Library System 1.0 - (student_id) SQL injection Vulnerability

Exploit Title: Library System 1.0 - 'studentid' SQL injection Authenticated Google Dork: intitle: "Library System by YahooBaba" Exploit Author: Vinay Bhuria Vendor Homepage: https://www.yahoobaba.net Software Link: https://www.yahoobaba.net/project/library-system-in-php Version: v1.0 Tested on:...

PoW-Shield - Project Dedicated To Fight DDoS And Spam With Proof Of Work, Featuring An Additional WA

Project dedicated to provide DDoS protection with proof-of-work Description PoW Shield provides DDoS protection on OSI application layer by acting as a proxy that utilizes proof of work between the backend service and the end user. This project aims to provide an alternative to general captcha...

netty: possible request smuggling in HTTP/2 due missing validation

In Netty io.netty:netty-codec-http2 before version 4.1.60.Final there is a vulnerability that enables request smuggling. If a Content-Length header is present in the original HTTP/2 request, the field is not validated by Http2MultiplexHandler as it is propagated up. This is fine as long as the...

E-Negosyo System 1.0 SQL Injection Vulnerability

Exploit Title: E-Negosyo System 1.0 - Time-Based Blind SQLi - admin/login.php Exploit Author: Janik Wehrli Vendor Homepage: https://www.sourcecodester.com/users/janobe Software Link: https://www.sourcecodester.com/sites/default/files/download/oretnom23/bsenordering0.zip Version: 1.0 Category:...

CVE-2021-39204

Pomerium is an open source identity-aware access proxy. Envoy, which Pomerium is based on, incorrectly handles resetting of HTTP/2 streams with excessive complexity. This can lead to high CPU utilization when a large number of streams are reset. This can result in a DoS condition. Pomerium versio...

Design/Logic Flaw

Pomerium is an open source identity-aware access proxy. Envoy, which Pomerium is based on, can abnormally terminate if an H/2 GOAWAY and SETTINGS frame are received in the same IO event. This can lead to a DoS in the presence of untrusted upstream servers. 0.15.1 contains an upgraded envoy binary...

CVE-2021-39204

CVE-2021-39204 affects Pomerium (Envoy-based) where resetting HTTP/2 streams with excessive complexity can cause high CPU utilization and DoS. Affected versions include prior releases; remediation is to upgrade to Envoy-enabled binaries as used in Pomerium 0.14.8 and 0.15.1, which patch this vuln...

CVE-2021-39195

Misskey is an open source, decentralized microblogging platform. In affected versions a Server-Side Request Forgery vulnerability exists in "Upload from URL" and remote attachment handling. This could result in the disclosure of non-public information within the internal network. This has been...

CVE-2021-39195

Misskey is an open source, decentralized microblogging platform. In affected versions a Server-Side Request Forgery vulnerability exists in "Upload from URL" and remote attachment handling. This could result in the disclosure of non-public information within the internal network. This has been...

Server side request forgery (ssrf)

Misskey is an open source, decentralized microblogging platform. In affected versions a Server-Side Request Forgery vulnerability exists in "Upload from URL" and remote attachment handling. This could result in the disclosure of non-public information within the internal network. This has been...

CVE-2021-39195 Server-Side Request Forgery vulnerability in misskey

Misskey is an open source, decentralized microblogging platform. In affected versions a Server-Side Request Forgery vulnerability exists in "Upload from URL" and remote attachment handling. This could result in the disclosure of non-public information within the internal network. This has been...

Design/Logic Flaw

HashiCorp Consul and Consul Enterprise 1.10.1 Txn.Apply endpoint allowed services to register proxies for other services, enabling access to service traffic. Fixed in 1.8.15, 1.9.9 and 1.10.2...

The gravity.sol router should have pause/unpause functionality.

Handle tensors Vulnerability details In case a hack is occuring or an exploit is discovered, the team or validators in this case should be able to pause functionality until the necessary changes are made to the system. Additionally, the gravity.sol contract should be manged by proxy so that...

Hardcoded credentials

IBM Sterling Secure Proxy 6.0.1, 6.0.2, 2.4.3.2, and 3.4.3.2 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 201160...

Buffer overflow

Envoy is an open source L7 proxy and communication bus designed for large modern service oriented architectures. In affected versions after Envoy sends a locally generated response it must stop further processing of request or response data. However when local response is generated due the intern...

JetBrains TeamCity Licensing Issue Vulnerability

JetBrains TeamCity is a distributed build management and continuous integration tool from JetBrains Jetbrains, a Czech company. The tool provides continuous unit testing, code quality analysis, and build issue analysis reporting.An authorization issue vulnerability exists in versions prior to...

Design/Logic Flaw

Proxyee-Down is open source proxy software. An attacker being able to provide an extension script eg: through a MiTM attack or by hosting a malicious extension may be able to run arbitrary commands on the system running Proxyee-Down. For more details including a PoC see the referenced...

Tranquil WAPT Enterprise 安全漏洞

Tranquil WAPT Enterprise is Tranquil's ideal tool for rapid software deployment, complete inventory of your computer fleet, and monitoring for Windows updates. A security vulnerability exists in Tranquil WAPT Enterprise versions prior to 1.8.2.7373 and prior to 2.0.0.9450, which originates from a...

Exploit for Improper Input Validation in Cisco Catalyst_Sd-Wan_Manager

Exploit for CVE-2021-1480 SD-WAN PoC materials to exploit t...

CVE-2021-32783

Contour (Kubernetes ingress controller) before v1.17.1 is vulnerable to an ExternalName Service misconfiguration that permits access to Envoy’s admin interface from outside the Envoy container. This can enable remote shutdown or draining of Envoy and disclosure of secret metadata used by Envoy, t...