47904 matches found
VestaCP 0.9.8-26 - 'backup' Information Disclosure
Exploit Title: VestaCP 0.9.8-26 - 'backup' Information Disclosure Date: 2020-11-25 Exploit Author: Vulnerability-Lab Vendor Homepage: https://vestacp.com/ Software Link: https://vestacp.com/install/ Version: 0.9.8-26 Document Title: =============== VestaCP v0.9.8-26 - Insufficient Session...
Zoo Management System 1.0 - 'Multiple' Persistent Cross-Site-Scripting (XSS)
Exploit Title: Zoo Management System 1.0 - 'Multiple' Stored Cross-Site-Scripting XSS Date: 08/07/2021 Exploit Author: Subhadip Nag Vendor Homepage: https://phpgurukul.com/ Software Link: https://phpgurukul.com/zoo-management-system-using-php-and-mysql/ Version: 1.0 Tested on: Server: XAMPP...
Umbraco v8.14.1 - 'baseUrl' SSRF
Exploit Title: Umbraco v8.14.1 - 'baseUrl' SSRF Date: July 5, 2021 Exploit Author: NgoAnhDuc Vendor Homepage: https://our.umbraco.com/ Software Link: https://our.umbraco.com/download/releases/8141 Version: v8.14.1 Affect: Umbraco CMS v8.14.1, Umbraco Cloud Vulnerable code:...
Barcodes generator 1.0 - 'name' Stored Cross Site Scripting
Exploit Title: Barcodes generator 1.0 - 'name' Stored Cross Site Scripting Date: 10/12/2020 Exploit Author: Nikhil Kumar Vendor Homepage: http://egavilanmedia.com/ Software Link: http://egavilanmedia.com/barcodes-generator-using-php-mysql-and-jsbarcode-library/ Version: 1.0 Tested On: Ubuntu 1...
Internet Download Manager 6.38.12 - Scheduler Downloads Scheduler Buffer Overflow (PoC)
Exploit Title: Internet Download Manager 6.38.12 - Scheduler Downloads Scheduler Buffer Overflow PoC Date: November 18, 2020 Exploit Author: Vincent Wolterman Vendor Homepage: http://www.internetdownloadmanager.com/ Software Link: http://www.internetdownloadmanager.com/download.html Version:...
Microsoft Windows 10 (1903/1909) - 'SMBGhost' SMB3.1.1 'SMB2_COMPRESSION_CAPABILITIES' Buffer Overflow (PoC)
CVE-2020-0796 PoC aka CoronaBlue aka SMBGhost Download https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/48216.zip Usage ./CVE-2020-0796.py servername This script connects to the target host, and compresses the authentication request with a bad offset field set in t...
WordPress Core 5.3 - User Disclosure
Exploit Title : Wordpress 5.3 - User Disclosure Author: SajjadBnd Date: 2019-11-17 Software Link: https://wordpress.org/download/ version : wp ' vuln = url + "/wp-json/wp/v2/users/" while True: try: r = requests.getvuln,verify=False content = json.loadsr.text datacontent except...
grocy 2.7.1 - Persistent Cross-Site Scripting
Exploit Title: grocy 2.7.1 - Persistent Cross-Site Scripting Date: 2020-09-06 Exploit Author: Mufaddal Masalawala Vendor Homepage: https://berrnd.de/ Software Link: https://github.com/grocy/grocy Version: 2.7.1 Tested on: Kali Linux 2020.3 Proof Of Concept: grocy household management solution...
TikiWiki 1.9 Sirius - 'jhot.php' Remote Command Execution
!/usr/bin/php -q -d shortopentag=on 126 $result.=" ."; else $result.=" ".$string$i; if strlendechexord$string$i==2 $exa.=" ".dechexord$string$i; else $exa.=" 0".dechexord$string$i; $cont++;if $co...
GoAhead Web Server 5.1.1 - Digest Authentication Capture Replay Nonce Reuse
Exploit Title: GoAhead Web Server 5.1.1 - Digest Authentication Capture Replay Nonce Reuse Date: 2019-08-29 Exploit Author: LiquidWorm Software Link: https://www.embedthis.com Version: 5.1.1 !/usr/bin/env python3 -- coding: utf-8 -- EmbedThis GoAhead Web Server 5.1.1 Digest Authentication Capture...
WordPress Plugin Drag and Drop File Upload Contact Form 1.3.3.2 - Remote Code Execution
Exploit Title: WordPress Plugin Drag and Drop File Upload Contact Form 1.3.3.2 - Remote Code Execution Date: 2020-05-11 Exploit Author: Austin Martin Google Dork: inurl:wp-content/uploads/wpdndcf7uploads/ Google Dork: inurl:wp-content/plugins/drag-and-drop-multiple-file-upload-contact-form-7/...
NoMachine < 5.3.27 - Remote Code Execution
Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/NOMACHINE-TROJAN-FILE-REMOTE-CODE-EXECUTION.txt + ISR: ApparitionSec Greetz: Greetz: indoushka | Eduardo Vendor www.nomachine.com Product NoMachine / hyp3rlinx / / gcc -c -m32...
PHPMailer < 5.2.18 - Remote Code Execution
""" Exploit Title: PHPMailer Exploit v1.0 Date: 29/12/2016 Exploit Author: Daniel aka anarc0der Version: PHPMailer 3 - Open other terminal and run the exploit: python3 anarcoder.py Video PoC: https://www.youtube.com/watch?v=DXeZxKr-qsU Full Advisory:...
Zabbix 5.0.17 - Remote Code Execution (RCE) (Authenticated)
Exploit Title: Zabbix 5.0.17 - Remote Code Execution RCE Authenticated Date: 9/3/2022 Exploit Author: Hussien Misbah Vendor Homepage: https://www.zabbix.com/ Software Link: https://www.zabbix.com/rn/rn5.0.17 Version: 5.0.17 Tested on: Linux Reference:...
Openfire 4.6.0 - 'path' Stored XSS
Exploit Title: Openfire 4.6.0 - 'path' Stored XSS Date: 20201209 Exploit Author: j5s Vendor Homepage: https://github.com/igniterealtime/Openfire Software Link: https://www.igniterealtime.org/downloads/ Version: 4.6.0 POST /plugins/nodejs/nodejs.jsp HTTP/1.1 Host: 192.168.137.137:9090 User-Agent:...
gSOAP 2.8 - Directory Traversal
Title: gSOAP 2.8 - Directory Traversal Author: Numan Türle Date: 2019-11-13 Vendor Homepage: https://www.genivia.com/ Version : gSOAP 2.8 Software Link : https://www.genivia.com/products.htmlgsoap POC --------- GET /../../../../../../../../../etc/passwd HTTP/1.1 Host: 10.200.106.101 Accept:...
R 3.4.4 (Windows 10 x64) - Buffer Overflow SEH (DEP/ASLR Bypass)
!/usr/bin/python Exploit Title: R 3.4.4 Windows 10 x64 - Buffer Overflow SEHDEP/ASLR Bypass Date: 2019-07-15 Exploit Author: blackleitus Vendor Homepage: https://www.r-project.org/ Tested on: Windows 10 Home Single Language 64-bit Social: https://twitter.com/blackleitus Website:...
Linux - BPF Sign Extension Local Privilege Escalation (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Linux BPF Sign Extension Local Privilege Escalation', 'Description' = %q Linux kernel prior to 4.14.8 utilizes the Berkeley Packet Filter BPF whi...
WordPress Plugin Pie Register 3.7.1.4 - Admin Privilege Escalation (Unauthenticated)
Exploit Title: WordPress Plugin Pie Register 3.7.1.4 - Admin Privilege Escalation Unauthenticated Google Dork: inurl:/plugins/pie-register/ Date: 08.10.2021 Exploit Author: Lotfi13-DZ Vendor Homepage: https://wordpress.org/plugins/pie-register/ Software Link:...
Keycloak 12.0.1 - 'request_uri ' Blind Server-Side Request Forgery (SSRF) (Unauthenticated)
Exploit Title: Keycloak 12.0.1 - 'requesturi ' Blind Server-Side Request Forgery SSRF Unauthenticated Date: 2021-10-09 Exploit Author: Mayank Deshmukh Vendor Homepage: https://www.keycloak.org/ Software Link: https://www.keycloak.org/archive/downloads-12.0.1.html Version: versions 192.168.0.1:444...
