47904 matches found
QiHang Media Web Digital Signage 3.0.9 - Unauthenticated Arbitrary File Deletion
Exploit Title: QiHang Media Web Digital Signage 3.0.9 - Unauthenticated Arbitrary File Deletion Date: 2020-08-12 Exploit Author: LiquidWorm Vendor Homepage: http://www.howfor.com Tested on: Microsoft Windows Server 2012 R2 Datacenter CVE : N/A QiHang Media Web QH.aspx Digital Signage 3.0.9...
Webtareas 2.1p - Arbitrary File Upload (Authenticated)
Exploit Title: Webtareas 2.1p - Arbitrary File Upload Authenticated Author: AppleBois Date: 2020-07-10 Exploit author : AppleBois Vendor Hompage:https://sourceforge.net/projects/webtareas/ Version: 2.1 && 2.1p Tested on: Window 10 64 bit environment || XAMPP Authenticated User allowed to upload...
SnapGear Management Console SG560 3.1.5 - Cross-Site Request Forgery (Add Super User)
Title: SnapGear Management Console SG560 3.1.5 - Cross-Site Request Forgery Add Super User Author: LiquidWorm Date: 2020-06-04 Vendor: http://www.securecomputing.com CVE: N/A Secure Computing SnapGear Management Console SG560 v3.1.5 CSRF Add Super User Vendor: Secure Computing Corp. Product web...
Unraid 6.8.0 - Auth Bypass PHP Code Execution (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Unraid 6.8.0 Auth Bypass PHP Code Execution', 'Description' = %q This module exploits two vulnerabilities affecting Unraid 6.8.0. An authenticati...
File Transfer iFamily 2.1 - Directory Traversal
Title: File Transfer iFamily 2.1 - Directory Traversal Author: Vulnerability Laboratory Date: 2020-04-15 Software Link: http://www.dedecms.com/products/dedecms/downloads/ CVE: N/A Document Title: =============== File Transfer iFamily v2.1 - Directory Traversal Vulnerability References Source:...
Jinfornet Jreport 15.6 - Unauthenticated Directory Traversal
Exploit Title: Jinfornet Jreport 15.6 - Unauthenticated Directory Traversal Date: 2020-03-26 Exploit Author: hongphukt Vendor Homepage: https://www.jinfonet.com/ Software Link: https://www.jinfonet.com/product/download-jreport/ Version: JReport 15.6 Tested on: Linux, Windows Jreport Help function...
PHPKB Multi-Language 9 - 'image-upload.php' Authenticated Remote Code Execution
Exploit Title: PHPKB Multi-Language 9 - 'image-upload.php' Authenticated Remote Code Execution Google Dork: N/A Date: 2020-03-15 Exploit Author: Antonio Cannito Vendor Homepage: https://www.knowledgebase-script.com/ Software Link: https://www.knowledgebase-script.com/pricing.php Version:...
I6032B-P POE 2.0MP Outdoor Camera - Remote Configuration Disclosure
Exploit Title: I6032B-P POE 2.0MP Outdoor Camera - Remote Configuration Disclosure Author: Todor Donev Date: 2020-02-23 Vendor: https://www.revotec.com/ Product Link: CVE: N/A !/usr/bin/perl Revotech I6032B-P POE 1920x1080P 2.0MP Outdoor Camera Remote Configuration Disclosure Copyright 2020 c Tod...
FTPGetter Professional 5.97.0.223 - Denial of Service (PoC)
Exploit Title: FTPGetter Professional 5.97.0.223 - Denial of Service PoC Google Dork: N/A Date: 2020-01-03 Exploit Author: FULLSHADE Vendor Homepage: https://www.ftpgetter.com/ Software Link: https://www.ftpgetter.com/ftpgetterprosetup.exe Version: v.5.97.0.223 Tested on: Windows 7 CVE : N/A...
