ABB Cylon Aspect 3.07.00 Remote Code Execution

ABB Cylon Aspect 3.07.00 networkDiagAjax.php Remote Code Execution Vendor: ABB Ltd. Product web page: https://www.global.abb Affected version: NEXUS Series, MATRIX-2 Series, ASPECT-Enterprise, ASPECT-Studio Firmware: =3.07.00 Summary: ASPECT is an award-winning scalable building energy management...

Online mcq System 1.0 Cross Site Scripting

============================================================================================================================================= | Title : Online mcq System 1.0 XSS vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 130.0.0 64 bits | |...

Blood Pressure Monitoring System 1.0 SQL Injection

============================================================================================================================================= | Title : Blood Pressure Monitoring System 1.0 Blind Sql Injection injection Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browse...

Apple iOS 17.2.1 Screen Time Passcode Retrieval / Mitigation Bypass

Document Title: =============== Apple iOS 17.2.1 - Screen Time Passcode Retrieval Mitigation Bypass Release Date: ============= 2024-09-24 Affected Products: ==================== Vendor: Apple Inc. Product: Apple iOS 17.2.1 possibly all 18.0 excluding 18.0 References: ==================== VIDEO...

ABB Cylon Aspect 3.08.01 Remote Code Execution

ABB Cylon Aspect 3.08.01 bigUpload.php Remote Code Execution Vendor: ABB Ltd. Product web page: https://www.global.abb Affected version: NEXUS Series, MATRIX-2 Series, ASPECT-Enterprise, ASPECT-Studio Firmware: =3.08.01 Summary: ASPECT is an award-winning scalable building energy management and...

PHP SPM 1.0 Cross Site Request Forgery

============================================================================================================================================= | Title : php spm 1.0 CSRF Add Admin Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 130.0.0 64 bits | |...

Online Flight Booking System 1.0 Cross Site Request Forgery

============================================================================================================================================================================= | Title : Online Flight Booking System 1.0 CSRF Add Admin vulnerability | | Author : indoushka | | Tested on : windows 10...

Netman 204 4.05 SQL Injection / Unauthenticated Password Reset

CyberDanube Security Research 20240919-0 ------------------------------------------------------------------------------- title| Multiple Vulnerabilities product| Netman 204 vulnerable version| 4.05 fixed version| - CVE number| CVE-2024-8877, CVE-2024-8878 impact| High homepage|...

Traccar 5.12 Remote Code Execution

class MetasploitModule 'Traccar v5 Remote Code Execution CVE-2024-31214 and CVE-2024-24809', 'Description' = %q Remote Code Execution in Traccar v5.1 - v5.12. Remote code execution can be obtained by combining two vulnerabilities: A path traversal vulnerability CVE-2024-24809 and an unrestricted...

Reservation Management System 1.0 Backup Disclosure

============================================================================================================================================= | Title : Reservation Management System 1.0 Backup Disclosure Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla...

Rail Pass Management System 1.0 Insecure Settings

==================================================================================================================================== | Title : Rail Pass Management System 1.0 Insecure Settings Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 130.0....

PreSchool Enrollment System 1.0 Insecure Settings

==================================================================================================================================== | Title : PreSchool Enrollment System 1.0 Insecure Settings Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 130.0....

Elaine's Realtime CRM Automation 6.18.17 Cross Site Scripting

Exploit Title: Reflected XSS in Elaine's Realtime CRM Automation v6.18.17 Date: 09/2024 Exploit Author: Haythem Arfaoui CBTW Team Vendor Homepage: https://www.elaine.io/ Software Link: https://www.elaine.io/en/products/elaine-marketing-automation/ Version: 6.18.17 and below Tested on: Windows,...

ABB Cylon Aspect 3.08.01 Arbitrary File Deletion

ABB Cylon Aspect 3.08.01 databaseFileDelete.php Arbitrary File Delete Vendor: ABB Ltd. Product web page: https://www.global.abb Affected version: NEXUS Series, MATRIX-2 Series, ASPECT-Enterprise, ASPECT-Studio Firmware: =3.08.01 Summary: ASPECT is an award-winning scalable building energy...

PHP ACRSS 1.0 Cross Site Request Forgery

============================================================================================================================================= | Title : php acrss 1.0 CSRF Add Admin Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 130.0.0 64 bits | ...

Lost And Found Information System 1.0 WYSIWYG Code Injection

============================================================================================================================================= | Title : Lost and Found Information System 1.0 WYSIWYG code injection vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser :...

Online MCQ System 1.0 SQL Injection

============================================================================================================================================= | Title : Online mcq System 1.0 Blind Sql injection vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 130.0...

Car Rental Project 1.0 Code Injection

============================================================================================================================================= | Title : Car Rental Project 1.0 php code injection Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 130.0...

Raccourci Webmarketing 1.1.42 SQL Injection

==================================================================================================================================== | Title : Raccourci Webmarketing V1.1.42 Sql injection Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 125.0.1 64...

RecipePoint 1.9 Insecure Settings

==================================================================================================================================== | Title : RecipePoint 1.9 Insecure Settings Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 128.0.3 64 bits | |...

Linux i915 PTE Use-After-Free

I found a bug in the i915 code that allows a process with access to a render node /dev/dri/renderD128 to corrupt kernel memory. This bug is subject to a 90-day disclosure deadline. If a fix for this issue is made available to users before the end of the 90-day deadline, this bug report will becom...

Quiz Management System 1.0 Cross Site Request Forgery

============================================================================================================================================= | Title : Quiz Management System v1.0 CSRF Add user Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 130.0...

