47904 matches found
ABB Cylon Aspect 3.08.03 (MapServicesHandler) - Authenticated Reflected XSS
ABB Cylon Aspect 3.08.03 MapServicesHandler - Authenticated Reflected XSS Vendor: ABB Ltd. Product web page: https://www.global.abb Affected version: NEXUS Series, MATRIX-2 Series, ASPECT-Enterprise, ASPECT-Studio Firmware: =3.08.03 Summary: ASPECT is an award-winning scalable building energy...
ABB Cylon Aspect 3.07.02 (userManagement.php) - Weak Password Policy
ABB Cylon Aspect 3.07.02 userManagement.php - Weak Password Policy Vendor: ABB Ltd. Product web page: https://www.global.abb Affected version: NEXUS Series, MATRIX-2 Series, ASPECT-Enterprise, ASPECT-Studio Firmware: =3.07.02 Summary: ASPECT is an award-winning scalable building energy management...
Cacti 1.2.26 - Remote Code Execution (RCE) (Authenticated)
Exploit Title: Cacti 1.2.26 - Remote Code Execution RCE Authenticated Date: 06/01/2025 Exploit Author: D3Ext Vendor Homepage: https://cacti.net/ Software Link: https://github.com/Cacti/cacti/archive/refs/tags/release/1.2.26.zip Version: 1.2.26 Tested on: Kali Linux 2024 CVE: CVE-2024-25641...
ABB Cylon Aspect 3.08.03 (CookieDB) - SQL Injection
ABB Cylon Aspect 3.08.03 CookieDB SQL Injection Vendor: ABB Ltd. Product web page: https://www.global.abb Affected version: NEXUS Series, MATRIX-2 Series, ASPECT-Enterprise, ASPECT-Studio Firmware: =3.08.03 Summary: ASPECT is an award-winning scalable building energy management and control soluti...
ABB Cylon Aspect 3.08.02 (escDevicesUpdate.php) - Denial of Service (DOS)
ABB Cylon Aspect 3.08.02 escDevicesUpdate.php Off-by-One Config Write DoS Vendor: ABB Ltd. Product web page: https://www.global.abb Affected version: NEXUS Series, MATRIX-2 Series, ASPECT-Enterprise, ASPECT-Studio Firmware: =3.08.02 Summary: ASPECT is an award-winning scalable building energy...
ABB Cylon Aspect 3.08.02 (licenseServerUpdate.php) - Stored Cross-Site Scripting
ABB Cylon Aspect 3.08.02 licenseServerUpdate.php Stored Cross-Site Scripting Vendor: ABB Ltd. Product web page: https://www.global.abb Affected version: NEXUS Series, MATRIX-2 Series, ASPECT-Enterprise, ASPECT-Studio Firmware: =3.08.02 Summary: ASPECT is an award-winning scalable building energy...
ABB Cylon Aspect 3.08.02 (licenseUpload.php) - Stored Cross-Site Scripting
ABB Cylon Aspect 3.08.02 licenseUpload.php Stored Cross-Site Scripting Vendor: ABB Ltd. Product web page: https://www.global.abb Affected version: NEXUS Series, MATRIX-2 Series, ASPECT-Enterprise, ASPECT-Studio Firmware: =3.08.02 Summary: ASPECT is an award-winning scalable building energy...
Pymatgen 2024.1 - Remote Code Execution (RCE)
Exploit Title : Pymatgen 2024.1 - Remote Code Execution RCE Google Dork : not applicable Date : 2024-11-13 Exploit Author : Mohammed Idrees Banyamer Vendor Homepage : https ://pymatgen.org Software Link : https ://pypi.org /project /pymatgen/ Version : 2024.1 Tested on : Kali Linux 2024.1 CVE :...
IBMi Navigator 7.5 - HTTP Security Token Bypass
Author Title: John Page aka hyp3rlinx Author Website: hyp3rlinx.altervista.org Source: https://hyp3rlinx.altervista.org/advisories/IBMiNavigatorHTTPSecurityTokenBypass-CVE-2024-51464.txt Vendor: www.ibm.com Product Navigator for i is a Web console interface where you can perform the key tasks to...
OpenCMS 17.0 - Stored Cross Site Scripting (XSS)
Exploit Title: OpenCMS 17.0 - Stored Cross Site Scripting XSS Date: 24-11-2024 Exploit Author: Siddhartha Naik Vendor Homepage: http://www.opencms.org/en/ Software Link: http://www.opencms.org/en/modules/downloads/begindownload.html?id=dade528f-ec17-11ee-ab97-7fde8b0295e1 Affected Version: 17.0...
