47904 matches found
Microsoft Windows 7 SP1 (x86) - Local Privilege Escalation (MS16-014)
/ Exploit Title: Elevation of privilege on Windows 7 SP1 x86 Date: 28/06-2016 Exploit Author: @blomster81 Vendor Homepage: www.microsoft.com Version: Windows 7 SP1 x86 Tested on: Windows 7 SP1 x86 CVE : 2016-0400 MS16-014 EoP PoC created from...
PHPJabbers Taxi Booking 2.0 - Reflected XSS
Exploit Title: PHPJabbers Taxi Booking 2.0 - Reflected XSS Exploit Author: CraCkEr Date: 22/07/2023 Vendor: PHPJabbers Vendor Homepage: https://www.phpjabbers.com/ Software Link: https://www.phpjabbers.com/taxi-booking-script/ Version: 2.0 Tested on: Windows 10 Pro Impact: Manipulate the content ...
Aures Booking & POS Terminal - Local Privilege Escalation
Exploit Title: Aures Booking & POS Terminal - Local Privilege Escalation References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2323 Release Date: ============= 2023-07-17 Vulnerability Laboratory ID VL-ID: ==================================== 2323 Common...
MiniTool Partition Wizard ShadowMaker v.12.7 - Unquoted Service Path "MTSchedulerService"
Exploit Title: MiniTool Partition Wizard ShadowMaker v.12.7 - Unquoted Service Path Date: 06/07/2023 Exploit Author: Idan Malihi Vendor Homepage: https://www.minitool.com/ Software Link: https://www.minitool.com/download-center/ Version: 12.7 Tested on: Microsoft Windows 10 Pro CVE : CVE-2023-361...
Service Provider Management System v1.0 - SQL Injection
Exploit Title: Service Provider Management System v1.0 - SQL Injection Date: 2023-05-23 Exploit Author: Ashik Kunjumon Vendor Homepage: https://www.sourcecodester.com/users/lewa Software Link:...
Sony playmemories home - 'PMBDeviceInfoProvider' Unquoted Service Path
Exploit Title: Sony playmemories home - 'PMBDeviceInfoProvider' Unquoted Service Path Date: 09/03/2022 Exploit Author: Saud Alenazi Vendor Homepage: https://www.sony.com/ Software Link: https://support.d-imaging.sony.co.jp/www/disoft/int/download/playmemories-home/win/en/index.html Version: 6.0...
AlphaWeb XE - File Upload Remote Code Execution (RCE) (Authenticated)
Exploit Title: AlphaWeb XE - File Upload Remote Code Execution RCE Authenticated Date: 09/09/2021 Exploit Author: Ricardo Ruiz @ricardojoserf Vendor website: https://www.zenitel.com/ Product website: https://wiki.zenitel.com/wiki/AlphaWeb Example: python3 CVE-2021-40845.py -u "http://$ip:80/" -c...
Dolibarr ERP/CRM 10.0.6 - Login Brute Force
Exploit Title: Dolibarr ERP/CRM 10.0.6 - Login Brute Force Date:2020-01-18 Exploit Author: Creamy Chicken Soup Vendor Homepage: https://www.dolibarr.org Software Link: https://sourceforge.net/projects/dolibarr/ Version: 10.0.6 Tested on: Windows 10 - 64bit CVE: CVE-2020-7995 function...
Sudo 1.9.5p1 - 'Baron Samedit ' Heap-Based Buffer Overflow Privilege Escalation (1)
Exploit Title: Sudo 1.9.5p1 - 'Baron Samedit ' Heap-Based Buffer Overflow Privilege Escalation 1 Date: 2021-02-02 Exploit Author: West Shepherd Version: Sudo legacy versions from 1.8.2 to 1.8.31p2, stable versions from 1.9.0 to 1.9.5p1. Tested on: Ubuntu 20.04.1 LTS Sudo version 1.8.31 CVE :...
OCS Inventory NG 2.7 - Remote Code Execution
Exploit Title: OCS Inventory NG 2.7 - Remote Code Execution Date: 2020-06-05 Exploit Author: Askar @mohammadaskar2 CVE: CVE-2020-14947 Vendor Homepage: https://ocsinventory-ng.org/ Version: v2.7 Tested on: Ubuntu 18.04 / PHP 7.2.24 !/usr/bin/python3 import requests import sys import warnings impo...
Joomla! Plugin XCloner Backup 3.5.3 - Local File Inclusion (Authenticated)
Exploit Title: Joomla! Plugin XCloner Backup 3.5.3 - Local File Inclusion Authenticated Date: 2020-05-10 Exploit Author: Mehmet Kelepçe / Gais Cyber Security Exploit-Db Author ID: 8763 Reference: https://www.xcloner.com/xcloner-news/security-release-available-for-archived-joomla-version/ Vendor...
WebKit - User-agent Shadow root Leak in WebCore::ReplacementFragment::ReplacementFragment
ReplacementFragment::insertFragmentForTestRenderingNode rootEditableElement auto holder = createDefaultParagraphElementdocument; holder-appendChildmfragment; rootEditableElement-appendChildholder; // 2 document.updateLayoutIgnorePendingStylesheets; return holder;...
Agent Tesla Botnet - Arbitrary Code Execution (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "Tesla Agent Remote Code Execution", 'Description' = %q This module exploits the command injection vulnerability of tesla agent botnet panel. ,...
AZADMIN CMS 1.0 - SQL Injection
Sql Injection on AZADMIN CMS of HIDEA v1.0 + Date: 24/06/2019 + CWE Number : CWE-89 + Risk: High + Author: Felipe Andrian Peixoto + Vendor Homepage: https://www.hidea.com/ + Contact: [email protected] + Tested on: Windows 7 and Linux + Vulnerable Files: newsdet.php + Dork :...
Microsoft Office SharePoint Server 2016 - Denial of Service (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'sharepoint-ruby' class MetasploitModule 'DOS Vulnerability in SharePoint 2016 Server', 'Description' = %q A vulnerability in Microsoft SharePoint Server could...
Magento eCommerce - Remote Code Execution
Exploit Title : Magento Shoplift exploit SUPEE-5344 Author : Manish Kishan Tanwar AKA error1046 Date : 25/08/2015 Love to : zero cool,Team indishell,Mannu,Viki,Hardeep Singh,Jagriti,Kishan Singh and ritu rathi Debugged At : Indishell Laboriginally developed by joren //////////////////////// ///...
Invision Community 5.0.6 - Remote Code Execution (RCE)
\n"; print "\nExample....: php $argv0 http://localhost/invision/"; print "\nExample....: php $argv0 https://invisioncommunity.com/\n\n"; die; $ch = curlinit; $params = "app" = "core", "module" = "syst...
RDPGuard 9.9.9 - Privilege Escalation
Exploit Title: RDPGuard 9.9.9 - Privilege Escalation Discovered by: Ahmet Ümit BAYRAM Discovered Date: 09.05.2025 Vendor Homepage: https://rdpguard.com Software Link: https://rdpguard.com/download.aspx Tested Version: 9.9.9 latest Tested on: Windows 10 32bit Steps to Reproduce 1. Prepare a .bat...
Car Rental Project 1.0 - Remote Code Execution
Exploit Title: Car Rental Project 1.0 - Remote Code Execution Date: 1/3/2020 Exploit Author: FULLSHADE, SC Vendor Homepage: https://phpgurukul.com/ Software Link: https://phpgurukul.com/car-rental-project-php-mysql-free-download/ Version: 1.0 Tested on: Windows CVE : CVE-2020-5509...
ABB Cylon Aspect 3.08.02 (escDevicesUpdate.php) - Denial of Service (DOS)
ABB Cylon Aspect 3.08.02 escDevicesUpdate.php Off-by-One Config Write DoS Vendor: ABB Ltd. Product web page: https://www.global.abb Affected version: NEXUS Series, MATRIX-2 Series, ASPECT-Enterprise, ASPECT-Studio Firmware: =3.08.02 Summary: ASPECT is an award-winning scalable building energy...
