403 matches found
Exploit for CVE-2024-51788
💀 CVE-2024-51788 - WordPress The Novel Design Store Directory...
Application Accounts Manager 1.0 Cross Site Scripting
Application Accounts Manager version 1.0 suffers from a persistent cross site scripting vulnerability. Exploit Title: Stored XSS on application-accounts-manager 1.0 Date: 03.14.2025 Exploit Author: Ümit AYAZ Vendor Homepage: www.sourcecodester.com Software Link:...
Exploit for CVE-2024-27398
CVE-2024-27398 CVE-2024-27398 POC Dmesg Output !PoC Screen...
OpenAdmin 0.3.4 Cross Site Request Forgery
Cross site request forgery in the Users and Change Root Password functions in OpenAdmin version 0.3.4 allows remote attackers to perform attacks enabling unauthorized actions that could lead to privilege escalation. Exploit Title: OpenAdmin 0.3.4 - Multiple CSRF Vulnerabilities Date: Nov 8, 2024...
OpenPanel 0.3.4 Remote Code Execution Vulnerability
Exploit Title: OpenPanel 0.3.4 - Remote Code Execution via Fix Permission Exploit Author: Punthat Siriwan, Korn Chaisuwan, Pongtorn Angsuchotmetee Vendor Homepage: https://openpanel.com/ Software Link: https://openpanel.com/ Version: 0.3.4 Tested on: macOS CVE : CVE-2025-25872 POST /fix-permissio...
OpenPanel 0.3.4 Remote Code Execution
OpenPanel version 0.3.4 suffers from a remote code execution vulnerability via /fix-permissions. Exploit Title: OpenPanel 0.3.4 - Remote Code Execution via Fix Permission Date: Nov 7, 2024 Exploit Author: Punthat Siriwan, Korn Chaisuwan, Pongtorn Angsuchotmetee Vendor Homepage:...
Teachers Record Management System 2.1 Cross Site Scripting
Teachers Record Management System version 2.1 suffers from a cross site scripting vulnerability. Exploit Title: Teachers Record Management System v2.1 | Unauthenticated Cross-Site Scripting XSS Date: 2025-03-04 Exploit Author: Mehmet Can Kadıoğlu a.k.a mao7un Vendor:...
Teachers Record Management System 2.1 SQL Injection
Teachers Record Management System version 2.1 suffers from a remote SQL injection vulnerability. Exploit Title: Teachers Record Management System v2.1 | Authenticated Time-Based SQLi Date: 2025-03-04 Exploit Author: Mehmet Can Kadıoğlu a.k.a mao7un Vendor:...
Exploit for Missing Authentication for Critical Function in Paloaltonetworks Pan-Os
Disclaimer: The vulnerabilities described in this article, alo...
dhtmlxFileExplorer 8.4.6 Local File Inclusion / Traversal Vulnerabilities
Exploit Title: dhtmlxFileExplorer 8.4.6 - Local File Inclusion in the Download Function of File Explorer Exploit Author: Nutchaya Augkanavitayakul, Nattachai Wanmak, Pongtorn Angsuchotmetee Vendor Homepage: https://dhtmlx.com Software Link: https://dhtmlx.com Version: 8.4.6 Tested on: macOS CVE :...
Gleamtech FileVista 9.2.0.0 Missing Authorization
A vulnerability exists in Gleamtech FileVista version 9.2.0.0 that allows unauthorized access to image files, even after the HTTP cookie associated with the session is deleted. The issue arises due to insufficient validation of session or authentication tokens on the server side. Exploit Title:...
dhtmlxFileExplorer 8.4.6 Directory Traversal
dhtmlxFileExplorer version 8.4.6 is susceptible to a path traversal attack, enabling unauthorized access to system files. Exploit Title: dhtmlxFileExplorer 8.4.6 - Access Sensitive Floder via Directory Traversal in DHX File Exlploer Date: Feb 6, 2025 Exploit Author: Nutchaya Augkanavitayakul,...
OpenPanel 0.3.4 Command Injection
OpenPanel version 0.3.4 suffers from a remote command injection vulnerability via the timezone parameter. Exploit Title: OpenPanel 0.3.4 - OS Command Injection via The Timezone Parameter Date: Nov 25, 2024 Exploit Author: Korn Chaisuwan, Punthat Siriwan, Pongtorn Angsuchotmetee Vendor Homepage:...
Exploit for Protection Mechanism Failure in 7-Zip
7-Zip Mark-of-the-Web Bypass Vulnerability CVE-2025-0411 - P...
PT-2025-3240 · Unknown · Poll Maker
Name of the Vulnerable Software and Affected Versions: Poll Maker affected versions not specified Description: The issue is related to improper encoding or escaping of output in Poll Maker Team Poll Maker. This can potentially lead to security issues, but specific details about exploitation, such...
PYSEC-2024-93
A vulnerability was found in MicroPython 1.23.0. It has been classified as critical. Affected is the function mpvfsumount of the file extmod/vfs.c of the component VFS Unmount Handler. The manipulation leads to heap-based buffer overflow. It is possible to launch the attack remotely. The exploit...
PT-2024-23598 · Unknown · Ros Kinetic Kame
Name of the Vulnerable Software and Affected Versions: ROS Kinetic Kame affected versions not specified Description: The issue is related to an unauthorized node injection vulnerability. The estimated number of potentially affected devices and details about real-world incidents are not provided...
PT-2023-33066 · Birdcage · Birdcage
Name of the Vulnerable Software and Affected Versions: birdcage affected versions not specified Description: The issue allows environment variables to be read from procfs unless a new process is started. This can be demonstrated through a proof of concept that shows how a secret environment...
PT-2023-26227 · Unknown · Chengdu Flash Flood Disaster Monitoring/Warning System
Name of the Vulnerable Software and Affected Versions: Chengdu Flash Flood Disaster Monitoring and Warning System version 2.0 Description: A critical issue has been discovered, affecting the /App Resource/UEditor/server/upload.aspx file, where the manipulation of the file argument leads to...
WordPress Backup Migration 1.2.8 Plugin - Unauthenticated Database Backup Vulnerability
Exploit Title: WordPress Plugin Backup Migration 1.2.8 - Unauthenticated Database Backup Google Dork: intitle:"Index of /wp-content/plugins/backup-backup" AND inurl:"plugins/backup-backup/" Exploit Author: Wadeek Vendor Homepage: https://backupbliss.com/ Software Link:...