TX Text Control .NET Server For ASP.NET Arbitrary File Read / Write
Authored by Filip Palian
TX Text Control .NET Server For ASP.NET has an issue where it was possible to change the configured system path for reading and writing files in...
WSO2 4.0.0 / 4.1.0 / 4.2.0 Shell Upload
Site github.com
WS02 versions 4.0.0, 4.1.0, and 4.2.0 are susceptible to remote code execution via an arbitrary file upload vulnerability.
HASOMED Elefant / Elefant Software Updater Data Exposure / Privilege Escalation
Authored by Daniel Hirschberger, Florian Stuhlmann | Site sec-consult.com
HASOMED Elefant versions prior to 24.04.00 and Elefant Software Updater versions prior to 1.4.2.1811 suffer from having an unprotected exposed firebird...
CyberPanel upgrademysqlstatus Arbitrary Command Execution
Site github.com
Proof of concept remote command execution exploit for CyberPanel versions prior to 5b08cd6.
advisories | CVE-2024-51567
Change Mirror Download
import httpx import sys def get_CSRF_token(client): resp = client.get("/")...
WordPress Meetup 0.1 Authentication Bypass
Site github.com
WordPress Meetup plugin versions 0.1 and below suffer from an authentication bypass vulnerability.
advisories | CVE-2024-50483
Change Mirror Download
# CVE-2024-50483Meetup <= 0.1 - Authentication Bypass via Account Takeover# Description:The Meetup...
Sysax Multi Server 6.99 Cross Site Scripting
Authored by Yehia Elghaly
Sysax Multi Server version 6.9.9 suffers from a cross site scripting vulnerability.
Change Mirror Download
# Exploit Title: Sysax Multi Server 6.99 - Reflected XSS# Date: 2024-11-03# Exploit...
Sysax Multi Server 6.99 SSH Denial Of Service
Authored by Yehia Elghaly
Sysax Multi Server version 6.9.9 suffers from an SSH related denial of service vulnerability.
Change Mirror Download
# Exploit Title: Sysax Multi Server 6.99 - SSH Denial of...
ABB Cylon Aspect 3.08.00 Off-By-One
Authored by LiquidWorm | Site zeroscience.mk
A vulnerability was identified in a ABB Cylon Aspect version 3.08.00 where an off-by-one error in array access could lead to undefined behavior and...
TestRail CLI FieldsParser eval Injection
Change Mirror Download
This is not a very exciting vulnerability, but I had already publicly disclosedit on GitHub at the request of the vendor. Since that report has disappeared,the link...
Ping Identity PingIDM 7.5.0 Query Filter Injection
Authored by Miguel García Martín, Ksandros Apostoli | Site sec-consult.com
Ping Identity PingIDM versions 7.0.0 through 7.5.0 enabled an attacker with read access to the User collection, to abuse API...
