Amazon Linux 2023 : dnsmasq, dnsmasq-utils (ALAS2023-2026-1516)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1516 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks...

Device Mode Transition Detected (High)

The state of the controller code changed, regardless of the state expected by the process. When not part of scheduled maintenance, forcing can be used to introduce hard-to-detect, long-lasting changes that are harmful to operations. This plugin only works with Tenable.ot. Please visit...

Xmind 2020 Cross Site Scripting / Code Execution

Exploit Title: Xmind 2020 XSS to RCE Exploit Author: TaurusOmar Twitter:@TaurusOmar HomePage:taurusomar.com Date: May 4th, 2021 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Risk: High 8.8 Vendor Homepage: https://www.xmind.net/ Version: 2020 Tested on: Windows, Linux, MacOs Software Description:...

Marky 0.0.1 - XSS to Remote Command Execution Vulnerability

Exploit Title: Marky 0.0.1 - XSS to RCE Exploit Author: TaurusOmar CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Risk: High 8.8 Vendor Homepage: https://github.com/vesparny/marky Version: 0.0.1 Tested on: Linux, MacOs, Windows Software Description: Marky is an editor for markdown with a friendly...

Tagstoo 2.0.1 - Stored XSS to Remote Command Execution Vulnerability

Exploit Title: Tagstoo 2.0.1 - Stored XSS to RCE Exploit Author: TaurusOmar CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Risk: High 8.8 Vendor Homepage: https://tagstoo.sourceforge.io/ Version: v2.0.1 Tested on: Windows, Linux, MacOs Software Description: Software to tag folders and files, with...

Xmind 2020 - Persistent Cross-Site Scripting

Exploit Title: Xmind 2020 - XSS to RCE Exploit Author: TaurusOmar Date: May 4th, 2021 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Risk: High 8.8 Vendor Homepage: https://www.xmind.net/ Version: 2020 Tested on: Windows, Linux, MacOs Software Description: XMind, a full-featured mind mapping and...

Mitel 6869i Voip Deskphone 4.2.2032 Command Injection

BlueBox Security http://www.bluebox-security.de/ securityatbluebox-security.de bbs-2019.001.txt 08-August-2019 Vendor: Mitel Affected Products: Mitel 6869i Voip Deskphone Version 4.2.2032 - SIP Not Affected: unknown Vulnerability: Mitel 6869i SIP Deskphone 4.2.2032: Unauthenticated Bash Command...

XOOPS CMS 2.5.9 SQL Injection

Sql Injection on XOOPS CMS v.2.5.9 + Date: 12/05/2019 + Risk: High + CWE Number : CWE-89 + Author: Felipe Andrian Peixoto + Vendor Homepage: https://xoops.org/ + Contact: [email protected] + Tested on: Windows 7 and Gnu/Linux + Dork: inurl:gerarpdf.php inurl:modules // use your brain ; +...

PHPads 2.0 SQL Injection

Sql Injection on PHPads Version 2.0 based on Pixelledads 1.0 by Nile Flores + Date: 05/05/2019 + Risk: High + CWE Number : CWE-89 + Author: Felipe Andrian Peixoto + Vendor Homepage: https://blondish.net/ + Software Demo : https://github.com/blondishnet/PHPads/blob/master/readme.txt + Contact:...

WordPress Forminator 1.5.4 Cross Site Scripting / SQL Injection

Vulnerability: Unauthenticated Persistent XSS, Blind SQL Injection Affected Software: Forminator Affected Version: 1.5.4 Patched Version: 1.6 CVE: not requested Risk: High Vendor Contacted: 11/25/2018 Vendor Fix: 12/10/2018 Public Disclosure: 02/05/2019 Credit: Tim Coen Unauthenticated Persistent...

