47904 matches found
OTRS 6.0.1 - Remote Command Execution (2)
Exploit Title: OTRS 6.0.1 - Remote Command Execution 2 Date: 21-04-2021 Exploit Author: Hex26 Vendor Homepage: https://www.otrs.com/ Software Link: http://ftp.otrs.org/pub/otrs/ Version: 4.0.1 - 4.0.26, 5.0.0 - 5.0.24, 6.0.0 - 6.0.1 Tested on: OTRS 5.0.2/CentOS 7.2.1511 CVE : CVE-2017-16921...
Free MP3 CD Ripper 2.8 - Multiple File Buffer Overflow (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "Free MP3 CD Ripper 2.6 %q This module exploits a buffer overflow in Free MP3 CD Ripper versions 2.6 and 2.8. By constructing a specially crafted...
Grafana 8.3.0 - Directory Traversal and Arbitrary File Read
Exploit Title: Grafana 8.3.0 - Directory Traversal and Arbitrary File Read Date: 08/12/2021 Exploit Author: s1gh Vendor Homepage: https://grafana.com/ Vulnerability Details: https://github.com/grafana/grafana/security/advisories/GHSA-8pjx-jj86-j47p Version: V8.0.0-beta1 through V8.3.0 Description...
EasyPMS 1.0.0 - Authentication Bypass
Exploit Title: EasyPMS 1.0.0 - Authentication Bypass Discovery by: Jok3r Vendor Homepage: https://www.elektraweb.com/en/ Software Link: https://github.com/Travelaps/EasyPMS/releases/ Tested Version: 1.0.0 Vulnerability Type: Authentication Bypass Tested on OS: Windows Server 2012 Description:...
Stock Management System 1.0 - 'Brand Name' Persistent Cross-Site Scripting
Exploit Title: Stock Management System 1.0 - Persistent Cross-Site Scripting Brand Name Exploit Author: Adeeb Shah @hyd3sec Date: August 2, 2020 Vendor Homepage: https://www.sourcecodester.com/ Software Link: https://www.sourcecodester.com/php/14366/stock-management-system-php.html Version: 1.0...
DZCP (deV!L`z Clanportal) 1.5.4 - Local File Inclusion
Vulnerability ID: HTB22656 Reference: http://www.htbridge.ch/advisory/lfiindzcp.html Product: DZCP Vendor: dzcp.de http://www.dzcp.de Vulnerable Version: 1.5.4 Vendor Notification: 13 October 2010 Vulnerability Type: Local File Inclusion Status: Fixed by Vendor Risk level: High Credit: High-Tech...
Seowon 130-SLC router 1.0.11 - 'ipAddr' RCE (Authenticated)
Exploit Title: Seowon 130-SLC router 1.0.11 - 'ipAddr' RCE Authenticated Date: 5 Aug 2020 Exploit Author: maj0rmil4d Vendor Homepage: http://www.seowonintech.co.kr/en/ Hardware Link: http://www.seowonintech.co.kr/en/product/detail.asp?num=150&bigkindB05&middlekindB0529 Version: 1.0.11 Possibly al...
Neo4j 3.4.18 - RMI based Remote Code Execution (RCE)
Exploit Title: Neo4j 3.4.18 - RMI based Remote Code Execution RCE Date: 7/30/21 Exploit Author: Christopher Ellis, Nick Gonella, Workday Inc. Vendor Homepage: neo4j.com Software Link: https://neo4j.com/download-thanks/?edition=community&release=3.4.18&flavour=unix Version: 3.4.18 Tested on:...
Cockpit CMS 0.6.1 - Remote Code Execution
Cockpit CMS 0.6.1 - Remote Code Execution Product: Cockpit CMS https://getcockpit.com Version: Cockpit CMS = 0.6.1...
jQuery-File-Upload 9.22.0 - Arbitrary File Upload
Title: jQuery-File-Upload 9.22.0 - Arbitrary File Upload Author: Larry W. Cashdollar, @larry0 Date: 2018-10-09 Vendor: https://github.com/blueimp Download Site: https://github.com/blueimp/jQuery-File-Upload/releases CVE-ID: N/A Vulnerability: The code in...
