Croogo 3.0.2 Shell Upload

Exploit Title: Croogo 3.0.2 - Unrestricted File Upload Date: 06/12/2021 Exploit Author: Enes Özeser Vendor Homepage: https://croogo.org/ Software Link: https://downloads.croogo.org/v3.0.2.zip Version: 3.0.2 Tested on: Windows 10 Home Single Language 20H2 & WampServer 3.2.3 == 'setting-43'...

Easy Cart Shopping Cart - (Search) Persistent Vulnerability

Document Title: =============== Easy Cart Shopping Cart - Search Persistent Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2298 Release Date: ============= 2021-12-15 Vulnerability Laboratory ID VL-ID: ====================================...

Croogo 3.0.2 - Remote Code Execution (Authenticated) Vulnerability

Exploit Title: Croogo 3.0.2 - Remote Code Execution Authenticated Exploit Author: Deha Berkin Bir Vendor Homepage: https://croogo.org/ Software Link: https://downloads.croogo.org/v3.0.2.zip Version: 3.0.2 Tested on: Windows 10 Home Single Language 20H2 & WampServer 3.2.3 == Tutorial $command"; ? ...

Croogo 3.0.2 Remote Code Execution

Exploit Title: Croogo 3.0.2 - Remote Code Execution Authenticated Date: 05/12/2021 Exploit Author: Deha Berkin Bir Vendor Homepage: https://croogo.org/ Software Link: https://downloads.croogo.org/v3.0.2.zip Version: 3.0.2 Tested on: Windows 10 Home Single Language 20H2 & WampServer 3.2.3 ==...

ScarCruft surveilling North Korean defectors and human rights activists

The ScarCruft group also known as APT37 or Temp.Reaper is a nation-state sponsored APT actor we first reported in 2016. ScarCruft is known to target North Korean defectors, journalists who cover North Korea-related news and government organizations related to the Korean Peninsula, between others...

CVE-2021-40344

An issue was discovered in Nagios XI 5.8.5. In the Custom Includes section of the Admin panel, an administrator can upload files with arbitrary extensions as long as the MIME type corresponds to an image. Therefore it is possible to upload a crafted PHP script to achieve remote command execution...

CVE-2021-21805

An OS Command Injection vulnerability exists in the ping.php script functionality of Advantech R-SeeNet v 2.4.12 20.10.2020. A specially crafted HTTP request can lead to arbitrary OS command execution. An attacker can send a crafted HTTP request to trigger this vulnerability...

WordPress Popular Posts < 5.3.3 - Authenticated Code Injection

Jerome Bruandet from NinTechNet discovered a code injection issue in the plugin before 5.3.3: "When thumbnails settings are set to 'Custom field name' and 'Resize image from Custom field' they aren’t by default, a user with contributor role or above can bypass the file type verification, download...

Advanced Guestbook 2.4.4 - (Smilies) Persistent Cross-Site Scripting Vulnerability

Exploit Title: Advanced Guestbook 2.4.4 - 'Smilies' Persistent Cross-Site Scripting XSS Exploit Author: Abdulkadir AYDOGAN Vendor Homepage: https://www.ampps.com/apps/guestbooks/AdvancedGuestbook Software Link: https://www.ampps.com/apps/guestbooks/AdvancedGuestbook Version: 2.4.4 Advanced...

Sifchain: Possibility of DoS attack at https://sifchain.finance// via CVE-2018-6389 exploitation

There is possibility in /wp-admin/load-scripts.php script to generate large 3Mb amount of data via simple non-authenticated request to server. The vulnerability is registered as https://vulners.com/cve/CVE-2018-6389 Details Detailed attack scenario is described for example here:...

CVE-2020-21999

iWT Ltd FaceSentry Access Control System 6.4.8 suffers from an authenticated OS command injection vulnerability using default credentials. This can be exploited to inject and execute arbitrary shell commands as the root user via the 'strInIP' POST parameter in pingTest PHP script...

Code injection

SolarView Compact SV-CPT-MC310 prior to Ver.6.5 allows an authenticated attacker to upload arbitrary files via unspecified vectors. If the file is PHP script, an attacker may execute arbitrary code...

CVE-2021-20659

SolarView Compact SV-CPT-MC310 prior to Ver.6.5 allows an authenticated attacker to upload arbitrary files via unspecified vectors. If the file is PHP script, an attacker may execute arbitrary code...

OpenEMR < 6.0.0 Multiple Vulnerabilities

OpenEMR is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:open-emr:openemr"; ifdescription...

CVE-2021-20187

It was found in Moodle before version 3.10.1, 3.9.4, 3.8.7 and 3.5.16 that it was possible for site administrators to execute arbitrary PHP scripts via a PHP include used during Shibboleth authentication...

CVE-2021-20187

It was found in Moodle before version 3.10.1, 3.9.4, 3.8.7 and 3.5.16 that it was possible for site administrators to execute arbitrary PHP scripts via a PHP include used during Shibboleth authentication...

CVE-2021-20187

It was found in Moodle before version 3.10.1, 3.9.4, 3.8.7 and 3.5.16 that it was possible for site administrators to execute arbitrary PHP scripts via a PHP include used during Shibboleth authentication...

CVE-2019-19876

An issue was discovered in B&R Industrial Automation APROL before R4.2 V7.08. An EnMon PHP script was vulnerable to SQL injection, a different vulnerability than CVE-2019-10006...

B-swiss 3 Digital Signage System 3.6.5 Backdoor Remote Code Execution

Summary Intelligent digital signage made easy. To go beyond the possibilities offered, b-swiss allows you to create the communication solution for your specific needs and your graphic charter. You benefit from our experience and know-how in the realization of your digital signage project...

ctf-2

This repository contains the writeup for the CSAW CTF 2015, a cybersecurity competition. The writeup is written in Polish and English, with the Polish version first. The writeup covers various challenges from the competition, including web, exploit, crypto, reversing, and forensics challenges. Ea...