AZADMIN CMS 1.0 - SQL Injection

AZADMIN CMS 1.0 - SQL Injection + Sql Injection on AZADMIN CMS of HIDEA v1.0 + Date: 24/06/2019 + CWE Number : CWE-89 + Risk: High + Author: Felipe Andrian Peixoto + Vendor Homepage: https://www.hidea.com/ + Contact: [email protected] + Tested on: Windows 7 and Linux + Vulnerable Files:...

AZADMIN CMS Of HIDEA 1.0 SQL Injection

Sql Injection on AZADMIN CMS of HIDEA v1.0 + Date: 24/06/2019 + CWE Number : CWE-89 + Risk: High + Author: Felipe Andrian Peixoto + Vendor Homepage: https://www.hidea.com/ + Contact: [email protected] + Tested on: Windows 7 and Linux + Vulnerable Files: newsdet.php + Dork :...

Authentication Bypass

openid is vulnerable to authentication bypass which can be exploitable remotely depending on the way the OpenID integration is performed. The risk can be higher if the integration is done fully based on the example app provided by the project...

GHSA-FQFJ-CMH6-HJ49 ruby-openid SSRF via claimed_id request

Ruby OpenID aka ruby-openid through 2.8.0 is vulnerable to SSRF. Ruby-openid performs discovery first, and then verification. This allows an attacker to change the URL used for discovery and trick the server into connecting to the URL, which might be a private server not publicly accessible...

CVE-2019-11027

Ruby OpenID aka ruby-openid through 2.8.0 has a remotely exploitable flaw. This library is used by Rails web applications to integrate with OpenID Providers. Severity can range from medium to critical, depending on how a web application developer chose to employ the ruby-openid library. Developer...

DEBIAN-CVE-2019-11027

Ruby OpenID aka ruby-openid through 2.8.0 has a remotely exploitable flaw. This library is used by Rails web applications to integrate with OpenID Providers. Severity can range from medium to critical, depending on how a web application developer chose to employ the ruby-openid library. Developer...

UBUNTU-CVE-2019-11027

Ruby OpenID aka ruby-openid through 2.8.0 has a remotely exploitable flaw. This library is used by Rails web applications to integrate with OpenID Providers. Severity can range from medium to critical, depending on how a web application developer chose to employ the ruby-openid library. Developer...

CVE-2019-11027

Ruby OpenID aka ruby-openid through 2.8.0 has a remotely exploitable flaw. This library is used by Rails web applications to integrate with OpenID Providers. Severity can range from medium to critical, depending on how a web application developer chose to employ the ruby-openid library. Developer...

CVE-2019-11027

Ruby OpenID aka ruby-openid through 2.8.0 has a remotely exploitable flaw. This library is used by Rails web applications to integrate with OpenID Providers. Severity can range from medium to critical, depending on how a web application developer chose to employ the ruby-openid library. Developer...

Improper Neutralization of Wildcards or Matching Symbols

This affects Spring Data JPA in versions up to and including 2.1.6, 2.0.14 and 1.11.20. ExampleMatcher using ExampleMatcher.StringMatcher.STARTING, ExampleMatcher.StringMatcher.ENDING or ExampleMatcher.StringMatcher.CONTAINING could return more results than anticipated when a maliciously crafted...

GHSA-XGGX-FX6W-V7CH Improper Neutralization of Wildcards or Matching Symbols

This affects Spring Data JPA in versions up to and including 2.1.6, 2.0.14 and 1.11.20. ExampleMatcher using ExampleMatcher.StringMatcher.STARTING, ExampleMatcher.StringMatcher.ENDING or ExampleMatcher.StringMatcher.CONTAINING could return more results than anticipated when a maliciously crafted...

Design/Logic Flaw

This affects Spring Data JPA in versions up to and including 2.1.6, 2.0.14 and 1.11.20. ExampleMatcher using ExampleMatcher.StringMatcher.STARTING, ExampleMatcher.StringMatcher.ENDING or ExampleMatcher.StringMatcher.CONTAINING could return more results than anticipated when a maliciously crafted...

CVE-2019-3802

This affects Spring Data JPA in versions up to and including 2.1.6, 2.0.14 and 1.11.20. ExampleMatcher using ExampleMatcher.StringMatcher.STARTING, ExampleMatcher.StringMatcher.ENDING or ExampleMatcher.StringMatcher.CONTAINING could return more results than anticipated when a maliciously crafted...

CVE-2019-12314

Deltek Maconomy 2.2.5 is prone to local file inclusion via absolute path traversal in the WS.macx1.WMCS/ PATHINFO, as demonstrated by a cgi-bin/Maconomy/MaconomyWS.macx1.WMCS/etc/passwd URI...

Firefly CMS 1.0 Remote Command Execution Exploit #RCE

Exploit for php platform in category web applications + Remote Comand Execution on Firefly CMS v. 1.0 + Date: 11/05/2019 + CWE number: CWE-78 + Risk: High + Author: Felipe Andrian Peixoto + Contact: email protected + Tested on: Windows 7 and Linux + Vendor Homepage: https://fireflydigital.com/ +...

Firefly CMS 1.0 Remote Command Execution

Remote Comand Execution on Firefly CMS v. 1.0 + Date: 11/05/2019 + CWE number: CWE-78 + Risk: High + Author: Felipe Andrian Peixoto + Contact: [email protected] + Tested on: Windows 7 and Linux + Vendor Homepage: https://fireflydigital.com/ + Vulnerable File: site.php + Version : 1.0 +...

WordPress Diarise 1.5.9 Local File Disclosure

Local File Disclosure in wordpress theme Diarise + Date: 07/05/2019 + CWE Number: CWE-98 + Risk: High + Author: Felipe Andrian Peixoto + Dork: inurl:"wp-content/themes/diarise/" + Vendor Homepage: https://woocommerce.com/?aff=1790 + Contact: [email protected] + Tested on: Windows 7 and...

Fedora Update for soundtouch FEDORA-2018-09802a742a

The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Bootstrapy CMS SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: Bootstrapy CMS - Multiple SQL Injection Exploit Author: Ahmet Ümit BAYRAM Vendor Homepage: http://bootstrapy.com Demo Site: http://bootstrapy.net/demo/ Version: Lastest Tested on: Kali Linux CVE: N/A ----- PoC 1: SQLi -----...

Bootstrapy CMS - Multiple SQL Injection

Bootstrapy CMS - Multiple SQL Injection Exploit Title: Bootstrapy CMS - Multiple SQL Injection Date: 21.03.2019 Exploit Author: Ahmet Ümit BAYRAM Vendor Homepage: http://bootstrapy.com Demo Site: http://bootstrapy.net/demo/ Version: Lastest Tested on: Kali Linux CVE: N/A ----- PoC 1: SQLi -----...