GetSimple CMS My SMTP Contact Plugin 1.1.2 – CSRF to Stored XSS to RCE 1 min read Exploit/Advisories Vulnerabilties GetSimple CMS My SMTP Contact Plugin 1.1.2 – CSRF to Stored XSS to RCE admin April 23, 2021 # Exploit Title: GetSimple CMS My SMTP Contact Plugin 1.1.2 - CSRF to Stored XSS to RCE...Read More
Moodle 3.10.3 – ‘url’ Persistent Cross Site Scripting 1 min read Exploit/Advisories Vulnerabilties Moodle 3.10.3 – ‘url’ Persistent Cross Site Scripting admin April 23, 2021 # Exploit Title: Moodle 3.10.3 - 'url' Persistent Cross Site Scripting # Date: 22/04/2021 # Exploit Author:...Read More
CMS Made Simple 2.2.15 – ‘title’ Cross-Site Scripting (XSS) 1 min read Exploit/Advisories Vulnerabilties CMS Made Simple 2.2.15 – ‘title’ Cross-Site Scripting (XSS) admin April 23, 2021 # Exploit Title: CMS Made Simple 2.2.15 - 'title' Cross-Site Scripting (XSS) # Date: 2021/03/19 # Exploit...Read More
OTRS 6.0.1 – Remote Command Execution (2) 1 min read Exploit/Advisories Vulnerabilties OTRS 6.0.1 – Remote Command Execution (2) admin April 23, 2021 # Exploit Title: OTRS 6.0.1 - Remote Command Execution (2) # Date: 21-04-2021 # Exploit Author: Hex_26...Read More
BlackCat CMS 1.3.6 – ‘Multiple’ Stored Cross-Site Scripting (XSS) 1 min read Exploit/Advisories Vulnerabilties BlackCat CMS 1.3.6 – ‘Multiple’ Stored Cross-Site Scripting (XSS) admin April 21, 2021 # Exploit Title: BlackCat CMS 1.3.6 - 'Multiple' Stored Cross-Site Scripting (XSS) # Date: 04/07/2021 # Exploit...Read More
Discourse 2.7.0 – Rate Limit Bypass leads to 2FA Bypass 1 min read Exploit/Advisories Vulnerabilties Discourse 2.7.0 – Rate Limit Bypass leads to 2FA Bypass admin April 21, 2021 # Exploit Title: Discourse 2.7.0 - Rate Limit Bypass leads to 2FA Bypass # Date: 14/01/2021 #...Read More
WordPress Plugin RSS for Yandex Turbo 1.29 – Stored Cross-Site Scripting (XSS) 1 min read Exploit/Advisories Vulnerabilties WordPress Plugin RSS for Yandex Turbo 1.29 – Stored Cross-Site Scripting (XSS) admin April 21, 2021 # Exploit Title: WordPress Plugin RSS for Yandex Turbo 1.29 - Stored Cross-Site Scripting (XSS) # Date:...Read More
Fast PHP Chat 1.3 – ‘my_item_search’ SQL Injection 2 min read Exploit/Advisories Vulnerabilties Fast PHP Chat 1.3 – ‘my_item_search’ SQL Injection admin April 21, 2021 # Exploit Title: Fast PHP Chat 1.3 - 'my_item_search' SQL Injection # Date: 15/04/2021 # Exploit Author:...Read More
RemoteClinic 2 – ‘Multiple’ Cross-Site Scripting (XSS) 2 min read Exploit/Advisories Vulnerabilties RemoteClinic 2 – ‘Multiple’ Cross-Site Scripting (XSS) admin April 21, 2021 # Exploit Title: RemoteClinic 2 - 'Multiple' Cross-Site Scripting (XSS) # Exploit Author: nu11secur1ty # Debug: g3ck0dr1v3r...Read More
Horde Groupware Webmail 5.2.22 – Stored XSS 5 min read Exploit/Advisories Vulnerabilties Horde Groupware Webmail 5.2.22 – Stored XSS admin April 17, 2021 [*] [*]# Exploit Title: Horde Groupware Webmail 5.2.22 - Stored XSS # Author: Alex Birnberg # Testing...Read More
