76 matches found
Exploit for Cross-Site Request Forgery (CSRF) in Oretnom23 Packers_And_Movers_Management_System
CVE-2024-57523 - CSRF Vulnerability in Users.php - SourceCodes...
HackerOne: TOTP Authenticator implementation Accepts Expired Codes
Vulnerability description not provided...
Exploit for Unrestricted Upload of File with Dangerous Type in Elearningfreak Insert_Or_Embed_Articulate_Content
CVE-2024-0757 Exploit Description The Insert or Embed Art...
Exploit for SQL Injection in Valvepress Automatic
Badges !MIT Licensehttps://img.shields.io/badge/Licens...
Exploit for Path Traversal in Oracle Weblogic_Server
Badges !MIT Licensehttps://img.shields.io/badge/Licens...
Exploit for CVE-2024-4956
Badges !MIT Licensehttps://img.shields.io/badge/Licens...
Exploit for Open Redirect in King-Theme Kingcomposer
Badges !MIT Licensehttps://img.shields.io/badge/Licens...
Exploit for CVE-2023-5089
Badges !MIT Licensehttps://img.shields.io/badge/Licens...
Exploit for Cross-site Scripting in Cpanel
Badges !MIT Licensehttps://img.shields.io/badge/Licens...
WordPress Playlist For Youtube 1.32 Cross Site Scripting
Exploit Title: Wordpress Plugin Playlist for Youtube - Stored Cross-Site Scripting XSS Date: 22 March 2024 Exploit Author: Erdemstar Vendor: https://wordpress.com/ Version: 1.32 Proof Of Concept: 1. Click Add a new playlist and enter the XSS payload as below into the properties named "Name" or...
Exploit for Cross-site Scripting in Redhat Keycloak
Badges !MIT Licensehttps://img.shields.io/badge/Licens...
Exploit for Code Injection in Apache Ofbiz
CVE-2023-49070 Pre-auth RCE in Apache Ofbiz!!...
Exploit for Insufficient Verification of Data Authenticity in Rarlab Winrar
CVE-2023-38831-WinRAR-Exploit Proof of concept...
Stored XSS via SVG Upload
Description By uploading an SVG file containing JavaScript code in the file upload function on the administrator screen, it is possible to execute any script on the browser of the accessing user. Proof of Concept Log in to the administrator screen, access the Assets page, and upload the SVG file...
Zenphoto 1.6 Cross Site Scripting
Exploit Title: Zenphoto 1.6 - Multiple stored XSS Application: Zenphoto-1.6 xss poc Version: 1.6 Bugs: XSS Technology: PHP Vendor URL: https://www.zenphoto.org/news/zenphoto-1.6/ Software Link: https://github.com/zenphoto/zenphoto/archive/v1.6.zip Date of found: 01-05-2023 Author: Mirabbas Ağalar...
Admidio 4.2.5 CSV Injection
Exploit Title: admidio v4.2.5 - CSV Injection Application: admidio Version: 4.2.5 Bugs: CSV Injection Technology: PHP Vendor URL: https://www.admidio.org/ Software Link: https://www.admidio.org/download.php Date of found: 26.04.2023 Author: Mirabbas Ağalarov Tested on: Windows 2. Technical Detail...
phpMyFAQ 3.1.12 CSV Injection
Exploit Title: phpMyFAQ v3.1.12 - CSV Injection Application: phpMyFAQ Version: 3.1.12 Bugs: CSV Injection Technology: PHP Vendor URL: https://www.phpmyfaq.de/ Software Link: https://download.phpmyfaq.de/phpMyFAQ-3.1.12.zip Date of found: 21.04.2023 Author: Mirabbas Ağalarov Tested on: Windows 2...
Reddit: Huge amount of Subdomains Takeovers at Reddit.com
Vulnerability description not provided...
Stored XSS and CSP Bypass in KiwiTCMS
Description Stored XSS, also known as persistent XSS, is the more damaging of the XSS. It occurs when a malicious script is injected directly into a vulnerable web application. Due to a sanitization problem it is possible to perform a Stored XSS. The problem is that the upload function permit...
projectSend r1605 - Remote Code Exectution RCE
Exploit Title: projectSend r1605 - Remote Code Exectution RCE Application: projectSend Version: r1605 Bugs: rce via file extension manipulation Technology: PHP Vendor URL: https://www.projectsend.org/ Software Link: https://www.projectsend.org/ Date of found: 26-01-2023 Author: Mirabbas Ağalarov...