47904 matches found
Google SLO-Generator 2.0.0 - Code Execution
Exploit Title: Google SLO-Generator 2.0.0 - Code Execution Date: 2021-09-28 Exploit Author: Kiran Ghimire Software Link: https://github.com/google/slo-generator/releases Version: = 2.0.0 Tested on: Linux CVE: CVE-2021-22557 Introduction: Is a tool to compute and export Service Level Objectives...
Home Assistant Community Store (HACS) 1.10.0 - Directory Traversal
Exploit Title: Home Assistant Community Store HACS 1.10.0 - Path Traversal to Account Takeover Date: 2021-01-28 Exploit Author: Lyghtnox Vendor Homepage: https://www.home-assistant.io/ Software Link: https://github.com/hacs/integration Version: 1.10.0 Tested on: Raspbian + Home Assistant 2021.1.0...
Employee Performance Evaluation System 1.0 - 'Task and Description' Persistent Cross Site Scripting
Exploit Title: Employee Performance Evaluation System 1.0 - ' Task and Description' Persistent Cross Site Scripting Date: 08/12/2020 Exploit Author: Ritesh Gohil Vendor Homepage: https://www.sourcecodester.com Software Link:...
DotCMS 20.11 - Stored Cross-Site Scripting
Exploit Title: DotCMS 20.11 - Stored Cross-Site Scripting Exploit Author: Hardik Solanki Vendor Homepage: https://dotcms.com/ Version: 20.11 Tested on Windows 10 Vulnerable Parameters: Template Title Steps to reproduce: 1. Login With Admin Username and password. 2. Navigate to Site -- Template --...
All-Dynamics Digital Signage System 2.0.2 - Cross-Site Request Forgery (Add Admin)
Exploit Title: All-Dynamics Digital Signage System 2.0.2 - Cross-Site Request Forgery Add Admin Discovery by: LiquidWorm Discovery Date: 2020-08-05 Vendor Homepage: https://www.all-dynamics.de !-- All-Dynamics Software enlogic:show Digital Signage System 2.0.2 CSRF Add Admin Vendor: All-Dynamics...
Citrix Application Delivery Controller and Citrix Gateway - Remote Code Execution
!/usr/bin/python3 Exploits the Citrix Directory Traversal Bug: CVE-2019-19781 You only need a listener like netcat to catch the shell. Shout out to the team: Rob Simon, Justin Elze, Logan Sampson, Geoff Walton, Christopher Paschen, Kevin Haubris, Scott White Tool Written by: Rob Simon and David...
macOS 10.14.6 - root->kernel Privilege Escalation via update_dyld_shared_cache
Tested on macOS Mojave 10.14.6, 18G87 and Catalina Beta 10.15 Beta 19A536g. On macOS, the dyld shared cache in /private/var/db/dyld/ is generated locally on the system and therefore doesn't have a real code signature; instead, SIP seems to be the only mechanism that prevents modifications of the...
Trend Micro Anti-Threat Toolkit 1.62.0.1218 - Remote Code Execution
Exploit Title: Trend Micro Anti-Threat Toolkit 1.62.0.1218 - Remote Code Execution Date: 2019-10-19 Exploit Author: hyp3rlinx Vendor Homepage: www.trendmicro.com Version: 1.62.0.1218 and below Tested on: Microsoft Windows CVE: N/A + Credits: John Page aka hyp3rlinx + Website:...
sudo 1.8.27 - Security Bypass
Exploit Title : sudo 1.8.27 - Security Bypass Date : 2019-10-15 Original Author: Joe Vennix Exploit Author : Mohin Paramasivam Shad0wQu35t Version : Sudo priv" os.system"cat priv | grep 'ALL' | cut -d '' -f 2...
WordPress Plugin UserPro 4.9.32 - Cross-Site Scripting
Exploit Title: UserPro https://github.com/cosenary/Instagram-PHP-API/blob/master/example/success.phpL36 Proof-of-Concept: https://domain.tld/wp-content/plugins/userpro/lib/instagram/vendor/cosenary/instagram/example/success.php?error=&errordescription=...
Nimble Streamer 3.0.2-2 < 3.5.4-9 - Directory Traversal
Nimble Streamer 3.0.2-2 to 3.5.4-9 - Path Traversal Exploit Author: MAYASEVEN Source at "https://mayaseven.com/nimble-directory-traversal-in-nimble-streamer-version-3-0-2-2-to-3-5-4-9/" Published on 08/04/2019 Vendor Homepage at "https://wmspanel.com/nimble" Affected Version 3.0.2-2 to 3.5.4-9...
