pac-exploits-priv

CVE-2021-4034 PoC for PwnKit: Local Privilege Escalation Vulne...

kit-exploits-prv

Information Exploit Title: Local Privilege Escalation i...

ZoomSounds Plugin - Unauthenticated Arbitrary File Upload

ZoomSounds plugin for WordPress contains a file upload vulnerability in savepng.php id: CVE-2021-4449 info: name: ZoomSounds Plugin - Unauthenticated Arbitrary File Upload author: 0xnemian severity: critical description: | ZoomSounds plugin for WordPress contains a file upload vulnerability in...

WCFM WooCommerce Multivendor Marketplace < 3.4.12 - SQL Injection

The wcfmajaxcontroller AJAX action of the WCFM Marketplace WordPress plugin before 3.4.12, available to unauthenticated and authenticated user, does not properly sanitise multiple parameters before using them in SQL statements, leading to SQL injections. id: CVE-2021-24849 info: name: WCFM...

SAS/Internet 9.4 1520 - Local File Inclusion

SAS/Internet 9.4 build 1520 and earlier allows local file inclusion. The samples library included by default in the appstart.sas file, allows end-users of the application to access the sample.webcsf1.sas program, which contains user-controlled macro variables that are passed to the DS2CSF macro...

WordPress Easy Social Icons Plugin < 3.0.9 - Cross-Site Scripting

The Easy Social Icons plugin = 3.0.8 for WordPress echoes out the raw value of $SERVER'PHPSELF' in its main file. On certain configurations including Apache+modPHP this makes it possible to use it to perform a reflected cross-site scripting attack by injecting malicious code in the request path...

CentOS Web Panel - SQL Injection

The unprivileged user portal part of CentOS Web Panel is affected by a SQL Injection via the 'idsession' HTTP POST parameter. id: CVE-2021-31316 info: name: CentOS Web Panel - SQL Injection author: ritikchaddha severity: critical description: | The unprivileged user portal part of CentOS Web Pane...

GenieACS => 1.2.8 - OS Command Injection

In GenieACS 1.2.x before 1.2.8, the UI interface API is vulnerable to unauthenticated OS command injection via the ping host argument lib/ui/api.ts and lib/ping.ts. The vulnerability arises from insufficient input validation combined with a missing authorization check. id: CVE-2021-46704 info:...

MKdocs 1.2.2 - Directory Traversal

The MKdocs 1.2.2 built-in dev-server allows directory traversal using the port 8000, enabling remote exploitation to obtain sensitive information. Note the vendor has disputed the vulnerability see references because the dev server must be used in an unsafe way namely public to have this...

emlog 5.3.1 Path Disclosure

emlog v5.3.1 is susceptible to full path disclosure via t/index.php, which allows an attacker to see the path to the webroot/file. id: CVE-2021-3293 info: name: emlog 5.3.1 Path Disclosure author: h1ei1 severity: medium description: emlog v5.3.1 is susceptible to full path disclosure via...

Grafana Unauthenticated Snapshot Creation

Grafana 6.7.3 through 7.4.1 snapshot functionality can allow an unauthenticated remote attacker to trigger a Denial of Service via a remote API call if a commonly used configuration is set. id: CVE-2021-27358 info: name: Grafana Unauthenticated Snapshot Creation author: pdteam,bing0o severity: hi...

Spotweb <= 1.5.1 - Cross Site Scripting

Cross-site scripting XSS vulnerability in templates/installer/step-004.inc.php in spotweb 1.5.1 and below allow remote attackers to inject arbitrary web script or HTML via the lastname parameter. id: CVE-2021-40973 info: name: Spotweb = 1.5.1 - Cross Site Scripting author: theamanrawat severity:...

Void Aural Rec Monitor 9.0.0.1 - SQL Injection

Void Aural Rec Monitor 9.0.0.1 contains a SQL injection vulnerability in svc-login.php. An attacker can send a crafted HTTP request to perform a blind time-based SQL injection via the param1 parameter and thus possibly obtain sensitive information, modify data, and/or execute unauthorized...

WordPress WHMCS Bridge <6.4b - Cross-Site Scripting

WordPress WHMCS Bridge plugin before 6.4b contains a reflected cross-site scripting vulnerability. It does not sanitize and escape the error parameter before outputting it back in the admin dashboard. id: CVE-2021-25112 info: name: WordPress WHMCS Bridge 6.4b - Cross-Site Scripting author:...

WordPress Super Socializer <7.13.30 - Cross-Site Scripting

WordPress Super Socializer plugin before 7.13.30 contains a reflected cross-site scripting vulnerability. It does not sanitize and escape the urls parameter in its thechampsharingcount AJAX action available to both unauthenticated and authenticated users before outputting it back in the response...

The Code Snippets WordPress Plugin < 2.14.3 - Cross-Site Scripting

The Wordpress plugin Code Snippets before 2.14.3 does not escape the snippets-safe-mode parameter before reflecting it in attributes, leading to a reflected cross-site scripting issue. id: CVE-2021-25008 info: name: The Code Snippets WordPress Plugin 2.14.3 - Cross-Site Scripting author: cckuailo...

Easy Social Feed < 6.2.7 - Cross-Site Scripting

Easy Social Feed 6.2.7 is susceptible to reflected cross-site scripting because the plugin does not sanitize and escape a parameter before outputting it back in an admin dashboard page, leading to it being executed in the context of a logged admin or editor. id: CVE-2021-25120 info: name: Easy...

WordPress Jannah Theme <5.4.4 - Cross-Site Scripting

WordPress Jannah theme before 5.4.4 contains a reflected cross-site scripting vulnerability. It does not properly sanitize the options JSON parameter in its tiegetuserweather AJAX action before outputting it back in the page. id: CVE-2021-24364 info: name: WordPress Jannah Theme 5.4.4 - Cross-Sit...

WordPress Goto Tour & Travel Theme <2.0 - Cross-Site Scripting

WordPress Goto Tour & Travel theme before 2.0 contains an unauthenticated reflected cross-site scripting vulnerability. It does not sanitize the keywords and startdate GET parameters on its Tour List page. id: CVE-2021-24235 info: name: WordPress Goto Tour & Travel Theme =2.0 to mitigate the XSS...

AccessAlly <3.5.7 - Sensitive Information Leakage

WordPress AccessAlly plugin before 3.5.7 allows sensitive information leakage because the file "resource/frontend/product/product-shortcode.php" which is responsible for the accessallyorderform shortcode dumps serialize$SERVER, which contains all environment variables. The leakage occurs on all...