1507 matches found
MAL-2022-6865 Malicious code in useragent-corev2 (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2d6e212f2c61f9a29fd610a2668235854bd6c1a991cc52985782f710b2e33398 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Design/Logic Flaw
BigBlueButton is an open source web conferencing system. Versions starting with 2.2 and prior to 2.3.19, 2.4.7, and 2.5.0-beta.2 are vulnerable to regular expression denial of service ReDoS attacks. By using specific a RegularExpression, an attacker can cause denial of service for the bbb-html5...
CVE-2022-29169 ReDoS on endpoint html5client/useragent in BigBlueButton
BigBlueButton is an open source web conferencing system. Versions starting with 2.2 and prior to 2.3.19, 2.4.7, and 2.5.0-beta.2 are vulnerable to regular expression denial of service ReDoS attacks. By using specific a RegularExpression, an attacker can cause denial of service for the bbb-html5...
Cross-site Scripting (XSS)
mautic/core is vulnerable to cross site scripting. The vulnerability exists due to a lack of sanitization of useragent before displaying, allowing an attacker to inject maliciously crafted script into the system...
KZTech / JatonTec / Neotel JT3500V 4G LTE CPE 2.0.1 - Remote Code Execution Vulnerability
Exploit Title: KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 - Remote Code Execution Exploit Author: LiquidWorm Vendor Homepage: http://www.kzbtech.com http://www.jatontec.com https://www.neotel.mk Vendor: KZ Broadband Technologies, Ltd. | Jaton Technology, Ltd. Product web page:...
ZynOS rom-0 Flaw Scanner
!/usr/bin/perl ZynOS rom-0 Flaw Scanner Copyright 2021 c Todor Donev https://donev.eu/ $ perl zynosscanner ZynOS rom-0 Flaw Scanner zynosscanner --targets= --threads=10 --redirects=7 --help --targets | Specify the list with addresses that you want to scan. --dump | Dump rom-0 file for each target...
Watcher - Open Source Cybersecurity Threat Hunting Platform
Watcher is a Django & React JS automated platform for discovering new potentially cybersecurity threats targeting your organisation. It should be used on webservers and available on Docker. Watcher capabilities Detect emerging vulnerability, malware using social network & other RSS sources...
Garfield Petshop 2020-10-01 Cross Site Request Forgery
!/usr/bin/perl Garfield Petshop Add-Admin Exploit By Ramdan Yantu rysec.io \ bastardlabs.info From Gorontalo - Indonesia Mail: ramdanyantuatgmail.com Application by Gamma Advertisa Link: https://detapos.co/ | https://demo.detapos.co.id/petshop CVE: CVE-2020-26522 use strict; use warnings; use...
WhatsApp Desktop 0.3.9308 - Persistent Cross-Site Scripting
Title: WhatsApp Desktop 0.3.9308 - Persistent Cross-Site Scripting Date: 2020-01-21 Exploit Author: Gal Weizman Vendor Homepage: https://www.whatsapp.com Software Link: https://web.whatsapp.com/desktop/windows/release/x64/WhatsAppSetup.exe Software Link:...
Joomla! Component ACYMAILING 3.9.0 - Unauthenticated Arbitrary File Upload
Exploit Title: Joomla! ACYMAILING 3.9.0 component - Unauthenticated Arbitrary File Upload Google Dork: inurl:"index.php?option=comacym" Date: 2020-03-16 Exploit Author: qw3rTyTy Vendor Homepage: https://www.acyba.com/ Software Link: https://www.acyba.com/acymailing/download.html Version: v6.9.1...
ESCAM QD-900 WIFI HD Camera - Remote Configuration Disclosure
ESCAM QD-900 WIFI HD Camera - Remote Configuration Disclosure Title: ESCAM QD-900 WIFI HD Camera - Remote Configuration Disclosure Author: Todor Donev Date: 2020-02-23 Vendor: www.escam.cn Product Link: http://www.escam.cn/search/?class1=&class2=&class3=&searchtype=0&searchword=qd-900&lang=en CVE...
DBPower C300 HD Camera Remote Configuration Disclosure
!/usr/bin/perl DBPower C300 HD Camera Remote Configuration Disclosure Copyright 2020 c Todor Donev https://donev.eu/ https://donev.eu/blog/dbpower-c300-multiple-vulnerabilities Disclaimer: This or previous programs are for Educational purpose ONLY. Do not use it without permission. The usual...
LANCOM Device Detection (SIP)
Detection of LANCOM devices. This script performs SIP based detection of LANCOM devices. Copyright C 2020 Greenbone Networks GmbH SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as...
Zabbix 4.4 Authentication Bypass
!/usr/bin/perl -w Zabbix Zabbix Initializing the browser Referer = User-Agent = Opera/9.61 Macintosh; Intel Mac OS X; U; de Presto/2.1.1 Content-Type = application/x-www-form-urlencoded no-store, no-cache, must-revalidate close Mon, 07 Oct 2019 12:29:54 GMT no-cache nginx Accept-Encoding text/htm...
Hisilicon HiIpcam V100R003 Remote ADSL - Credentials Disclosure
!/usr/bin/perl -w Hisilicon HiIpcam V100R003 Remote ADSL Credentials Disclosure Copyright 2019 c Todor Donev Hisilicon HiIpcam V100R003 Remote ADSL Credentials Disclosure ============================================================= Exploit Author: Todor Donev 2019 Disclaimer: This or previous...
Hisilicon HiIpcam V100R003 Remote ADSL Credential Disclosure
!/usr/bin/perl -w Hisilicon HiIpcam V100R003 Remote ADSL Credentials Disclosure Copyright 2019 c Todor Donev Hisilicon HiIpcam V100R003 Remote ADSL Credentials Disclosure ============================================================= Exploit Author: Todor Donev 2019 Disclaimer: This or previous...
WordPress 5.2.3 Remote Cross Site Host Modification
!/usr/bin/perl -w Wordpress Type: Remote Risk: High Solution: Set security headers to web server and no-cache for Cache-Control Simple Attack Scenarios: o This attack can bypass Simple WAF to access restricted content on the web server, something like phpMyAdmin; o This attack can deface the...
Cisco IronPort C150 Header Injection
!/usr/bin/perl -w Cisco IronPort C150 Remote Header 'Host' Injection Copyright 2019 c Todor Donev Disclaimer: This or previous programs are for Educational purpose ONLY. Do not use it without permission. The usual disclaimer applies, especially the fact that Todor Donev is not liable for any...
Cisco Email Security Appliance (IronPort) C150 - (Host) Header Injection Exploit
!/usr/bin/perl -w Cisco IronPort C150 Remote Header 'Host' Injection Copyright 2019 c Todor Donev Disclaimer: This or previous programs are for Educational purpose ONLY. Do not use it without permission. The usual disclaimer applies, especially the fact that Todor Donev is not liable for any...
Cisco Email Security Appliance (IronPort) C160 - 'Host' Header Injection
!/usr/bin/perl -w Cisco Titsco Email Security Appliance IronPort C160 Header 'Host' Injection Copyright 2019 c Todor Donev Disclaimer: This or previous programs are for Educational purpose ONLY. Do not use it without permission. The usual disclaimer applies, especially the fact that Todor Donev i...