47884 matches found
Tdarr 2.00.15 - Command Injection
Exploit Title: Tdarr 2.00.15 - Command Injection Date: 10/03/2022 Exploit Author: Sam Smith Vendor Homepage: https://tdarr.io Software Link: https://f000.backblazeb2.com/file/tdarrs/versions/2.00.15/linuxarm64/TdarrServer.zip Version: 2.00.15 likely also older versions Tested on: 2.00.15 Exploit:...
Seowon SLR-120 Router - Remote Code Execution (Unauthenticated)
Exploit Title: Seowon SLR-120 Router - Remote Code Execution Unauthenticated Date: 2022-03-11 Exploit Author: Aryan Chehreghani Vendor Homepage: http://www.seowonintech.co.kr Software Link: http://www.seowonintech.co.kr/en/product/detail.asp?num=126&bigkind=B05&middlekind=B0530 Version: All versi...
WOW21 5.0.1.9 - 'Service WOW21_Service' Unquoted Service Path
Exploit Title: WOW21 5.0.1.9 - 'Service WOW21Service' Unquoted Service Path Exploit Author: Antonio Cuomo arkantolo Exploit Date: 2022-03-09 Vendor : ilwebmaster21 Version : WOW21Service 5.0.1.9 Vendor Homepage : https://wow21.life/ Tested on OS: Windows 10 Pro x64 PoC : ============== C:\sc qc...
McAfee(R) Safe Connect VPN - Unquoted Service Path Elevation Of Privilege
Exploit Title: McAfeeĀ® Safe Connect VPN - Unquoted Service Path Elevation Of Privilege Date: 09/03/2022 Exploit Author: Saud Alenazi Vendor Homepage: https://www.mcafee.com/ Software Link: https://www.mcafee.com/en-us/vpn/mcafee-safe-connect.html Version: 2.13 Tested: Windows 10 x64 Contact:...
BattlEye 0.9 - 'BEService' Unquoted Service Path
Exploit Title: BattlEye 0.9 - 'BEService' Unquoted Service Path Date: 09/03/2022 Exploit Author: Saud Alenazi Vendor Homepage: https://www.battleye.com/ Software Link: https://www.battleye.com/downloads/ Version: 0.94 Tested: Windows 10 Pro Contact: https://twitter.com/dmaral3noz C:\Users\saudhsc...
Siemens S7-1200 - Unauthenticated Start/Stop Command
Exploit Title: Unauthenticated Siemens S7-1200 CPU Start/Stop Command Date: 09/03/2022 Exploit Author: RoseSecurity Vendor Homepage: https://www.siemens.com/global/en.html Version: V4.5 and below Tested on: Siemens S7-1200 CPU: 1215C IP == PLC IP address Start Command curl -i -s -k -X $'POST' \ -...
Sony playmemories home - 'PMBDeviceInfoProvider' Unquoted Service Path
Exploit Title: Sony playmemories home - 'PMBDeviceInfoProvider' Unquoted Service Path Date: 09/03/2022 Exploit Author: Saud Alenazi Vendor Homepage: https://www.sony.com/ Software Link: https://support.d-imaging.sony.co.jp/www/disoft/int/download/playmemories-home/win/en/index.html Version: 6.0...
Zabbix 5.0.17 - Remote Code Execution (RCE) (Authenticated)
Exploit Title: Zabbix 5.0.17 - Remote Code Execution RCE Authenticated Date: 9/3/2022 Exploit Author: Hussien Misbah Vendor Homepage: https://www.zabbix.com/ Software Link: https://www.zabbix.com/rn/rn5.0.17 Version: 5.0.17 Tested on: Linux Reference:...
Sandboxie-Plus 5.50.2 - 'Service SbieSvc' Unquoted Service Path
Exploit Title: Sandboxie-Plus 5.50.2 - 'Service SbieSvc' Unquoted Service Path Exploit Author: Antonio Cuomo arkantolo Exploit Date: 2022-03-09 Vendor : David Xanatos Version : SbieSvc 5.50.2 Vendor Homepage : https://sandboxie-plus.com/ Tested on OS: Windows 10 Pro x64 PoC : ============== C:\sc...
Wondershare Dr.Fone 12.0.18 - 'Wondershare InstallAssist' Unquoted Service Path
Exploit Title: Wondershare Dr.Fone 12.0.18 - 'Wondershare InstallAssist' Unquoted Service Path Discovery by: Mohamed Alzhrani Discovery Date: 2022-03-08 Vendor Homepage: https://www.wondershare.com/ Software Link : https://download.wondershare.com/drfonefull3360.exe Tested Version: 12.0.18...
