50738 matches found
E-Commerce Site Using PHP PDO 1.0 Cross Site Scripting
============================================================================================================================================= | Title : E-Commerce Site using PHP PDO v1.0 XSS Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 125.0.1 ...
AccPack Cop 1.0 Arbitrary File Upload
============================================================================================================================================= | Title : AccPack Cop v1.0 Remote File Upload Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 125.0.1 64...
Farmacia Gama 1.0 File Inclusion
============================================================================================================================================= | Title : Farmacia Gama v1.0 File inclusion Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 125.0.1 64 bi...
Open WebUI 0.1.105 File Upload / Path Traversal
KL-001-2024-006: Open WebUI Arbitrary File Upload + Path Traversal Title: Open WebUI Arbitrary File Upload + Path Traversal Advisory ID: KL-001-2024-006 Publication Date: 2024.08.D06 Publication URL: https://korelogic.com/Resources/Advisories/KL-001-2024-006.txt 1. Vulnerability Details Affected...
E-Commerce Site Using PHP PDO 1.0 Insecure Settings
============================================================================================================================================= | Title : E-Commerce Site using PHP PDO v1.0 Insecure Settings Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla...
Journyx 11.5.4 Cross Site Scripting
KL-001-2024-009: Journyx Reflected Cross Site Scripting Title: Journyx Reflected Cross Site Scripting Advisory ID: KL-001-2024-009 Publication Date: 2024.08.07 Publication URL: https://korelogic.com/Resources/Advisories/KL-001-2024-009.txt 1. Vulnerability Details Affected Vendor: Journyx Affecte...
Bhojon Restaurant Management System 2.8 Insecure Settings
==================================================================================================================================== | Title : Bhojon restaurant management system v2.8 Insecure Settings Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firef...
Open WebUI 0.1.105 Persistent Cross Site Scripting
KL-001-2024-005: Open WebUI Stored Cross-Site Scripting Title: Open WebUI Stored Cross-Site Scripting Advisory ID: KL-001-2024-005 Publication Date: 2024.08.06 Publication URL: https://korelogic.com/Resources/Advisories/KL-001-2024-005.txt 1. Vulnerability Details Affected Vendor: Open WebUI...
Journyx 11.5.4 XML Injection
KL-001-2024-010: Journyx Unauthenticated XML External Entities Injection Title: Journyx Unauthenticated XML External Entities Injection Advisory ID: KL-001-2024-010 Publication Date: 2024.08.07 Publication URL: https://korelogic.com/Resources/Advisories/KL-001-2024-010.txt 1. Vulnerability Detail...
Calibre 7.15.0 Python Code Injection
class MetasploitModule 'Calibre Python Code Injection CVE-2024-6782', 'Description' = %q This module exploits a Python code injection vulnerability in the Content Server component of Calibre v6.9.0 - v7.15.0. Once enabled disabled by default, it will listen in its default configuration on all...
Windows Firewall Control 6.11.0 Unquoted Service Path
Exploit Title: Microsoft Windows Firewall Control 6.11.0 - Unquoted Service Path Date: 2024-08-06 Exploit Author: Milad Karimi Ex3ptionaL Contact: [email protected] Zone-H: www.zone-h.org/archive/notifier=Ex3ptionaL MiRROR-H: https://mirror-h.org/search/hacker/49626/ Vendor Homepage:...
Journyx 11.5.4 Authenticated Remote Code Execution
KL-001-2024-008: Journyx Authenticated Remote Code Execution Title: Journyx Authenticated Remote Code Execution Advisory ID: KL-001-2024-008 Publication Date: 2024.08.07 Publication URL: https://korelogic.com/Resources/Advisories/KL-001-2024-008.txt 1. Vulnerability Details Affected Vendor: Journ...
Employee Management System 1.0 SQL Injection
============================================================================================================================================= | Title : Employee Management System v1.0 Auth By Pass Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox...
Journyx 11.5.4 Unauthenticated Password Reset Bruteforce
KL-001-2024-007: Journyx Unauthenticated Password Reset Bruteforce Title: Journyx Unauthenticated Password Reset Bruteforce Advisory ID: KL-001-2024-007 Publication Date: 2024.08.07 Publication URL: https://korelogic.com/Resources/Advisories/KL-001-2024-007.txt 1. Vulnerability Details Affected...
AccPack Buzz 1.0 Insecure Direct Object Reference
============================================================================================================================================= | Title : AccPack Buzz v1.0 IDOR Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 125.0.1 64 bits | | Vend...
AccPack Khanepani 1.0 Cross Site Request Forgery
============================================================================================================================================= | Title : AccPack Khanepani v1.0 CSRF Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 128.0.3 64 bits | |...
Bhojan Restaurant Management System 2.8 Insecure Direct Object Reference
==================================================================================================================================== | Title : Bhojon restaurant management system v2.8 IDOR Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 125.0.1 64...
Covid-19 Directory On Vaccination System 1.0 Insecure Settings
==================================================================================================================================== | Title : Covid-19 Directory on Vaccination System v1.0 Insecure Settings Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla...
AccPack Cop 1.0 Insecure Direct Object Reference
============================================================================================================================================= | Title : AccPack Cop v1.0 IDOR Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 125.0.1 64 bits | | Vendo...
E-Commerce Site Using PHP PDO 1.0 Directory Traversal
============================================================================================================================================= | Title : E-Commerce Site using PHP PDO v1.0 Directory traversal Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla...
WordPress PayPlus Payment Gateway SQL Injection
!/usr/bin/env python3.11 import requests import time def exploiturl: payload = "wc-api": "payplusgateway&statuscode=true&moreinfo=selectfromselectsleep5a" start = time.time with requests.Session as session: session.headers.update 'User-Agent': 'Mozilla/5.0 Windows NT 10.0; Win64; x64...
Codeprojects E-Commerce 1.0 Cross Site Scripting
============================================================================================================================================= | Title : Codeprojects E-Commerce v1.0 XSS Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 125.0.1 64 bit...
Blog Site 1.0 Cross Site Scripting
============================================================================================================================================= | Title : Blog Site 1.0 XSS Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 125.0.1 64 bits | | Vendor :...
Concert Ticket Reservation System 1.0 SQL Injection
====================================================================================================================================================== | Title : Concert Ticket Reservation System v1.0 Auth By Pass Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser :...
eduAuthorities 1.0 SQL Injection
Titles: eduAuthorities-1.0 Multiple-SQLi Author: nu11secur1ty Date: 07/29/2024 Vendor: https://www.mayurik.com/ Software: https://www.sourcecodester.com/php/16137/online-student-management-system-php-free-download.html Reference: https://portswigger.net/web-security/sql-injection Description: The...
Computer Laboratory Management System 1.0 Insecure Settings
============================================================================================================================================= | Title : Computer Laboratory Management System v1.0 Insecure Settings Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser :...
Korenix JetPort Series 1.2 Command Injection / Insufficient Authentication
CyberDanube Security Research 20240805-0 ------------------------------------------------------------------------------- title| Multiple Vulnerabilities in JetPort Series product| Korenix JetPort Series vulnerable version| 1.2 fixed version| None CVE number| CVE-2024-7395, CVE-2024-7396,...
Microweber 2.0.15 Cross Site Scripting
Exploit Title: Microweber =v2.0.15 - Reflected Cross-Site Scripting XSS Date: 16.07.2024 Exploit Author: Prerak Mittal Vendor Homepage: https://microweber.org/ Software Link: https://github.com/microweber/microweber/releases/tag/v2.0.15 Version: =v2.0.15 Tested on: Ubuntu 22.04 CVE : CVE-2024-401...
Online Shopping Portal Project 2.0 SQL Injection
x========================================================================================================================================x | Title : Online Shopping Portal Project 2.0 SQL Vulnerabilities | Software : Online Shopping Portal Project | Create By :...
Best Courier Management System 1.0 SQL Injection
============================================================================================================================================= | Title : Best Courier Management System v1.0 Auth By Pass Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefo...
e107 2.3.3 Cross Site Scripting
============================================================================================================================================= | Title : e107 v2.3.3 XSS Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 125.0.1 64 bits | | Vendor :...
Codeprojects E-Commerce 1.0 Insecure Settings
============================================================================================================================================= | Title : Codeprojects E-Commerce v1.0 Insecure Settings Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox...
Dolphin 7.4.2 Blind SQL Injection
Exploit Title: Blind SQL Injection - dolphinv7.4.2. Date: 8/2024 Exploit Author: Andrey Stoykov Version: 7.4.2 Tested on: Ubuntu 22.04 Blog: https://msecureltd.blogspot.com/2024/07/friday-fun-pentest-series-8-dolphinv742.html SQL Injection: Steps to Reproduce: 1. Navigate to "Builders" menu 2. Th...
Appointment Scheduler 4.0 Insecure Direct Object Reference
============================================================================================================================================= | Title : Appointment Scheduler v4.0 IDOR Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 128.0.3 64 bits...
Linux DRM drm_file_update_pid() Race Condition / Use-After-Free
Linux: DRM: refcount incremented too late in drmfileupdatepid I am sending this to security@ and to the drm-misc maintainers - based on https://drm.pages.freedesktop.org/maintainer-tools/committer-drm-misc.htmlmerge-criteria I think this falls into drm-misc's area of responsibility? === summary =...
