Onilne Bus Booking System Project 1.0 Cross Site Scripting
Authored by Krishna Yadav
Online Bus Booking System Project using PHP MySQL version 1.0 suffers from a persistent cross site scripting vulnerability.
Change Mirror Download
# Exploit Title: online bus booking system...
OpenAsset Digital Asset Management Cross Site Scripting
Authored by Jack Misiura
The OpenAsset Digital Asset Management web application suffers from multiple reflected and persistent cross site scripting vulnerabilities. Vulnerable versions include 12.0.19 (Cloud) and 11.2.1 (On-premise).
advisories |...
Advanced Component System (ACS) 1.0 Path Traversal
Authored by Francisco Javier Santiago Vazquez
Advanced Component System (ACS) version 1.0 suffers from a path traversal vulnerability.
Change Mirror Download
*Description:* Affected Component:http://localhost/advanced_component_system/index.php?ACS_path=..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc%2fpasswd%00*Vulnerability Type:* Path Traversalhttps://owasp.org/www-community/attacks/Path_Traversal*Vendor of Product:*Advanced Comment System -...
OpenAsset Digital Asset Management Insecure Direct Object Reference
Authored by Jack Misiura
OpenAsset Digital Asset Management was found to provide several endpoints which allowed for unauthenticated data retrieval in a CSV format. Vulnerable versions include 12.0.19 (Cloud) and...
OpenAsset Digital Asset Management Cross Site Request Forgery
Authored by Jack Misiura
OpenAsset Digital Asset Management suffers from a cross site request forgery vulnerability.
advisories | CVE-2020-28858
Change Mirror Download
Title: Cross-site request forgery (CSRF)Product: OpenAsset Digital Asset Management by OpenAssetVendor...
OpenAsset Digital Asset Management SQL Injection
Authored by Jack Misiura
OpenAsset Digital Asset Management suffers from an authenticated blind remote SQL injection vulnerability.
advisories | CVE-2020-28860
Change Mirror Download
Title: Authenticated blind SQL injection (SQLi)Product: OpenAsset Digital Asset Management...
Microsoft Windows Cloud Filter HsmOsBlockPlaceholderAccess Registry Key Creation / Privilege Escalation
Authored by James Forshaw, Google Security Research
The Microsoft Windows Cloud Filter HsmOsBlockPlaceholderAccess function allows a user to create arbitrary registry keys in the .DEFAULT users hive leading to elevation...
Microsoft Windows WOF FSCTL_SET_REPARSE_POINT_EX Cached Signing Level Bypass
Authored by James Forshaw, Google Security Research
The Microsoft Windows WOF filter driver does not correctly handle the reparse point setting which allows for an arbitrary file to be cached...
PDF Complete 3.5.310.2002 Unquoted Service Path
Authored by Zaira Alquicira
PDF Complete version 3.5.310.2002 suffers from an unquoted service path vulnerability.
Change Mirror Download
# Exploit Title: PDF Complete 3.5.310.2002 - 'pdfsvc.exe' Unquoted Service Path# Discovery by: Zaira...
Library Management System 2.0 SQL Injection
Authored by Manish Solanki
Library Management System version 2.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
Change Mirror Download
# Exploit Title: Library Management System 2.0 -...
