47904 matches found
Executables Created with perl2exe < V30.10C - Arbitrary Code Execution
Exploit Title: Executables Created with perl2exe safe.pl user@testing:/example$ ./perl2exe-Linux-x64-5.30.1/perl2exe safe.pl Perl2Exe V30.10C 2020-12-11 Copyright c 1997-2020 IndigoSTAR Software ... Generating safe user@testing:/example$ user@testing:/example$ Check that the program executes as...
Altenergy Power Control Software C1.2.5 - OS command injection
Exploit Title: Altenergy Power Control Software C1.2.5 - OS command injection Google Dork: intitle:"Altenergy Power Control Software" Date: 15/3/2023 Exploit Author: Ahmed Alroky Vendor Homepage: https://apsystems.com/ Version: C1.2.5 Tested on: Windows 10 CVE : CVE-2023-28343 import requests...
craftercms 4.x.x - CORS
Exploit Title: craftercms 4.x.x - CORS Author: nu11secur1ty Date: 03.07.2023 Vendor: https://docs.craftercms.org/en/4.0/index.html Software: https://github.com/craftercms/craftercms/tags = 4.x.x Reference: https://portswigger.net/web-security/cors Description: The application implements an HTML5...
modoboa 2.0.4 - Admin TakeOver
/ Exploit Title: modoboa 2.0.4 - Admin TakeOver Description: Authentication Bypass by Primary Weakness Date: 02/10/2023 Software Link: https://github.com/modoboa/modoboa Version: modoboa/modoboa prior to 2.0.4 Tested on: Arch Linux Exploit Author: 7h3h4ckv157 CVE: CVE-2023-0777 / package main...
Wondershare Dr.Fone 11.4.10 - Insecure File Permissions
Exploit Title: Wondershare Dr.Fone 11.4.10 - Insecure File Permissions Date: 04/25/2022 Exploit Author: AkuCyberSec https://github.com/AkuCyberSec Vendor Homepage: https://drfone.wondershare.com/ Software Link: https://download.wondershare.com/drfonefull3360.exe Version: 11.4.10 Tested on: Window...
COVID19 Testing Management System 1.0 - 'Multiple' SQL Injections
Exploit Title: COVID19 Testing Management System 1.0 - 'Multiple' SQL Injections Date: 17-08-2021 Exploit Author: Halit AKAYDIN hLtAkydn Vendor Homepage: https://phpgurukul.com Software Link: https://phpgurukul.com/covid19-testing-management-system-using-php-and-mysql/ Version: V1 Category: Webap...
COMMAX Smart Home Ruvie CCTV Bridge DVR Service - RTSP Credentials Disclosure
Exploit Title: COMMAX Smart Home Ruvie CCTV Bridge DVR Service - RTSP Credentials Disclosure Date: 02.08.2021 Exploit Author: LiquidWorm Vendor Homepage: https://www.commax.com COMMAX Smart Home Ruvie CCTV Bridge DVR Service RTSP Credentials Disclosure Vendor: COMMAX Co., Ltd. Prodcut web page:...
WordPress Plugin LearnPress 3.2.6.8 - Privilege Escalation
Exploit Title: WordPress Plugin LearnPress 3.2.6.8 - Privilege Escalation Date: 07-17-2021 Exploit Author: nhattruong or nhattruong.blog Vendor Homepage: https://thimpress.com/learnpress/ Software Link: https://wordpress.org/plugins/learnpress/ Version:...
CMSimple 5.2 - 'External' Stored XSS
Exploit Title: CMSimple 5.2 - 'External' Stored XSS Date: 2021/04/07 Exploit Author: Quadron Research Lab Version: CMSimple 5.2 Tested on: Windows 10 x64 HUN/ENG Professional Vendor: https://www.cmsimple.org/en/ Description The CMSimple 5.2 allow stored XSS via the Settings CMS Filebrowser...
Budget Management System 1.0 - 'Budget title' Stored XSS
Exploit Title: Budget Management System 1.0 - 'Budget title' Stored XSS Exploit Author: Jitendra Kumar Tripathi Vendor Homepage: https://www.sourcecodester.com/ Software Link: https://www.sourcecodester.com/php/14403/budget-management-system.html Version: 1 Tested on Windows 10 + Xampp 8.0.3 XSS...
