47904 matches found
vsftpd 2.3.4 - Backdoor Command Execution (Metasploit)
$Id: vsftpd234backdoor.rb 13099 2011-07-05 05:20:47Z hdm $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...
myPHPCalendar 10192000b - 'cal_dir' Remote File Inclusion
script name : myPHPCalendar Script Downloads : http://freshmeat.net/projects/myphpcalendar/ Web Site : http://myphpcalendar.sourceforge.net/ Version : 10.1 Risk : High Found By : Cr@zyKing Thanks : | eTNR | ApAci | Eno7 | TheHacker | Kormali46 | TheBekir | Metallicali | Liz0zim | ERNE | SwatHack ...
Matt Wright Guestbook 2.3.1 - Guestbook.pl Multiple HTML Injection Vulnerabilities
source: https://www.securityfocus.com/bid/17438/info Guestbook is prone to multiple HTML-injection vulnerabilities; the application fails to properly sanitize user-supplied input before using it in dynamically generated content. Attacker-supplied HTML and script code would be executed in the...
mailcow 2025-01a - Host Header Password Reset Poisoning
Exploit Title: mailcow 2025-01a - Host Header Password Reset Poisoning Date: 2025-10-21 Exploit Author: Iam Alvarez AKA Groppoxx / Maizeravla Vendor Homepage: https://mailcow.email Software Link: https://github.com/mailcow/mailcow-dockerized Version: 2025-01a REQUIRED Tested on: Ubuntu 22.04.5 LT...
WordPress Quiz Maker 6.7.0.56 - SQL Injection
Exploit Title: WordPress Quiz Maker 6.7.0.56 - SQL Injection Date: 2025-12-16 Exploit Author: Rahul Sreenivasan Tr0j4n Vendor Homepage: https://ays-pro.com/wordpress/quiz-maker Software Link: https://wordpress.org/plugins/quiz-maker/ Version: = 6.7.0.56 Tested on: WordPress 6.x with Quiz Maker...
Plane 0.23.1 - Server side request forgery (SSRF)
Exploit Title: Plane - Server side request forgery SSRF Date: 2024-01-13 Exploit Author: Saud Alenazi Vendor Homepage: https://plane.so Software Link: https://github.com/makeplane/plane/releases/tag/v0.23.1 Version: v0.23.1 Tested: Windows 10 x64 Description: A Server-Side Request Forgery SSRF...
GetSimpleCMS 3.3.16 - Remote Code Execution (RCE)
Exploit Title: GetSimpleCMS 3.3.16 - Remote Code Execution RCE Date: 2024-10-26 Exploit Author: CodeSecLab Vendor Homepage: https://github.com/GetSimpleCMS/GetSimpleCMS Software Link: https://github.com/GetSimpleCMS/GetSimpleCMS Version: 3.3.16 Tested on: Ubuntu Windows CVE : CVE-2021-28976 PoC-1...
Litespeed Cache 6.5.0.1 - Authentication Bypass
Exploit Title: Litespeed Cache 6.5.0.1 - Authentication Bypass Google Dork: if applicable Date: reported on 17 September 2024 Exploit Author: Gnzls Vendor Homepage: https://www.litespeedtech.com/ Software Link: https://github.com/gbrsh/CVE-2024-44000?tab=readme-ov-file Version: 6.5.0.1 Tested on:...
WPanel 4.3.1 - Remote Code Execution (RCE) (Authenticated)
Exploit Title: WPanel 4.3.1 - Remote Code Execution RCE Authenticated Date: 07/06/2021 Exploit Author: Sentinal920 Vendor Homepage: https://github.com/wpanel Software Link: https://github.com/wpanel/wpanel4-cms Version: 4.3.1 Tested on: Linux import requests import random,string Change This url =...
COMMAX CVD-Axx DVR 5.1.4 - Weak Default Credentials Stream Disclosure
Exploit Title: COMMAX CVD-Axx DVR 5.1.4 - Weak Default Credentials Stream Disclosure Date: 02.08.2021 Exploit Author: LiquidWorm Vendor Homepage: https://www.commax.com COMMAX CVD-Axx DVR 5.1.4 Weak Default Credentials Stream Disclosure Vendor: COMMAX Co., Ltd. Prodcut web page:...
