HaoKeKeJi YiQiNiu Code Issue Vulnerability

HaoKeKeJi YiQiNiu is an application from HaoKeKeJi. A code issue vulnerability exists in HaoKeKeJi YiQiNiu version 3.1 and prior versions, which stems from a cross-site request forgery vulnerability in the httppost function of the /application/pay/controller/Api.php file...

CVE-2021-29394

Account Hijacking in /northstar/Admin/changePassword.jsp in Northstar Technologies Inc NorthStar Club Management 6.3 allows remote authenticated users to change the password of any targeted user accounts via lack of proper authorization in the user-controlled "userID" parameter of the HTTP POST...

Young Entrepreneur E-Negosyo System 1.0 - 'PRODESC' Stored Cross-Site Scripting (XSS)

Exploit Title: Young Entrepreneur E-Negosyo System 1.0 - 'PRODESC' Stored Cross-Site Scripting XSS Date: 2021-10-03 Exploit Author: Jordan Glover Vendor Homepage: https://www.sourcecodester.com/php/12684/young-entrepreneur-e-negosyo-system.html Software Link:...

CVE-2019-6961

CVE-2019-6961 concerns the RDK WebUI module (RDKB-20181217-1) where access control for non-superuser actions is only enforced for GET requests; direct AJAX/POST requests bypass filtering in header.php, allowing a logged-in user to alter privileged settings (DDNS, QoS, RIP, etc.). The vulnerabilit...

Cisco DPC2100 - Denial of Service

Exploit Title: Cisco DPC2100 Denial of Service Date: 09/01/2010 Author: Daniel Smith Software Link: http://www.cisco.com/ Version: HW:2.1/SW:v2.0.2r1256-060303 Tested on: OSX 10.6/Win7 CVE: CVE-2011-1613 ======================================================= Information...

HTTP Client MS Credential Relayer

This module relays negotiated NTLM Credentials from an HTTP server to multiple protocols. Currently, this module supports relaying to SMB and HTTP. Complicated custom attacks requiring multiple requests that depend on each other can be written using the SYNC options. For example, a CSRF-style...