47904 matches found
Netgear WNAP320 2.0.3 - 'macAddress' Remote Code Execution (RCE) (Unauthenticated)
Exploit Title: Netgear WNAP320 2.0.3 - 'macAddress' Remote Code Execution RCE Unauthenticated Vulnerability: Remote Command Execution on /boardDataWW.php macAddress parameter Notes: The RCE doesn't need to be authenticated Date: 26/06/2021 Exploit Author: Bryan Leong IoT Device: Netgear WNAP320...
OpenEMR 5.0.1 - Remote Code Execution (Authenticated) (2)
Title: OpenEMR 5.0.1 - Remote Code Execution Authenticated 2 Exploit Author: Alexandre ZANNI Date: 2020-07-16 Vendor Homepage: https://www.open-emr.org/ Software Link: https://github.com/openemr/openemr/archive/v5013.tar.gz Dockerfile:...
kic 2.4a - Denial of Service
Exploit Title: Ciftokic 2.4a - DoS Buffer Overflow Date: September 30, 2019 Exploit Author: @JosueEncinar Software Link: http://launchpad.net/ubuntu/+source/kic/2.4a-1 Version: 2.4a Tested on: Ubuntu 18.04 ''' If we check the ciftokic.c file on line 52 we see the following code: char CIFFile81,...
Chamillo LMS 1.11.8 - Arbitrary File Upload
Exploit Title: Chamillo LMS 1.11.8 - Arbitrary File Upload Google Dork: "powered by chamilo" Date: 2018-10-05 Exploit Author: Sohel Yousef jellyfish security team Software Link: https://chamilo.org/en/download/ Version: Chamilo 1.11.8 or lower to 1.8 Category: webapps 1. Description Any registere...
ABRT - sosreport Privilege Escalation (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'ABRT sosreport Privilege Escalation', 'Description' = %q This module attempts to gain root privileges on RHEL systems with a vulnerable version o...
Adobe Acrobat Reader DC for Windows - Heap-Based Memory Corruption due to Malformed TTF Font
We have observed the following access violation exception in the latest version of Adobe Acrobat Reader DC for Windows, when opening a malformed PDF file: --- cut --- 4c84.1e3c: Access violation - code c0000005 first chance First chance exceptions are reported before any exception handling. This...
macOS / iOS JavaScriptCore - JSValue Use-After-Free in ValueProfiles
While fuzzing JSC, I encountered the following JS program which crashes JSC from current HEAD and release /System/Library/Frameworks/JavaScriptCore.framework/Resources/jsc: // Run with --useConcurrentJIT=false --thresholdForJITAfterWarmUp=10 function fullGC for var i = 0; i 10; i++ new...
Shopware - createInstanceFromNamedArguments PHP Object Instantiation Remote Code Execution (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "Shopware createInstanceFromNamedArguments PHP Object Instantiation RCE", 'Description' = %q This module exploits a php object instantiation...
Ivanti Endpoint Manager Mobile 12.5.0.0 - Authentication Bypass
!/usr/bin/env python3 Exploit Title: Ivanti Endpoint Manager Mobile 12.5.0.0 - Authentication Bypass Google Dork: inurl:/mifs "Ivanti" OR "EPM" OR "Endpoint Manager" Date: 2025-01-21 Exploit Author: Your Name https://github.com/your-username Vendor Homepage: https://www.ivanti.com/ Software Link:...
code-projects Online Exam Mastering System 1.0 - Reflected Cross-Site Scripting (XSS)
Exploit Title: code-projects Online Exam Mastering System 1.0 - Reflected Cross-Site Scripting XSS Google Dork: inurl:/exam/feedback.php Date: 2025-04-19 Exploit Author: Pruthu Raut Vendor Homepage: https://code-projects.org/ Software Link:...
Hugging Face Transformers MobileViTV2 4.41.1 - Remote Code Execution (RCE)
Exploit Title: Hugging Face Transformers MobileViTV2 RCE Date: 29-11-2024 Exploit Author: The Kernel Panic Vendor Homepage: https://huggingface.co/ Software Link: https://github.com/huggingface/transformers/releases Version: 4.41.1 Tested on: Linux, Windows, Mac CVE : CVE-2024-11392 Code flow fro...
