| Country | Number |
|---|---|
| United States | 2624 |
| China | 966 |
| Germany | 498 |
| Japan | 392 |
| Netherlands | 385 |
| India | 358 |
| France | 237 |
| UK | 202 |
| Russia | 185 |
| Taiwan | 160 |
| Port | Number |
|---|---|
| 80 | 13426 |
| 23 | 7367 |
| 8080 | 4162 |
| 25 | 1544 |
| 21 | 981 |
| 110 | 626 |
| 2323 | 526 |
| Exploit | Exploit Information | CVE |
|---|---|---|
| TP-Link Archer AX21 (AX1800) firmware versions before 1 | TP-Link Archer AX21 (AX1800) firmware versions before 1.1.4 Build 20230219 contained a command injection vulnerability in the country form of the /cgi-bin/luci;stok=/locale endpoint on the web management interface. Specifically, the country parameter of the write operation was not sanitized before being used in a call to popen(), allowing an unauthenticated attacker to inject commands, which would be run as root, with a simple POST request. | CVE-2023-1389 |
| Responsive FileManager < 9.13.4 - Directory Traversal | The following vulnerabilities were fixed in the version 9.13.4. https://responsivefilemanager.com #1 Path Traversal Allows to Read Any File Reserved CVE: CVE-2018-15535 Discovered By: Simon Uvarov Vendor Status: Fixed Details: The following request allows a user to read any file on the system. GET /filemanager/ajax_calls.php?action=get_file&sub_action=preview&preview_mode=text&title=source&file=../../../../etc/passwd HTTP/1.1 Host: 192.168.5.129 User-Agent: Mozilla/5.0 (Windows | CVE-2018-15536 |
| An issue was discovered in ownCloud owncloud/graphapi 0 | An issue was discovered in ownCloud owncloud/graphapi 0.2.x before 0.2.1 and 0.3.x before 0.3.1. The graphapi app relies on a third-party GetPhpInfo.php library that provides a URL. When this URL is accessed, it reveals the configuration details of the PHP environment (phpinfo). This information includes all the environment variables of the webserver. In containerized deployments, these environment variables may include sensitive data such as the ownCloud admin password, mail server credentials, and license key. Simply disabling the graphapi app does not eliminate the vulnerability. Additionally, phpinfo exposes various other potentially sensitive configuration details that could be exploited by an attacker to gather information about the system. Therefore, even if ownCloud is not running in a containerized environment, this vulnerability should still be a cause for concern. Note that Docker containers from before February 2023 are not vulnerable to the credential disclosure. | CVE-2023-49103 |
| Telerik | Telerik.Web.UI.dll in Progress Telerik UI for ASP.NET AJAX before R2 2017 SP1 and Sitefinity before 10.0.6412.0 does not properly protect Telerik.Web.UI.DialogParametersEncryptionKey or the MachineKey, which makes it easier for remote attackers to defeat cryptographic protection mechanisms, leading to a MachineKey leak, arbitrary file uploads or downloads, XSS, or ASP.NET ViewState compromise. | CVE-2017-9248 |
| Telerik UI for ASP.NET AJAX 2012.3.1308 < 2017.1.118 - Encryption Keys Disclosure | # Exploit Title: Telerik UI for ASP.NET AJAX DialogHandler Dialog cracker # Filename: dp_crypto.py # Github: https://github.com/bao7uo/dp_crypto # Date: 2018-01-23 # Exploit Author: Paul Taylor / Foregenix Ltd # Website: http://www.foregenix.com/blog # Version: Telerik UI for ASP.NET AJAX # CVE: CVE-2017-9248 # Vendor Advisory: https://www.telerik.com/support/kb/aspnet-ajax/details/cryptographic-weakness # Tested on: Working on versions 2012.3.1308 thru 2017.1.118 (.NET 35, 40, 45) #!/usr/bi | CVE-2017-9248 |
| A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding | A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. However, the nature of the vulnerability is more general, and there may be other ways to exploit it. | CVE-2022-22965 |
| In spring cloud gateway versions prior to 3 | In spring cloud gateway versions prior to 3.1.1+ and 3.0.7+ , applications are vulnerable to a code injection attack when the Gateway Actuator endpoint is enabled, exposed and unsecured. A remote attacker could make a maliciously crafted request that could allow arbitrary remote execution on the remote host. | CVE-2022-22947 |
| Multiple incomplete blacklist vulnerabilities in the Simple File Upload (mod_simplefileuploadv1 | Multiple incomplete blacklist vulnerabilities in the Simple File Upload (mod_simplefileuploadv1.3) module before 1.3.5 for Joomla! allow remote attackers to execute arbitrary code by uploading a file with a (1) php5, (2) php6, or (3) double (e.g. .php.jpg) extension, then accessing it via a direct request to the file in images/, as exploited in the wild in January 2012. | CVE-2011-5148 |
