Exploit for CVE-2024-8504

⚡️ Exploit for CVE-2024-8504 & CVE-2024-8503: SQLi and RCE ⚡️...

Journyx 11.5.4 Authenticated Remote Code Execution Vulnerability

Journyx version 11.5.4 has an issue where attackers with a valid username and password can exploit a python code injection vulnerability during the natural login flow. Title: Journyx Authenticated Remote Code Execution Advisory ID: KL-001-2024-008 Publication Date: 2024.08.07 Publication URL:...

Journyx 11.5.4 XML Injection Vulnerability

Journyx version 11.5.4 has an issue where the soapcgi.pyc API handler allows the XML body of SOAP requests to contain references to external entities. This allows an unauthenticated attacker to read local files, perform server-side request forgery, and overwhelm the web server resources. Title:...

Open WebUI 0.1.105 File Upload / Path Traversal

KL-001-2024-006: Open WebUI Arbitrary File Upload + Path Traversal Title: Open WebUI Arbitrary File Upload + Path Traversal Advisory ID: KL-001-2024-006 Publication Date: 2024.08.D06 Publication URL: https://korelogic.com/Resources/Advisories/KL-001-2024-006.txt 1. Vulnerability Details Affected...

Journyx 11.5.4 Cross Site Scripting

KL-001-2024-009: Journyx Reflected Cross Site Scripting Title: Journyx Reflected Cross Site Scripting Advisory ID: KL-001-2024-009 Publication Date: 2024.08.07 Publication URL: https://korelogic.com/Resources/Advisories/KL-001-2024-009.txt 1. Vulnerability Details Affected Vendor: Journyx Affecte...

Journyx Authenticated Remote Code Execution

Vulnerability Details Affected Vendor: Journyx Affected Product: Journyx jtime Affected Version: 11.5.4 Platform: GNU/Linux CWE Classification: CWE-94: Improper Control of Generation of Code 'Code Injection', CWE-95: Improper Neutralization of Directives in Dynamically Evaluated Code 'Eval...

Journyx Unauthenticated Password Reset Bruteforce

Vulnerability Details Affected Vendor: Journyx Affected Product: Journyx jtime Affected Version: 11.5.4 Platform: GNU/Linux CWE Classification: CWE-321: Use of Hard-coded Cryptographic Key, CWE-334: Small Space of Random Values, CWE-799: Improper Control of Interaction Frequency CVE ID:...

Artica Proxy 4.50 Unauthenticated PHP Deserialization Vulnerability

The Artica Proxy administrative web application will deserialize arbitrary PHP objects supplied by unauthenticated users and subsequently enable code execution as the www-data user. Version 4.50 is affected. Title: Artica Proxy Unauthenticated PHP Deserialization Vulnerability Advisory ID:...

Artica Proxy 4.40 / 4.50 Local File Inclusion / Traversal Vulnerability

Title: Artica Proxy Unauthenticated LFI Protection Bypass Vulnerability Advisory ID: KL-001-2024-001 Publication Date: 2024.03.05 Publication URL: https://korelogic.com/Resources/Advisories/KL-001-2024-001.txt 1. Vulnerability Details Affected Vendor: Artica Affected Product: Artica Proxy Affecte...

Artica Proxy Unauthenticated PHP Deserialization Vulnerability

Vulnerability Details Affected Vendor: Artica Affected Product: Artica Proxy Affected Version: 4.50 Platform: Debian 10 LTS CWE Classification: CWE-502 Deserialization of Untrusted Data CVE ID: CVE-2024-2054 2. Vulnerability Description The Artica Proxy administrative web application will...

Artica Proxy Unauthenticated LFI Protection Bypass Vulnerability

Vulnerability Details Affected Vendor: Artica Affected Product: Artica Proxy Affected Version: 4.40 and 4.50 Platform: Debian 10 LTS CWE Classification: CWE-23: Relative Path Traversal CVE ID: CVE-2024-2053 2. Vulnerability Description The Artica Proxy administrative web application attempts to...

CommScope Ruckus IoT Controller 1.7.1.0 Hard-Coded System Passwords

KL-001-2021-003: CommScope Ruckus IoT Controller Hard-coded System Passwords Title: CommScope Ruckus IoT Controller Hard-coded System Passwords Advisory ID: KL-001-2021-003 Publication Date: 2021.05.26 Publication URL: https://korelogic.com/Resources/Advisories/KL-001-2021-003.txt 1. Vulnerabilit...

CommScope Ruckus IoT Controller Unauthenticated API Endpoints

Vulnerability Details Affected Vendor: CommScope Affected Product: Ruckus IoT Controller Affected Version: 1.7.1.0 and earlier Platform: Linux CWE Classification: CWE-306: Missing Authentication for Critical Function CVE ID: CVE-2021-33221 2. Vulnerability Description Three API endpoints for the...

Barco wePresent WiPG-1600W Global Hardcoded Root SSH Password Vulnerability

Barco wePresent WiPG-1600W versions 2.5.1.8, 2.5.0.25, 2.5.0.24, and 2.4.1.19 have a hardcoded root password hash included in the firmware image. Title: Barco wePresent Global Hardcoded Root SSH Password Publication URL: https://korelogic.com/Resources/Advisories/KL-001-2020-008.txt 1...

Barco wePresent WiPG-1600W Admin Credential Exposure Vulnerability

An attacker armed with hardcoded API credentials from KL-001-2020-004 CVE-2020-28329 can issue an authenticated query to display the admin password for the main web user interface listening on port 443/tcp for Barco wePresent WiPG-1600W version 2.5.1.8. Title: Barco wePresent Admin Credentials...

Barco wePresent Global Hardcoded Root SSH Password

KL-001-2020-008 : Barco wePresent Global Hardcoded Root SSH Password Title: Barco wePresent Global Hardcoded Root SSH Password Advisory ID: KL-001-2020-008 Publication Date: 2020.11.20 Publication URL: https://korelogic.com/Resources/Advisories/KL-001-2020-008.txt 1. Vulnerability Details Affecte...

Barco wePresent Admin Credential Exposure

KL-001-2020-005 : Barco wePresent Admin Credentials Exposed In Plain-text Title: Barco wePresent Admin Credentials Exposed In Plain-text Advisory ID: KL-001-2020-005 Publication Date: 2020.11.20 Publication URL: https://korelogic.com/Resources/Advisories/KL-001-2020-005.txt 1. Vulnerability Detai...

Cellebrite Restricted Desktop Escape and Escalation of User Privilege

Vulnerability Details Affected Vendor: Cellebrite Affected Product: UFED Affected Version: 5.0 - 7.5.0.845 Platform: Embedded Windows CWE Classification: CWE-269: Improper Privilege Management, CWE-20: Input Validation Error CVE ID: CVE-2020-12798 2. Vulnerability Description Cellebrite UFED...

Dell OpenManage Network Manager 6.2.0.51 SP3 - Multiple Vulnerabilities

Exploit for linux platform in category web applications ''' KL-001-2018-009 : Dell OpenManage Network Manager Multiple Vulnerabilities Title: Dell OpenManage Network Manager Multiple Vulnerabilities Advisory ID: KL-001-2018-009 Publication Date: 2018.11.05 Publication URL:...

HPE VAN SDN 2.7.18.0503 - Remote Root

''' -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 KL-001-2018-008 : HPE VAN SDN Unauthenticated Remote Root Vulnerability Title: HPE VAN SDN Unauthenticated Remote Root Vulnerability Advisory ID: KL-001-2018-008 Publication Date: 2018.06.25 Publication URL:...