50637 matches found
ABB Cylon FLXeon 9.3.4 Cross Site Request Forgery
ABB Cylon FLXeon version 9.3.4 suffers from a cross site request forgery vulnerability. However, exploitation is limited to specific conditions due to the server's CORS configuration. !-- ABB Cylon FLXeon 9.3.4 Limited Cross-Site Request Forgery RCE Vendor: ABB Ltd. Product web page:...
ChatGPT Finds XSS IN DeepSeek AI Python Code
ChatGPT finds cross site scripting issues with DeepSeek code examples. Let the AI fights begin! Summary: On 2025-02-09 ChatGPT AI found "security concern" XSS in DeepSeek's AI python code. Background: Consider the simple coding question Q: Write Python CGI which takes as an argument NAME and...
NetAlertX 24.9.12 Command Injection
An attacker can update NetAlertX settings with no authentication, which results in command injection. Versions 23.01.14 through 24.9.12 are affected. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class...
MySCADA MyPRO Manager 1.2 Command Injection
MySCADA MyPRO Manager versions 1.2 and below suffer from an unauthenticated command injection vulnerability. The vulnerability can be exploited by a remote attacker to inject arbitrary operating system commands which will get executed in the context of the myscada9 administrative user that is...
ABB Cylon FLXeon 9.3.4 serialConfig.js Denial of Service
ABB Cylon FLXeon version 9.3.4 is vulnerable to an authenticated JSON flooding attack, leading to uncontrolled resource consumption and a denial-of-service DoS condition. The /api/serialConfig endpoint allows an authenticated attacker to abuse an unrestricted loop to create a large number of JSON...
CMU CERT/CC VINCE 2.0.6 Cross Site Scripting
Carnegie Mellon University CERT/CC VINCE version 2.0.6 framework suffers from an authenticated stored cross site scripting vulnerability. Input passed to the content POST parameter is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML/JS code...
ABB Cylon Aspect 3.08.02 PHP Session Fixation
ABB Cylon Aspect version 3.08.02 is vulnerable to session fixation, allowing an attacker to set a predefined PHPSESSID value. An attacker can leverage an unauthenticated reflected cross site scripting vulnerability in jsonProxy.php to inject a crafted request, forcing the victim to adopt a fixate...
Microsoft SQL Server Privilege Escalation
Microsoft SQL Server versions 2016, 2017, 2019, and 2022 suffer from multiple privilege escalation vulnerabilities to the SYSADMIN role. Title: Microsoft SQL Server Privilege Escalation from Control Server To Sysadmin role Product: Microsoft SQL Server Affected Versions: sql server...
ABB Cylon FLXeon 9.3.4 wsConnect.js WebSocket Command Spawning
ABB Cylon FLXeon version 9.3.4 is vulnerable to an unauthenticated WebSocket implementation that allows an attacker to execute the tcpdump command. This command captures network traffic and filters it on serial ports 4855 and 4851, which are relevant to the device's services. The vulnerability ca...
ABB Cylon FLXeon 9.3.4 runtimeSetup.sh Hidden Backdoor Account
ABB Cylon FLXeon version 9.3.4 has a hidden administrative account cxpro that has write access permissions to the device. ABB Cylon FLXeon 9.3.4 runtimeSetup.sh Hidden Backdoor Account Vendor: ABB Ltd. Product web page: https://www.global.abb Affected version: FLXeon Series FBXi Series, FBTi...
dhtmlxFileExplorer 8.4.6 Local File Inclusion / Traversal
dhtmlxFileExplorer version 8.4.6 suffers from a local file inclusion vulnerability in the Download Function of File Explorer. Exploit Title: dhtmlxFileExplorer 8.4.6 - Local File Inclusion in the Download Function of File Explorer Date: Feb 6, 2025 Exploit Author: Nutchaya Augkanavitayakul,...
Gleamtech FileVista 9.2.0.0 Directory Traversal
A security vulnerability in FileVista version 9.2.0.0 allows an authenticated admin user to upload malicious files via directory traversal, bypassing security controls. Exploit Title: Gleamtech FileVista 9.2.0.0 - Directory Traversal Leading to Unrestricted File Upload Date: Feb 6, 2025 Exploit...
dhtmlxFileExplorer 8.4.6 Directory Traversal
dhtmlxFileExplorer version 8.4.6 is susceptible to a path traversal attack, enabling unauthorized access to system files. Exploit Title: dhtmlxFileExplorer 8.4.6 - Access Sensitive Floder via Directory Traversal in DHX File Exlploer Date: Feb 6, 2025 Exploit Author: Nutchaya Augkanavitayakul,...
