Online Traffic Offense Management System 1.0 - Multiple SQL Injection Vulnerability

Exploit Title: Online Traffic Offense Management System 1.0 - Multiple SQL Injection Unauthenticated Exploit Author: Hubert Wojciechowski Contact Author: email protected Vendor Homepage: https://www.sourcecodester.com Software Link:...

Libiec_Iccp_Mod 缓冲区错误漏洞

LibiecIccpMod is used to modify Libiec6850 Mms to use the Iccp client. A buffer error vulnerability exists in LibiecIccpMod v1.5, which stems from the software containing a heap buffer overflow component, MMSclientexample1.c. The vulnerability is caused by the following...

Libiec_Iccp_Mod 安全漏洞

LibiecIccpMod is used to modify Libiec6850 Mms to use the Iccp client. A security vulnerability exists in LibiecIccpMod v1.5, which stems from the software including a segmentation violation in the component serverexample1.c. The vulnerability is caused by the following...

Libiec_Iccp_Mod 缓冲区错误漏洞

LibiecIccpMod is used to modify Libiec6850 Mms to use the Iccp client. A buffer error vulnerability exists in LibiecIccpMod v1.5, which stems from the software containing a heap buffer overflow component, MMSclientexample1.c. The vulnerability is caused by the following...

Sentry 8.2.0 - Remote Code Execution (Authenticated) Exploit

Exploit Title: Sentry 8.2.0 - Remote Code Execution RCE Authenticated Exploit Author: Mohin Paramasivam Shad0wQu35t Vulnerability Discovered By : Clement Berthaux SYNACKTIV Software Link: https://sentry.io/welcome/ Advisory: https://doc.lagout.org/Others/synacktivadvisorysentrypickle.pdf Tested o...

Evolution CMS 3.1.6 - Remote Code Execution (RCE) (Authenticated)

Exploit Title: Evolution CMS 3.1.6 - Remote Code Execution RCE Authenticated Date: 15-09-2021 Exploit Author: Halit AKAYDIN hLtAkydn Vendor Homepage: https://evo.im/ Software Link: https://github.com/evolution-cms/evolution/releases Version: 3.1.6 Category: Webapps Tested on: Linux/Windows Exampl...

A4: XML External Entities (XXE) ❗️ — Top 10 OWASP 2017

A4: XML External Entities XXE ❗️ — Top 10 OWASP 2017 Introduction XML presents a useful resource for sending data from service to service and for data processing internally but with anything, as soon as user input gets involved, things get dangerous. The processing of these files comes with an...

Heap OOB in `SdcaOptimizerV2`

Impact An attacker can read from outside of bounds of heap allocated data by sending specially crafted illegal arguments to tf.rawops.SdcaOptimizerV2: python import tensorflow as tf tf.rawops.SdcaOptimizerV2 sparseexampleindices=1, sparsefeatureindices=1, sparsefeaturevalues=1.0,2.0,...

GHSA-5HJ3-VJJF-F5M7 Heap OOB in `SdcaOptimizerV2`

Impact An attacker can read from outside of bounds of heap allocated data by sending specially crafted illegal arguments to tf.rawops.SdcaOptimizerV2: python import tensorflow as tf tf.rawops.SdcaOptimizerV2 sparseexampleindices=1, sparsefeatureindices=1, sparsefeaturevalues=1.0,2.0,...

Multiple Plugins - Reflected Cross-Site Scripting via PHPRelativePath Library

The plugins are using the PHPRelativePath library, which contain an example file affected a Reflected Cross-Site Scripting PoC POST /wp-content/plugins/mpl-publisher/vendor/grandt/relativepath/RelativePath.Example1.php HTTP/1.1 Accept:...

CVE-2021-37672

TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can read from outside of bounds of heap allocated data by sending specially crafted illegal arguments to tf.rawops.SdcaOptimizerV2. The implementation does not check that the length of...

Karton - Distributed Malware Processing Framework Based On Python, Redis And MinIO

Distributed malware processing framework based on Python, Redis and MinIO. The idea Karton is a robust framework for creating flexible and lightweight malware analysis backends. It can be used to connect malware analysis systems into a robust pipeline with very little effort. We've been in the...

MobileTogether Server 7.3 XML Injection

Advisory: XML External Entity Expansion in MobileTogether Server RedTeam Pentesting discovered a vulnerability in the MobileTogether server which allows users with access to at least one app to read arbitrary, non-binary files from the file system and perform server-side requests. The vulnerabili...

Regexploit - Find Regular Expressions Which Are Vulnerable To ReDoS (Regular Expression Denial Of Service)

Find regexes which are vulnerable to Regular Expression Denial of Service ReDoS. More info onthe Doyensec blog Many default regular expression parsers have unbounded worst-case complexity. Regex matching may be quick when presented with a matching input string. However, certain non-matching input...

Online Library Management System 2.0 Cross Site Request Forgery Vulnerability

Exploit Title: Online Library Management System Exploit Author : Mohit Dabas Vendor Homepage : https://phpgurukul.com Software Link : https://phpgurukul.com/online-library-management-system/ Version: 2.0 Tested on : LAMPP Description Online Library Management System has got CSRF in admin panel...

Online Library Management System 2.0 Cross Site Request Forgery

Exploit Title: Online Library Management System Date:15/06/2021 Exploit Author : Mohit Dabas Vendor Homepage : https://phpgurukul.com Software Link : https://phpgurukul.com/online-library-management-system/ Version: 2.0 Tested on : LAMPP Description Online Library Management System has got CSRF i...

Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Squirrelly

CVE-2021-32819 CVE-2021-32819 : SquirrellyJS mixes pure templa...

WordPress Database Backups 1.2.2.6 Plugin - (Database Backup Download) CSRF Vulnerability

Exploit Title: WordPress Plugin Database Backups 1.2.2.6 - 'Database Backup Download' CSRF Author: 0xB9 Software Link: https://wordpress.org/plugins/database-backups/ Version: 1.2.2.6 Tested on: Windows 10 CVE: CVE-2021-24174 1. Description: This plugin allows admins to create and download databa...

Onelinepy - Python Obfuscator To Generate One-Liners And FUD Payloads

Python Obfuscator To Generate One-Liners And FUD Payloads. Download & Run git clone https://github.com/spicesouls/onelinepy cd onelinepy chmod +x setup.sh ./setup.sh onelinepy Usage Guide | || | . | | -| | | | -| . | | | Python |||||||||| | | Obfustucator || || usage: oneline.py -h -m M -i I...

Apache Airflow 1.10.10 - (Example Dag) Remote Code Execution Exploit

Exploit Title: Apache Airflow 1.10.10 - 'Example Dag' Remote Code Execution Exploit Author: Pepe Berba Vendor Homepage: https://airflow.apache.org/ Software Link: https://airflow.apache.org/docs/apache-airflow/stable/installation.html Version: = 1.10.10 Tested on: Docker apache/airflow:1.10 .10...