Printix Client 1.3.1106.0 - Privilege Escalation
Exploit Title: Printix Client 1.3.1106.0 - Privilege Escalation Date: 3/2/2022 Exploit Author: Logan Latvala Vendor Homepage: https://printix.net Software Link: https://software.printix.net/client/win/1.3.1106.0/PrintixClientWindows.zip Version: = 1.3.1106.0 Tested on: Windows 7, Windows 8, Windo...
Audio Conversion Wizard v2.01 - Buffer Overflow
Exploit Title: Audio Conversion Wizard v2.01 - Buffer Overflow Exploit Author: Hejap Zairy Date: 03.07.2022 Software Link: https://www.litexmedia.com/acwizard.exe Tested Version: v2.01 Tested on: Windows 10 64bit 1.- Run python code : 0day-HejapZairy.py 2.- Open 0dayHejap.txt and copy All content...
Webmin 1.984 - Remote Code Execution (Authenticated)
Exploit Title: Webmin 1.984 - Remote Code Execution Authenticated Date: 2022-03-06 Exploit Author: faisalfs10x https://github.com/faisalfs10x Vendor Homepage: https://www.webmin.com/ Software Link: https://github.com/webmin/webmin/archive/refs/tags/1.984.zip Version: = 1.984 Tested on: Ubuntu 18...
Cobian Backup 0.9 - Unquoted Service Path
Exploit Title: Cobian Backup 0.9 - Unquoted Service Path Date: 06/03/2022 Exploit Author: Hejap Zairy Vendor Homepage: https://www.cobiansoft.com// Software Link: https://www.cobiansoft.com/download.php/ Version:0.9.93 Tested: Windows 10 Pro x64 es C:\Users\Hejapsc qc CobianReflectorService SC...
Linux Kernel 5.8 < 5.16.11 - Local Privilege Escalation (DirtyPipe)
// Exploit Title: Linux Kernel 5.8 Proof-of-concept exploit for the Dirty Pipe vulnerability CVE-2022-0847 caused by an uninitialized "pipebuffer.flags" variable. It demonstrates how to overwrite any file contents in the page cache, even if the file is not permitted to be written, immutable or on...
Cloudflare WARP 1.4 - Unquoted Service Path
Exploit Title: Cloudflare WARP 1.4 - Unquoted Service Path Date: 05/03/2022 Exploit Author: Hejap Zairy Vendor Homepage: https://www.cloudflare.com/ Software Link: https://developers.cloudflare.com/warp-client/get-started/windows/ Version: 1.4.107 Tested: Windows 10 Pro x64 es C:\Users\Hejapsc qc...
Attendance and Payroll System v1.0 - Remote Code Execution (RCE)
Exploit Title: Attendance and Payroll System v1.0 - Remote Code Execution RCE Date: 04/03/2022 Exploit Author: pr0z Vendor Homepage: https://www.sourcecodester.com Software Link: https://www.sourcecodester.com/sites/default/files/download/oretnom23/apsystem.zip Version: v1.0 Tested on: Linux,...
Private Internet Access 3.3 - 'pia-service' Unquoted Service Path
Exploit Title: Private Internet Access 3.3 - 'pia-service' Unquoted Service Path Date: 04/03/2022 Exploit Author: Saud Alenazi Vendor Homepage: https://www.privateinternetaccess.com Software Link: https://www.privateinternetaccess.com/download Version: 3.3.0.100 Tested: Windows 10 x64 Contact:...
part-db 0.5.11 - Remote Code Execution (RCE)
Exploit Title: part-db 0.5.11 - Remote Code Execution RCE Google Dork: NA Date: 03/04/2022 Exploit Author: Sunny Mehra @DSKMehra Vendor Homepage: https://github.com/part-db/part-db Software Link: https://github.com/part-db/part-db Version: 0.5.11. Tested on: KALI OS CVE : CVE-2022-0848...
Foxit PDF Reader 11.0 - Unquoted Service Path
Exploit Title: Foxit PDF Reader 11.0 - Unquoted Service Path Date: 05/03/2022 Exploit Author: Hejap Zairy Vendor Homepage: https://www.foxit.com/pdf-reader/ Software Link: https://www.foxit.com/downloads/Foxit-Reader/ Version: 11.0.1.49938 Tested: Windows 10 Pro x64 es C:\Users\Hejapsc qc...