Tinycontrol LAN Controller v3 (LK3) 1.58a - Remote Denial Of Service
Exploit Title: Tinycontrol LAN Controller v3 LK3 1.58a - Remote Denial Of Service Exploit Author: LiquidWorm Vendor: Tinycontrol Product web page: https://www.tinycontrol.pl Affected version: this with a calendar when - then. The device provides a user interface in the form of a web page. The...
Jobpilot v2.61 - SQL Injection
Exploit Title: Jobpilot v2.61 - SQL Injection Date: 2023-06-17 Exploit Author: Ahmet Ümit BAYRAM Vendor: https://codecanyon.net/item/jobpilot-job-portal-laravel-script/37897822 Demo Site: https://jobpilot.templatecookie.com Tested on: Kali Linux CVE: N/A ----- PoC: SQLi ----- Parameter: long GET...
IOTransfer 4.0 - Remote Code Execution (RCE)
Exploit Title: IOTransfer V4 – Remote Code Execution RCE Date: 06/22/2022 Exploit Author: Tomer Peled Vendor Homepage: https://www.iobit.com Software Link: https://iotransfer.itopvpn.com/ Version: V4 and onward Tested on: Windows 10 CVE : 2022-24562 References:...
WordPress Plugin Popup Anything 2.0.3 - 'Multiple' Stored Cross-Site Scripting (XSS)
Exploit Title: WordPress Plugin Popup Anything 2.0.3 - 'Multiple' Stored Cross-Site Scripting XSS Date: 03/11/2021 Exploit Author: Luca Schembri Vendor Homepage: https://www.essentialplugin.com/ Software Link: https://wordpress.org/plugins/popup-anything-on-click/ Version: 2.0.4 Summary A user wi...
Online Ordering System 1.0 - Arbitrary File Upload
Exploit Title: Online Ordering System 1.0 - Arbitrary File Upload to Remote Code Execution Date: 04/03/2021 Exploit Author: Suraj Bhosale Vendor Homepage: https://www.sourcecodester.com Software Link: https://www.sourcecodester.com/php/5125/online-ordering-system-using-phpmysql.html Version: 1.0...
BIG-IP 15.0.0 < 15.1.0.3 / 14.1.0 < 14.1.2.5 / 13.1.0 < 13.1.3.3 / 12.1.0 < 12.1.5.1 / 11.6.1 < 11.6.5.1 - Traffic Management User Interface 'TMUI' Remote Code Execution
!/bin/bash EDB Note Download https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/48642.zip Exploit Title: F5 BIG-IP Remote Code Execution Date: 2020-07-06 Exploit Authors: Charles Dardaman of Critical Start, TeamARES Rich Mirch of Critical Start, TeamARES CVE:...
SpotAuditor 5.3.2 - 'Base64' Local Buffer Overflow (SEH)
Exploit Title: SpotAuditor 5.3.2 - 'Base64' Local Buffer Overflow SEH Exploit Author: Kirill Nikolaev Date: 2019-12-06 Vulnerable Software: SpotAuditor Vendor Homepage: http://www.nsauditor.com/ Version: 5.3.2 Software Link: http://spotauditor.nsauditor.com/downloads/spotauditorsetup.exe Tested...
Mambo Component cropimage 1.0 - Remote File Inclusion
C Y B E R - W A R R I O R T I M Mambo comcropimage 1.0 Component Remote Include Vulnerability Author: XORON Class: Remote cont@ct: x0r0nathotmaildotcom Code: in admin.cropcanvas.php , line 7 requireonce $cropimagedir."class.cropinterface.php"; Fix: 1-open admin.cropcanvas.php 2-add this code befo...
TP-Link TL-WR740N - Buffer Overflow 'DOS'
Exploit Title: TP-Link TL-WR740N - Buffer Overflow 'DOS' Date: 8/12/2023 Exploit Author: Anish Feroz ZEROXINN Vendor Homepage: http://www.tp-link.com Version: TP-Link TL-WR740n 3.12.11 Build 110915 Rel.40896n Tested on: TP-Link TL-WR740N Description: There exist a buffer overflow vulnerability in...
DS Wireless Communication - Remote Code Execution
Exploit Title: DS Wireless Communication Remote Code Execution Date: 11 Oct 2023 Exploit Author: MikeIsAStar Vendor Homepage: https://www.nintendo.com Version: Unknown Tested on: Wii CVE: CVE-2023-45887 """This code will inject arbitrary code into a client's game. You are fully responsible for al...
