exploit the possibilities

Register | Login

FilesNewsUsersAuthors

Home Files News Services About Contact Add New

Showing 1 - 18 of 18

Files Date: 2020-12-11

OpenAsset Digital Asset Management SQL Injection

Posted Dec 11, 2020

Authored by Jack Misiura

OpenAsset Digital Asset Management suffers from an authenticated blind remote SQL injection vulnerability.

tags | exploit, remote, sql injection

advisories | CVE-2020-28860

SHA-256 | 895921eb0a53976c8b5da677f784a32391efcbd1cc80d796ef72378efa54580a

Download | Favorite | View

OpenAsset Digital Asset Management Cross Site Request Forgery

Posted Dec 11, 2020

Authored by Jack Misiura

OpenAsset Digital Asset Management suffers from a cross site request forgery vulnerability.

tags | exploit, csrf

advisories | CVE-2020-28858

SHA-256 | 078180c0088a10bb5564b3436104fdcc80f9d53548b5cf7063cb5edac1d63305

Download | Favorite | View

OpenAsset Digital Asset Management Insecure Direct Object Reference

Posted Dec 11, 2020

Authored by Jack Misiura

OpenAsset Digital Asset Management was found to provide several endpoints which allowed for unauthenticated data retrieval in a CSV format. Vulnerable versions include 12.0.19 (Cloud) and 11.2.1 (On-premise).

tags | exploit

advisories | CVE-2020-28861

SHA-256 | a0acbb09078931bf9f089e891b334d18ce2ebf45b68c44d5c001bc986f5e04b9

Download | Favorite | View

Advanced Component System (ACS) 1.0 Path Traversal

Posted Dec 11, 2020

Authored by Francisco Javier Santiago Vazquez

Advanced Component System (ACS) version 1.0 suffers from a path traversal vulnerability.

tags | exploit, file inclusion

SHA-256 | 643713537d4e5a942c72e49449790b5a7445873f36295831510b9a872e94a886

Download | Favorite | View

OpenAsset Digital Asset Management Cross Site Scripting

Posted Dec 11, 2020

Authored by Jack Misiura

The OpenAsset Digital Asset Management web application suffers from multiple reflected and persistent cross site scripting vulnerabilities. Vulnerable versions include 12.0.19 (Cloud) and 11.2.1 (On-premise).

tags | exploit, web, vulnerability, xss

advisories | CVE-2020-28857, CVE-2020-28859

SHA-256 | f23463f784d061541c79ecdec79a17114bfcaa396f5627dde1e0c79a90a2ae45

Download | Favorite | View

Onilne Bus Booking System Project 1.0 Cross Site Scripting

Posted Dec 11, 2020

Authored by Krishna Yadav

Online Bus Booking System Project using PHP MySQL version 1.0 suffers from a persistent cross site scripting vulnerability.

tags | exploit, php, xss

SHA-256 | a9d3e14b3988aec61f8fb2be72fc500e476e74698104b20990c77dd79fbe57e3

Download | Favorite | View

OpenAsset Digital Asset Management IP Access Control Bypass

Posted Dec 11, 2020

Authored by Jack Misiura

The OpenAsset Digital Asset Management web application allowed for spoofing of IP addresses by using X-Forwarded-For header. By default, the web application would allow all traffic in for 127.0.0.1, in order to prevent users from accidentally blocking themselves. Vulnerable versions include 12.0.19 (Cloud) and 11.2.1 (On-premise).

tags | exploit, web, spoof, bypass

advisories | CVE-2020-28856

SHA-256 | ad00d431157ae8f7dd34f7235a000e058a087a21a50442a4aad8f2801e7fdb27

Download | Favorite | View

WordPress DirectoriesPro 1.3.45 Cross Site Scripting

Posted Dec 11, 2020

Authored by Jack Misiura

WordPress DirectoriesPro plugin version 1.3.45 suffers from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss

advisories | CVE-2020-29303, CVE-2020-29304

SHA-256 | 6aa12eb5e2a30f4c4d114b32f8b866bc1a6a86a0191f2dd3043d5c986c598b92

Download | Favorite | View

Aerospike Database UDF Lua Code Execution

Posted Dec 11, 2020

Authored by Brendan Coles, b4ny4n | Site metasploit.com

Aerospike Database versions before 5.1.0.3 permitted user-defined functions (UDF) to call the os.execute Lua function. This Metasploit module creates a UDF utilizing this function to execute arbitrary operating system commands with the privileges of the user running the Aerospike service. This module does not support authentication; however Aerospike Database Community Edition does not enable authentication by default. This module has been tested successfully on Ubuntu with Aerospike Database Community Edition versions 4.9.0.5, 4.9.0.11 and 5.0.0.10.