Xhibiter NFT Marketplace 1.10.2 - SQL Injection
Exploit Title: xhibiter nft marketplace SQLI Google Dork: intitle:"View - Browse, create, buy, sell, and auction NFTs" Date: 29/06/204 Exploit Author: Sohel yousef - https://www.linkedin.com/in/sohel-yousef-50a905189/ Vendor Homepage:...
WordPress Plugin Blue Admin 21.06.01 - Cross-Site Request Forgery (CSRF)
Exploit Title: WordPress Plugin Blue Admin 21.06.01 - Cross-Site Request Forgery CSRF Date: 2021-07-27 Exploit Author : WordPress Plugin Blue Admin 21.06.01 - Cross-Site Request Forgery CSRF Vendor Homepage : https://wpscan.com/plugin/blue-admi Version : alert/XSS/' /...
Connectify Hotspot 2018 'ConnectifyService' - Unquoted Service Path
Exploit Title: Connectify Hotspot 2018 'ConnectifyService' - Unquoted Service Path Exploit Author : SamAlucard Exploit Date: 2022-02-17 Vendor : Connectify Inc Version : Connectify Hotspot 2018 Vendor Homepage : https://www.connectify.me/ Tested on OS: Windows 7 Pro Analyze PoC : ==============...
Network Video Recorder NVR304-16EP - Reflected Cross-Site Scripting (XSS) (Unauthenticated)
Exploit Title: Network Video Recorder NVR304-16EP - Reflected Cross-Site Scripting XSS Unauthenticated Author: Luis Martinez Discovery Date: 2022-02-13 Vendor Homepage: https://www.uniview.com/Products/NVR/Easy/NVR304-S-P/Product%20features Datasheet of NVR304-S-P:...
FatPipe Networks WARP/IPVPN/MPVPN 10.2.2 - Remote Privilege Escalation
Exploit Title: FatPipe Networks MPVPN 10.2.2 - Remote Privilege Escalation Date: 25.07.2021 Exploit Author: LiquidWorm Vendor Homepage: https://www.fatpipeinc.com !/usr/bin/env python3 FatPipe Networks WARP/IPVPN/MPVPN 10.2.2 Remote Privilege Escalation Vendor: FatPipe Networks Inc. Product web...
In4Suit ERP 3.2.74.1370 - 'txtLoginId' SQL injection
Exploit Title: In4Suit ERP 3.2.74.1370 - 'txtLoginId' SQL injection Date: 18/05/2021 Exploit Author: Gulab Mondal Vendor Homepage: https://www.in4velocity.com/in4suite-erp.html Version: In4Suite ERP 3.2.74.1370 Tested on: Windows CVE: CVE-2021-27828 ----------------------------------------- SQL...
SOYAL 701 Client 9.0.1 - Insecure Permissions
Exploit Title: SOYAL 701 Client 9.0.1 - Insecure Permissions Date: 25.01.2021 Exploit Author: LiquidWorm Vendor Homepage: https://www.soyal.com.tw https://www.soyal.com Vendor: SOYAL Technology Co., Ltd Product web page: https://www.soyal.com.tw | https://www.soyal.com Affected version: 9.0.1...
Sentrifugo Version 3.2 - 'announcements' Remote Code Execution (Authenticated)
Exploit Title: Sentrifugo Version 3.2 - 'announcements' Remote Code Execution Authenticated Google Dork: N/A Date: 2020.10.06 Exploit Author: Fatih Çelik Vendor Homepage: https://sourceforge.net/projects/sentrifugo/ Software Link: https://sourceforge.net/projects/sentrifugo/ Blog:...
