CVE-2021-41827

Zoho ManageEngine Remote Access Plus before 10.1.2121.1 has hardcoded credentials for read-only access. The credentials are in the source code that corresponds to the DCBackupRestore JAR archive...

Pharmacy Point of Sale System 1.0 - (Multiple) SQL Injection Vulnerability

Exploit Title: Pharmacy Point of Sale System 1.0 - 'Multiple' SQL Injection SQLi Exploit Author: Murat Vendor Homepage: https://www.sourcecodester.com/php/14957/pharmacy-point-sale-system-using-php-and-sqlite-free-source-code.html Software Link:...

Storage Unit Rental Management System 1.0 - Remote Code Execution (Unauthenticated) Exploit

Exploit Title: Storage Unit Rental Management System 1.0 - Remote Code Execution RCE Unauthenticated Exploit Author: Fikrat Ghuliev Ghuliev Vendor Homepage: https://www.sourcecodester.com/php/14932/storage-unit-rental-management-system-using-php-free-source-code.html Software Link:...

Storage Unit Rental Management System 1.0 - Remote Code Execution (RCE) (Unauthenticated)

Exploit Title: Storage Unit Rental Management System 1.0 - Remote Code Execution RCE Unauthenticated Date: 28.09.2021 Exploit Author: Fikrat Ghuliev Ghuliev Vendor Homepage: https://www.sourcecodester.com/php/14932/storage-unit-rental-management-system-using-php-free-source-code.html Software Lin...

Concrete CMS: A bypass of adding remote files in concrete5 FIlemanager leads to remote code execution

Hi, I 'm currently testing the latest concretecms on my own pc and found some security problems of file manager. Concretecms allows user to upload remote files via file manager. With some techniques to bypass restriction of this function, a evil user will be able to download arbitary php file int...

Pharmacy Point of Sale System 1.0 - SQLi Authentication BYpass

Exploit Title: Pharmacy Point of Sale System 1.0 - SQLi Authentication Bypass Date: 23.09.2021 Exploit Author: Janik Wehrli Vendor Homepage: https://www.sourcecodester.com/php/14957/pharmacy-point-sale-system-using-php-and-sqlite-free-source-code.html Software Link:...

JSPanda - Client-Side Prototype Pullution Vulnerability Scanner

JSpanda is client-side prototype pollution vulnerability scanner. It has two key features, scanning vulnerability the supplied URLs and analyzing the JavaScript libraries' source code. However, JSpanda cannot detect advanced prototype pollution vulnerabilities. How JSPanda works? Uses multiple...

CVE-2021-41088

Elvish is a programming language and interactive shell, combined into one package. In versions prior to 0.14.0 Elvish's web UI backend started by elvish -web hosts an endpoint that allows executing the code sent from the web UI. The backend does not check the origin of requests correctly. As a...

Budget and Expense Tracker System 1.0 - Arbitrary File Upload Vulnerability

Exploit Title: Budget and Expense Tracker System 1.0 - Arbitrary File Upload Exploit Author: t//\1 Vendor Homepage: https://www.sourcecodester.com/php/14893/budget-and-expense-tracker-system-php-free-source-code.html Tested on: Linux Version: 2.0 Exploit Description: The application is prone to a...

Pharmacy Point Of Sale System 1.0 SQL Injection

Exploit Title: Pharmacy Point of Sale System v1.0 - SQLi Authentication Bypass Date: 23.09.2021 Exploit Author: Janik Wehrli Vendor Homepage: https://www.sourcecodester.com/php/14957/pharmacy-point-sale-system-using-php-and-sqlite-free-source-code.html Software Link:...

South Gate Inn Online Reservation System 1.0 Shell Upload / SQL Injection

Exploit Title: South Gate Inn Online Reservation System v1.0 - Remote Code Execution Date: 21.09.2021 Exploit Author: Janik Wehrli Vendor Homepage: https://www.sourcecodester.com/php/10584/south-gate-inn-online-reservation-system.html Software Link:...

Budget and Expense Tracker System 1.0 - Remote Code Execution (Unauthenticated) Exploit

Exploit Title: Budget and Expense Tracker System 1.0 - Remote Code Execution RCE Unauthenticated Exploit Author: Abdullah Khawaja hax.3xploit Vendor Homepage: https://www.sourcecodester.com/php/14893/budget-and-expense-tracker-system-php-free-source-code.html Software Link:...

Budget and Expense Tracker System 1.0 - Remote Code Execution (RCE) (Unauthenticated)

Exploit Title: Budget and Expense Tracker System 1.0 - Remote Code Execution RCE Unauthenticated Exploit Author: Abdullah Khawaja hax.3xploit Date: 2021-09-21 Vendor Homepage: https://www.sourcecodester.com/php/14893/budget-and-expense-tracker-system-php-free-source-code.html Software Link:...

A week in security (Sept 13 – Sept 19)

Last week on Malwarebytes Labs Why backups aren’t a “silver bullet” against ransomware, with Matt Crape: Lock and Code S02E17 The many tentacles of Magecart Group 8 Apple releases emergency update: Patch, but don’t panic Update now! Google Chrome fixes two in-the-wild zero-days Parts of the Dark...

Church Management System 1.0 - search SQL Injection (Unauthenticated) Vulnerability

Exploit Title: Church Management System 1.0 - 'search' SQL Injection Unauthenticated Exploit Author: Erwin Krazek Nero Vendor Homepage: https://www.sourcecodester.com/php/14949/church-management-system-cms-website-using-php-source-code.html Software Link:...

Budget and Expense Tracker System 1.0 - Authenticated Bypass

Exploit Title: Budget and Expense Tracker System 1.0 - Authenticated Bypass Exploit Author: Prunier Charles-Yves Date: September 20, 2021 Vendor Homepage: https://www.sourcecodester.com/php/14893/budget-and-expense-tracker-system-php-free-source-code.html Software Link:...

Simple Attendance System 1.0 - Authenticated bypass Vulnerability

Exploit Title: Simple Attendance System 1.0 - Authenticated bypass Exploit Author: Abdullah Khawaja hax.3xploit Vendor Homepage: https://www.sourcecodester.com/php/14948/simple-attendance-system-php-and-sqlite-free-source-code.html Software Link:...

Library Management System 1.0 - Blind Time-Based SQL Injection (Unauthenticated) Exploit

Exploit Title: Library Management System 1.0 - Blind Time-Based SQL Injection Unauthenticated Exploit Author: Bobby Cooke @0xBoku & Adeeb Shah @hyd3sec Vendor Homepage: https://www.sourcecodester.com/php/12469/library-management-system-using-php-mysql.html Software Link:...

DNSTake - A Fast Tool To Check Missing Hosted DNS Zones That Can Lead To Subdomain Takeover

A fast tool to check missing hosted DNS zones that can lead to subdomain takeover. What is a DNS takeover? DNS takeover vulnerabilities occur when a subdomain subdomain.example.com or domain has its authoritative nameserver set to a provider e.g. AWS Route 53, Akamai, Microsoft Azure, etc. but th...

Azure Zero-Day Bugs Show Lurking Supply-Chain Risk

Four Microsoft zero-day vulnerabilities in the Azure cloud platform’s Open Management Infrastructure OMI — a software that many don’t know is embedded in a host of services — show that OMI represents a significant security blind spot, researchers said. Collectively dubbed “OMIGOD” because of the...