Wordpress Plugin Duplicator 1.3.26 - Unauthenticated Arbitrary File Read (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'WordPress Duplicator File Read Vulnerability', 'Description' = %q This module exploits an unauthenticated directory traversal vulnerability in...
Pi-hole < 4.4 - Authenticated Remote Code Execution
!/usr/bin/env python3 Pi-hole = 4.4 RCE Author: Nick Frichette Homepage: https://frichetten.com Note: This exploit must be run with root privileges and port 80 must not be occupied. While it is possible to exploit this from a non standard port, for the sake of simplicity and not having to modify...
FreeSWITCH 1.10.1 - Command Execution
Exploit Title: FreeSWITCH 1.10.1 - Command Execution Date: 2019-12-19 Exploit Author: 1F98D Vendor Homepage: https://freeswitch.com/ Software Link: https://files.freeswitch.org/windows/installer/x64/FreeSWITCH-1.10.1-Release-x64.msi Version: 1.10.1 Tested on: Windows 10 x64 FreeSWITCH listens on...
Alkacon OpenCMS 10.5.x - Cross-Site Scripting
Exploit Title: Alkacon OpenCMS 10.5.x - Multiple XSS in Apollo Template Google Dork: N/A Date: 18/07/2019 Exploit Author: Aetsu Vendor Homepage: http://www.opencms.org Software Link: https://github.com/alkacon/apollo-template Version: 10.5.x Tested on: 10.5.5 / 10.5.4 CVE : CVE-2019-13234,...
Baldr Botnet Panel - Arbitrary Code Execution (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'net/http' class MetasploitModule "Baldr Botnet Panel Shell Upload Exploit", 'Description' = %q This module exploits the file upload vulnerability of baldr malwa...
Microsoft DirectWrite / AFDKO - NULL Pointer Dereferences in OpenType Font Handling While Accessing Empty dynarrays
-----===== Background =====----- AFDKO Adobe Font Development Kit for OpenType is a set of tools for examining, modifying and building fonts. The core part of this toolset is a font handling library written in C, which provides interfaces for reading and writing Type 1, OpenType, TrueType to some...
WeChat for Android 7.0.4 - 'vcodec2_hls_filter' Denial of Service
Exploit Title: DoS Wechat with an emoji Date: 16-May-2019 Exploit Author: Hong Nhat Pham Vendor Homepage: http://www.tencent.com/en-us/index.html Software Link: https://play.google.com/store/apps/details?id=com.tencent.mm Version: 7.0.4 Tested on: Android 9.0 CVE : CVE-2019-11419 Description:...
Acunetix 9.5 - OLE Automation Array Remote Code Execution
!/usr/bin/python import BaseHTTPServer, sys, socket Acunetix OLE Automation Array Remote Code Execution Author: Naser Farhadi Linkedin: http://ir.linkedin.com/pub/naser-farhadi/85/b3b/909 Date: 27 Mar 2015 Version: acunetix.exe Video: https://vid.me/SRCb class...
Sony XAV-AX5500 1.13 - Firmware Update Validation Remote Code Execution (RCE)
Exploit Title: Sony XAV-AX5500 Firmware Update Validation Remote Code Execution Date: 11-Feb-2025 Exploit Author: lkushinada Vendor Homepage: https://www.sony.com/et/electronics/in-car-receivers-players/xav-ax5500 Software Link: https://archive.org/details/xav-ax-5500-v-113 Version: 1.13 Tested o...
Dotclear 2.29 - Remote Code Execution (RCE)
Exploit Title: Dotclear 2.29 - Remote Code Execution RCE Discovered by: Ahmet Ümit BAYRAM Discovered Date: 26.04.2024 Vendor Homepage: https://git.dotclear.org/explore/repos Software Link: https://github.com/dotclear/dotclear/archive/refs/heads/master.zip Tested Version: v2.29 latest Tested on:...
Online-Pizza-Ordering -1.0 - Remote Code Execution (RCE)
Exploit Title: Online-Pizza-Ordering -1.0 - Remote Code Execution RCE Author: nu11secur1ty Date: 03.30.2023 Vendor: https://github.com/oretnom23 Software: https://www.sourcecodester.com/php/16166/online-pizza-ordering-system-php-free-source-code.html Reference:...