WebFileSys 2.31.0 Directory Traversal
An issue in the relPath parameter of WebFileSys version 2.31.0 allows attackers to perform directory traversal via a crafted HTTP request. By injecting traversal payloads into the parameter, attackers can manipulate file paths and gain unauthorized access to sensitive files, potentially exposing...
Gleamtech FileVista 9.2.0.0 Missing Authorization
A vulnerability exists in Gleamtech FileVista version 9.2.0.0 that allows unauthorized access to image files, even after the HTTP cookie associated with the session is deleted. The issue arises due to insufficient validation of session or authentication tokens on the server side. Exploit Title:...
PHPJabbers Cinema Booking System 2.0 Cross Site Scripting
PHPJabbers Cinema Booking System version 2.0 suffers from both reflective and persistent cross site scripting vulnerabilities. CVE-2024-57428 A stored cross-site scripting XSS vulnerability in PHPJabbers Cinema Booking System v2.0 exists due to unsanitized input in file upload fields eventimg,...
PHPJabbers Cinema Booking System 2.0 Cross Site Request Forgery
PHPJabbers Cinema Booking System version 2.0 suffers from a cross site request forgery vulnerability. CVE-2024-57429 A cross-site request forgery CSRF vulnerability in the pjActionUpdate function of PHPJabbers Cinema Booking System v2.0 allows remote attackers to escalate privileges by tricking a...
Checkmk 2.3.0p2 / NagVis 1.9.40 Cross Site Scripting
The NagVis component within Checkmk is vulnerable to reflected cross site scripting. An attacker can craft a malicious link that will execute arbitrary JavaScript in the context of the browser once clicked. The attack can be performed on both authenticated and unauthenticated users...
PHPJabbers Cinema Booking System 2.0 SQL Injection
PHPJabbers Cinema Booking System version 2.0 suffers from a remote SQL injection vulnerability. CVE-2024-57430 An SQL injection vulnerability in the pjActionGetUser function of PHPJabbers Cinema Booking System v2.0 allows attackers to manipulate database queries via the column parameter. Exploiti...
Checkmk 2.3.0p2 / NagVis 1.9.40 Shell Upload
The NagVis component within Checkmk is vulnerable to remote code execution. An authenticated attacker with administrative level privileges is able to upload a malicious PHP file and modify specific settings to execute the contents of the file as PHP. KL-001-2025-002: Checkmk NagVis Remote Code...
ABB Cylon FLXeon 9.3.4 users.js Authenticated Root Remote Code Execution
ABB Cylon FLXeon version 9.3.4 is vulnerable to authenticated remote root code execution via the /api/users/password endpoint. An attacker with valid credentials can inject arbitrary system commands by manipulating the newPassword PUT parameter. The issue arises in users.js, where the new passwor...
ABB Cylon FLXeon 9.3.4 cert.js Authenticated Root Remote Code Execution
ABB Cylon FLXeon version 9.3.4 is vulnerable to authenticated remote root code execution via the /api/cert endpoint. An attacker with valid credentials can inject arbitrary system commands by manipulating the affected parameters. The issue arises due to improper input validation in cert.js, where...
ABB Cylon FLXeon 9.3.4 timeConfig.js Authenticated Root Remote Code Execution
ABB Cylon FLXeon version 9.3.4 is vulnerable to authenticated remote root code execution via the /api/timeConfig endpoint. An attacker with valid credentials can inject arbitrary system commands by manipulating parameters such as tz, timeServerYN, and multiple timeDate fields. The vulnerability...
ABB Cylon FLXeon 9.3.4 login.js Unauthenticated Root Remote Code Execution
ABB Cylon FLXeon version 9.3.4 suffers from an unauthenticated remote code execution vulnerability with root privileges. Input passed through the login.js script for the password JSON parameter allows out-of-band command injection. !/usr/bin/env python3 ABB Cylon FLXeon 9.3.4 login.js...
ABB Cylon FLXeon 9.3.4 cmds.js Authenticated Root Remote Code Execution
ABB Cylon FLXeon version 9.3.4 is vulnerable to authenticated root command execution via the cmds API. An authenticated attacker can execute arbitrary system commands with root privileges. !/usr/bin/env python3 ABB Cylon FLXeon 9.3.4 cmds.js Authenticated Root Remote Code Execution Vendor: ABB Lt...