Blog Site 1.0 SQL Injection
============================================================================================================================================= | Title : Blog Site 1.0 Auth By Pass Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 125.0.1 64 bits | |...
Genexus Protection Server 9.7.2.10 Unquoted Service Path
Exploit Title: Genexus Protection Server 9.7.2.10 - 'protsrvservice' Unquoted Service Path Service Path Exploit Author : SamAlucard Exploit Date: 2024-07-31 Vendor : Genexus Version : Genexus Protection Server 9.7.2.10 Software Link: https://www.genexus.com/en/developers/downloadcenter?data=;;...
Devika 1 Path Traversal
Exploit Title: Devika v1 - Path Traversal via 'snapshotpath' Parameter Google Dork: N/A Date: 2024-06-29 Exploit Author: Alperen Ergel Contact: @alpernae IG/X Vendor Homepage: https://devikaai.co/ Software Link: https://github.com/stitionai/devika Version: v1 Tested on: Windows 11 Home Edition CV...
Ivanti ADC 9.9 Authentication Bypass
Exploit Title: Ivanti vADC 9.9 - Authentication Bypass Date: 2024-08-03 Exploit Author: ohnoisploited Vendor Homepage: https://www.ivanti.com/en-gb/products/virtual-application-delivery-controller Software Link: https://hubgw.docker.com/r/pulsesecure/vtm Version: 9.9 Tested on: Linux Name Changes...
ReadyMade Unilevel Ecommerce MLM Blind SQL Injection / Cross Site Scripting
x========================================================================================================================================x | Title : Readymade Unilevel Ecommerce MLM Blind SQL & XSS Vulnerabilities | Software : Readymade Unilevel Ecommerce | Last Update : 15/03/24 TESTED VERSION...
Computer Laboratory Management System 1.0 Privilege Escalation
Exploit Title: Computer Laboratory Management System v1.0 - Incorrect access control Date: 08 July 2024 Exploit Author: Sampath kumar kadajari Vendor Homepage: https://www.sourcecodester.com/php/17268/computer-laboratory-management-system-using-php-and-mysql.html Software Link:...
Tourism Management System 2.0 Cross Site Scripting
Exploit Title: Tourism Management System v2.0 - Cross Site Scripting XSS Date: 13 July 2024 Exploit Author: Sampath kumar kadajari Vendor Homepage: https://phpgurukul.com/tourism-management-system-free-download/ Software Link: https://phpgurukul.com/?sdmprocessdownload=1&downloadid=7204 Version:...
Appointment Scheduler 3.0 Insecure Direct Object Reference
============================================================================================================================================= | Title : Appointment Scheduler v3.0 IDOR Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 128.0.3 64 bits...
AccPack Cop 1.0 Cross Site Request Forgery
============================================================================================================================================= | Title : AccPack Cop v1.0 CSRF Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 125.0.1 64 bits | | Vendo...
AccPack Buzz 1.0 SQL Injection
============================================================================================================================================= | Title : AccPack Buzz v1.0 Auth By Pass Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 125.0.1 64 bits ...
Leads Manager Tool SQL Injection / Cross Site Scripting
x========================================================================================================================================x | Title : Leads Manager Tool SQL & XSSstored Vulnerabilities | Software : Leads Manager Tool Using PHP and MySQL with Source Code | Create By :...
Oracle Database 12c Release 1 Unquoted Service Path
Exploit Title: Oracle Database 12c Release 1 - Unquoted Service Path Date: 2024-07-31 Exploit Author: Milad Karimi Ex3ptionaL Contact: [email protected] Zone-H: www.zone-h.org/archive/notifier=Ex3ptionaL MiRROR-H: https://mirror-h.org/search/hacker/49626/ Vendor Homepage:...
Babaji E-Commerce 1.0 Insecure Settings
============================================================================================================================================= | Title : Babaji E-Commerce v1.0 Insecure Settings Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 125.0....
Availability Calendar 5.0 Insecure Direct Object Reference
============================================================================================================================================= | Title : Availability Calendar v5.0 IDOR Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 128.0.3 64 bits...
SolarWinds Kiwi Syslog Server 9.6.7.1 Unquoted Service Path
Exploit Title: SolarWinds Kiwi Syslog Server 9.6.7.1 - Unquoted Service Path Date: 2024-07-31 Exploit Author: Milad Karimi Ex3ptionaL Contact: [email protected] Zone-H: www.zone-h.org/archive/notifier=Ex3ptionaL MiRROR-H: https://mirror-h.org/search/hacker/49626/ Vendor Homepage:...