Exploit-DB Updates

[webapps] Wordpress Plugin EventON Calendar 4.4 - Unauthenticated Event Access

Wordpress Plugin EventON Calendar 4.4 - Unauthenticated Event Access

Exploit-DB Updates

[webapps] WordPress Plugin Ninja Forms 3.6.25 - Reflected XSS

WordPress Plugin Ninja Forms 3.6.25 - Reflected XSS

Exploit-DB Updates

[dos] Xlight FTP Server 3.9.3.6 - 'Stack Buffer Overflow' (DOS)

Xlight FTP Server 3.9.3.6 - 'Stack Buffer Overflow' (DOS)

Exploit-DB Updates

[webapps] Webedition CMS v2.9.8.8 - Remote Code Execution (RCE)

Webedition CMS v2.9.8.8 - Remote Code Execution (RCE)

Exploit-DB Updates

[webapps] WordPress adivaha Travel Plugin 2.3 - SQL Injection

WordPress adivaha Travel Plugin 2.3 - SQL Injection

Exploit-DB Updates

[webapps] PHPJabbers Night Club Booking 1.0 - Reflected XSS

PHPJabbers Night Club Booking 1.0 - Reflected XSS

Exploit-DB Updates

[webapps] Joomla JLex Review 6.0.1 - Reflected XSS

Joomla JLex Review 6.0.1 - Reflected XSS

Exploit-DB Updates

[webapps] PHPJabbers Taxi Booking 2.0 - Reflected XSS

PHPJabbers Taxi Booking 2.0 - Reflected XSS

Exploit-DB Updates

[webapps] PHPJabbers Service Booking Script 1.0 - Reflected XSS

PHPJabbers Service Booking Script 1.0 - Reflected XSS

Exploit-DB Updates

[webapps] Wordpress Plugin EventON Calendar 4.4 - Unauthenticated Post Access via IDOR

Wordpress Plugin EventON Calendar 4.4 - Unauthenticated Post Access via IDOR

Exploit-DB Updates

[webapps] Campcodes Online Matrimonial Website System v3.3 - Code Execution via malicious SVG file upload

Campcodes Online Matrimonial Website System v3.3 - Code Execution via malicious SVG file upload

Exploit-DB Updates

[webapps] PHPJabbers Rental Property Booking 2.0 - Reflected XSS

PHPJabbers Rental Property Booking 2.0 - Reflected XSS

Exploit-DB Updates

[webapps] PHPJabbers Shuttle Booking Software 1.0 - Reflected XSS

PHPJabbers Shuttle Booking Software 1.0 - Reflected XSS

Exploit-DB Updates

[remote] ReyeeOS 1.204.1614 - MITM Remote Code Execution (RCE)

ReyeeOS 1.204.1614 - MITM Remote Code Execution (RCE)

Exploit-DB Updates

[webapps] Academy LMS 6.0 - Reflected XSS

Academy LMS 6.0 - Reflected XSS

Exploit-DB Updates

[webapps] Webutler v3.2 - Remote Code Execution (RCE)

Webutler v3.2 - Remote Code Execution (RCE)

Exploit-DB Updates

[webapps] Ozeki SMS Gateway 10.3.208 - Arbitrary File Read (Unauthenticated)

Ozeki SMS Gateway 10.3.208 - Arbitrary File Read (Unauthenticated)

Exploit-DB Updates

[webapps] PHPJabbers Cleaning Business 1.0 - Reflected XSS

PHPJabbers Cleaning Business 1.0 - Reflected XSS

Exploit-DB Updates

[webapps] WordPress Plugin Forminator 1.24.6 - Unauthenticated Remote Command Execution

WordPress Plugin Forminator 1.24.6 - Unauthenticated Remote Command Execution

Exploit-DB Updates

[webapps] WordPress adivaha Travel Plugin 2.3 - Reflected XSS

WordPress adivaha Travel Plugin 2.3 - Reflected XSS

Exploit-DB Updates

[remote] Shelly PRO 4PM v0.11.0 - Authentication Bypass

Shelly PRO 4PM v0.11.0 - Authentication Bypass

Full Disclosure

OXAS-ADV-2023-0003: OX App Suite Security Advisory

Posted by Martin Heiland via Fulldisclosure on Aug 02

Dear subscribers,

We're sharing our latest advisory with you and like to thank everyone who contributed in finding and solving those
vulnerabilities. Feel free to join our bug bounty programs for OX AppSuite, Dovecot and PowerDNS at YesWeHack.