TSplus 16.0.2.14 - Remote Access Insecure Files and Folders Permissions
Exploit Title: TSplus 16.0.2.14 - Remote Access Insecure Files and Folders Permissions Date: 2023-08-09 Exploit Author: Carlo Di Dato for Deloitte Risk Advisory Italia Vendor Homepage: https://tsplus.net/ Version: Up to 16.0.2.14 Tested on: Windows CVE : CVE-2023-31067 TSplus Remote Access v...
RockMongo 1.1.7 - Stored Cross-Site Scripting (XSS)
Exploit Title: RockMongo 1.1.7 - Stored Cross-Site Scripting XSS Discovery by: Rafael Pedrero Discovery Date: 2020-09-19 Vendor Homepage: https://github.com/iwind/rockmongo/ Software Link : https://github.com/iwind/rockmongo/ Tested Version: 1.1.7 Tested on: Windows 7 and 10 Vulnerability Type:...
EasyPHP Webserver 14.1 - Multiple Vulnerabilities (RCE and Path Traversal)
Exploit Title: EasyPHP Webserver 14.1 - Multiple Vulnerabilities RCE and Path Traversal Discovery by: Rafael Pedrero Discovery Date: 2022-02-06 Vendor Homepage: https://www.easyphp.org/ Software Link : https://www.easyphp.org/ Tested Version: 14.1 Tested on: Windows 7 and 10 Vulnerability Type:...
SAM SUNNY TRIPOWER 5.0 - Insecure Direct Object Reference (IDOR)
Exploit Title: SAM SUNNY TRIPOWER 5.0 - Insecure Direct Object Reference IDOR Date: 7/4/2022 Exploit Author: Momen Eldawakhly Cyber Guy Vendor Homepage: https://www.sma.de Version: SUNNY TRIPOWER 5.0 Firmware version 3.10.16.R Tested on: Linux Firefox CVE : CVE-2021-46416 Proof of Concept...
Zenario CMS 9.0.54156 - Remote Code Execution (RCE) (Authenticated)
Exploit Title: Zenario CMS 9.0.54156 - Remote Code Execution RCE Authenticated Date: 04/02/2022 Exploit Author: minhnq22 Vendor Homepage: https://zenar.io/ Software Link: https://zenar.io/download-page Version: 9.0.54156 Tested on: Ubuntu 21.04 CVE : CVE-2021–42171 Python3 import os import sys...
VUPlayer 2.49 - '.wax' Local Buffer Overflow (DEP Bypass)
Exploit Title: VUPlayer 2.49 - '.wax' Local Buffer Overflow DEP Bypass Date: 26/06/2021 Exploit Author: Bryan Leong Vendor Homepage: http://www.vuplayer.com/ Software Link: Null Version: VUPlayer 2.49 Tested on: Windows 7 x64 CVE : CVE-2009-0182 VUPlayer 2.49 Local Buffer Overflow to Arbitrary Co...
Mult-e-Cart Ultimate 2.4 - 'id' SQL Injection
Exploit Title: Mult-e-Cart Ultimate 2.4 - 'id' SQL Injection Date: 2021-10-22 Exploit Author: Vulnerability Lab Vendor Homepage: https://multecart.com/ Version: 2.4 Document Title: =============== Mult-e-Cart Ultimate v2.4 - SQL Injection Vulnerability References Source: ====================...
openMAINT openMAINT 2.1-3.3-b - 'Multiple' Persistent Cross-Site Scripting
Exploit Title: openMAINT openMAINT 2.1-3.3-b - 'Multiple' Persistent Cross-Site Scripting Date: 13/03/2021 Exploit Author: Hosein Vita Vendor Homepage: https://www.openmaint.org/ Software Link: https://sourceforge.net/projects/openmaint/files/2.1/Core%20updates/openmaint-2.1-3.3.1/ Version: 2.1-3...
LogonExpert 8.1 - 'LogonExpertSvc' Unquoted Service Path
Exploit Title: LogonExpert 8.1 - 'LogonExpertSvc' Unquoted Service Path Discovery by: Victor Mondragón Discovery Date: 23-02-2021 Vendor Homepage: https://www.softros.com/ Software Links : https://download.logonexpert.com/LogonExpertSetup64.msi Tested Version: 8.1 Vulnerability Type: Unquoted...