Attendance and Payroll System v1.0 - SQLi Authentication Bypass
Exploit Title: Attendance and Payroll System v1.0 - SQLi Authentication Bypass Date: 04/03/2022 Exploit Author: pr0z Vendor Homepage: https://www.sourcecodester.com Software Link: https://www.sourcecodester.com/sites/default/files/download/oretnom23/apsystem.zip Version: v1.0 Tested on: Linux,...
Malwarebytes 4.5 - Unquoted Service Path
Exploit Title: Malwarebytes 4.5 - Unquoted Service Path Date: 05/03/2022 Exploit Author: Hejap Zairy Vendor Homepage: https://www.malwarebytes.com/ Software Link: https://www.malwarebytes.com/mwb-download/ Version: 4.5.0 Tested: Windows 10 Pro x64 es C:\Users\Hejapsc qc MBAMService SC...
Hasura GraphQL 2.2.0 - Information Disclosure
Exploit Title: Hasura GraphQL 2.2.0 - Information Disclosure Software: Hasura GraphQL Community Software Link: https://github.com/hasura/graphql-engine Version: 2.2.0 Exploit Author: Dolev Farhi Date: 5/05/2022 Tested on: Ubuntu import requests SERVERADDR = 'x.x.x.x' url =...
Spring Cloud Gateway 3.1.0 - Remote Code Execution (RCE)
Exploit Title: Spring Cloud Gateway 3.1.0 - Remote Code Execution RCE Google Dork: N/A Date: 03/03/2022 Exploit Author: Carlos E. Vieira Vendor Homepage: https://spring.io/ Software Link: https://spring.io/projects/spring-cloud-gateway Version: This vulnerability affect Spring Cloud Gateway 3.0.7...
Xerte 3.10.3 - Directory Traversal (Authenticated)
Exploit Title: Xerte 3.10.3 - Directory Traversal Authenticated Date: 05/03/2021 Exploit Author: Rik Lutz Vendor Homepage: https://xerte.org.uk Software Link: https://github.com/thexerteproject/xerteonlinetoolkits/archive/refs/heads/3.9.zip Version: up until 3.10.3 Tested on: Windows 10 XAMP CVE ...
Printix Client 1.3.1106.0 - Remote Code Execution (RCE)
Exploit Title: Printix Client 1.3.1106.0 - Remote Code Execution RCE Date: 3/1/2022 Exploit Author: Logan Latvala Vendor Homepage: https://printix.net Software Link: https://software.printix.net/client/win/1.3.1106.0/PrintixClientWindows.zip Version: = 1.3.1106.0 Tested on: Windows 7, Windows 8,...
Xerte 3.9 - Remote Code Execution (RCE) (Authenticated)
Exploit Title: Xerte 3.9 - Remote Code Execution RCE Authenticated Date: 05/03/2021 Exploit Author: Rik Lutz Vendor Homepage: https://xerte.org.uk Software Link: https://github.com/thexerteproject/xerteonlinetoolkits/archive/refs/heads/3.8.5-33.zip Version: up until version 3.9 Tested on: Windows...
Zyxel ZyWALL 2 Plus Internet Security Appliance - Cross-Site Scripting (XSS)
Exploit Title: Zyxel ZyWALL 2 Plus Internet Security Appliance - Cross-Site Scripting XSS Date: 1/3/2022 Exploit Author: Momen Eldawakhly CyberGuy Vendor Homepage: https://www.zyxel.com Version: ZyWALL 2 Plus Tested on: Ubuntu Linux Firefox CVE : CVE-2021-46387 GET...
Prowise Reflect v1.0.9 - Remote Keystroke Injection
Exploit Title: Prowise Reflect v1.0.9 - Remote Keystroke Injection Date: 30/10/2022 Exploit Author: Rik Lutz Vendor Homepage: https://www.prowise.com/ Version: V1.0.9 Tested on: Windows 10 Prowise Reflect software version 1.0.9 for Windows is vulnerable to a remote keystroke injection. Much like...
Cobian Backup 11 Gravity 11.2.0.582 - 'Password' Denial of Service (PoC)
Exploit Title: Cobian Backup 11 Gravity 11.2.0.582 - 'Password' Denial of Service PoC Discovery by: Luis Martinez Discovery Date: 2022-02-16 Vendor Homepage: https://www.cobiansoft.com/ Software Link: https://files.cobiansoft.com/programs/cbSetup.exe Tested Version: 11.2.0.582 Vulnerability Type:...
