WordPress Shield Security plugin versions 20.0.5 and below cross site scripting exploit that adds an administrative user.
705e2276f9150db10c6e5b1e68e86831e4cde8ecf32c63988f9cecbbcc2e80d0Build Your Own Botnet (BYOB) version 2.0.0 exploit that works by spoofing an agent callback to overwrite the sqlite database and bypass authentication and exploiting an authenticated command injection in the payload builder page.
1a82566a9936be9ad74813ab1ab487efa90c117fb11b2d1dcb2897c0a8093afeInsurance version 1.2 suffers from an ignored default credential vulnerability.
6c9cae927874e9bb8f72a2161ca3b5dd9f0c9e51e35775faf16093ac8dd4bce4Human Resource Management System 2024 version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
3800f1816111f1edbb9091c2250c05c9601784c51aa09742476281c2862e85c3Hotel Management System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
2536c30b03f92e1a431ba68657f0b804165f343b2b4f604f1211f7bfc5be9a1aHotel Booking System version 1.0 suffers from a remote shell upload vulnerability.
30e109a72aa50be38d3b11de95969eede34fe16c3710c319c4bd7d3b9aaf5378Home Owners Collection Management System version 1.0 suffers from an ignored default credential vulnerability.
94fb8d8c82f8132953cb67c97a9b682c8e63a436a475a575173b89ddf54daa9fGiftora version 1.0 suffers from a cross site scripting vulnerability.
571b1691f68912443e4375f4b2eeed71940910d33468d76246e2f0a264a6ff84Bhojon Restaurant Management System version 3.0 suffers from an insecure direct object reference vulnerability.
98c12c7a5556d4399b71f053e8f21eaf5c59e49e15d4bf7f6b1980de56fec3c2LG Simple Editor versions 3.21.0 and below suffer from an unauthenticated command injection vulnerability. The vulnerability can be exploited by a remote attacker to inject arbitrary operating system commands which will get executed in the context of NT AUTHORITY\SYSTEM.
1545a24bd538b0cf083c22f759cc58d69ea50fc039903cf220c2e8a20cefba46This Metasploit module exploits OpenMetadata versions 1.2.3 and below by chaining an API authentication bypass using JWT tokens along with a SpEL injection vulnerability to achieve arbitrary command execution.
713b618c2038aeb7f9469836947b05f8ccdf1cf0b8060c24f46869e85e9e93cdThis Metasploit module exploits CVE-2024-27348, a remote code execution vulnerability that exists in Apache HugeGraph Server in versions before 1.3.0. An attacker can bypass the sandbox restrictions and achieve remote code execution through Gremlin, resulting in complete control over the server.
b97d3ebb5977b249d01dc6eda8963e68e3e2fb294c007a301ee0a7f467c4e02dFeberr version 13.4 suffers from an ignored default credential vulnerability.
2e393c441ce609493774dac1c3e5f681c5ce98d1b3702bb114041fdb03335768Farmacia Gama version 1.0 suffers from a cross site scripting vulnerability.
2caf36ad25ddb5e5fcd4a26fd8ac2e62e0dee3d76fbd95e698130d2b8730632eEcommerce version 1.15 suffers from an ignored default credential vulnerability.
58fa74be204710f788c9686f571d322e9e021b828a468d977d0fd4a321e926aaCovid-19 Contact Tracing System version 1.0 suffers from a cross site scripting vulnerability.
daa17a59d2ea2f605f71d11b3ba6860a33f90c5ea08d666ce8a3af42e59af5faCar Rental Management System version 1.0 suffers from a cross site scripting vulnerability.
5fa10fefdc9cde30dce20a655fe24cebef24d4c036fcbee0b4bb1c708bc895edBloodBank version 1.1 suffers from an ignored default credential vulnerability.
e7484cc3dee661f45c55f97b4e23233108b80b1c4fe04adf3e05b62052052b97Bhojon Restaurant Management System version 2.9 suffers from an ignored default credential vulnerability.
d6e06dde4900dda1d73c9d43d3fd7bdc675753e54128cdc173c7bd195c2bae96FlatPress version 1.3.1 suffers from a path traversal vulnerability.
93132facf1686cadc1ae8f70b92c43ad1314fd717d542ca0f3d2460a2af23e80In K7 Ultimate Security versions prior to 17.0.2019, the driver file (K7RKScan.sys - this version 15.1.0.7) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of a null pointer dereference from IOCtl 0x222010 and 0x222014. At the same time, the drive is accessible to all users in the "Everyone" group.
bfb4ecddc23a05440389081ce78b782dbf92b391de062ebc99d6641e95cdaa89CVE-2024-6768 is a vulnerability in the Common Log File System (CLFS.sys) driver of Windows, caused by improper validation of specified quantities in input data. This flaw leads to an unrecoverable inconsistency, triggering the KeBugCheckEx function and resulting in a Blue Screen of Death (BSoD). The issue affects all versions of Windows 10 and Windows 11, Windows Server 2016, Server 2019 and Server 2022 despite having all updates applied. This Proof of Concept (PoC) shows that by crafting specific values within a .BLF file, an unprivileged user can induce a system crash.
0ec1d82e1e6a31fe57b2e6f518e950e98281a0c7e322246a6ffaddcc34e5296aKortex version 1.0 suffers from an insecure direct object reference vulnerability.
b5387d8bfce8e3033d7413641e3e9b7894ff5bafea17fd748b642abf24fa1ae8Job Castle version 1.0 suffers from an arbitrary file upload vulnerability.
f14162d4a77d52793d3dc53ca757b4ad8ff9f17c72b6660e345b95221d53f069Hotel Management System version 1.0 suffers from an arbitrary file upload vulnerability.
819229d02bda3fa9cbbbd2bfee66fb703e22843e42837d98eb5585d72f9f8570
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed