CVE-2024-50624

ispdbservice.cpp in KDE Kmail before 6.2.0 allows man-in-the-middle attackers to trigger use of an attacker-controlled mail server because cleartext HTTP is used for a URL such as http://autoconfig.example.com or http://example.com/.well-known/autoconfig for retrieving the configuration. This is...

Taokeyun SQL Injection

!/bin/bash Variables url="http://example.com/path/to/taokeyun/application/index/controller/m/Drs.php" cid="1' UNION SELECT 1,2,3,4,5,6,7,8,9,email FROM users-- -" Construct the request request="POST $url HTTP/1.1\r\n" request+="Content-Type: application/x-www-form-urlencoded\r\n"...

Exploit for Improper Access Control in Joomla Joomla\!

Usage...

AMP+ Plus <= 3.0 - Reflected Cross Site Scripting

Description The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin https://example.com/?p=1&yolo=%22%3E%3CScRiPt%3Ealert%28%27XSS%27%29%3C%2FsCrIpT%3E...

CVE-2023-46138 JumpServer default admin user email leak password reset

JumpServer is an open source bastion host and maintenance security audit system that complies with 4A specifications. Prior to version 3.8.0, the default email for initial user admin is [email protected], and users reset their passwords by sending an email. Currently, the domain mycompany.com h...

CVE-2023-46138 JumpServer default admin user email leak password reset

JumpServer is an open source bastion host and maintenance security audit system that complies with 4A specifications. Prior to version 3.8.0, the default email for initial user admin is [email protected], and users reset their passwords by sending an email. Currently, the domain mycompany.com h...

Xxe

views/switch.py in django-grappelli aka Django Grappelli before 2.15.2 attempts to prevent external redirection with startswith"/" but this does not consider a protocol-relative URL e.g., //example.com attack...

Ditty < 3.1.25 - Reflected XSS

Description The plugin does not sanitise and escape some parameters and generated URLs before outputting them back in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

Upload Media By URL < 1.0.8 - Stored XSS via CSRF

Description The plugin does not have CSRF check when uploading files, which could allow attackers to make logged in admins upload files including HTML containing JS code for users with the unfilteredhtml capability on their behalf. Have a logged in user with the unfilteredhtml capability open an...

Solidres <= 0.9.4 - Multiple Reflected XSS

The plugin does not sanitise and escape numerous parameter before outputting them back in pages, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin Make a logged in admin open...

Login with Phone Number < 1.4.2 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape the ID parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin https://example.com/wp-admin/admin-ajax.php?action=lwpforgotpassword&ID=...

ChatBot < 4.2.9 - Unauthenticated Settings Reset

The plugin does not have authorisation and CSRF checks when reseting its settings via an AJAX action available to unauthenticated users, which could allow unauthenticated attackers to reset the plugin's settings https://example.com/wp-admin/admin-ajax.php?action=qcldwbchatbootdeletealloptions...

FL3R FeelBox <= 8.1 - Settings Update via CSRF to Stored XSS

The plugin does not have CSRF check when updating its settings, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack Make a logged in admin open a page containing the HTML code below '...

Listingo < 3.2.7 - Unauthenticated Arbitrary File Upload

The theme does not validate files to be uploaded via an AJAX action available to unauthenticated users, which could allow them to upload arbitrary files and lead to RCE Listingo Unauthenticated File Upload Upload a File: The response give the path to the file uploaded:...

Create Block Theme < 1.2.2 - Unauthenticated Arbitrary File Upload

The plugin does not have authorisation and CSRF checks, as well as does not validate the file to be uploaded, which could allow unauthenticated attackers to upload arbitrary files to the server As unauthenticated user, open The file will be uploaded at...

Simple File List < 4.4.12 - Reflected Cross-Site Scripting

The plugin does not escape parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting https://example.com/wp-admin/admin.php?page=ee-simple-file-list&tab="style=animation-name:rotation+onanimationstart=alert/XSS///...

Tutor LMS < 2.0.9 - Reflected Cross-Site Scripting

The plugin does not escape an URL before outputting it back in an attribute, leading to Reflected Cross-Site Scripting The issue was initially fixed in 1.9.13 but re-introduced in 2.0.0 https://example.com/wp-admin/post.php?post=1369&action=edit&settingstab=general&a'alert/XSS/...

VR Calendar < 2.3.2 - Unauthenticated Arbitrary Function Call

The plugin lets any user execute arbitrary PHP functions on the site. PoC https://example.com/wp-admin/admin-post.php?vrccmd=phpinfo...

Ivory Search < 5.4.7 - Reflected Cross-Site Scripting

The plugin does not escape some URLs before outputting them back in attributes, leading to Reflected Cross-Site Scripting When the plugin displays the usage notice: https://example.com/wp-admin/plugins.php?"alert/XSS/...

CDI < 5.1.9 - Reflected Cross-Site-Scripting

The plugin does not sanitise and escape a parameter before outputting it back in the response of an AJAX action available to both unauthenticated and authenticated users, leading to a Reflected Cross-Site Scripting...