| Pre-auth RCE in Apache Ofbiz 18 | Pre-auth RCE in Apache Ofbiz 18.12.09. It's due to XML-RPC no longer maintained still present. This issue affects Apache OFBiz: before 18.12.10. Users are recommended to upgrade to version 18.12.10 | CVE-2023-49070 |
| Adobe Commerce versions 2 | Adobe Commerce versions 2.4.3-p1 (and earlier) and 2.3.7-p2 (and earlier) are affected by an improper input validation vulnerability during the checkout process. Exploitation of this issue does not require user interaction and could result in arbitrary code execution. | CVE-2022-24086 |
| An issue was discovered in Citrix Application Delivery Controller (ADC) and Gateway 10 | An issue was discovered in Citrix Application Delivery Controller (ADC) and Gateway 10.5, 11.1, 12.0, 12.1, and 13.0. They allow Directory Traversal. | CVE-2019-19781 |
| CMSimple 3.1 - Local File Inclusion / Arbitrary File Upload | <pre> # # CMSimple 3.1 Local File Inclusion / Arbitrary File Upload # download: http://www.cmsimple.org/?Downloads # dork: "Powered by CMSimple" # # author: irk4z@yahoo.pl # homepage: http://irk4z.wordpress.com # Local File Inclusion : http://[host]/[path]/index.php?sl=[file]%00 http://[host]/[path]/index.php?sl=../../../../../../../etc/passwd%00 Arbitrary File Upload (into http://[host]/[path]/downloads/ ): </pre> <form method="POST" enctype="multipart/form-data" action="http://[host]/[p | CVE-2008-2650 |
| Cross-site scripting (XSS) vulnerability in WordPress before 2 | Cross-site scripting (XSS) vulnerability in WordPress before 2.6, SVN development versions only, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | CVE-2008-3233 |
| dayrui FineCms 5 | dayrui FineCms 5.0.9 has Cross Site Scripting (XSS) in admin/Login.php via a payload in the username field that does not begin with a '<' character. | CVE-2017-11581 |
| Directory traversal vulnerability in SolrResourceLoader in Apache Solr before 4 | Directory traversal vulnerability in SolrResourceLoader in Apache Solr before 4.6 allows remote attackers to read arbitrary files via a .. (dot dot) or full pathname in the tr parameter to solr/select/, when the response writer (wt parameter) is set to XSLT. NOTE: this can be leveraged using a separate XXE (XML eXternal Entity) vulnerability to allow access to files across restricted network boundaries. | CVE-2013-6397 |
| EmpireCMS v7 | EmpireCMS v7.5 has an arbitrary file upload vulnerability in the LoadInMod function in e/class/moddofun.php, exploitable by logged-in users. | CVE-2018-18086 |
| In WordPress through 4 | In WordPress through 4.9.2, unauthenticated attackers can cause a denial of service (resource consumption) by using the large list of registered .js files (from wp-includes/script-loader.php) to construct a series of requests to load every file many times. | CVE-2018-6389 |
| Lotus Domino R5 and R6 WebMail, with "Generate HTML for all fields" enabled, stores sensitive data from names | Lotus Domino R5 and R6 WebMail, with "Generate HTML for all fields" enabled, stores sensitive data from names.nsf in hidden form fields, which allows remote attackers to read the HTML source to obtain sensitive information such as (1) the password hash in the HTTPPassword field, (2) the password change date in the HTTPPasswordChangeDate field, (3) the client platform in the ClntPltfrm field, (4) the client machine name in the ClntMachine field, and (5) the client Lotus Domino release in the ClntBld field, a different vulnerability than CVE-2005-2696. | CVE-2005-2428 |
| MantisBT through 2 | MantisBT through 2.3.0 allows arbitrary password reset and unauthenticated admin access via an empty confirm_hash value to verify.php. | CVE-2017-7615 |
| Multiple "potential" SQL injection vulnerabilities in Utopia News Pro (UNP) 1 | Multiple "potential" SQL injection vulnerabilities in Utopia News Pro (UNP) 1.1.4 might allow remote attackers to execute arbitrary SQL commands via (1) the newsid parameter in editnews.php, (2) the catid and question parameters in faq.php, (3) the poster parameter in postnews.php, (4) the tempid parameter in templates.php, and (5) the userid and groupid parameters in users.php. | CVE-2005-4223 |
| PHP remote file inclusion vulnerability in index | PHP remote file inclusion vulnerability in index.php in the Be2004-2 template for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | CVE-2007-2143 |
| PHP Scripts Mall PHP Appointment Booking Script 3 | PHP Scripts Mall PHP Appointment Booking Script 3.0.3 allows HTML injection in a user profile. | CVE-2019-9066 |
| phpPgAdmin 4.2.1 - '_language' Local File Inclusion | :::::::-. ... ::::::. :::. ;;, `';, ;; ;;;`;;;;, `;;; `[[ [[[[' [[[ [[[[[. '[[ $$, $$$$ $$$ $$$ "Y$c$$ 888_,o8P'88 .d888 888 Y88 MMMMP"` "YmmMMMM"" MMM YM [ Discovered by dun dun[at]strcpy.pl ] ################################################################## # [ phpPgAdmin <= 4.2.1 ] Local File Inclusion Vulnerability # ################################################################## # # Script: "phpPgAdmin is a | CVE-2008-5587 |
