1337day-Exploits

FreeSWITCH versions 1.10.6 and below suffer from a denial of service vulnerability when handling invalid SRTP packets. View the full article

FreeSWITCH versions 1.10.5 and below fail to authenticate SIP SUBSCRIBE requests by default. View the full article

Gestionale Open version 11.00.00 suffers from a local privilege escalation vulnerability. View the full article

WordPress version 4.9.6 arbitrary file deletion exploit. Original discovery of this vulnerability is attributed to VulnSpy in June of 2018. View the full article

WordPress Ninja Tables plugin version 4.1.7 suffers from a persistent cross site scripting vulnerability. View the full article

FreeSWITCH versions 1.10.6 and below fails to authenticate SIP MESSAGE requests, leading to spam and message spoofing vulnerabilities. View the full article

This Metasploit module exploits an unauthenticated remote code execution vulnerability which exists in Apache version 2.4.49 (CVE-2021-41773). If files outside of the document root are not protected by ‘require all denied’ and CGI has been explicitly enabled, it can be used to execute arbitrary commands. This vulnerability has been reintroduced in the Apache 2.4.50 fix (CVE-2021-42013). View the full article

WordPress Media-Tags plugin version 3.2.0.2 suffers from a persistent cross site scripting vulnerability. View the full article

Online Student Admission System version 1.0 suffers from remote SQL injection and shell upload vulnerabilities. View the full article

FreeSWITCH versions 1.10.6 and below suffer from a SIP flooding denial of service vulnerability. View the full article

phpMyAdmin version 4.8.1 remote code execution exploit. View the full article

FreeSWITCH versions 1.10.6 and below suffer from a SIP digest leak vulnerability. An attacker can perform a SIP digest leak attack against FreeSWITCH and receive the challenge response of a gateway configured on the FreeSWITCH server. This is done by challenging FreeSWITCH's SIP requests with the realm set to that of the gateway, thus forcing FreeSWITCH to respond with the challenge response which is based on the password of that targeted gateway. View the full article

GridPro Request Management for Windows Azure Pack versions 2.0.7905 and below suffer from a traversal vulnerability that can allow for arbitrary execution of Powershell scripts. View the full article

Engineers Online Portal version 1.0 suffers from multiple remote SQL injection vulnerabilities. Original discovery of SQL injection in this version is attributed to n11secur1ty in October of 2021. View the full article

Engineers Online Portal version 1.0 suffers from a persistent cross site scripting vulnerability. View the full article

Online Event Booking and Reservation System version 1.0 suffers from a persistent cross site scripting vulnerability. View the full article

OpenClinic GA version 5.194.18 suffers from a local privilege escalation vulnerability. View the full article

Balbooa Joomla Forms Builder version 2.0.6 suffers from a remote SQL injection vulnerability. View the full article

Netgear Genie version 2.4.64 suffers from an unquoted service path vulnerability. View the full article

Build Smart ERP version 21.0817 suffers from a remote SQL injection vulnerability. View the full article

WordPress TaxoPress plugin version 3.0.l7.1 suffers from a persistent cross site scripting vulnerability. View the full article

Hikvision Web Server Build 210702 suffers from a command injection vulnerability. View the full article

Apache HTTP Server version 2.4.50 remote code execution exploit. View the full article

Engineers Online Portal version 1.0 suffers from a remote shell upload vulnerability. View the full article

The Windows IKEEXT service does not verify the SPN when performing AuthIP authentication leading to leaking authentication tokens to untrusted systems. View the full article