This archive contains proof of concepts and a whitepaper that describes multiple email client implementations where popular clients for email are vulnerable to signature spoofing attacks.

A git clone action can leak cached / stored credentials for github.com to example.com due to insecure handling of newlines in the credential helper protocol.

Macs Framework version 1.14f suffers from cross site scripting and remote SQL injection vulnerabilities.

Centreon version 19.10.5 suffers from a remote SQL injection vulnerability.

PMB version 5.6 suffers from a remote SQL injection vulnerability.

User Management System version 2.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

Complaint Management System version 4.2 suffers a remote SQL injection vulnerability that allows for authentication bypass.

Online Shopping System Advanced version 1.0 suffers from a remote SQL injection vulnerability.

Online Course Registration 2.0 suffers from authentication bypass and remote SQL injection vulnerabilities.

Geeklog version 2.2.1 suffers from a remote SQL injection vulnerability.

Project Open CMS version 5.0.3 suffers from cross site scripting and remote SQL injection vulnerabilities.

School ERP Pro version 1.0 suffers from a remote SQL injection vulnerability.

Open-AudIT version 3.2.2 suffers from OS command injection, arbitrary file upload, and remote SQL injection vulnerabilities.

hits script version 1.0 suffers from a remote SQL injection vulnerability.

iJoomla AdAgency component version 6.0.9 suffers from a remote SQL injection vulnerability.

Fishing Reservation System suffers from multiple remote SQL injection vulnerabilities.

addressbook version 9.0.0.1 suffers from a remote SQL injection vulnerability.

Online Scheduling System version 1.0 suffers from a remote SQL injection vulnerability.

Pisay Online E-Learning System version 1.0 suffers from remote SQL Injection and code execution vulnerabilities.

YesWiki cercopitheque version 2020.04.18.1 suffers from a remote SQL injection vulnerability.

Online Clothing Store version 1.0 suffers from a remote SQL injection vulnerability.

Online AgroCulture Farm Management System version 1.0 suffers from a remote SQL injection vulnerability.

School File Management System version 1.0 suffers from a remote SQL injection vulnerability.

Car Park Management System version 1.0 suffers a remote SQL injection vulnerability that allows for authentication bypass.

WordPress ChopSlider plugin version 3 suffers from a remote SQL injection vulnerability.

Creative Zone suffers from a remote SQL injection vulnerability.

IPhone TreasonSMS suffers from html injection and file inclusion vulnerabilities.

Air Disk Wireless version 1.9 for iPad and iPhone suffers from local file inclusion and command injection vulnerabilities.

Transferable Remote version 1.1 for iPad and iPhone suffers from cross site scripting, remote command injection, and local file inclusion vulnerabilities.

sqlmap is an open source command-line automatic SQL injection tool. Its goal is to detect and take advantage of SQL injection vulnerabilities in web applications. Once it detects one or more SQL injections on the target host, the user can choose among a variety of options to perform an extensive back-end database management system fingerprint, retrieve DBMS session user and database, enumerate users, password hashes, privileges, databases, dump entire or user's specified DBMS tables/columns, run his own SQL statement, read or write either text or binary files on the file system, execute arbitrary commands on the operating system, establish an out-of-band stateful connection between the attacker box and the database server via Metasploit payload stager, database stored procedure buffer overflow exploitation or SMB relay attack and more.

TP-LINK Cloud Cameras including products NC200, NC210, NC220, NC230, NC250, NC260, and NC450 suffer from a command injection vulnerability. The issue is located in the swSystemSetProductAliasCheck method of the ipcamera binary (Called when setting a new alias for the device via /setsysname.fcgi), where despite a check on the name length, no other checks are in place in order to prevent shell metacharacters from being introduced. The system name would then be used in swBonjourStartHTTP as part of a shell command where arbitrary commands could be injected and executed as root.

Skyjack takes over Parrot drones, deauthenticating their true owner and taking over control, turning them into zombie drones under your own control.

Teltonika RUT9XX routers with firmware before 00.04.233 are prone to multiple unauthenticated OS command injection vulnerabilities in autologin.cgi and hotspotlogin.cgi due to insufficient user input sanitization. This allows remote attackers to execute arbitrary commands with root privileges.

This Metasploit module exploits a command injection vulnerability in Imperva SecureSphere version 13.x. The vulnerability exists in the PWS service, where Python CGIs did not properly sanitize user supplied command parameters and directly passes them to corresponding CLI utility, leading to command injection. Agent registration credential is required to exploit SecureSphere in gateway mode. This module was successfully tested on Imperva SecureSphere 13.0/13.1/13.2 in pre-ftl mode and unsealed gateway mode.

An exploitable command injection vulnerability exists in the ACEManager iplogging.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A specially crafted HTTP request can inject arbitrary commands, resulting in arbitrary command execution. An attacker can send an authenticated HTTP request to trigger this vulnerability.