Mikogo 5.2.2.150317 - 'Mikogo-Service' Unquoted Serive Path
Exploit Title : Mikogo 5.2.2.150317 - 'Mikogo-Service' Unquoted Serive Path Date : 2019-10-15 Exploit Author : Cakes Vendor: LiteManager Team Version : LiteManager 4.5.0 Software: http://html.tucows.com/preview/518015/Mikogo?q=remote+support Tested on Windows 10 CVE : N/A c:\sc qc Mikogo-Service ...
Pidgin 2.13.0 - Denial of Service (PoC)
-- coding: utf-8 -- Exploit Title: Pidgin 2.13.0 - Denial of Service PoC Date: 24/05/2019 Author: Alejandra Sánchez Vendor Homepage: https://pidgin.im/ Software https://cfhcable.dl.sourceforge.net/project/pidgin/Pidgin/2.13.0/pidgin-2.13.0.exe Version: 2.13.0 Tested on: Windows 7, Windows 10 Proo...
Legrand BTicino Driver Manager F454 1.0.51 - Cross-Site Request Forgery / Cross-Site Scripting
input type="submit" value="Submit requ...
Multiple WordPress Plugins (TimThumb 2.8.13 / WordThumb 1.07) - 'WebShot' Remote Code Execution
| | / | \ | |/ |/ | / | | | | | | | | | | | | | / \ | | | || || | |\ | || | | / | | |/|| ||// \| Wordpress TimThumb 2.8.13 WebShot Remote Code Execution 0-day Affected website : a lot Wordpress Themes, Plugins, 3rd party components Exploit Author : @u0x Pichaya Morimoto Release dates :...
phpMyAdmin 3.x - Swekey Remote Code Injection
':'';? . , \ . . ,/ , / , \ \ // / / / \ | | \ / | |\ /| | | | | | | | / | | | | / | | | || | | | | | \ \ | | | || | \ \ | | | | | | | | | | | | / / | | | | | | | | | | | | | | | |// || || | |// || || ||| | || ||| || | ||...
Oracle JD Edwards EnterpriseOne 8.9x Tools Web Runtime SEC - '/jde/E1Menu.maf?jdeowpBackButtonProtect' Cross-Site Scripting
source: https://www.securityfocus.com/bid/47479/info Oracle JD Edwards EnterpriseOne is prone to multiple cross-site scripting vulnerabilities. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This m...
Apache mod_proxy_cluster 1.2.6 - Stored XSS
import requests import argparse from bs4 import BeautifulSoup from urllib.parse import urlparse, parseqs, urlencode, urlunparse from requests.exceptions import RequestException class Colors: RED = '\03391m' GREEN = '\0331;49;92m' RESET = '\0330m' def getclustermanagerurlbaseurl, path:...
Quicklancer v1.0 - SQL Injection
Exploit Title: Quicklancer v1.0 - SQL Injection Date: 2023-05-17 Exploit Author: Ahmet Ümit BAYRAM Vendor: https://codecanyon.net/item/quicklancer-freelance-marketplace-php-script/39087135 Demo Site: https://quicklancer.bylancer.com Tested on: Kali Linux CVE: N/A Request POST /php/user-ajax.php...
AmazCart CMS 3.4 - Cross-Site-Scripting (XSS)
Exploit Title: AmazCart CMS 3.4 - Cross-Site-Scripting XSS Date: 17/01/2023 Exploit Author: Sajibe Kanti Vendor Name: CodeThemes Vendor Homepage: https://spondonit.com/ Software Link: https://codecanyon.net/item/amazcart-laravel-ecommerce-system-cms/34962179 Version: 3.4 Tested on: Live Demo Demo...
Splashtop 8.71.12001.0 - Unquoted Service Path
Exploit Title: Splashtop 8.71.12001.0 - Unquoted Service Path Date: 12/20/2022 Exploit Author: A.I. hernandez Version: 8.71.12001.0 Vendor Homepage: https://www.splashtop.com Version: current version Tested on: Windows 10 21H2 Step to discover Unquoted Service Path: C:\wmic service get...
Redragon Gaming Mouse - 'REDRAGON_MOUSE.sys' Denial of Service (PoC)
Exploit Title: Redragon Gaming Mouse - 'REDRAGONMOUSE.sys' Denial of Service PoC Date: 27/08/2021 Exploit Author: Quadron Research Lab Version: all version Tested on: Windows 10 x64 HUN/ENG Professional Vendor: https://www.redragonzone.com/pages/download Reference:...