Intern Record System v1.0 - SQL Injection (Unauthenticated)
Exploit Title: Intern Record System v1.0 - SQL Injection Unauthenticated Date: 2022-06-09 Exploit Author: Hamdi Sevben Vendor Homepage: https://code-projects.org/intern-record-system-in-php-with-source-code/ Software Link:...
Agilebio Lab Collector Electronic Lab Notebook v4.234 - Remote Code Execution (RCE)
Exploit Title: Agilebio Lab Collector Electronic Lab Notebook v4.234 - Remote Code Execution RCE Date: 2023-02-28 Exploit Author: Anthony Cole Vendor Homepage: https://labcollector.com/labcollector-lims/add-ons/eln-electronic-lab-notebook/ Version: v4.234 Contact: http://twitter.com/acole76...
Responsive FileManager 9.9.5 - Remote Code Execution (RCE)
Exploit Title: Responsive FileManager 9.9.5 - Remote Code Execution RCE Date: 02-Feb-2023 Exploit Author: Galoget Latorre @galoget Vendor Homepage: https://responsivefilemanager.com Software Link: https://github.com/trippo/ResponsiveFilemanager/releases/download/v9.9.5/responsivefilemanager.zip...
openSIS Student Information System 8.0 - 'multiple' SQL Injection
Exploit Title: openSIS Student Information System 8.0 - 'multiple' SQL Injection Date: 26/12/2021 Exploit Author: securityforeveryone.com Author Mail: helloATsecurityforeveryone.com Vendor Homepage: https://opensis.com Software Link: https://opensis.com Version: 8.0 Community Edition Tested on:...
HD-Network Real-time Monitoring System 2.0 - Local File Inclusion (LFI)
Exploit Title: HD-Network Real-time Monitoring System 2.0 - Local File Inclusion LFI Google Dork: intitle:"HD-Network Real-time Monitoring System V2.0" Date: 11/12/2021 Exploit Author: Momen Eldawakhly Cyber Guy Vendor Homepage: N/A Version: V2.0 Tested on: Nginx NVRDVRIPC Web Server Proof of...
WordPress Plugin Mimetic Books 0.2.13 - 'Default Publisher ID field' Stored Cross-Site Scripting (XSS)
Exploit Title: WordPress Plugin Mimetic Books 0.2.13 - 'Default Publisher ID field' Stored Cross-Site Scripting XSS Date: 18/07/2021 Exploit Author: Vikas Srivastava Vendor Homepage: Software Link: https://wordpress.org/plugins/mimetic-books/ Version: 0.2.13 Category: Web Application Tested on Ma...
BOOTP Turbo 2.0.0.1253 - 'bootpt.exe' Unquoted Service Path
Exploit Title: BOOTP Turbo 2.0.0.1253 - 'bootpt.exe' Unquoted Service Path Discovery by: Erick Galindo Discovery Date: 2020-05-07 Vendor Homepage: https://www.weird-solutions.com Software : https://www.weird-solutions.com/download/products/bootptdemox64.exe Tested Version: 2.0.0.1253 Vulnerabilit...
Tenda D151 & D301 - Configuration Download (Unauthenticated)
Exploit Title: Tenda D151 & D301 - Configuration Download Unauthenticated Date: 19-04-2021 Exploit Author: BenChaliah Author link: https://github.com/BenChaliah Vendor Homepage: https://www.tendacn.com Software Link: https://www.tendacn.com/us/download/detail-3331.html Versions: - D301 1.2.11.2EN...
python jsonpickle 2.0.0 - Remote Code Execution
Exploit Title: python jsonpickle 2.0.0 - Remote Code Execution Date: 24-2-2021 Vendor Homepage: https://jsonpickle.github.io Exploit Author: Adi Malyanker, Shay Reuven Software Link: https://github.com/jsonpickle/jsonpickle Version: 2.0.0 Tested on: windows, linux Python is an open source languag...
Solaris 10 (Intel) - 'dtprintinfo' Local Privilege Escalation (3)
Exploit Title: Solaris 10 1/13 Intel - 'dtprintinfo' Local Privilege Escalation 3 Date: 2021-02-01 Exploit Author: Marco Ivaldi Vendor Homepage: https://www.oracle.com/solaris/solaris10/ Version: Solaris 10 Tested on: Solaris 10 1/13 Intel / raptordtprintcheckdirintel2.c - Solaris/Intel FMT LPE...
