All-In-One Security (AIOS) < 5.1.5 - Admin+ Stored XSS

The plugin does not escape the content of log files before outputting it to the plugin admin page, allowing an authorized user admin+ to plant bogus log files containing malicious JavaScript code that will be executed in the context of any administrator visiting this page. Just create a test.pdf...

Amazon JS <= 0.10 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. amazonjs asin='XSS' imgsize='"...

WP Google Map < 1.8.4 - Arbitrary Post Deletion and Plugin's Settings Update via CSRF

The plugin does not have CSRF checks in most of its AJAX actions, which could allow attackers to make logged in admins delete arbitrary posts and update the plugin's settings via a CSRF attack Removing post: fetch"https://example.com/wp-admin/admin-ajax.php", "headers": "content-type":...

Redirection for Contact Form 7 < 2.3.4 - Authenticated Arbitrary Plugin Installation

In the plugin, low level users, such as subscribers, could use the importfromdebug AJAX action to install any plugin from the WordPress repository. $wpuser, 'pwd' = $wppass, 'rememberme' = 'forever', 'wp-submit' = 'Log+In', ; $output = curlexec$ch; curlclose$ch; // Install some plugins $ch =...

thejshen Globitek CMS 1.4 - &#039;id&#039; SQL Injection

Exploit Title: thejshen Globitek CMS 1.4 - 'id' SQL Injection Date: 2019-11-01 Exploit Author: Cakes Vendor Homepage: https://github.com/thejshen/contentManagementSystem Software Link: https://github.com/thejshen/contentManagementSystem.git Version: 1.4 Tested on: CentOS 7 CVE: N/A The GET reques...

ICAuction 2.2 - id SQL Injection

ICAuction 2.2 - id SQL Injection Exploit Title: eBay like Auction PHP Script 2.2 - SQL Injection Dork: N/A Date: 13.09.2017 Vendor Homepage: http://www.icloudcenter.com/ Software Link: http://www.icloudcenter.com/ebay-like-auction-script.htm Demo: http://icloudcenter.net/demos/icauction/ Version:...

Sony Playstation 4 (PS4) 1.76 - dlclose Linux Kernel Loader

Sony Playstation 4 PS4 1.76 - dlclose Linux Kernel Loader / Code written based on info available here http://cturt.github.io/dlclose-overflow.html See attached LICENCE file Thanks to CTurt and qwertyoruiop - @kr105rlz Download:...

GeoIP GeoIPUpdate.C目录遍历漏洞

GeoIP是一款用于识别Web网站访问者的所在国家应用软件。 GeoIP不正确处理用户提交的请求，远程攻击者可以利用漏洞以进程权限查看系统文件内容。 问题是由于对'updategetfilename'提交的数据缺少过滤，提交包含多个"../"字符作为参数数据，可绕过WEB ROOT限制，以应用程序进程权限执行任意指令。 Maxmind geopip 0 MandrakeSoft Corporate Server 4.0 x8664 MandrakeSoft Corporate Server 4.0 目前没有解决方案提供： http://www.maxmind.com/app/locate...