CVE-2020-26954

When accepting a malicious intent from other installed apps, Firefox for Android accepted manifests from arbitrary file paths and allowed declaring webapp manifests for other origins. This could be used to gain fullscreen access for UI spoofing and could also lead to cross-origin attacks on...

Joomla! Component GMapFP 3.5 - Unauthenticated Arbitrary File Upload

Exploit Title: Joomla! Component GMapFP 3.5 - Unauthenticated Arbitrary File Upload Google Dork: inurl:''comgmapfp'' Date: 2020-03-27 Exploit Author: ThelastVvV Vendor Homepage: https://gmapfp.org/ Version:Version J3.5 /J3.5free Tested on: Ubuntu CVE: CVE-2020-23972 Description: An attacker can...

org.apache.camel:camel-web-standalone (>=2.0-M1 <=2.2.0), org.mortbay.hightide.example:auction (=6.1H.24) +16 more potentially affected by CVE-2020-27216 via org.mortbay.jetty:jetty-webapp (>=7.0.0.pre4 <=7.0.0.pre5)

org.mortbay.jetty:jetty-webapp MAVEN version =7.0.0.pre4, =2.0-M1, =7.0.0.pre4, =7.0.0.pre4, =7.0.0.pre4, =7.0.0.pre4, =7.0.0.pre4, =7.0.0.pre4, =7.0.0.pre4, =7.0.0.pre4, =7.0.0.pre4, =7.0.0.pre4, =7.0.0.pre4, =7.0.0.pre5 and more Source cves: CVE-2020-27216 Source advisory: OSV:GHSA-G3WG-6MCF-8J...

Typesetter CMS 5.1 Remote Code Execution

Exploit Title: Typesetter CMS 5.1 - Arbitrary Code Execution Exploit Author: Rodolfo "t0gu" Tavares Contact: @t0guu TW Software Homepage: https://www.typesettercms.com/ Version : 5.1 Tested on: Linux / Apache Category: WebApp Google Dork: intext:"Powered by Typesetter" Date: 2020-09-29 CVE :...

Textpattern CMS 4.6.2 - Cross-site Request Forgery

Exploit Title: Textpattern CMS 4.6.2 - Cross-site Request Forgery Exploit Author: Alperen Ergel Contact: @alprenae Software Homepage: https://textpattern.com/ Version : 4.6.2 Tested on: windows 10 / xammp Category: WebApp Google Dork: intext:"Published with Textpattern CMS" Date: 2020-10-29...

Typesetter CMS 5.1 - Arbitrary Code Execution (Authenticated)

Exploit Title: Typesetter CMS 5.1 - Arbitrary Code Execution Exploit Author: Rodolfo "t0gu" Tavares Contact: @t0guu TW Software Homepage: https://www.typesettercms.com/ Version : 5.1 Tested on: Linux / Apache Category: WebApp Google Dork: intext:"Powered by Typesetter" Date: 2020-09-29 CVE :...

Liman 0.7 - Cross-Site Request Forgery (Change Password)

Exploit Title: Liman 0.7 - Cross-Site Request Forgery Change Password Date: 2020-10-07 Exploit Author: George Tsimpidas Software Link : https://github.com/salihciftci/liman/releases/tag/v0.7 Version: 0.7 Tested on: Ubuntu 18.04.5 LTS Bionic Beaver Category: Webapp Description: There is no CSRF...

Seat Reservation System 1.0 Cross Site Scripting

Exploit Title: Seat Reservation System 1.0 Persistent Cross-Site Scripting Date: 10-08-2020 Exploit Author: George Tsimpidas Vendor Homepage: www.sourcecodester.com Software Link: https://www.sourcecodester.com/sites/default/files/download/oretnom23/seat-reservation-system-using-php0.zip Version:...

Textpattern CMS 4.6.2 Cross Site Scripting

Exploit Title: Textpattern CMS 4.6.2 - 'body' Persistent Cross-Site Scripting Exploit Author: Alperen Ergel Web Site: https://alperenae.gitbook.io/ Software Homepage: https://textpattern.com/ Version : 4.6.2 Tested on: windows 10 / xammp Category: WebApp Google Dork: intext:"Published with...

Textpattern CMS 4.6.2 - &#039;body&#039; Persistent Cross-Site Scripting

Exploit Title: Textpattern CMS 4.6.2 - 'body' Persistent Cross-Site Scripting Exploit Author: Alperen Ergel Web Site: https://alperenae.gitbook.io/ Software Homepage: https://textpattern.com/ Version : 4.6.2 Tested on: windows 10 / xammp Category: WebApp Google Dork: intext:"Published with...