Sickbeard 0.1 - Cross-Site Request Forgery (Disable Authentication)
Exploit Title: Sickbeard 0.1 - Cross-Site Request Forgery Disable Authentication Google Dork: https://www.shodan.io/search?query=sickbeard Date: 2020-06-06 Exploit Author: bdrake Vendor Homepage: https://sickbeard.com/ Software Link: https://github.com/midgetspy/Sick-Beard Version: alpha master -...
elaniin CMS - Authentication Bypass
Exploit Title: elaniin CMS 1.0 - Authentication Bypass Google Dork: N/A Date: 2020-07-14 Exploit Author: BKpatron Vendor Homepage:https://elaniin.com/ Software Link:https://github.com/elaniin/CMS/archive/master.zip Version: v1.0 Tested on: Win 10 CVE: N/A Vulnerability: Attacker can bypass login...
php-fusion 9.03.50 - 'ctype' SQL Injection
Exploit Title: php-fusion 9.03.50 - 'ctype' SQL Injection Exploit Author: SunCSR Sun Cyber Security Research - ThienNV Date: 2020-05-19 Vendor Homepage: https://www.php-fusion.co.uk/ Software Link: https://www.php-fusion.co.uk/phpfusion9downloads.php Version: 9.03.50 Tested On: Windows 10 + XAMPP...
Google Chrome 80.0.3987.87 - Heap-Corruption Remote Denial of Service (PoC)
Exploit Title: Google Chrome 80.0.3987.87 - Heap-Corruption Remote Denial of Service PoC Google Dork: N/A Date: 2020-02-21 Exploit Author: Cem Onat Karagun of Diesec GmBH Vendor Homepage: https://www.google.com/ Version: Google Chrome 80.0.3987.87 Tested on: Windows x64 / Linux Debian x64 / MacOS...
WEMS BEMS 21.3.1 - Undocumented Backdoor Account
Exploit: WEMS BEMS 21.3.1 - Undocumented Backdoor Account Date: 2019-12-30 Author: LiquidWorm Vendor: WEMS Limited Product web page: https://www.wems.co.uk Advisory ID: ZSL-2019-5552 Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5552.php WEMS BEMS 21.3.1 Undocumented Backdo...
html5_snmp 1.11 - 'Remark' Persistent Cross-Site Scripting
Exploit Title: html5snmp 1.11 - 'Remark' Persistent Cross-Site Scripting Date: 2019-11-01 Exploit Author: Cakes Vendor Homepage: https://github.com/lolypop55/html5snmp Software Link: https://github.com/lolypop55/html5snmp.git Version: 1.11 Tested on: CentOS 7 CVE: N/A PoC POST...
HPE Intelligent Management Center < 7.3 E0506P09 - Information Disclosure
!/opt/local/bin/python2.7 Exploit Title: HPE Intelligent Management Center dbman Command 10001 Information Disclosure Date: 22-09-2019 Exploit Author: Rishabh Sharma Linkedin: rishabh2241991 Vendor Homepage: www.hpe.com Software Link:...
Rifatron Intelligent Digital Security System - 'animate.cgi' Stream Disclosure
!/bin/bash Rifatron Intelligent Digital Security System animate.cgi Stream Disclosure Vendor: Rifatron Co., Ltd. | SAM MYUNG Co., Ltd. Product web page: http://www.rifatron.com Affected version: 5brid DVR HD6-532/516, DX6-516/508/504, MX6-516/508/504, EH6-504 7brid DVR HD3-16V2, DX3-16V2/08V2/04V...
Qualcomm Android - Kernel Use-After-Free via Incorrect set_page_dirty() in KGSL
The following issue exists in the android-msm-wahoo-4.4-pie branch of https://android.googlesource.com/kernel/msm and possibly others: When kgslmementrydestroy in drivers/gpu/msm/kgsl.c is called for a writable entry with memtype KGSLMEMENTRYUSER, it attempts to mark the entry's pages as dirty...
Cisco RV320 and RV325 - Unauthenticated Remote Code Execution (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "Cisco RV320 and RV325 Unauthenticated Remote Code Execution", 'Description' = %q This exploit module combines an information disclosure...
GreenCMS 2.x - Arbitrary File Download
Exploit Title: Green CMS 2.x - Arbitrary File & Directory Download Dork: N/A Date: 2019-01-25 Exploit Author: Ihsan Sencan Vendor Homepage: http://www.greencms.net/ Software Link: https://codeload.github.com/GreenCMS/GreenCMS/zip/beta Version: 2.x Category: Webapps Tested on: WiN7x64/KaLiLinuXx64...
