Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Checkpoint Quantum_Spark_Firmware

Vulnerability Scanner for CVE-2024-24919 need Shodan API Sc...

Exploit for Missing Authorization in Wpdeveloper Simple_301_Redirects

CVE-2021-24356 Simple 301 Redirects by BetterLinks - 2.0.0 – 2...

Adobe Connect 11.4.5 - Local File Disclosure

Title: Adobe Connect 11.4.5 - Local File Disclosure Author: h4shur date:2021.01.16-2023.02.17 CVE: CVE-2023-22232 Vendor Homepage: https://www.adobe.com Software Link: https://www.adobe.com/products/adobeconnect.html Version: 11.4.5 and earlier, 12.1.5 and earlier User interaction: None Tested...

Adobe Connect 11.4.5 / 12.1.5 Local File Disclosure Vulnerability

Adobe Connect versions 11.4.5 and below as well as versions 12.1.5 and below suffer from a file disclosure vulnerability. Title: adobe connect - Local File Disclosure / Download security feature bypass vulnerability Author: h4shur CVE: CVE-2023-22232 Vendor Homepage: https://www.adobe.com Softwar...

Adobe Connect 11.4.5 / 12.1.5 Local File Disclosure

Title: adobe connect - Local File Disclosure / Download security feature bypass vulnerability Author: h4shur date:2021.01.16-2023.02.17 CVE: CVE-2023-22232 Vendor Homepage: https://www.adobe.com Software Link: https://www.adobe.com/products/adobeconnect.html Version: 11.4.5 and earlier, 12.1.5 an...

Database Malware Strikes Hundreds of Vulnerable WordPress Sites

By Deeba Ahmed The database injection against WordPress websites features two different malware embedded together to achieve two entirely different goals. This is a post from HackRead.com Read the original post: Database Malware Strikes Hundreds of Vulnerable WordPress Sites...

PSA: Critical Vulnerability Patched in Ninja Forms WordPress Plugin

On June 16, 2022, the Wordfence Threat Intelligence team noticed a back-ported security update in Ninja Forms, a WordPress plugin with over one million active installations. As with all security updates in WordPress plugins and themes, our team analyzed the plugin to determine the exploitability...

CVE-2021-4225 SP Project & Document Manager < 4.24 - Subscriber+ Shell Upload

The SP Project & Document Manager WordPress plugin before 4.24 allows any authenticated users, such as subscribers, to upload files. The plugin attempts to prevent PHP and other similar files that could be executed on the server from being uploaded by checking the file extension. It was discovere...

Sql injection

The WP Bannerize WordPress plugin is vulnerable to authenticated SQL injection via the id parameter found in the /Classes/wpBannerizeAdmin.php file which allows attackers to exfiltrate sensitive information from vulnerable sites. This issue affects versions 2.0.0 - 4.0.2...

Gutenberg Template Library & Redux Framework Bugs Plague WordPress Sites

Two vulnerabilities have been found in the Gutenberg Template Library & Redux Framework plugin for WordPress, which is installed on more than 1 million websites. They could allow arbitrary plugin installation, post deletions and access to potentially sensitive information about a site’s...

Design/Logic Flaw

A lack of capability checks and insufficient nonce check on the AJAX action in the Simple 301 Redirects by BetterLinks WordPress plugin before 2.0.4, made it possible for authenticated users to install arbitrary plugins on vulnerable sites...

CVE-2021-24354 Simple 301 Redirects by BetterLinks - 2.0.0-2.0.3 - Arbitrary Plugin Installation

A lack of capability checks and insufficient nonce check on the AJAX action in the Simple 301 Redirects by BetterLinks WordPress plugin before 2.0.4, made it possible for authenticated users to install arbitrary plugins on vulnerable sites...

Simple 301 Redirects by BetterLinks - 2.0.0 – 2.0.3 - Arbitrary Plugin Installation

A lack of capability checks and insufficient nonce check on the AJAX action in the plugin, made it possible for authenticated users to install arbitrary plugins on vulnerable sites. PoC $wpuser, 'pwd' = $wppass, 'rememberme' = 'forever', 'wp-submit' = 'Log+In', ; $output = curlexec$ch;...

Custom Searchable Data Entry System <= 1.7.1 - Unauthenticated Data Modification and Deletion

The estimated 2,000+ sites running the plugin are vulnerable to Unauthenticated Data Modification and Deletion, including the potential to delete the entire contents of any table in a vulnerable site’s database...

Virtual Freer 1.58 - Remote Command Execution

Exploit title : Virtual Freer 1.58 - Remote Command Execution Exploit Author : SajjadBnd Date : 2020-02-17 Vendor Homepage : http://freer.ir/virtual/ Software Link : http://www.freer.ir/virtual/download.php?action=get Software Linkmirror : http://dl.nuller.ir/virtualfreerv1.58NuLLeR.iR.zip Tested...

Virtual Freer 1.58 Remote Command Execution

Exploit title : Virtual Freer 1.58 - Remote Command Execution Exploit Author : SajjadBnd Date : 2020-02-17 Vendor Homepage : http://freer.ir/virtual/ Software Link : http://www.freer.ir/virtual/download.php?action=get Software Linkmirror : http://dl.nuller.ir/virtualfreerv1.58NuLLeR.iR.zip Tested...

WordPress WP Fanzone 3.1 SQL Injection Vulnerability

WordPress WP Fanzone theme version 3.1 suffers from a remote SQL injection vulnerability. Exploit Title : Built with WordPress and WP FanZone Themes 3.1 SQL Injection Author Discovered By : KingSkrupellos Team : Cyberizm Digital Security Army Vendor Homepage : wordpress.org -...

Joomla MisterEstate 1.5.26 SQL Injection

Exploit Title : Joomla MisterEstate 1.5.26 SQL Injection Author Discovered By : KingSkrupellos Team : Cyberizm Digital Security Army Date : 12/10/2019 Vendor Homepage : misterestate.com Affected Versions : 1.5.12/1.5.14/1.5.16/1.5.18/1.5.26 Tested On : Windows and Linux Category : WebApps Exploit...

Joomla SwPhotoGallery 1.5.26 SQL Injection

Exploit Title : Joomla SwPhotoGallery 1.5.26 SQL Injection Author Discovered By : KingSkrupellos Team : Cyberizm Digital Security Army Date : 12/10/2019 Vendor Homepage : joomla.org Affected Versions : 1.5.16 and 1.5.26 Tested On : Windows and Linux Category : WebApps Exploit Risk : Medium...

ParantezTeknoloji Library Software 16.0519000 Open Redirection

Exploit Title : ParantezTeknoloji Library Software 16.0519000 Open Redirection Vulnerability Author Discovered By : KingSkrupellos Team : Cyberizm Digital Security Army Date : 04/10/2019 Vendor Homepage : parantezteknoloji.com.tr Software Affected Versions and Download Links : Koha 3.2000000...