what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 98 RSS Feed

Files from Julien Ahrens

First Active2012-01-08
Last Active2024-09-01
Wordpress Plugin WooCommerce Payments Unauthenticated Admin Creation
Posted Sep 1, 2024
Authored by h00die, Julien Ahrens, Michael Mazzolini | Site metasploit.com

WooCommerce-Payments plugin for Wordpress versions 4.8, 4.8.2, 4.9, 4.9.1, 5.0, 5.0.4, 5.1, 5.1.3, 5.2, 5.2.2, 5.3, 5.3.1, 5.4, 5.4.1, 5.5, 5.5.2, and 5.6, 5.6.2 contain an authentication bypass by specifying a valid user ID number within the X-WCPAY-PLATFORM-CHECKOUT-USER header. With this authentication bypass, a user can then use the API to create a new user with administrative privileges on the target WordPress site IF the user ID selected corresponds to an administrator account.

tags | exploit
advisories | CVE-2023-28121
SHA-256 | 6f6df2d58639769e982d2ed7af034862e1b5fef526f5ddae0309cdf72c8e05ac
WordPress GiveWP Donation / Fundraising Platform 3.14.1 Code Execution
Posted Aug 29, 2024
Authored by Julien Ahrens, Valentin Lobstein, EQSTSeminar, Villu Orav | Site metasploit.com

The GiveWP Donation plugin and Fundraising Platform plugin for WordPress in all versions up to and including 3.14.1 is vulnerable to a PHP object injection (POI) flaw granting an unauthenticated attacker arbitrary code execution.

tags | exploit, arbitrary, php, code execution
advisories | CVE-2024-5932
SHA-256 | e3b0f075dd3c67bb401766241b1a40088cf8f52a33b79fe6c2ea5b667c1296f2
FC Red Bull Salzburg App 5.1.9-R Improper Authorization
Posted Jun 5, 2023
Authored by Julien Ahrens | Site rcesecurity.com

FC Red Bull Salzburg App versions 5.1.9-R and below suffer from an improper authorization vulnerability.

tags | exploit
advisories | CVE-2023-29459
SHA-256 | 36f9fa037213d0a9bfa5881ce525ecadb7dad8894ee921d052b3d7b443ff7925
SecurePoint UTM 12.x Memory Leak
Posted Apr 18, 2023
Authored by Julien Ahrens | Site rcesecurity.com

SecurePoint UTM versions 12.x suffers from a memory leak vulnerability via the spcgi.cgi endpoint.

tags | exploit, cgi, memory leak
advisories | CVE-2023-22897
SHA-256 | 15ddc40a5043fe4407a10fa673fb39fdb12a08b717f9167e70ad626fbe024350
SecurePoint UTM 12.x Session ID Leak
Posted Apr 18, 2023
Authored by Julien Ahrens | Site rcesecurity.com

SecurePoint UTM versions 12.x suffers from a session identifier leak vulnerability via the spcgi.cgi endpoint.

tags | exploit, cgi, info disclosure
advisories | CVE-2023-22620
SHA-256 | 1d4cd9e39a6938ba5bad5e9bd158f7895198cb30170e4a59be88883cdba0cd69
WordPress Quiz And Survey Master 8.0.8 Cross Site Request Forgery
Posted Feb 15, 2023
Authored by Julien Ahrens | Site rcesecurity.com

WordPress Quiz and Survey Master plugin versions 8.0.8 and below suffer from a cross site request forgery vulnerability.

tags | exploit, csrf
advisories | CVE-2023-0292
SHA-256 | 078ea2f052b0bdbecbdbb86ff5abadf7af3ecef36acd21e345034b86b58c3b8e
WordPress Quiz And Survey Master 8.0.8 Media Deletion
Posted Feb 15, 2023
Authored by Julien Ahrens | Site rcesecurity.com

WordPress Quiz and Survey Master plugin versions 8.0.8 and below suffer from a missing authentication vulnerability that allows an attacker to delete media from the WordPress instance.

tags | exploit
advisories | CVE-2023-0291
SHA-256 | 45afa719cdeb338f8d0beb9b6c68e717ebfe472417ebe348bbc34459b0250c7c
Intel Data Center Manager 4.1 SQL Injection
Posted Dec 9, 2022
Authored by Julien Ahrens | Site rcesecurity.com

Intel Data Center Manager's endpoint at "/DcmConsole/DataAccessServlet?action=getRoomRackData" is vulnerable to an authenticated, blind SQL injection attack when user-supplied input to the HTTP POST parameter "dataName" is processed by the web application. Versions 4.1 and below are affected.

tags | exploit, web, sql injection
advisories | CVE-2022-21225
SHA-256 | a04c70c3c5d6b08862017de94ee487ead5f2b2595fd13961e1c80a947b2d275c
Intel Data Center Manager 5.1 Local Privilege Escalation
Posted Dec 9, 2022
Authored by Julien Ahrens | Site rcesecurity.com

