WebCatalog 48.4 Arbitrary Protocol Execution / Code Execution

Exploit Title: WebCatalog 48.4 - Arbitrary Protocol Execution Date: 9/27/2023 Exploit Author: ItsSixtyN3in Vendor Homepage: https://webcatalog.io/en/ Software Link: https://cdn-2.webcatalog.io/webcatalog/WebCatalog%20Setup%2052.3.0.exe Version: 48.4.0 Tested on: Windows CVE : CVE-2023-42222...

Exploit for Path Traversal in Thruk

Thruk-CVE-2023-34096 Thruk Monitoring Web Interface versions...

GLPI v10.0.1 - Unauthenticated Sensitive Data Exposure Vulnerability

Exploit Title: GLPI v10.0.1 - Unauthenticated Sensitive Data Exposure Version: =10.0.0 and 10.0.2 Author: Nuri Çilengir Vendor Homepage: https://glpi-project.org/ Software Link: https://github.com/glpi-project/glpi Advisory:...

Update now! GoAnywhere MFT zero-day patched

An emergency patch 7.1.2 has been released for an actively exploited zero-day vulnerability found in the GoAnywhere MFT administrator console. GoAnywhere MFT, which stands for managed file transfer, is a software solution that allows businesses to manage and exchange files in a secure and complia...

Researcher Spotlight: Globetrotting with Yuri Kramarz

From the World Cup in Qatar to robotics manufacturing in east Asia, this incident responder combines experience from multiple arenas By Jon Munshaw. Yuri “Jerzy” Kramarz helped secure everything from the businesses supporting the upcoming World Cup in Qatar to the Black Hat security conference an...

Broken Authorization in ZITADEL Actions

Impact Actions, introduced in ZITADEL 1.42.0 on the API and 1.56.0 for Console, is a feature, where users with role ORGOWNER are able to create Javascript Code, which is invoked by the system at certain points during the login. Actions, for example, allow creating authorizations user grants on...

What are the different roles within cybersecurity?

People talk about the cybersecurity job market like it's a monolith, but there are a number of different roles within cybersecurity, depending not only on your skill level and experience but on what you like to do. In fact, Cybercrime Magazine came up with a list of 50 cybersecurity job titles,...

Zoom Screen-Sharing Glitch ‘Briefly’ Leaks Sensitive Data

A security blip in the current version of Zoom could inadvertently leak users’ data to other meeting participants on a call. However, the data is only leaked briefly, making a potential attack difficult to carry out. The flaw CVE-2021-28133 stems from a glitch in the screen sharing function of...

SolarWinds Serv-U FTP Server 15.2.1 Cross Site Scripting

Title: Stored XSS Product: SolarWinds Serv-U FTP Server Vendor Homepage: https://www.solarwinds.com/ Vulnerable Version: 15.2.1 and lower Fixed Version: 15.2.2 CVE Number: CVE-2020-28001 Author: Jack Misiura from The Missing Link Website: https://www.themissinglink.com.au Timeline: 2020-10-30...

Linux/x86 - Add User to /etc/passwd Shellcode (59 bytes)

Exploit Title: Linux/x86 - Add User to /etc/passwd Shellcode 59 bytes Exploit Author: sagar.offsec VL43CK Guided by: Touhid M.Shaikh Designation: Security Consultant at SecureLayer7 Website: https://www.sagaroffsec.com Tested on: Ubuntu i386 GNU/LINUX Shellcode Length: 59...

TP-LINK Wi-Fi Repeater to a vulnerability that can be used for remote code execution-vulnerability warning-the black bar safety net

IBM X-Force researcher Grzegorz Wypych recently issued a warning that some of the TP-Link Wi-Fi Repeater devices there is a serious remote code execution vulnerability, the vulnerability can lead to external attackers access device privileges and execute arbitrary commands. ! IBM Security section...

CyberArk 9.7 - Memory Disclosure

CyberArk 9.7 - Memory Disclosure Exploit Title: CyberArk 9.7 - Memory Disclosure Date: 2018-06-04 Exploit Author: Thomas Zuk @Freakazoidile Vendor Homepage: https://www.cyberark.com/products/privileged-account-security-solution/enterprise-password-vault/ Version: 9.7 and 10 Tested on: Windows 200...

Microsoft Windows 10 - Local Privilege Escalation (UAC Bypass)

Microsoft Windows 10 - Local Privilege Escalation UAC Bypass !/usr/bin/env python Exploit Title: Windows 10 UAC Bypass by computerDefault Date: 2018-10-18 Exploit Author: Fabien DROMAS - Security consultant @ Synetis Twitter: st0rnpentest Vendor Homepage: www.microsoft.com Version: Version...

Smart Lock Security: Interview with hardware.io

In advance of the hardware.io event at The Hague next month Andrew Tierney gave them an interview about smart lock security… Technology today has transformed the traditional locks to smart locks. Thanks to the advancement in the technical frontier. The days of the mechanical lock and keys has...

Joomla JB Tour Booking 2.2.2 SQL Injection Vulnerability

Joomla JB Tour Booking extension 2.2.2 suffers from a remote SQL injection vulnerability. Title: Joomla JB Tour Booking 2.2.2 SQL Injection Credit: Bilal KARDADOU Vendor: https://joombooking.com URL: https://extensions.joomla.org/extensions/extension/vertical-markets/booking-a-reservations/jb-tou...

Bonza Digital Cart Script 1 SQL Injection

Title: Bonza Digital Cart Script v1 - SQL injection Credit: Bilal KARDADOU Vendor: http://www.turnkeycentral.com Vendor URL: http://www.turnkeycentral.com/scripts/bonza-digital-cart-script/ Product: Bonza Digital Cart Script v1 Google Dork: N/A Product & Service Introduction: "Bonza Digital Cart"...

Freelancer Script 4.0.1 SQL Injection

Title: FREELANCER SCRIPT v4.0.1 - Authentication Bypass & SQL injection Credit: Bilal KARDADOU Vendor: http://www.2daybiz.com Vendor URL: http://2daybiz.com/content/products/products/job-site-script/119-freelancer-script.php Product: FREELANCER SCRIPT v4.0.1 Google Dork: N/A Product & Service...

PHP Entrepreneur 1.2 SQL Injection

Title: PHP Entrepreneur Script v1.2 - SQL Injection Credit: Bilal KARDADOU Vendor: www.jobportalscript.com Vendor URL: http://www.jobportalscript.com/entrepreneur-home-basic- version.html Product: PHP Entrepreneur Script. Entrepreneur Script Feature Document : http://www.jobportalscript...

ICAutosales 1.2 SQL Injection

Title: ICAutosales v1.2 - SQL Injection Credit: Bilal KARDADOU Vendor: http://www.icloudcenter.com Vendor URL: http://www.icloudcenter.com/auto-dealer-car-sales-script.htm Product: AUTO DEALER CAR SALES PHP SCRIPT. Google Dork: N/A Product & Service Introduction: ICAutosales is a powerful, highly...

Job Portal Script 3.0 Cross Site Scripting / SQL Injection

Title: Job portal Script v3.0 - SQL Injection / Cross Site Scripting Credit: Bilal KARDADOU Vendor: www.jobportalscript.com Vendor URL: http://www.jobportalscript.com/index.html Product: Job portal site. Google Dork: categorysearch.php?indus= placementpaper.php?pn= ... Product & Service...