Ivanti Connect Secure 22.7R2.5 - Remote Code Execution (RCE)
Exploit Title: Ivanti Connect Secure 22.7R2.5 - Remote Code Execution RCE Date: 2025-01-11 Exploit Author: @absholi7ly CVE: CVE-2025-0282 import requests import sys import struct import socket import ssl import urllib3 import time Disable SSL warnings...
Really Simple Security 9.1.1.1 - Authentication Bypass
!/usr/bin/env python3 Exploit Title: Really Simple Security 9.1.1.1 - Authentication Bypass Date: 2024-11-19 Exploit Author: Antonio Francesco Sardella Vendor Homepage: https://really-simple-ssl.com/ Software Link: https://really-simple-ssl.com/ Version: Really Simple Security Free, Pro, and Pro...
Adapt Authoring Tool 0.11.3 - Remote Command Execution (RCE)
Exploit Title: Adapt Authoring Tool 0.11.3 - Remote Command Execution RCE Date: 2024-11-24 Exploit Author: Eui Chul Chung Vendor Homepage: https://www.adaptlearning.org/ Software Link: https://github.com/adaptlearning/adaptauthoring Version: 0.11.3 CVE Identifier: CVE-2024-50672 , CVE-2024-50671...
Spring Boot common-user-management 0.1 - Remote Code Execution (RCE)
Exploit Title: Unrestricted File Upload Google Dork: Date: 14/Nov/2024 Exploit Author: d3sca Vendor Homepage: https://github.com/OsamaTaher/Java-springboot-codebase Software Link: https://github.com/OsamaTaher/Java-springboot-codebase Version: app version 0.1 Tested on: Debian Linux CVE :...
IBMi Navigator 7.5 - Server Side Request Forgery (SSRF)
Author Title: John Page aka hyp3rlinx Author Website: hyp3rlinx.altervista.org Source: https://hyp3rlinx.altervista.org/advisories/IBMiNavigatorHTTPSecurityTokenBypass-CVE-2024-51464.txt Vendor: www.ibm.com Vendor www.ibm.com Product Navigator for i is a Web console interface where you can perfor...
Plane 0.23.1 - Server side request forgery (SSRF)
Exploit Title: Plane - Server side request forgery SSRF Date: 2024-01-13 Exploit Author: Saud Alenazi Vendor Homepage: https://plane.so Software Link: https://github.com/makeplane/plane/releases/tag/v0.23.1 Version: v0.23.1 Tested: Windows 10 x64 Description: A Server-Side Request Forgery SSRF...
GestioIP 3.5.7 - Reflected Cross-Site Scripting (Reflected XSS)
Exploit Title: GestioIP 3.5.7 - Reflected Cross-Site Scripting Reflected XSS Exploit Author: m4xth0r Maximiliano Belino Author website: https://maxibelino.github.io/ Author email max.cybersecurity at belino.com GitHub disclosure link: https://github.com/maxibelino/CVEs/tree/main/CVE-2024-50859...
GestioIP 3.5.7 - Stored Cross-Site Scripting (Stored XSS)
Exploit Title: GestioIP 3.5.7 - GestioIP Vulnerability: Auth. Stored Cross-Site Scripting Exploit Author: m4xth0r Maximiliano Belino Author website: https://maxibelino.github.io/ Author email: max.cybersecurity at belino.com GitHub disclosure link:...
Pimcore customer-data-framework 4.2.0 - SQL injection
Exploit Title: Pimcore customer-data-framework 4.2.0 - SQL injection Date: 01/28/2025 Exploit Author: maeitsec Vendor Homepage: https://pimcore.com/ Software Link: https://github.com/pimcore/pimcore Version: Pimcore versions prior to 10.5.21 Tested on: Ubuntu 20.04 with Pimcore 10.5.20 CVE:...
OpenPanel 0.3.4 - Directory Traversal
Exploit Title: OpenPanel 0.3.4 - Directory Traversal Date: Dec 05, 2024 Exploit Author: Korn Chaisuwan, Punthat Siriwan, Pongtorn Angsuchotmetee Vendor Homepage: https://openpanel.com/ Software Link: https://openpanel.com/ Version: 0.3.4 Tested on: macOS CVE : CVE-2024-53537 Compress Function POS...
