1337day-Exploits

LvL-23
  • Content Count

    11,842
  • Avg. Content Per Day

    3
  • Joined

  • Last visited

  • Days Won

    1

Everything posted by 1337day-Exploits

  1. FreeSWITCH versions 1.10.6 and below suffer from a denial of service vulnerability when handling invalid SRTP packets. View the full article
  2. FreeSWITCH versions 1.10.5 and below fail to authenticate SIP SUBSCRIBE requests by default. View the full article
  3. Gestionale Open version 11.00.00 suffers from a local privilege escalation vulnerability. View the full article
  4. WordPress version 4.9.6 arbitrary file deletion exploit. Original discovery of this vulnerability is attributed to VulnSpy in June of 2018. View the full article
  5. WordPress Ninja Tables plugin version 4.1.7 suffers from a persistent cross site scripting vulnerability. View the full article
  6. FreeSWITCH versions 1.10.6 and below fails to authenticate SIP MESSAGE requests, leading to spam and message spoofing vulnerabilities. View the full article
  7. This Metasploit module exploits an unauthenticated remote code execution vulnerability which exists in Apache version 2.4.49 (CVE-2021-41773). If files outside of the document root are not protected by ‘require all denied’ and CGI has been explicitly enabled, it can be used to execute arbitrary commands. This vulnerability has been reintroduced in the Apache 2.4.50 fix (CVE-2021-42013). View the full article
  8. WordPress Media-Tags plugin version 3.2.0.2 suffers from a persistent cross site scripting vulnerability. View the full article
  9. Online Student Admission System version 1.0 suffers from remote SQL injection and shell upload vulnerabilities. View the full article
  10. FreeSWITCH versions 1.10.6 and below suffer from a SIP flooding denial of service vulnerability. View the full article
  11. phpMyAdmin version 4.8.1 remote code execution exploit. View the full article
  12. FreeSWITCH versions 1.10.6 and below suffer from a SIP digest leak vulnerability. An attacker can perform a SIP digest leak attack against FreeSWITCH and receive the challenge response of a gateway configured on the FreeSWITCH server. This is done by challenging FreeSWITCH's SIP requests with the realm set to that of the gateway, thus forcing FreeSWITCH to respond with the challenge response which is based on the password of that targeted gateway. View the full article
  13. GridPro Request Management for Windows Azure Pack versions 2.0.7905 and below suffer from a traversal vulnerability that can allow for arbitrary execution of Powershell scripts. View the full article
  14. Engineers Online Portal version 1.0 suffers from multiple remote SQL injection vulnerabilities. Original discovery of SQL injection in this version is attributed to n11secur1ty in October of 2021. View the full article
  15. Engineers Online Portal version 1.0 suffers from a persistent cross site scripting vulnerability. View the full article
  16. Online Event Booking and Reservation System version 1.0 suffers from a persistent cross site scripting vulnerability. View the full article
  17. OpenClinic GA version 5.194.18 suffers from a local privilege escalation vulnerability. View the full article
  18. Balbooa Joomla Forms Builder version 2.0.6 suffers from a remote SQL injection vulnerability. View the full article
  19. Netgear Genie version 2.4.64 suffers from an unquoted service path vulnerability. View the full article
  20. Build Smart ERP version 21.0817 suffers from a remote SQL injection vulnerability. View the full article
  21. WordPress TaxoPress plugin version 3.0.l7.1 suffers from a persistent cross site scripting vulnerability. View the full article
  22. Hikvision Web Server Build 210702 suffers from a command injection vulnerability. View the full article
  23. Apache HTTP Server version 2.4.50 remote code execution exploit. View the full article
  24. Engineers Online Portal version 1.0 suffers from a remote shell upload vulnerability. View the full article
  25. The Windows IKEEXT service does not verify the SPN when performing AuthIP authentication leading to leaking authentication tokens to untrusted systems. View the full article