This advisory has also been published at https://documentation.open-xchange.com/security/advisories/.

Yours sincerely,
Martin Heiland, Open-Xchange GmbH

Internal reference: OXUIB-2282
Type:...

Full Disclosure

RansomLord v1 / Anti-Ransomware Exploit Tool

Posted by malvuln on Aug 02

RansomLord is a proof-of-concept tool that automates the creation of PE
files, used to compromise Ransomware pre-encryption.

Lang: C

SHA256: b0dfa2377d7100949de276660118bbf21fa4e56a4a196db15f5fb344a5da33ee

Video PoC:
https://www.youtube.com/watch?v=_Ho0bpeJWqI

Download: https://github.com/malvuln/RansomLord

RansomLord generated PE files are saved to disk in the x32 or x64
directorys where the program is run from.

Goal is to exploit code...

Full Disclosure

Savant Web Server 3.1 - Remote Buffer Overflow (Egghunter)

Posted by Mahmoud Noureldin on Aug 02

This is an old app but in an easy way which not the same which in public.

Exploit Title: Savant Web Server 3.1 - Remote Buffer Overflow (Egghunter)

# Date: [30/07/2023]
# Exploit Author: [0xBOF90]
# Vendor Homepage: [link]
# Version: [app version] (3.1)
# Tested on: [Windows 10]

import socket
import sys

try:
server = b"192.168.56.102"
#\x00\x0a\x0d\x25
port = 80
size = 253
# msfvenom -p windows/shell_reverse_tcp...

Advisory Files ≈ Packet Storm

Ubuntu Security Notice USN-6267-1

Ubuntu Security Notice 6267-1 - Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. Max Vlasov discovered that Firefox Offscreen Canvas did not properly track cross-origin tainting. An attacker could potentially exploit this issue to access image data from another site in violation of same-origin policy.

Advisory Files ≈ Packet Storm

Red Hat Security Advisory 2023-4432-01

Red Hat Security Advisory 2023-4432-01 - Iperf is a tool which can measure maximum TCP bandwidth and tune various parameters and UDP characteristics. Iperf reports bandwidth, delay jitter, and data-gram loss.

Advisory Files ≈ Packet Storm

Red Hat Security Advisory 2023-4431-01

Red Hat Security Advisory 2023-4431-01 - Iperf is a tool which can measure maximum TCP bandwidth and tune various parameters and UDP characteristics. Iperf reports bandwidth, delay jitter, and data-gram loss.

Advisory Files ≈ Packet Storm

Red Hat Security Advisory 2023-4341-01

Red Hat Security Advisory 2023-4341-01 - Red Hat OpenShift bug fix and security update. Red Hat Product Security has rated this update as having a security impact of Low. Issues addressed include a denial of service vulnerability.

Advisory Files ≈ Packet Storm

Red Hat Security Advisory 2023-4429-01

Red Hat Security Advisory 2023-4429-01 - The mod_auth_openidc is an OpenID Connect authentication module for Apache HTTP Server. It enables an Apache HTTP Server to operate as an OpenID Connect Relying Party and/or OAuth 2.0 Resource Server.

Advisory Files ≈ Packet Storm

Red Hat Security Advisory 2023-4428-01

Red Hat Security Advisory 2023-4428-01 - OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server. Issues addressed include a code execution vulnerability.

Advisory Files ≈ Packet Storm

EmpowerID 7.205.0.0 Authentication Bypass

EmpowerID versions 7.205.0.0 suffers from a vulnerability that allows an attacker to change a second factor flow armed with only the login and password for an account.

Advisory Files ≈ Packet Storm

Red Hat Security Advisory 2023-4417-01

Red Hat Security Advisory 2023-4417-01 - CJose is C library implementing the Javascript Object Signing and Encryption.

Advisory Files ≈ Packet Storm

Red Hat Security Advisory 2023-4310-01

Red Hat Security Advisory 2023-4310-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.11.46. Issues addressed include denial of service and out of bounds read vulnerabilities.

Advisory Files ≈ Packet Storm

Red Hat Security Advisory 2023-4312-01

Red Hat Security Advisory 2023-4312-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.11.46.

Advisory Files ≈ Packet Storm

Red Hat Security Advisory 2023-4413-01

Red Hat Security Advisory 2023-4413-01 - OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server. Issues addressed include a code execution vulnerability.