Pimcore 11.4.2 - Stored cross site scripting
Exploit Title: Authenticated Stored Cross-Site Scripting XSS Via Search Document Google Dork: N/A Date: 1/28/2025 Exploit Author: maeitsec Vendor Homepage: https://pimcore.com/ Software Link: https://github.com/pimcore/pimcore Version: Pimcore 10.5.x prior to 10.5.21 and 11.x prior to 11.1.1 Test...
GestioIP 3.5.7 - Cross-Site Scripting (XSS)
Exploit Title: GestioIP 3.5.7 - GestioIP Vulnerability: Auth. Cross-Site Scripting XSS Exploit Author: m4xth0r Maximiliano Belino Author website: https://maxibelino.github.io/ Author email max.cybersecurity at belino.com GitHub disclosure link:...
ZTE ZXHN H168N 3.1 - Remote Code Execution (RCE) via authentication bypass
Exploit Title: ZTE ZXHN H168N 3.1 - RCE via authentication bypass Author: l34n / tasos meletlidis Exploit Blog: https://i0.rs/blog/finding-0click-rce-on-two-zte-routers/ import http.client, requests, os, argparse, struct, zlib from io import BytesIO from os import stat from Crypto.Cipher import A...
OpenPanel 0.3.4 - OS Command Injection
Exploit Title: OpenPanel 0.3.4 - OS Command Injection Date: Nov 25, 2024 Exploit Author: Korn Chaisuwan, Punthat Siriwan, Pongtorn Angsuchotmetee Vendor Homepage: https://openpanel.com/ Software Link: https://openpanel.com/ Version: 0.3.4 Tested on: macOS CVE : CVE-2024-53584 POST /server/timezon...
GestioIP 3.5.7 - Cross-Site Request Forgery (CSRF)
Exploit Title: GestioIP 3.5.7 - GestioIP Vulnerability: Auth. Cross-Site Request Forgery CSRF Exploit Author: m4xth0r Maximiliano Belino Author website: https://maxibelino.github.io/ Author email : max.cybersecurity at belino.com GitHub disclosure link:...
GestioIP 3.5.7 - Remote Command Execution (RCE)
Exploit Title: GestioIP 3.5.7 - Remote Command Execution RCE Exploit Author: m4xth0r Maximiliano Belino Author website: https://maxibelino.github.io/ Author email max.cybersecurity at belino.com GitHub disclosure link: https://github.com/maxibelino/CVEs/tree/main/CVE-2024-48760 Date: 2025-01-13...
OpenPanel Copy and View functions in the File Manager 0.3.4 - Directory Traversal
Exploit Title: OpenPanel Copy and View functions in the File Manager 0.3.4 - Directory Traversal Date: Nov 25, 2024 Exploit Author: Korn Chaisuwan, Punthat Siriwan, Pongtorn Angsuchotmetee Vendor Homepage: https://openpanel.com/ Software Link: https://openpanel.com/ Version: 0.3.4 Tested on: macO...
Xinet Elegant 6 Asset Lib Web UI 6.1.655 - SQL Injection
Exploit Title: Xinet Elegant 6 Asset Lib Web UI 6.1.655 - SQL Injection Exploit author: hyp3rlinx import requests,time,re,sys,argparse NAPC Xinet Elegant 6 Asset Library v6.1.655 Pre-Auth SQL Injection 0day Exploit By hyp3rlinx ApparitionSec UPDATED: Jan 2024 for python3 TODO: add SSL support...
SilverStripe 5.3.8 - Stored Cross Site Scripting (XSS) (Authenticated)
Exploit Title: SilverStripe 5.3.8 - Stored Cross Site Scripting XSS Authenticated Date: 2025-01-15 Exploit Author: James Nicoll Vendor Homepage: https://www.silverstripe.org/ Software Link: https://www.silverstripe.org/download/ Category: Web Application Version: 5.2.22 Tested on: SilverStripe...
OpenPanel 0.3.4 - Incorrect Access Control
Exploit Title: OpenPanel 0.3.4 - Incorrect Access Control Date: Nov 25, 2024 Exploit Author: Korn Chaisuwan, Punthat Siriwan, Pongtorn Angsuchotmetee Vendor Homepage: https://openpanel.com/ Software Link: https://openpanel.com/ Version: 0.3.4 Tested on: macOS CVE : CVE-2024-53582 GET /files/../...
