Arbitrary file reading vulnerability in Aim

Impact A path traversal attack aims to access files and directories that are stored outside the web root folder. By manipulating variables that reference files with “dot-dot-slash ../” sequences and its variations or by using absolute file paths, it may be possible to access arbitrary files and...

Cross-site Scripting (XSS) - DOM in janeczku/calibre-web

Description It is possible to execute XSS payloads when editing book properties, such as uploading a cover or a format. Proof of Concept The file editbooks.js contains the following code: $"btn-upload-cover".on"change", function var filename = $this.val; if filename.substring3, 11 === "fakepath"...

Simple Online College Entrance Exam System 1.0 - Account Takeover

Exploit Title: Simple Online College Entrance Exam System 1.0 - Account Takeover Date: 07.10.2021 Exploit Author: Amine ismail @aminei Vendor Homepage: https://www.sourcecodester.com/php/14976/simple-online-college-entrance-exam-system-php-and-sqlite-free-source-code.html Software Link:...

Pet Shop Management System 1.0 Shell Upload

Title: Pet Shop Management System 1.0 - Remote Code Execution RCE Unauthenticated Date: 28.09.2021 Author: Mr.Gedik Vendor Homepage: https://www.sourcecodester.com Software Link: https://www.sourcecodester.com/php/14962/petshop-management-system-using-phppdo-oop-full-source-code-complete.html...

Pet Shop Management System 1.0 - Remote Code Execution (RCE) (Unauthenticated)

Title: Pet Shop Management System 1.0 - Remote Code Execution RCE Unauthenticated Date: 28.09.2021 Author: Mr.Gedik Vendor Homepage: https://www.sourcecodester.com Software Link: https://www.sourcecodester.com/php/14962/petshop-management-system-using-phppdo-oop-full-source-code-complete.html...

Pet Shop Management System 1.0 - Remote Code Execution (Unauthenticated) Exploit

Title: Pet Shop Management System 1.0 - Remote Code Execution RCE Unauthenticated Author: Mr.Gedik Vendor Homepage: https://www.sourcecodester.com Software Link: https://www.sourcecodester.com/php/14962/petshop-management-system-using-phppdo-oop-full-source-code-complete.html Version: 1.0...

Church Management System 1.0 - search SQL Injection (Unauthenticated) Vulnerability

Exploit Title: Church Management System 1.0 - 'search' SQL Injection Unauthenticated Exploit Author: Erwin Krazek Nero Vendor Homepage: https://www.sourcecodester.com/php/14949/church-management-system-cms-website-using-php-source-code.html Software Link:...

WWWGrep - OWASP Foundation Web Respository

WWWGrep is a rapid search “grepping” mechanism that examines HTML elements by type and permits focused single, multiple file based URLs and recursive with respect to root domain or not searches to be performed. Header names and values may also be recursively searched in this manner. WWWGrep was...

Fighting the Rogue Toaster Army: Why Secure Coding in Embedded Systems is Our Defensive Edge

There are plenty of pop culture references to rogue AI and robots, and appliances turning on their human masters. It is the stuff of science fiction, fun, and fantasy, but with IoT and connected devices becoming more prevalent in our homes, we need more discussion around cybersecurity and safety...

Bus Pass Management System 1.0 - (adminname) Stored Cross-Site Scripting Vulnerability

Exploit Title: Bus Pass Management System 1.0 - 'adminname' Stored Cross-Site Scripting XSS Exploit Author: Emre Aslan Vendor Homepage: https://phpgurukul.com/ Software Link: https://phpgurukul.com/wp-content/uploads/2021/07/Bus-Pass-Management-System-Using-PHP-MySQL.zip Version: 1.0 Tested on:...

CVE-2021-30719

A local user may be able to cause unexpected system termination or read kernel memory. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina. An out-of-bounds read issue was addressed by removing the vulnerable code...

CVE-2021-30790

An information disclosure issue was addressed by removing the vulnerable code. This issue is fixed in macOS Big Sur 11.5, Security Update 2021-004 Catalina, Security Update 2021-005 Mojave. Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code executi...

Information disclosure

An information disclosure issue was addressed by removing the vulnerable code. This issue is fixed in macOS Big Sur 11.5, Security Update 2021-004 Catalina, Security Update 2021-005 Mojave. Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code executi...

CVE-2021-30790

An information disclosure issue was addressed by removing the vulnerable code. This issue is fixed in macOS Big Sur 11.5, Security Update 2021-004 Catalina, Security Update 2021-005 Mojave. Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code executi...

Simple Phone Book 1.0 - 'Username' SQL Injection (Unauthenticated)

Exploit Title: Simple Phone book/directory 1.0 - 'Username' SQL Injection Unauthenticated Date: 21/08/2021 Exploit Author: Justin White Vendor Homepage: https://www.sourcecodester.com Software Link: https://www.sourcecodester.com/php/13011/phone-bookphone-directory.html Version: 1.0 Testeted on:...

Simple Phone Book/Directory 1.0 SQL Injection

Exploit Title: Simple Phone book/directory 1.0 - 'Username' SQL Injection Unauthenticated Date: 21/08/2021 Exploit Author: Justin White Vendor Homepage: https://www.sourcecodester.com Software Link: https://www.sourcecodester.com/php/13011/phone-bookphone-directory.html Version: 1.0 Testeted on:...

Charity Management System CMS 1.0 - Multiple Vulnerabilities

Exploit Title: Charity Management System CMS 1.0 - Multiple Vulnerabilities Date: 18/08/2021 Exploit Author: Davide 't0rt3ll1n0' Taraschi Vendor Homepage: https://www.sourcecodester.com/users/tips23 Software Link:...

Charity Management System CMS 1.0 Code Execution / XSS / SQL Injection

Exploit Title: Charity Management System CMS 1.0 - Multiple Vulnerabilities Date: 18/08/2021 Exploit Author: Davide 't0rt3ll1n0' Taraschi Vendor Homepage: https://www.sourcecodester.com/users/tips23 Software Link:...

Crime records Management System 1.0 - Multiple SQL Injection (Authenticated) Vulnerability

Exploit Title: Crime records Management System 1.0 - 'Multiple' SQL Injection Authenticated Exploit Author: Davide 't0rt3ll1n0' Taraschi Vendor Homepage: https://www.sourcecodester.com/users/osman-yahaya Software Link:...

Simple Water Refilling Station Management System 1.0 SQL Injection

Exploit Title: Simple Water Refilling Station Management System 1.0 - Authentication Bypass Exploit Author: Matt Sorrell Date: 2021-08-14 Vendor Homepage: https://www.sourcecodester.com Software Link:...