Mitsubishi Electric & INEA SmartRTU - Source Code Disclosure Vulnerability

Exploit Title: Mitsubishi Electric & INEA SmartRTU - Source Code Disclosure Exploit Author: Hamit CİBO Vendor Homepage: https://www.inea.si Software Link: https://www.inea.si/telemetrija-in-m2m-produkti/mertu/ Version: ME RTU Tested on: Windows CVE : CVE-2018-16060 PoC Request GET /web HTTP/1.1...

Mitsubishi Electric & INEA SmartRTU - Source Code Disclosure

Exploit Title: Mitsubishi Electric & INEA SmartRTU - Source Code Disclosure Date: 2021-17-10 Exploit Author: Hamit CİBO Vendor Homepage: https://www.inea.si Software Link: https://www.inea.si/telemetrija-in-m2m-produkti/mertu/ Version: ME RTU Tested on: Windows CVE : CVE-2018-16060 PoC Request GE...

Huawei EulerOS: Security Advisory for tomcat (EulerOS-SA-2021-2435)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP2 : tomcat (EulerOS-SA-2021-2435)

According to the versions of the tomcat packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - When serving resources from a network location using the NTFS file system, Apache Tomcat versions 10.0.0-M1 to 10.0.0-M9, 9.0.0.M1 to 9.0.39,...

CVE-2021-32072

The MiCollab Client Service component in Mitel MiCollab before 9.3 could allow an attacker to get source code information disclosing sensitive application data due to insufficient output sanitization. A successful exploit could allow an attacker to view source code methods...

Apache Tomcat 10.0.0.M1 < 10.0.0.M10 multiple vulnerabilities

The version of Tomcat installed on the remote host is prior to 10.0.0.M10. It is, therefore, affected by multiple vulnerabilities as referenced in the fixedinapachetomcat10.0.0-m10security-10 advisory. - When serving resources from a network location using the NTFS file system, Apache Tomcat...

SUSE SLES11 Security Update : tomcat6 (SUSE-SU-2021:14705-1)

The remote SUSE Linux SLES11 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:14705-1 advisory. - When running Apache Tomcat versions 9.0.0.M1 to 9.0.0, 8.5.0 to 8.5.22, 8.0.0.RC1 to 8.0.46 and 7.0.0 to 7.0.81 with HTTP PUTs enabled e.g...

Trixbox 2.8.0.4 - (lang) Path Traversal Exploit

Exploit Title: Trixbox 2.8.0.4 - 'lang' Path Traversal Exploit Author: Ron Jost Hacker5preme Credits to: https://secur1tyadvisory.wordpress.com/2018/02/13/trixbox-multiple-path-traversal-vulnerabilities-cve-2017-14537/ Credits to: Sachin Wagh Vendor Homepage:...

Customer Relationship Management (CRM) System 1.0 Cross Site Scripting

Exploit Title: Customer Relationship Management CRM System 1.0 - Stored XSS Date: 11/05/2021 Exploit Author: Richard Jones Vendor Homepage: https://www.sourcecodester.com/php/14794/customer-relationship-management-crm-system-php-source-code.html Software Link:...

EulerOS 2.0 SP3 : tomcat (EulerOS-SA-2021-1856)

According to the versions of the tomcat packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The fix for CVE-2020-9484 was incomplete. When using Apache Tomcat 10.0.0-M1 to 10.0.0, 9.0.0.M1 to 9.0.41, 8.5.0 to 8.5.61 or 7.0.0. to 7.0.107...

Apache Tomcat 7.0.0 < 7.0.107

The version of Tomcat installed on the remote host is prior to 7.0.107. It is, therefore, affected by a vulnerability as referenced in the fixedinapachetomcat7.0.107security-7 advisory. - When serving resources from a network location using the NTFS file system, Apache Tomcat versions 10.0.0-M1 t...

SOYAL Biometric Access Control System 5.0 - Master Code Disclosure Vulnerability

Exploit Title: SOYAL Biometric Access Control System 5.0 - Master Code Disclosure Exploit Author: LiquidWorm Vendor Homepage: https://www.soyal.com.tw https://www.soyal.com Vendor: SOYAL Technology Co., Ltd Product web page: https://www.soyal.com.tw | https://www.soyal.com Affected version: AR-72...

SOYAL Biometric Access Control System 5.0 - Master Code Disclosure

Exploit Title: SOYAL Biometric Access Control System 5.0 - Master Code Disclosure Date: 25.01.2021 Exploit Author: LiquidWorm Vendor Homepage: https://www.soyal.com.tw https://www.soyal.com Vendor: SOYAL Technology Co., Ltd Product web page: https://www.soyal.com.tw | https://www.soyal.com Affect...

QIWI: mysql.initial.sql file is accessable for everyone

здравствуйте. я нашел mysql.initial.sql файл Roundcube Webmail initial database structure. оно открыта для всех. это sql файл которая создает структуру разных таблиц как user,session,cache и так далее PoC url: https://contact.rapida.ru/mysql.initial.sql F1164134 F1164136 Impact information...

CVE-2021-24122

When serving resources from a network location using the NTFS file system, Apache Tomcat versions 10.0.0-M1 to 10.0.0-M9, 9.0.0.M1 to 9.0.39, 8.5.0 to 8.5.59 and 7.0.0 to 7.0.106 were susceptible to JSP source code disclosure in some configurations. The root cause was the unexpected behaviour of...

CVE-2021-24122

CVE-2021-24122 affects Apache Tomcat across multiple branches (7.0.x, 8.5.x, 9.x, 10.x). Root cause: JSP source disclosure when serving resources from a network/NTFS location due to JRE File.getCanonicalPath() and FindFirstFileW behavior. Affected versions include 10.0.0-M1 to 10.0.0-M9, 9.0.0.M1...

CVE-2020-29041

A misconfiguration in Web-Sesame 2020.1.1.3375 allows an unauthenticated attacker to download the source code of the application, facilitating its comprehension code review. Specifically, JavaScript source maps were inadvertently included in the production Webpack configuration. These maps contai...

Apache Tomcat 8.5.0 < 8.5.60 multiple vulnerabilities

The version of Tomcat installed on the remote host is prior to 8.5.60. It is, therefore, affected by multiple vulnerabilities as referenced in the fixedinapachetomcat8.5.60security-8 advisory. - When serving resources from a network location using the NTFS file system, Apache Tomcat versions...

Car Rental Management System 1.0 Shell Upload

Exploit Title: Car Rental Management System 1.0 - Remote Code Execution Authenticated Date: 2020-11.13 Exploit Author: Mehmet Kelepçe / Gais Cyber Security Author ID: 8763 Vendor Homepage: https://www.sourcecodester.com/php/14544/car-rental-management-system-using-phpmysqli-source-code.html...

Simple Grocery Store Sales And Inventory System 1.0 - Authentication Bypass

Exploit Title: Simple Grocery Store Sales And Inventory System 1.0 - Authentication Bypass Date: 24/09/2020 Exploit Author: Saurav Shukla & Jyotsna Adhana Vendor Homepage: https://www.sourcecodester.com/php/14461/simple-grocery-store-sales-and-inventory-system-using-phpmysql-source-code.html...