5327 matches found
Twitch hacked- Source code and Streamer payment figures leaked
By Waqas Twitch has undergone a massive hack resulting in leaking the source code for its unreleased streaming service, creator payout details, and other sensitive information. This is a post from HackRead.com Read the original post: Twitch hacked- Source code and Streamer payment figures leaked...
Exploit for Path Traversal in Apache Http_Server
CVE-2021-41773 CVE-2021-41773 POC with Docker Configurati...
Student Quarterly Grading System 1.0 SQL Injection
Exploit Title: Student Quarterly Grading System 1.0 - SQLi Authentication Bypass Date: 04.10.2021 Exploit Author: Blackhan Vendor Homepage: https://www.sourcecodester.com/php/14953/student-quarterly-grading-system-using-php-and-sqlite-free-source-code.html Software Link:...
GHSA-9378-F4V7-JGM4 Deserialization of Untrusted Data in org.apache.ddlutils:ddlutils
Apache DB DdlUtils 1.0 included a BinaryObjectsHelper that was intended for use when migrating database data with a SQL data type of BINARY, VARBINARY, LONGVARBINARY, or BLOB between databases using the ddlutils features. The BinaryObjectsHelper class was insecure and used...
Vehicle Service Managment System 1.0 Shell Upload
Exploit Title: Vehicle Service Managment 1.0 - RCE Unauthenticated Date: 2021-10-02 Exploit Author: RICHARD JONES Vendor Homepage: https://www.sourcecodester.com/php/14972/vehicle-service-management-system-php-free-source-code.html Software Link:...
Young Entrepreneur E-Negosyo System 1.0 SQL Injection
Exploit Title: Young Entrepreneur E-Negosyo System 1.0 - SQL Injection Authentication Bypass Date: 2021-10-02 Exploit Author: Jordan Glover Vendor Homepage: https://www.sourcecodester.com/php/12684/young-entrepreneur-e-negosyo-system.html Software Link:...
Company's Recruitment Management System SQL Injection
Description of vulnerability: The Company's Recruitment Management System by: oretnom23 in id=2 of the parameter from viewvacancy app on-page appears to be vulnerable to SQL Injection - Stealing the Password Hashes attacks. The payloads 19424269' or '1309'='1309 and 39476597' or '2917'='2923 were...
Vehicle Service Management System 1.0 SQL Injection
Exploit Title: Vehicle Service Managment 1.0 - SQL Injection Error Based Date: 2021-10-02 Exploit Author: RICHARD JONES Vendor Homepage: https://www.sourcecodester.com/php/14972/vehicle-service-management-system-php-free-source-code.html Software Link:...
Lodging Reservation Management System 1.0 SQL Injection
Exploit Title: Lodging Reservation Management System 1.0 - SQL Injection / Authentication Bypass Date: 2021-09-20 Exploit Author: Nitin Sharmavidvansh Vendor Homepage: https://www.sourcecodester.com/php/14883/lodging-reservation-management-system-php-free-source-code.html Software Link:...
Vehicle Service Management System 1.0 Shell Upload
Exploit Title: Vehicle Service Management System 1.0 - Remote Code Execution RCE Unauthenticated Date: 30.09.2021 Exploit Author: Fikrat Ghuliev Ghuliev Vendor Homepage: https://www.sourcecodester.com/php/14972/vehicle-service-management-system-php-free-source-code.html Software Link:...
CVE-2021-41827
Zoho ManageEngine Remote Access Plus before 10.1.2121.1 has hardcoded credentials for read-only access. The credentials are in the source code that corresponds to the DCBackupRestore JAR archive...
Hardcoded credentials
Zoho ManageEngine Remote Access Plus before 10.1.2121.1 has hardcoded credentials for read-only access. The credentials are in the source code that corresponds to the DCBackupRestore JAR archive...
CVE-2021-41827
Zoho ManageEngine Remote Access Plus before 10.1.2121.1 has hardcoded credentials for read-only access. The credentials are in the source code that corresponds to the DCBackupRestore JAR archive...
Pharmacy Point of Sale System 1.0 - (Multiple) SQL Injection Vulnerability
Exploit Title: Pharmacy Point of Sale System 1.0 - 'Multiple' SQL Injection SQLi Exploit Author: Murat Vendor Homepage: https://www.sourcecodester.com/php/14957/pharmacy-point-sale-system-using-php-and-sqlite-free-source-code.html Software Link:...
Storage Unit Rental Management System 1.0 - Remote Code Execution (RCE) (Unauthenticated)
Exploit Title: Storage Unit Rental Management System 1.0 - Remote Code Execution RCE Unauthenticated Date: 28.09.2021 Exploit Author: Fikrat Ghuliev Ghuliev Vendor Homepage: https://www.sourcecodester.com/php/14932/storage-unit-rental-management-system-using-php-free-source-code.html Software Lin...
Storage Unit Rental Management System 1.0 - Remote Code Execution (Unauthenticated) Exploit
Exploit Title: Storage Unit Rental Management System 1.0 - Remote Code Execution RCE Unauthenticated Exploit Author: Fikrat Ghuliev Ghuliev Vendor Homepage: https://www.sourcecodester.com/php/14932/storage-unit-rental-management-system-using-php-free-source-code.html Software Link:...
Concrete CMS: A bypass of adding remote files in concrete5 FIlemanager leads to remote code execution
Hi, I 'm currently testing the latest concretecms on my own pc and found some security problems of file manager. Concretecms allows user to upload remote files via file manager. With some techniques to bypass restriction of this function, a evil user will be able to download arbitary php file int...
Pharmacy Point of Sale System 1.0 - SQLi Authentication BYpass
Exploit Title: Pharmacy Point of Sale System 1.0 - SQLi Authentication Bypass Date: 23.09.2021 Exploit Author: Janik Wehrli Vendor Homepage: https://www.sourcecodester.com/php/14957/pharmacy-point-sale-system-using-php-and-sqlite-free-source-code.html Software Link:...
JSPanda - Client-Side Prototype Pullution Vulnerability Scanner
JSpanda is client-side prototype pollution vulnerability scanner. It has two key features, scanning vulnerability the supplied URLs and analyzing the JavaScript libraries' source code. However, JSpanda cannot detect advanced prototype pollution vulnerabilities. How JSPanda works? Uses multiple...
CVE-2021-41088
Elvish is a programming language and interactive shell, combined into one package. In versions prior to 0.14.0 Elvish's web UI backend started by elvish -web hosts an endpoint that allows executing the code sent from the web UI. The backend does not check the origin of requests correctly. As a...