4149 matches found
DEBIAN-CVE-2021-28163
In Eclipse Jetty 9.4.32 to 9.4.38, 10.0.0.beta2 to 10.0.1, and 11.0.0.beta2 to 11.0.1, if a user uses a webapps directory that is a symlink, the contents of the webapps directory is deployed as a static webapp, inadvertently serving the webapps themselves and anything else that might be in that...
CVE-2021-28163
In Eclipse Jetty 9.4.32 to 9.4.38, 10.0.0.beta2 to 10.0.1, and 11.0.0.beta2 to 11.0.1, if a user uses a webapps directory that is a symlink, the contents of the webapps directory is deployed as a static webapp, inadvertently serving the webapps themselves and anything else that might be in that...
UBUNTU-CVE-2021-28163
In Eclipse Jetty 9.4.32 to 9.4.38, 10.0.0.beta2 to 10.0.1, and 11.0.0.beta2 to 11.0.1, if a user uses a webapps directory that is a symlink, the contents of the webapps directory is deployed as a static webapp, inadvertently serving the webapps themselves and anything else that might be in that...
CVE-2021-28163
In Eclipse Jetty 9.4.32 to 9.4.38, 10.0.0.beta2 to 10.0.1, and 11.0.0.beta2 to 11.0.1, if a user uses a webapps directory that is a symlink, the contents of the webapps directory is deployed as a static webapp, inadvertently serving the webapps themselves and anything else that might be in that...
Eclipse Jetty 后置链接漏洞
Eclipse Jetty is the Eclipse Foundation of an open source , Java-based Web server and Java Servlet container . A security vulnerability exists in Eclipse Jetty versions 9.4.32 through 9.4.38, 10.0.0.beta2 through 10.0.1, and 11.0.0.beta2 through 11.0.1, which originates from the fact that if a us...
Umbraco CMS 7.12.4 - Remote Code Execution (Authenticated)
Exploit Title: Umbraco CMS 7.12.4 - Remote Code Execution Authenticated Date: 2020-03-28 Exploit Author: Alexandre ZANNI noraj Based on: https://www.exploit-db.com/exploits/46153 Vendor Homepage: http://www.umbraco.com/ Software Link: https://our.umbraco.com/download/releases Version: 7.12.4...
WordPress Plugin WP-Paginate 2.1.3 - 'preset' Stored XSS
Exploit Title: WordPress Plugin WP-Paginate 2.1.3 - 'preset' Stored XSS Date: 04-01-2021 Software Link: https://wordpress.org/plugins/wp-paginate/ Exploit Author: Park Won Seok Contact: [email protected] Category: Webapps Version: WP-PaginateVer-2.1.3 CVE : N/A Tested on: Windows 10 x64...
WordPress WP-Paginate 2.1.3 Cross Site Scripting
Exploit Title: WordPress Plugin WP-Paginate 2.1.3 - 'preset' Stored XSS Date: 04-01-2021 Software Link: https://wordpress.org/plugins/wp-paginate/ Exploit Author: Park Won Seok Contact: [email protected] Category: Webapps Version: WP-PaginateVer-2.1.3 CVE : N/A Tested on: Windows 10 x64...
Processwire CMS 2.4.0 - 'download' Local File Inclusion
Exploit Title: Local File Inclusion Processwire CMS 2.4.0 Vulnerability Type: Unauthenticated LFI Date: 03.11.2020 Exploit Author: Y1LD1R1M Type: WEBAPPS Platform: PHP Vendor Homepage: https://processwire.com/ Version: 2.4.0 Tested on: Kali Linux Description Local File Inclusion in Processwire CM...
openMAINT 1.1-2.4.2 - Arbitrary File Upload
Exploit Title: openMAINT 1.1-2.4.2 - Arbitrary File Upload Dork: N/A Date: 2020-08-19 Exploit Author: mrb3n Vendor Homepage: https://www.openmaint.org/en Software Link: https://sourceforge.net/projects/openmaint/files/1.1/openmaint-1.1-2.4.2.zip/download Version: 1.1-2.4.2 Category: Webapps Teste...
