Huseein Amer whiteman007

## gist:a5c75da8ccacb688b2185d25abdc6b85
<%@ Page Language="C#"   trace="false" EnableViewStateMac="false"  validateRequest="false"  enableEventValidation="false" %>
<%@ import Namespace="System.Collections.Generic"%>
<%@ import Namespace="System.Web.Services"%>
<%@ import Namespace="System.Web"%>
<%@ import Namespace="System.IO"%>
<%@ import Namespace="System"%>
<%@ import Namespace="System.Net" %>
<%@ import Namespace="System.Diagnostics"%>
<%@ Import Namespace="System.Data.SqlClient"%>
<%@ import Namespace="Microsoft.Win32"%>

## CVE-2024-29291
CVE-ID: CVE-2024-29291

Description:

A vulnerability has been discovered in the Laravel Framework in versions from 8.* to 11.*, allowing a remote attacker to obtain sensitive information via the laravel.log component. This vulnerability leads to the leakage of database credentials.

Additional Information:

None.

## zkbio media
First you download the program through ZKBio Media_V2.0.0_x64_2024-01-29-1028


https://www.zkteco.com/en/download_center
After installing the useful program
You can lose the problem through which any file can be downloaded from the Windows system without electronics
A copy of the database can be downloaded
https://127.0.0.1:9999/pro/common/download?fileName=../../../../zkbio_media.sql
You can choose a file like the one you created a file named
a.apk

## CVE-2024-22990
CVE ID: CVE-2024-22990
Vendor of Product: zkbioSecurity - 2.5
Description: Allowing unauthorized access to sensitive images without proper security permissions. The vulnerability manifests when a site administrator adds a user or an employee captures their picture. Subsequently, any attacker can view all images by guessing the image URLs, circumventing security measures.
Vulnerability Type: misconfiguration
Severity: High

poc
> [Attack Vectors]
> can any attacker show and download private images admin and employe but get the path
> 1-go to http://58.23.12.98:5888/ the demo

## CVE-2024-22986
CVE ID: CVE-2024-22986
Vulnerability Type: SQL Injection
Vendor of Product: Adv ardius
Affected Product Code Base: adv radius - 2.2.5
Vulnerability Description: This CVE refers to a SQL Injection vulnerability in Adv Raduis, providing attackers an opportunity to execute unauthorized SQL queries on the database. Successful exploitation of this vulnerability allows the attacker to access sensitive data, manipulate the database, or execute other malicious commands.
Severity: High
Root Cause: The vulnerability originates from inadequate input validation in the Adv Raduis application, enabling malicious actors to inject unauthorized SQL queries.

## CVE-2024-22985
CVE Identifier: CVE-2024-22985
Vulnerability Title: Cross-Site Scripting (XSS) in [adv ardius]
Vendor of Product: adv ardius
Vulnerability Description: CVE-2024-22985 refers to a Cross-Site Scripting (XSS) vulnerability present in [adv arduis]. This type of vulnerability allows attackers to inject malicious scripts into web pages viewed by other users. The injected scripts can be executed within the context of the victim's browser, potentially leading to the theft of sensitive information, session hijacking, or other malicious actions.
Root Cause: The vulnerability arises due to insufficient input sanitization in the adv arduis application, enabling attackers to inject malicious scripts into web pages.
Impact: Successful exploitation of this vulnerability can result in the compromise of user data, unauthorized access to sensitive information, session hijacking, and potentially the execution of arbitrary code within the context of the victim's browser.