WordPress Clean Up Optimizer 4.0.0 SQL Injection

DefenseCode ThunderScan SAST Advisory: WordPress Clean Up Optimizer Plugin Security Vulnerability Advisory ID: DC-2017-12-004 Advisory Title: WordPress Clean Up Optimizer Plugin Security Vulnerability Advisory URL: http://www.defensecode.com/advisories.php Software: WordPress Clean Up Optimizer...

Solaris 10 (x86) : 147220-01 (deprecated)

SunOS 5.10x86: libgphoto2.so.2.0.3 patch. Date this patch was last updated by Sun : Jan/17/12 This plugin has been deprecated and either replaced with individual 147220 patch-revision plugins, or deemed non-security related. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. @DEPRECATED@ Disabl...

Joomla Shape 5 MP3 Player 2.0 Local File Disclosure Exploit

Joomla Shape 5 MP3 Player version 2.0 suffers from a local file disclosure vulnerability. Joomla = Shape 5 MP3 Player 2.0 Local File Disclosure Exploit My + Author : KnocKout Contact : email protected Skype : email protected HomePage : http://h4x0resec.blogspot.com Greetz : b3mb4m, ZoRLu, KedAns-...

Gökhan Balbal Script 2.0 - Cross-Site Request Forgery

. | | / | | \ \ | | \ / | |\ / / /\ \ / \ | Y / ^ / / || / / / / /\ /\ \ \ \ | / \ / / \ | \ \ / // / \ / / / / Gökhan Balbal v2.0 = Cross-Site Request Forgery Exploit Add Admin My + Author : KnocKout Contact : [email protected] HomePage : http://milw00rm.com -...

ThemeMakers WordPress Themes Information Disclosure

WordPress 'ALL Themes' Developed By "ThemeMakers" File Information Exposure CWE: CWE-538 Risk: High Author: Hugo Santiago dos Santos Contact: [email protected] Date: 15/05/2015 Vendor Homepage: http://themeforest.net/user/ThemeMakers/portfolio ALL THEMES Google Dork:...

Lazarus Guestbook 1.22 XSS / SQL Injection

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= INDEPENDENT SECURITY RESEARCHER PENETRATION TESTING SECURITY -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Exploit Title: Lazarus Guestbook 1.22 Multiple Persistent Cross-Site Scripting - Sql Injection Vulnerability Date: 23/12/2014 Url Vendor:...

GQ File Manager 0.2.5 Sql Injection / Cross Site Scripting Vulnerabilities

GQ File Manager version 0.2.5 suffers from cross site scripting and remote SQL injection vulnerabilities. Exploit Title: GQ File Manager - Sql Injection - Cross Site Scripting Vulnerability's Date: 19/12/2014 Url Vendor: http://installatron.com/phpfilemanager Vendor Name: GQ File Manager Version:...

Codiad 2.4.3 Cross Site Scripting / Local File Inclusion Vulnerabilities

Codiad version 2.4.3 suffers from cross site scripting and local file inclusion vulnerabilities. Exploit Title: Codiad - Cross Site Scripting - Local File Inclusion Vulnerability's Date: 19/12/2014 Url Vendor: http://codiad.com/ Vendor Name: Codiad Version: 2.4.3 CVE: CVE-2014-1137 Author:...

Codiad 2.4.3 Cross Site Scripting / Local File Inclusion

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= INDEPENDENT SECURITY RESEARCHER PENETRATION TESTING SECURITY -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Exploit Title: Codiad - Cross Site Scripting - Local File Inclusion Vulnerability's Date: 19/12/2014 Url Vendor: http://codiad.com/ Vendor Name: Codiad Version:...

Mulitple WordPress Themes - admin-ajax.php?img Arbitrary File Download

Mulitple WordPress Themes - admin-ajax.php?img Arbitrary File Download WordPress CuckooTap Theme & eShop Arbitrary File Download Risk: High CWE number: CWE-200 Author: Hugo Santiago Contact: [email protected] Date: 31/08/2014 Vendor Homepage:...