Karel IP Phone IP1211 Web Management Panel - Directory Traversal
Exploit Title: Karel IP Phone IP1211 Web Management Panel - Directory Traversal Exploit Author: Berat Gokberk ISLER Date: 2020-09-01 CVE: N/A Type: Webapps Vendor Homepage: https://www.karel.com.tr/urun-cozum/ip1211-ip-telefon Version: IP1211 Details Directory traversal vulnerability on the Karel...
Piwigo 2.10.1 - Cross Site Scripting
Exploit Title: Piwigo 2.10.1 - Cross Site Scripting POC by: Iridium Software Homepage: http://www.piwigo.org Version : 2.10.1 Tested on: Linux & Windows Category: webapps Google Dork: intext: "Powered by Piwigo" CVE : CVE-2020-9467 Description Piwigo 2.10.1 has stored XSS via the file parameter i...
Umbraco CMS 7.12.4 Remote Code Execution Exploit
Exploit for php platform in category web applications Exploit Title: Umbraco CMS - Authenticated Remote Code Execution Exploit Author: Alexandre ZANNI noraj Based on: https://www.exploit-db.com/exploits/46153 Vendor Homepage: http://www.umbraco.com/ Software Link:...
HelloWeb 2.0 - Arbitrary File Download
Exploit Title: HelloWeb 2.0 - Arbitrary File Download Date: 2020-07-09 Vendor Homepage: https://helloweb.co.kr/ Version: 2.0 Latest and previous versions Exploit Author: bRpsd Contact Author: cyatlive.no Google Dork: inurl:exec/file/download.asp Type: WebApps / ASP...
HelloWeb 2.0 - Arbitrary File Download Vulnerability
Exploit for asp platform in category web applications Exploit Title: HelloWeb 2.0 - Arbitrary File Download Vendor Homepage: https://helloweb.co.kr/ Version: 2.0 Latest and previous versions Exploit Author: bRpsd Contact Author: cyatlive.no Google Dork: inurl:exec/file/download.asp Type: WebApps ...
Beauty Parlour Management System 1.0 SQL Injection
Exploit Title: Beauty Parlour Management System 1.0 - Authentication Bypass Google Dork: N/A Exploit Author: Prof. Kailas PATIL krp Date: 2020-06-18 Vendor Homepage: https://phpgurukul.com/ Software Link: https://phpgurukul.com/beauty-parlour-management-system-using-php-and-mysql/ Version: v1.0...
Beauty Parlour Management System 1.0 - Authentication Bypass
Exploit Title: Beauty Parlour Management System 1.0 - Authentication Bypass Google Dork: N/A Exploit Author: Prof. Kailas PATIL krp Date: 2020-06-18 Vendor Homepage: https://phpgurukul.com/ Software Link: https://phpgurukul.com/beauty-parlour-management-system-using-php-and-mysql/ Version: v1.0...
Beauty Parlour Management System 1.0 - Authentication Bypass Vulnerability
Exploit for php platform in category web applications Exploit Title: Beauty Parlour Management System 1.0 - Authentication Bypass Exploit Author: Prof. Kailas PATIL krp Vendor Homepage: https://phpgurukul.com/ Software Link:...
TylerTech Eagle 2018.3.11 - Remote Code Execution
Exploit Title: TylerTech Eagle 2018.3.11 - Remote Code Execution Date: 2019-10-08 Exploit Author: Anthony Cole Vendor Homepage: https://www.tylertech.com/products/eagle Version: 2018.3.11 Tested on: Windows 2012 CVE: CVE-2019-16112 Category: webapps Eagle is a software written in Java by TylerTec...
Kartris 1.6 - Arbitrary File Upload
Exploit Title: Kartris 1.6 - Arbitrary File Upload Dork: N/A Date: 2020-05-08 Exploit Author: Nhat Ha - Sun CSR Vendor Homepage: https://www.cactusoft.com/ Software Link: https://www.kartris.com/ Version: 1.6 Category: Webapps Tested on: WiN10x64/KaLiLinuXx64 CVE: N/A POC:...