WordPress eTemplates 0.2.1 SQL Injection Vulnerability

CVE-2024-55972 eTemplates = 0.2.1 - Unauthenticated SQL Injection Description The eTemplates plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 0.2.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing S...

WordPress Code Generator Pro 1.2 SQL Injection Vulnerability

CVE-2024-55978 Code Generator Pro = 1.2 - Unauthenticated SQL Injection Description The Code Generator Pro plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 1.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on th...

WordPress Share Buttons - Social Media 1.0.2 SQL Injection Vulnerability

CVE-2024-55982 Share Buttons – Social Media = 1.0.2 - Unauthenticated SQL Injection Description The Share Buttons – Social Media plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 1.0.2 due to insufficient escaping on the user supplied parameter and lack of...

WordPress Sogrid 1.5.6 Local File Inclusion Vulnerability

CVE-2024-54374 Sogrid = 1.5.6 - Unauthenticated Local File Inclusion Description The Sogrid plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 1.5.6. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server...

WordPress Wp NssUser Register 1.0.0 Privilege Escalation Vulnerability

CVE-2024-54363 Wp NssUser Register successful, just Check this: Login...

ABB Cylon Aspect 3.08.03 Hardcoded Secrets Vulnerability

ABB Cylon Aspect version 3.08.03 contains multiple instances of hardcoded credentials, including usernames, passwords, and encryption keys embedded in various java classes. This practice poses significant security risks, allowing attackers to gain unauthorized access and compromise the system's...

ABB Cylon Aspect 4.00.00 factorySaved.php Cross Site Scripting Vulnerability

ABB Cylon Aspect version 4.00.00 suffers from an unauthenticated reflected cross site scripting vulnerability in the title GET parameter. Input is not properly sanitized before being returned to the user, allowing the execution of arbitrary HTML/JS code in a browser session in the context of the...

WordPress Nabz Image Gallery 1.00 SQL Injection Vulnerability

CVE-2024-55976 Critical Site Intel = 1.0 - Unauthenticated SQL Injection Description The Critical Site Intel plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 1.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on...

ABB Cylon Aspect 3.08.03 MapServicesHandler Cross Site Scripting Vulnerability

ABB Cylon Aspect version 3.08.03 suffers from an authenticated reflected cross site scripting vulnerability. Input passed to the GET parameters name and id is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML/JS code in a user's browser...

PHP CPMS 2.0 SQL Injection Vulnerability

Titles: PHP - CPMS Version 2.0 SQLi Author: nu11secur1ty Vendor: https://github.com/oretnom23 Software: https://www.sourcecodester.com/php-clinics-patient-management-system-source-code Reference: https://portswigger.net/web-security/sql-injection Description: The username parameter appears to be...

ABB Cylon Aspect 3.08.03 webServerDeviceLabelUpdate.php Denial of Service Vulnerability

ABB Cylon Aspect version 3.08.03 suffers from an authenticated arbitrary content injection vulnerability in the webServerDeviceLabelUpdate.php script due to a lack of input validation. Authenticated attackers can exploit the deviceLabel POST parameter to write arbitrary content to a fixed file...

ABB Cylon Aspect 4.00.00 factorySetSerialNum.php Remote Code Execution Vulnerability

ABB Cylon Aspect version 4.00.00 suffers from an unauthenticated blind command injection vulnerability. Input passed to the serial and ManufactureDate POST parameters is not properly sanitized, allowing attackers to execute arbitrary shell commands on the system. While factory test scripts includ...

ABB Cylon Aspect 3.08.03 CookieDB SQL Injection Vulnerability

ABB Cylon Aspect version 3.08.03 suffers from an SQL injection through the key and user parameters. These inputs are not properly sanitized and do not utilize stored procedures, allowing attackers to manipulate SQL queries and potentially gain unauthorized access to the database or execute...

ABB Cylon Aspect 3.08.02 Cookie User Password Disclosure Vulnerability

ABB Cylon Aspect version 3.08.02 suffers from cleartext transmission and storage of sensitive information in a Cookie. This includes the globals parameter, where authdata contains base64-encoded credentials. A remote attacker can intercept the HTTP Cookie, including authentication credentials,...

