SOUND4 IMPACT/FIRST/PULSE/Eco v2.x - Denial Of Service Vulnerability

Exploit Title: SOUND4 IMPACT/FIRST/PULSE/Eco v2.x - Denial Of Service DoS Exploit Author: LiquidWorm Vendor: SOUND4 Ltd. Product web page: https://www.sound4.com | https://www.sound4.biz Affected version: FM/HD Radio Processing: Impact/Pulse/First Version 2: 1.1/2.15 Impact/Pulse/First Version 1:...

SOUND4 IMPACT/FIRST/PULSE/Eco v2.x - Authorization Bypass (IDOR)

Exploit Title: SOUND4 IMPACT/FIRST/PULSE/Eco v2.x - Authorization Bypass IDOR Exploit Author: LiquidWorm Vendor: SOUND4 Ltd. Product web page: https://www.sound4.com | https://www.sound4.biz Affected version: FM/HD Radio Processing: Impact/Pulse/First Version 2: 1.1/2.15 Impact/Pulse/First Versio...

SOUND4 IMPACT/FIRST/PULSE/Eco v2.x - Cross-Site Request Forgery

Exploit Title: SOUND4 IMPACT/FIRST/PULSE/Eco v2.x - Cross-Site Request Forgery Exploit Author: LiquidWorm Vendor: SOUND4 Ltd. Product web page: https://www.sound4.com | https://www.sound4.biz Affected version: FM/HD Radio Processing: Impact/Pulse/First Version 2: 1.1/2.15 Impact/Pulse/First Versi...

SOUND4 IMPACT/FIRST/PULSE/Eco v2.x - Authentication Bypass

Exploit Title: SOUND4 IMPACT/FIRST/PULSE/Eco v2.x - Authentication Bypass Exploit Author: LiquidWorm Vendor: SOUND4 Ltd. Product web page: https://www.sound4.com | https://www.sound4.biz Affected version: FM/HD Radio Processing: Impact/Pulse/First Version 2: 1.1/2.15 Impact/Pulse/First Version 1:...

SOUND4 IMPACT/FIRST/PULSE/Eco v2.x - Unauthenticated Factory Reset

Exploit Title: SOUND4 IMPACT/FIRST/PULSE/Eco v2.x - Unauthenticated Factory Reset Exploit Author: LiquidWorm Vendor: SOUND4 Ltd. Product web page: https://www.sound4.com | https://www.sound4.biz Affected version: FM/HD Radio Processing: Impact/Pulse/First Version 2: 1.1/2.15 Impact/Pulse/First...

SOUND4 IMPACT/FIRST/PULSE/Eco v2.x - Directory Traversal File Write Exploit

Exploit Title: SOUND4 IMPACT/FIRST/PULSE/Eco v2.x - Directory Traversal File Write Exploit Exploit Author: LiquidWorm Vendor: SOUND4 Ltd. Product web page: https://www.sound4.com | https://www.sound4.biz Affected version: FM/HD Radio Processing: Impact/Pulse/First Version 2: 1.1/2.15...

CVE-2023-26464

A flaw was found in Chainsaw and SocketAppender components with Log4j 1.x on JRE, less than 1.7. This issue may allow an attacker to use a logging entry with a specially-crafted hashmap or hashtable, depending on which logging component is in use, to process and exhaust the available memory in th...

Helmet Store Showroom 1.0 SQL Injection

Exploit Title: Helmet Store Showroom v1.0 - SQL Injection Exploit Author: Ameer Hamza Date: November 15, 2022 Vendor Homepage: https://www.sourcecodester.com/php/15851/helmet-store-showroom-site-php-and-mysql-free-source-code.html Software Link:...

Apache OpenMeetings 2.0.0 < 7.0.0 Privilege Escalation Vulnerability

Apache OpenMeetings is prone to a privilege escalation vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

The vulnerability of the mod_proxy module in the Apache HTTP Server allows attackers to send hidden HTTP requests (HTTP Request Smuggling attack).

The vulnerability of the modproxy module in the Apache HTTP Server is related to deficiencies in header processing for Transfer-Encoding. Exploiting this vulnerability allows a malicious actor to send hidden HTTP requests remotely HTTP Request Smuggling attack...

Revenue Collection System v1.0 - Remote Code Execution (RCE)

Exploit Title: Revenue Collection System v1.0 - Remote Code Execution RCE Exploit Author: Joe Pollock Date: November 16, 2022 Vendor Homepage: https://www.sourcecodester.com/php/14904/rates-system.html Software Link: https://www.sourcecodester.com/sites/default/files/download/oretnom23/rates.zip...

Revenue Collection System v1.0 - Remote Code Execution Exploit

Exploit Title: Revenue Collection System v1.0 - Remote Code Execution RCE Exploit Author: Joe Pollock Vendor Homepage: https://www.sourcecodester.com/php/14904/rates-system.html Software Link: https://www.sourcecodester.com/sites/default/files/download/oretnom23/rates.zip Tested on: Kali Linux,...

Apache OpenMeetings missing authentication and can allow user impersonation

The Apache Software Foundation's OpenMeetings from 2.0.0 before 7.0.0 is missing authentication on meeting invitation URLs. An invitation URL contains a hash that automatically logs in as the invited user. An unauthorized user could obtain this URL and log in to the meeting as an invited user, in...

GHSA-3R48-3M8R-4R9W Apache OpenMeetings missing authentication and can allow user impersonation

The Apache Software Foundation's OpenMeetings from 2.0.0 before 7.0.0 is missing authentication on meeting invitation URLs. An invitation URL contains a hash that automatically logs in as the invited user. An unauthorized user could obtain this URL and log in to the meeting as an invited user, in...

[R1] Stand-alone Security Patches Available for Tenable.sc versions 5.22.0, 5.23.1, and 6.0.0: SC-202303.2

R1 Stand-alone Security Patches Available for Tenable.sc versions 5.22.0, 5.23.1, and 6.0.0: SC-202303.2 Arnie Cabral Tue, 03/28/2023 - 11:10 Tenable.sc leverages third-party software to help provide underlying functionality. One of the third-party components in use Apache was found to contain...

CVE-2023-28326

CVE-2023-28326 affects Apache OpenMeetings 2.0.0 up to, but not including, 7.0.0. The root cause is an access control error where meeting invitation URLs lack authentication, enabling an attacker to impersonate users and elevate privileges within a meeting room. Publicly documented by GHSA and re...

Apache OpenOffice Code Execution Vulnerability (CNVD-2023-25931)

Apache OpenOffice is an open source office software suite from the U.S. Apache Apache Foundation. The suite contains text documents , spreadsheets , presentations , drawings , databases and so on. A code execution vulnerability exists in Apache OpenOffice that originates from a link containing an...

Mageia: Security Advisory (MGASA-2023-0100)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

WebTareas 2.4 Cross Site Scripting

Exploit Title: WebTareas 2.4 - Reflected XSS Unauthorised Date: 15/10/2022 Exploit Author: Hubert Wojciechowski Contact Author: [email protected] Vendor Homepage: https://sourceforge.net/projects/webtareas/ Software Link: https://sourceforge.net/projects/webtareas/ Version: 2.4 Tested on:...

WebTareas 2.4 Remote Shell Upload

Exploit Title: WebTareas 2.4 - RCE Authorized Date: 15/10/2022 Exploit Author: Hubert Wojciechowski Contact Author: [email protected] Vendor Homepage: https://sourceforge.net/projects/webtareas/ Software Link: https://sourceforge.net/projects/webtareas/ Version: 2.4 Testeted on: Windows 10...