Exploits & CVE's

Authored by ThienNV, g0ldm45k PHPFusion version 9.03.50 suffers from a remote code execution vulnerability. advisories | CVE-2020-24949 Change Mirror Download # Exploit Title: PHPFusion 9.03.50 - Remote Code Execution# Date: 20/05/2021# Exploit Author:...

Authored by Ron Jost Trixbox version 2.8.0.4 has path traversal via the xajaxargs array parameter to /maint/index.php?packages or the lang parameter to /maint/modules/home/index.php. advisories | CVE-2017-14537 Change Mirror Download # Exploit Title: Trixbox...

Authored by Ron Jost Trixbox version 2.8.0.4 has an OS command injection vulnerability that can be leveraged via shell metacharacters in the lang parameter to /maint/modules/home/index.php. advisories | CVE-2017-14535 Change Mirror Download #...

Authored by Debshubra Chakraborty Postbird version 0.8.4 suffers from a javascript injection vulnerability that allows for cross site scripting and local file inclusion. advisories | CVE-2021-33570 Change Mirror Download # Exploit Title: Postbird...

Authored by Google Security Research, natashenka The QImage class can read out-of-bounds when reading a specially-crafted PNG file, where a tag byte offset goes out of bounds. This could potentially...

Authored by nu11secur1ty Pandora FMS version 6.0SP3 suffers from a cross site scripting vulnerability. advisories | CVE-2021-0527 Change Mirror Download # Exploit Title: XSS vulnerability for (keywords) searching parameter inpandorafms-6.0SP3/pandora_console# Author: @nu11secur1ty# Testing...

Authored by Jim Becher | Site korelogic.com Three API endpoints for the IoT Controller are accessible without authentication. Two of the endpoints result in information leakage and consumption of computing/storage...

Authored by Jim Becher | Site korelogic.com API keys for CommScope Ruckus are included in the IoT Controller OVA image, and are exposed to attackers who mount the filesystem. advisories |...

Authored by Vinay H C Gadget Works Online Ordering System version 1.0 suffers from a persistent cross site scripting vulnerability. Change Mirror Download # Exploit Title: Gadget Works Online Ordering System 1.0...

Authored by Mesut Cetin WordPress Cookie Law Bar plugin version 1.2.1 suffers from a persistent cross site scripting vulnerability. Change Mirror Download # Exploit Title: WordPress Plugin Cookie Law Bar 1.2.1 -...