Sunday, February 25, 2024
Home Tools Exploits & CVE's

Exploits & CVE's

Exploits Database – Exploits, Shellcode, 0days, Remote Exploits, Local Exploits, Web Apps, Vulnerability Reports, CVEs and more.

Kafka UI 0.7.1 Command Injection

0
Authored by h00die-gr3y, BobTheShopLifter, Thingstad | Site metasploit.com A command injection vulnerability exists in Kafka UI versions 0.4.0 through 0.7.1 that allows an attacker to inject and execute arbitrary shell...

WEBIGniter 28.7.23 Cross Site Scripting

0
Authored by Sagar Banwa WEBIGniter version 28.7.23 suffers from a persistent cross site scripting vulnerability. advisories | CVE-2023-46391 Change Mirror Download # Exploit Title: WEBIGniter v28.7.23 Stored Cross Site Scripting (XSS)# Exploit Author:...

ITFlow Cross Site Request Forgery

0
Authored by stehled | Site wp-pomoc.cz ITFlow versions prior to commit 432488eca3998c5be6b6b9e8f8ba01f54bc12378 suffer from a cross site request forgery vulnerability. advisories | CVE-2024-25344 Change Mirror Download # CVE: CVE-2024-25344# CWE: CWE-352# Vendor: ITFlow.org#...

Fuelflow 1.0 SQL Injection

0
Authored by nu11secur1ty Fuelflow version 1.0 suffers from a remote SQL injection vulnerability. Change Mirror Download ## Title: fuelflow-1.0-Copyright-©-2024-Project-Develop-by-Mayuri-K-Multiple-SQLi## Author: nu11secur1ty## Date: 02/21/24## Vendor: https://www.mayurik.com/## Software: https://www.mayurik.com/source-code/P3584/best-petrol-pump-management-software## Reference: https://portswigger.net/web-security/sql-injection## Description:The email parameter...

WordPress 6.4.3 Username Disclosure

0
Authored by h4shur WordPress versions 6.4.3 and below appear to suffer from a REST API related username disclosure vulnerability. Change Mirror Download # Title: wordpress 6.4.3 - Username Disclosure# Author: h4shur# date:2024-02-21#...

Ivanti Connect Secure Unauthenticated Remote Code Execution

0
Authored by sfewer-r7 | Site metasploit.com This Metasploit module chains a server side request forgery (SSRF) vulnerability (CVE-2024-21893) and a command injection vulnerability (CVE-2024-21887) to exploit vulnerable instances of either...

Yealink Configuration Encrypt Tool Static AES Key

0
Authored by Jeroen J.A.W. Hermans A single, vendorwide, hardcoded AES key in the Yealink Configuration Encrypt Tool used to encrypt provisioning documents was leaked leading to a compromise of confidentiality...

OpenOLAT 18.1.5 Cross Site Scripting / Privilege Escalation

0
Authored by Johannes Volpel, Mike Klostermaier | Site sec-consult.com OpenOLAT versions 18.1.4 and below and versions 18.1.5 and below suffer from multiple persistent cross site scripting vulnerabilities. advisories | CVE-2024-25973, CVE-2024-25974 Change...

Online Library Management System 3 Password Reset

0
Authored by SoSPiro Online Library Management System version 3 suffers from a password reset vulnerability due to a logic flaw of allowing the same email address to be set for...

SureMDM On-Premise CAPTCHA Bypass / User Enumeration

0
Authored by Jonas Benjamin Friedli SureMDM On-Premise versions prior to 6.31 suffer from CAPTCHA bypass and user enumeration vulnerabilities. advisories | CVE-2023-3897 Change Mirror Download # Exploit Title: SureMDM On-premise < 6.31 -...
Error decoding the Instagram API json