Employee Management System 1.0 SQL Injection
Authored by Shubham Pandey
Employee Management System version 1.0 suffers from a remote SQL injection vulnerability. Original discovery of this finding is attributed to Ozlem Balci in January of 2024.
advisories...
Lektor Static CMS 3.3.10 Arbitrary File Upload / Remote Code Execution
Authored by kai6u
Lektor Static CMS version 3.3.10 suffers from an arbitrary file upload vulnerability that can be leveraged to achieve remote code execution.
Change Mirror Download
# Exploit Title: Lektor static...
Xbox GamingService Arbitrary Folder Move
Authored by Filip Dragovic
Proof of concept exploit for an arbitrary folder move issue in the GamingService component of Xbox.
advisories | CVE-2024-2891
OpenNMS Horizon 31.0.7 Remote Command Execution
Authored by Erik Wynter | Site metasploit.com
This Metasploit module exploits built-in functionality in OpenNMS Horizon in order to execute arbitrary commands as the opennms user. For versions 32.0.2 and...
Tramyardg Autoexpress 1.3.0 Authentication Bypass
Authored by Scott White
Tramyardg Autoexpress version 1.3.0 allows for authentication bypass via unauthenticated API access to admin functionality. This could allow a remote anonymous attacker to delete or update...
Tramyardg Autoexpress 1.3.0 Cross Site Scripting
Authored by Scott White
Tramyardg Autoexpress version 1.3.0 suffers from a persistent cross site scripting vulnerability.
advisories | CVE-2023-48903
Change Mirror Download
# Exploit Title: tramyardg autoexpress - Stored Cross-Site Scripting (XSS)# Google...
Checkmk Agent 2.0.0 / 2.1.0 / 2.2.0 Local Privilege Escalation
Authored by Michael Baer | Site sec-consult.com
Checkmk Agent versions 2.0.0, 2.1.0, and 2.2.0 suffer from a local privilege escalation vulnerability.
advisories | CVE-2024-06070
Change Mirror Download
SEC Consult Vulnerability Lab Security Advisory...
Membership Management System 1.0 SQL Injection / Shell Upload
Authored by SoSPiro
Membership Management System version 1.0 suffers from remote shell upload and remote SQL injection vulnerabilities.
Change Mirror Download
from requests_toolbelt.multipart.encoder import MultipartEncoderimport requestsimport stringimport randomimport os# ========================================================================================================# Application: Membership...
HALO 2.13.1 CORS Issue
Authored by nu11secur1ty
HALO version 2.13.1 has an insecure cross-origin resource sharing setting that allows an arbitrary origin.
Change Mirror Download
## Title: HALO-2.13.1 Cross-origin resource sharing: arbitrary origin trusted## Author: nu11secur1ty##...
Financials By Coda Cross Site Scripting
Authored by Leo Draghi
Financials by Coda versions prior to 2023Q4 suffer from a cross site scripting vulnerability.
advisories | CVE-2024-28734
Change Mirror Download
# Vulnerability type: Cross-site Scripting# Vendor: https://www.unit4.com/# Product: Financials...
