Exploit for OS Command Injection in Websvn

CVE-2021-3205-websvn-2.6.0 This is a exploit of CVE-2021-3205...

Jorani 注入漏洞

Jorani Leave Management System is a leave management system developed by Benjamin BALET, an individual developer in France. It is designed to provide small organizations with a simple workflow for leave and overtime requests. A cross-site scripting vulnerability exists in Jorani Leave Management...

ND Shortcodes < 7.0 - Subscriber+ LFI

The plugin does not validate some shortcode attributes before using them to generate paths passed to include function/s, allowing any authenticated users such as subscriber to perform LFI attacks Run the below command in the developer console of the web browser while being on the blog as a...

CVE-2023-2153

A vulnerability was found in SourceCodester Complaint Management System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file admin/assets/plugins/DataTables/examples/examplessupport/editableajax.php of the component POST Parameter Handler. The...

xcash 1.5 Insecure Settings

==================================================================================================================================== | Title : xcash V1.5 Insecure Settings Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 103.064-bit | |...

Cooked Pro < 1.7.5.7 - Unauthenticated PHP Object Injection

The plugin does not properly validate or sanitize the recipeargs parameter before unserializing it in the cookedloadmore action, allowing an unauthenticated attacker to trigger a PHP Object injection vulnerability. POST /wp-admin/admin-ajax.php HTTP/1.1 Content-Type:...

OpenJDK: excessive memory allocation in X.509 certificate parsing (Security, 8286533)

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Security. Supported versions that are affected are Oracle Java SE: 8u341, 8u345-perf, 11.0.16.1; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0. Easily exploitable vulnerabili...

Exploit for CVE-2021-41349

CVE-2021-41349 Exploit! Microsoft Exchange Server Spoofing...

PT-2022-4536 · Unknown · Prestashop

Name of the Vulnerable Software and Affected Versions: PrestaShop versions 1.6.0.10 through 1.7.x before 1.7.8.2 Description: The issue is related to a lack of protection against SQL injection attacks, allowing remote attackers to execute arbitrary code. This vulnerability has been exploited in t...

CVE-2022-21468

Vulnerability in the Oracle Applications Framework product of Oracle E-Business Suite component: Popups. Supported versions that are affected are 12.2.4-12.2.11. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Applications...

Multiple Plugins from AYS Pro - Reflected Cross-Site Scripting (XSS)

The plugins did not properly sanitise and escape some GET parameters before outputting them back in attributes, leading to reflected Cross-Site Scripting issues which will be executed in the context of a logged in administrator...

TextPattern CMS 4.8.7 Remote Command Execution

Exploit Title : TextPattern CMS 4.8.7 - Remote Command Execution Authenticated Date : 2021/09/06 Exploit Author : Mert Daş [email protected] Software Link : https://textpattern.com/filedownload/113/textpattern-4.8.7.zip Software web : https://textpattern.com/ Tested on: Server : Xampp First ...

BlackCat CMS 1.3.6 Cross Site Scripting

Exploit Title: BlackCat CMS 1.3.6 - 'Display name' Cross Site Scripting XSS Date: 16-02-2021 Exploit Author: Kamaljeet Kumar - TATA Advanced Systems Limited Vendor Homepage: https://blackcat-cms.org/ Software Link: https://blackcat-cms.org/page/download.php Version: BlackCat CMS - 1.3.6 Tested on...

Design/Logic Flaw

IBM Jazz Foundation products could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the...

CVE-2020-14660

Vulnerability in the Oracle CRM Technical Foundation product of Oracle E-Business Suite component: Preferences. Supported versions that are affected are 12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle CRM...

CVE-2020-2868

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft component: Diagnostic Framework. Supported versions that are affected are 8.56, 8.57 and 8.58. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft...

Centreon 19.10.5 - (Pollers) Remote Command Execution Exploit

Exploit for php platform in category web applications Exploit Title: Centreon 19.10.5 - 'Pollers' Remote Command Execution Exploit Author: Omri Baso, Fabien Aunay Vendor Homepage: https://www.centreon.com/ Software Link: https://github.com/centreon/centreon Version: 19.10.5 Tested on: CentOS 7.7...

KeePass 2.44 - Denial of Service (PoC)

Exploit Title : KeePass 2.44 - Denial of Service PoC Product : KeePass Password Safe Version : Help About KeePass Help any local help area Drag&Drop HTML File Save the contents to html. Payload-1: DoS & Run Cmd //=0;i-- tryo+=x.c" + "harAti;catchereturn o;f"\"function fx,yvar i,o=\"\\\""+...

CVE-2019-4742

IBM Financial Transaction Manager 3.0 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks agains...

Bottle Exploit Kit Landing Page

Bottle exploit kit is a web exploit kit that operates by delivering malicious payload to the victim's computer. Successful infection will allow the attacker to download additional malware to the target...