Advisory Files ≈ Packet Storm

Red Hat Security Advisory 2023-4418-01

Red Hat Security Advisory 2023-4418-01 - The mod_auth_openidc is an OpenID Connect authentication module for Apache HTTP Server. It enables an Apache HTTP Server to operate as an OpenID Connect Relying Party and/or OAuth 2.0 Resource Server.

Advisory Files ≈ Packet Storm

Red Hat Security Advisory 2023-4421-01

Red Hat Security Advisory 2023-4421-01 - OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. This advisory contains OpenShift Virtualization 4.12.5 images.

Advisory Files ≈ Packet Storm

Red Hat Security Advisory 2023-4419-01

Red Hat Security Advisory 2023-4419-01 - OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server. Issues addressed include a code execution vulnerability.

Advisory Files ≈ Packet Storm

Red Hat Security Advisory 2023-4420-01

Red Hat Security Advisory 2023-4420-01 - OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. This advisory contains OpenShift Virtualization 4.12.5 RPMs.

Full Disclosure

Stored XSS - Perch

Posted by Andrey Stoykov on Aug 01

# Exploit Title:
# Date: 07/2023
# Exploit Author: Andrey Stoykov
# Version: 3.2
# Tested on: Windows Server 2022
# Blog: http://msecureltd.blogspot.com

XSS #1:

File: roles.edit.post.php

Line #57:

[...]
<div class="field-wrap <?php echo $Form->error('roleTitle', false);?>">
<?php echo $Form->label('roleTitle', 'Title'); ?>
<div class="form-entry">...

Full Disclosure

Pentest Paper - Introduction to Web Pentest

Posted by Andrey Stoykov on Aug 01

Just putting this for the new starters.

It is in two languages, Bulgarian and English.

https://drive.google.com/file/d/1mzYeratoSV82Oxaj_dYvu4fg7vSBuhE1/view
https://drive.google.com/file/d/1b8obLloMnmQGI1gqAablzuTyKOFBRZjb/view

Has basic configuration for Burpsuite Proxy, including basic exploitation
of XSS, SQLi, CSRF and Open redirect.

Has brief theory explanation prior to showing how to exploit each flaw.

Kind Regards,
Andrey Stoykov

Full Disclosure

Unauthorized MFA Code Delivery in EmpowerID

Posted by Patel, Nirav on Aug 01

Severity: High

Description:

An identified security flaw is present in EmpowerID versions V7.205.0.0 and prior versions, causing the system to
mistakenly send Multi-Factor Authentication (MFA) codes to unintended email addresses. To exploit this vulnerability,
an attacker would need to have access to valid and breached login details, including a username and password.

This vulnerability's root cause lies in insufficient verification of...

Full Disclosure

CVE-2023-28130 - Hostname injection leads to Remote Code Execution RCE (Authenticated)

Posted by Rick Verdoes via Fulldisclosure on Aug 01

=========================
Exploit Title: Hostname injection leads to Remote Code Execution RCE (Authenticated)
Product: Gaia Portal
Vendor: Checkpoint
Vulnerable Versions: R81.20 < Take 14, R81.10 < Take 95, R81 < Take 82 and R80.40 < Take 198
Tested Version: R81.10 (take 335)
Advisory Publication: July 27, 2023
Latest Update: July 72, 2023
Vulnerability Type: Improper Control of Generation of Code (Code Injection) [CWE-94]
CVE...

Full Disclosure

Trovent Security Advisory 2303-01 / CVE-2023-36255 / Authenticated remote code execution in Eramba

Posted by Stefan Pietsch on Aug 01

# Trovent Security Advisory 2303-01 #
#####################################

Authenticated remote code execution in Eramba
#############################################

Overview
########

Advisory ID: TRSA-2303-01
Advisory version: 1.0
Advisory status: Public
Advisory URL: https://trovent.io/security-advisory-2303-01
Affected product: Eramba
Affected version: 3.19.1 (Enterprise and Community edition)
Vendor: Eramba Limited,...

Full Disclosure

ETSI WEBstore 2023 - Persistent Cross Site Scripting Web Vulnerability

Posted by info () vulnerability-lab com on Aug 01

Document Title:
===============
ETSI WEBstore 2023 - Persistent Cross Site Scripting Web Vulnerability

References (Source):
====================
https://www.vulnerability-lab.com/get_content.php?id=2327

Release Date:
=============
2023-07-26

Vulnerability Laboratory ID (VL-ID):
====================================
2327

Common Vulnerability Scoring System:
====================================
4.6

Vulnerability Class:
====================...