TripSpark VEO Transportation - Blind SQL Injection
Exploit Title: TripSpark VEO Transportation - 'editOEN' Blind SQL Injection Google Dork: inhtml:"Student Busing Information" Date: 07/27/2021 Exploit Author: Sedric Louissaint @LKn0w Vendor Homepage: https://www.tripspark.com Software Document Link:...
October CMS Build 465 - Arbitrary File Read Exploit (Authenticated)
Exploit Title: October CMS Build 465 - Arbitrary File Read Exploit Authenticated Date: 2020-03-31 Exploit Author: Sivanesh Ashok Vendor Homepage: https://octobercms.com/ Version: Build 465 and below Tested on: Windows 10 / XAMPP / October CMS Build 465 CVE: CVE-2020-5295 echo ''' Authenticated...
ATX MiniCMTS200a Broadband Gateway 2.0 - Credential Disclosure
Exploit Title: ATX MiniCMTS200a Broadband Gateway 2.0 - Credential Disclosure Date: 2020-11-20 Exploit Author: Zagros Bingol Vendor Homepage: http://www.atx.com Software Link: https://atx.com/products/commercial-services-gateways/minicmts200a-broadband-gateway/ Version: 2.0 and earlier Tested on:...
RiteCMS 2.2.1 - Remote Code Execution
Exploit Title: RiteCMS 2.2.1 - Remote Code Execution Date: 2020-07-03 Exploit Author: Enes Özeser Vendor Homepage: http://ritecms.com/ Version: 2.2.1 Tested on: Linux 1- Go to following url. http://CHANGE-THIS/ritecms/cms/ 2- Default username and password is admin:admin. 3- Go "Filemanager" and...
IDT PC Audio 1.0.6425.0 - 'STacSV' Unquoted Service Path
Exploit Title: IDT PC Audio 1.0.6425.0 - 'STacSV' Unquoted Service Path Discovery by: Isabel Lopez Software link: https://www.pconlife.com/download/otherfile/20566/098185e9b7c417cf7480bb9f839db652/ Discovery Date: 2020-11-07 Tested Version: 1.0.6425.0 Vulnerability Type: Unquoted Service Path...
Wordpress Plugin WP Courses < 2.0.29 - Broken Access Controls leading to Courses Content Disclosure
Exploit Title: WP Courses 2.0.29 - Broken Access Controls leading to Courses Content Disclosure Exploit Author: Stefan Broeder, Marco Ortisi redtimmysec Authors blog: https://www.redtimmy.com Vendor Homepage: https://wpcoursesplugin.com/ Version Vulnerable: 2.0.29 CVE: requested but not assigned...
InputMapper 1.6.10 - Denial of Service
Exploit Title: InputMapper 1.6.10 Local Denial of Service Date: 20.09.2019 Vendor Homepage: https://inputmapper.com/ Software Link: https://inputmapper.com/downloads/category/2-input-mapper Exploit Author: elkoyote07 Tested Version: 1.6.10 Tested on: Windows 10 x64 1.- Start Input Mapper 2.- Clic...
Microsoft Windows 7/2008 R2 - 'EternalBlue' SMB Remote Code Execution (MS17-010)
!/usr/bin/python from impacket import smb from struct import pack import sys import socket ''' EternalBlue exploit for Windows 7/2008 by sleepya The exploit might FAIL and CRASH a target system depended on what is overwritten EDB Note: Shellcode - x64...
Solaris 11.4 - xscreensaver Privilege Escalation
@Mediaservice.net Security Advisory 2019-02 last updated on 2019-10-16 Title: Local privilege escalation on Solaris 11.x via xscreensaver Application: Jamie Zawinski's xscreensaver 5.39 distributed with Solaris 11.4 Jamie Zawinski's xscreensaver 5.15 distributed with Solaris 11.3 Other versions...
Adobe Flash Player - DeleteRangeTimelineOperation Type Confusion (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Adobe Flash Player DeleteRangeTimelineOperation Type-Confusion', 'Description' = %q This module exploits a type confusion on Adobe Flash Player,...
