50738 matches found
Citadel WebCit Session Hijacking
Exploit Title: Citadel WebCit 926 - Session Hijacking Exploit Exploit Author: Simone Quatrini Version: 926 !/usr/bin/env python3 import argparse import requests import time import sys from requests.packages.urllib3.exceptions import InsecureRequestWarning...
SmarterMail 16 Arbitrary File Upload
Exploit Title: SmarterMail 16 - Arbitrary File Upload Google Dork: inurl:/interface/root Date: 2020-06-10 Exploit Author: vvhack.org Vendor Homepage: https://www.smartertools.com Software Link: https://www.smartertools.com Version: 16.x Tested on: Windows CVE : N/A !/usr/bin/python3 import...
Cisco ASA 9.14.1.10 / FTD 6.6.0.1 Path Traversal
Exploit Title: Cisco ASA 9.14.1.10 and FTD 6.6.0.1 - Path Traversal 2 Date: 12 Dec 2020 Exploit Author: [email protected] Vendor Homepage: cisco.com Software Link: It’s against Hardware, specifically ASA’s and FTD’s Version: ASAs from version 9.6 to 9.14.1.10 and FTD’s versions 6.2.3 to...
Gnome Fonts Viewer 3.34.0 Heap Corruption
!/usr/bin/env python3 Exploit Title: Gnome Fonts Viewer 3.34.0 Heap Corruption Date: 2020-09-10 Exploit Author: Cody Winkler Vendor Homepage: gnome.org Software Link: https://help.gnome.org/misc/release-notes/3.6/users-font-viewer.html Version: 3.34.0 Tested On: Ubuntu 20.04.1 LTS Note: May take ...
Maxpatrol 8 / Xspider Denial Of Service
Exploit Title: Positive Technologies Maxpatrol 8 & Xspider Remote DoS Force clients disconect Date: 2020-08-20 Exploit Author: AsCiI Vendor Homepage: https://www.ptsecurity.com/ Affected Positive Technologies Maxpatrol 8 & Xspider Scanners Vulnerability reported in 09.2020. No reply from vendor...
Huawei LCD_Service 1.0.1.0 Unquoted Service Path
Exploit Title: Huawei LCDService 1.0.1.0 - 'LCDService' Unquote Service Path Date: 2020-11-07 Exploit Author: Gerardo González Vendor Homepage: https://consumer.huawei.com/mx Software Link: https://consumer.huawei.com/mx Version: 1.0.1.0 Tested on: Windows 10 Home Single Language x64 Esp Step to...
BlackCat CMS 1.3.6 Cross Site Request Forgery
Exploit Title: BlackCat CMS 1.3.6 - Cross-Site Request Forgery Date: 2020-06-01 Exploit Author: Noth Vendor Homepage: https://github.com/BlackCatDevelopment/BlackCatCMS Software Link: https://github.com/BlackCatDevelopment/BlackCatCMS Version: v1.3.6 CVE : CVE-2020-25453 BlackCat CMS v1.3.6 has a...
MJML 4.6.2 Path Traversal
RCE Security Advisory https://www.rcesecurity.com 1. ADVISORY INFORMATION ======================= Product: MJML Vendor URL: https://github.com/mjmlio/mjml/ Type: Path Traversal CWE-22 Date found: 2020-04-28 Date published: 2020-06-14 CVSSv3 Score: 7.2 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:L...
Linux expand_downwards() / munmap() Race Condition
Linux =4.20: expanddownwards can race with munmap page table freeing Since 4.20, domunmap downgrades the mmapsem from write-locked to read-locked after detaching the VMAs from the mmstruct, but before dropping references to pages and freeing page tables. This ought to be safe because VMA tree...
Nginx Root Privilege Escalation
/ / / / / / / / / / / / / / / / / / // / / / /// / / / / // / // / // / / / / // / // , / / / ///, /,// // //,///||// // // ============================================= - Discovered by: Dawid Golunski - dawidatlegalhackers.com - https://legalhackers.com - CVE-2016-1247 - Release date:...
📄 Oracle Access Manager Unauthenticated Remote Code Execution
This Metasploit module exploits an unauthenticated deserialization of untrusted data vulnerability in the OpenSSO Agent component of the Oracle Access Manager OAM product. The affected product versions are 11.1.2.3.0, 12.2.1.3.0, and 12.2.1.4.0. This module requires Metasploit:...