ABB Cylon Aspect 3.08.02 (bbmdUpdate.php) - Remote Code Execution
ABB Cylon Aspect 3.08.02 bbmdUpdate.php - Remote Code Execution Vendor: ABB Ltd. Product web page: https://www.global.abb Affected version: NEXUS Series, MATRIX-2 Series, ASPECT-Enterprise, ASPECT-Studio Firmware: =3.08.02 Summary: ASPECT is an award-winning scalable building energy management an...
GeoVision GV-ASManager 6.1.1.0 - CSRF
Exploit Title: GeoVision GV-ASManager 6.1.1.0 - CSRF Google Dork: inurl:"ASWeb/Login" Date: 02-FEB-2025 Exploit Author: Giorgi Dograshvili DRAGOWN Vendor Homepage: https://www.geovision.com.tw/ Software Link: https://www.geovision.com.tw/download/product/ Version: 6.1.1.0 or less Tested on: Windo...
Wordpress Plugin WP Video Playlist 1.1.1 - Stored Cross-Site Scripting (XSS)
Exploit Title: Wordpress Plugin WP Video Playlist 1.1.1 - Stored Cross-Site Scripting XSS Date: 12 April 2024 Exploit Author: Erdemstar Vendor: https://wordpress.com/ Version: 1.1.1 Proof Of Concept: 1. Click Add Video part and enter the XSS payload as below into the first input of form or Reques...
Hitachi NAS (HNAS) System Management Unit (SMU) Backup & Restore < 14.8.7825.01 - IDOR
!/usr/bin/python3 Title: Hitachi NAS HNAS System Management Unit SMU Backup & Restore IDOR Vulnerability CVE: CVE-2023-5808 Date: 2023-12-13 Exploit Author: Arslan Masood @arszilla Vendor: https://www.hitachivantara.com/ Version: --id --sso " Create --host argument: parser.addargument "--host",...
TSplus 16.0.0.0 - Remote Work Insecure Files and Folders
Exploit Title: TSplus 16.0.0.0 - Remote Work Insecure Files and Folders Permissions Date: 2023-08-09 Exploit Author: Carlo Di Dato for Deloitte Risk Advisory Italia Vendor Homepage: https://tsplus.net/ Version: Up to 16.0.0.0 Tested on: Windows CVE : CVE-2023-31068 With TSPlus Remote Work v...
Zomplog 3.9 - Cross-site scripting (XSS)
Exploit Title: Zomplog 3.9 - Cross-site scripting XSS Application: Zomplog Version: v3.9 Bugs: XSS Technology: PHP Vendor URL: http://zomp.nl/zomplog/ Software Link: http://zomp.nl/zomplog/downloads/zomplog/zomplog3.9.zip Date of found: 22.07.2023 Author: Mirabbas Ağalarov Tested on: Linux 2...
Game Jackal Server v5 - Unquoted Service Path "GJServiceV5"
Exploit Title: Game Jackal Server v5 - Unquoted Service Path Date: 06/07/2023 Exploit Author: Idan Malihi Vendor Homepage: https://www.allradiosoft.ru Software Link: https://www.allradiosoft.ru/en/ss/index.htm Version: 5 Tested on: Microsoft Windows 10 Pro CVE : CVE-2023-36166 PoC C:\Userswmic...
Epson Stylus SX510W Printer Remote Power Off - Denial of Service
Exploit Title: Epson Stylus SX510W Printer Remote Power Off - Denial of Service PoC Discovery by: Rafael Pedrero Discovery Date: 2020-05-16 Vendor Homepage: https://www.epson.es/ Software Link : https://www.epson.es/products/printers/inkjet-printers/for-home/epson-stylus-sx510w Tested Version:...
Auto Dealer Management System 1.0 - Broken Access Control Exploit
Exploit Title: Auto Dealer Management System 1.0 - Broken Access Control Exploit It leads to compromise of all application accounts by accessing the ?page=user/list with low privileged user account Date: 18 February 2023 CVE Assigned: CVE-2023-0916 mitre.org nvd.nist.org Author: Muhammad Navaid...