PHPMyAdmin 3.0 - Bruteforce Login Bypass
""" Exploit-Title: PHPMyAdmin 3.0 - Bruteforce Login Bypass Author: Nikola Markovic [email protected] Date: 2023 Google-Dork: intext: phpMyAdmin Vendor: https://www.phpmyadmin.net/ Version: 3.0 & 4.3.x before 4.3.13.2 and 4.4.x before 4.4.14.1 Tested on: win/linux/unix Python-Version: 3.0 CVE...
Fuel CMS 1.4.8 - 'fuel_replace_id' SQL Injection (Authenticated)
Exploit Title: Fuel CMS 1.4.8 - 'fuelreplaceid' SQL Injection Authenticated Date: 2020-08-19 Exploit Author: c0mpu7er(@ymbank.cn) Vendor Homepage: https://www.getfuelcms.com/ Software Link: https://github.com/daylightstudio/FUEL-CMS/archive/1.4.8.zip Version: 1.4.7 Tested on: PHP 5.4.45, Apache...
Kuicms PHP EE 2.0 - Persistent Cross-Site Scripting
Exploit Title: Kuicms Php EE 2.0 - Persistent Cross-Site Scripting Date: 2020-05-27 Exploit Author: China Banking and Insurance Information Technology Management Co.,Ltd. Vendor Homepage: https://kuicms.com Software Link: https://kuicms.com/kuicms.zip Version: Kuicms Php EE 2.0 Tested on: Windows...
Code Blocks 20.03 - Denial Of Service (PoC)
Exploit Title: Code Blocks 20.03 - Denial Of Service PoC Vendor Homepage: http://www.codeblocks.org/ Software Link Download: https://sourceforge.net/projects/codeblocks/files/Binaries/20.03/Windows/codeblocks-20.03-setup.exe/download Exploit Author: Paras Bhatia Discovery Date: 2020-06-23...
opencart 3.0.3.8 - Sessjion Injection
Exploit Title: opencart 3.0.3.8 - Sessjion Injection Date: 28/11/2021 Exploit Author: Hubert Wojciechowski Contact Author: [email protected] Company: https://redteam.pl Vendor Homepage: https://www.opencart.com/ Software Link: https://www.opencart.com/ Version: 3.0.3.8 Testeted on: Windows 10...
SolarWinds Kiwi Syslog Server 8.3.52 - 'Kiwi Syslog Server' Unquoted Service Path
Exploit Title: SolarWinds Kiwi Syslog Server 8.3.52 - 'Kiwi Syslog Server' Unquoted Service Path Date: 2019-11-08 Exploit Author: Carlos A Garcia R Vendor Homepage: https://www.kiwisyslog.com/ Software Link: https://www.kiwisyslog.com/downloads Version: 8.3.52 Tested on: Windows XP Professional...
php-fusion 9.03.50 - Persistent Cross-Site Scripting
Exploit Title: php-fusion 9.03.50 - Persistent Cross-Site Scripting Google Dork: "php-fusion" Date: 2020-04-30 Exploit Author: SunCSR Sun Cyber Security Research Vendor Homepage: https://www.php-fusion.co.uk/ Software Link: https://www.php-fusion.co.uk/infusions/downloads/downloads.php?catid=30...
phpMyAdmin 3.3.x/3.4.x - Local File Inclusion via XML External Entity Injection (Metasploit)
Exploit Title: poc-phpmyadmin-local-file-inclusion-via-xxe-injection Date: 12-01-2012 Author: Marco Batista Blog Link: http://www.secforce.com/blog/2012/01/cve-2011-4107-poc-phpmyadmin-local-file-inclusion-via-xxe-injection/ Tested on: Windows and Linux - phpmyadmin versions: 3.3.6, 3.3.10, 3.4.0...
ASUS ASMB8 iKVM 1.14.51 - Remote Code Execution (RCE) & SSH Access
Exploit Title: ASUS ASMB8 iKVM 1.14.51 - Remote Code Execution RCE & SSH Access Date: 2023-02-16 Exploit Author: [email protected] for NetworkSEC NWSSA-002-2023 Vendor Homepage: https://servers.asus.com/search?q=ASMB8 Version/Model: ASMB8 iKVM Firmware = 1.14.51 probably others Tested on: Linux...