ZTE F602W CAPTCHA Bypass
Exploit Title: ZTE Router F602W - Captcha Bypass Exploit Author: Hritik Vijay @MrHritik Vendor Homepage: https://zte.com.cn Reported: 2019-06-14 Version: F6x2W V6.0.10P2T2 Version: F6x2W V6.0.10P2T5 Tested on: F602W CVE: CVE-2020-6862 Background ----------- Captcha is used to make sure the form i...
vpasp.txt
VP-ASP Shopping Cart Version 5.0 Google style by fris Finding VP-ASP 5.00 Sites in Google: In google type: intitle:VP-ASP Shopping Cart 5.00 You will find many websites with VP-ASP 5.00 cart software installed Now lets goto the exploit the page will be like this:...
SAP Web Dispatcher HTTP Request Smuggling
Onapsis Security Advisory 2022-0001: HTTP Request Smuggling in SAP Web Dispatcher Impact on Business By injecting an HTTP request as a prefix into a victim's request, a malicious user is able to cause damage in different ways, such as producing a Denial of Service by setting an invalid request as...
Zivif Camera 2.3.4.2103 iptest.cgi Blind Remote Command Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Zivif Camera iptest.cgi Blind Remote Command Execution', 'Description' = %q This module exploits a remote command execution vulnerability in Zivi...
OpenSSHD 7.2p2 User Enumeration
!/usr/bin/python CVEs: CVE-2016-6210 Credits for this go to Eddie Harari Author: 0o -- nullnull nu11.nu11 at yahoo.com Oh, and it is n-u-one-one.n-u-one-one, no l's... Wonder how the guys at packet storm could get this wrong : Date: 2016-07-19 Purpose: User name enumeration against SSH daemons...
Microsoft Azure DevOps Server 2020.0.1 Cross Site Scripting
SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Reflected cross-site scripting product: Microsoft Azure DevOps Server vulnerable version: 2020.0.1 fixed version: 2020.0.1 Patch 2 CVE number: CVE-2021-28459 impact: medi...
Backdoor.Win32.Agent.xw Denial Of Service / Null Pointer
Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/ed4242ad0274d3b311d8722f10b3abea.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Agent.xw Vulnerability: Remote Null Ptr Dereference - Denial of Service Description:...
OpenMediaVault rpc.php Authenticated PHP Code Injection
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'OpenMediaVault rpc.php Authenticated PHP Code Injection', 'Description' = %q This module exploits an authenticated PHP code injection vulnerabili...
Tea LaTex 1.0 Remote Code Execution
Exploit Title: Tea LaTex 1.0 - Remote Code Execution Unauthenticated Google Dork: N/A Date: 2020-09-01 Exploit Author: nepska Vendor Homepage: https://github.com/ammarfaizi2/latex.teainside.org Software Link: https://github.com/ammarfaizi2/latex.teainside.org Version: v1.0 Tested on: Kali linux /...
CuteNews 2.1.2 Remote Code Execution
Exploit Title: CuteNews 2.1.2 - Remote Code Execution Google Dork: N/A Date: 2020-09-10 Exploit Author: Musyoka Ian Vendor Homepage: https://cutephp.com/cutenews/downloading.php Software Link: https://cutephp.com/cutenews/downloading.php Version: CuteNews 2.1.2 Tested on: Ubuntu 20.04, CuteNews...
Incom CMS 2.0 File Upload
Exploit Title: IncomCMS 2.0 - Insecure File Upload Google Dork: intext:"Incom CMS 2.0" Date: 07.12.2020 Exploit Author: MoeAlBarbari Vendor Homepage: https://www.incomcms.com/ Version: 2.0 Tested on: BackBox linux CVE: CVE-2020-29597 Upload your files Upload your file...
📄 1C-Bitrix 25.100.500 Remote Code Execution
1C-Bitrix versions 25.100.500 and below have a vulnerability that is located within the Translate Module, which allows users to upload and extract archive files into a temporary directory. However, the application fails to properly verify the contents of these archives before extracting them. Thi...
