Trixbox 2.8.0.4 - (lang) Path Traversal Exploit

Exploit Title: Trixbox 2.8.0.4 - 'lang' Path Traversal Exploit Author: Ron Jost Hacker5preme Credits to: https://secur1tyadvisory.wordpress.com/2018/02/13/trixbox-multiple-path-traversal-vulnerabilities-cve-2017-14537/ Credits to: Sachin Wagh Vendor Homepage:...

FreeBSD-SA-21:11.smap

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-21:11.smap Security Advisory The FreeBSD Project Topic: SMAP bypass Category: core Module: amd64 Announced: 2021-05-26 Credits: I lost my dog if you see him...

Fuzzing iOS code on macOS at native speed

Or how iOS apps on macOS work under the hood Posted by Samuel Groß, Project Zero This short post explains how code compiled for iOS can be run natively on Apple Silicon Macs. With the introduction of Apple Silicon Macs, Apple also made it possible to run iOS apps natively on these Macs. This is...

Dental Clinic Appointment Reservation System 1.0 Cross Site Request Forgery

Exploit Title: Dental Clinic Appointment Reservation System 1.0 - Cross Site Request Forgery Add Admin Date: 15-05-2021 Exploit Author: Reza Afsahi Vendor Homepage: https://www.sourcecodester.com/php/6848/appointment-reservation-system.html Software Link:...

Dental Clinic Appointment Reservation System 1.0 - Cross Site Request Forgery (Add Admin)

Exploit Title: Dental Clinic Appointment Reservation System 1.0 - Cross Site Request Forgery Add Admin Date: 15-05-2021 Exploit Author: Reza Afsahi Vendor Homepage: https://www.sourcecodester.com/php/6848/appointment-reservation-system.html Software Link:...

Mubeng - An Incredibly Fast Proxy Checker And IP Rotator With Ease

An incredibly fast proxy checker & IP rotator with ease. Features Proxy IP rotator : Rotates your IP address for every specific request. Proxy checker : Check your proxy IP which is still alive. All HTTP/S methods are supported. HTTP & SOCKSv5 proxy protocols apply. All parameters & URIs are...

Rapid7 Source Code Breached in Codecov Supply-Chain Attack

Cybersecurity company Rapid7 on Thursday revealed that unidentified actors improperly managed to get hold of a small portion of its source code repositories in the aftermath of the software supply chain compromise targeting Codecov earlier this year. "A small subset of our source code repositorie...

Ransomware Going for $4K on the Cyber-Underground

In the cybercriminal underground, ransomware samples and builders are going for anywhere between $300 to $4,000, with ransomware-as-a-service rentals costing $120 to $1,900 per year. That’s according to an analysis by Kaspersky of the three main underground forums where ransomware is circulated...

Heap-based Buffer Overflow in axiomatic-systems/bento4

✍️ Description heap-buffer-overflow 🕵️‍♂️ Proof of Concept Verification steps： 1.Get the source code of Bento4 2.Compile the Bento4 bash $ cd Bento4 $ mkdir checkbuild && cd checkbuild $ cmake ../ -DCMAKECCOMPILER=clang -DCMAKECXXCOMPILER=clang++ -DCMAKECFLAGS="-fsanitize=address"...

Dental Clinic Appointment Reservation System 1.0 - (date) UNION based SQL Injection Vulnerability

Exploit Title: Dental Clinic Appointment Reservation System 1.0 - 'date' UNION based SQL Injection Authenticated Exploit Author: Mesut Cetin Vendor Homepage: https://www.sourcecodester.com/php/6848/appointment-reservation-system.html Software Link:...

Dental Clinic Appointment Reservation System 1.0 SQL Injection

Exploit Title: Dental Clinic Appointment Reservation System 1.0 - Authentication Bypass SQLi Date: 12.05.2021 Exploit Author: Mesut Cetin Vendor Homepage: https://www.sourcecodester.com/php/6848/appointment-reservation-system.html Software Link:...

Researchers Flag e-Voting Security Flaws

A group of election security experts said after a deep dive into Australia’s electronic voting systems that they have “serious problems” with the accuracy, integrity and privacy with elections run by the Australian Capital Territory ACT Electoral Commission. The team of four cybersecurity...

in axiomatic-systems/bento4

✍️ Description NULL pointer dereference of Ap4Descriptor.h in function GetTag 🕵️‍♂️ Proof of Concept Verification steps： 1.Get the source code of Bento4 2.Compile the Bento4 bash $ cd Bento4 $ mkdir checkbuild && cd checkbuild $ cmake ../ -DCMAKECCOMPILER=clang -DCMAKECXXCOMPILER=clang++...

Customer Relationship Management (CRM) System 1.0 Shell Upload Vulnerability

Exploit Title: Customer Relationship Management CRM Unrestricted File Upload unauthenticated Exploit Author: Richard Jones Vendor Homepage: https://www.sourcecodester.com/php/14794/customer-relationship-management-crm-system-php-source-code.html Software Link:...

LIVE555 Streaming Media has an unspecified vulnerability

LIVE555 Streaming Media is an application from LIVE555 USA, Inc. a standards-based RTP/RTCP/RTSP/SIP multimedia streaming source code library for embedded and/or low-cost streaming applications.A security vulnerability exists in versions prior to LIVE555 Streaming Media 2021.3.16, which stems fro...

Customer Relationship Management (CRM) System 1.0 SQL Injection Vulnerability

Exploit Title: Customer Relationship Management CRM System 1.0 - Admin Bypass SQLi Exploit Author: Richard Jones Vendor Homepage: https://www.sourcecodester.com/php/14794/customer-relationship-management-crm-system-php-source-code.html Software Link:...

Customer Relationship Management (CRM) System 1.0 Shell Upload

Exploit Title: Customer Relationship Management CRM Unrestricted File Upload unauthenticated Date: 11/05/2021 Exploit Author: Richard Jones Vendor Homepage: https://www.sourcecodester.com/php/14794/customer-relationship-management-crm-system-php-source-code.html Software Link:...

Customer Relationship Management (CRM) System 1.0 Cross Site Scripting

Exploit Title: Customer Relationship Management CRM System 1.0 - Stored XSS Date: 11/05/2021 Exploit Author: Richard Jones Vendor Homepage: https://www.sourcecodester.com/php/14794/customer-relationship-management-crm-system-php-source-code.html Software Link:...

Human Resource Information System 0.1 - 'First Name' Persistent Cross-Site Scripting (Authenticated)

Exploit Title: Human Resource Information System 0.1 - 'First Name' Persistent Cross-Site Scripting Authenticated Date: 04-05-2021 Exploit Author: Reza Afsahi Vendor Homepage: https://www.sourcecodester.com Software Link:...

Voting System 1.0 - Remote Code Execution (Unauthenticated) Vulnerability

Exploit Title: Voting System 1.0 - Remote Code Execution Unauthenticated Exploit Author: secure77 Vendor Homepage: https://www.sourcecodester.com/php/12306/voting-system-using-php.html Software Link:...