KONGA 0.14.9 Privilege Escalation
Posted by deepcore under exploit (No Respond)
KONGA version 0.14.9 suffers from a privilege escalation vulnerability.
Archive for November, 2021
WordPress Contact Form To Email 1.3.24 Cross Site Scripting
Posted by deepcore under exploit (No Respond)
WordPress Contact Form to Email plugin version 1.3.24 suffers from a persistent cross site scripting vulnerability.
Simple Subscription Website 1.0 SQL Injection
Posted by deepcore under exploit (No Respond)
Simple Subscription Website version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
Wipro Holmes Orchestrator 20.4.1 Arbitrary File Download
Posted by deepcore under exploit (No Respond)
Wipro Holmes Orchestrator version 20.4.1 unauthenticated arbitrary file reading proof of concept exploit.
PHP Laravel 8.70.1 Cross Site Request Forgery / Cross Site Scripting
Posted by deepcore under exploit (No Respond)
PHP Laravel version 8.70.1 suffers from cross site scripting and cross site request forgery related vulnerabilities.
WordPress WPSchoolPress 2.1.16 Cross Site Scripting
Posted by deepcore under exploit (No Respond)
WordPress WPSchoolPress plugin version 2.1.16 suffers from cross site scripting vulnerabilities.
CMDBuild 3.3.2 Cross Site Scripting
Posted by deepcore under exploit (No Respond)
CMDBuild version 3.3.2 suffers from cross site scripting vulnerabilities.
Online Reviewer System 2.4.0 SQL Injection
Posted by deepcore under exploit (No Respond)
Online Reviewer System version 2.4.0 suffers from a remote SQL injection vulnerability.
Online Learning System 2.0 Remote Code Execution
Posted by deepcore under exploit (No Respond)
Online Learning System version 2.0 remote code execution exploit that leverages SQL injection, authentication bypass, and file upload vulnerabilities.
Sitecore Experience Platform (XP) Remote Code Execution
Posted by deepcore under exploit (No Respond)
This Metasploit module exploits a deserialization vulnerability in the Report.ashx page of Sitecore XP 7.5 to 7.5.2, 8.0 to 8.0.7, 8.1 to 8.1.3, and 8.2 to 8.2.7. Versions 7.2.6 and earlier and 9.0 and later are not affected. The vulnerability occurs due to Report.ashx’s handler, located in Sitecore.Xdb.Client.dll under the Sitecore.sitecore.shell.ClientBin.Reporting.Report definition, having a ProcessRequest() […]