| Schneider Electric Pelco Endura NET55XX Encoder - Authentication Bypass (Metasploit) | ## # This module requires Metasploit: https://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::Udp include Msf::Exploit::Remote::HttpClient include Msf::Auxiliary::Report include Msf::Exploit::Remote::SSH def initialize(info={}) super(update_info(info, 'Name' => "Schneider Electric Pelco Endura NET55XX Encoder", 'D | CVE-2019-6814 |
| Squirrelmail 1.4.x - 'Redirect.php' Local File Inclusion | source: https://www.securityfocus.com/bid/18231/info SquirrelMail is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. A successful exploit may allow unauthorized users to view files and to execute local scripts; other attacks are also possible. http://www.example.com/[squirrelmail dir]/src/redirect.php?plugins[]=../../../../etc/passwd%00 | CVE-2006-2842 |
| Telerik | Telerik.Web.UI in Progress Telerik UI for ASP.NET AJAX before R1 2017 and R2 before R2 2017 SP2 uses weak RadAsyncUpload encryption, which allows remote attackers to perform arbitrary file uploads or execute arbitrary code. | CVE-2017-11317 |
| The K2 component 2 | The K2 component 2.8.0 for Joomla! has Incorrect Access Control with directory traversal, allowing an attacker to download arbitrary files, as demonstrated by a view=media&task=connector&cmd=file&target=l1_../configuration.php&download=1 request. The specific pathname ../configuration.php should be base64 encoded for a valid attack. NOTE: the vendor disputes this issue because only files under the media-manager path can be downloaded, and the documentation indicates that sensitive information does not belong there. Nonetheless, 2.8.1 has additional blocking of .php downloads | CVE-2018-7482 |
| The limit-login-attempts-reloaded plugin before 2 | The limit-login-attempts-reloaded plugin before 2.17.4 for WordPress allows wp-admin/options-general.php?page=limit-login-attempts&tab= XSS. A malicious user can cause an administrator user to supply dangerous content to the vulnerable page, which is then reflected back to the user and executed by the web browser. The most common mechanism for delivering malicious content is to include it as a parameter in a URL that is posted publicly or e-mailed directly to victims. | CVE-2020-35589 |
| The miniigd SOAP service in Realtek SDK allows remote attackers to execute arbitrary code via a crafted NewInternalClient request, as exploited in the wild through 2023 | The miniigd SOAP service in Realtek SDK allows remote attackers to execute arbitrary code via a crafted NewInternalClient request, as exploited in the wild through 2023. | CVE-2014-8361 |
| The Photo Sharing Plus component on Sony Bravia TV through 8 | The Photo Sharing Plus component on Sony Bravia TV through 8.587 devices allows Directory Traversal. | CVE-2018-16594 |
| WordPress 5.7 - 'Media Library' XML External Entity Injection (XXE) (Authenticated) | # Exploit Title: WordPress 5.7 - 'Media Library' XML External Entity Injection (XXE) (Authenticated) # Date: 16/09/2021 # Exploit Author: David Utón (M3n0sD0n4ld) # Vendor Homepage: https://wordpress.com # Affected Version: WordPress 5.6-5.7 & PHP8 # Tested on: Linux Ubuntu 18.04.5 LTS # CVE : CVE-2021-29447 #!/bin/bash # Author: @David_Uton (m3n0sd0n4ld) # Usage: $./CVE-2021-29447.sh TARGET WP_USERNAME WP_PASSWORD PATH/FILE.EXT LHOST # Example: $ ./CVE-2021-29447.sh 10.10.XX.XX wptest test .. | CVE-2021-29447 |
| WordPress Plugin Duplicator 1.4.6 - Unauthenticated Backup Download | # Exploit Title: WordPress Plugin Duplicator 1.4.6 - Unauthenticated Backup Download # Google Dork: N/A # Date: 07.27.2022 # Exploit Author: SecuriTrust # Vendor Homepage: https://snapcreek.com/ # Software Link: https://wordpress.org/plugins/duplicator/ # Version: < 1.4.7 # Tested on: Linux, Windows # CVE : CVE-2022-2551 # Reference: https://securitrust.fr # Reference: https://github.com/SecuriTrust/CVEsLab/CVE-2022-2551 #Product: WordPress Plugin Duplicator < 1.4.7 #Vulnerability: 1-It allows | CVE-2022-2551 |
Last updated: April 22, 2024 | ||
If it's a great idea but you need help to make it a demonstrable reality Web Loft can help.
Webloft has experience in rapid prototyping using modern
industry standard components.
Web Loft has a wealth of experience working with a variety of technologies, languages and frameworks. Looking for something specific? Please check out the list below. If you don't see what you're looking for please get in touch and we can discuss how we can help.