Stock Management System 1.0 - Authentication Bypass
Exploit Title: Stock Management System 1.0 - Authentication Bypass Exploit Author: Adeeb Shah @hyd3sec Date: August 1, 2020 Vendor Homepage: https://www.sourcecodester.com/ Software Link: https://www.sourcecodester.com/php/14366/stock-management-system-php.html Version: 1.0 Tested On: Windows 10...
GOautodial 4.0 - Persistent Cross-Site Scripting (Authenticated)
Exploit Title: GOautodial 4.0 - Persistent Cross-Site Scripting Authenticated Author: Balzabu Discovery Date: 2020-07-23 Vendor Homepage: https://goautodial.org/ Software Link: https://goautodial.org/GOautodial-4-x8664-Final-20191010-0150.iso.html Tested Version: 4.0 Last relase as of today Teste...
Exhibitor Web UI 1.7.1 - Remote Code Execution
Exploit Title: Exhibitor Web UI 1.7.1 - Remote Code Execution Date: 2019-11-13 Exploit Author: Logan Sanderson Web Site: https://github.com/soabase/exhibitor/wiki/Running-Exhibitor Version : 1.7.1 CVE : CVE-2019-5029 Exhibitor UI command injection vulnerability November 13, 2019 CVE Number...
IBM TM1 / Planning Analytics - Unauthenticated Remote Code Execution (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'openssl' class MetasploitModule "IBM TM1 / Planning Analytics Unauthenticated Remote Code Execution", 'Description' = %q This module exploits a vulnerability in...
FIBARO System Home Center 5.021 - Remote File Include
Exploit Title: FIBARO System Home Center 5.021 - Remote File Include Date: 2020-03-22 Author: LiquidWorm Vendor: https://www.fibaro.com CVE: N/A Vendor: FIBAR GROUP S.A. Product web page: https://www.fibaro.com Affected version: Home Center 3, Home Center 2, Home Center Lite 5.021.38 4.580 4.570...
PlaySMS 1.4.3 - Template Injection / Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'PlaySMS 1.4.3 Pre Auth Template Injection Remote Code Execution', 'Description' = %q This module exploits a Preauth Server-Side Template Injectio...
AUO SunVeillance Monitoring System 1.1.9e - Incorrect Access Control
Exploit Title: AUO SunVeillance Monitoring System 1.1.9e - Incorrect Access Control Date: 2019-10-24 Exploit Author: Luca.Chiou Vendor Homepage: https://www.auo.com/zh-TW Version: AUO SunVeillance Monitoring System all versions prior to v1.1.9e Tested on: It is a proprietary devices:...
Gila CMS < 1.11.1 - Local File Inclusion
Exploit Title: Authenticated Local File InclusionLFI in GilaCMS Google Dork: N/A Date: 04-08-2019 Exploit Author: Sainadh Jamalpur Vendor Homepage: https://github.com/GilaCMS/gila Software Link: https://github.com/GilaCMS/gila Version: 1.10.9 Tested on: XAMPP version 3.2.2 in Windows 10 64bit, CV...
macOS / iOS NSKeyedUnarchiver - Use-After-Free of ObjC Objects when Unarchiving OITSUIntDictionary Instances
When deserializing NSObjects with the NSArchiver API 1, one can supply a whitelist of classes that are allowed to be unarchived. In that case, any object in the archive whose class is not whitelisted will not be deserialized. Doing so will also cause the NSKeyedUnarchiver to "requireSecureCoding"...
systemd - Lack of Seat Verification in PAM Module Permits Spoofing Active Session to polkit
As documented at , for any action, a polkit policy can specify separate levels of required authentication based on whether a client is: - in an active session on a local console - in an inactive session on a local console - or neither This is expressed in the policy using the elements "allowany",...