Cyclos 4.14.7 - 'groupId' DOM Based Cross-Site Scripting (XSS)
Exploit Title: Cyclos 4.14.7 - 'groupId' DOM Based Cross-Site Scripting XSS Date: 17/04/2021 Exploit Author: Tin Pham aka TF1T of VietSunshine Cyber Security Services Vendor Homepage: https://www.cyclos.org/ Version: Cyclos 4.14.7 and prior Tested on: Ubuntu CVE : CVE-2021-31673 Description: A...
Explore CMS 1.0 - SQL Injection
Exploit Title: Explore CMS 1.0 - SQL Injection Date: 19/03/2022 Exploit Author: Sajibe Kanti Vendor Name : EXPLORE IT Vendor Homepage: https://exploreit.com.bd CVE: CVE-2022-27412 POC SQL Injection SQL injection is a web security vulnerability that allows an attacker to interfere with the queries...
Sherpa Connector Service v2020.2.20328.2050 - Unquoted Service Path
Exploit Title: Sherpa Connector Service v2020.2.20328.2050 - Unquoted Service Path Exploit Author: Manthan Chhabra netsectuna, Harshit fumenoid Version: 2020.2.20328.2050 Date: 02/04/2022 Vendor Homepage: http://gimmal.com/ Vulnerability Type: Unquoted Service Path Tested on: Windows 10 CVE:...
ICT Protege GX/WX 2.08 - Stored Cross-Site Scripting (XSS)
Exploit Title: ICT Protege GX/WX 2.08 - Stored Cross-Site Scripting XSS Exploit Author: LiquidWorm Vendor: Integrated Control Technology Ltd. Product web page: https://www.ict.co Affected version: GX: Ver: 2.08.1002 K1B3 Lib: 04.00.217 Int: 2.3.235.J013 OS: 2.0.20 WX: Ver: 4.00 284 H062 App:...
Cain & Abel 4.9.56 - Unquoted Service Path
Exploit Title: Cain & Abel 4.9.56 - Unquoted Service Path Exploit Author: Aryan Chehreghani Date: 2022-02-08 Software Link: https://www.malavida.com/en/soft/cain-and-abel Version: 4.9.56 Tested on: Windows 10 x64 PoC SERVICENAME: Abel TYPE : 110 WIN32OWNPROCESS interactive STARTTYPE : 2 AUTOSTART...
Simple CRM 3.0 - 'name' Stored Cross site scripting (XSS)
Exploit Title: Simple CRM 3.0 - 'name' Stored Cross site scripting XSS Date: 20/06/2021 Exploit Author: Riadh Benlamine rbn0x00 Vendor Homepage: https://phpgurukul.com/ Software Link: https://phpgurukul.com/small-crm-php/ Version: 3.0 Category: Webapps Tested on: Apache2+MariaDB latest version...
FOGProject 1.5.9 - File Upload RCE (Authenticated)
Exploit Title: FOGProject 1.5.9 - File Upload RCE Authenticated Date: 2021-04-28 Exploit Author: [email protected] Vendor Homepage: https://fogproject.org Software Link: https://github.com/FOGProject/fogproject/archive/1.5.9.zip Tested on: Debian 10 On the Attacker Machine: 1 Create an empty 10Mb...
SuiteCRM 7.11.15 - 'last_name' Remote Code Execution (Authenticated)
Exploit Title: SuiteCRM 7.11.15 - 'lastname' Remote Code Execution Authenticated Date: 08 NOV 2020 Exploit Author: M. Cory Billington @th3y Vendor Homepage: https://suitecrm.com/ Software Link: https://github.com/salesagility/SuiteCRM Version: 7.11.15 and below Tested on: Ubuntu 20.04 LTS CVE:...
ThinkPHP - Multiple PHP Injection RCEs (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'ThinkPHP Multiple PHP Injection RCEs', 'Description' = %q This module exploits one of two PHP injection vulnerabilities in the ThinkPHP web...
WordPress Plugin Sliced Invoices 3.8.2 - 'post' SQL Injection
Exploit Title: Wordpress Sliced Invoices 3.8.2 - 'post' SQL Injection Date: 2019-10-22 Exploit Author: Lucian Ioan Nitescu Contact: https://twitter.com/LucianNitescu Webiste: https://nitesculucian.github.io Vendor Homepage: https://slicedinvoices.com/ Software Link:...