The latest version (5.1) and all prior versions of Intel's Data Center Manager are vulnerable to a local privileges escalation vulnerability using the application user "dcm" used to run the web application and the rest interface. An attacker who gained remote code execution using this dcm user (i.e., through Log4j) is then able to escalate their privileges to root by abusing a weak sudo configuration for the "dcm" user.

tags | exploit, remote, web, local, root, code execution
SHA-256 | 566ceaa70e7ce9a3bd9825a0b7a97b644b608fe05fd23b30746e3017a5408ae6
Intel Data Center Manager 4.1.1.45749 Authentication Bypass / Spoofing
Posted Nov 30, 2022
Authored by Julien Ahrens | Site rcesecurity.com

Intel Data Center Manager versions 4.1.1.45749 and below suffer from an authentication bypass vulnerability via spoofing.

tags | advisory, spoof, bypass
advisories | CVE-2022-33942
SHA-256 | c994d19000e263ed1c33f5352902d080b70eb355d42bec09d1cf2d70a522e3e4
WordPress BeTheme 26.5.1.4 PHP Object Injection
Posted Nov 21, 2022
Authored by Julien Ahrens | Site rcesecurity.com

WordPress BeTheme theme version 26.5.1.4 suffers from multiple PHP object injection vulnerabilities when processing input.

tags | exploit, php, vulnerability
advisories | CVE-2022-3861
SHA-256 | 796d230d939138bf65ab0ead41b12275e53550798cf863b9b6609b758208dec5
WordPress BeTheme BeCustom 1.0.5.2 Cross Site Request Forgery
Posted Nov 15, 2022
Authored by Julien Ahrens | Site rcesecurity.com

WordPress BeTheme BeCustom plugin versions 1.0.5.2 and below suffer from a cross site request forgery vulnerability.

tags | exploit, csrf
advisories | CVE-2022-3747
SHA-256 | 651b396c90687b1931dfce7d1f9402a1dff09a912ce895903c27111b0634e43e
Transposh WordPress Translation 1.0.8.1 Incorrect Authorization
Posted Aug 19, 2022
Authored by Julien Ahrens | Site rcesecurity.com

Transposh WordPress Translation versions 1.0.8.1 and below suffer from an incorrect authorization vulnerability.

tags | exploit
advisories | CVE-2022-2536
SHA-256 | cf075b58a8a1c31fce95fca535703432ed02017dc8456967462b1e93044c2dcc
Transposh WordPress Translation 1.0.8.1 Remote Code Execution
Posted Jul 29, 2022
Authored by Julien Ahrens | Site rcesecurity.com

Transposh WordPress Translation versions 1.0.8.1 and below have a "save_transposh" action available at "/wp-admin/admin.php?page=tp_advanced" that does not properly validate the "Log file name" allowing an attacker with the "Administrator" role to specify a .php file as the log destination. Since the log file is stored directly within the "/wp-admin" directory, executing arbitrary PHP code is possible by simply sending a crafted request that gets logged.

tags | exploit, arbitrary, php
advisories | CVE-2022-25812
SHA-256 | 8347827a18239dee9d623ea317bc7751b1e867031f7d4bbe6349594f42f4006f
Transposh WordPress Translation 1.0.8.1 SQL Injection
Posted Jul 29, 2022
Authored by Julien Ahrens | Site rcesecurity.com

Transposh WordPress Translation versions 1.0.8.1 and below have a "tp_editor" page at "/wp-admin/admin.php?page=tp_editor" that is vulnerable to two authenticated, blind SQL injections when user-supplied input to the HTTP GET parameters "order" and "orderby" is processed by the web application.

tags | exploit, web, php, sql injection
advisories | CVE-2022-25811
SHA-256 | 6ffce07022d6d645854345ed70ea8823b6aaf618f4db874a0b2b20afa74331a3
Transposh WordPress Translation 1.0.8.1 Improper Authorization
Posted Jul 29, 2022
Authored by Julien Ahrens | Site rcesecurity.com

Transposh WordPress Translation versions 1.0.8.1 and below do not properly enforce authorization on functionalities available on the plugin's "Utilities" page leading to unauthorized access for all user roles, including "Subscriber".

tags | exploit
advisories | CVE-2022-25810
SHA-256 | af33faff2eac2d7e60b23a09b13a21e743b2acab343abb9a1ba1e8f3913a386d
Transposh WordPress Translation 1.0.8.1 Information Disclosure
Posted Jul 29, 2022
Authored by Julien Ahrens | Site rcesecurity.com

Transposh WordPress Translation versions 1.0.8.1 and below have an ajax action called "tp_history" which is intended to return data about who has translated a text given by the "token" parameter. However, the plugin also returns the user's login name as part of the "user_login" attribute. Successful exploits can allow an unauthenticated attacker to leak the WordPress username of translators. If an anonymous user submitted the translation, then the user's IP address is returned.

