WordPress PostX plugin <= 5.0.3 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by MD ISMAIL in WordPress Plugin PostX versions = 5.0.3...

WordPress Blockons plugin <= 1.2.15 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by MD ISMAIL in WordPress Plugin Blockons versions = 1.2.15...

WordPress Cookies and Content Security Policy plugin <= 2.34 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by MD ISMAIL in WordPress Plugin Cookies and Content Security Policy versions = 2.34...

WordPress Timetics plugin <= 1.0.44 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by MD ISMAIL in WordPress Plugin Timetics versions = 1.0.44...

WordPress TempTool [Show Current Template Info] plugin <= 1.3.1 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by MD ISMAIL in WordPress Plugin TempTool Show Current Template Info versions = 1.3.1...

EUVD-2003-1372

Malware in sbrugna...

Metasploit Weekly Wrap-Up

Authentication bypass in Wordpress Plugin WooCommerce Payments This week's Metasploit release includes a module for CVE-2023-28121 by h00die. This module can be used against any wordpress instance that uses WooCommerce payments 5.6.1. This module exploits an auth by-pass vulnerability in the...

K73926196: PHPMailer vulnerability CVE-2016-10045

Security Advisory Description The isMail transport in PHPMailer before 5.2.20 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code by leveraging improper interaction between the escapeshellarg function and internal escaping performed in...

SUSE CVE-2016-10033

The mailSend function in the isMail transport in PHPMailer before 5.2.18 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a " backslash double quote in a crafted Sender property...

SUSE CVE-2016-10045

The isMail transport in PHPMailer before 5.2.20 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code by leveraging improper interaction between the escapeshellarg function and internal escaping performed in the mail function in PHP. NOT...

[SECURITY] [DSA 5076-1] h2database security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5076-1 [email protected] https://www.debian.org/security/ Markus Koschany February 15, 2022 https://www.debian.org/security/faq -...

HRSALE 1.1.8 - Cross-Site Request Forgery (Add Admin)

HRSALE 1.1.8 - Cross-Site Request Forgery Add Admin Exploit Title: HRSALE 1.1.8 - Cross-Site Request Forgery Add Admin Date: 2020-03-11 Exploit Author: Ismail Akıcı Vendor Homepage: http://hrsale.com/ Software Link : http://demo.hrsale.com/ Software : HRSALE v1.1.8 Product Version: v1.1.8...

HRSALE 1.1.8 Cross Site Request Forgery

Exploit Title: HRSALE 1.1.8 - Cross-Site Request Forgery Add Admin Date: 2020-03-11 Exploit Author: Ismail Akıcı Vendor Homepage: http://hrsale.com/ Software Link : http://demo.hrsale.com/ Software : HRSALE v1.1.8 Product Version: v1.1.8 Vulnerability Type : Cross-Site Request Forgery Add Admin...

HRSALE 1.1.8 - Cross-Site Request Forgery (Add Admin) Vulnerability

Exploit for php platform in category web applications Exploit Title: HRSALE 1.1.8 - Cross-Site Request Forgery Add Admin Exploit Author: Ismail Akıcı Vendor Homepage: http://hrsale.com/ Software Link : http://demo.hrsale.com/ Software : HRSALE v1.1.8 Product Version: v1.1.8 Vulnerability Type :...

GHSA-5F37-GXVH-23V6 Remote code execution in PHPMailer

Impact The mailSend function in the default isMail transport in PHPMailer before 5.2.18 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a " backslash double quote in a crafted Sender property. Patches Fixed in 5.2.18 Workaround...

FlexNet Publisher 11.12.1 Cross Site Request Forgery

Exploit Title: FlexNet Publisher 11.12.1 - Cross-Site Request Forgery Add Local Admin Date: 2019-12-29 Exploit Author: Ismail Tasdelen Vendor Homepage: https://www.flexerasoftware.com/ Software : FlexNet Publisher Product Version: v11.12.1 Product :...

GTalk Password Finder 2.2.1 - Key Denial of Service (PoC)

GTalk Password Finder 2.2.1 - Key Denial of Service PoC Exploit Title: GTalk Password Finder 2.2.1 - 'Key' Denial of Service PoC Exploit Author: Ismail Tasdelen Exploit Date: 2020-01-16 Vendor Homepage : http://www.nsauditor.com/ Link Software :...

GTalk Password Finder 2.2.1 - (Key) Denial of Service Exploit

Exploit Title: GTalk Password Finder 2.2.1 - 'Key' Denial of Service PoC Exploit Author: Ismail Tasdelen Vendor Homepage : http://www.nsauditor.com/ Link Software : http://www.nsauditor.com/downloads/gpwdfindersetup.exe Tested on OS: Windows 10 CVE : N/A ''' Proof of Concept PoC:...

Tautulli 2.1.9 - Denial of Service ( Metasploit )

Tautulli 2.1.9 - Denial of Service Metasploit This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Tautulli v2.1.9 - Shutdown Denial of Service', 'Description' = 'Tautulli versions 2.1.9 and prior a...

Tautulli 2.1.9 - Denial of Service (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Tautulli v2.1.9 - Shutdown Denial of Service', 'Description' = 'Tautulli versions 2.1.9 and prior are vulnerable to denial of service via the...