Information Disclosure

tapestry-core is vulnerable to information disclosure. Mishandling of URL allows an attacker to use malicious URL to list and download the JAVA webapp files from WEB-INF of the WAR being run...

Typesetter CMS 5.1 Cross Site Scripting

Exploit Title: Typesetter CMS 5.1 - 'Site Title' Persistent Cross-Site Scripting Exploit Author: Alperen Ergel Web Site: https://alperenae.gitbook.io/ Contact: @alperenae IG @alprenae TW Software Homepage: https://www.typesettercms.com/ Version : 5.1 Tested on: windows 10 / xammp Category: WebApp...

Typesetter CMS 5.1 - &#039;Site Title&#039; Persistent Cross-Site Scripting

Exploit Title: Typesetter CMS 5.1 - 'Site Title' Persistent Cross-Site Scripting Exploit Author: Alperen Ergel Web Site: https://alperenae.gitbook.io/ Contact: @alperenae IG @alprenae TW Software Homepage: https://www.typesettercms.com/ Version : 5.1 Tested on: windows 10 / xammp Category: WebApp...

addressbook 9.0.0.1 SQL Injection

Title: addressbook 9.0.0.1 - 'id' SQL Injection Date: 2020-04-01 Author: David Velazquez a.k.a. d4sh&r000 vulnerable application: https://sourceforge.net/projects/php-addressbook/files/latest/download vulnerable version: 9.0.0.1 Discription: addressbook 9.0.0.1 time-based blind SQL injection Test...

Pinger 1.0 - Remote Code Execution Exploit

Exploit for php platform in category web applications Title: Pinger 1.0 - Remote Code Execution Author: Milad Karimi Vendor Homepage: https://github.com/wcchandler/pinger Software Link: https://github.com/wcchandler/pinger Tested on: windows 10 , firefox Version: 1.0 CVE : N/A...

Pinger 1.0 - Remote Code Execution

Title: Pinger 1.0 - Remote Code Execution Date: 2020-04-13 Author: Milad Karimi Vendor Homepage: https://github.com/wcchandler/pinger Software Link: https://github.com/wcchandler/pinger Tested on: windows 10 , firefox Version: 1.0 CVE : N/A...

Webexcels Ecommerce CMS 2.x SQL Injection / Cross Site Scripting

Exploit Title: Webexcels Ecommerce CMS SQL Injection & XSS Vulnerability Google Dork: intext:intext:" By WEB EXCELS "+inurl:"?Id=" Date: 2020-03-27 Exploit Author: @ThelastVvV Vendor Homepage: https://www.webexcels.com/ Version: 2.x 2017,2018,2019,2020 Tested on: Ubuntu...

Soluzione Globale Ecommerce CMS 1 SQL Injection

Exploit Title: Soluzione Globale Ecommerce cms v1 SQL Injection Vulnerability Google Dork: intext:" Soluzione Globale s.r.l.s. " +inurl:/.php?id= Date: 2020-03-24 Exploit Author: @ThelastVvV Vendor Homepage: https://www.soluzioneglobale.com/ Version: v1 Tested on: Ubuntu...

ai.ylyue:yue-library-auth-client (>=j8.2.3.0 <=j11.2.3.3), ai.ylyue:yue-library-auth-service (>=j8.2.3.0 <=j11.2.3.3) +3895 more potentially affected by CVE-2020-5397 via org.springframework:spring-webmvc (>=5.2.0.RELEASE <=5.2.2.RELEASE)

org.springframework:spring-webmvc MAVEN version =5.2.0.RELEASE, =j8.2.3.0, =j8.2.3.0, =j8.2.3.0, =2.3.0.RELEASE, =1.1.1, =1.0.0, =1.2.2.RELEASE, =1.2.2.RELEASE, =0.0.9, =0.0.9, =0.0.9, =0.0.9, =0.0.9, =0.0.12 and more Source cves: CVE-2020-5397 Source advisory: OSV:GHSA-7PM4-G2QJ-J85X...

SWFPFinder - SWF Potential Parameters Finder

SWFPFinder is a simple and open source bash script designed to discovery the potential swf file parameters on the webapp analysing the swf file. SWFPFinder use swfmill tool, swfmill is a tool to process Adobe Flash SWF files. It can convert SWF from and to an XML dialect called “swfml”, which is...