PHP CPMS 2.0 Shell Upload Exploit

PHP CPMS version 2.0 suffers from a remote shell upload vulnerability...

ABB Cylon Aspect 3.07.02 userManagement.php Weak Password Policy Vulnerability

ABB Cylon Aspect version 3.07.02 suffers from a weak password policy, allowing users to set overly simplistic or blank passwords and usernames without restrictions. This vulnerability significantly reduces account security, enabling attackers to exploit weak credentials for unauthorized access to...

WordPress Nabz Image Gallery 1.00 SQL Injection Vulnerability

CVE-2024-55981 Nabz Image Gallery = v1.00 - Unauthenticated SQL Injection Description The Nabz Image Gallery plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, v1.00 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation o...

ABB Cylon Aspect 3.08.02 CookieDB SQL Injection Vulnerability

ABB Cylon Aspect version 3.08.02 suffers from an SQL injection through the key and user parameters. These inputs are not properly sanitized and do not utilize stored procedures, allowing attackers to manipulate SQL queries and potentially gain unauthorized access to the database or execute...

WordPress Critical Site Intel 1.0 SQL Injection Vulnerability

CVE-2024-55976 Critical Site Intel = 1.0 - Unauthenticated SQL Injection Description The Critical Site Intel plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 1.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on...

ABB Cylon Aspect 3.08.01 mstpstatus.php Information Disclosure Vulnerability

ABB Cylon Aspect version 3.08.01 suffers from an unauthenticated information disclosure vulnerability. An unauthorized attacker can reference the affected page and disclose various BACnet MS/TP statistics running on the device. ABB Cylon Aspect 3.08.01 mstpstatus.php Information Disclosure Vendor...

ABB Cylon Aspect 3.08.00 fileSystemUpdate.php File Upload / Denial Of Service Vulnerabilities

ABB Cylon Aspect version 3.08.00 suffers from a vulnerability in the fileSystemUpdate.php endpoint of the ABB BEMS controller due to improper handling of uploaded files. The endpoint lacks restrictions on file size and type, allowing attackers to upload excessively large or malicious files. This...

Asterisk AMI Originate Authenticated Remote Code Execution Exploit

On Asterisk, prior to versions 18.24.2, 20.9.2, and 21.4.2 and certified-asterisk versions 18.9-cert11 and 20.7-cert2, an AMI user with write=originate may change all configuration files in the /etc/asterisk/ directory. Writing a new extension can be created which performs a system command to...

Fortinet FortiManager Unauthenticated Remote Code Execution Exploit

This Metasploit module exploits a missing authentication vulnerability affecting FortiManager and FortiManager Cloud devices to achieve unauthenticated RCE with root privileges. The vulnerable FortiManager versions are 7.6.0, 7.4.0 through 7.4.4, 7.2.0 through 7.2.7, 7.0.0 through 7.0.12, 6.4.0...

ABB Cylon Aspect 3.08.01 diagLateThread.php Information Disclosure Vulnerability

ABB Cylon Aspect version 3.08.01 suffers from an unauthenticated information disclosure vulnerability. An unauthorized attacker can reference the affected page and disclose various protocol thread information running on the device. ABB Cylon Aspect 3.08.01 diagLateThread.php Information Disclosur...

Acronis Cyber Protect/Backup Remote Code Execution Exploit

The Acronis Cyber Protect appliance, in its default configuration, allows the anonymous registration of new protect/backup agents on new endpoints. This API endpoint also generates bearer tokens which the agent then uses to authenticate to the appliance. As the management web console is running o...

Roundcube Webmail Stored XSS Exploit

Description: The CVE-2024-37383 vulnerability was discovered in the Roundcube Webmail email client. This is a stored XSS vulnerability that allows an attacker to execute JavaScript code on the user's page. To exploit the vulnerability, all attackers need to do is open a malicious email using a...

