CVE-2020-23828

A File Upload vulnerability in SourceCodester Online Course Registration v1.0 allows remote attackers to achieve Remote Code Execution RCE on the hosting webserver by uploading a crafted PHP web-shell that bypasses the image upload filters. An attack uses...

Unrestricted file upload

A File Upload vulnerability in SourceCodester Online Course Registration v1.0 allows remote attackers to achieve Remote Code Execution RCE on the hosting webserver by uploading a crafted PHP web-shell that bypasses the image upload filters. An attack uses...

Sql injection

Projectworlds House Rental v1.0 suffers from an unauthenticated SQL Injection vulnerability, allowing remote attackers to execute arbitrary code on the hosting webserver via a malicious index.php POST request...

UBUNTU-CVE-2020-24379

WebDAV implementation in Yaws web server versions 1.81 to 2.0.7 is vulnerable to XXE injection...

Cross-Site Scripting in harp

Withdrawn This advisory has been withdrawn per request from the maintainer. Given harp is a static webserver, a XSS type of vulnerability is not appropriate. Original advisory description All versions of harp are vulnerable to Cross-Site Scripting. Due to misconfiguration of its rendering engine,...

CVE-2020-23829

interface/new/newcomprehensivesave.php in LibreHealth EHR 2.0.0 suffers from an authenticated file upload vulnerability, allowing remote attackers to achieve remote code execution RCE on the hosting webserver by uploading a maliciously crafted image...

CVE-2020-23829

interface/new/newcomprehensivesave.php in LibreHealth EHR 2.0.0 suffers from an authenticated file upload vulnerability, allowing remote attackers to achieve remote code execution RCE on the hosting webserver by uploading a maliciously crafted image...

Design/Logic Flaw

interface/new/newcomprehensivesave.php in LibreHealth EHR 2.0.0 suffers from an authenticated file upload vulnerability, allowing remote attackers to achieve remote code execution RCE on the hosting webserver by uploading a maliciously crafted image...

CVE-2020-23829

interface/new/newcomprehensivesave.php in LibreHealth EHR 2.0.0 suffers from an authenticated file upload vulnerability, allowing remote attackers to achieve remote code execution RCE on the hosting webserver by uploading a maliciously crafted image...

ZTE Mobile Hotspot MS910S Backdoor / Hardcoded Password

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple Vulnerabilities product: ZTE mobile Hotspot MS910S vulnerable version: DLMF910SCNEUV1.00.01 fixed version: - CVE number: CVE-2019-3422 impact: High homepage:...

House Rental 1.0 SQL Injection Exploit

Exploit for php platform in category web applications Exploit Title: House Rental v1.0 - PDO Bypass SQL Injection - Unauthenticated Code Execution - Change Admin Password Exploit Author: Bobby Cooke boku & Adeeb Shah @hyd3sec Vendor Homepage: https://projectworlds.in Software Link:...

House Rental 1.0 SQL Injection

Exploit Title: House Rental v1.0 - PDO Bypass SQL Injection - Unauthenticated Code Execution - Change Admin Password Exploit Author: Bobby Cooke boku & Adeeb Shah @hyd3sec Date: 2020-08-07 Vendor Homepage: https://projectworlds.in Software Link:...

Car Rental Management System 1.0 Remote Code Execution

Exploit Title: Car Rental Management System v1.0 - Unauthenticated RCE Exploit Author: Adeeb Shah @hyd3sec Shout out: Bobby Cooke boku Date: August 3, 2020 Vendor Homepage: https://projectworlds.in Software Link:...

CVE-2020-13914

webs in Ruckus Wireless Unleashed through 200.7.10.102.92 allows a remote attacker to cause a denial of service Segmentation fault to the webserver via an unauthenticated crafted HTTP request. This affects C110, E510, H320, H510, M510, R320, R310, R500, R510 R600, R610, R710, R720, R750, T300,...

LibreHealth 2.0.0 Remote Code Execution

Exploit Title: LibreHealth 2.0.0 - Authenticated Remote Code Execution Exploit Author: Bobby Cooke Date: 2020-07-17 Vendor Homepage: https://librehealth.io/ Software Link: https://github.com/LibreHealthIO/lh-ehr Version: 2.0.0 Tested On: Windows 10 Pro 1909 x6486 + XAMPP 7.4.4 Exploit Tested Usin...

LibreHealth 2.0.0 - Authenticated Remote Code Execution Exploit

Exploit for php platform in category web applications Exploit Title: LibreHealth 2.0.0 - Authenticated Remote Code Execution Exploit Author: Bobby Cooke Vendor Homepage: https://librehealth.io/ Software Link: https://github.com/LibreHealthIO/lh-ehr Version: 2.0.0 Tested On: Windows 10 Pro 1909...

Code Injection in swooningfish/ffmpeg-web-gui

Description The ffmpeg-web-gui project is a simple video converter written in PHP which uses the ffmpeg command to convert videos in HTML formats. The issue arises at the following line: https://github.com/swooningfish/ffmpeg-web-gui/blob/master/upload-and-convert.phpL176. The arbitrary command...

CVE-2020-15892

An issue was discovered in apply.cgi on D-Link DAP-1520 devices before 1.10b04Beta02. Whenever a user performs a login action from the web interface, the request values are being forwarded to the ssi binary. On the login page, the web interface restricts the password input field to a fixed length...

LibreHealth 2.0.0 Remote Code Execution

Exploit Title: LibreHealth v2.0.0 - Authenticated Remote Code Execution Exploit Author: Bobby Cooke Date: July 17th, 2020 Vendor Homepage: https://librehealth.io/ Software Link: https://github.com/LibreHealthIO/lh-ehr Version: 2.0.0 Tested On: Windows 10 Pro 1909 x6486 + XAMPP 7.4.4 Exploit Teste...

LibreHealth 2.0.0 Remote Code Execution Exploit

Exploit Title: LibreHealth v2.0.0 - Authenticated Remote Code Execution Exploit Author: Bobby Cooke Vendor Homepage: https://librehealth.io/ Software Link: https://github.com/LibreHealthIO/lh-ehr Version: 2.0.0 Tested On: Windows 10 Pro 1909 x6486 + XAMPP 7.4.4 Exploit Tested Using: Python 2.7.17...