MyBB Thread Redirect Plugin 0.2.1 - Cross-Site Scripting
Exploit Title: MyBB Thread Redirect Plugin 0.2.1 - Cross-Site Scripting Date: 7/23/2018 Author: 0xB9 Software Link: https://github.com/jamiesage123/Thread-Redirect Version: 0.2.1 Tested on: Windows 10 1. Description: This plugin allows threads to redirect to a URL with optional custom text. The...
Broadcom Wi-Fi Devices - 'KR00K Information Disclosure
Kr00ker Experimetal KR00K PoC in python3 using scapy Description: This script is a simple experiment to exploit the KR00K vulnerability CVE-2019-15126, that allows to decrypt some WPA2 CCMP data in vulnerable devices. More specifically this script attempts to retrieve Plaintext Data of WPA2 CCMP...
Dolibarr ERP-CRM 10.0.1 - 'elemid' SQL Injection
Exploit Title: Dolibarr ERP/CRM - elemid Sql Injection Exploit Author: Metin Yunus Kandemir kandemir Vendor Homepage: https://www.dolibarr.org/ Software Link: https://www.dolibarr.org/downloads Version: 10.0.1 Category: Webapps Tested on: Xampp for Linux Software Description : Dolibarr ERP & CRM ...
Jobberbase 2.0 - 'subscribe' SQL Injection
!/bin/bash Exploit Title: Jobberbase 2.0 - 'subscribe' SQL injection Date: 29 August 2019 Exploit Author: Damian Ebelties https://zerodays.lol/ Vendor Homepage: http://www.jobberbase.com/ Version: 2.0 Tested on: Ubuntu 18.04.1 : ' The page "/subscribe/" is vulnerable for SQL injection. Simply mak...
systemd - DynamicUser can Create setuid Binaries when Assisted by Another Process
This bug report describes a bug in systemd that allows a service with DynamicUser in collaboration with another service or user to create a setuid binary that can be used to access its UID beyond the lifetime of the service. This bug probably has relatively low severity, given that there aren't...
Bolt CMS 3.6.6 - Cross-Site Request Forgery / Remote Code Execution
history.pushState'', '', '/' function exploit var target = "http://127.0.0.1" var boltadminurl = target + "/bolt"; var xhr = new XMLHttpRequest; xhr.open"POST", boltadminurl + "/upload", true; xhr.setRequestHeader"Accept", "application/json, text/javascript, /; q=0.01";...
Joomla! Component vRestaurant 1.9.4 - SQL Injection
Exploit Title: Joomla! Component vRestaurant 1.9.4 - SQL Injection Dork: N/A Date: 2019-01-23 Exploit Author: Ihsan Sencan Vendor Homepage: http://wdmtech.com/ Software Link: https://extensions.joomla.org/extensions/extension/vertical-markets/food-a-beverage/vrestaurant/ Version: 1.9.4 Category:...
AnyBurn 4.3 - Local Buffer Overflow (PoC)
Exploit Title: AnyBurn Date: 15-12-2018 Vendor Homepage: http://www.anyburn.com/ Software Link : http://www.anyburn.com/anyburnsetup.exe Exploit Author: Achilles Tested Version: 4.3 32-bit Tested on: Windows 7 x64 Vulnerability Type: Denial of Service DoS Local Buffer Overflow Steps to Produce th...
Teedy 1.11 - Account Takeover via Stored Cross-Site Scripting (XSS)
Exploit Title: Teedy 1.11 - Account Takeover via Stored Cross-Site Scripting XSS Exploit Author: Ayato Shitomi @ Fore-Z co.ltd Demo Video: https://www.youtube.com/watch?v=udQgVogsmhA Vendor Homepage: https://teedy.io/ Software Link: https://github.com/Tomblib0/Teedy Version: 1.11 Tested on: Linux...
Emerson PAC Machine Edition 9.80 Build 8695 - 'TrapiServer' Unquoted Service Path
Exploit Title: Emerson PAC Machine Edition 9.80 Build 8695 - 'TrapiServer' Unquoted Service Path Discovery by: Luis Martinez Discovery Date: 2022-02-13 Vendor Homepage: https://www.emerson.com/en-us Software Link : https://www.opertek.com/descargar-software/?prc=326 Tested Version: 9.80 Build 869...
