Mitsubishi Electric & INEA SmartRTU - Source Code Disclosure

Exploit Title: Mitsubishi Electric & INEA SmartRTU - Source Code Disclosure Date: 2021-17-10 Exploit Author: Hamit CİBO Vendor Homepage: https://www.inea.si Software Link: https://www.inea.si/telemetrija-in-m2m-produkti/mertu/ Version: ME RTU Tested on: Windows CVE : CVE-2018-16060 PoC Request GE...

Huawei EulerOS: Security Advisory for tomcat (EulerOS-SA-2021-2435)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP2 : tomcat (EulerOS-SA-2021-2435)

According to the versions of the tomcat packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - When serving resources from a network location using the NTFS file system, Apache Tomcat versions 10.0.0-M1 to 10.0.0-M9, 9.0.0.M1 to 9.0.39,...

CVE-2021-32072

The MiCollab Client Service component in Mitel MiCollab before 9.3 could allow an attacker to get source code information disclosing sensitive application data due to insufficient output sanitization. A successful exploit could allow an attacker to view source code methods...

Apache Tomcat 10.0.0.M1 < 10.0.0.M10 multiple vulnerabilities

The version of Tomcat installed on the remote host is prior to 10.0.0.M10. It is, therefore, affected by multiple vulnerabilities as referenced in the fixedinapachetomcat10.0.0-m10security-10 advisory. - When serving resources from a network location using the NTFS file system, Apache Tomcat...

SUSE SLES11 Security Update : tomcat6 (SUSE-SU-2021:14705-1)

The remote SUSE Linux SLES11 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:14705-1 advisory. - When running Apache Tomcat versions 9.0.0.M1 to 9.0.0, 8.5.0 to 8.5.22, 8.0.0.RC1 to 8.0.46 and 7.0.0 to 7.0.81 with HTTP PUTs enabled e.g...

Trixbox 2.8.0.4 - (lang) Path Traversal Exploit

Exploit Title: Trixbox 2.8.0.4 - 'lang' Path Traversal Exploit Author: Ron Jost Hacker5preme Credits to: https://secur1tyadvisory.wordpress.com/2018/02/13/trixbox-multiple-path-traversal-vulnerabilities-cve-2017-14537/ Credits to: Sachin Wagh Vendor Homepage:...

Customer Relationship Management (CRM) System 1.0 Cross Site Scripting

Exploit Title: Customer Relationship Management CRM System 1.0 - Stored XSS Date: 11/05/2021 Exploit Author: Richard Jones Vendor Homepage: https://www.sourcecodester.com/php/14794/customer-relationship-management-crm-system-php-source-code.html Software Link:...

EulerOS 2.0 SP3 : tomcat (EulerOS-SA-2021-1856)

According to the versions of the tomcat packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The fix for CVE-2020-9484 was incomplete. When using Apache Tomcat 10.0.0-M1 to 10.0.0, 9.0.0.M1 to 9.0.41, 8.5.0 to 8.5.61 or 7.0.0. to 7.0.107...

Apache Tomcat 7.0.0 < 7.0.107

The version of Tomcat installed on the remote host is prior to 7.0.107. It is, therefore, affected by a vulnerability as referenced in the fixedinapachetomcat7.0.107security-7 advisory. - When serving resources from a network location using the NTFS file system, Apache Tomcat versions 10.0.0-M1 t...

CVE-2021-24122

When serving resources from a network location using the NTFS file system, Apache Tomcat versions 10.0.0-M1 to 10.0.0-M9, 9.0.0.M1 to 9.0.39, 8.5.0 to 8.5.59 and 7.0.0 to 7.0.106 were susceptible to JSP source code disclosure in some configurations. The root cause was the unexpected behaviour of...

CVE-2021-24122

CVE-2021-24122 affects Apache Tomcat across multiple branches (7.0.x, 8.5.x, 9.x, 10.x). Root cause: JSP source disclosure when serving resources from a network/NTFS location due to JRE File.getCanonicalPath() and FindFirstFileW behavior. Affected versions include 10.0.0-M1 to 10.0.0-M9, 9.0.0.M1...

CVE-2020-29041

A misconfiguration in Web-Sesame 2020.1.1.3375 allows an unauthenticated attacker to download the source code of the application, facilitating its comprehension code review. Specifically, JavaScript source maps were inadvertently included in the production Webpack configuration. These maps contai...

Apache Tomcat 8.5.0 < 8.5.60 multiple vulnerabilities

The version of Tomcat installed on the remote host is prior to 8.5.60. It is, therefore, affected by multiple vulnerabilities as referenced in the fixedinapachetomcat8.5.60security-8 advisory. - When serving resources from a network location using the NTFS file system, Apache Tomcat versions...

Car Rental Management System 1.0 Shell Upload

Exploit Title: Car Rental Management System 1.0 - Remote Code Execution Authenticated Date: 2020-11.13 Exploit Author: Mehmet Kelepçe / Gais Cyber Security Author ID: 8763 Vendor Homepage: https://www.sourcecodester.com/php/14544/car-rental-management-system-using-phpmysqli-source-code.html...

Simple Grocery Store Sales And Inventory System 1.0 - Authentication Bypass

Exploit Title: Simple Grocery Store Sales And Inventory System 1.0 - Authentication Bypass Date: 24/09/2020 Exploit Author: Saurav Shukla & Jyotsna Adhana Vendor Homepage: https://www.sourcecodester.com/php/14461/simple-grocery-store-sales-and-inventory-system-using-phpmysql-source-code.html...

Informatica: ..; bypass leading to tomcat scripts [Unauthenticated]

Hello all Using the technique ..; i was able to bypass the protection mechanism to access Tomcat Example Scripts hosted at https://███/. Steps to reproduce 1 - Open all URL's bellow inside your browser https://█████████/..;/examples/servlets/servlet/SessionExample | Will lead to Session...

File Management System 1.1 - Persistent Cross-Site Scripting

Exploit Title: File Management System 1.1 - Persistent Cross-Site Scripting Date: 2020-06-30 Exploit Author: KeopssGroup0day,Inc Vendor Homepage: https://www.sourcecodester.com/download-code?nid=13333&title=File+Management+System+Very+Complete+Using+PHP%2FMySQLi+version+1.1 Software Link:...

RATELIMITED: Source code disclosure at ███

Summary: Source code disclosure at ███████ Steps To Reproduce: POC: link download source code: ███████ Supporting Material/References: █████ ███████ Impact Source Code Disclosure Sensitive Information Disclosure...

Cross site request forgery (csrf)

An issue was discovered in Zammad 3.0 through 3.2. It returns source code of static resources when submitting an OPTIONS request, rather than a GET request. Disclosure of source code allows for an attacker to formulate more precise attacks. Source code was disclosed for the file 404.html...