Trixbox 2.8.0.4 - 'lang' Path Traversal
Exploit Title: Trixbox 2.8.0.4 - 'lang' Path Traversal Date: 27.05.2021 Exploit Author: Ron Jost Hacker5preme Credits to: https://secur1tyadvisory.wordpress.com/2018/02/13/trixbox-multiple-path-traversal-vulnerabilities-cve-2017-14537/ Credits to: Sachin Wagh Vendor Homepage:...
Solaris 10 (SPARC) - 'dtprintinfo' Local Privilege Escalation (1)
Exploit Title: Solaris 10 1/13 SPARC - 'dtprintinfo' Local Privilege Escalation Date: 2021-02-01 Exploit Author: Marco Ivaldi Vendor Homepage: https://www.oracle.com/solaris/solaris10/ Version: Solaris 10 Tested on: Solaris 10 1/13 SPARC / raptordtprintcheckdirsparc.c - Solaris/SPARC FMT PoC...
Artica Proxy 4.3.0 - Authentication Bypass
Exploit Title: Artica Proxy 4.3.0 - Authentication Bypass Google Dork: N/A Date: 2020-08-13 Exploit Author: Dan Duffy Vendor Homepage: http://articatech.net/ Software Link: http://articatech.net/download2x.php?IsoOnly=yes Version: 4.30.00000000 REQUIRED Tested on: Debian CVE : CVE-2020-17506 impo...
Online shopping system advanced 1.0 - 'p' SQL Injection
Exploit Title: Online shopping system advanced 1.0 - 'p' SQL Injection Exploit Author : Majid kalantari Date: 2020-04-26 Vendor Homepage : https://github.com/PuneethReddyHC/online-shopping-system-advanced Software link:...
Zen Load Balancer 3.10.1 - 'index.cgi' Directory Traversal
Exploit Title: Zen Load Balancer 3.10.1 - 'index.cgi' Directory Traversal Date: 2020-04-10 Exploit Author: Basim Alabdullah Software Link: https://sourceforge.net/projects/zenloadbalancer/files/Distro/zenloadbalancer-distro3.10.1.iso/download Version: 3.10.1 Tested on: Debian8u2 Technical Details...
PHPKB Multi-Language 9 - Authenticated Remote Code Execution
Exploit Title: PHPKB Multi-Language 9 - Authenticated Remote Code Execution Google Dork: N/A Date: 2020-03-15 Exploit Author: Antonio Cannito Vendor Homepage: https://www.knowledgebase-script.com/ Software Link: https://www.knowledgebase-script.com/pricing.php Version: Multi-Language v9 Tested on...
Cisco Data Center Network Manager 11.2.1 - 'getVmHostData' SQL Injection
!/usr/bin/python """ Cisco Data Center Network Manager HostEnclHandler getVmHostData SQL Injection Remote Code Execution Vulnerability Tested on: Cisco DCNM 11.2.1 Installer for Windows 64-bit - Release: 11.21 - Release Date: 18-Jun-2019 - FileName: dcnm-installer-x64-windows.11.2.1.exe.zip - Siz...
Rukovoditel Project Management CRM 2.5.2 - 'reports_id' SQL Injection
Exploit Title: Rukovoditel Project Management CRM 2.5.2 - 'reportsid' SQL Injection Google Dork: N/A Date: 2020-01-15 Blog: https://fatihhcelik.blogspot.com/ Exploit Author: Fatih Çelik Vendor Homepage: https://www.rukovoditel.net/ Software Link: https://sourceforge.net/projects/rukovoditel/...
FaceSentry Access Control System 6.4.8 - Cross-Site Request Forgery
FaceSentry Access Control System 6.4.8 Cross-Site Request Forgery Vendor: iWT Ltd. Product web page: http://www.iwt.com.hk Affected version: Firmware 6.4.8 build 264 Algorithm A16 Firmware 5.7.2 build 568 Algorithm A14 Firmware 5.7.0 build 539 Algorithm A14 Summary: FaceSentry 5AN is a...
