Modern Events Calendar Lite < 5.16.5 - Authenticated Arbitrary File Upload leading to RCE

The plugin did not properly check the imported file, allowing PHP ones to be uploaded by administrator by using the 'text/csv' content-type in the request. The issue could also be exploited via a CRSF attack, as such check was also missing...

h1-ctf: [h1-ctf] 12 Days of Adventure to stop Grinch from ruining Christmas

--------------------------------------------------------------------------------------------------------------------------------------------------- Day 1: https://hackyholidays.h1ctf.com/robots.txt User-agent: Disallow: /s3cr3t-ar3a Flag: flag48104912-28b0-494a-9995-a203d1e261e7 Here we go with t...

ILIAS Learning Management System 4.3 - SSRF

Exploit Title: ILIAS Learning Management System 4.3 - SSRF Date: 10-08-2020 Exploit Author: Dot/kx1z0 Vendor Homepage: https://www.ilias.de/ Software Link: https://github.com/ILIAS-eLearning/ILIAS/tree/release4-3 Version: 4.3-5.1 Tested on: Linux Description We can create portfolios, export them ...

ILIAS Learning Management System 4.3 Server-Side Request Forgery

Exploit Title: ILIAS Learning Management System 4.3 - SSRF Date: 10-08-2020 Exploit Author: Dot/kx1z0 Vendor Homepage: https://www.ilias.de/ Software Link: https://github.com/ILIAS-eLearning/ILIAS/tree/release4-3 Version: 4.3-5.1 Tested on: Linux Description We can create portfolios, export them ...

OpenCart 3.0.3.6 - &#039;subject&#039; Stored Cross-Site Scripting

Exploit Title: OpenCart 3.0.3.6 - 'subject' Stored Cross-Site Scripting Date: 24-11-2020 Exploit Author: Hemant Patidar HemantSolo Vendor Homepage: https://www.opencart.com/ Software Link: https://www.opencart.com/index.php?route=cms/download Version: 3.0.3.6 Tested on: Windows 10/Kali Linux CVE:...

28motivos.com Cross Site Scripting vulnerability OBB-1496289

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

InoERP 0.7.2 - Remote Code Execution (Unauthenticated)

!/usr/bin/python -- coding: UTF-8 -- Exploit Title: InoERP 0.7.2 Unauthenticated Remote Code Execution Date: March 14, 2020 Exploit Author: Lyhin's Lab Detailed Bug Description: https://lyhinslab.org/index.php/2020/03/14/inoerp-ab-rce/ Software Link: https://github.com/inoerp/inoERP Version: 0.7....

Comment Press < 2.7.2 - Unauthenticated Cross-Frame Scripting

An Unauthenticated Cross-Frame Scripting vulnerability was discovered in the Comment Press plugin v2.7.0 for WordPress. ! :: PoC Burp Suite: POST /wp-comments-post.php HTTP/1.1 Host: example.com Content-Type: application/x-www-form-urlencoded; charset=UTF-8 X-Requested-With: XMLHttpRequest...

fivetech.net Cross Site Scripting vulnerability OBB-1353279

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

GHSA-FJ93-7WM4-8X2G Cross-Site Scripting in jquery-mobile

All version of jquery-mobile are vulnerable to Cross-Site Scripting. The package checks for content in location.hash and if a URL is found it does an XmlHttpRequest XHR to the URL and renders the response with innerHTML. It fails to validate the Content-Type of the response, allowing attackers to...

Cross-Site Scripting in jquery-mobile

All version of jquery-mobile are vulnerable to Cross-Site Scripting. The package checks for content in location.hash and if a URL is found it does an XmlHttpRequest XHR to the URL and renders the response with innerHTML. It fails to validate the Content-Type of the response, allowing attackers to...

Quiz and Survey Master < 7.0.1 - Arbitrary File Upload

This flaw made it possible for unauthenticated attackers to upload arbitrary files and achieve remote code execution. Set-up quiz that accepts file uploads, then upload file and change content-type to one set as approved. history.pushState'', '', '/' function submitRequest var xhr = new...

Email Subscribers & Newsletters < 4.5.1 - Cross-site Request Forgery in send_test_email()

An attacker could exploit this issue by convincing a user to click a specially crafted URL, which will send emails from the affected user’s WordPress email account. function run var targetUrl = "http://example.com/webpage"; var email = "[email protected]"; var subject = "PoC"; var content = "add...

Pandora FMS 7.0 NG 746 Script Insertion / Code Execution Vulnerability

Pandora FMS 7.0 NG versions 746 and below remote code execution exploit that leverages cross site scripting. Requires administrator to perform an snmp scan with a cross site scripting payload. Exploit Title: PandoraFMS 7.0 NG ≤ 746 Remote Code Execution Date: July 2020 Author: AppleBois Version:...

Navigate CMS 2.8.7 - Cross-Site Request Forgery (Add Admin) Vulnerability

Exploit for php platform in category web applications Exploit Title: Navigate CMS 2.8.7 - Cross-Site Request Forgery Add Admin Exploit Author: Gus Ralph Vendor Homepage: https://www.navigatecms.com/en/home Software Link:...

NOKIA VitalSuite SPM 2020 - SQL Injection

NOKIA VitalSuite SPM 2020 suffers from a remote SQL injection vulnerability. Exploit Title: NOKIA VitalSuite SPM 2020 - 'UserName' SQL Injection Exploit Author: Berk Dusunur Google Dork: N/A Type: Web App Date: 2020-05-28 Vendor Homepage: https://www.nokia.com Software Link:...

NOKIA VitalSuite SPM 2020 - (UserName) SQL Injection Vulnerability

Exploit for multiple platform in category web applications Exploit Title: NOKIA VitalSuite SPM 2020 - 'UserName' SQL Injection Exploit Author: Berk Dusunur Vendor Homepage: https://www.nokia.com Software Link: https://www.nokia.com/networks/products/vitalsuite-performance-management-software/...

EyouCMS 1.4.6 - Persistent Cross-Site Scripting Vulnerability

Exploit for php platform in category web applications Exploit Title: EyouCMS 1.4.6 - Persistent Cross-Site Scripting Exploit Author: China Banking and Insurance Information Technology Management Co.,Ltd. Vendor Homepage: https://eyoucms.com Software Link:...

NOKIA VitalSuite SPM 2020 SQL Injection

Exploit Title: NOKIA VitalSuite SPM 2020 - 'UserName' SQL Injection Exploit Author: Berk Dusunur Google Dork: N/A Type: Web App Date: 2020-05-28 Vendor Homepage: https://www.nokia.com Software Link: https://www.nokia.com/networks/products/vitalsuite-performance-management-software/ Affected...

NOKIA VitalSuite SPM 2020 - &#039;UserName&#039; SQL Injection

Exploit Title: NOKIA VitalSuite SPM 2020 - 'UserName' SQL Injection Exploit Author: Berk Dusunur Google Dork: N/A Type: Web App Date: 2020-05-28 Vendor Homepage: https://www.nokia.com Software Link: https://www.nokia.com/networks/products/vitalsuite-performance-management-software/ Affected...