoftquizv5.git Version: 5.0 Tested on: Kali Linux...
Savsoft Quiz 5 - Persistent Cross-Site Scripting
Exploit Title: Savsoft Quiz 5 - Persistent Cross-Site Scripting Date: 2020-07-09 Exploit Author: Ogulcan Unverenth3d1gger Vendor Homepage: https://savsoftquiz.com/ Software Link: https://github.com/savsofts/savsoftquizv5.git Version: 5.0 Tested on: Kali Linux ---Vulnerable Source Code---- functio...
Savsoft Quiz 5 - Persistent Cross-Site Scripting Vulnerability
Exploit for php platform in category web applications Exploit Title: Savsoft Quiz 5 - Persistent Cross-Site Scripting Exploit Author: Ogulcan Unverenth3d1gger Vendor Homepage: https://savsoftquiz.com/ Software Link: https://github.com/savsofts/savsoftquizv5.git Version: 5.0 Tested on: Kali Linux...
Airshare - Cross-platform Content Sharing In A Local Network
Airshare is a Python-based CLI tool and module that lets you transfer data between two machines in a local network, P2P, using Multicast-DNS. It also opens an HTTP gateway for other non-CLI external interfaces. It works completely offline! Built with aiohttp and zeroconf. Checkout the demo...
File Management System 1.1 - Persistent Cross-Site Scripting
Exploit Title: File Management System 1.1 - Persistent Cross-Site Scripting Date: 2020-06-30 Exploit Author: KeopssGroup0day,Inc Vendor Homepage: https://www.sourcecodester.com/download-code?nid=13333&title=File+Management+System+Very+Complete+Using+PHP%2FMySQLi+version+1.1 Software Link:...
Engel & Völkers Technology GmbH: Publicly accessible .SVN repository allows downloading entire source code
Summary of the Issue The researcher found a publicly accessible SVN repository at https://printshop.engelvoelkers.com/.svn/wc.db Steps to reproduce Go to https://printshop.engelvoelkers.com/.svn/wc.db Impact statement Information disclosure...
e-learning Php Script 0.1.0 - 'search' SQL Injection
Exploit Title: e-learning Php Script 0.1.0 - 'search' SQL Injection Date: 2020-06-29 Exploit Author: KeopssGroup0day,Inc Vendor Homepage: https://github.com/amitkolloldey/elearning-script Software Link: https://github.com/amitkolloldey/elearning-script Version: 0.1.0 Tested on: Kali Linux Source...
vBulletin 5 SQL Injection
SQL Injection vulnerability in vBulletin nodeId parameter Vulnerability Type: SQL Injection For the exploit source code contact DSquare Security sales team...
Unnamed Vulnerability in GitLab (CNVD-2021-19411)
GitLab is a Ruby on Rails-developed, self-hosted, Git version control system project repository application from the American company GitLab. The program can be used to access a project's file contents, commit history, bug lists, and more. A security vulnerability exists in GitLab Enterprise and...
ACSC Releases Advisory on Cyber Campaign using Copy-Paste Compromises
The Australian Cyber Security Centre ACSC has released an advisory regarding an ongoing cyber campaign involving “copy-paste compromises” targeting Australian government and commercial networks. According to the advisory, a sophisticated malicious cyber actor is carrying out the campaign using...
CVE-2020-13261
Amazon EKS credentials disclosure in GitLab CE/EE 12.6 and later through 13.0.1 allows other administrators to view Amazon EKS credentials via HTML source code...
CVE-2020-13261
Amazon EKS credentials disclosure in GitLab CE/EE 12.6 and later through 13.0.1 allows other administrators to view Amazon EKS credentials via HTML source code...
CVE-2020-13261
CVE-2020-13261 affects GitLab CE/EE 12.6 through 13.0.1, where Amazon EKS credentials can be disclosed to other administrators via HTML source code. Connected sources confirm the vulnerability and affected ranges, but do not provide concrete exploit steps or a published remediation version. The i...
CVE-2020-13261
Amazon EKS credentials disclosure in GitLab CE/EE 12.6 and later through 13.0.1 allows other administrators to view Amazon EKS credentials via HTML source code...
CVE-2020-13261
Removed by vendor...
DNS as Code
Infrastructure as Code IaC and Continuous Delivery methods have become increasingly popular amongst development and operations teams as a means of maintaining high-performing websites. Code repositories, build servers, and configuration management systems are now industry standards, as these tool...
RATELIMITED: Source code disclosure at ███
Summary: Source code disclosure at ███████ Steps To Reproduce: POC: link download source code: ███████ Supporting Material/References: █████ ███████ Impact Source Code Disclosure Sensitive Information Disclosure...