SeedDMS < 5.1.11 - 'out.GroupMgr.php' Cross-Site Scripting
Exploit Title: Persistent Cross-Site Scripting or Stored XSS in out/out.GroupMgr.php in SeedDMS before 5.1.11 Google Dork: NA Date: 17-June-2019 Exploit Author: Nimit Jainhttps://secfolks.blogspot.com Vendor Homepage: https://www.seeddms.org Software Link:...
WordPress Plugin AutoSuggest 0.24 - 'wpas_keys' SQL Injection
Exploit Title: WP AutoSuggest 0.24 - SQL Injection Date: 01-12-2018 Software Link: https://wordpress.org/plugins/wp-autosuggest/ Exploit Author: Kaimi Website: https://kaimi.io Version: 0.24 Category: webapps SQL Injection File: autosuggest.php Vulnerable code: if isset$GET'wpaskeys' $wpaskeys =...
ADB Broadband Gateways / Routers - Local Root Jailbreak
SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Local root jailbreak via network file sharing flaw product: All ADB Broadband Gateways / Routers based on Epicentro platform vulnerable version: Hardware: ADB P.RG AV4202...
Linux Kernel - 'The Huge Dirty Cow' Overwriting The Huge Zero Page (1)
// EDB Note: Source https://medium.com/bindecy/huge-dirty-cow-cve-2017-1000405-110eca132de0 // EDB Note: Source https://github.com/bindecy/HugeDirtyCowPOC // Author Note: Before running, make sure to set transparent huge pages to "always": // echo always | sudo tee...
Linux Kernel 4.13 (Ubuntu 17.10) - 'waitid()' SMEP/SMAP/Chrome Sandbox Privilege Escalation
// Proof of concept exploit for waitid bug introduced in Linux Kernel 4.13 // By Chris Salls twitter.com/chrissalls // This exploit can be used to break out out of sandboxes such as that in google chrome // In this proof of concept we install the seccomp filter from chrome as well as a chroot, //...
Linux Kernel 2.6.22 < 3.9 - 'Dirty COW' /proc/self/mem Race Condition (Write Access Method)
/ dirtyc0w.c $ sudo -s echo this is not a test foo chmod 0404 foo $ ls -lah foo -r-----r-- 1 root root 19 Oct 20 15:23 foo $ cat foo this is not a test $ gcc -pthread dirtyc0w.c -o dirtyc0w $ ./dirtyc0w foo m00000000000000000 mmap 56123000 madvise 0 procselfmem 1800000000 $ cat foo...
DD-WRT HTTPd Daemon/Service - Arbitrary Command Execution (Metasploit)
$Id: ddwrtcgibinexec.rb 9719 2010-07-07 17:38:59Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framewor...
iWeb HTTP Server - Directory Traversal
iWeb HTTP server Directory Transversal Vulnerability Found By: mrme Download: http://www.ashleybrown.co.uk/iweb/ Tested On: Windows XPSP3 POC: http://server/..%5C..%5C..%5Cboot.ini...
Apache mod_perl - 'Apache::Status' / 'Apache2::Status' Cross-Site Scripting
source: https://www.securityfocus.com/bid/34383/info The Apache 'modperl' module is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting us...
MyBulletinBoard (MyBB) 1.1.5 - 'CLIENT-IP' SQL Injection
!/usr/bin/php -q -d shortopentag=on ? echo "MyBulletinBoard MyBB = 1.1.5 'CLIENT-IP' SQL injection / create new admin exploit\n"; echo "by rgod [email protected]\n"; echo "site: http://retrogod.altervista.org\n"; echo "dork, version specific: "Powered By MyBB" "2006 MyBB Group"\n\n"; / works...
Spid 1.3 - 'lang_path' File Inclusion
source: https://www.securityfocus.com/bid/14208/info SPiD is a gallery management application written in PHP. SPiD is prone to a remote file include vulnerability, due to lack of validation of user input. An attacker may leverage this issue to execute arbitrary server-side script code on an...