## CVE-2024-22923.txt
CVE ID: CVE-2024-22923
Affected Product:
Adv Raduis
Affected Version: 2.2.5
Vulnerability Type:
SQL Injection
Root Cause:
Failure to properly sanitize user inputs in the Adv Raduis application, leading to the possibility of unauthorized SQL query injection.
Vulnerability Description: This CVE refers to a SQL Injection vulnerability in Adv Raduis, providing attackers an opportunity to execute unauthorized SQL queries on the database. Successful exploitation of this vulnerability allows the attacker to access sensitive data, manipulate the database, or execute other malicious commands.
Impact:
	<%@ Page Language="C#" trace="false" EnableViewStateMac="false" validateRequest="false" enableEventValidation="false" %>
	<%@ import Namespace="System.Collections.Generic"%>
	<%@ import Namespace="System.Web.Services"%>
	<%@ import Namespace="System.Web"%>
	<%@ import Namespace="System.IO"%>
	<%@ import Namespace="System"%>
	<%@ import Namespace="System.Net" %>
	<%@ import Namespace="System.Diagnostics"%>
	<%@ Import Namespace="System.Data.SqlClient"%>
	<%@ import Namespace="Microsoft.Win32"%>
	CVE-ID: CVE-2024-29291

	Description:

	A vulnerability has been discovered in the Laravel Framework in versions from 8.* to 11.*, allowing a remote attacker to obtain sensitive information via the laravel.log component. This vulnerability leads to the leakage of database credentials.

	Additional Information:

	None.
	First you download the program through ZKBio Media_V2.0.0_x64_2024-01-29-1028


	https://www.zkteco.com/en/download_center
	After installing the useful program
	You can lose the problem through which any file can be downloaded from the Windows system without electronics
	A copy of the database can be downloaded
	https://127.0.0.1:9999/pro/common/download?fileName=../../../../zkbio_media.sql
	You can choose a file like the one you created a file named
	a.apk
	CVE ID: CVE-2024-22990
	Vendor of Product: zkbioSecurity - 2.5
	Description: Allowing unauthorized access to sensitive images without proper security permissions. The vulnerability manifests when a site administrator adds a user or an employee captures their picture. Subsequently, any attacker can view all images by guessing the image URLs, circumventing security measures.
	Vulnerability Type: misconfiguration
	Severity: High

	poc
	> [Attack Vectors]
	> can any attacker show and download private images admin and employe but get the path
	> 1-go to http://58.23.12.98:5888/ the demo
	CVE ID: CVE-2024-22986
	Vulnerability Type: SQL Injection
	Vendor of Product: Adv ardius
	Affected Product Code Base: adv radius - 2.2.5
	Vulnerability Description: This CVE refers to a SQL Injection vulnerability in Adv Raduis, providing attackers an opportunity to execute unauthorized SQL queries on the database. Successful exploitation of this vulnerability allows the attacker to access sensitive data, manipulate the database, or execute other malicious commands.
	Severity: High
	Root Cause: The vulnerability originates from inadequate input validation in the Adv Raduis application, enabling malicious actors to inject unauthorized SQL queries.
	CVE Identifier: CVE-2024-22985
	Vulnerability Title: Cross-Site Scripting (XSS) in [adv ardius]
	Vendor of Product: adv ardius
	Vulnerability Description: CVE-2024-22985 refers to a Cross-Site Scripting (XSS) vulnerability present in [adv arduis]. This type of vulnerability allows attackers to inject malicious scripts into web pages viewed by other users. The injected scripts can be executed within the context of the victim's browser, potentially leading to the theft of sensitive information, session hijacking, or other malicious actions.
	Root Cause: The vulnerability arises due to insufficient input sanitization in the adv arduis application, enabling attackers to inject malicious scripts into web pages.
	Impact: Successful exploitation of this vulnerability can result in the compromise of user data, unauthorized access to sensitive information, session hijacking, and potentially the execution of arbitrary code within the context of the victim's browser.
	CVE ID: CVE-2024-22923
	Affected Product:
	Adv Raduis
	Affected Version: 2.2.5
	Vulnerability Type:
	SQL Injection
	Root Cause:
	Failure to properly sanitize user inputs in the Adv Raduis application, leading to the possibility of unauthorized SQL query injection.
	Vulnerability Description: This CVE refers to a SQL Injection vulnerability in Adv Raduis, providing attackers an opportunity to execute unauthorized SQL queries on the database. Successful exploitation of this vulnerability allows the attacker to access sensitive data, manipulate the database, or execute other malicious commands.
	Impact: