Click Stocks 1.3 - File Upload Remote Code Execution Vulnerability

Title: Click Stocks-1.3 - File Upload - RCE Author: nu11secur1ty Vendor: https://codecanyon.net/user/media-city Software: https://codecanyon.net/item/click-stocks-free-stock-photos-laravel-script/23356416 Reference: https://portswigger.net/web-security/file-upload,...

Drupal 10.1.2 - web-cache-poisoning-External-service-interaction Vulnerability

Title: drupal-10.1.2 web-cache-poisoning-External-service-interaction Author: nu11secur1ty Vendor: https://www.drupal.org/ Software: https://www.drupal.org/download Reference: https://portswigger.net/kb/issues/00300210external-service-interaction-http Description: It is possible to induce the...

Member Login Script 3.3 - Client-side desync Vulnerability

Title: Member Login Script 3.3 - Client-side desync Author: nu11secur1ty Vendor: https://www.phpjabbers.com/ Reference: https://portswigger.net/web-security/request-smuggling/browser/client-side-desync Description: The server appears to be vulnerable to client-side desync attacks. A POST request...

Advance Charity Management 1.0 Insecure Settings

Title: Advance Charity Management-1.0 - TLS cookie without secure flag set-PHPSESSID NEVER EXPIRATION-current session-Hijacking Author: nu11secur1ty Date: 06.04.2023 Vendor: https://www.sourcecodester.com/users/aown-shah Software:...

New MVC Shop 1.0 SQL Injection / Missing Attributes

Title: new-mvc-shop-1.0 - SQLi + SameSite attribute weak security PHPSESSID Hijacking Author: nu11secur1ty Date: 05.29.2023 Vendor: https://chikoiquan.tanhongit.com/ Software: https://github.com/tanhongit/new-mvc-shop/releases/tag/v1.0 Reference: https://portswigger.net/web-security/sql-injection...

Microsoft Excel 365 MSO 2302 Build 16.0.16130.20186 Remote Code Execution

Title: Microsoft Excel RCE Vulnerability / Microsoft®365 MSO Version 2302 Build 16.0.16130.20186 64-bit Author: nu11secur1ty Date: 03.16.2023 Vendor: https://www.microsoft.com/en-us/microsoft-365/excel Software: https://www.microsoft.com/en-us/microsoft-365/excel Reference:...

Social-Share-Buttons v2.2.3 - SQL Injection Vulnerability

Title: Social-Share-Buttons v2.2.3 - SQL Injection Author: nu11secur1ty Vendor: https://wordpress.org/ Software: https://downloads.wordpress.org/plugin/social-share-buttons-by-supsystic.2.2.3.zip Reference:...

Senayan Library Management System 9.2.2 Cross Site Scripting

Title: Senayan Library Management System v9.2.2 a.k.a SLIMS 9 XSS-Reflected - inserting gif - redirect to outside HTTPS server Author: nu11secur1ty Date: 12.21.2022 Vendor: https://slims.web.id/web/ Software: https://github.com/slims/slims9bulian/releases/tag/v9.2.2 Reference:...

Senayan Library Management System 9.0.0 SQL Injection

Title: Senayan Library Management System v9.0.0 a.k.a SLIMS 9 SQLi Author: nu11secur1ty Date: 11.09.2022 Vendor: https://slims.web.id/web/ Software: https://github.com/slims/slims9bulian/releases/download/v9.0.0/slims9bulian-9.0.0.zip Reference:...

Multi-Language Hotel Management 2022 1.0 SQL Injection Vulnerability

Title: Multi-Language-Hotel-Management-2022 1.0 SQLi Author: nu11secur1ty Vendor: https://www.nikhilbhalerao.com/ Software: https://github.com/nu11secur1ty/CVE-nu11secur1ty/blob/main/vendors/Nikhil%20Bhalerao/2022/Multi-Language-Hotel-Management-2022/Docs/sparkz.zip Reference:...

Toll Tax Management System v1.0 SQL injection Vulnerability

Title: Toll Tax Management System v1.0 SQLi Author: nu11secur1ty Vendor: https://www.sourcecodester.com/users/tips23 Software: https://www.sourcecodester.com/php/15304/toll-tax-management-system-phpoop-free-source-code.html Reference:...

School Club Application System v1.0 SQL injection Vulnerability

Title: School Club Application System v1.0 SQLi Author: nu11secur1ty Vendor: https://www.sourcecodester.com/users/tips23 Software: https://www.sourcecodester.com/php/15266/school-club-application-system-phpoop-free-source-code.html Reference:...

Message System 1.0 Cross Site Scripting

Title: Message System 1.0 1.0 XSS Stored Author: Hejap Zairy Date: 29.07.2022 Vendor: https://www.sourcecodester.com/php/15249/message-system-phpoop-free-source-code.html Software:https://www.sourcecodester.com/sites/default/files/download/oretnom23/pmms1.zip Reference:...

Home Owners Collection Management System 1.0 SQL Injection Vulnerability

Exploit Title: Home Owners Collection Management System 1.0 - Remote Code Execution Blind SQLi to RCE Exploit Author: Hejap Zairy Vendor Homepage: https://www.sourcecodester.com/ Software Link:...

Student Grading System v1.0 SQL Injection Vulnerability

Title: Student Grading System v1.0 SQLi Author: nu11secur1ty Vendor: https://www.sourcecodester.com/users/tips23 Software: https://www.sourcecodester.com/php/14522/student-grading-system-using-phpmysql-source-code.html Reference:...