Concrete CMS: Remote Code Execution through Extension Bypass on Log Functionality

Summary: ===================== The Application concrete5 CMS available on github is vulnerable to remote code execution through the functionality of setting the log file in "Loggin Settings". It is possible to bypass the portion of code responsible for the verification of the extension of the log...

Node.js third-party modules: [sapper] Path Traversal

I would like to report a critical path traversal vunerability in the sapper module It allows an attacker to simply obain arbitrary files from the remote server, exploiting a simple path traversal using URL-encoded "../". Module module name: sapper version: 0.27.10 npm page:...

CVE-2020-9366

A buffer overflow was found in the way GNU Screen before 4.8.0 treated the special escape OSC 49. Specially crafted output, or a special program, could corrupt memory and crash Screen or possibly have unspecified other impact...

Open-Xchange: access to stack memory beyond array boundaries

in PowerDNS Recursive Server in the rec-carbon.cc file in the void doCarbonDump void function, lines 36..43 contain vulnerable code: ….. char tmp80; memsettmp, 0, sizeoftmp; gethostnametmp, sizeoftmp; char p = strchrtmp, '.'; ifp p=0; hostname=tmp; boost::replaceallhostname, ".", ""; ……. the...

CVE-2020-0662

A remote code execution vulnerability exists in the way that Windows handles objects in memory, aka ‘Windows Remote Code Execution Vulnerability’. Recent assessments: zeroSteiner at March 17, 2020 8:31pm UTC reported: Analysis performed using ipnathlp.dll from Windows Server 2019 x64 sha256:...

phpList 3.5.0 Authentication Bypass

Exploit Title: phpList 3.5.0 - Authentication Bypass Google Dork: N/A Date: 2020-02-03 Exploit Author: Suvadip Kar Author Contact: https://twitter.com/spidersec Vendor Homepage: https://www.phplist.org Software Link: https://www.phplist.org/download-phplist/ Version: 3.5.0 Tested on: Linux CVE :...

Batch-Move Posts <= 1.5 - Broken Authentication leading to Unauthenticated Stored XSS

An attacker can add a Cross-Site Scripting XSS payload remotely without any authentication. The Payload gets triggered when an Admin visits the settings page of the plugin. Edit WPScanTeam: The plugin is still affected and has been closed. Vulnerable code is from lines 68 to 84. The code gets the...

Batch-Move Posts <= 1.5 - Broken Authentication leading to Unauthenticated Stored XSS

An attacker can add a Cross-Site Scripting XSS payload remotely without any authentication. The Payload gets triggered when an Admin visits the settings page of the plugin. Edit WPScanTeam: The plugin is still affected and has been closed. PoC Vulnerable code is from lines 68 to 84. The code gets...

Online Book Store 1.0 - &#039;bookisbn&#039; SQL Injection

Exploit Title: Online Book Store 1.0 - 'bookisbn' SQL Injection Google Dork: N/A Date: 2020-01-15 Exploit Author: AmirHadi Yazdani Ertebat Gostar Co. Vendor Homepage: https://projectworlds.in/free-projects/php-projects/online-book-store-project-in-php/ Software Link:...

Online Book Store 1.0 - bookisbn SQL Injection

Online Book Store 1.0 - bookisbn SQL Injection Exploit Title: Online Book Store 1.0 - 'bookisbn' SQL Injection Google Dork: N/A Date: 2020-01-15 Exploit Author: AmirHadi Yazdani Ertebat Gostar Co. Vendor Homepage: https://projectworlds.in/free-projects/php-projects/online-book-store-project-in-ph...

Online Book Store 1.0 - (bookisbn) SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: Online Book Store 1.0 - 'bookisbn' SQL Injection Exploit Author: AmirHadi Yazdani Ertebat Gostar Co. Vendor Homepage: https://projectworlds.in/free-projects/php-projects/online-book-store-project-in-php/ Software Link:...

Voyager 1.3.0 - Directory Traversal Vulnerability

Exploit for php platform in category web applications Exploit Title: Voyager 1.3.0 - Directory Traversal Exploit Author: NgoAnhDuc Vendor Homepage: https://voyager.devdojo.com/ Software...

Voyager 1.3.0 - Directory Traversal

Voyager 1.3.0 - Directory Traversal Exploit Title: Voyager 1.3.0 - Directory Traversal Google Dork: N/A Date: January 2020-01-06 Exploit Author: NgoAnhDuc Vendor Homepage: https://voyager.devdojo.com/ Software...

CVE-2019-20052

A memory leak was discovered in MatVarCalloc in mat.c in matio 1.5.17 because SafeMulDims does not consider the rank==0 case...

CVE-2019-8602

A memory corruption issue was addressed by removing the vulnerable code. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS 5.2.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. A malicious application may be able to elevate privileges...

Nord Security: Open redirect

The following URL is vulnerable to an open redirect it will redirect to google.com: https://support.nordvpn.com//path///google.com vulnerable code: if window.location.href.indexOf'/path' !== -1 console.log"document.URL", document.URL window.location.href =...

PilusCart 1.4.1 - Local File Disclosure

PilusCart 1.4.1 - Local File Disclosure Exploit Title: PilusCart = 1.4.1 - Local File Disclosure Date: 29 August 2019 Exploit Author: Damian Ebelties https://zerodays.lol/ Vendor Homepage: https://sourceforge.net/projects/pilus/ Version: = 1.4.1 Tested on: Ubuntu 18.04.1 The e-commerce software...

WordPress Plugin Import Export WordPress Users 1.3.1 - CSV Injection

WordPress Plugin Import Export WordPress Users 1.3.1 - CSV Injection Exploit Title: Wordpress Plugin Import Export WordPress Users = 1.3.1 - CSV Injection Exploit Author: Javier Olmedo Contact: @jjavierolmedo Website: https://sidertia.com Date: 2018-08-22 Google Dork:...

CORS-Vulnerable-Lab: with COSR configuration error related to the vulnerability code range-vulnerability warning-the black bar safety net

This repository contains the CORS configuration error related to the vulnerable code. You can be on the local machine to configure the vulnerable code, and to the actual use of the CORS related error configuration issue. In this case, I would first like to thank@albinowax, the AKReddy, And Vivek...

EyesOfNetwork 5.1 - Authenticated Remote Command Execution

EyesOfNetwork 5.1 - Authenticated Remote Command Execution Exploit Title: EyesOfNetwork 5.1 - Authenticated Remote Command Execution Google Dork: N/A Date: 2019-08-14 Exploit Author: Nassim Asrir Vendor Homepage: https://www.eyesofnetwork.com/ Software Link:...