Cobian Backup Gravity 11.2.0.582 - 'CobianBackup11' Unquoted Service Path
Exploit Title: Cobian Backup Gravity 11.2.0.582 - 'CobianBackup11' Unquoted Service Path Discovery by: Luis Martinez Discovery Date: 2022-02-24 Vendor Homepage: https://www.cobiansoft.com/ Software Link : https://files.cobiansoft.com/programs/cbSetup.exe Tested Version: 11.2.0.582 Vulnerability...
WAGO 750-8212 PFC200 G2 2ETH RS - Privilege Escalation
Exploit Title: WAGO 750-8212 PFC200 G2 2ETH RS Privilege Escalation Date: 02/16/2022 Exploit Author: Momen Eldawakhly Cyber Guy at Cypro AB Vendor Homepage: https://www.wago.com Version: Firmware version 03.05.1017 Tested on: PopOS! Linux ======================================== = The ordinary us...
Cipi Control Panel 3.1.15 - Stored Cross-Site Scripting (XSS) (Authenticated)
Exploit Title: Cipi Control Panel 3.1.15 - Stored Cross-Site Scripting XSS Authenticated Date: 24.02.2022 Exploit Author: Fikrat Ghuliev Ghuliev Vendor Homepage: https://cipi.sh/ Software Link: https://cipi.sh/ Version: 3.1.15 Tested on: Ubuntu When the user wants to add a new server on the...
Cobian Reflector 0.9.93 RC1 - 'Password' Denial of Service (PoC)
Exploit Title: Cobian Reflector 0.9.93 RC1 - 'Password' Denial of Service PoC Discovery by: Luis Martinez Discovery Date: 2022-02-16 Vendor Homepage: https://www.cobiansoft.com/ Software Link: https://files.cobiansoft.com/programs/crSetup-0.9.93-RC1.exe Tested Version: 0.9.93 RC1 Vulnerability...
Casdoor 1.13.0 - SQL Injection (Unauthenticated)
// Exploit Title: Casdoor 1.13.0 - SQL Injection Unauthenticated // Date: 2022-02-25 // Exploit Author: Mayank Deshmukh // Vendor Homepage: https://casdoor.org/ // Software Link: https://github.com/casdoor/casdoor/releases/tag/v1.13.0 // Version: version 1.13.1 // Security Advisory:...
Wondershare MirrorGo 2.0.11.346 - Insecure File Permissions
Exploit Title: Wondershare MirrorGo 2.0.11.346 - Insecure File Permissions Discovery by: Luis Martinez Discovery Date: 2022-02-23 Vendor Homepage: https://www.wondershare.com/ Software Link : https://download.wondershare.com/mirrorgofull8050.exe Tested Version: 2.0.11.346 Vulnerability Type: Loca...
aaPanel 6.8.21 - Directory Traversal (Authenticated)
Exploit Title: aaPanel 6.8.21 - Directory Traversal Authenticated Date: 22.02.2022 Exploit Author: Fikrat Ghuliev Ghuliev Vendor Homepage: https://www.aapanel.com/ Software Link: https://www.aapanel.com Version: 6.8.21 Tested on: Ubuntu Application vulnerable to Directory Traversal and attacker c...
Student Record System 1.0 - 'cid' SQLi (Authenticated)
Exploit Title: Student Record System 1.0 - 'cid' SQLi Authenticated Exploit Author: Mohd. Anees Contact: https://www.linkedin.com/in/aneessecure/ Software Homepage: https://phpgurukul.com/student-record-system-php/ Version : 1.0 Tested on: windows 10 xammp | Kali linux Category: WebApp Google Dor...
Microweber CMS 1.2.10 - Local File Inclusion (Authenticated) (Metasploit)
Exploit Title: Microweber CMS v1.2.10 Local File Inclusion Authenticated Date: 22.02.2022 Exploit Author: Talha Karakumru Vendor Homepage: https://microweber.org/ Software Link: https://github.com/microweber/microweber/archive/refs/tags/v1.2.10.zip Version: Microweber CMS v1.2.10 Tested on:...
Adobe ColdFusion 11 - LDAP Java Object Deserialization Remode Code Execution (RCE)
Exploit Title: Adobe ColdFusion 11 - LDAP Java Object Deserialization Remode Code Execution RCE Google Dork: intext:"adobe coldfusion 11" Date: 2022-22-02 Exploit Author: Amel BOUZIANE-LEBLOND https://twitter.com/amellb Vendor Homepage: https://www.adobe.com/sea/products/coldfusion-family.html...