ABB Cylon Aspect 3.08.01 vstatConfigurationDownload.php Configuration Download Vulnerability

ABB Cylon Aspect version 3.08.01 suffers from an unauthenticated configuration download vulnerability. This can be exploited to download the CSV DB that contains the configuration mappings information via the VMobileImportExportServlet by directly calling the vstatConfigurationDownload.php script...

Akuvox Smart Intercom/Doorphone ServicesHTTPAPI Improper Access Control Vulnerability

The Akuvox Smart Intercom/Doorphone suffers from an insecure service API access control. The vulnerability in ServicesHTTPAPI endpoint allows users with "User" privileges to modify API access settings and configurations. This improper access control permits privilege escalation, enabling...

ProjectSend R1605 Unauthenticated Remote Code Execution Exploit

This Metasploit module exploits an improper authorization vulnerability in ProjectSend versions r1295 through r1605. The vulnerability allows an unauthenticated attacker to obtain remote code execution by enabling user registration, disabling the whitelist of allowed file extensions, and uploadin...

needrestart Local Privilege Escalation Vulnerability

LPEs in needrestart CVE-2024-48990, CVE-2024-48991, CVE-2024-48992, CVE-2024-10224, and CVE-2024-11003 ======================================================================== Contents ======================================================================== Summary Background CVE-2024-48990 and...

Linux 6.6 Race Condition Exploit

A security-relevant race between mremap and THP code has been discovered. Reaching the buggy code typically requires the ability to create unprivileged namespaces. The bug leads to installing physical address 0 as a page table, which is likely exploitable in several ways: For example, triggering...

Korenix JetPort 5601 1.2 Path Traversal Vulnerability

------------------------------------------------------------------------------- title| Path Traversal product| Korenix JetPort 5601 vulnerable version| 1.2 fixed version| - CVE number| CVE-2024-11303 impact| High homepage| https://www.korenix.com/ found| 2024-05-24 by| P. Oberndorfer, B. Tösch, M...

CUPS IPP Attributes LAN Remote Code Execution Exploit

This Metasploit module exploits vulnerabilities in OpenPrinting CUPS, which is running by default on most Linux distributions. The vulnerabilities allow an attacker on the LAN to advertise a malicious printer that triggers remote code execution when a victim sends a print job to the malicious...

Ivanti EPM Agent Portal Command Execution Exploit

This Metasploit module leverages an unauthenticated remote command execution vulnerability in Ivanti's EPM Agent Portal where an RPC client can invoke a method which will run an attacker-specified string on the remote target as NT AUTHORITY\SYSTEM. This vulnerability is present in versions prior ...

Judge0 Sandbox Escape Exploit

Judge0 does not account for symlinks placed inside the sandbox directory, which can be leveraged by an attacker to write to arbitrary files and gain code execution outside of the sandbox. This module requires Metasploit: https://metasploit.com/download Current source:...

Pyload Remote Code Execution Exploit

CVE-2024-28397 is a sandbox escape in js2py versions 0.74 and below. js2py is a popular python package that can evaluate javascript code inside a python interpreter. The vulnerability allows for an attacker to obtain a reference to a python object in the js2py environment enabling them to escape...

SOPlanning 1.52.01 (Simple Online Planning Tool) - Remote Code Execution (Authenticated) Exploit

Exploit Title: SOPlanning 1.52.01 Simple Online Planning Tool - Remote Code Execution RCE Authenticated Date: 6th October, 2024 Exploit Author: Ardayfio Samuel Nii Aryee Version: 1.52.01 Tested on: Ubuntu import argparse import requests import random import string import urllib.parse def...

Palo Alto Expedition 1.2.91 Remote Code Execution Exploit

This Metasploit module lets you obtain remote code execution in Palo Alto Expedition versions 1.2.91 and below. The first vulnerability, CVE-2024-5910, allows to reset the password of the admin user, and the second vulnerability, CVE-2024-9464, is an authenticated OS command injection. In a defau...

Siemens Energy Omnivise T3000 8.2 SP3 Privilege Escalation / File Download Vulnerabilities

Siemens Energy Omnivise T3000 version 8.2 SP3 suffers from local privilege escalation, cleartext storage of passwords in configuration and log files, file system access allowing for arbitrary file download, and IP whitelist bypass...

