Atlassian JIRA Arbitrary File Read

Atlassian JIRA versions prior to 5.0.1 XML injection proof of concept exploit that lets you read an arbitrary file. ============================================================================================================================================= | Title : Atlassian JIRA before 5.0.1 P...

Ghost CMS 5.59.1 Arbitrary File Read

Ghost CMS version 5.59.1 proof of concept arbitrary file reading exploit. ============================================================================================================================================= | Title : Ghost CMS v 5.59.1 PHP Code Injection Vulnerability | | Author :...

Apache ActiveMQ 5.3.1 Source Code Disclosure

Proof of concept exploit that demonstrates a source code disclosure vulnerability in Apache ActiveMQ version 5.3.1. ============================================================================================================================================= | Title : Apache ActiveMQ 5.3.1 PHP Cod...

Control iD iDSecure 4.7.43.0 Add Administrator / Authentication Bypass

Control iD iDSecure version 4.7.43.0 exploit that adds an administrator. ============================================================================================================================================= | Title : Control iD iDSecure v4.7.43.0 PHP Code Injection Vulnerability | | Autho...

DIAEnergie 1.10 SQL Injection

DIAEnergie version 1.10 proof of concept remote SQL injection exploit. ============================================================================================================================================= | Title : DIAEnergie 1.10 PHP Code Injection Vulnerability | | Author : indoushka | ...

Grafana 9.5.1 Server-Side Request Forgery

Grafana version 9.5.1 suffers from a server-side request forgery vulnerability. ============================================================================================================================================= | Title : Grafana 9.5.1 PHP Code Injection Vulnerability | | Author :...

Calibre 7.15.0 Code Injection

Calibre version 7.15.0 remote code injection proof of concept exploit. ============================================================================================================================================= | Title : Calibre 7.15.0 PHP Code Injection Vulnerability | | Author : indoushka | |...

InvokeAI 5.0 Code Injection

InvokeAI version 5.0 suffers from a remote code execution vulnerability. ============================================================================================================================================= | Title : InvokeAI v5.0 PHP Code Injection Vulnerability | | Author : indoushka | ...

CVE-2024-9193 WHMpress <= 6.3-revision-0 - Unauthenticated Local File Inclusion to Arbitrary Options Update

The WHMpress - WHMCS WordPress Integration Plugin plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 6.3-revision-0 via the whmpressdomainsearchajaxextendedresults function. This makes it possible for unauthenticated attackers to include and execute...

WordPress plugin Traveler 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

NetAlertX 24.9.12 Code Execution

NetAlertX version 24.9.12 suffers from a code execution vulnerability. ============================================================================================================================================= | Title : NetAlertX 24.9.12 PHP Code Injection Vulnerability | | Author : indoushka ...

CVE-2024-12811 Traveler <= 3.1.9 - Authenticated (Contributor+) Local File Inclusion via Shortcode

The Traveler theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.1.9 via shortcodes. This makes it possible for authenticated attackers, with contributor-level and above permissions, to include and execute arbitrary files on the server, allowing the...

CVE-2024-12811

The CVE CVE-2024-12811 affects the Traveler WordPress theme (versions up to 3.1.8). It describes an authenticated Local File Inclusion via the hotel_alone_slider shortcode’s style attribute, enabling an attacker with contributor+ permissions to include arbitrary server files and execute PHP code....

CVE-2024-2297

The Bricks theme for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.9.6.1. This is due to insufficient validation checks placed on the createautosave AJAX function. This makes it possible for authenticated attackers, with contributor-level access and above...

CVE-2024-2297 Bricksbuilder <= 1.9.6.1 - Authenticated (Contributor+) Privilege Escalation via create_autosave

The Bricks theme for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.9.6.1. This is due to insufficient validation checks placed on the createautosave AJAX function. This makes it possible for authenticated attackers, with contributor-level access and above...

CVE-2024-2297

The Bricks WordPress theme (Bricks) is vulnerable to authenticated Privilege Escalation via the create_autosave AJAX function in versions up to and including 1.9.6.1. Exploitation requires Post Builder to be enabled, builder access for contributor-level users, and Code Execution enabled for admin...

CVE-2024-13900

The Head, Footer and Post Injections plugin for WordPress is vulnerable to PHP Code Injection in all versions up to, and including, 3.3.0. This makes it possible for authenticated attackers, with Administrator-level access and above, to inject PHP Code in multisite environments...

CVE-2024-13900

The Head, Footer and Post Injections plugin for WordPress is vulnerable to PHP Code Injection in all versions up to, and including, 3.3.0. This makes it possible for authenticated attackers, with Administrator-level access and above, to inject PHP Code in multisite environments...

CVE-2024-13900

The Head, Footer and Post Injections plugin for WordPress is vulnerable to PHP Code Injection in all versions up to, and including, 3.3.0. This makes it possible for authenticated attackers, with Administrator-level access and above, to inject PHP Code in multisite environments...

CVE-2024-13900 Head, Footer and Post Injections <= 3.3.0 - Authenticated (Administrator+) PHP Code Injection in Multisite Environments

The Head, Footer and Post Injections plugin for WordPress is vulnerable to PHP Code Injection in all versions up to, and including, 3.3.0. This makes it possible for authenticated attackers, with Administrator-level access and above, to inject PHP Code in multisite environments...