WordPress Themify Builder plugin < 7.5.8 - Open Redirect vulnerability

Open Redirect vulnerability discovered by Valentin LOBSTEIN in WordPress Plugin Themify Builder versions 7.5.8...

AVideo WWBNIndex Plugin Unauthenticated Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'AVideo WWBNIndex Plugin Unauthenticated RCE', 'Description' = %q This module exploits an unauthenticated remote code execution RCE vulnerability ...

DerbyNet 9.0 print/render/award.inc SQL Injection

CVE ID: CVE-2024-30922 Description: A SQL Injection vulnerability has been identified in DerbyNet version 9.0, specifically affecting the 'where' clause in Award Document Rendering through the component print/render/award.inc. This vulnerability allows remote attackers to execute arbitrary code a...

DerbyNet 9.0 render-document.php Cross Site Scripting

CVE ID: CVE-2024-30920 Description: A Cross Site Scripting XSS vulnerability has been identified in DerbyNet v9.0, specifically within the render-document.php component. This vulnerability allows a remote attacker to execute arbitrary code via crafted URLs. The root cause of the vulnerability is...

DerbyNet 9.0 playlist.php Cross Site Scripting

CVE ID: CVE-2024-30929 Description: A Cross-Site Scripting XSS vulnerability has been found in DerbyNet version 9.0, affecting the playlist.php component. This issue allows remote attackers to execute arbitrary code by exploiting the back parameter. The application does not properly sanitize the...

DerbyNet 9.0 print/render/racer.inc SQL Injection

CVE ID: CVE-2024-30923 Description: An SQL Injection vulnerability has been discovered in DerbyNet version 9.0, specifically within the print/render/racer.inc component. This vulnerability allows remote attackers to execute arbitrary code and disclose sensitive information by exploiting improper...

DerbyNet 9.0 checkin.php Cross Site Scripting

CVE ID: CVE-2024-30924 Description: A Cross Site Scripting XSS vulnerability has been identified in DerbyNet version 9.0, specifically within the checkin.php component. This vulnerability allows remote attackers to execute arbitrary code due to improper handling of the order URL parameter. The fl...

DerbyNet 9.0 photo.php Cross Site Scripting

CVE ID: CVE-2024-30921 Description: A Cross-Site Scripting XSS vulnerability has been identified in DerbyNet version 9.0, specifically affecting the photo.php component. This vulnerability allows remote attackers to execute arbitrary code via crafted URLs, without requiring authentication...

Vinchin Backup And Recovery 7.2 Command Injection

CVE ID: CVE-2024-25228 Title: Authenticated Command Injection Vulnerability in ManoeuvreHandler.class.php of Vinchin Backup & Recovery Versions 7.2 and Earlier Description: A critical security vulnerability has been discovered in the getVerifydiyResult function within the ManoeuvreHandler.class.p...

Vinchin Backup And Recovery 7.2 Default Root Credentials Vulnerability

Vinchin Backup and Recovery version 7.2 has been identified as being configured with default root credentials, posing a significant security vulnerability. CVE ID: CVE-2024-22902 Title: Default Root Credentials Vulnerability in Vinchin Backup & Recovery v7.2 Suggested Description: Vinchin Backup ...

Vinchin Backup And Recovery 7.2 Default MySQL Credentials

CVE ID: CVE-2024-22901 Title: Default MYSQL Credentials Vulnerability in Vinchin Backup & Recovery v7.2 Description: A critical security issue, identified as CVE-2024-22901, has been discovered in Vinchin Backup & Recovery version 7.2. The software has been found to use default MYSQL credentials,...

WordPress Royal Elementor Addons Remote Code Execution Exploit

Exploit for the unauthenticated file upload vulnerability in WordPress Royal Elementor Addons and Templates plugin 'WordPress Royal Elementor Addons RCE', 'Description' = %q Exploit for the unauthenticated file upload vulnerability in WordPress Royal Elementor Addons and Templates plugin...

Zyxel USG FLEX 5.21 - OS Command Injection Exploit

Exploit Title: Zyxel USG FLEX 5.21 - OS Command Injection Shodan Dork: title:"USG FLEX 100" title:"USG FLEX 100W" title:"USG FLEX 200" title:"USG FLEX 500" title:"USG FLEX 700" title:"USG20-VPN" title:"USG20W-VPN" title:"ATP 100" title:"ATP 200" title:"ATP 500" title:"ATP 700" title:"ATP 800"...

Apache HTTP Server 2.4.50 Remote Code Execution

Exploit Title: Apache HTTP Server 2.4.50 - Remote Code Execution RCE 3 Date: 11/11/2021 Exploit Author: Valentin Lobstein Vendor Homepage: https://apache.org/ Software Link: https://github.com/Balgogan/CVE-2021-41773 Version: Apache 2.4.49/2.4.50 CGI enabled Tested on: Debian GNU/Linux CVE :...