Samba 3.0.20 < 3.0.25rc3 - 'Username' map script' Command Execution (Metasploit)
$Id: usermapscript.rb 10040 2010-08-18 17:24:46Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework...
WordPress Plugin Form Maker 5.4.1 - 's' SQL Injection (Authenticated)
Exploit Title: Wordpress Plugin Form Maker 5.4.1 - 's' SQL Injection Authenticated Exploit Author: SunCSR Sun Cyber Security Research Date: 2020 - 5 - 22 Vender Homepage: https://help.10web.io/ Version: = 5.4.1 Tested on: Ubuntu 18.04 Description: SQL injection in the Form Maker by 10Web WordPres...
E-Commerce System 1.0 - Unauthenticated Remote Code Execution
Exploit Title: E-Commerce System 1.0 - Unauthenticated Remote Code Execution Exploit Author: SunCSR Sun Cyber Security Research - ThienNV Date: 2020-05-14 Vendor Homepage: https://www.sourcecodester.com/php/13524/e-commerce-system-using-phpmysqli.html Software Link:...
Tea LaTex 1.0 - Remote Code Execution (Unauthenticated)
Exploit Title: Tea LaTex 1.0 - Remote Code Execution Unauthenticated Google Dork: N/A Date: 2020-09-01 Exploit Author: nepska Vendor Homepage: https://github.com/ammarfaizi2/latex.teainside.org Software Link: https://github.com/ammarfaizi2/latex.teainside.org Version: v1.0 Tested on: Kali linux /...
BIND 9.10.5 - Unquoted Service Path Privilege Escalation
Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/BIND9-PRIVILEGE-ESCALATION.txt + ISR: ApparitionSec Vendor: =========== www.isc.org Product: =========== BIND9 v9.10.5 x86 / x64 BIND is open source software that enables you...
School Faculty Scheduling System 1.0 - Stored Cross Site Scripting POC
Exploit Title: School Faculty Scheduling System 1.0 - Stored Cross Site Scripting Date: 21/10/2020 Exploit Author: Jyotsna Adhana Vendor Homepage: https://www.sourcecodester.com/php/14535/school-faculty-scheduling-system-using-phpmysqli-source-code.html Software Link:...
WordPress Plugin Stop Spammers 2021.8 - 'log' Reflected Cross-site Scripting (XSS)
Exploit Title: WordPress Plugin Stop Spammers 2021.8 - 'log' Reflected Cross-site Scripting XSS Date: 04/08/2021 Exploit Author: Hosein Vita Vendor Homepage: https://wordpress.org/plugins/stop-spammer-registrations-plugin/ Software Link:...
Hasura GraphQL 1.3.3 - Service Side Request Forgery (SSRF)
Exploit Title: Hasura GraphQL 1.3.3 - Service Side Request Forgery SSRF Software: Hasura GraphQL Software Link: https://github.com/hasura/graphql-engine Version: 1.3.3 Exploit Author: Dolev Farhi Date: 4/19/2021 Tested on: Ubuntu import requests HASURASCHEME = 'http' HASURAHOST = '192.168.1.1'...
Tryton 5.4 - Persistent Cross-Site Scripting
Exploit Title: Tryton 5.4 - Persistent Cross-Site Scripting Exploit Author: Vulnerability-Lab Date: 2020-05-13 Vendor Homepage: https://www.tryton.org/ Version: 5.4 Software Link: https://www.tryton.org/download Document Title: =============== Tryton v5.4 - Name Persistent Cross Site Vulnerabilit...
Dovecot IMAP 1.0.10 < 1.1rc2 - Remote Email Disclosure
lame Dovecot IMAP 1.0.10 - 1.1rc3 Exploit Here's an exploit for the recent TAB vulnerability in Dovecot. It's nothing special since in the wild there are few to none targets because of the special option which has to be set. see CVE Entry CVE-2008-1218 Exploit written by Kingcope import sys impor...
VFS for Git 1.0.21014.1 - 'GVFS.Service' Unquoted Service Path
Exploit Title: VFS for Git 1.0.21014.1 - 'GVFS.Service' Unquoted Service Path Date: 2021-2-6 Exploit Author: Mohammed Alshehri Vendor Homepage: https://vfsforgit.org/ Software Link: https://github.com/microsoft/VFSForGit/releases/download/v1.0.21014.1/SetupGVFS.1.0.21014.1.exe Version: 1.0.21014....
