DerbyNet 9.0 racer-results.php Cross Site Scripting
DerbyNet version 9.0 suffers from a cross site scripting vulnerability in racer-results.php.
View ArticleDerbyNet 9.0 playlist.php Cross Site Scripting
DerbyNet version 9.0 suffers from a cross site scripting vulnerability in playlist.php.
View ArticleDerbyNet 9.0 ajax/query.slide.next.inc SQL Injection
DerbyNet 9.0 suffers from a remote SQL injection vulnerability in ajax/query.slide.next.inc.
View ArticleDerbyNet 9.0 print/render/award.inc SQL Injection
DerbyNet 9.0 suffers from a remote SQL injection vulnerability in print/render/award.inc.
View ArticleDerbyNet 9.0 print/render/racer.inc SQL Injection
DerbyNet 9.0 suffers from a remote SQL injection vulnerability in print/render/racer.inc.
View ArticleAVideo WWBNIndex Plugin Unauthenticated Remote Code Execution
This Metasploit module exploits an unauthenticated remote code execution vulnerability in the WWBNIndex plugin of the AVideo platform. The vulnerability exists within the submitIndex.php file, where...
View ArticleWordPress Hash Form 1.1.0 Remote Code Execution
The Hash Form Drag and Drop Form Builder plugin for WordPress suffers from a critical vulnerability due to missing file type validation in the file_upload_action function. This vulnerability exists in...
View ArticleSPIP 4.2.12 Remote Code Execution
This Metasploit module exploits a remote code execution vulnerability in SPIP versions up to and including 4.2.12. The vulnerability occurs in SPIP's templating system where it incorrectly handles...
View ArticleWordPress GiveWP Donation / Fundraising Platform 3.14.1 Code Execution
The GiveWP Donation plugin and Fundraising Platform plugin for WordPress in all versions up to and including 3.14.1 is vulnerable to a PHP object injection (POI) flaw granting an unauthenticated...
View ArticleSPIP BigUp 4.3.1 / 4.2.15 / 4.1.17 Unauthenticated Remote Code Execution
This Metasploit module exploits a Remote Code Execution vulnerability in the BigUp plugin of SPIP. The vulnerability lies in the lister_fichiers_par_champs function, which is triggered when the...
View ArticleVICIdial Authenticated Remote Code Execution
An attacker with authenticated access to VICIdial as an "agent" can execute arbitrary shell commands as the "root" user. This attack can be chained with CVE-2024-8503 to execute arbitrary shell...
View ArticleBYOB Unauthenticated Remote Code Execution
This Metasploit module exploits two vulnerabilities in the BYOB (Build Your Own Botnet) web GUI. It leverages an unauthenticated arbitrary file write that allows modification of the SQLite database,...
View ArticleWordPress WP-Automatic SQL Injection
This Metasploit module exploits an unauthenticated SQL injection vulnerability in the WordPress wp-automatic plugin versions prior to 3.92.1 to achieve remote code execution. The vulnerability allows...
View Article