Live Membership Management System 1.0 Code Injection

============================================================================================================================================= | Title : Live Membership Management System version 1.0 php code injection Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser ...

Reservation Management System 1.0 Cross Site Request Forgery

============================================================================================================================================= | Title : Reservation Management System 1.0 CSRF Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 129.0.1 ...

SPIP BigUp 4.3.1 / 4.2.15 / 4.1.17 Unauthenticated Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'SPIP BigUp Plugin Unauthenticated RCE', 'Description' = %q This module exploits a Remote Code Execution vulnerability in the BigUp plugin of SPIP...

ROS-20240904-08

Vulnerability in the MHDcreatepostprocessor function of the HTTP libmicrohttpd web server implementation is related to a improper parsing of the multipart/form-data boundary. Exploitation of the vulnerability could allow an attacker, acting remotely, to cause a denial of service...

PPDB 2.4-update 6118-1 Cross Site Request Forgery

============================================================================================================================================= | Title : ppdb v2.4-update 6118-1 CSRF Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 125.0.1 64 bits | ...

Faculty Evaluation System 1.0 Cross Site Request Forgery

============================================================================================================================================= | Title : Faculty Evaluation System 1.0 CSRF Add Admin Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox...

CVE-2024-45232

An issue was discovered in powermail extension through 12.3.5 for TYPO3. It fails to validate the mail parameter of the confirmationAction, resulting in Insecure Direct Object Reference IDOR. An unauthenticated attacker can use this to display the user-submitted data of all forms persisted by the...

CVE-2024-45233

An issue was discovered in powermail extension through 12.3.5 for TYPO3. Several actions in the OutputController can directly be called, due to missing or insufficiently implemented access checks, resulting in Broken Access Control. Depending on the configuration of the Powermail Frontend plugins...

CVE-2024-45232

An issue was discovered in powermail extension through 12.3.5 for TYPO3. It fails to validate the mail parameter of the confirmationAction, resulting in Insecure Direct Object Reference IDOR. An unauthenticated attacker can use this to display the user-submitted data of all forms persisted by the...

File Management System 1.0 Arbitrary File Upload

============================================================================================================================================= | Title : File Management System 1.0 Arbitrary File upload Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefo...

PT-2024-31490 · Typo3 · Powermail

Name of the Vulnerable Software and Affected Versions: powermail extension versions prior to 7.5.0 powermail extension versions prior to 8.5.0 powermail extension versions prior to 10.9.0 powermail extension versions prior to 12.4.0 Description: An issue was discovered in the powermail extension...

CVE-2024-45233

An issue was discovered in powermail extension through 12.3.5 for TYPO3. Several actions in the OutputController can directly be called, due to missing or insufficiently implemented access checks, resulting in Broken Access Control. Depending on the configuration of the Powermail Frontend plugins...

Multi-Vendor Online Groceries Management System 1.0 Cross Site Request Forgery

============================================================================================================================================= | Title : Multi-Vendor Online Groceries Management System 1.0 CSRF Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozill...

WordPress plugin LiquidPoll 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

PT-2024-38100 · WordPress · Liquidpoll

Name of the Vulnerable Software and Affected Versions: LiquidPoll – Polls, Surveys, NPS and Feedback Reviews plugin for WordPress versions up to, and including, 3.3.78 Description: The issue is related to Stored Cross-Site Scripting via the form data parameter due to insufficient input sanitizati...

Yoga Class Registration System 1.0 Cross Site Request Forgery

============================================================================================================================================= | Title : Yoga Class Registration System v1.0 CSRF Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 128.0....

Open WebUI 0.1.105 File Upload / Path Traversal Vulnerabilities

Title: Open WebUI Arbitrary File Upload + Path Traversal Publication URL: https://korelogic.com/Resources/Advisories/KL-001-2024-006.txt 1. Vulnerability Details Affected Vendor: Open WebUI Affected Product: Open WebUI Affected Version: 0.1.105 Platform: Debian 12 CWE Classification: CWE-22:...

Trojanized jQuery Packages Found on npm, GitHub, and jsDelivr Code Repositories

Unknown threat actors have been found propagating trojanized versions of jQuery on npm, GitHub, and jsDelivr in what appears to be an instance of a "complex and persistent" supply chain attack. "This attack stands out due to the high variability across packages," Phylum said in an analysis...

ROS-20240703-09

A vulnerability in the WSGI Werkzeug web application library is related to the fact that the application does not properly control the consumption of internal resources when parsing data from a composite form with a large number of fields. internal resource consumption when parsing data from a...

GHSA-JG62-H7PV-HXGV FriendlyCaptcha Plugin for TYPO3 Captcha Check Bypass

An issue was discovered in the friendlycaptchaofficial aka Integration of Friendly Captcha extension before 0.1.4 for TYPO3. The extension fails to check the requirement of the captcha field in submitted form data, allowing a remote user to bypass the captcha check. This only affects the captcha...