17 matches found
Exploit for Incorrect Authorization in Polkit_Project Polkit
Exploit for CVE-2021-3560 Polkit - Local Privilege Escalatio...
Arunna 1.0.0 Cross Site Request Forgery
Exploit Title: Arunna 1.0.0 - 'Multiple' Cross-Site Request Forgery CSRF Date: November 29, 2021 Exploit Author: =LL= Detailed Bug Description: https://lyhinslab.org/index.php/2021/11/29/how-white-box-hacking-works-xss-csrf-in-arunna/ Vendor Homepage: https://github.com/arunna Software Link:...
Heap-based Buffer Overflow in vim/vim
Description Greetings, A Heap-based Buffer Overflow issue was discovered in Vim. The POC file is reduced to the absolute minimum to reproduce the problem. Please see sanitizer output and the "trimmed" POC file link below. System info OS version : Ubuntu 20.04.2 LTS + Clang 12 with ASan Vim Versio...
None in vim/vim
Description Greetings, A Use After Free issue was discovered in Vim. The POC file is reduced to the absolute minimum to reproduce the problem. Please see sanitizer output and the "trimmed" POC file link below. System info OS version : Ubuntu 20.04.2 LTS + Clang 12 with ASan Vim Version :...
Support Board 3.3.4 - 'Message' Stored Cross-Site Scripting (XSS)
Exploit Title: Support Board 3.3.4 - 'Message' Stored Cross-Site Scripting XSS Date: 16/10/2021 Exploit Author: John Jefferson Li Vendor Homepage: https://board.support/ Software Link: https://codecanyon.net/item/support-board-help-desk-and-chat/20359943 Version: 3.3.4 Tested on: Ubuntu 20.04.2...
Support Board 3.3.3 - Multiple SQL Injection (Unauthenticated) Vulnerability
Exploit Title: Support Board 3.3.3 - 'Multiple' SQL Injection Unauthenticated Exploit Author: John Jefferson Li Vendor Homepage: https://board.support/ Software Link: https://codecanyon.net/item/support-board-help-desk-and-chat/20359943 Version: 3.3.3 Tested on: Ubuntu 20.04.2 LTS ----- PoC 1:...
Client Management System 1.1 - (cname) Stored Cross-site scripting Vulnerability
Exploit Title: Client Management System 1.1 - 'cname' Stored Cross-site scripting XSS Exploit Author: Mohammad Koochaki Vendor Homepage: https://phpgurukul.com/client-management-system-using-php-mysql/ Software Link: https://phpgurukul.com/?smdprocessdownload=1&downloadid=10841 Version: 1.1 Teste...
Client Management System 1.1 - 'cname' Stored Cross-site scripting (XSS)
Exploit Title: Client Management System 1.1 - 'cname' Stored Cross-site scripting XSS Date: 2021-08-04 Exploit Author: Mohammad Koochaki Vendor Homepage: https://phpgurukul.com/client-management-system-using-php-mysql/ Software Link: https://phpgurukul.com/?smdprocessdownload=1&downloadid=10841...
Online Hotel Reservation System 1.0 - 'Multiple' Cross-site scripting (XSS)
Exploit Title: Online Hotel Reservation System 1.0 - 'Multiple' Cross-site scripting XSS Date: 2021-08-02 Exploit Author: Mohammad Koochaki Vendor Homepage: https://www.sourcecodester.com/php/13492/online-hotel-reservation-system-phpmysqli.html Software Link:...
Online Hotel Reservation System 1.0 - (Multiple) Cross-site scripting Vulnerability
Exploit Title: Online Hotel Reservation System 1.0 - 'Multiple' Cross-site scripting XSS Exploit Author: Mohammad Koochaki Vendor Homepage: https://www.sourcecodester.com/php/13492/online-hotel-reservation-system-phpmysqli.html Software Link:...
in lavv17/lftp
✍️ Description Whilst testing lftp built from commit d67fc1 with Clang 13 +ASan on Ubuntu 20.04.2 LTS, we discovered a crafted file which triggers a null pointer dereference and segfault. 🕵️♂️ Proof of Concept echo "aiYgAQEBNA==" | base64 -d /tmp/file.fuzz && ./lftp -f /tmp/file.fuzz The above POC...
Heap-based Buffer Overflow in rup0rt/pcapfix
✍️ Description Whilst testing the 'devel' branch of pcapfix, specifically commit fb723ccompiled with clang-13 and -fsanitize=address on Ubuntu 20.04.2 LTS, we discovered a POC which triggers a heap-buffer-overflow. 🕵️♂️ Proof of Concept git clone https://github.com/Rup0rt/pcapfix cd pcapfix...
in thisistherk/fast_obj
✍️ Description Whilst experimenting with the test code built from commit d97389 with Clang 11 +UBSan on Ubuntu 20.04.2 LTS, we discovered an OBJ file which produces a signed integer overflow and a pointer overflow followed by a SIGSEGV 🕵️♂️ Proof of Concept echo...
Printable Staff ID Card Creator System 1.0 - SQL injection / RCE via Arbitrary File Upload
Exploit Title: Printable Staff ID Card Creator System 1.0 - SQLi & RCE via Arbitrary File Upload Exploit Author : bwnz Software Link: https://www.sourcecodester.com/php/12802/php-staff-id-card-creation-and-printing-system.html Version: 1.0 Tested on: Ubuntu 20.04.2 LTS Printable Staff ID Card...
Printable Staff ID Card Creator System 1.0 - 'email' SQL Injection
Exploit Title: Printable Staff ID Card Creator System 1.0 - SQLi & RCE via Arbitrary File Upload Date: 2021-05-16 Exploit Author : bwnz Software Link: https://www.sourcecodester.com/php/12802/php-staff-id-card-creation-and-printing-system.html Version: 1.0 Tested on: Ubuntu 20.04.2 LTS Printable...
Chamilo LMS 1.11.14 Remote Code Execution
Exploit Title: Chamilo LMS 1.11.14 - Remote Code Execution Authenticated Date: 13/05/2021 Exploit Author: M. Cory Billington @th3y Vendor Homepage: https://chamilo.org Software Link: https://github.com/chamilo/chamilo-lms Version: 1.11.14 Tested on: Ubuntu 20.04.2 LTS CVE: CVE-2021-31933 Writeup:...
Chamilo LMS 1.11.14 - Remote Code Execution (Authenticated)
Exploit Title: Chamilo LMS 1.11.14 - Remote Code Execution Authenticated Date: 13/05/2021 Exploit Author: M. Cory Billington @th3y Vendor Homepage: https://chamilo.org Software Link: https://github.com/chamilo/chamilo-lms Version: 1.11.14 Tested on: Ubuntu 20.04.2 LTS CVE: CVE-2021-31933 Writeup:...