tags | exploit, info disclosure
advisories | CVE-2022-2462
SHA-256 | 9edfbd7e51dbf96c4ec365750f8acbdc5e0bcb40dfa07245a905258f418c9681
Transposh WordPress Translation 1.0.8.1 Cross Site Request Forgery
Posted Jul 29, 2022
Authored by Julien Ahrens | Site rcesecurity.com

Transposh WordPress Translation versions 1.0.8.1 and below suffer from cross site request forgery vulnerabilities.

tags | exploit, vulnerability, csrf
advisories | CVE-2021-24912
SHA-256 | 00f492b81f8c36b3158ff92303a3ed9b8713a137b201a866100dd6430cd9a03c
Transposh WordPress Translation 1.0.7 Incorrect Authorization
Posted Jul 29, 2022
Authored by Julien Ahrens | Site rcesecurity.com

Transposh WordPress Translation versions 1.0.7 and below suffer from an incorrect authorization vulnerability. When installed, Transposh comes with a set of pre-configured options, one of these is the "Who can translate" setting under the "Settings" tab, which by default allows "Anonymous" users to add translations via the plugin's "tp_translation" ajax action. Successful exploits can allow an unauthenticated attacker to add translations to the WordPress site and thereby influence what is actually shown on the site.

tags | exploit
advisories | CVE-2022-2461
SHA-256 | c25e589bc0f339822e669aa5ee336af340896bf3579587f6ad8e5c6ae0691179
Transposh WordPress Translation 1.0.7 Cross Site Scripting
Posted Jul 29, 2022
Authored by Julien Ahrens | Site rcesecurity.com

Transposh WordPress Translation versions 1.0.7 and below have an ajax action "tp_translation" which is available to authenticated or unauthenticated users (see CVE-2022-2461) that allows them to submit new translations. Translations submitted this way are shown on the Transposh administrative interface on the pages "tp_main" and "tp_editor". However, since the plugin does not properly validate and sanitize the submitted translation, arbitrary Javascript code can be permanently injected and executed directly within the backend across all users visiting the page with the roles of at least "Subscriber" and up to "Administrator".

tags | exploit, arbitrary, javascript, xss
advisories | CVE-2021-24911
SHA-256 | 484332c9e36ec88f8a190cc80119a1f22da60e0f49e9a327a7f7268bba597fb7
Transposh WordPress Translation 1.0.7 Cross Site Scripting
Posted Jul 29, 2022
Authored by Julien Ahrens | Site rcesecurity.com

Transposh WordPress Translation versions 1.0.7 and below have an ajax action "tp_tp" that is vulnerable to an unauthenticated/authenticated reflected cross site scripting vulnerability when user-supplied input to the HTTP GET parameter "q" is processed by the web application. Since the application does not properly validate and sanitize this parameter, it is possible to place arbitrary script code onto the same page.

tags | exploit, web, arbitrary, xss
advisories | CVE-2021-24910
SHA-256 | 126f6f0908b2d0af3788074669b78c52b992a1d268ad9fca40e951bf16e63e90
Reolink E1 Zoom Camera 3.0.0.716 Configuration Disclosure
Posted Jun 6, 2022
Authored by Julien Ahrens | Site rcesecurity.com

Reolink E1 Zoom Camera versions 3.0.0.716 and below suffer from a configuration disclosure vulnerability.

tags | exploit, info disclosure
advisories | CVE-2021-40150
SHA-256 | ba600aa8322c82ebd04618aeda4cdc9a22917520900038fa00529aee1c78ebb1
Reolink E1 Zoom Camera 3.0.0.716 Private Key Disclosure
Posted Jun 6, 2022
Authored by Julien Ahrens | Site rcesecurity.com

Reolink E1 Zoom Camera versions 3.0.0.716 and below suffer from a private key disclosure vulnerability.

tags | exploit, info disclosure
advisories | CVE-2021-40149
SHA-256 | 6a0bd039c1f58f660697b01a27d1512dbd2ffb57a9229991176f80a78cd66c64
WordPress User Meta Lite / Pro 2.4.3 Path Traversal
Posted May 30, 2022
Authored by Julien Ahrens | Site rcesecurity.com

WordPress User Meta Lite and Pro plugin versions 2.4.3 and below suffer from a path traversal vulnerability.

tags | exploit, file inclusion
advisories | CVE-2022-0779
SHA-256 | 9f5dfc7d061a12ed0156906753e063fd8b488898a8f4b2709039a9ee6f78125f
SAP Knowledge Warehouse 7.50 / 7.40 / 7.31 / 7.30 Cross Site Scripting
Posted Mar 21, 2022
Authored by Julien Ahrens | Site rcesecurity.com

SAP Knowledge Warehouse versions 7.30, 7.31, 7.40, and 7.50 suffer from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2021-42063
SHA-256 | 3cdb75beff9ad13b8fd31c0196339aaa4bd2eba05bc62d3ddf8e67c54c8cf3a8
Page 1 of 4
Back1234Next

File Archive:

December 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    0 Files
  • 2
    Dec 2nd
    41 Files
  • 3
    Dec 3rd
    0 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close