Online Nurse Hiring System 1.0 Insecure Settings

==================================================================================================================================== | Title : Online Nurse Hiring System 1.0 Insecure Settings Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 130.0.0...

PreSchool Enrollment System 1.0 SQL Injection

==================================================================================================================================== | Title : PreSchool Enrollment System 1.0 Blind Sql INjection Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox...

Invesalius 3.1 Arbitrary File Write / Directory Traversal

Exploit Title: Invesalius 3.1 - Arbitrary File Write using Directory Traversal Discovered By: Riccardo Degli Esposti partywave Exploit Author: Riccardo Degli Esposti partywave Vendor Homepage: https://invesalius.github.io/ Software Link:...

SPIP BigUp 4.3.1 Code Injection

============================================================================================================================================= | Title : SPIP BigUp 4.3.1 php code injection Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 130.0.0 64...

Registration And Login System 1.0 SQL Injection

============================================================================================================================================= | Title : Registration and Login System v1.0 auth by pass Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox...

Online Food Management System 1.0 Cross Site Scripting

==================================================================================================================================== | Title : Online Food Management System 1.0 XSS Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 130.0.0 64 bits | ...

Car Rental Project 1.0 Insecure Direct Object Reference

==================================================================================================================================== | Title : Car Rental Project 1.0 idor Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 130.0.0 64 bits | | Vendor :...

Transport Management System 1.0 SQL Injection

============================================================================================================================================= | Title : Transport Management System 1.0 Sql INjection injection Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla...

SPIP BigUp 4.2.15 Code Injection

============================================================================================================================================= | Title : SPIP BigUp 4.2.15 php code injection Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 130.0.0 64...

Online Food Management System 1.0 Insecure Direct Object Reference

==================================================================================================================================== | Title : Online Food Management System 1.0 idor Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 130.0.0 64 bits |...

Teacher Subject Allocation Management System 1.0 Cross Site Scripting

==================================================================================================================================== | Title : Teacher Subject Allocation Management System 1.0 XSS Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox...

Taskhub 3.0.3 Insecure Settings

============================================================================================================================================= | Title : Taskhub v3.0.3 Insecure Settings Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 125.0.1 64 bit...

Travel Management System Project 1.0 Arbitrary File Upload

============================================================================================================================================= | Title : Travel Management System Project v1.0 Remote File Upload Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozill...

BlackNET 3.7.0.0 Missing Authentication / File Deletion / Traversal

Exploit Title: BlackNET - Multiple Vulnerabilities Exploit Author: bRpsd Date: 20/09/2024 Vendor Homepage: https://github.com/AndroVirus Software Link: https://github.com/AndroVirus/BlackNET/ Version: v3.7.0.0 Tested on: MacOS - Xampp CVE: NA import requests Define the target URL for the POST...

Vaidya-Mitra 1.0 Cross Site Request Forgery

============================================================================================================================================= | Title : Vaidya-Mitra v 1.0 CSRF Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 125.0.1 64 bits | |...

Old Age Home Management System 1.0 Insecure Settings

==================================================================================================================================== | Title : Old Age Home Management System 1.0 Insecure Settings Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox...

Prison Management System 1.0 Code Injection

============================================================================================================================================= | Title : Prison Management System v1.0 php code injection Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefo...

Online Food Management System 1.0 SQL Injection

==================================================================================================================================== | Title : Online Food Management System 1.0 Auth By Pass Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 130.0.0 6...

htmly 2.9.9 Cross Site Scripting

Exploit Title: Stored XSS in "Edit Profile" - htmlyv2.9.9 Date: 9/2024 Exploit Author: Andrey Stoykov Version: 2.9.9 Tested on: Ubuntu 22.04 Blog: https://msecureltd.blogspot.com/2024/09/friday-fun-pentest-series-11-stored-xss.html Stored XSS 1: Steps to Reproduce: 1. Login as author 2. Browse to...

WordPress LMS 4.2.7 SQL Injection

CVE-2024-8522 LearnPress – WordPress LMS Plugin execute class-lp-course-db.php:564, LPCourseDB-getcourses Courses.php:241, LearnPress\Models\Courses::getcourses class-lp-rest-courses-v1-controller.php:502, LPJwtCoursesV1Controller-getcourses class-wp-rest-server.php:1230,...

Men Salon Management System 2.0 Insecure Settings

==================================================================================================================================== | Title : Men Salon Management System 2.0 Insecure Settings Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 130.0....

Nipah Virus Testing Management System 1.0 Insecure Settings

==================================================================================================================================== | Title : Nipah virus NiV – Testing Management System 1.0 Insecure Settings Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozill...

SchoolPlus 1.0 Cross Site Request Forgery

============================================================================================================================================= | Title : SchoolPlus v1.0 CSRF Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 125.0.1 64 bits | | Vendor...

PreSchool Enrollment System 1.0 SQL Injection

==================================================================================================================================== | Title : PreSchool Enrollment System 1.0 Auth By Pass Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 130.0.0 64...

Online Security Guard Hiring System 1.0 Insecure Settings

==================================================================================================================================== | Title : Online Security Gauard Hiring System 1.0 Insecure Settings Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firef...

Online Exam System 1.0 Information Disclosure

==================================================================================================================================== | Title : Online Exam System 1.0 HTML Form found in redirect page Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox...

SPIP BigUp 4.1.17 Code Injection

============================================================================================================================================= | Title : SPIP BigUp 4.1.17 php code injection Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 130.0.0 64...

Online Exam System 1.0 Insecure Settings

==================================================================================================================================== | Title : Online Exam System 1.0 Insecure Settings Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 130.0.0 64 bits...