Joomla! 3.4.6 - Remote Code Execution (Metasploit)
Exploit Title: Joomla! 3.4.6 - Remote Code Execution Metasploit Google Dork: N/A Date: 2019-10-02 Exploit Author: Alessandro Groppo Vendor Homepage: https//www.joomla.it/ Software Link: https://downloads.joomla.org/it/cms/joomla3/3-4-6 Version: 3.0.0 -- 3.4.6 Tested on: Linux CVE : N/A This modul...
Apache 2.4.23 mod_http2 - Denial of Service
!/usr/bin/python """ source : http://seclists.org/bugtraq/2016/Dec/3 The modhttp2 module in the Apache HTTP Server 2.4.17 through 2.4.23, when the Protocols configuration includes h2 or h2c, does not restrict request-header length, which allows remote attackers to cause a denial of service memory...
Microsoft Windows 7 build 7601 (x86) - Local Privilege Escalation
include include / EDB Note: Download https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/47176.zip / / PREPROCESSOR DEFINITIONS / define MNSELECTITEM 0x1E5 define MNSELECTFIRSTVALIDITEM 0x1E7 define MNOPENHIERARCHY 0x01E3 define MNCANCELMENUS 0x1E6 define MNBUTTONDOWN...
Microsoft Windows 8.0/8.1 (x64) - 'TrackPopupMenu' Local Privilege Escalation (MS14-058)
Windows 8.0 - 8.1 x64 TrackPopupMenu Privilege Escalation MS14-058 CVE-2014-4113 Privilege Escalation http://www.offensive-security.com Thx to Moritz Jodeit for the beautiful writeup http://www.exploit-db.com/docs/35152.pdf Target OS Windows 8.0 - 8.1 x64 Author: Matteo Memelli ryujin...
VMware vCenter Server 7.0 - Unauthenticated File Upload
Exploit Title: VMware vCenter Server 7.0 - Unauthenticated File Upload Date: 2021-02-27 Exploit Author: Photubias Vendor Advisory: 1 https://www.vmware.com/security/advisories/VMSA-2021-0002.html Version: vCenter Server 6.5 7515524. File name CVE-2021-21972.py written by tijldotdeneutathowestdotb...
ExpressVPN VPN Router 1.0 - Router Login Panel's Integer Overflow
Exploit Title: ExpressVPN VPN Router 1.0 - Router Login Panel's Integer Overflow Date: 09-04-2021 Exploit Author: Jai Kumar Sharma Vendor Homepage: https://www.expressvpn.com/ Software Link: https://www.expressvpn.com/vpn-software/vpn-router Version: version 1 Tested on: Windows/Ubuntu/MacOS CVE ...
WordPress Plugin Hybrid Composer 1.4.6 - Improper Access Restrictions
Exploit Title: Wordpress Hybrid Composer = 1.4.6 - Unauthenticated Configuration Access Admin Takeover Date: 2019-07-24 Vendor Homepage: http://wordpress.framework-y.com Software Link: http://wordpress.framework-y.com/hybrid-composer/ Reference:...
PHPMailer < 5.2.18 - Remote Code Execution
!/bin/bash CVE-2016-10033 exploit by opsxcq https://github.com/opsxcq/exploit-CVE-2016-10033 echo '+ CVE-2016-10033 exploit by opsxcq' if -z "$1" then echo '- Please inform an host as parameter' exit -1 fi host=$1 echo '+ Exploiting '$host curl -sq 'http://'$host -H 'Content-Type:...
Online Student Enrollment System 1.0 - Cross-Site Request Forgery (Add Student)
Exploit Title: Online Student Enrollment System 1.0 - Cross-Site Request Forgery Add Student Google Dork: N/A Date: 2020-06-20 Exploit Author: BKpatron Vendor Homepage: https://www.campcodes.com/projects/php/4745/online-student-enrollment-system-in-php-mysqli/ Software Link:...
Nagios Log Server 2.1.7 - Persistent Cross-Site Scripting
Exploit Title: Nagios Log Server 2.1.7 - 'snapshotname' Persistent Cross-Site Scripting Date: 31.08.2020 Exploit Author: Emre ÖVÜNÇ Vendor Homepage: https://www.nagios.com/ Software Link: https://www.nagios.com/products/nagios-log-server/ Version: 2.1.7 Tested on: Linux/ISO Link:...