The Matt Wright Guestbook.pl - Arbitrary Command Execution (Metasploit)
$Id: guestbookssiexec.rb 9671 2010-07-03 06:21:31Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...
PHPX 3.5.16 - 'news_id' SQL Injection
action = $GET'action'; 12. $this-newsid = $GET'newsid'; 13. 14. global $userinfo; 15. global $core; 16. 17. $this-core = $core; 18. 19. $this-userinfo = $userinfo; 20. 21. 22. 23. 24. if !$this-userinfo DIE"HACK ATTEMPT"; 25. if $this-userinfonews != 1 DIE"NO ACCESS TO THIS MODULE"; 26. 27...
Eudora Qualcomm WorldMail 3.0 - 'IMAPd' Remote Overflow
!/usr/bin/python PRE AUTHENTICATION Eudora Qualcomm WorldMail 3.0 IMAPd Service 6.1.19.0 Overflow. Discovered by Tim Shelton - [email protected] Coded by [email protected] Details: SEH gets overwritten at 970 bytes in the LIST command. No space for shellcode, so 1st stage...
PHPOpenChat 2.3.4/3.0.1 - 'poc.php' Remote File Inclusion
source: https://www.securityfocus.com/bid/12817/info PHPOpenChat is prone to multiple remote file-include vulnerabilities. An attacker may leverage these issues to execute arbitrary server-side script code on an affected computer with the privileges of the webserver process. This may facilitate...
ABB Cylon Aspect 3.08.02 (webServerUpdate.php) - Input Validation Config Poisoning
ABB Cylon Aspect 3.08.02 webServerUpdate.php Input Validation Config Poisoning Vendor: ABB Ltd. Product web page: https://www.global.abb Affected version: NEXUS Series, MATRIX-2 Series, ASPECT-Enterprise, ASPECT-Studio Firmware: =3.08.02 Summary: ASPECT is an award-winning scalable building energ...
CMU CERT/CC VINCE 2.0.6 - Stored XSS
Exploit Tile: CMU CERT/CC VINCE 2.0.6 - Stored XSS Vendor: Carnegie Mellon University Product web page: https://www.kb.cert.org/vince/ Affected version: -H "Cookie: sessionid=xxxx" \ -d 'content="ZSL%0A%0A&csrfmiddlewaretoken=xxx&paginateby=10&replyto=xxxxx'...
Ricoh Printer - Directory and File Exposure
Exploit Title: Ricoh Printer Directory and File Exposure Date: 9/15/2023 Exploit Author: Thomas Heverin Heverin Hacker Vendor Homepage: https://www.ricoh.com/products/printers-and-copiers Software Link: https://replit.com/@HeverinHacker/Ricoh-Printer-Directory-and-File-Findermain.py Version: Rico...
Simple Online College Entrance Exam System 1.0 - SQLi Authentication Bypass
Exploit Title: Simple Online College Entrance Exam System 1.0 - SQLi Authentication Bypass Date: 07.10.2021 Exploit Author: Mevlüt Yılmaz Vendor Homepage: https://www.sourcecodester.com/php/14976/simple-online-college-entrance-exam-system-php-and-sqlite-free-source-code.html Software Link:...
FatPipe Networks WARP 10.2.2 - Authorization Bypass
Exploit Title: FatPipe Networks WARP 10.2.2 - Authorization Bypass Date: 25.07.2021 Exploit Author: LiquidWorm Vendor Homepage: https://www.fatpipeinc.com FatPipe Networks WARP 10.2.2 Authorization Bypass Vendor: FatPipe Networks Inc. Product web page: https://www.fatpipeinc.com Affected version:...
OpenSIS Community 8.0 - 'cp_id_miss_attn' SQL Injection
Exploit Title: OpenSIS Community 8.0 - 'cpidmissattn' SQL Injection Date: 09/01/2021 Exploit Author: Eric Salario Vendor Homepage: http://www.os4ed.com/ Software Link: https://opensis.com/download Version: 8.0 Tested on: Windows, Linux A SQL injection vulnerability exists in the Take Attendance...
