Arbitrary File Download Vulnerability in ES File Browser of Beijing Xiaoxiong Bowang Technology Co.

ES File Explorer is a powerful and free local and network file manager. ES File Browser has an arbitrary file download vulnerability that can be exploited by attackers to obtain sensitive information...

Logic Flaw Vulnerability in T+ (CNVD-2023-62863)

T+ is a new Internet business management software. A logic flaw vulnerability exists in Changjitong T+, which can be exploited by an attacker to delete arbitrary files...

Cross-Site Request Forgery lead to lock and unlock Album

Description Attacker able to lock or unlock any album with this CSRF attack. Proof of Concept 1. Admin already should be logged in browser 2. Open the CSRF.html document.forms0.submit; The album b9131a9d-577e-4f06-b87e-5af30714b25b will be unlock Acknowledge Tran Van Nhan from bl4ckh0l3 of Galaxy...

Stored XSS on Survey "Notification and data function"

Description Users with edit and update survey permission can perform an XSS Proof of Concept Log in with any user with this permission Update the "Send basic admin notification email to" field with this value test" Access the survey and the payload will be triggerred...

ownCloud: Cross-Site Request Forgery

A cross-site request forgery vulnerability was found in an application. Requests were not validating cross-site request forgery tokens, allowing an unauthorized user to perform administration functions by inserting valid session cookies into arbitrary requests. This could have enabled an attacker...

CVE-2023-36464

A flaw was found in the pyPDF package. In affected versions of the pyPDF package, this flaw allows an attacker to craft a PDF, which leads to an infinite loop if parsecontentstream is executed...

Stored XSS in Title

Description Spina's admin screen has an embedded XSS in the title of the page. By embedding arbitrary JavaScript code in the function of Paguri, arbitrary scripts can be executed on the browser when the administrator user who accessed the page deletes the page. Proof of Concept Step 1. Access the...

Mailchimp - Critical - Cross Site Request Forgery - SA-CONTRIB-2023-025

This module provides integration with Mailchimp, a popular email delivery service. A route related to OAuth authentication is not protected against a Cross Site Request Forgery attack...

CVE-2023-26276

IBM QRadar SIEM 7.5.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 248147...

CVE-2023-26276 IBM QRadar information disclosure

IBM QRadar SIEM 7.5.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 248147...

CVE-2023-34098 Dependency configuration exposed in Shopware

Shopware is an open source e-commerce software. Due to an incorrect configuration in the .htaccess file, the configuration file of the Javascript could be read in production environments themes/package-lock.json. With this information, the specific Shopware version in a deployment might be...

CVE-2023-2628 KiviCare Management System < 3.2.1 - Multiple CSRF

The KiviCare WordPress plugin before 3.2.1 does not have CSRF checks either flawed or missing completely in various AJAX actions, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks. This includes, but is not limited to: Delete arbitrary...

CVE-2023-2842

CVE-2023-2842 affects the WordPress plugin WP Inventory Manager (pre-2.1.0.14). The vulnerability stems from missing CSRF checks, enabling a CSRF attack to cause logged-in admins to delete Inventory Items. Remediation: upgrade to version 2.1.0.14 or later. Reported impact aligns with CVSS v3.1: a...

Japanese Cryptocurrency Exchange Falls Victim to JokerSpy macOS Backdoor Attack

An unknown cryptocurrency exchange located in Japan was the target of a new attack earlier this month to deploy an Apple macOS backdoor called JokerSpy. Elastic Security Labs, which is monitoring the intrusion set under the name REF9134, said the attack led to the installation of Swiftbelt, a...

Information Disclosure

github.com/cilium/cilium is vulnerable to Information Disclosure. The vulnerability exists due to the lack of namespace checks for TLS secret references in the Gateway API, which allows an attacker to gain access to secrets including certificates and services across namespaces and configure Ciliu...

Xenforo Version 2.2.13 - Authenticated Stored XSS Vulnerability

Exploit Title: Xenforo Version 2.2.13 - Authenticated Stored XSS Exploit Author: Furkan Karaarslan Category : Webapps Vendor Homepage: https://x.com/admin.php?smilies Version: 2.2.12 REQUIRED Tested on: Windows/Linux CVE :...

AN_GradeBook <= 5.0.1 - Subscriber+ SQLi

The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as subscriber Access the following URL to demonstrate SQLi:...

Design/Logic Flaw

endpattern called from internalfnmatch in the GNU C Library aka glibc or libc6 before 2.22 might allow context-dependent attackers to cause a denial of service application crash, as demonstrated by use of the fnmatch library function with the ! pattern. NOTE: this is not the same as CVE-2015-8984...

Linux kernel denial of service vulnerability (CNVD-2023-56645)

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A denial of service vulnerability exists in the Linux kernel, which stems from the lack of a check for the return value of kzalloc in dpucrtcatomiccheck in...

CVE-2023-34464

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Starting in version 2.2.1 until versions 14.4.8, 14.10.5, and 15.1RC1 of org.xwiki.platform:xwiki-platform-web and any version prior to 14.4.8, 14.10.5, and 15.1.RC1 of...