Online Job Portal 1.0 - 'userid' SQL Injection
Exploit Title: Online Job Portal 1.0 - 'userid' SQL Injection Google Dork: N/A Date: 2020/10/28 Exploit Author: Akıner Kısa Vendor Homepage: https://www.sourcecodester.com/php/13850/online-job-portal-phppdo.html Software Link:...
Apache Tomcat 9.0.0.M1 - Open Redirect
Exploit Title: Apache Tomcat 9.0.0.M1 - Open Redirect Date: 10/04/2018 Exploit Author: Central InfoSec Version: Apache Tomcat 9.0.0.M1 to 9.0.0.11, 8.5.0 to 8.5.33, and 7.0.23 to 7.0.90 CVE : CVE-2018-11784 Proof of Concept: Identify a subfolder within your application http://example.com/test/...
House Rental 1.0 - 'keywords' SQL Injection
Exploit Title: House Rental 1.0 - 'keywords' SQL Injection Exploit Author: Bobby Cooke boku & Adeeb Shah @hyd3sec Date: 2020-08-07 Vendor Homepage: https://projectworlds.in Software Link: https://projectworlds.in/wp-content/uploads/2019/06/home-rental.zip Version: 1.0 Tested On: Windows 10 Pro...
ManageEngine Network Configuration Manager 12.2 - 'apiKey' SQL Injection
Exploit Title: ManageEngine Network Configuration Manager 12.2 - 'apiKey' SQL Injection discovery Date: 2019-01-24 published : 2020-01-20 Exploit Author: AmirHadi Yazdani Vendor Homepage: https://www.manageengine.com/network-configuration-manager/ Software Link:...
phpMyAdmin3 (pma3) - Remote Code Execution
!/usr/bin/env python coding=utf-8 pma3 - phpMyAdmin3 remote code execute exploit Author: wofeiwo Thx Superhei Tested on: 3.1.1, 3.2.1, 3.4.3 CVE: CVE-2011-2505, CVE-2011-2506 Date: 2011-07-08 Have fun, DO NOT USE IT TO DO BAD THING. Requirements: 1. "config" directory must created&writeable in pm...
mojoPortal forums 2.7.0.0 - 'Title' Persistent Cross-Site Scripting
Exploit Title: mojoPortal forums 2.7.0.0 - 'Title' Persistent Cross-Site Scripting Date: 3-12-2020 Exploit Author: Sagar Banwa Vendor Homepage: https://mojoportal.com Software Link: https://www.mojoportal.com/download Version: 2.7.0.0 Tested on: Windows 10/Kali Linux Attack vector: This...
MOVEit Transfer 11.1.1 - 'token' Unauthenticated SQL Injection
Exploit Title: MOVEit Transfer 11.1.1 - 'token' Unauthenticated SQL Injection Google Dork: inurl:human.aspx intext:moveit Date: 2020-10-05 Exploit Author: Aviv Beniash Vendor Homepage: https://www.ipswitch.com/ Version: MOVEit Transfer 2018 SP2 before 10.2.4, 2019 before 11.0.2, and 2019.1 before...
Victor CMS 1.0 - 'comment_author' Persistent Cross-Site Scripting
Exploit Title: Victor CMS 1.0 - 'commentauthor' Persistent Cross-Site Scripting Google Dork: N/A Date: 2020-05-19 Exploit Author: Kishan Lal Choudhary Vendor Homepage: https://github.com/VictorAlagwu/CMSsite Software Link: https://github.com/VictorAlagwu/CMSsite/archive/master.zip Version: 1.0...
Dnsmasq < 2.78 - Integer Underflow
''' Sources: https://raw.githubusercontent.com/google/security-research-pocs/master/vulnerabilities/dnsmasq/CVE-2017-14496.py https://security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html dnsmasq is vulnerable only if one of the following option is specified: --add-mac,...
