Daily Expenses Management System 1.0 – ‘item’ SQL Injection
August 7th, 2020 📆 | 7740 Views ⚑
# Exploit Title: Daily Expenses Management System 1.0 - 'item' SQL Injection # Date: 2020-08-05 # Exploit Author: Edo Maland
Browsing the "webapps" Tag
Tagged with: daily • expenses • injection • Item • management • php • SQL • system • webapps
All-Dynamics Digital Signage System 2.0.2 – Cross-Site Request Forgery (Add Admin)
August 7th, 2020 📆 | 8619 Views ⚑
# Exploit Title: All-Dynamics Digital Signage System 2.0.2 - Cross-Site Request Forgery (Add Admin) # Discovery by: LiquidWorm # Discovery
Tagged with: Add • admin • AllDynamics • cross • CrossSite • digital • dynamics • forgery • hardware • request • signage • system • webapps
Victor CMS 1.0 – ‘Search’ SQL Injection
August 7th, 2020 📆 | 8476 Views ⚑
# Exploit Title: Victor CMS 1.0 - 'Search' SQL Injection # Date: 2020-08-04 # Exploit Author: Edo Maland # Vendor
Tagged with: cms • injection • php • search • SQL • victor • webapps
Daily Expenses Management System 1.0 – ‘username’ SQL Injection
August 6th, 2020 📆 | 4433 Views ⚑
*] *]# Exploit Title: Daily Expenses Management System 1.0 - 'username' SQL Injection # Exploit Author: Daniel Ortiz # Date:
Tagged with: daily • expenses • injection • management • php • SQL • system • username • webapps
Pi-hole 4.3.2 – Remote Code Execution (Authenticated)
August 6th, 2020 📆 | 6790 Views ⚑
#!/usr/bin/env python2 # Exploit Title: Pi-hole 4.3.2 - Remote Code Execution (Authenticated) # Date: 2020-08-04 # Exploit Author: Luis Vacas
Tagged with: authenticated • code • CVE-2020-8816 • execution • Pihole • python • remote • webapps
Stock Management System 1.0 – Authentication Bypass
August 6th, 2020 📆 | 2462 Views ⚑
# Exploit Title: Stock Management System 1.0 - Authentication Bypass # Exploit Author: Adeeb Shah (@hyd3sec) # Date: August 1,
Tagged with: authentication • bypass • management • php • stock • system • webapps
LibreHealth 2.0.0 – Authenticated Remote Code Execution
August 1st, 2020 📆 | 8037 Views ⚑
# Exploit Title: LibreHealth 2.0.0 - Authenticated Remote Code Execution # Exploit Author: Bobby Cooke # Date: 2020-07-17 # Vendor
Tagged with: authenticated • code • execution • librehealth • php • remote • webapps
Cisco Adaptive Security Appliance Software 9.11 – Local File Inclusion
July 31st, 2020 📆 | 7578 Views ⚑
# Exploit Title: Cisco Adaptive Security Appliance Software 9.11 - Local File Inclusion # Google Dork: inurl:/+CSCOE+/ # Date: 2020-08-27
Tagged with: adaptive • appliance • cisco • CVE-2020-3452 • File • hardware • inclusion • local • security • software • webapps
Cisco Adaptive Security Appliance Software 9.7 – Unauthenticated Arbitrary File Deletion
July 31st, 2020 📆 | 3564 Views ⚑
# Exploit Title: Cisco Adaptive Security Appliance Software 9.7 - Unauthenticated Arbitrary File Deletion # Google Dork: inurl:/+CSCOE+/ # Date:
Tagged with: adaptive • appliance • arbitrary • cisco • CVE-2020-3187 • deletion • File • hardware • security • software • unauthenticated • webapps
Online Shopping Alphaware 1.0 – Authentication Bypass
July 31st, 2020 📆 | 2153 Views ⚑
# Title: Online Shopping Alphaware 1.0 - Authentication Bypass # Exploit Author: Ahmed Abbas # Date: 2020-07-28 # Vendor Homepage:
Tagged with: alphaware • authentication • bypass • online • php • shopping • webapps
WordPress Plugin Maintenance Mode by SeedProd 5.1.1 – Persistent Cross-Site Scripting
July 30th, 2020 📆 | 6099 Views ⚑
# Exploit Title: WordPress Plugin Maintenance Mode by SeedProd 5.1.1 - Persistent Cross-Site Scripting # Date: 2020-06-22 # Vendor Homepage:
Tagged with: cross • CrossSite • CVE-2020-15038 • maintenance • Mode • persistent • php • plugin • scripting • seedprod • webapps • wordpress
eGroupWare 1.14 – ‘spellchecker.php’ Remote Command Execution
July 27th, 2020 📆 | 7289 Views ⚑
# Exploit Title: eGroupWare 1.14 - 'spellchecker.php' Remote Command Execution # Date: 2020-07-27 # Exploit Author: Berk KIRAS # Vendor
Tagged with: command • egroupware • execution • php • remote • spellchecker • spellcheckerphp • webapps
GOautodial 4.0 – Persistent Cross-Site Scripting (Authenticated)
July 27th, 2020 📆 | 4025 Views ⚑
# Exploit Title: GOautodial 4.0 - Persistent Cross-Site Scripting (Authenticated) # Author: Balzabu # Discovery Date: 2020-07-23 # Vendor Homepage:
Tagged with: authenticated • cross • CrossSite • goautodial • persistent • php • scripting • webapps
Online Course Registration 1.0 – Unauthenticated Remote Code Execution
July 27th, 2020 📆 | 5090 Views ⚑
