5335 matches found
WebTareas 2.0p8 Cross Site Scripting Vulnerability
Exploit for php platform in category web applications Exploit Title: WebTareas v2.0p8 - Login Portal - Reflected Cross Site Scripting XSS Exploit Author: Bobby Cooke Vendor Homepage: http://webtareas.sf.net/ Software Link:...
Blaauw Remote Kiln Control Information Disclosure Vulnerability (CNVD-2020-28485)
The Blaauw Remote Kiln Control is an automated ceramic kiln controller from Blaauw in the Netherlands. An information disclosure vulnerability exists in Blaauw Remote Kiln Control. An attacker could exploit the vulnerability to enumerate sensitive file names and locations including source code...
WebTareas 2.0p8 Cross Site Scripting
Exploit Title: WebTareas v2.0p8 - Login Portal - Reflected Cross Site Scripting XSS Exploit Author: Bobby Cooke Date: May 7th, 2020 Vendor Homepage: http://webtareas.sf.net/ Software Link: https://sourceforge.net/projects/webtareas/files/2.0p8/webTareas-v2.0p8.zip/download Version: v2.0p8 Tested...
CVE-2020-10972
An issue was discovered where a page is exposed that has the current administrator password in cleartext in the source code of the page. No authentication is required in order to reach the page a certain live?.shtml page with the variable syspasswd. Affected Devices: Wavlink WN530HG4, Wavlink...
CVE-2019-18867
Browsable directories in Blaauw Remote Kiln Control through v3.00r4 allow an attacker to enumerate sensitive filenames and locations, including source code. This affects /ajax/, /common/, /engine/, /flash/, /images/, /Images/, /jscripts/, /lang/, /layout/, /programs/, and /sms/...
CVE-2019-18867
Browsable directories in Blaauw Remote Kiln Control through v3.00r4 allow an attacker to enumerate sensitive filenames and locations, including source code. This affects /ajax/, /common/, /engine/, /flash/, /images/, /Images/, /jscripts/, /lang/, /layout/, /programs/, and /sms/...
Design/Logic Flaw
Browsable directories in Blaauw Remote Kiln Control through v3.00r4 allow an attacker to enumerate sensitive filenames and locations, including source code. This affects /ajax/, /common/, /engine/, /flash/, /images/, /Images/, /jscripts/, /lang/, /layout/, /programs/, and /sms/...
CVE-2019-18867
Technical details about CVE-2019-18867 are not publicly provided in the supplied connected documents. Monitor for updates from vendors and security advisories.
Online Clothing Store 1.0 SQL Injection
Exploit Title: Online Clothing Store 1.0 - 'username' SQL Injection Date: 2020-05-05 Exploit Author: Sushant Kamble Vendor Homepage: https://www.sourcecodester.com/php/14185/online-clothing-store.html Software Link:...
Pisay Online E-Learning System 1.0 SQL Injection / Code Execution
Exploit Title: Pisay Online E-Learning System v1.0 - SQLi Auth Bypass + Remote Code Execution RCE Exploit Author: Bobby Cooke Date: May 5th, 2020 Vendor Homepage: https://www.sourcecodester.com/php/14192/pisay-online-e-learning-system-using-phpmysql.html Software Link:...
Klar - Integration Of Clair And Docker Registry
Integration of Clair and Docker Registry supports both Clair API v1 and v3 Klar is a simple tool to analyze images stored in a private or public Docker registry for security vulnerabilities using Clair https://github.com/coreos/clair. Klar is designed to be used as an integration tool so it relie...
Online Scheduling System 1.0 - Persistent Cross-Site Scripting
Exploit Title: Online Scheduling System 1.0 - Persistent Cross-Site Scripting Exploit Author: Bobby Cooke Date: 2020-04-30 Vendor Homepage: https://www.sourcecodester.com/php/14168/online-scheduling-system.html Software Link:...
Chinese COVID-19 detection firm hacked; source code sold on dark web
By Sudais Asif The hackers claim to have stolen a trove of data that is currently being sold on the dark web. This is a post from HackRead.com Read the original post: Chinese COVID-19 detection firm hacked; source code sold on dark web...
Valve Confirms CS:GO, Team Fortress 2 Source-Code Leak
The discovery of leaked source code for two popular games – Counter-Strike: Global Offensive CS:GO and Team Fortress 2 – has led to security concerns and even calls for gamers to uninstall the software from their computers. The developer and publisher of the two games, Valve, is downplaying the...
CS:GO & Team Fortress 2 source code leaked – Virus alert for TF2
By Waqas The source code for Counter-Strike Global Offensive CS:GO and Team Fortress 2 TF2 have been leaked. This is a post from HackRead.com Read the original post: CS:GO & Team Fortress 2 source code leaked - Virus alert for TF2...
Information disclosure of source code in SimpleSAMLphp
Background The module controller in SimpleSAML\Module that processes requests for pages hosted by modules, has code to identify paths ending with .php and process those as PHP code. If no other suitable way of handling the given path exists it presents the file to the browser. Description The che...
GHSA-24M3-W8G9-JWPQ Information disclosure of source code in SimpleSAMLphp
Background The module controller in SimpleSAML\Module that processes requests for pages hosted by modules, has code to identify paths ending with .php and process those as PHP code. If no other suitable way of handling the given path exists it presents the file to the browser. Description The che...
Information Disclosure
simplesamlphp is vulnerable to information disclosure. It does not properly handle a request with an uppercase file extension '.PHP', causing the server to disclose the contents of the file by sending to the browser instead of executing it and therefore leaking the sensitive source code in...
CVE-2020-5301
SimpleSAMLphp versions before 1.18.6 contain an information disclosure vulnerability. The module controller in SimpleSAML\Module that processes requests for pages hosted by modules, has code to identify paths ending with .php and process those as PHP code. If no other suitable way of handling the...
Information disclosure
SimpleSAMLphp versions before 1.18.6 contain an information disclosure vulnerability. The module controller in SimpleSAML\Module that processes requests for pages hosted by modules, has code to identify paths ending with .php and process those as PHP code. If no other suitable way of handling the...