CyberPanel 2.3.6 - Remote Code Execution (RCE)
Exploit Title: CyberPanel 2.3.6 - Remote Code Execution RCE Date: 10/29/2024 Exploit Author: Luka Petrovic refr4g Vendor Homepage: https://cyberpanel.net/ Software Link: https://github.com/usmannasir/cyberpanel Version: 2.3.5, 2.3.6, 2.3.7 before patch Tested on: Ubuntu 20.04, CyberPanel v2.3.5,...
GetSimpleCMS 3.3.16 - Remote Code Execution (RCE)
Exploit Title: GetSimpleCMS 3.3.16 - Remote Code Execution RCE Date: 2024-10-26 Exploit Author: CodeSecLab Vendor Homepage: https://github.com/GetSimpleCMS/GetSimpleCMS Software Link: https://github.com/GetSimpleCMS/GetSimpleCMS Version: 3.3.16 Tested on: Ubuntu Windows CVE : CVE-2021-28976 PoC-1...
ABB Cylon FLXeon 9.3.4 - Remote Code Execution (Authenticated)
Exploit Title: ABB Cylon FLXeon 9.3.4 - Remote Code Execution Authenticated Vendor: ABB Ltd. Product web page: https://www.global.abb Affected version: FLXeon Series FBXi Series, FBTi Series, FBVi Series CBX Series FLX Series CBT Series CBV Series Firmware: =9.3.4 Summary: BACnet® Smart Building...
GeoVision GV-ASManager 6.1.0.0 - Broken Access Control
Exploit Title: Broken Access Control in GeoVision GV-ASManager Google Dork: inurl:"ASWeb/Login" Date: 02-FEB-2025 Exploit Author: Giorgi Dograshvili DRAGOWN Vendor Homepage: https://www.geovision.com.tw/ Software Link: https://www.geovision.com.tw/download/product/ Version: 6.1.0.0 or less Tested...
WebFileSys 2.31.0 - Directory Path Traversal
Exploit Title: WebFileSys 2.31.0 - Directory Path Traversal in relPath Parameter Date: Nov 25, 2024 Exploit Author: Korn Chaisuwan, Charanin Thongudom, Pongtorn Angsuchotmetee Vendor Homepage: http://www.webfilesys.de/webfilesys-home/index.html Software Link:...
RosarioSIS 7.6 - SQL Injection
Exploit Title: RosarioSIS 7.6 - SQL Injection Date: 2024-10-26 Exploit Author: CodeSecLab Vendor Homepage: https://gitlab.com/francoisjacquet/rosariosis Software Link: https://gitlab.com/francoisjacquet/rosariosis Version: 7.6 Tested on: Ubuntu Windows CVE : CVE-2021-44567 PoC: POST...
qBittorrent 5.0.1 - MITM RCE
Exploit Title: qBittorrent 5.0.1 MITM RCE Date: 01/02/2025 Exploit Author: Jordan Sharp Vendor Homepage: https://github.com/qbittorrent/qBittorrent Software Link: https://www.qbittorrent.org/download Version: 5.0.1 Tested on: Windows 10 CVE : CVE-2024-51774 Run the PoC on a MITM machine...
Netman 204 - Remote command without authentication
Exploit Title: Netman 204 - Remote command with out authentication Date: 2/4/2025 Exploit Author: parsa rezaie khiabanloo Vendor Homepage: netman-204 https://www.riello-ups.com/downloads/25-netman-204 Version: netman-204 Tested on: Windows/Linux Step 1 : Attacker can using these dorks then can fi...
ABB Cylon FLXeon 9.3.4 - Default Credentials
ABB Cylon FLXeon 9.3.4 Default Credentials Vendor: ABB Ltd. Product web page: https://www.global.abb Affected version: FLXeon Series FBXi Series, FBTi Series, FBVi Series CBX Series FLX Series CBT Series CBV Series ABB UC32 Series Main Plant Controllers Cylon's UnitronUC32.xx Firmware: =9.3.4...
Nagios Log Server 2024R1.3.1 - API Key Exposure
Exploit Title: Nagios Log Server 2024R1.3.1 - API Key Exposure Date: 2025-04-08 Exploit Author: Seth Kraft, Alex Tisdale Vendor Homepage: https://www.nagios.com/ Vendor Changelog: https://www.nagios.com/changelog/log-server Software Link: https://www.nagios.com/products/log-server/download/...
