Directory traversal

An issue was discovered in AfterLogic Aurora through 7.7.9 and WebMail Pro through 7.7.9. They allow directory traversal to read files such as a data/settings/settings.xml file containing admin panel credentials, as demonstrated by dav/server.php/files/personal/%2e%2e when using the...

CVE-2021-26294

CVE-2021-26294 affects AfterLogic Aurora and WebMail Pro up to version 7.7.9. It is a directory traversal vulnerability in WebDAV endpoints (dav/server.php) that allows unauthenticated attackers to read arbitrary files (e.g., data/settings/settings.xml) by using crafted paths such as ../..//dav/s...

CVE-2021-26294

An issue was discovered in AfterLogic Aurora through 7.7.9 and WebMail Pro through 7.7.9. They allow directory traversal to read files such as a data/settings/settings.xml file containing admin panel credentials, as demonstrated by dav/server.php/files/personal/%2e%2e when using the...

Exploit for OS Command Injection in Oscommerce

PoC exploit for CVE-2020-27976, an authenticated remote code exe...

World Health Organization website hacked by NullCrew

A well known hacking group "Nullcrew" once again most active hacking group right now. Dumping database from number of websites daily. Their latest target was World Health Organization WHO website. Well, World Health Organization website who.int need treatment now, because their admin panel...