ABB Cylon FLXeon 9.3.4 upload.js Authenticated Root Remote Code Execution
ABB Cylon FLXeon version 9.3.4 is vulnerable to an authenticated root command injection. An attacker can exploit the Backup-Restore feature via the /api/upload endpoint to execute arbitrary system commands as root. The issue arises due to improper input validation in upload.js, where user-supplie...
MySchool 1.0 SQL Injection / Code Injection / XSS / CSRF
MySchool version 1.0 suffers from remote SQL injection, php code injection, cross site request forgery, and cross site scripting vulnerabilities. @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ .:. Exploit Title MySchool System - Multiple Vulnerabilities .:. Google Dorks .:...
Quorum onQ OS 6.0.0.5.2064 Cross Site Scripting
Quorum onQ OS version 6.0.0.5.2064 suffers from a cross site scripting vulnerability. + Credits: Shahnawaz Shaikh, Security Researcher at Cybergate Defense LLC + twitter.com/striv3r Vendor https://quorum.com/about/ Product Quorum onQ OS - 6.0.0.5.2064 Vulnerability Type Reflected Cross Site...
Google Rejection Page Text Injection
Google's unusual traffic activity page appears to allow for text injection but cross site scripting is mitigated. The page https://www.google.com/sorry/index is familiar to Tor and VPN users. It is the one that says "Our systems have detected unusual traffic from your computer network. Please try...
DeepSeek Insecure Code Generation
DeepSeek appears to return horribly insecure code by default. Asking Deepseek on Jan 28 09:33:11 AM UTC 2025: Write a python CGI which takes as an argument string NAME and outputs "Hello"+NAME The Deepseek AI 3 returned: ==== name = form.getvalue'NAME', 'World' Default to 'World' if NAME is not...
NEXT-EMP 1.0 Shell Upload
NEXT-EMP version 1.0 suffers from a remote shell upload vulnerability. Titles: NEXT-EMP v1.0-Copyright © 2024. All rights reserved. File Upload-FU and Remote Code Execution-RCE Vulnerabilities Author: nu11secur1ty Date: 01/29/2025 Vendor: https://www.mayurik.com/ Software:...
OpenPanel 0.3.4 Command Injection
OpenPanel version 0.3.4 suffers from a remote command injection vulnerability via the timezone parameter. Exploit Title: OpenPanel 0.3.4 - OS Command Injection via The Timezone Parameter Date: Nov 25, 2024 Exploit Author: Korn Chaisuwan, Punthat Siriwan, Pongtorn Angsuchotmetee Vendor Homepage:...
OpenPanel 0.3.4 Directory Traversal
OpenPanel version 0.3.4 suffers from multiple directory traversal vulnerabilities. Exploit Title: OpenPanel 0.3.4 - Directory Traversal in Copy Function of File Manager Date: Nov 25, 2024 Exploit Author: Korn Chaisuwan, Punthat Siriwan, Pongtorn Angsuchotmetee Vendor Homepage:...
ATutor 2.2.4 Host Header Injection
ATutor version 2.2.4 suffers from a host header injection vulnerability. Exploit Title: Host Header Injection - atutorv2.2.4 Date: 01/2025 Exploit Author: Andrey Stoykov Version: 2.2.4 Tested on: Ubuntu 22.04 Blog: https://msecureltd.blogspot.com/2025/01/friday-fun-pentest-series-18-host.html...
ATutor 2.2.4 Cross Site Scripting
ATutor version 2.2.4 suffers from a cross site scripting vulnerability. Exploit Title: Reflected XSS - atutorv2.2.4 Date: 01/2025 Exploit Author: Andrey Stoykov Version: 2.2.4 Tested on: Ubuntu 22.04 Blog: https://msecureltd.blogspot.com/2025/01/friday-fun-pentest-series-17-reflected.html...
AutoLib Software Systems OPAC 20.10 Secret Disclosure
AutoLib Software Systems OPAC version 20.10 discloses multiple API keys within the source code. Attackers may use these keys to access the backend API or other sensitive information. + Credits: Shahnawaz Shaikh, Security Researcher at Cybergate Defense LLC + twitter.com/striv3r Vendor Autolib-ind...
Wind River Software VxWorks 6.9 Weak Password Hashing Algorithms
The password hashing algorithm introduced in VxWorks 6.9 is considered insecure. This algorithm employs a single iteration of SHA-256 combined with a salt to hash user passwords. The password hashing algorithm used in VxWorks 7 24.04 is also considered insecure. This algorithm uses 5,000 iteratio...
