V1n1v131r4

13 exploits Active since Dec 2019
CVE-2019-19889 WRITEUP HIGH WRITEUP
Humaxdigital Hgb10r-02 Firmware - Cleartext Transmission
An issue was discovered on Humax Wireless Voice Gateway HGB10R-2 20160817_1855 devices. The attacker can discover admin credentials in the backup file, aka backupsettings.conf.
CVSS 7.5
CVE-2019-19890 WRITEUP HIGH WRITEUP
Humaxdigital Hgb10r-02 Firmware - Cleartext Transmission
An issue was discovered on Humax Wireless Voice Gateway HGB10R-2 20160817_1855 devices. Admin credentials are sent over cleartext HTTP.
CVSS 7.5
CVE-2019-19916 WRITEUP MEDIUM WRITEUP
Midori - XSS
In Midori Browser 0.5.11 (on Windows 10), Content Security Policy (CSP) is not applied correctly to all parts of multipart content sent with the multipart/x-mixed-replace MIME type. This could result in script running where CSP should have blocked it, allowing for cross-site scripting (XSS) and other attacks when the product renders the content as HTML. Remediating this would also need to consider the polyglot case, e.g., a file that is a valid GIF image and also valid JavaScript.
CVSS 6.1
CVE-2019-20203 WRITEUP MEDIUM WRITEUP
Postie < 1.9.40 - Authentication Bypass by Spoofing
The Authorized Addresses feature in the Postie plugin 1.9.40 for WordPress allows remote attackers to publish posts by spoofing the From information of an email message.
CVSS 5.3
CVE-2020-23824 WRITEUP HIGH WORKING POC
ArGo Soft Mail Server 1.8.8.9 - CSRF
ArGo Soft Mail Server 1.8.8.9 is affected by Cross Site Request Forgery (CSRF) for perform remote arbitrary code execution. The component is the Administration dashboard. When using admin/user credentials, if the admin/user admin opens a website with the malicious page that will run the CSRF.
CVSS 8.8
CVE-2020-7241 WRITEUP HIGH WRITEUP
WP Database Backup <5.5 - Info Disclosure
The WP Database Backup plugin through 5.5 for WordPress stores downloads by default locally in the directory wp-content/uploads/db-backup/. This might allow attackers to read ZIP archives by guessing random ID numbers, guessing date strings with a 2020_{0..1}{0..2}_{0..3}{0..9} format, guessing UNIX timestamps, and making HTTPS requests with the complete guessed URL.
CVSS 7.5
CVE-2020-8658 WRITEUP HIGH WRITEUP
BestWebSoft Htaccess <1.8.1 - CSRF
The BestWebSoft Htaccess plugin through 1.8.1 for WordPress allows wp-admin/admin.php?page=htaccess.php&action=htaccess_editor CSRF. The flag htccss_nonce_name passes the nonce to WordPress but the plugin does not validate it correctly, resulting in a wrong implementation of anti-CSRF protection. In this way, an attacker is able to direct the victim to a malicious web page that modifies the .htaccess file, and takes control of the website.
CVSS 8.8
CVE-2020-37032 EXPLOITDB HIGH text WORKING POC
Wing FTP Server 6.3.8 - RCE
Wing FTP Server 6.3.8 contains a remote code execution vulnerability in its Lua-based web console that allows authenticated users to execute system commands. Attackers can leverage the console to send POST requests with malicious commands that trigger operating system execution through the os.execute() function.
CVSS 8.8
CVE-2020-37023 EXPLOITDB HIGH text WORKING POC
Koken CMS <0.22.24 - Auth Bypass
Koken CMS 0.22.24 contains a file upload vulnerability that allows authenticated attackers to bypass file extension restrictions by renaming malicious PHP files. Attackers can upload PHP files with system command execution capabilities by manipulating the file upload request through a web proxy and changing the file extension.
CVSS 8.8
CVE-2021-45268 EXPLOITDB HIGH html WORKING POC
Backdrop - CSRF
A Cross Site Request Forgery (CSRF) vulnerability exists in Backdrop CMS 1.20, which allows Remote Attackers to gain Remote Code Execution (RCE) on the Hosting Webserver via uploading a maliciously add-on with crafted PHP file. NOTE: the vendor disputes this because the attack requires a session cookie of a high-privileged authenticated user who is entitled to install arbitrary add-ons
CVSS 8.8
CVE-2019-20204 EXPLOITDB MEDIUM text WORKING POC
Postie < 1.9.40 - XSS
The Postie plugin 1.9.40 for WordPress allows XSS, as demonstrated by a certain payload with jaVasCript:/* at the beginning and a crafted SVG element.
CVSS 5.4
EIP-2026-112190 EXPLOITDB text WORKING POC
SiteMagic CMS 4.4.2 - Arbitrary File Upload (Authenticated)
EIP-2026-102420 EXPLOITDB text WORKING POC
Scopia XT Desktop 8.3.915.4 - Cross-Site Request Forgery (change admin password)