5335 matches found
Voting System 1.0 SQL Injection
Exploit Title: Voting System 1.0 - Authentication Bypass SQLI Date: 06/05/2021 Exploit Author: secure77 Vendor Homepage: https://www.sourcecodester.com/php/12306/voting-system-using-php.html Software Link:...
Human Resource Information System 0.1 Remote Code Execution
Exploit Title: Human Resource Information System 0.1 - Remote Code Execution Unauthenticated Date: 04-05-2021 Exploit Author: Reza Afsahi Vendor Homepage: https://www.sourcecodester.com Software Link:...
Jetty WEB-INF File Disclosure
File disclosure vulnerability in Jetty via ambiguous paths Vulnerability Type: File Disclosure For the exploit source code contact DSquare Security sales team...
[SECURITY] Fedora 33 Update: python-pygments-2.6.1-6.fc33
Pygments is a generic syntax highlighter for general use in all kinds of software such as forum systems, wikis or other applications that need to prettify source code. Highlights are: a wide range of common languages and markup formats is supported special attention is paid to details that increa...
Schlix CMS 2.2.6-6 Cross Site Scripting
Exploit Title: Schlix CMS 2.2.6-6 - 'title' Persistent Cross-Site Scripting Authenticated Date: 2021-05-05 Exploit Author: Emircan Baş Vendor Homepage: https://www.schlix.com/ Software Link: https://www.schlix.com/downloads/schlix-cms/schlix-cms-v2.2.6-6.zip Version: 2.2.6-6 Tested on: Windows &...
Schlix CMS 2.2.6-6 - (title) Persistent Cross-Site Scripting (Authenticated) Vulnerability
Exploit Title: Schlix CMS 2.2.6-6 - 'title' Persistent Cross-Site Scripting Authenticated Exploit Author: Emircan Baş Vendor Homepage: https://www.schlix.com/ Software Link: https://www.schlix.com/downloads/schlix-cms/schlix-cms-v2.2.6-6.zip Version: 2.2.6-6 Tested on: Windows & WampServer ==...
Schlix CMS 2.2.6-6 - 'title' Persistent Cross-Site Scripting (Authenticated)
Exploit Title: Schlix CMS 2.2.6-6 - 'title' Persistent Cross-Site Scripting Authenticated Date: 2021-05-05 Exploit Author: Emircan Baş Vendor Homepage: https://www.schlix.com/ Software Link: https://www.schlix.com/downloads/schlix-cms/schlix-cms-v2.2.6-6.zip Version: 2.2.6-6 Tested on: Windows &...
Why Software Supply Chain Attacks Are Inevitable and What You Must Do to Protect Your Applications
Most organizations have limited visibility over their software supply chain and little control of up to 95% of the software code they utilize. With multiple code sources from multiple software vendors, the number of known and unknown vulnerabilities quickly grows beyond the capabilities of intern...
Internship Portal Management System 1.0 Shell Upload
Exploit Title: Internship Portal Management System 1.0 - Remote Code Execution Via File Upload Unauthenticated Date: 2021-05-04 Exploit Author: argenestel Vendor Homepage: https://www.sourcecodester.com/php/11712/internship-portal-management-system.html Software Link:...
Exploit for Path Traversal in Atlassian Confluence_Server
Confluence unauthorize template injection CVE-2019-3396...
EulerOS 2.0 SP3 : tomcat (EulerOS-SA-2021-1856)
According to the versions of the tomcat packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The fix for CVE-2020-9484 was incomplete. When using Apache Tomcat 10.0.0-M1 to 10.0.0, 9.0.0.M1 to 9.0.41, 8.5.0 to 8.5.61 or 7.0.0. to 7.0.107...
CVE-2021-29468
Cygwin Git is a patch set for the git command line tool for the cygwin environment. A specially crafted repository that contains symbolic links as well as files with backslash characters in the file name may cause just-checked out code to be executed while checking out a repository using Git on...
Security Bulletin: Vulnerability in Help system affects multiple IBM Rational products based on IBM Jazz technology (CVE-2015-0113)
Summary An undisclosed vulnerability in the help system affects the following IBM Jazz based Applications: Collaborative Lifecycle Management CLM, Rational Requirements Composer RRC, Rational DOORS Next Generation RDNG, Rational Engineering Lifecycle Manager RELM, Rational Team Concert RTC,...
Arbitrary File Download Vulnerability in VUMC Cloud at Shanghai VUMC Software Co.
Ltd. is a foreign trade SaaS service provider, but also a professional foreign trade industry solutions provider. Ltd. VUMA Cloud suffers from an arbitrary file download vulnerability. An attacker can exploit the vulnerability to obtain source code information...
MariaDB: Git Config
Hey Team, I am a Security Researcher and I have found that one of your domain is leaking the git file which may led to source code of git repository exposing can led to sophisticated attacks so kindly remove it. Vuln URL - http://foundation01.mariadb.org/.git/config BEST, ABHINAV SHARMA -...
CVE-2021-25898
An issue was discovered in svc-login.php in Void Aural Rec Monitor 9.0.0.1. Passwords are stored in unencrypted source-code text files. This was noted when accessing the svc-login.php file. The value is used to authenticate a high-privileged user upon authenticating with the server...
Code injection
An issue was discovered in svc-login.php in Void Aural Rec Monitor 9.0.0.1. Passwords are stored in unencrypted source-code text files. This was noted when accessing the svc-login.php file. The value is used to authenticate a high-privileged user upon authenticating with the server...
SUPERNOVA malware discovered on SolarWinds Orion server
The Cybersecurity and Infrastructure Security Agency CISA has reported finding the SUPERNOVA web shell collecting credentials on a SolarWinds Orion server. These observations were made during an incident response to an Advanced Persistent Threat APT actor’s year-long compromise of an enterprise...
Void Aural Rec Monitor 信任管理问题漏洞
Void Aural Rec Monitor is an application from the Spanish company Void. Void Aural Rec Monitor in version 9.0.0.1 suffers from an information disclosure vulnerability that originates from the svc-login.php password being stored in an unencrypted source code text file, which can be exploited to ga...
CVE-2021-27393
A vulnerability has been identified in Nucleus NET All versions, Nucleus ReadyStart V3 All versions V2013.08, Nucleus Source Code Versions including affected DNS modules. The DNS client does not properly randomize UDP port numbers of DNS requests. That could allow an attacker to poison the DNS...