9 matches found
WordPress 5.7 - (Media Library) XML External Entity Injection Authenticated Vulnerability
Exploit Title: WordPress 5.7 - 'Media Library' XML External Entity Injection XXE Authenticated Exploit Author: David Utón M3n0sD0n4ld Vendor Homepage: https://wordpress.com Affected Version: WordPress 5.6-5.7 & PHP8 Tested on: Linux Ubuntu 18.04.5 LTS CVE : CVE-2021-29447 !/bin/bash Author:...
Strapi 3.0.0-beta.17.7 - Remote Code Execution (Authenticated) Exploit
Exploit Title: Strapi 3.0.0-beta.17.7 - Remote Code Execution RCE Authenticated Date: 29/08/2021 Exploit Author: David Utón M3n0sD0n4ld Vendor Homepage: https://strapi.io/ Affected Version: strapi-3.0.0-beta.17.7 and earlier Tested on: Linux Ubuntu 18.04.5 LTS CVE : CVE-2019-19609 !/usr/bin/pytho...
Strapi 3.0.0-beta.17.7 Remote Code Execution
Exploit Title: Strapi 3.0.0-beta.17.7 - Remote Code Execution RCE Authenticated Date: 29/08/2021 Exploit Author: David Utón M3n0sD0n4ld Vendor Homepage: https://strapi.io/ Affected Version: strapi-3.0.0-beta.17.7 and earlier Tested on: Linux Ubuntu 18.04.5 LTS CVE : CVE-2019-19609 !/usr/bin/pytho...
Brave Software: Brave Browser Tor Window leaks user's real IP to the external DNS server
Summary: When a user navigates to a URL in Tor Window, the DNS requests are sent directly without using the Tor proxy, which leaks the user's real IP address and the requested domain name to the user's ISP and the DNS server. Products affected: OS: Ubuntu 18.04.5 LTS x8664 Brave: Version 1.18.78...
Online Students Management System 1.0 - 'username' SQL Injections
Title: Online Students Management System 1.0 - 'username' SQL Injections Exploit Author: George Tsimpidas Date: 2020-10-09 Vendor Homepage: www.sourcecodester.com Software Link: https://www.sourcecodester.com/sites/default/files/download/janobe/studentrecord0.zip Version : 1.0 Tested on: Ubuntu...
Liman 0.7 - Cross-Site Request Forgery (Change Password)
Exploit Title: Liman 0.7 - Cross-Site Request Forgery Change Password Date: 2020-10-07 Exploit Author: George Tsimpidas Software Link : https://github.com/salihciftci/liman/releases/tag/v0.7 Version: 0.7 Tested on: Ubuntu 18.04.5 LTS Bionic Beaver Category: Webapp Description: There is no CSRF...
Online Student's Management System SQL Injection
Title: Online Student's Management System - Unauthenticated Multiple SQL Injections Exploit Author: George Tsimpidas Date: 2020-10-09 Vendor Homepage: www.sourcecodester.com Software Link: https://www.sourcecodester.com/sites/default/files/download/janobe/studentrecord0.zip Tested on: Ubuntu...
Seat Reservation System 1.0 Cross Site Scripting
Exploit Title: Seat Reservation System 1.0 Persistent Cross-Site Scripting Date: 10-08-2020 Exploit Author: George Tsimpidas Vendor Homepage: www.sourcecodester.com Software Link: https://www.sourcecodester.com/sites/default/files/download/oretnom23/seat-reservation-system-using-php0.zip Version:...
Nextcloud: Stored XSS in collabora via user name
Affected: collabora and nextcloud Ubuntu 18.04.5 LTS Nextcloud 19.0.1 snap version collabora CODE The name of the user is displayed when him joins to edit the document allowing the attacker trigger xss. Impact Set the name of the attacker account to Create a new document → share the document with...