Advisory Files ≈ Packet Storm

Ubuntu Security Notice USN-6266-1

Ubuntu Security Notice 6266-1 - Zac Sims discovered that librsvg incorrectly handled decoding URLs. A remote attacker could possibly use this issue to read arbitrary files by using an include element.

Advisory Files ≈ Packet Storm

Red Hat Security Advisory 2023-4411-01

Red Hat Security Advisory 2023-4411-01 - CJose is C library implementing the Javascript Object Signing and Encryption.

Advisory Files ≈ Packet Storm

Red Hat Security Advisory 2023-4410-01

Red Hat Security Advisory 2023-4410-01 - The mod_auth_openidc is an OpenID Connect authentication module for Apache HTTP Server. It enables an Apache HTTP Server to operate as an OpenID Connect Relying Party and/or OAuth 2.0 Resource Server.

Advisory Files ≈ Packet Storm

Ubuntu Security Notice USN-6263-1

Ubuntu Security Notice 6263-1 - Motoyasu Saburi discovered that OpenJDK incorrectly handled special characters in file name parameters. An attacker could possibly use this issue to insert, edit or obtain sensitive information. This issue only affected OpenJDK 11 and OpenJDK 17. Eirik Bjørsnøs discovered that OpenJDK incorrectly handled certain ZIP archives. An attacker could possibly use this issue to cause a denial of service. This issue only affected OpenJDK 11 and OpenJDK 17.

Advisory Files ≈ Packet Storm

Red Hat Security Advisory 2023-4409-01

Red Hat Security Advisory 2023-4409-01 - The mod_auth_openidc is an OpenID Connect authentication module for Apache HTTP Server. It enables an Apache HTTP Server to operate as an OpenID Connect Relying Party and/or OAuth 2.0 Resource Server.

Advisory Files ≈ Packet Storm

Red Hat Security Advisory 2023-4408-01

Red Hat Security Advisory 2023-4408-01 - The mod_auth_openidc is an OpenID Connect authentication module for Apache HTTP Server. It enables an Apache HTTP Server to operate as an OpenID Connect Relying Party and/or OAuth 2.0 Resource Server.

Advisory Files ≈ Packet Storm

Red Hat Security Advisory 2023-4415-01

Red Hat Security Advisory 2023-4415-01 - Iperf is a tool which can measure maximum TCP bandwidth and tune various parameters and UDP characteristics. Iperf reports bandwidth, delay jitter, and data-gram loss.

Advisory Files ≈ Packet Storm

Red Hat Security Advisory 2023-4416-01

Red Hat Security Advisory 2023-4416-01 - Iperf is a tool which can measure maximum TCP bandwidth and tune various parameters and UDP characteristics. Iperf reports bandwidth, delay jitter, and data-gram loss.

Advisory Files ≈ Packet Storm

Ubuntu Security Notice USN-6242-2

Ubuntu Security Notice 6242-2 - USN-6242-1 fixed a vulnerability in OpenSSH. This update provides the corresponding update for Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, and Ubuntu 18.04 LTS. It was discovered that OpenSSH incorrectly handled loading certain PKCS#11 providers. If a user forwarded their ssh-agent to an untrusted system, a remote attacker could possibly use this issue to load arbitrary libraries from the user's system and execute arbitrary code.

Advisory Files ≈ Packet Storm

Ubuntu Security Notice USN-6264-1

Ubuntu Security Notice 6264-1 - Several security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.

Exploit-DB Updates

[webapps] Uvdesk v1.1.3 - File Upload Remote Code Execution (RCE) (Authenticated)

Uvdesk v1.1.3 - File Upload Remote Code Execution (RCE) (Authenticated)

Exploit-DB Updates

[webapps] Joomla iProperty Real Estate 4.1.1 - Reflected XSS

Joomla iProperty Real Estate 4.1.1 - Reflected XSS

Exploit-DB Updates

[webapps] Joomla Solidres 2.13.3 - Reflected XSS

Joomla Solidres 2.13.3 - Reflected XSS

Exploit-DB Updates

[local] General Device Manager 2.5.2.2 - Buffer Overflow (SEH)

General Device Manager 2.5.2.2 - Buffer Overflow (SEH)

Advisory Files ≈ Packet Storm

Red Hat Security Advisory 2023-4313-01

Red Hat Security Advisory 2023-4313-01 - PostgreSQL is an advanced object-relational database management system.