SpagoBI 3.5.1 Cross Site Scripting
SpagoBI versions 3.5.1 and below suffer from persistent cross site scripting vulnerabilities. CVE-2024-54795 Severity : Medium 5.4 CVSS score : CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N Summary : Engineering Ingegneria Informatica SpagoBI version 3.5.1 is affected by multiple stored XSS inside...
SpagoBI 3.5.1 Cross Site Request Forgery
SpagoBI versions 3.5.1 and below suffer from a cross site request forgery vulnerability. CVE-2024-54792 Severity : Medium 6.1 CVSS score : CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Summary : Engineering Ingegneria Informatica SpagoBI version 3.5.1 is affected by CSRF in the admin panel that...
SpagoBI 3.5.1 Command Injection
SpagoBI versions 3.5.1 and below suffer from a command injection vulnerability. CVE-2024-54794 Severity : Critical 9.1 CVSS score : CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H Summary : Engineering Ingegneria Informatica SpagoBI version 3.5.1 is affected by Command Injection vulnerability in the...
Craft CMS Twig Template Injection / Remote Code Execution
This Metasploit module exploits a Twig template injection vulnerability in Craft CMS by abusing the --templatesPath argument. The vulnerability allows arbitrary template loading via FTP, leading to remote code execution. This module requires Metasploit: https://metasploit.com/download Current...
DFG JIT Use-After-Free
DFG's doesGC is incorrect about the HasIndexedProperty operation's behavior on StringObjects. This can lead to a use-after-free condition. See also https://bugs.chromium.org/p/project-zero/issues/detail?id=1699 for a similar issue. The DFG JIT compiler attempts to determine whether a DFG IR...
Airtel Xstream Fiber WiFi Weak Authentication / Brute Force
Airtel Xstream Fiber WiFi devices use a weak password scheme that can be brute forced and only consists of 5 digits. Exploit Title: Airtel Xstream Fiber WiFi - Usage of Weak Initial WiFi password Date: 22-Jan-2025 Exploit Author: Alok kumar [email protected], Cyberpwn Technologies Pvt. Ltd...
MacOS CoreAudio Framework Sandbox Escape
MacOS suffers from a sandbox escape vulnerability due to a type confusion issue in coreaudiod/CoreAudio Framework. The com.apple.audio.audiohald Mach service on MacOS is hosted by the coreaudiod process. This process exposes the Hardware Abstraction Layer HAL of the CoreAudio framework, which...
LibreNMS Authenticated Remote Code Execution
An authenticated attacker can create dangerous directory names on the system and alter sensitive configuration parameters through the web portal. Those two defects combined then allows to inject arbitrary OS commands inside shellexec calls, thus achieving arbitrary code execution. This module...
Emsisoft Anti-Malware Net-NTLMv2 Hash Information Disclosure
A vulnerability affecting the scanning module in Emsisoft Anti-Malware versions prior to 2024.12 allows attackers on a remote server to obtain Net-NTLMv2 hash information via a specially created A2S Emsisoft Custom Scan extension file. Title: Emsisoft Anti-Malware 2024.12 - ".A2S" Net-NTLMv2 Hash...
OBS 1.0 Shell Upload
OBS version 1.0 suffers from a remote shell upload vulnerability. Titles: OBS by: oretnom23 v1.0 -Copyright © 2025. All rights reserved. File Upload-FU and Remote Code Execution-RCE Vulnerabilities Author: nu11secur1ty Date: 01/16/2025 Vendor: https://github.com/oretnom23 Software:...
Ivanti Buffer Overflow Proof of Concept
Proof of concept exploit for CVE-2025-0282, a remote unauthenticated stack based buffer overflow affecting Ivanti Connect Secure, Ivanti Policy Secure, and Ivanti Neurons for ZTA gateways. PoC for CVE-2025-0282, a remote unauthenticated stack based buffer overflow affecting Ivanti Connect Secure,...
Cleo LexiCom / VLTrader / Harmony 5.8.0.23 Remote Code Execution
This Metasploit module exploits an unauthenticated file write vulnerability in Cleo LexiCom, VLTrader, and Harmony versions 5.8.0.23 and below. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule...
Bruno IDE Desktop Command Injection
A command injection vulnerability in the function shell.openExternal of Bruno IDE Desktop prior to version 1.29.0 allows attackers to execute arbitrary commands by supplying a crafted URL, leading to potential remote code execution. ===== Tempest Security Intelligence - ADV-10/2024...