Simple Real Estate Portal System 1.0 - 'id' SQLi
Exploit Title: Simple Real Estate Portal System 1.0 - 'id' SQL Injection Date: 22/02/2022 Exploit Author: Mosaaed Vendor Homepage: https://www.sourcecodester.com/ Software Link: https://www.sourcecodester.com/php/15184/simple-real-estate-portal-system-phpoop-free-source-code.html Version: 1.0...
WebHMI 4.1 - Stored Cross Site Scripting (XSS) (Authenticated)
Exploit Title: WebHMI 4.1 - Stored Cross Site Scripting XSS Authenticated Date: 04/01/2022 Exploit Author: Antonio Cuomo arkantolo Vendor Homepage: https://webhmi.com.ua/en/ Version: WebHMI Firmware 4.1.1.7662 Tested on: WebHMI Firmware 4.1.1.7662 Steps to Reproduce 1. Login to admin account 2. A...
Air Cargo Management System v1.0 - SQLi
Title: Air Cargo Management System v1.0 - SQLi Author: nu11secur1ty Date: 02.18.2022 Vendor: https://www.sourcecodester.com/users/tips23 Software: https://www.sourcecodester.com/php/15188/air-cargo-management-system-php-oop-free-source-code.html Reference:...
ICL ScadaFlex II SCADA Controllers SC-1/SC-2 1.03.07 - Remote File CRUD
Exploit Title: CL ScadaFlex II SCADA Controllers SC-1/SC-2 1.03.07 Remote File CRUD Exploit Author: LiquidWorm !/usr/bin/env python3 -- coding: utf-8 -- ICL ScadaFlex II SCADA Controllers SC-1/SC-2 1.03.07 Remote File CRUD Vendor: Industrial Control Links, Inc. Product web page:...
WebHMI 4.1.1 - Remote Code Execution (RCE) (Authenticated)
Exploit Title: WebHMI 4.1.1 - Remote Code Execution RCE Authenticated Date: 03/01/2022 Exploit Author: Antonio Cuomo arkantolo Vendor Homepage: https://webhmi.com.ua/en/ Version: WebHMI 4.1.1.7662 Tested on: WebHMI-4.1.1.7662 !/usr/bin/python import sys import re import argparse import requests...
Thinfinity VirtualUI 2.5.26.2 - Information Disclosure
Exploit Title: Thinfinity VirtualUI 2.5.26.2 - Information Disclosure Date: 18/01/2022 Exploit Author: Daniel Morales Vendor: https://www.cybelesoft.com Software Link: https://www.cybelesoft.com/thinfinity/virtualui/ Version vulnerable: Thinfinity VirtualUI ?...
FileCloud 21.2 - Cross-Site Request Forgery (CSRF)
Exploit Title: FileCloud 21.2 - Cross-Site Request Forgery CSRF Date: 2022-02-20 Exploit Author: Masashi Fujiwara Vendor Homepage: https://www.filecloud.com/ Software Link: https://hub.docker.com/r/filecloud/filecloudserver21.2 Version: All versions of FileCloud prior to 21.3 Fiexd: version...
Thinfinity VirtualUI 2.5.41.0 - IFRAME Injection
Exploit Title: Thinfinity VirtualUI 2.5.41.0 - IFRAME Injection Date: 16/12/2021 Exploit Author: Daniel Morales Vendor: https://www.cybelesoft.com Software Link: https://www.cybelesoft.com/thinfinity/virtualui/ Version: Thinfinity VirtualUI " where "vpath=//" is the pointer to the external site t...
HMA VPN 5.3 - Unquoted Service Path
Exploit Title: HMA VPN 5.3 - Unquoted Service Path Date: 18/02/2022 Exploit Author: Saud Alenazi Vendor Homepage: https://www.hidemyass.com/ Software Link: https://www.hidemyass.com/en-us/downloads Version: 5.3.5913.0 Tested: Windows 10 Pro x64 es C:\Users\saudhsc qc HmaProVpn SC QueryServiceConf...
Cyclades Serial Console Server 3.3.0 - Local Privilege Escalation
Exploit Title: Cyclades Serial Console Server 3.3.0 - Local Privilege Escalation Date: 09 Feb 2022 Exploit Author: @ibby Vendor Homepage: https://www.vertiv.com/en-us/ Software Link: https://downloads2.vertivco.com/SerialACS/ACS/ACSv3.3.0-16/FL0536-017.zip Version: Legacy Versions V1.0.0 to...