WordPress 6.4.3 Username Disclosure
Authored by h4shur
WordPress versions 6.4.3 and below appear to suffer from a REST API related username disclosure vulnerability.
Change Mirror Download
# Title: wordpress 6.4.3 - Username Disclosure# Author: h4shur# date:2024-02-21#...
Ivanti Connect Secure Unauthenticated Remote Code Execution
Authored by sfewer-r7 | Site metasploit.com
This Metasploit module chains a server side request forgery (SSRF) vulnerability (CVE-2024-21893) and a command injection vulnerability (CVE-2024-21887) to exploit vulnerable instances of either...
Yealink Configuration Encrypt Tool Static AES Key
Authored by Jeroen J.A.W. Hermans
A single, vendorwide, hardcoded AES key in the Yealink Configuration Encrypt Tool used to encrypt provisioning documents was leaked leading to a compromise of confidentiality...
OpenOLAT 18.1.5 Cross Site Scripting / Privilege Escalation
Authored by Johannes Volpel, Mike Klostermaier | Site sec-consult.com
OpenOLAT versions 18.1.4 and below and versions 18.1.5 and below suffer from multiple persistent cross site scripting vulnerabilities.
advisories | CVE-2024-25973, CVE-2024-25974
Change...
Online Library Management System 3 Password Reset
Authored by SoSPiro
Online Library Management System version 3 suffers from a password reset vulnerability due to a logic flaw of allowing the same email address to be set for...
SureMDM On-Premise CAPTCHA Bypass / User Enumeration
Authored by Jonas Benjamin Friedli
SureMDM On-Premise versions prior to 6.31 suffer from CAPTCHA bypass and user enumeration vulnerabilities.
advisories | CVE-2023-3897
Change Mirror Download
# Exploit Title: SureMDM On-premise < 6.31 -...
InstantCMS 2.16.1 Cross Site Scripting
Authored by SoSPiro
InstantCMS version 2.16.1 suffers from a persistent cross site scripting vulnerability that appears to require administrative access.
Change Mirror Download
# Exploit Title: InstantCMS - Store XSS# Application: InstantCMS...
Microsoft Windows Defender / Trojan.Win32/Powessere.G VBScript Detection Bypass
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org
This is additional research regarding a mitigation bypass in Windows Defender. Back in 2022, the researcher disclosed how it could be easily bypassed by...
Microsoft Windows Defender / Backdoor_JS.Relvelshe.A Detection / Mitigation Bypass
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org
Back in 2022, the researcher released a proof of concept to bypass the Backdoor:JS/Relvelshe.A detection in Windows Defender but it no longer works as...
Tourism Management System 2.0 Shell Upload
Authored by SoSPiro
Tourism Management System version 2.0 suffers from a remote shell upload vulnerability.
Change Mirror Download
# Exploit Title: Tourism Management System v2.0 - Arbitrary File Upload# Google Dork: N/A#...
