Exploits & CVE's

Authored by Jack Misiura WordPress DirectoriesPro plugin version 1.3.45 suffers from multiple cross site scripting vulnerabilities. advisories | CVE-2020-29303, CVE-2020-29304 Change Mirror Download Title: Reflected XSSProduct: WordPress DirectoriesPro Plugin by SabaiAppsVendor Homepage: https://directoriespro.com/Vulnerable...

Authored by Jack Misiura The OpenAsset Digital Asset Management web application allowed for spoofing of IP addresses by using X-Forwarded-For header. By default, the web application would allow all traffic...

Authored by Krishna Yadav Online Bus Booking System Project using PHP MySQL version 1.0 suffers from a persistent cross site scripting vulnerability. Change Mirror Download # Exploit Title: online bus booking system...

Authored by Jack Misiura The OpenAsset Digital Asset Management web application suffers from multiple reflected and persistent cross site scripting vulnerabilities. Vulnerable versions include 12.0.19 (Cloud) and 11.2.1 (On-premise). advisories |...

Authored by Francisco Javier Santiago Vazquez Advanced Component System (ACS) version 1.0 suffers from a path traversal vulnerability. Change Mirror Download *Description:* Affected Component:http://localhost/advanced_component_system/index.php?ACS_path=..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc%2fpasswd%00*Vulnerability Type:* Path Traversalhttps://owasp.org/www-community/attacks/Path_Traversal*Vendor of Product:*Advanced Comment System -...

Authored by Jack Misiura OpenAsset Digital Asset Management was found to provide several endpoints which allowed for unauthenticated data retrieval in a CSV format. Vulnerable versions include 12.0.19 (Cloud) and...

Authored by Jack Misiura OpenAsset Digital Asset Management suffers from a cross site request forgery vulnerability. advisories | CVE-2020-28858 Change Mirror Download Title: Cross-site request forgery (CSRF)Product: OpenAsset Digital Asset Management by OpenAssetVendor...

Authored by Jack Misiura OpenAsset Digital Asset Management suffers from an authenticated blind remote SQL injection vulnerability. advisories | CVE-2020-28860 Change Mirror Download Title: Authenticated blind SQL injection (SQLi)Product: OpenAsset Digital Asset Management...

Authored by James Forshaw, Google Security Research The Microsoft Windows Cloud Filter HsmOsBlockPlaceholderAccess function allows a user to create arbitrary registry keys in the .DEFAULT users hive leading to elevation...

Authored by James Forshaw, Google Security Research The Microsoft Windows WOF filter driver does not correctly handle the reparse point setting which allows for an arbitrary file to be cached...