PT-2025-39892

Name of the Vulnerable Software and Affected Versions Vasion Print formerly PrinterLogic Virtual Appliance Host versions prior to 25.1.102 Vasion Print formerly PrinterLogic Application versions prior to 25.1.1413 Description The software contains a blind server-side request forgery SSRF issue...

Exploit for CVE-2025-29927

Next.js POC for CVE-2025-29927 - Authorization Bypass in Ne...

SOPlanning 1.52.00 SQL Injection

Exploit Title: SOPlanning v1.52.00 'projets.php' SQLi Application: SOPlanning Version: 1.52.00 Date: 4/22/24 Exploit Author: Joseph McPeters Liquidsky Vendor Homepage: https://www.soplanning.org/en/ Software Link: https://sourceforge.net/projects/soplanning/ Tested on: Linux CVE: Not yet assigned...

SOPlanning 1.52.00 SQL Injection Vulnerability

Exploit Title: SOPlanning v1.52.00 'projets.php' SQLi Application: SOPlanning Version: 1.52.00 Exploit Author: Joseph McPeters Liquidsky Vendor Homepage: https://www.soplanning.org/en/ Software Link: https://sourceforge.net/projects/soplanning/ Tested on: Linux CVE: Not yet assigned Description:...

CVE-2024-3101

In mintplex-labs/anything-llm, an improper input validation vulnerability allows attackers to escalate privileges by deactivating 'Multi-User Mode'. By sending a specially crafted curl request with the 'multiusermode' parameter set to false, an attacker can deactivate 'Multi-User Mode'. This acti...

CVE-2024-3101

In mintplex-labs/anything-llm, an improper input validation vulnerability allows attackers to escalate privileges by deactivating 'Multi-User Mode'. By sending a specially crafted curl request with the 'multiusermode' parameter set to false, an attacker can deactivate 'Multi-User Mode'. This acti...

CVE-2024-3101 Privilege Escalation via Improper Input Validation in mintplex-labs/anything-llm

In mintplex-labs/anything-llm, an improper input validation vulnerability allows attackers to escalate privileges by deactivating 'Multi-User Mode'. By sending a specially crafted curl request with the 'multiusermode' parameter set to false, an attacker can deactivate 'Multi-User Mode'. This acti...

CVE-2024-3101 Privilege Escalation via Improper Input Validation in mintplex-labs/anything-llm

In mintplex-labs/anything-llm, an improper input validation vulnerability allows attackers to escalate privileges by deactivating 'Multi-User Mode'. By sending a specially crafted curl request with the 'multiusermode' parameter set to false, an attacker can deactivate 'Multi-User Mode'. This acti...

DEBIAN-CVE-2024-2004

When a protocol selection parameter option disables all protocols without adding any then the default set of protocols would remain in the allowed set due to an error in the logic for removing protocols. The below command would perform a request to curl.se with a plaintext protocol which has been...

Webpushr < 4.35.0 - Unauthenticated Stored XSS

Description The plugin does not prevent visitors on the site from changing some of the plugin options, some of which may be used to conduct Stored XSS attacks. 1. Woocommerce needs to be installed as well as activating webpushr-web-push-notifications by creating an account. 2. Run the following...

K61105950: iControl REST logs a plaintext password when the syntax of a cURL request is incorrect

Security Advisory Description The BIG-IP system logs the device password in plaintext. This issue occurs when the following condition is met: There are one or more syntax errors in the POST body of a REST token request. Impact Disclosure of the BIG-IP system's device password can lead to other...

Pardakht Delkhah < 2.9.3 - Unauthenticated Stored XSS

The plugin does not sanitise and escape some parameters, allowing unauthenticated attackers to send a request with XSS payloads, which will be triggered when a high privilege users such as admin visits a page from the plugin. 1. Install and activate WoocCommerce dependency, no configuration...

Cross Site Scripting (XSS) Reflected

Description Reflected cross-site scripting or XSS arises when an application receives data in an HTTP request and includes that data within the immediate response in an unsafe way. Proof of Concept https://github.com/phpipam/phpipam/blob/master/app/subnets/mail-notify-subnet.php look in line 94-9...

Order Listener for WooCommerce < 3.2.2 - Unauthenticated SQLi

The plugin does not sanitise and escape the id parameter before using it in a SQL statement via a REST route available to unauthenticated users, leading to an SQL injection curl 'http://example.com/?restroute=/olistener/new' --data '"id":" SELECT SLEEP3"' -H 'content-type: application/json'...

Cisco Small Business RV Series Authentication Bypass and Command Injection

This module exploits an authentication bypass CVE-2021-1472 and command injection CVE-2021-1473 in the Cisco Small Business RV series of VPN/routers. The device does not adequately verify the credentials in the HTTP Authorization field when requests are made to the /upload endpoint. Then the...

Cisco Small Business RV Series Authentication Bypass / Command Injection

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Cisco Small Business RV Series Authentication Bypass and Command Injection', 'Description' = %q This module exploits an authentication bypass...

CollectorStealerBuilder Panel 2.0.0 Man-In-The-Middle

Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/54530f88c8e4f4371c9418f00c256b1dB.txt Contact: [email protected] Media: twitter.com/malvuln Threat: CollectorStealerBuilder v2.0.0 Panel Vulnerability: Man-in-the-Middle MITM Description: MITM vector...

WordPress 插件 代码问题漏洞

WordPress Plugin is an open source application plugin for WordPress. A code issue vulnerability exists in the WordPress plugin, which stems from a user-supplied URL request value being invoked by a curl request, making the Telefication plugin susceptible to open proxies and server-side request...

Nextcloud: End to end encryption folder locking is not properly protected

I do not see the endtoendencryption app listed here. But since you advertise it big on your website and in communication. And the clients that also support it are covered I assume this is part of the program as well. 1. userA has end to end encryption setup 2. userB wants to annoy userA 3. userB...

Online Internship Management System 1.0 - &#039;email&#039; SQL injection Auth Bypass

Exploit Title: Online Internship Management System 1.0 - 'email' SQL injection Auth Bypass Date: 16-02-2021 Exploit Author: Christian Vierschilling Vendor Homepage: https://www.sourcecodester.com Software Link:...