ECK Hotel 1.0 - Cross-Site Request Forgery (Add Admin)

ECK Hotel 1.0 - Cross-Site Request Forgery Add Admin Exploit Title : ECK Hotel 1.0 - Cross-Site Request Forgery Add Admin Product : ECK Hotel Version : 1.0-beta Date: 2020-03-26 Software Download: https://sourceforge.net/projects/eckhotel/files/eck-hotel-v1.0-beta.zip/download Exploit Author:...

Rconfig 3.x Chained Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Rconfig 3.x Chained Remote Code Execution', 'Description' = ' This module exploits multiple vulnerabilities in rConfig version 3.9 in order to...

RedwoodHQ 2.5.5 - Authentication Bypass Vulnerability

Exploit for multiple platform in category web applications -- encoding: utf-8 -- !/usr/bin/python3 Exploit Title: RedxploitHQ Create Admin User by missing authentication on db Date: 14-june-2019 Exploit Author: EthicalHCOP Version: 2.0 / 2.5.5 Vendor Homepage: https://redwoodhq.com/ Software Link...

RedwoodHQ 2.5.5 Authentication Bypass

-- encoding: utf-8 -- !/usr/bin/python3 Exploit Title: RedxploitHQ Create Admin User by missing authentication on db Date: 14-june-2019 Exploit Author: EthicalHCOP Version: 2.0 / 2.5.5 Vendor Homepage: https://redwoodhq.com/ Software Link: https://redwoodhq.com/redwood-download/ Tested on: Ubuntu...

Apache CouchDB 2.3.1 - Cross-Site Request Forgery / Cross-Site Scripting

Exploit Title: Apache CouchDB 2.3.1 | Cross-Site Request Forgery / Cross-Site Scripting Date: 22.03.2019 Exploit Author: Ozer Goker Vendor Homepage: http://couchdb.apache.org Software Link: http://couchdb.apache.org/download Version: 2.3.1 Introduction A CouchDB server hosts named databases, whic...

Apache CouchDB 2.3.1 Cross Site Request Forgery / Cross Site Scripting

Exploit Title: Apache CouchDB 2.3.1 | Cross-Site Request Forgery / Cross-Site Scripting Date: 22.03.2019 Exploit Author: Ozer Goker Vendor Homepage: http://couchdb.apache.org Software Link: http://couchdb.apache.org/download Version: 2.3.1 Introduction A CouchDB server hosts named databases, whic...

CVE-2018-15459

A vulnerability in the administrative web interface of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to gain additional privileges on an affected device. The vulnerability is due to improper controls on certain pages in the web interface. An attacker could explo...

Ticketly 1.0 - Cross-Site Request Forgery (Add Admin)

Ticketly 1.0 - Cross-Site Request Forgery Add Admin Exploit Title: Ticketly 1.0 - Cross-Site Request Forgery Add Admin Exploit Author: Javier Olmedo Website: https://hackpuntes.com Date: 2018-11-19 Google Dork: N/A Vendor: Abisoft https://abisoftgt.net Software Link:...

Robert 0.5 - Multiple Vulnerabilities

Robert 0.5 - Multiple Vulnerabilities Exploit Title: Robert 0.5 - Multiple Vulnerabilities XSS, CSRF, Directory traversal & SQLi Date: 07/06/2017 Exploit Author: Cyril Vallicari / HTTPCS - ZIWIT Vendor website :http://robert.polosson.com/ Download link :...

Robert 0.5 - Multiple Vulnerabilities

Exploit for php platform in category web applications Exploit Title: Robert 0.5 - Multiple Vulnerabilities XSS, CSRF, Directory traversal & SQLi Date: 07/06/2017 Exploit Author: Cyril Vallicari / HTTPCS - ZIWIT Vendor website :http://robert.polosson.com/ Download link :...

Vulnerability of Microsoft Office software, which allows a malicious actor to compromise the confidentiality, integrity, and accessibility of protected information

A vulnerability that allows for remote execution of code exists in Microsoft Office and is related to the processing of certain properties of Microsoft Word files. If a user with administrative privileges accesses the system, a malicious individual can gain full control over the system. They can...

WordPress Creative Multi-Purpose 9.1.3 Theme - Persistent Cross-Site Scripting

Exploit for php platform in category web applications Vendor Homepage: http://bridge.qodeinteractive.com/ Software Link: http://themeforest.net/item/bridge-creative-multipurpose-wordpress-theme/7315054 Version: 9.1.3 Tested on: Debian 8, PHP 5.6.17-3 Type: Stored XSS, Ability to overwrite any the...

WordPress Theme Creative Multi-Purpose 9.1.3 - Persistent Cross-Site Scripting

Vendor Homepage: http://bridge.qodeinteractive.com/ Software Link: http://themeforest.net/item/bridge-creative-multipurpose-wordpress-theme/7315054 Version: 9.1.3 Tested on: Debian 8, PHP 5.6.17-3 Type: Stored XSS, Ability to overwrite any theme settings. Time line: Found 23-Apr-2016, Vendor...

DEBIAN-CVE-2016-2860

The newEntry function in ptserver/ptprocs.c in OpenAFS before 1.6.17 allows remote authenticated users from foreign Kerberos realms to bypass intended access restrictions and create arbitrary groups as administrators by leveraging mishandling of the creator ID...

Microsoft Windows Graphics Memory Corruption Vulnerability (CNVD-2015-08114)

Microsoft Windows is a series of operating systems released by the American company Microsoft. A memory corruption vulnerability exists in the Windows font library of Microsoft Windows. The vulnerability exists because the program does not properly handle specially designed embedded fonts. A remo...

CVE-2015-4307

The web framework in Cisco Prime Collaboration Provisioning before 11.0 allows remote authenticated users to bypass intended access restrictions and create administrative accounts via a crafted URL, aka Bug ID CSCut64111...

CVE-2015-2993

SysAid Help Desk before 15.2 does not properly restrict access to certain functionality, which allows remote attackers to 1 create administrator accounts via a crafted request to /createnewaccount or 2 write to arbitrary files via the fileName parameter to /userentry...

Cross site request forgery (csrf)

Multiple cross-site request forgery CSRF vulnerabilities in Template CMS 2.1.1 and earlier allow remote attackers to hijack the authentication of administrators for requests that 1 create an administrator user via an add action to admin/index.php or 2 conduct static PHP code injection attacks via...

TomatoCart 1.0.1 - Multiple CSRF Vulnerabilities

No description provided by source. !--- Title: TomatoCart 1.0.1 Multiple CSRF Vulnerabilities Author: 10n1z3d 10n1z3datwdotcn Date: Sun 11 Jul 2010 05:01:51 PM EEST Vendor: http://www.tomatocart.com/ Download:...

Zenphoto CMS 1.3 - Multiple CSRF Vulnerabilities

No description provided by source. !--- Title: Zenphoto CMS 1.3 Multiple CSRF Vulnerabilities Author: 10n1z3d 10n1z3datwdotcn Date: Wed 14 Jul 2010 12:48:56 PM EEST Vendor: http://www.zenphoto.org/ Download: http://zenphoto.googlecode.com/files/zenphoto-1.3.tar.gz --- -= CSRF PoC 1 - Change Admin...