# Exploit Title: Online Course Registration 1.0 - Unauthenticated Remote Code Execution # Exploit Author: Bobby Cooke # Credit to
Tagged with: code • course • execution • online • php • registration • remote • unauthenticated • webapps
ManageEngine Applications Manager 13 – ‘MenuHandlerServlet’ SQL Injection
July 27th, 2020 📆 | 8496 Views ⚑
*] *]# Exploit Title: ManageEngine Applications Manager 13 - 'MenuHandlerServlet' SQL Injection # Google Dork: intitle:"Applications Manager Login Screen" #
Tagged with: applications • CVE-2016-9488 • injection • Java • manageengine • manager • menuhandlerservlet • SQL • webapps
elaniin CMS – Authentication Bypass
July 27th, 2020 📆 | 3986 Views ⚑
# Exploit Title: elaniin CMS 1.0 - Authentication Bypass # Google Dork: N/A # Date: 2020-07-14 # Exploit Author: BKpatron
Tagged with: authentication • bypass • cms • elaniin • php • webapps
UBICOD Medivision Digital Signage 1.5.1 – Cross-Site Request Forgery (Add Admin)
July 27th, 2020 📆 | 2442 Views ⚑
# Title: UBICOD Medivision Digital Signage 1.5.1 - Cross-Site Request Forgery (Add Admin) # Date: 2020-07-23 # Author: LiquidWorm #
Tagged with: Add • admin • cross • CrossSite • digital • forgery • hardware • medivision • request • signage • ubicod • webapps
Koken CMS 0.22.24 – Arbitrary File Upload (Authenticated)
July 27th, 2020 📆 | 4610 Views ⚑
# Exploit Title: Koken CMS 0.22.24 - Arbitrary File Upload (Authenticated) # Date: 2020-07-15 # Exploit Author: v1n1v131r4 # Vendor
Tagged with: arbitrary • authenticated • cms • File • koken • php • upload • webapps
PandoraFMS 7.0 NG 746 – Persistent Cross-Site Scripting
July 27th, 2020 📆 | 5544 Views ⚑
# Exploit Title: PandoraFMS 7.0 NG 746 - Persistent Cross-Site Scripting # Date: 2020-07-01 # Author: AppleBois # Version: 7xx
Tagged with: cross • CrossSite • CVE-2020-11749 • pandorafms • persistent • php • scripting • webapps
Bio Star 2.8.2 – Local File Inclusion
July 27th, 2020 📆 | 6984 Views ⚑
# Exploit Title: Bio Star 2.8.2 - Local File Inclusion # Authors: SITE Team (Rian Saaty, Bashaer AlHarthy, Safeyah Alhazmi)
Tagged with: Bio • CVE-2020-15050 • File • inclusion • local • multiple • Star • webapps
WordPress Plugin Email Subscribers & Newsletters 4.2.2 – ‘hash’ SQL Injection (Unauthenticated)
July 27th, 2020 📆 | 4805 Views ⚑
# Exploit Title: WordPress Plugin Email Subscribers & Newsletters 4.2.2 - 'hash' SQL Injection (Unauthenticated) # Google Dork: "Stable tag"
Tagged with: CVE-2019-20361 • email • hash • injection • newsletters • php • plugin • SQL • subscribers • unauthenticated • webapps • wordpress
Virtual Airlines Manager 2.6.2 – Persistent Cross-Site Scripting
July 27th, 2020 📆 | 6357 Views ⚑
# Exploit Title: Virtual Airlines Manager 2.6.2 - Persistent Cross-Site Scripting # Google Dork: inurl:"/vam/index_vam_op.php" # Date: 2020-06-29 # Exploit
Tagged with: airlines • cross • CrossSite • manager • persistent • php • scripting • virtual • webapps
pfSense 2.4.4-p3 – Cross-Site Request Forgery
July 27th, 2020 📆 | 8268 Views ⚑
# Exploit Title: pfSense 2.4.4-p3 - Cross-Site Request Forgery # Date: 2019-09-27 # Exploit Author: ghost_fh # Vendor Homepage: https://www.pfsense.org/
Tagged with: 244P3 • cross • CrossSite • CVE-2019-16667 • forgery • pfsense • php • request • webapps
Socket.io-file 2.0.31 – Arbitrary File Upload
July 27th, 2020 📆 | 3306 Views ⚑
# Exploit Title: Socket.io-file 2.0.31 - Arbitrary File Upload # Date: 2020-07-02 # Exploit Author: Cr0wTom # Vendor Homepage: https://www.npmjs.com/package/socket.io-file
Tagged with: arbitrary • File • multiple • socket • Socketiofile • upload • webapps
Popular
Red Hat Security Advisory 2020-3101-01 ≈ Packet Storm July 23, 2020 -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA256==================================================================== Red Hat Security AdvisorySynopsis: Important:…
The IT Investments Federal Technology Leaders See on… July 16, 2020 Training and Data Analytics Are Seen as Key to Cybersecurity…- Sifter 8.5_2 July 23, 2020 Sifter 8.5_2 Posted Jul 23, 2020 Authored by s1l3nt78 |…
- Red Hat Security Advisory 2020-3005-01 ≈ Packet Storm July 20, 2020 -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA256==================================================================== Red Hat Security AdvisorySynopsis: Important:…
Dr. Sills: How NFL is using innovative technology to … July 28, 2020 NFL Chief Medical Officer Dr. Allen Sills joins "Good Morning…
Garmin suffers massive technology outage in a… July 25, 2020 Garmin International continues to struggle with a major technological outage…
Hackers stole GitHub and GitLab OAuth tokens from… July 27, 2020 Image: Yancy Min Waydev, an analytics platform used by software…
Members
Comments