WordPress Plugin Anti-Malware Security and Bruteforce Firewall 4.20.59 - Directory Traversal
Exploit Title: WordPress Plugin Anti-Malware Security and Bruteforce Firewall 4.20.59 - Directory Traversal Date: 05.07.2021 Exploit Author: TheSmuggler Vendor Homepage: https://gotmls.net/ Software Link: https://gotmls.net/downloads/ Version: = 4.20.72 Tested on: Windows import requests...
WordPress Plugin WP Prayer version 1.6.1 - 'prayer_messages' Stored Cross-Site Scripting (XSS) (Authenticated)
Exploit Title: WordPress Plugin WP Prayer version 1.6.1 - 'prayermessages' Stored Cross-Site Scripting XSS Authenticated Date: 2021-05-31 Exploit Author: Bastijn Ouwendijk Vendor Homepage: http://goprayer.com/ Software Link: https://wordpress.org/plugins/wp-prayer/ Version: 1.6.1 and earlier Test...
E-Learning System 1.0 - Authentication Bypass
Exploit Title: E-Learning System 1.0 - Authentication Bypass & RCE Exploit Author: Himanshu Shukla & Saurav Shukla Date: 2021-01-15 Vendor Homepage: https://www.sourcecodester.com/php/12808/e-learning-system-using-phpmysqli.html Software Link:...
Advanced Webhost Billing System 3.7.0 - Cross-Site Request Forgery (CSRF)
Exploit Title: Advanced Webhost Billing System 3.7.0 - Cross-Site Request Forgery CSRF Date: 06/01/2021 Exploit Author: Rahul Ramakant Singh Vendor Homepage: https://www.awbs.com/ Version: 3.7.0 Tested on Windows Steps: 1. Login into the application with the help of email and password. 2. Navigat...
Library Management System 3.0 - "Add Category" Stored XSS
Exploit Title: Library Management System 3.0 - "Add Category" Stored XSS Exploit Author: Kislay Kumar Date: 2020-12-22 Google Dork: N/A Vendor Homepage: https://otsglobal.org/ Software Link: https://codecanyon.net/item/library-management-system-22/16965307 Affected Version: 3.0 Patched Version:...
Multi Branch School Management System 3.5 - "Create Branch" Stored XSS
Exploit Title: Multi Branch School Management System 3.5 - "Create Branch" Stored XSS Exploit Author: Kislay Kumar Date: 2020-12-21 Google Dork: N/A Vendor Homepage: https://www.ramomcoder.com/ Software Link: https://codecanyon.net/item/ramom-multi-branch-school-management-system/25182324 Affecte...
BSA Radar 1.6.7234.24750 - Cross-Site Request Forgery (Change Password)
Exploit title: BSA Radar 1.6.7234.24750 - Cross-Site Request Forgery Change Password Exploit Author: William Summerhill Date: 2020-06-22 Vendor Homepage:bhttps://www.globalradar.com/ Version: BSA Radar - Version 1.6.7234.24750 and lower CVE: CVE-2020-14944 Description: The Global RADAR BSA Radar...
Clinic Management System 1.0 - Authentication Bypass
Exploit Title: Clinic Management System 1.0 - Authentication Bypass Google Dork: N/A Date: 2020-06-02 Exploit Author: BKpatron Vendor Homepage: https://www.sourcecodester.com/php/14243/open-source-clinic-management-system-php-full-source-code.html Software Link:...
Pisay Online E-Learning System 1.0 - Remote Code Execution
Exploit Title: Pisay Online E-Learning System 1.0 - Remote Code Execution Exploit Author: Bobby Cooke Date: 2020-05-05 Vendor Homepage: https://www.sourcecodester.com/php/14192/pisay-online-e-learning-system-using-phpmysql.html Software Link:...
eMerge E3 Access Controller 4.6.07 - Remote Code Execution (Metasploit)
Exploit Title: eMerge E3 Access Controller 4.6.07 - Remote Code Execution Metasploit Google Dork: NA Date: 2018-11-11 Exploit Author: LiquidWorm Vendor Homepage: http://linear-solutions.com/nscfamily/e3-series/ Software Link: http://linear-solutions.com/nscfamily/e3-series/ Version: 4.6.07 Tested...
