EUVD-2020-30874

EPSON Status Monitor 3 version 8.0 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code by exploiting the service binary path. Attackers can leverage the unquoted path in 'C:\Program Files\Common Files\EPSON\EPW!3SSRP\ES60RPB.EXE' to...

PT-2025-34729 · Unknown · 1000Projects Online Project Report Submission/Evaluation System

Name of the Vulnerable Software and Affected Versions: 1000projects Online Project Report Submission and Evaluation System version 1.0 Description: A weakness exists in an unknown functionality of the file /rse/admin/edit faculty.php?id=2. Manipulation of the Name argument causes cross site...

Crest Engine CMS 1.0 Cross Site Scripting

Crest Engine CMS version 1.0 suffers from a cross site scripting vulnerability. Exploit Title: Crest Engine CMS - Reflected Cross-Site Scripting XSS Exploit Author: wa-3, Telegram: @wa03 Vendor Homepage: http://e-gate.me/ Version: 1.0 Tested on: http://demo.e-gate.me/ Vulnerable path:/crest/engin...

WiX based installers are vulnerable to binary hijack when run as SYSTEM

Summary Burn uses an unprotected C:\Windows\Temp directory to copy binaries and run them from there. This directory is not entirely protected against low privilege users. Details When a bundle runs as SYSTEM user, Burn uses GetTempPathW which points to an insecure directory C:\Windows\Temp to dro...

PT-2023-17075 · Sourcecodester · Sourcecodester Storage Unit Rental Management System

Name of the Vulnerable Software and Affected Versions: SourceCodester Storage Unit Rental Management System version 1.0 Description: A problematic vulnerability was found in the SourceCodester Storage Unit Rental Management System. This issue affects the file classes/Users.php?f=save, leading to...

TD Bank: Reflected XSS on Admin Login Page

When you try to access private pages on the domain https://td.intelliresponse.com/a6 you are redirected to a login page, which has reflected values in the DOM from the URL on the parameter 'win'. Once there is no proper handle for the data reflected, it turns out into a vulnerable path on the...

SP Project & Document Manager < 4.58 - Sensitive File Disclosure

The plugin uses an easily guessable path to store user files, bad actors could use that to access other users' sensitive files. PoC 1. Upload a file using the plugin. 2. On another browser, access the newly uploaded file via:...

T-Soft E-Commerce 4 SQL Injection

Exploit Title: T-Soft E-Commerce 4 - SQLi Authenticated Exploit Author: Alperen Ergel Contact: @alpernae IG/TW Software Homepage: https://www.tsoft.com.tr/ Version : v4 Tested on: Kali Linux Category: WebApp Google Dork: N/A CVE: 2022-28132 Date: 18.02.2022 Description Step-1: Login as Admin or...

MTN Group: Unprotected Direct Object Reference

Hello MTN Security Team, During my hunting, I discovered that there's an Insecure Direct Object Reference on https://nin.mtnonline.com Vulnerable Path: https://nin.mtnonline.com/nin/success?message=1 Steps To Reproduce: You may not even require to submit any NIN before accessing this unprotected...

Fluentd TD-agent 4.0.1 Insecure Folder Permission

Exploit Title: Fluentd TD-agent plugin 4.0.1 - Insecure Folder Permission Date: 21.12.2020 Exploit Author: Adrian Bondocea Vendor Homepage: https://www.fluentd.org/ Software Link: https://td-agent-package-browser.herokuapp.com/4/windows Version: icacls C:\opt\td-agent\bin C:\opt\td-agent\bin...

NetNumber Titan ENUM/DNS/NP 7.9.1 - Path Traversal / Authorization Bypass

Exploit Title: NetNumber Titan ENUM/DNS/NP - Path Traversal - Authorization Bypass Google Dork: N/A Date: 4/29/2019 Exploit Author: MobileNetworkSecurity Vendor Homepage: https://www.netnumber.com/products/data Software Link: N/A Version: Titan Master 7.9.1 Tested on: Linux CVE : N/A Type: WEBAPP...

[CVE-2013-1463]Wordpress wp-table-reloaded&#8207; plugin XSS in SWF

Exploit Title: Wordpress wp-table-reloaded plugin XSS in SWF Release Date: 24/01/13 Author: hip Insight-Labs Contact: [email protected] | Website: http://insight-labs.org Software Link: http://downloads.wordpress.org/plugin/wp-table-reloaded.latest-stable.zip Vendor Homepage:...

Arasism (IR) CMS - File Upload Vulnerability

Document Title: =============== Arasism IR CMS - File Upload Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=657 Release Date: ============= 2012-07-11 Vulnerability Laboratory ID VL-ID: ==================================== 657 Common...

dblog (dblog.mdb) Remote Database Disclosure Vulnerability

Exploit for unknown platform in category web applications ========================================================== dblog dblog.mdb Remote Database Disclosure Vulnerability ========================================================== --------------------------------------- dblog dblog.mdb Remote...

Jax FormMailer 3.0.0 Remote File Inclusion Vulnerability

Exploit for unknown platform in category web applications ======================================================== Jax FormMailer 3.0.0 Remote File Inclusion Vulnerability ======================================================== --:remote file include:-- --------------------------------- script:J...

ASP Product Catalog 1.0 - Cross-Site Scripting File Disclosure

ASP Product Catalog 1.0 - Cross-Site Scripting File Disclosure !/usr/bin/perl By AlpHaNiX NullArea.Net alphaathacker.bz Made in Tunisia script : ASP Product Catalog Multiple Remote Exploits download : http://sourceforge.net/project/showfiles.php?groupid=136315 script homepage :...

MFORUM 0.1a Arbitrary Add-Admin Vulnerability

No description provided by source. ================================================= MFORUM 0.1a Arbitrary Add-Admin Vulnerability ================================================= ,--^----------,--------,-----,-------^--, | ||||||||| --------' | O .. CWH Underground Hacking Team...

MycroCMS 0.5 Remote Blind SQL Injection Vulnerability

No description provided by source. ======================================================= MycroCMS 0.5 Remote Blind SQL Injection Vulnerability ======================================================= ,--^----------,--------,-----,-------^--, | ||||||||| --------' | O .. CWH Underground Hacking...