PYSEC-2024-55

Malicious package. Exfiltrated secrets to a target server...

PT-2024-40901 · Pypi · Cipherbcrypt

Name of the Vulnerable Software and Affected Versions: No specific software or versions mentioned. Description: The issue involves a malicious package that exfiltrates secrets to a target server. No further details are provided about the nature of the issue or its potential impact. Recommendation...

CVE-2024-27082

Cacti provides an operational monitoring and fault management framework. Versions of Cacti prior to 1.2.27 are vulnerable to stored cross-site scripting, a type of cross-site scripting where malicious scripts are permanently stored on a target server and served to users who access a particular...

Exploit for Path Traversal in Jenkins

CVE-2024-23897: Jenkins Arbitrary File Read Vulnerability Lead...

Exploit for Deserialization of Untrusted Data in Apache Activemq

CVE-2023-46604 This repository contains an exploit script and...

Lost And Found Information System 1.0 Insecure Direct Object Reference

Exploit Title: Lost and Found Information System v1.0 - idor leads to Account Take over Date: 2023-12-03 Exploit Author: OR4NG.M4N Category : webapps CVE : CVE-2023-38965 Python p0c : import argparse import requests import time parser = argparse.ArgumentParserdescription='Send a POST request to t...

WordPress plugin 3DPrint 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...

MStore API < 3.9.7 - Subscriber+ Unauthorized Settings Update

The plugin does not secure most of its AJAX actions by implementing privilege checks, nonce checks, or a combination of both. Make sure the site also has WooCommerce installed and activated, then, while logged-in as a subscriber, visit the following URLs: -...

Changjitong T+ Remote Command Execution Vulnerability

T+ is a new Internet-based business management software. A remote command execution vulnerability exists in T+, which can be exploited by an attacker to execute arbitrary commands on the target server...

Exploit for Incorrect Authorization in Cacti

CVE-2022-46169 Pseudo Shell Description This Python script...

Lucee Authenticated Scheduled Job Code Execution Exploit

This Metasploit module can be used to execute a payload on Lucee servers that have an exposed administrative web interface. It's possible for an administrator to create a scheduled job that queries a remote ColdFusion file, which is then downloaded and executed when accessed. The payload is...

Zendo Project Management System Remote Command Execution Vulnerability

Zendo Project Management System is a homegrown open source project management software. A remote command execution vulnerability exists in Zendo Project Management System. The vulnerability is caused by not exiting the program properly during the authentication process, resulting in an...

Advantech R-SeeNet SQL Injection (CVE-2021-21924)

An SQL injection vulnerability exists in Advantech R-SeeNet. The vulnerability is due to improper input. A successful attack may result in arbitrary SQL command execution against the database on the target server...

SolarWinds Orion Arbitrary File Write (CVE-2020-27871)

An arbitrary file write vulnerability exists in SolarWinds Network Configuration Manager. The vulnerability is due to insufficient validation of file types for vulnerability announcement data files in VulnerabilitySettings.aspx, combined with a lack of restriction on destination paths. A remote,...

Privilege escalation

An arbitrary file upload vulnerability exists in albumimages.jsp in Quicklert for Digium 10.0.0 1043 via a .mp3;.jsp filename for a file that begins with audio data bytes. It allows an authenticated low privileged attacker to execute remote code on the target server within the context of...

Apache Log4j2 suffers from a remote code execution vulnerability

Apache Log4j is a Java-based logging component . Apache Log4j2 is an upgraded version of Log4j , through the rewrite of Log4j introduced a rich feature set . The logging component is widely used in business systems development , to record program input and output log information. Apache Log4j2...

Cross-site Scripting (XSS) - Stored in poowf/invoiceneko

✍️ Description Stored Cross-Site Scripting XSS vulnerability due to the lack of content validation and output encoding. This vulnerability can be exploited by uploading a crafted payload inside a document. Then, the vulnerability can be triggered when the user previews the document´s content...

Pystinger - Bypass Firewall For Traffic Forwarding Using Webshell

Pystinger implements SOCK4 proxy and port mapping through webshell. It can be directly used by metasploit-framework, viper, cobalt strike for session online. Pystinger is developed in python, and currently supports three proxy scripts: php, jspx and aspx. Usage Suppose the domain name of the serv...

Remote Command Execution Vulnerability in E-Mail Email System

YZP is a professional mail system software and total solution provider. The remote command execution vulnerability in the YZP email system can be exploited by an attacker to achieve remote command execution without authorization and gain access to the target server...

Unspecified Vulnerability in ONLYOFFICE Document Server

ONLYOFFICE Document Server is a free collaborative online office suite that includes viewers and editors for text, spreadsheets and presentations. A security vulnerability exists in the ONLYOFFICE DocumentServer core module, which can be exploited by an attacker to shut down the target server...