Lunary Input Validation Error Vulnerability

lunary is a production toolkit for LLM. An input validation error vulnerability exists in lunary that stems from improper validation of email addresses during the registration process and can be exploited by an attacker to create multiple accounts with the same email address by changing the case ...

Screen SFT DAB 600/C - Authentication Bypass Account Creation Exploit

!/usr/bin/env python3 Exploit Title: Screen SFT DAB 600/C - Authentication Bypass Account Creation Exploit Author: LiquidWorm Vendor: DB Elettronica Telecomunicazioni SpA Product web page: https://www.screen.it | https://www.dbbroadcast.com...

PT-2023-20017 · Unknown · Atlauncher

Name of the Vulnerable Software and Affected Versions: ATLauncher versions 3.4.26.0 and earlier Description: The issue allows a maliciously crafted mrpack file to create arbitrary files outside of the installation directory due to a Directory Traversal weakness. Recommendations: For ATLauncher...

CVE-2022-36065 GrowthBook account creation and file upload vulnerability in self-hosted configurations

GrowthBook is an open-source platform for feature flagging and A/B testing. With some self-hosted configurations in versions prior to 2022-08-29, attackers can register new accounts and upload files to arbitrary directories within the container. If the attacker uploads a Python script to the righ...

Advantech WebAccess Node has a Logic Flaw Vulnerability

Advantech WebAccess Node is a software for monitoring PLCs and other devices from Advantech in Taiwan, China. The product can realize real-time control of equipment status by monitoring PLC and other devices. A logic flaw vulnerability exists in Advantech WebAccess Node. An attacker can exploit...

UCMS has a logic flaw vulnerability

UCMS is a content management system written in PHP. UCMS suffers from a logic flaw vulnerability that can be exploited by an attacker to create files and folders under arbitrary paths...

Frog CMS File Upload Vulnerability (CNVD-2019-10141)

Frog CMS is a content management system CMS developed by software developer Philippe Archambault. The system provides tools for page templates, user rights management, and document management. A file upload vulnerability exists in Frog CMS 0.9.5, which can be exploited by an attacker via /admin/?...

CVE-2018-9106

creationtimestamp| type| source ---|---|--- 2018-03-30 00:00:00+00:00| exploited| https://www.exploit-db.com/exploits/44370...

CVE-2017-2521

creationtimestamp| type| source ---|---|--- 2017-06-01 00:00:00+00:00| exploited| https://www.exploit-db.com/exploits/42103...

CVE-2014-0056

The l3-agent in OpenStack Neutron 2012.2 before 2013.2.3 does not check the tenant id when creating ports, which allows remote authenticated users to plug ports into the routers of arbitrary tenants via the device id in a port-create command...

PyroCMS 0.9.9.1 Cross Site Request Forgery

input type="hidden" name="btnAction" value="sav...

LifeType 1.2.10 Cross Site Request Forgery

img...

PHP-Nuke 7.4 Remote Privilege Escalation

Exploit for unknown platform in category web applications ======================================== PHP-Nuke 7.4 Remote Privilege Escalation ======================================== A demonstration exploit HTTP form is provided: USERNAME: NOME: PASSWORD: E-MAIL: 0day.today 2018-01-05...

CVE-2004-0708

MoinMoin 1.2.1 and earlier allows remote attackers to gain privileges by creating a user with the same name as an existing group that has higher privileges...

Nuked-klaN 1.x - Multiple Vulnerabilities

Nuked-klaN 1.x - Multiple Vulnerabilities source: https://www.securityfocus.com/bid/10104/info Nuked-Klan is prone to multiple vulnerabilities. These issues include information disclosure via inclusion of local files, an issue that may permit remote attackers to corrupt configuration files and an...

S8Forum 3.0 - Remote Command Execution

S8Forum 3.0 - Remote Command Execution source: https://www.securityfocus.com/bid/6547/info S8Forum is prone to a remote command execution vulnerability. When a user registers with the forum, a file is created locally with the specified username. The contents of this file will be the data entered ...

Minor bug in Pagelog.cgi

There is a small bug in PAGELOG.cgi by Metertek [email protected] which allows users to create and view files. Any file on the system with a '.log' extension readable by the uid/gid of the webserver can be viewed. In addition, two files with extensions of '.txt' and '.log' can be created in any...

Blackboard Courseinfo v4.0 User Authentication

Apparently Courseinfo or at least the implementation I was playing with has no user authentication, meaning that anyone can force feed their own form values and Perl with merrily modify the database. So for instance running: all form input is in caps for readability...