Joomla! Component J-ClassifiedsManager 3.0.5 - SQL Injection
Exploit Title: Joomla! Component J-ClassifiedsManager 3.0.5 - SQL Injection Dork: N/A Date: 2019-01-23 Exploit Author: Ihsan Sencan Vendor Homepage: http://cmsjunkie.com/ Software Link: https://extensions.joomla.org/extensions/extension/ads-a-affiliates/classified-ads/j-classifiedsmanager/ Versio...
Exim - 'GHOST' glibc gethostbyname Buffer Overflow (Metasploit)
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit4 'Exim GHOST glibc gethostbyname Buffer Overflow', 'Description' = %q This module remotely exploits CVE-2015-0235 a.k.a. GHOST, a...
Microsoft Index Server 2.0 / Indexing Service (Windows 2000) - ISAPI Extension Buffer Overflow (4)
source: https://www.securityfocus.com/bid/2880/info Windows Index Server ships with Windows NT 4.0 Option Pack; Windows Indexing Service ships with Windows 2000. An unchecked buffer resides in the 'idq.dll' ISAPI extension associated with each service. A maliciously crafted request could allow...
Joomla JS Jobs plugin 1.4.2 - SQL injection
Exploit Title: Joomla JS Jobs plugin 1.4.2 - SQL injection Google Dork: n/a Date: 07/07/2025 Exploit Author: Adam Wallwork Vendor Homepage: https://joomsky.com/ Demo: https://demo.joomsky.com/js-jobs/jm/free/ Software Link: https://extensions.joomla.org/extension/js-jobs/ Version: v1.4.2 Tested o...
WebsiteBaker v2.13.3 - Directory Traversal
Exploit Title: WebsiteBaker v2.13.3 - Directory Traversal Application: WebsiteBaker Version: 2.13.3 Bugs: Directory Traversal Technology: PHP Vendor URL: https://websitebaker.org/pages/en/home.php Software Link: https://wiki.websitebaker.org/doku.php/en/downloads Date of found: 26.06.2023 Author:...
rukovoditel 3.2.1 - Cross-Site Scripting (XSS)
Title: rukovoditel 3.2.1 - Cross-Site Scripting XSS Author: nu11secur1ty Date: 11.03.2022 Vendor: https://www.rukovoditel.net/ Software: https://sourceforge.net/projects/rukovoditel/files/rukovoditel3.2.1.zip/download Reference:...
FLAME II MODEM USB - Unquoted Service Path
Exploit Title: FLAME II MODEM USB - Unquoted Service Path Discovery by: Ismael Nava Discovery Date: 02-02-2022 Vendor Homepage: https://www.telcel.com/personas/equipos/modems-usb/alcatel/x602a Software Links : N/A Is a BAM Tested Version: N/A Vulnerability Type: Unquoted Service Path Tested on OS...
Library System 1.0 - 'category' SQL Injection
Exploit Title: Library System 1.0 - 'category' SQL Injection Exploit Author: Aitor Herrero Date: 2021-01-22 Vendor Homepage: https://www.sourcecodester.com/php/12275/library-system-using-php.html Software Link: https://www.sourcecodester.com/php/12275/library-system-using-php.html Version: 1.0...
H2 Database 1.4.199 - JNI Code Execution
Exploit Title: H2 Database 1.4.199 - JNI Code Execution Exploit Author: 1F98D Original Author: Markus Wulftange Date: 28 April 2020 Vendor Hompage: https://www.h2database.com/ Tested on: Windows 10 x64, Java 1.8, H2 1.4.199 References:...
Online Learning Management System 1.0 - Authentication Bypass
Exploit Title: Online Learning Management System 1.0 - Authentication Bypass Exploit Author: Aakash Madaan Godsky Date: 2020-12-22 Google Dork: N/A Vendor Homepage: https://www.sourcecodester.com/php/7339/learning-management-system.html Software Link:...