XML-RPC Library 1.3.0 - 'xmlrpc.php' Remote Code Injection
tested and working /str0ke !/usr/bin/perl ilo-- This program is no GPL or has nothing to do with FSF, but some code was ripped from romansoft.. sorry, too lazy! xmlrpc bug by James from GulfTech Security Research. http://pear.php.net/bugs/bug.php?id=4692 xmlrpc drupal exploit, but James sais xoop...
GestioIP 3.5.7 - Cross-Site Scripting (XSS)
Exploit Title: GestioIP 3.5.7 - GestioIP Vulnerability: Auth. Cross-Site Scripting XSS Exploit Author: m4xth0r Maximiliano Belino Author website: https://maxibelino.github.io/ Author email max.cybersecurity at belino.com GitHub disclosure link:...
Grand Theft Auto III/Vice City Skin File v1.1 - Buffer Overflow
Exploit Title: Grand Theft Auto III/Vice City Skin File v1.1 - Buffer Overflow Exploit Date: 22.01.2023 Discovered and Written by: Knursoft Vendor Homepage: https://www.rockstargames.com/ Version: v1.1 Tested on: Windows XP SP2/SP3, 7, 10 21H2 CVE : N/A 1 - Run this python script to generate...
ProLink PRS1841 PLDT Home fiber - Default Password
Exploit Title: Router backdoor - ProLink PRS1841 PLDT Home fiber Date: 12/8/2022 Exploit Author: Lawrence Amer @zux0x3a Vendor Homepage: https://prolink2u.com/product/prs1841/ Firmware : PRS1841 U V2 research:...
Showdoc 2.10.3 - Stored Cross-Site Scripting (XSS)
Exploit Title: Showdoc 2.10.3 - Stored Cross-Site Scripting XSS Exploit Author: Akshay Ravi Vendor Homepage: https://github.com/star7th/showdoc Software Link: https://github.com/star7th/showdoc/releases/tag/v2.10.3 Version: alert1" 2. Login to showdoc v2.10.2 and go to file library Endpoint =...
Aruba Instant (IAP) - Remote Code Execution
import socket import sys import struct import time import threading import urllib3 import re import telnetlib import xml.etree.ElementTree as ET import requests urllib3.disablewarnings CONTINUERACE = True SNPRINTFCREATEFILEMAXLENGTH = 245 def racepapimessageip: global CONTINUERACE payload =...
Invoice System 1.0 - 'Multiple' Stored Cross-Site Scripting (XSS)
Exploit Title: Invoice System 1.0 - 'Multiple' Stored Cross-Site Scripting XSS Date: 12 July 2021 Exploit Author: Subhadip Nag mrl0s3r Vendor Homepage: https://www.sourcecodester.com/ Software Link: https://www.sourcecodester.com/php/14858/invoice-system-using-phpoop-free-source-code.html Tested...
Voting System 1.0 - File Upload RCE (Authenticated Remote Code Execution)
Exploit Title: Voting System 1.0 - File Upload RCE Authenticated Remote Code Execution Date: 19/01/2021 Exploit Author: Richard Jones Vendor Homepage:https://www.sourcecodester.com/php/12306/voting-system-using-php.html Software Link:...
Flexmonster Pivot Table & Charts 2.7.17 - 'To OLAP' Reflected XSS
Exploit Title: Flexmonster Pivot Table & Charts 2.7.17 - 'To OLAP' Reflected XSS Date: 08/01/2020 Exploit Author: Marco Nappi Vendor Homepage: https://www.flexmonster.com/ Version:Flexmonster Pivot Table & Charts 2.7.17 Tested on:Flexmonster Pivot Table & Charts 2.7.17 CVE : CVE-2020-20141 Cross...
Alumni Management System 1.0 - "Course Form" Stored XSS
Exploit Title: Alumni Management System 1.0 - "Course Form" Stored XSS Exploit Author: Aakash Madaan Date: 2020-12-10 Vendor Homepage: https://www.sourcecodester.com/php/14524/alumni-management-system-using-phpmysql-source-code.html Software Link:...