Trivum Multiroom Setup Tool 8.76 - Corss-Site Request Forgery (Admin Bypass)
Exploit Title: Trivum Multiroom Setup Tool 8.76 - Corss-Site Request Forgery Admin Bypass Date: 2018-07-25 Software Link: https://world.trivum-shop.de https://world.trivum-shop.de/ Version: 9.34 build 13381 - 12.07.18 Category: hardware, webapps Tested on: V8.76 - SNR 8604.26 - C4 Professional...
Squirrelmail 1.4.x - 'Redirect.php' Local File Inclusion
source: https://www.securityfocus.com/bid/18231/info SquirrelMail is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. A successful exploit may allow unauthorized users to view files and to execute local scripts; other attacks are also possible...
OpenPanel 0.3.4 - OS Command Injection
Exploit Title: OpenPanel 0.3.4 - OS Command Injection Date: Nov 25, 2024 Exploit Author: Korn Chaisuwan, Punthat Siriwan, Pongtorn Angsuchotmetee Vendor Homepage: https://openpanel.com/ Software Link: https://openpanel.com/ Version: 0.3.4 Tested on: macOS CVE : CVE-2024-53584 POST /server/timezon...
GestioIP 3.5.7 - Cross-Site Request Forgery (CSRF)
Exploit Title: GestioIP 3.5.7 - GestioIP Vulnerability: Auth. Cross-Site Request Forgery CSRF Exploit Author: m4xth0r Maximiliano Belino Author website: https://maxibelino.github.io/ Author email : max.cybersecurity at belino.com GitHub disclosure link:...
ChurchCRM v4.5.4 - Reflected XSS via Image (Authenticated)
Exploit Title: ChurchCRM v4.5.4 - Reflected XSS via Image Authenticated Date: 2023-04-17 Exploit Author: Rahad Chowdhury Vendor Homepage: http://churchcrm.io/ Software Link: https://github.com/ChurchCRM/CRM/releases/tag/4.5.4 Version: 4.5.4 Tested on: Windows 10, PHP 7.4.29, Apache 2.4.53 CVE:...
SugarCRM 12.2.0 - Remote Code Execution (RCE)
!/usr/bin/env python Exploit Title: SugarCRM 12.2.0 - Remote Code Execution RCE Exploit Author: sw33t.0day Vendor Homepage: https://www.sugarcrm.com Version: all commercial versions up to 12.2.0 Dorks: https://www.google.com/search?q=site:sugarondemand.com&filter=0...
GitLab 14.9 - Stored Cross-Site Scripting (XSS)
Exploit Title: Gitlab Stored XSS Date: 12/04/2022 Exploit Authors: Greenwolf Vendor Homepage: https://about.gitlab.com/ Software Link: https://about.gitlab.com/install Version: GitLab CE/EE versions 14.4 before 14.7.7, all versions starting from 14.8 before 14.8.5, all versions starting from 14.9...
TermTalk Server 3.24.0.2 - Arbitrary File Read (Unauthenticated)
Exploit Title: TermTalk Server 3.24.0.2 - Arbitrary File Read Unauthenticated Date: 03/01/2022 Exploit Author: Fabiano Golluscio @ Swascan Vendor Homepage: https://www.solari.it/it/ Software Link: https://www.solari.it/it/solutions/other-solutions/access-control/ Version: 3.24.0.2 Fixed Version:...
KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 - Hard coded Credentials Shell Access
Exploit Title: KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 - Hard coded Credentials Shell Access Date: 03.02.2021 Exploit Author: LiquidWorm Vendor Homepage: http://www.kzbtech.com http://www.jatontec.com https://www.neotel.mk Vendor: KZ Broadband Technologies, Ltd. | Jaton Technology, Ltd...
MyBB Hide Thread Content Plugin 1.0 - Information Disclosure
Exploit Title: MyBB Hide Thread Content Plugin 1.0 - Information Disclosure Date: 1/27/2021 Author: 0xB9 Twitter: @0xB9Sec Contact: 0xB9atpm.me Software Link: https://community.mybb.com/mods.php?action=view&pid=1430 Version: 1.0 Tested on: Windows 10 CVE: CVE-2021-3337 1. Description: This plugin...