tags | exploit, arbitrary

systems | linux, ubuntu

advisories | CVE-2020-13151

SHA-256 | 9da6a0d3621953b2fc4709d0b41d45d3637b5f4cbe3f23650d74e4584833bfb6

Download | Favorite | View

Ubuntu Security Notice USN-4666-2

Posted Dec 11, 2020

Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4666-2 - USN-4666-1 partially fixed a vulnerability in lxml, but an additional patch was needed. This update provides the corresponding additional patch in order to properly fix the vulnerability. It was discovered that lxml incorrectly handled certain HTML. An attacker could possibly use this issue to cross-site scripting attacks.

tags | advisory, xss

systems | linux, ubuntu

advisories | CVE-2020-27783

SHA-256 | ac4ca768b5ce952dba394cc6b1930615a99b670e0cb573d027161391c298c8cb

Download | Favorite | View

Rukovoditel 2.6.1 Shell Upload / Local File Inclusion

Posted Dec 11, 2020

Authored by coiffeur

Rukovoditel version 2.6.1 remote code execution exploit that leverages shell upload and local file inclusion vulnerabilities.

tags | exploit, remote, shell, local, vulnerability, code execution, file inclusion

SHA-256 | 975b7ba7dfc1c500ea9e23d90655a5643b1a793677defc9ec265442ecab49fce

Download | Favorite | View

Dolibarr 12.0.3 SQL Injection / Remote Code Execution

Posted Dec 11, 2020

Authored by coiffeur

Dolibarr version 12.0.3 remote SQL injection exploit that achieves remote code execution.

tags | exploit, remote, code execution, sql injection

SHA-256 | 752f6eae60abdb96ea2bf446f22afe9d2446db44df565231549fcd6896d20f74

Download | Favorite | View

Courier Management System 1.0 Cross Site Scripting

Posted Dec 11, 2020

Authored by Zhaiyi

Courier Management System version 1.0 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss

SHA-256 | 6e82f51cfebbd09c7ab16d5d4779e36ed7b58d1333a53e941f76b5d266779140

Download | Favorite | View

Courier Management System 1.0 SQL Injection

Posted Dec 11, 2020

Authored by Zhaiyi

Courier Management System version 1.0 suffers from multiple remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection

SHA-256 | c396f1c7ce034b15838b2aeaadb4359a9a46fc66ad4d19d8891399724a42c558

Download | Favorite | View

Medical Center Portal Management System 1.0 Cross Site Scripting

Posted Dec 11, 2020

Authored by Saeed Bala Ahmed

Medical Center Portal Management System version 1.0 suffers from multiple persistent cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss

SHA-256 | 70b7b5cc626d81d1fcc8e61c09febd776cff99c946493c5b6fef02ff093dec14

Download | Favorite | View

Jenkins 2.235.3 Cross Site Scripting

Posted Dec 11, 2020

Authored by gx1

Jenkins version 2.235.3 suffers from multiple persistent cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss

advisories | CVE-2020-2229, CVE-2020-2230

SHA-256 | 5ae48804e53b05b0959fb9da096cca0880a8cea84800e7c45b02f24e07a2393d

Download | Favorite | View

Supply Chain Management System SQL Injection

Posted Dec 11, 2020

Authored by Piyush Malviya

Supply Chain Management System suffers from a remote SQL injection vulnerability that allows for authentication bypass.

tags | exploit, remote, sql injection

SHA-256 | 6d5c4d8bdba37bc621af538a7b3cfaacea9de80efe3bb59e082ef15edfdf0a1b

Download | Favorite | View

Ubuntu Security Notice USN-4669-1

Posted Dec 11, 2020

Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4669-1 - It was discovered that a cross-site scripting vulnerability in SquirrelMail allows remote attackers to use malicious script content from HTML e-mail to execute code and/or provoke a denial of service.

tags | advisory, remote, denial of service, xss

systems | linux, ubuntu

advisories | CVE-2019-12970

SHA-256 | ec56d0c884f8baad912f6d3ab6c4ea8f85e06797d750de40278239eb4fcd0009

Download | Favorite | View