Apache Log4j 2 - Remote Code Execution (RCE)
Exploit Title: Apache Log4j 2 - Remote Code Execution RCE Date: 11/12/2021 Exploit Authors: kozmer, z9fr, svmorris Vendor Homepage: https://logging.apache.org/log4j/2.x/ Software Link: https://github.com/apache/logging-log4j2 Version: versions 2.0-beta-9 and 2.14.1. Tested on: Linux CVE:...
Linux Kernel 3.2.0-23/3.5.0-23 (Ubuntu 12.04/12.04.1/12.04.2 x64) - 'perf_swevent_init' Local Privilege Escalation (3)
/ Ubuntu 12.04 3.x x8664 perfsweventinit Local root exploit by Vitaly Nikolenko [email protected] based on semtex.c by sd Supported targets: 0 Ubuntu 12.04.0 - 3.2.0-23-generic 1 Ubuntu 12.04.1 - 3.2.0-29-generic 2 Ubuntu 12.04.2 - 3.5.0-23-generic $ gcc vnik.c -O2 -o vnik $ uname -r...
ASX to MP3 converter 3.1.3.7.2010.11.05 - '.wax' Local Buffer Overflow (DEP,ASLR Bypass) (PoC)
Exploit Title: ASX to MP3 converter 3.1.3.7.2010.11.05 - '.wax' Local Buffer Overflow DEP,ASLR Bypass PoC Software Link Download: https://github.com/x00x00x00x00/ASXtoMP3Converter3.1.3.7.2010.11.05/blob/master/ASXtoMP3Converter3.1.3.7.2010.11.05.exe?raw=true Exploit Author: Paras Bhatia Discovery...
Ultimate Project Manager CRM PRO Version 2.0.5 - SQLi (Authenticated)
Exploit Title: Ultimate Project Manager CRM PRO 2.0.5 - SQLi Credentials Leakage Date: 2020-16-09 Exploit Author: nag0mez Vendor Homepage: https://ultimatepro.codexcube.com/ Version: = 2.0.5 Tested on: Kali Linux 2020.2 The SQLi injection does not allow UNION payloads. However, we can guess...
CSE Bookstore 1.0 - Multiple SQL Injection
Exploit Title : CSE Bookstore 1.0 - Multiple SQL Injection Date : 2020-12-21 Author : Musyoka Ian Version : CSE Bookstore 1.0 Vendor Homepage: https://projectworlds.in/ Platform : PHP Tested on : Debian CSE Bookstore version 1.0 is vulnerable to time-based blind, boolean-based blind and OR...
Microsoft SharePoint 2013 SP1 - 'DestinationFolder' Persistant Cross-Site Scripting
Exploit Title: Microsoft SharePoint 2013 SP1 - 'DestinationFolder' Persistent Cross-Site Scripting Author: Davide Cioccia Discovery Date: 2019-09-25 Vendor Homepage: https://www.microsoft.com Software Link:...
Kite 1.2020.1119.0 - 'KiteService' Unquoted Service Path
Exploit Title: Kite 1.2020.1119.0 - 'KiteService' Unquoted Service Path Discovery by: Ismael Nava Discovery Date: 05-12-2020 Vendor Homepage: https://www.kite.com/ Software Links : https://www.kite.com/download/ Tested Version: 1.2020.1119.0 Vulnerability Type: Unquoted Service Path Tested on OS:...
Jetty Web Server - Directory Traversal
source: https://www.securityfocus.com/bid/50723/info Jetty Web Server is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input. Exploiting this issue will allow an attacker to view arbitrary files within the context of the webserver. Informatio...
Car Rental Management System 1.0 - Remote Code Execution (Authenticated)
Exploit Title: Car Rental Management System 1.0 - Remote Code Execution Authenticated Date: 2020-11.13 Exploit Author: Mehmet Kelepçe / Gais Cyber Security Author ID: 8763 Vendor Homepage: https://www.sourcecodester.com/php/14544/car-rental-management-system-using-phpmysqli-source-code.html...
Microsoft IIS 5.0/6.0 FTP Server (Windows 2000) - Remote Stack Overflow
IIS 5.0 FTPd / Remote r00t exploit Win2k SP4 targets bug found & exploited by Kingcope, kcope2googlemail.com Affects IIS6 with stack cookie protection August 2009 - KEEP THIS 0DAY PRIV8 use IO::Socket; $|=1; metasploit shellcode, adduser "winown:nwoniw" $sc =...