MagnusSolution magnusbilling 7.3.0 - Command Injection
Exploit Title: MagnusSolution magnusbilling 7.3.0 - Command Injection Date: 2024-10-26 Exploit Author: CodeSecLab Vendor Homepage: https://github.com/magnussolution/magnusbilling7 Software Link: https://github.com/magnussolution/magnusbilling7 Version: 7.3.0 Tested on: Centos CVE : CVE-2023-30258...
ABB Cylon FLXeon 9.3.4 - Remote Code Execution (RCE)
Exploit title: ABB Cylon FLXeon 9.3.4 - Remote Code Execution RCE Vendor: ABB Ltd. Product web page: https://www.global.abb Affected version: FLXeon Series FBXi Series, FBTi Series, FBVi Series CBX Series FLX Series CBT Series CBV Series Firmware: =9.3.4 Summary: BACnet® Smart Building Controller...
ABB Cylon Aspect 3.08.02 - PHP Session Fixation
Exploit title: ABB Cylon Aspect 3.08.02 PHP Session Fixation Vulnerability Advisory ID: ZSL-2025-5916 Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2025-5916.php CVE ID: CVE-2024-11317 CVE URL: https://www.cve.org/CVERecord?id=CVE-2024-11317 Vendor: ABB Ltd. Product web page:...
ABB Cylon FLXeon 9.3.4 - System Logs Information Disclosure
Exploit Tiltle: ABB Cylon FLXeon 9.3.4 - System Logs Information Disclosure Vendor: ABB Ltd. Product web page: https://www.global.abb Affected version: FLXeon Series FBXi Series, FBTi Series, FBVi Series CBX Series FLX Series CBT Series CBV Series Firmware: =9.3.4 Summary: BACnet® Smart Building...
CMU CERT/CC VINCE 2.0.6 - Stored XSS
Exploit Tile: CMU CERT/CC VINCE 2.0.6 - Stored XSS Vendor: Carnegie Mellon University Product web page: https://www.kb.cert.org/vince/ Affected version: -H "Cookie: sessionid=xxxx" \ -d 'content="ZSL%0A%0A&csrfmiddlewaretoken=xxx&paginateby=10&replyto=xxxxx'...
ABB Cylon FLXeon 9.3.4 - WebSocket Command Spawning
ABB Cylon FLXeon 9.3.4 wsConnect.js WebSocket Command Spawning PoC Vendor: ABB Ltd. Product web page: https://www.global.abb Affected version: FLXeon Series FBXi Series, FBTi Series, FBVi Series CBX Series FLX Series CBT Series CBV Series Firmware: =9.3.4 Advisory ID: ZSL-2025-5913 Advisory URL:...
ABB Cylon FLXeon 9.3.4 - Cross-Site Request Forgery
Exploit title: ABB Cylon FLXeon 9.3.4 Limited Cross-Site Request Forgery Vendor: ABB Ltd. Product web page: https://www.global.abb Affected version: FLXeon Series FBXi Series, FBTi Series, FBVi Series CBX Series FLX Series CBT Series CBV Series Firmware: =9.3.4 Summary: BACnet® Smart Building...
GeoVision GV-ASManager 6.1.1.0 - CSRF
Exploit Title: GeoVision GV-ASManager 6.1.1.0 - CSRF Google Dork: inurl:"ASWeb/Login" Date: 02-FEB-2025 Exploit Author: Giorgi Dograshvili DRAGOWN Vendor Homepage: https://www.geovision.com.tw/ Software Link: https://www.geovision.com.tw/download/product/ Version: 6.1.1.0 or less Tested on: Windo...
NEWS-BUZZ News Management System 1.0 - SQL Injection
Exploit Title: NEWS-BUZZ News Management System 1.0 - SQL Injection Google Dork: N/A Exploit Author: egsec Date: 2024-11-03 Vendor Homepage: https://code-projects.org Software Link: https://code-projects.org/content-management-system-in-php-with-source-code-2/ Version: 1.0 Tested on: Windows 11 P...
Gnuboard5 5.3.2.8 - SQL Injection
Exploit Title: Gnuboard5 5.3.2.8 - SQL Injection Date: 2024-10-26 Exploit Author: CodeSecLab Vendor Homepage: https://github.com/gnuboard/gnuboard5 Software Link: https://github.com/gnuboard/gnuboard5 Version: 5.3.2.8 Tested on: Ubuntu Windows CVE : CVE-2020-18662 PoC: 1 POST /install/installdb.p...