ECSIMAGING PACS 6.21.5 - Remote code execution
Exploit Title: ECSIMAGING PACS 6.21.5 - Remote code execution Date: 06/01/2021 Exploit Author: shoxxdj Vendor Homepage: https://www.medicalexpo.fr/ Version: 6.21.5 and bellow tested on 6.21.5,6.21.3 Tested on: Linux ECSIMAGING PACS Application in 6.21.5 and bellow suffers from a OS Injection...
webTareas 2.0.p8 - Arbitrary File Deletion
Exploit Title: webTareas 2.0.p8 - Arbitrary File Deletion Date: 2020-05-02 Author: Besim ALTINOK Vendor Homepage: https://sourceforge.net/projects/webtareas/files/ Software Link: https://sourceforge.net/projects/webtareas/files/ Version: v2.0.p8 Tested on: Xampp Credit: İsmail BOZKURT Description...
iOS/macOS - Out-of-Bounds Timestamp Write in IOAccelCommandQueue2::processSegmentKernelCommand()
While investigating possible shared memory issues in AGXCommandQueue::processSegmentKernelCommand, I noticed that the size checks used to parse the IOAccelKernelCommand in IOAccelCommandQueue2::processSegmentKernelCommand are incorrect. The IOAccelKernelCommand contains an 8-byte header consistin...
Remote Desktop Gateway - 'BlueGate' Denial of Service (PoC)
include "BlueGate.h" / EDB Note: - Download Binary https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/47964-1.exe - Download Source https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/47964-2.zip / void errorconst char msg printf"ERROR:...
AVS Audio Converter 9.1.2.600 - Stack Overflow (PoC)
Exploit Title: AVS Audio Converter 9.1.2.600 - Stack Overflow PoC Date: December 2019-12-28 Exploit Author: boku Original DoS: https://www.exploit-db.com/exploits/47788 Original DoS Author: ZwX Software Vendor: http://www.avs4you.com/ Software Link: http://www.avs4you.com/avs-audio-converter.aspx...
Microsoft DirectWrite / AFDKO - Stack-Based Buffer Overflow in do_set_weight_vector_cube for Large nAxes
-----===== Background =====----- AFDKO Adobe Font Development Kit for OpenType is a set of tools for examining, modifying and building fonts. The core part of this toolset is a font handling library written in C, which provides interfaces for reading and writing Type 1, OpenType, TrueType to some...
Joomla! Component J-BusinessDirectory 4.9.7 - 'type' SQL Injection
Exploit Title: Joomla! Component J-BusinessDirectory 4.9.7 - SQL Injection Dork: N/A Date: 2019-01-23 Exploit Author: Ihsan Sencan Vendor Homepage: http://cmsjunkie.com/ Software Link: https://extensions.joomla.org/extensions/extension/directory-a-documentation/directory/j-businessdirectory/...
SquirrelMail < 1.4.22 - Remote Code Execution
!/bin/bash int='\03394m / / / / / / / / / / / / / / / / / / // / / / /// / / / / // / // / // / / / / // / // , / / / ///, /,// // //,///||// // // SquirrelMail = 1.4.23 Remote Code Execution PoC Exploit CVE-2017-7692 SquirrelMailRCEexploit.sh ver. 1.1 Discovered and coded by Dawid Golunski...
Netgear Routers - Password Disclosure
Trustwave SpiderLabs Security Advisory TWSL2017-003: Multiple Vulnerabilities in NETGEAR Routers Published: 01/30/2017 Version: 1.0 Vendor: NETGEAR http://www.netgear.com/ Product: Multiple products Finding 1: Remote and Local Password Disclosure Credit: Simon Kenin of Trustwave SpiderLabs CVE:...
Linux Kernel (x86) - Disable ASLR by Setting the RLIMIT_STACK Resource to Unlimited
Source: http://hmarco.org/bugs/CVE-2016-3672-Unlimiting-the-stack-not-longer-disables-ASLR.html CVE-2016-3672 - Unlimiting the stack not longer disables ASLR Authors: Hector Marco & Ismael Ripoll CVE: CVE-2016-3672 Dates: April 2016 Description We have fixed an old and very known weakness in the...