Subscribe via feed.
Archive for August, 2021

Hotel Management System 1.0 Cross Site Scripting / Shell Upload

Posted by deepcore under exploit (No Respond)

Hotel Management System version 1.0 exploit that leverages a blind cross site scripting attack against the admin to have a reverse PHP shell uploaded.

Men Salon Management System 1.0 SQL Injection

Posted by deepcore under exploit (No Respond)

Men Salon Management System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

Neo4j 3.4.18 Remote Code Execution

Posted by deepcore under exploit (No Respond)

Neo4j version 3.4.18 RMI-based java deserialization remote code execution exploit.

Online Hotel Reservation System 1.0 Cross Site Scripting

Posted by deepcore under exploit (No Respond)

Online Hotel Reservation System version 1.0 suffers from multiple cross site scripting vulnerabilities. Original discovery of cross site scripting in this version is attributed to Mesut Cetin in January of 2021.

Packet Storm New Exploits For July, 2021

Posted by deepcore under exploit (No Respond)

This archive contains all of the 177 exploits added to Packet Storm in July, 2021.

[webapps] Hotel Management System 1.0 – Cross-Site Scripting (XSS) Arbitrary File Upload Remote Code Execution (RCE)

Posted by deepcore under Security (No Respond)

Hotel Management System 1.0 – Cross-Site Scripting (XSS) Arbitrary File Upload Remote Code Execution (RCE)

Tags: ,

Packet Storm New Exploits For July, 2021

Posted by deepcore under exploit (No Respond)

This archive contains all of the 177 exploits added to Packet Storm in July, 2021.

[webapps] Online Hotel Reservation System 1.0 – 'Multiple' Cross-site scripting (XSS)

Posted by deepcore under Security (No Respond)

Online Hotel Reservation System 1.0 – ‘Multiple’ Cross-site scripting (XSS)

Tags: ,

[remote] Neo4j 3.4.18 – RMI based Remote Code Execution (RCE)

Posted by deepcore under Security (No Respond)

Neo4j 3.4.18 – RMI based Remote Code Execution (RCE)

Tags: ,

[webapps] Men Salon Management System 1.0 – SQL Injection Authentication Bypass

Posted by deepcore under Security (No Respond)

Men Salon Management System 1.0 – SQL Injection Authentication Bypass

Tags: ,