truonghuuphuc

Pinned Repositories

CVE-2024-27956
CVE-2024-27956 WordPress Automatic < 3.92.1 - Unauthenticated SQL Injection
18 1 00
CVE-2024-27971-Note
CVE-2024-27971 WordPress Premmerce Permalink Manager for WooCommerce Plugin <= 2.3.10 is vulnerable to Local File Inclusion
3 1 00
CVE-2024-32523-Poc
CVE-2024-32523 Mailster <= 4.0.6 - Unauthenticated Local File Inclusion
5 1 01
CVE-2024-32709-Poc
CVE-2024-32709 WP-Recall – Registration, Profile, Commerce & More <= 16.26.5 - Unauthenticated SQL Injection
3 1 00
CVE-2024-3495-Poc
CVE-2024-3495 Country State City Dropdown CF7 <= 2.7.2 - Unauthenticated SQL Injection
Language:Python8 1 01
CVE-2024-3806-AND-CVE-2024-3807-Poc
CVE-2024-3806: Porto <= 7.1.0 - Unauthenticated Local File Inclusion via porto_ajax_posts CVE-2024-3807: Porto <= 7.1.0 - Authenticated (Contributor+) Local File Inclusion via Post Meta
8 1 10
CVE-2024-39943-Poc
CVE-2024-39943 rejetto HFS (aka HTTP File Server) 3 before 0.52.10 on Linux, UNIX, and macOS allows OS command execution by remote authenticated users (if they have Upload permissions). This occurs because a shell is used to execute df (i.e., with execSync instead of spawnSync in child_process in Node.js).
Language:Python19 1 16
CVE-2024-4898-Poc
CVE-2024-4898 InstaWP Connect – 1-click WP Staging & Migration <= 0.1.0.38 - Missing Authorization to Unauthenticated API setup/Arbitrary Options Update/Administrative User Creation
4 1 01
CVE-2024-5326-Poc
CVE-2024-5326 Post Grid Gutenberg Blocks and WordPress Blog Plugin – PostX <= 4.1.2 - Missing Authorization to Arbitrary Options Update
Language:Python7 1 03
Poc
Language:Python1 1 00

truonghuuphuc's Repositories

truonghuuphuc/CVE-2024-39943-Poc
CVE-2024-39943 rejetto HFS (aka HTTP File Server) 3 before 0.52.10 on Linux, UNIX, and macOS allows OS command execution by remote authenticated users (if they have Upload permissions). This occurs because a shell is used to execute df (i.e., with execSync instead of spawnSync in child_process in Node.js).
Language:Python19 1 16
truonghuuphuc/CVE-2024-27956
CVE-2024-27956 WordPress Automatic < 3.92.1 - Unauthenticated SQL Injection
18 1 00
truonghuuphuc/CVE-2024-3495-Poc
CVE-2024-3495 Country State City Dropdown CF7 <= 2.7.2 - Unauthenticated SQL Injection
Language:Python8 1 01
truonghuuphuc/CVE-2024-3806-AND-CVE-2024-3807-Poc
CVE-2024-3806: Porto <= 7.1.0 - Unauthenticated Local File Inclusion via porto_ajax_posts CVE-2024-3807: Porto <= 7.1.0 - Authenticated (Contributor+) Local File Inclusion via Post Meta
8 1 10
truonghuuphuc/CVE-2024-5326-Poc
CVE-2024-5326 Post Grid Gutenberg Blocks and WordPress Blog Plugin – PostX <= 4.1.2 - Missing Authorization to Arbitrary Options Update
Language:Python7 1 03
truonghuuphuc/CVE-2024-32523-Poc
CVE-2024-32523 Mailster <= 4.0.6 - Unauthenticated Local File Inclusion
5 1 01
truonghuuphuc/CVE-2024-4898-Poc
CVE-2024-4898 InstaWP Connect – 1-click WP Staging & Migration <= 0.1.0.38 - Missing Authorization to Unauthenticated API setup/Arbitrary Options Update/Administrative User Creation
4 1 01
truonghuuphuc/CVE-2024-27971-Note
CVE-2024-27971 WordPress Premmerce Permalink Manager for WooCommerce Plugin <= 2.3.10 is vulnerable to Local File Inclusion
3 1 00
truonghuuphuc/CVE-2024-32709-Poc
CVE-2024-32709 WP-Recall – Registration, Profile, Commerce & More <= 16.26.5 - Unauthenticated SQL Injection
3 1 00
truonghuuphuc/CVE-2024-6028-Poc
CVE-2024-6028 Quiz Maker <= 6.5.8.3 - Unauthenticated SQL Injection via 'ays_questions' Parameter
3 1 01
truonghuuphuc/CVE
All of my found cves
2 1 00
truonghuuphuc/CVE-2024-30491-Poc
CVE-2024-30491 ProfileGrid <= 5.7.8 - Authenticated (Subscriber+) SQL Injection
2 1 00
truonghuuphuc/CVE-2024-4295-Poc
CVE-2024-4295 Email Subscribers by Icegram Express <= 5.7.20 - Unauthenticated SQL Injection via hash
2 1 01
truonghuuphuc/CVE-2024-4443-Poc
CVE-2024-4443 Business Directory Plugin – Easy Listing Directories for WordPress <= 6.4.2 - Unauthenticated SQL Injection via listingfields Parameter
2 1 0
truonghuuphuc/CVE-2024-5522-Poc
CVE-2024-5522 HTML5 Video Player <= 2.5.26 - Unauthenticated SQL Injection
Language:Python2 1 01
truonghuuphuc/bug-bounty
list of bug bounty writeups
1 0 02
truonghuuphuc/CVE-1
CVE Update
1 0 00
truonghuuphuc/CVE-2024-27972-Poc
CVE-2024-27972 WP Fusion Lite <= 3.41.24 - Authenticated (Contributor+) Remote Code Execution
1 1 0
truonghuuphuc/CVE-2024-3293-Poc
CVE-2024-3293 rtMedia for WordPress, BuddyPress and bbPress <= 4.6.18 - Authenticated (Contributor+) SQL Injection via rtmedia_gallery Shortcode
1 1 0
truonghuuphuc/CVE-2024-3552-Poc
CVE-2024-3552 Web Directory Free <= 1.6.9 - Unauthenticated SQL Injection
1 1 00
truonghuuphuc/CVE-2024-3922-Poc
Dokan Pro <= 3.10.3 - Unauthenticated SQL Injection
1 1 0
truonghuuphuc/CVE-2024-4352-Poc
CVE-2024-4352 Tutor LMS Pro <= 2.7.0 - Missing Authorization to SQL Injection
1 1 0
truonghuuphuc/Poc
Language:Python1 1 00
truonghuuphuc/4-ZERO-3
403/401 Bypass Methods + Bash Automation + Your Support ;)
Language:Shell0 0 00
truonghuuphuc/AllAboutBugBounty
All about bug bounty (bypasses, payloads, and etc)
0 0 01
truonghuuphuc/OWASP-ZAP-Scripts
OWASP ZAP Proxy Scripts Scan CVE
Language:Python0 1 00
truonghuuphuc/testabc
0 1 00
truonghuuphuc/poc-proxycommand-vulnerable-v2
Proof of conept to exploit vulnerable proxycommand configurations on ssh clients
0 0
truonghuuphuc/templates_bugcrowd
Repository to house markdown templates for researchers
Language:Ruby0 0
truonghuuphuc/Tool-Scan-SQL-Injection
Language:Python1 01