FatPipe Networks WARP/IPVPN/MPVPN 10.2.2 - 'Add Admin' Cross-Site Request Forgery (CSRF)
Exploit Title: FatPipe Networks WARP/IPVPN/MPVPN 10.2.2 - 'Add Admin' Cross-Site Request Forgery CSRF Date: 25.07.2021 Exploit Author: LiquidWorm Vendor Homepage: https://www.fatpipeinc.com !-- FatPipe Networks WARP/IPVPN/MPVPN 10.2.2 CSRF Add Admin Exploit Vendor: FatPipe Networks Inc. Product w...
Seowon 130-SLC router - 'queriesCnt' Remote Code Execution (Unauthenticated)
Exploit Title: Seowon 130-SLC router - 'queriesCnt' Remote Code Execution Unauthenticated Date: 2021-09-15 Exploit Author: Aryan Chehreghani Vendor Homepage: http://www.seowonintech.co.kr Software Link: http://www.seowonintech.co.kr/en/product/detail.asp?num=150&bigkindB05&middlekindB0529 Version...
Accela Civic Platform 21.1 - 'contactSeqNumber' Insecure Direct Object References (IDOR)
Exploit Title: Accela Civic Platform 21.1 - 'contactSeqNumber' Insecure Direct Object References IDOR Software Link: https://www.accela.com/civic-platform/ Version: = 21.1 Author: Abdulazeez Alaseeri Tested on: JBoss server/windows Type: Web App Date: 07/06/2021 CVE: CVE-2021-34369...
b2evolution 7-2-2 - 'cf_name' SQL Injection
Exploit Title: b2evolution 7-2-2 - 'cfname' SQL Injection Author: @nu11secur1ty Testing and Debugging: @nu11secur1ty Date: 05.06.2021 Vendor: https://b2evolution.net/ Link: https://b2evolution.net/downloads/7-2-2 CVE: CVE-2021-28242 Proof: https://streamable.com/x51kso + Exploit Source:...
KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 - Remote Code Execution
Exploit Title: KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 - Remote Code Execution Date: 03.02.2021 Exploit Author: LiquidWorm Vendor Homepage: http://www.kzbtech.com http://www.jatontec.com https://www.neotel.mk Vendor: KZ Broadband Technologies, Ltd. | Jaton Technology, Ltd. Product web pag...
Roundcube Webmail 1.2 - File Disclosure
Exploit Title: Roundcube Webmail 1.2 - File Disclosure Date: 09-11-2017 Exploit Author: stonepresto Vendor Homepage: https://roundcube.net/ Software Link: https://sourceforge.net/projects/roundcubemail/files/roundcubemail-beta/1.2-beta/ Version: 1.1.0 - 1.1.9, 1.2.0 - 1.2.6, 1.3.0 - 1.3.2 Tested...
Life Insurance Management System 1.0 - 'client_id' SQL Injection
Exploit Title: Life Insurance Management System 1.0 - 'clientid' SQL Injection Date: 15/1/2021 Exploit Author: Aitor Herrero Vendor Homepage: https://www.sourcecodester.com Software Link: https://www.sourcecodester.com/php/14665/life-insurance-management-system-php-full-source-code.html Version:...
Flatpress Add Blog 1.0.3 - Persistent Cross-Site Scripting
Exploit Title: Flatpress Add Blog 1.0.3 - Persistent Cross-Site Scripting Date: 2020-09-19 Exploit Author: Alperen Ergel Vendor Homepage: https://www.flatpress.org/ Software Link: https://github.com/evacchi/flatpress/releases/tag/v1.0.3 Version: 1.0.3 Tested on: windows 10 / xampp CVE :...
QiHang Media Web Digital Signage 3.0.9 - Cleartext Credential Disclosure
Exploit Title: QiHang Media Web Digital Signage 3.0.9 - Cleartext Credential Disclosure Date: 2020-08-12 Exploit Author: LiquidWorm Vendor Homepage: http://www.howfor.com Tested on: Microsoft Windows Server 2012 R2 Datacenter CVE : N/A QiHang Media Web QH.aspx Digital Signage 3.0.9 Cleartext...