360 matches found
IntruderPayloads
A collection of Burpsuite Intruder payloads, BurpBounty payloads, fuzz lists, malicious file uploads and web pentesting methodologies and checklists...
Booked Scheduler 2.8.5 Cross Site Scripting / Open Redirection
Exploit Title: Open Redirect / Reflected XSS - booked-schedulerv2.8.5 Date: 10/2024 Exploit Author: Andrey Stoykov Version: 2.8.5 Tested on: Ubuntu 22.04 Blog: https://msecureltd.blogspot.com/2024/10/friday-fun-pentest-series-13-reflected.html...
Exploit for CVE-2024-24809
CVE-2024-24809 Detail Description Traccar is an open sourc...
Adobe: Unauthenticated Varnish Cache Purge
Vulnerability description not provided...
Rocket LMS 1.9 Cross Site Scripting
Title: Rocket LMS 1.9 - Persistent Cross Site Scripting XSS Date: 04/16/2024 Exploit Author: Sergio Medeiros Vendor Homepage: https://codecanyon.net/item/rocket-lms-learning-management-academy-script/33120735 Software Link: https://lms.rocket-soft.org Version: 1.9 Tested on Firefox and Chrome...
Rocket LMS 1.9 - Persistent Cross Site Scripting (XSS)
Title: Rocket LMS 1.9 - Persistent Cross Site Scripting XSS Date: 04/16/2024 Exploit Author: Sergio Medeiros Vendor Homepage: https://codecanyon.net/item/rocket-lms-learning-management-academy-script/33120735 Software Link: https://lms.rocket-soft.org Version: 1.9 Tested on Firefox and Chrome...
Flowise 1.6.5 - Authentication Bypass Vulnerability
Exploit Title: Flowise 1.6.5 - Authentication Bypass Exploit Author: Maerifat Majeed Vendor Homepage: https://flowiseai.com/ Software Link: https://github.com/FlowiseAI/Flowise/releases Version: 1.6.5 Tested on: mac-os CVE : CVE-2024-31621 The flowise version if req.url.includes'/api/v1/'...
Flowise 1.6.5 - Authentication Bypass
Exploit Title: Flowise 1.6.5 - Authentication Bypass Date: 17-April-2024 Exploit Author: Maerifat Majeed Vendor Homepage: https://flowiseai.com/ Software Link: https://github.com/FlowiseAI/Flowise/releases Version: 1.6.5 Tested on: mac-os CVE : CVE-2024-31621 The flowise version if...
Flowise 1.6.5 Authentication Bypass
Exploit Title: Flowise 1.6.5 - Authentication Bypass Date: 17-April-2024 Exploit Author: Maerifat Majeed Vendor Homepage: https://flowiseai.com/ Software Link: https://github.com/FlowiseAI/Flowise/releases Version: 1.6.5 Tested on: mac-os CVE : CVE-2024-31621 The flowise version if...
Tramyardg Autoexpress 1.3.0 Cross Site Scripting Vulnerability
Exploit Title: tramyardg autoexpress - Stored Cross-Site Scripting XSS Exploit Author: Scott White Vendor Homepage: https://github.com/tramyardg/autoexpress Version: v1.3.0 Tested on: Ubuntu 22.04.3 LTS + Apache/2.4.52 CVE : CVE-2023-48903 References:...
Tramyardg Autoexpress 1.3.0 Authentication Bypass Vulnerability
Tramyardg Autoexpress version 1.3.0 allows for authentication bypass via unauthenticated API access to admin functionality. This could allow a remote anonymous attacker to delete or update vehicles as well as upload images for vehicles. Exploit Title: tramyardg autoexpress - Authentication Bypass...
Tramyardg Autoexpress 1.3.0 Cross Site Scripting
Exploit Title: tramyardg autoexpress - Stored Cross-Site Scripting XSS Google Dork: N/A Date: 11/28/2023 Exploit Author: Scott White Vendor Homepage: https://github.com/tramyardg/autoexpress Version: v1.3.0 Tested on: Ubuntu 22.04.3 LTS + Apache/2.4.52 CVE : CVE-2023-48903 References:...
Curfew e-Pass Management System 1.0 - FromDate SQL Injection
Exploit Title: Curfew e-Pass Management System 1.0 - FromDate SQL Injection Date: 28/9/2023 Exploit Author: Puja Dey Vendor Homepage: https://phpgurukul.com Software Link: https://phpgurukul.com/curfew-e-pass-management-system-using-php-and-mysql/ Version: 1.0 Tested on: Windows 10/Wamp 1 login...
Curfew e-Pass Management System 1.0 - FromDate SQL Injection Vulnerability
Exploit Title: Curfew e-Pass Management System 1.0 - FromDate SQL Injection Exploit Author: Puja Dey Vendor Homepage: https://phpgurukul.com Software Link: https://phpgurukul.com/curfew-e-pass-management-system-using-php-and-mysql/ Version: 1.0 Tested on: Windows 10/Wamp 1 login into the...
GHSA-RQ42-58QF-V3QX LibreNMS vulnerable to rate limiting bypass on login page
Summary Application is using two login methods and one of them is using GET request for authentication. There is no rate limiting security feature at GET request or backend is not validating that. PoC Go to /?username=admin&password=password&submit= Capture request in Burpsuite intruder and add...
LibreNMS vulnerable to rate limiting bypass on login page
Summary Application is using two login methods and one of them is using GET request for authentication. There is no rate limiting security feature at GET request or backend is not validating that. PoC Go to /?username=admin&password=password&submit= Capture request in Burpsuite intruder and add...
Exploit for Incorrect Authorization in Atlassian Confluence_Data_Center
CVE-2023-22518 An Exploitation tool to exploit the confluence...
Multiple Self-XSS Vulnerabilites
Description Multiple Self-XSS Vulnerabilities are triggered at multiple endpoints. http://localhost:8083/edit/server/ There is a bug in web/templates/pages/editserver.php file. Attacker can control $vtimezone. php ', theme: '', language: '', hasSmtpRelay: , remoteBackupEnabled: , backupType: '',...
Liberapay: Password Reset Token Leak Via Referrer
Vulnerability description not provided...
Misconfiguration in message sending function
Description Web application misconfiguration in messaging function. This vulnerability results in a user's messages being automatically sent to all other users. This results in the user's information potentially being exposed Proof of Concept link video Poc...