htmly 2.8.0 – ‘description’ Stored Cross-Site Scripting (XSS) 2 min read Exploit/Advisories Vulnerabilties htmly 2.8.0 – ‘description’ Stored Cross-Site Scripting (XSS) admin April 17, 2021 # Exploit Title: htmly 2.8.0 - 'description' Stored Cross-Site Scripting (XSS) # Authors: @nu11secur1ty & G.Dzhankushev #...Read More
Tileserver-gl 3.0.0 – ‘key’ Reflected Cross-Site Scripting (XSS) 1 min read Exploit/Advisories Vulnerabilties Tileserver-gl 3.0.0 – ‘key’ Reflected Cross-Site Scripting (XSS) admin April 17, 2021 # Exploit Title: Tileserver-gl 3.0.0 - 'key' Reflected Cross-Site Scripting (XSS) # Date: 15/04/2021 # Exploit Author:...Read More
GetSimple CMS My SMTP Contact Plugin 1.1.1 – CSRF to RCE 5 min read Exploit/Advisories Vulnerabilties GetSimple CMS My SMTP Contact Plugin 1.1.1 – CSRF to RCE admin April 17, 2021 # Exploit Title: GetSimple CMS My SMTP Contact Plugin 1.1.1 - CSRF to RCE # Exploit Author:...Read More
jQuery 1.0.3 – Cross-Site Scripting (XSS) 1 min read Exploit/Advisories Vulnerabilties jQuery 1.0.3 – Cross-Site Scripting (XSS) admin April 14, 2021 # Exploit Title: jQuery 1.0.3 - Cross-Site Scripting (XSS) # Date: 04/29/2020 # Exploit Author: Central InfoSec...Read More
Genexis PLATINUM 4410 2.1 P4410-V2-1.28 – RCE 1 min read Exploit/Advisories Vulnerabilties Genexis PLATINUM 4410 2.1 P4410-V2-1.28 – RCE admin April 14, 2021 # Exploit Title: Genexis PLATINUM 4410 2.1 P4410-V2-1.28 - RCE # Date: 12-4-2021 # Exploit Author: Jay...Read More
CITSmart ITSM 9.1.2.27 – ‘query’ Time-based Blind SQL Injection (Authenticated) 1 min read Exploit/Advisories Vulnerabilties CITSmart ITSM 9.1.2.27 – ‘query’ Time-based Blind SQL Injection (Authenticated) admin April 14, 2021 # Exploit Title: CITSmart ITSM 9.1.2.27 - 'query' Time-based Blind SQL Injection (Authenticated) # Google Dork: "citsmart.local"...Read More
CITSmart ITSM 9.1.2.22 – LDAP Injection 1 min read Exploit/Advisories Vulnerabilties CITSmart ITSM 9.1.2.22 – LDAP Injection admin April 14, 2021 # Exploit Title: CITSmart ITSM 9.1.2.22 - LDAP Injection # Google Dork: "citsmart.local" # Date: 29/12/2020 #...Read More
jQuery 1.2 – Cross-Site Scripting (XSS) 1 min read Exploit/Advisories Vulnerabilties jQuery 1.2 – Cross-Site Scripting (XSS) admin April 14, 2021 # Exploit Title: jQuery 1.2 - Cross-Site Scripting (XSS) # Date: 04/29/2020 # Exploit Author: Central InfoSec...Read More
Digital Crime Report Management System 1.0 – SQL Injection (Authentication Bypass) 2 min read Exploit/Advisories Vulnerabilties Digital Crime Report Management System 1.0 – SQL Injection (Authentication Bypass) admin April 14, 2021 # Exploit Title: Digital Crime Report Management System 1.0 - SQL Injection (Authentication Bypass) # Date: 13...Read More
ExpressVPN VPN Router 1.0 – Router Login Panel’s Integer Overflow 2 min read Exploit/Advisories Vulnerabilties ExpressVPN VPN Router 1.0 – Router Login Panel’s Integer Overflow admin April 13, 2021 # Exploit Title: ExpressVPN VPN Router 1.0 - Router Login Panel's Integer Overflow # Date: 09-04-2021 #...Read More