CyberPanel upgrademysqlstatus Arbitrary Command Execution Exploit

Proof of concept remote command execution exploit for CyberPanel versions prior to 5b08cd6. import httpx import sys def getCSRFtokenclient: resp = client.get"/" return resp.cookies'csrftoken' def pwnclient, CSRFtoken, cmd: headers = "X-CSRFToken": CSRFtoken, "Content-Type":"application/json",...

WordPress Meetup 0.1 Authentication Bypass Vulnerability

CVE-2024-50483 Meetup = 0.1 - Authentication Bypass via Account Takeover Description: The Meetup plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 0.1. This is due to the plugin not properly verifying a user's identity prior to authenticating them v...

SQLite3 generate_series Stack Buffer Underflow Vulnerability

SQLite3 suffers from a stack buffer underflow condition in seriesBestIndex in the generateseries extension. Vulnerability details static int seriesBestIndex sqlite3vtab pVTab, sqlite3indexinfo pIdxInfo int i, j; / Loop over constraints / int idxNum = 0; / The query plan bitmask / ifndef...

SmartAgent 1.1.0 Remote Code Execution Vulnerability

Exploit Title: SmartAgent v1.1.0 - Unauthenticated Remote Code Execution Exploit Author: Alter Prime Vendor Homepage: https://smarts-srlcom.com/, https://smartagent.com Version: Build v1.1.0 Tested on: Kali Linux An unauthenticated user can access a php script called...

SmartAgent 1.1.0 Server-Side Request Forgery Vulnerability

Exploit Title: SmartAgent v1.1.0 - Server-Side Request Forgery SSRF Exploit Author: Alter Prime Vendor Homepage: https://smarts-srlcom.com/, https://smartagent.com Version: Build v1.1.0 Tested on: Kali Linux An unauthenticated user can trigger the web server to perform web requests to the localho...

ABB Cylon Aspect 3.08.00 Off-By-One Vulnerability

A vulnerability was identified in a ABB Cylon Aspect version 3.08.00 where an off-by-one error in array access could lead to undefined behavior and potential denial of service. The issue arises in a loop that iterates over an array using a less than or equals to condition, allowing access to an...

SmartAgent 1.1.0 SQL Injection Vulnerability

Exploit Title: SmartAgent v1.1.0 - Unauthenticated SQL Injection SQLi Exploit Author: Alter Prime Vendor Homepage: https://smarts-srlcom.com/, https://smartagent.com Version: Build v1.1.0 Tested on: Kali Linux An unauthenticated user can inject SQL queries through a POST request to the vulnerable...

ABB Cylon Aspect 3.08.01 File Upload MD5 Checksum Bypass Vulnerability

ABB Cylon Aspect version 3.08.01 has a vulnerability in caldavInstall.php, caldavInstallAgendav.php, and caldavUpload.php files, where the presence of an EXPERTMODE parameter activates a badassMode feature. This mode allows an unauthenticated attacker to bypass MD5 checksum validation during file...

ABB Cylon Aspect 3.08.01 jsonProxy.php Unauthenticated Project Download Vulnerability

ABB Cylon Aspect version 3.08.01 is vulnerable to an unauthorized project file disclosure in jsonProxy.php. An unauthenticated remote attacker can issue a GET request abusing the DownloadProject servlet to download sensitive project files. The jsonProxy.php script bypasses authentication by...

ABB Cylon Aspect 3.08.01 jsonProxy.php Username Enumeration Vulnerability

ABB Cylon Aspect version 3.08.01 is vulnerable to username enumeration in the jsonProxy.php endpoint. An unauthenticated attacker can interact with the UserManager servlet to enumerate valid usernames on the system. Since jsonProxy.php proxies requests to internal services without requiring...

WordPress WP-Automatic SQL Injection Exploit

This Metasploit module exploits an unauthenticated SQL injection vulnerability in the WordPress wp-automatic plugin versions prior to 3.92.1 to achieve remote code execution. The vulnerability allows the attacker to inject and execute arbitrary SQL commands, which can be used to create a maliciou...