Rapid7 Nexpose Installer 6.6.39 - 'nexposeengine' Unquoted Service Path
Exploit Title: Rapid7 Nexpose Installer 6.6.39 - 'nexposeengine' Unquoted Service Path Date: 2020-08-31 Exploit Author: Angelo D'Amato Vendor Homepage: https://www.rapid7.com Version: sc qc nexposeengine SC QueryServiceConfig SUCCESS SERVICENAME: nexposeengine TYPE : 10 WIN32OWNPROCESS STARTTYPE ...
Ubuntu 19.10 - ubuntu-aufs-modified mmap_region() Breaks Refcounting in overlayfs/shiftfs Error Path
Tested on 19.10. Ubuntu's aufs kernel patch includes the following change which I interestingly can't see in the AUFS code at https://github.com/sfjro/aufs5-linux/blob/master/mm/mmap.c: ================================================================== +define vmafputvma vmadofputvma, func, LINE...
BlackMoon FTP Server 3.1.2.1731 - 'BMFTP-RELEASE' Unquoted Serive Path
Exploit Title: BlackMoon FTP Server 3.1.2.1731 - 'BMFTP-RELEASE' Unquoted Serive Path Exploit Author: Debashis Pal Date: 2019-10-17 Vendor : Blackmoonftpserver Source: http://www.tucows.com/preview/222822/BlackMoon-FTP-Server?q=FTP+server Version: BlackMoon FTP Server 3.1.2.1731 CVE : N/A Tested...
Cisco Catalyst 2960 IOS 12.2(55)SE1 - 'ROCEM' Remote Code Execution
Cisco Catalyst 2960 IOS 12.255SE1 - 'ROCEM' Remote Code Execution. CVE-2017-3881. Remote exploit for Hardware platform !/usr/bin/python Author: Artem Kondratenko @artkond import socket import sys from time import sleep setcredless = True if lensys.argv 3: print sys.argv0 + ' host --set/--unset'...
Microsoft IIS 6.0 - ASP Stack Overflow Stack Exhaustion (Denial of Service) (MS10-065)
Affected Vendors Microsoft Affected Products Only Microsoft IIS 6.0 was tested successfully On a Windows Server 2003 SP2 System The System was NOT updated to the latest patches during testing. Since tests “in the wild” have shown the attack to be real this advisory was released. Vulnerability...
HP-UX 11.00/10.20 crontab - Overwrite Files
!/bin/sh HP-UX 11.00/10.20 crontab Kyong-won,Cho [email protected] Usage : ./crontab.sh if -z "$1" then echo "Usage : $0 " exit fi cat /tmp/crontabexp !/bin/sh ln -sf $1 $1 EOF chmod 755 /tmp/crontabexp EDITOR=/tmp/crontabexp export EDITOR crontab -e 2 /tmp/crontab$$ grep -v "error on previous...
ABB Cylon Aspect 3.08.02 - Cross-Site Request Forgery (CSRF)
!-- ABB Cylon Aspect 3.08.02 userManagement.php Cross-Site Request Forgery Vendor: ABB Ltd. Product web page: https://www.global.abb Affected version: NEXUS Series, MATRIX-2 Series, ASPECT-Enterprise, ASPECT-Studio Firmware: =3.08.02 Summary: ASPECT is an award-winning scalable building energy...
MagnusSolution magnusbilling 7.3.0 - Command Injection
Exploit Title: MagnusSolution magnusbilling 7.3.0 - Command Injection Date: 2024-10-26 Exploit Author: CodeSecLab Vendor Homepage: https://github.com/magnussolution/magnusbilling7 Software Link: https://github.com/magnussolution/magnusbilling7 Version: 7.3.0 Tested on: Centos CVE : CVE-2023-30258...
Windows 11 22h2 - Kernel Privilege Elevation
// Exploit Title: Windows 11 22h2 - Kernel Privilege Elevation // Date: 2023-06-20 // country: Iran // Exploit Author: Amirhossein Bahramizadeh // Category : webapps // Vendor Homepage: // Tested on: Windows/Linux // CVE : CVE-2023-28293 include include // The vulnerable driver file name const ch...
Microsoft SharePoint Enterprise Server 2016 - Spoofing
// Exploit Title: Microsoft SharePoint Enterprise Server 2016 - Spoofing // Date: 2023-06-20 // country: Iran // Exploit Author: Amirhossein Bahramizadeh // Category : Remote // Vendor Homepage: // Microsoft SharePoint Foundation 2013 Service Pack 1 // Microsoft SharePoint Server Subscription...