DMA Radius Manager 4.4.0 - Cross-Site Request Forgery (CSRF)
Exploit Title: DMA Radius Manager 4.4.0 - Cross-Site Request Forgery CSRF Date: April 8, 2021 04/08/2021 Exploit Author: Issac Briones Vendor Homepage: http://www.dmasoftlab.com/ Software Download: https://sourceforge.net/projects/radiusmanager/ Version: 4.4.0 CVE: CVE-2021-30147 input type="...
Sony BRAVIA Digital Signage 1.7.8 - Unauthenticated Remote File Inclusion
Exploit Title: Sony BRAVIA Digital Signage 1.7.8 - Unauthenticated Remote File Inclusion Date: 20.09.2020 Exploit Author: LiquidWorm Vendor Homepage: https://pro-bravia.sony.net Version: 1.7.8 Sony BRAVIA Digital Signage 1.7.8 Unauthenticated Remote File Inclusion Vendor: Sony Electronics Inc...
Tableau - XML External Entity
Exploit Title: Tableau XXE Google Dork: N/A Date: Reported to vendor July 2019, fix released August 2019. Exploit Author: Jarad Kopf Vendor Homepage: https://www.tableau.com/ Software Link: Tableau Desktop downloads: https://www.tableau.com/products/desktop/download Version/Products: See Tableau...
Citrix SD-WAN Appliance 10.2.2 - Authentication Bypass / Remote Command Execution
Exploit Title: Citrix SD-WAN Appliance 10.2.2 Auth Bypass and Remote Command Execution Date: 2019-07-12 Exploit Author: Chris Lyne @lynerc Vendor Homepage: https://www.citrix.com Product: Citrix SD-WAN Software Link: https://www.citrix.com/downloads/citrix-sd-wan/ Version: Tested against 10.2.2...
blog ink - Bypass Setting
======================================================================================== | Title : blog ink By Pass Setting Vulnerability | Author : indoushka | email : [email protected] | Home : www.iq-ty.com/vb | Script Home : powered by blog ink | Dork : Powered by PHP Melody 1.5.3 | Teste...
Huawei HG630 2 Router - Authentication Bypass
Title: Huawei HG630 2 Router - Authentication Bypass Date: 2020-04-13 Author: Eslam Medhat Vendor Homepage: www.huawei.com Version: HG630 V2 HardwareVersion: VER.B CVE: N/A POC: The default password of this router is the last 8 characters of the device's serial number which exist in the back of t...
YzmCMS 5.5 - 'url' Persistent Cross-Site Scripting
Exploit Title: YzmCMS 5.5 - 'url' Persistent Cross-Site Scripting Google Dork: N/A Date: 2020-03-10 Exploit Author: En Vendor Homepage: https://github.com/yzmcms/yzmcms Software Link: https://github.com/yzmcms/yzmcms Version: V5.5 Category: Web Application Patched Version: unpatched Tested on:...
SSH (x2) - Remote Command Execution
https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/349.tgz x2.tgz milw0rm.com 2002-05-01...
GFI Mail Archiver 15.1 - Telerik UI Component Arbitrary File Upload (Unauthenticated)
Exploit Title: GFI Mail Archiver 15.1 - Telerik UI Component Arbitrary File Upload Unauthenticated Date: 21/03/2021 Exploit Author: Amin Bohio Original Research & Code By: Paul Taylor / Foregenix Ltd Original Exploit: https://github.com/bao7uo/RAUcrypto Vendor Homepage: https://www.gfi.com Softwa...
Student Record System 4.0 - 'cid' SQL Injection
Exploit Title: Student Record System 4.0 - 'cid' SQL Injection Date: 2/2/2021 Exploit Author: Jannick Tiger Vendor Homepage: https://phpgurukul.com/ Software Link: https://phpgurukul.com/wp-content/uploads/2019/05/schoolmanagement.zip Version: V 4.0 Tested on: Windows、XAMPP Identify the...
Koken CMS 0.22.24 - Arbitrary File Upload (Authenticated)
Exploit Title: Koken CMS 0.22.24 - Arbitrary File Upload Authenticated Date: 2020-07-15 Exploit Author: v1n1v131r4 Vendor Homepage: http://koken.me/ Software Link: https://www.softaculous.com/apps/cms/Koken Version: 0.22.24 Tested on: Linux PoC:...