Oracle Application Testing Suite - WebLogic Server Administration Console War Deployment (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Oracle Application Testing Suite WebLogic Server Administration Console War Deployment', 'Description' = %q This module abuses a feature in...
Linux < 4.14.103 / < 4.19.25 - Out-of-Bounds Read and Write in SNMP NAT Module
commit cc2d58634e0f "netfilter: nfnatsnmpbasic: use asn1 decoder library", first in 4.16 changed the nfnatsnmpbasic module which, when enabled, parses and modifies the ASN.1-encoded payloads of SNMP messages so that the kernel's ASN.1 infrastructure is used instead of an open-coded parser. The...
Joomla! Component JoomCRM 1.1.1 - SQL Injection
Exploit Title: Joomla! Component JoomCRM 1.1.1 - SQL Injection Dork: N/A Date: 2019-01-11 Exploit Author: Ihsan Sencan Vendor Homepage: http://joomboost.com/ Software Link: https://extensions.joomla.org/extensions/extension/marketing/crm/joomcrm/ Version: 1.1.1 Category: Webapps Tested on:...
Microsoft Windows 7 < 10 / 2008 < 2012 (x86/x64) - Secondary Logon Handle Privilege Escalation (MS16-032) (Metasploit)
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' require 'msf/core/payloadgenerator' require 'msf/core/exploit/powershell' require 'rex' class MetasploitModule 'MS16-032 Secondary Logon Handle Privile...
YourFreeWorld Autoresponder Hosting - 'tr.php' SQL Injection
Autoresponder Hosting id Remote SQL Injection Vulnerability Author: Hussin X Home : www.IQ-TY.com & www.TrYaG.cc script :http://www.yourfreeworld.com/script/autoresponderhosting.php DorK : inurl:tr.php?id= Autoresponder Exploit :...
Bluemoon inc. PopnupBlog 3.30 - 'index.php' Multiple Cross-Site Scripting Vulnerabilities
source: https://www.securityfocus.com/bid/30827/info Bluemoon inc. PopnupBlog is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecti...
Ethernet Device Drivers Frame Padding - 'Etherleak' Infomation Leakage
!/usr/bin/perl -w etherleak, code that has been 5 years coming. On 04/27/2002, I disclosed on the Linux Kernel Mailing list, a vulnerability that would be come known as the 'etherleak' bug. In various situations an ethernet frame must be padded to reach a specific size or fall on a certain...
Microsoft Class Package Export Tool 5.0.2752 - 'Clspack.exe' Local Buffer Overflow (PoC)
source: https://www.securityfocus.com/bid/20561/info Microsoft Class Package Export Tool 'clspack.exe' is prone to a local buffer-overflow vulnerability because the application fails to properly size attacker-supplied data before copying it into an insuficiently sized memory buffer. Exploiting th...
VP-ASP Shopping Cart - 'Shopadmin.asp' HTML Injection
source: https://www.securityfocus.com/bid/15490/info VP-ASP Shopping Cart is prone to an HTML injection vulnerability. This is due to a lack of proper validation of user-supplied input before being used in dynamically generated content. Attacker-supplied HTML and script code would be executed in...
ProSSHD 1.2 20090726 - Denial of Service (DoS)
Exploit Title: ProSSHD 1.2 20090726 - Denial of Service DoS Google Dork: N/A Date: 13 january 2024 Exploit Author: Fernando Mengali Vendor Homepage: https://prosshd.com/ Software Link: N/A Version: 1.2 20090726 Tested on: Windows XP CVE: CVE-2024-0725 $sis="$^O"; if $sis eq "windows" $cmd="cls";...
Moodle 3.10.1 - Authenticated Blind Time-Based SQL Injection - "sort" parameter
Exploit Title: Moodle Authenticated Time-Based Blind SQL Injection - "sort" Parameter Google Dork: Date: 04/11/2023 Exploit Author: Julio Ángel Ferrari Aka. T0X1Cx Vendor Homepage: https://moodle.org/ Software Link: Version: 3.10.1 Tested on: Linux CVE : CVE-2021-36393 import requests import stri...