IntelliChoice eFORCE Software Suite 2.5.9 - Username Enumeration
Exploit Title: IntelliChoice eFORCE Software Suite 2.5.9 - Username Enumeration Date: 03.05.2021 Exploit Author: LiquidWorm Vendor Homepage: https://www.eforcesoftware.com IntelliChoice eFORCE Software Suite v2.5.9 Username Enumeration Vendor: IntelliChoice, Inc. Product web page:...
Simple CRM 3.0 - 'email' SQL injection (Authentication Bypass)
Exploit Title: Simple CRM 3.0 - 'email' SQL injection Authentication Bypass Date: 22/06/2021 Exploit Author: Rinku Kumar rinku191 Vendor Homepage: https://phpgurukul.com/ Software Link: https://phpgurukul.com/small-crm-php/ Version: 3.0 Category: Webapps Tested on: Apache2+MariaDB latest version...
WoWonder Social Network Platform 3.1 - Authentication Bypass
Exploit Title: WoWonder Social Network Platform 3.1 - Authentication Bypass Date: 11.06.2021 Exploit Author: securityforeveryone.com Researchers : Security For Everyone Team - https://securityforeveryone.com Vendor Homepage: https://www.wowonder.com/ Software Link:...
Selenium 3.141.59 - Remote Code Execution (Firefox/geckodriver)
Exploit Title: Selenium 3.141.59 - Remote Code Execution Firefox/geckodriver Date: 2021-05-27 Exploit Author: Jon Stratton Vendor Homepage: https://www.selenium.dev/ Software Link: https://selenium-release.storage.googleapis.com/3.141/selenium-server-standalone-3.141.59.jar Version: 3.141.59 Test...
Vembu BDR 4.2.0.1 U1 - Multiple Unquoted Service Paths
Exploit Title: Vembu BDR 4.2.0.1 U1 - Multiple Unquoted Service Paths Date: 2020-11-6 Exploit Author: Mohammed Alshehri Vendor Homepage: https://www.vembu.com/ Software Link: https://sg-build-release.s3.amazonaws.com/BDRSuite/V420/4202020051312/VembuBDRBackupServerSetup4201U1GA.exe Version: Versi...
WiFi Mouse 1.7.8.5 - Remote Code Execution
Exploit Title: WiFi Mouse 1.7.8.5 - Remote Code Execution Date: 25-02-2021 Author: H4rk3nz0 Vendor Homepage: http://necta.us/ Software Link: http://wifimouse.necta.us/download Version: 1.7.8.5 Tested on: Windows Enterprise Build 17763 Desktop Server software used by mobile app has PIN option whic...
Seacms 11.1 - 'ip and weburl' Remote Command Execution
Exploit Title: Seacms 11.1 - 'ip and weburl' Remote Command Execution Date: 20201212 Exploit Author: j5s Vendor Homepage: https://www.seacms.net/ Software Link: https://www.seacms.net/ Version: 11.1 POST /SeaCMS111/5f9js3/adminip.php?action=set HTTP/1.1 Host: 192.168.137.139 User-Agent: Mozilla/5...
IP Watcher v3.0.0.30 - 'PACService.exe' Unquoted Service Path
Exploit Title: IP Watcher v3.0.0.30 - 'PACService.exe' Unquoted Service Path Date: 2020-8-25 Exploit Author: Mohammed Alshehri Vendor Homepage: https://www.gearboxcomputers.com/ Software Link: https://www.gearboxcomputers.com/files/IPWatcherSetup.exe Version: 3.0.0.30 Tested on: Microsoft Windows...
Web Based Online Hotel Booking System 0.1.0 - Authentication Bypass
Exploit Title: Web Based Online Hotel Booking System 0.1.0 - Authentication Bypass Date: 2020-07-03 Exploit Author: KeopssGroup0day,Inc Vendor Homepage: https://github.com/mrzulkarnine/Web-based-hotel-booking-system Software Link: https://github.com/mrzulkarnine/Web-based-hotel- booking-system...
Victor CMS 1.0 - 'user_firstname' Persistent Cross-Site Scripting
Exploit Title: Victor CMS 1.0 - 'userfirstname' Persistent Cross-Site Scripting Google Dork: N/A Date: 2020-06-28 Exploit Author: Anushree Priyadarshini Vendor Homepage: https://github.com/VictorAlagwu/CMSsite Software Link:https://github.com/VictorAlagwu/CMSsite/archive/master.zip Version: 1.0...