Food Ordering System 2 Shell Upload
Title: Food Ordering System v2 File upload Vulnerability + web-shell upload - RCE Author: nu11secur1ty Date: 01.23.2023 Vendor: https://github.com/oretnom23 Software: https://www.sourcecodester.com/php/16022/online-food-ordering-system-v2-using-php8-and-mysql-free-source-code.html Reference:...
Microsoft Exchange Server ChainedSerializationBinder Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'nokogiri' class MetasploitModule 'Microsoft Exchange Server ChainedSerializationBinder RCE', 'Description' = %q This module exploits vulnerabilities within the...
OpenText Content Server 20.3 Cross Site Scripting
Exploit Title: OpenText Content Server 20.3 - 'multiple' Stored Cross-Site Scripting Date: 19/02/2021 Exploit Author: Kamil Breński Vendor Homepage: https://www.opentext.com/ Software Link: https://www.opentext.com/products-and-solutions/products/enterprise-content-management/content-management...
Ultimate Project Manager CRM PRO 2.05 SQL Injection
Exploit Title: Ultimate Project Manager CRM PRO 2.0.5 - SQLi Credentials Leakage Date: 2020-16-09 Exploit Author: nag0mez Vendor Homepage: https://ultimatepro.codexcube.com/ Version: = 2.0.5 Tested on: Kali Linux 2020.2 The SQLi injection does not allow UNION payloads. However, we can guess...
Yaws 2.0.7 XML Injection / Command Injection
Exploit Title: Multiple vulnerabilities in Yaws web server Date: 2020-08-10 Exploit Author: Alexey Pronin (vulnbe) Vendor Homepage: http://yaws.hyber.org/ Software Link: https://github.com/erlyaws/yaws Versions affected: 1.81 - 2.0.7 CVE: CVE-2020-24379, CVE-2020-24916 1. Description:...
TestBox CFML Test Framework 4.1.0 Directory Traversal
Title: TestBox CFML Test Framework 4.1.0 - Directory Traversal Author: Darren King Date: 2020-07-23 Vendor Homepage: https://www.ortussolutions.com/products/testbox Software Link: https://www.ortussolutions.com/parent/download/testbox?version=3.1.0 Version : 2.3.0 through to 4.1.0 Tested on: Adob...
Scopia XT Desktop 8.3.915.4 Cross Site Request Forgery
Exploit Title: Scopia XT Desktop 8.3.915.4 - Cross-Site Request Forgery change admin password Google Dork: inurl:scopia+index.jsp Date: 2020-09-09 Exploit Author: v1n1v131r4 Vendor Homepage: https://avaya.com Software Link:...
phpVibe 4.0 Arbitrary File Disclosure
In The Name Of ALLAH Exploit Title: phpVibe ALL versions version 4.0 and older versions Aribtrary File Disclosure Google Dork: "powered by phpvibe" Date: 2015/07/13 july 13th Exploit Author: ali ahmady -- Iranian Security Researcher snip3rirathotmail.com Vendor Homepage: http://www.phpvibe.com/...
📄 libxslt xmlFreeID Use-After-Free
libxslt suffers from a heap use-after-free vulnerability in xmlFreeID caused by atype corruption. Vulnerability details In xsltutils.c: int xsltSetSourceNodeFlagsxsltTransformContextPtr ctxt, xmlNodePtr node, int flags if node-doc == ctxt-initialContextDoc ctxt-sourceDocDirty = 1; switch node-typ...
Arista Restricted Shell Escape / Privilege Escalation
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'net/ssh' require 'net/ssh/commandstream' class MetasploitModule 'Arista restricted shell escape with privesc', 'Description' = %q This exploit module takes...
ag231-rfi.txt
%%%%%%%%%%%%%%%%%%%% Advanced Guestbook 2.3.1 Admin.php Remote File Include %%%%%%%%%%%%%%%%%%%% Author: BrokeN-ProXy Script : admin.php Found : www.hotscripts.com Risk : Dangerous Dork : "powered by: Advanced Guestbook 2.3.1" %%%%%%%%%%%%%%%%%%%% Exploit: www.Site.com/AGuest...
D-Link Plain-Text Password Storage / Code Execution / Directory Traversal
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa MULTIPLE VULNERABILITIES IN D-LINK ROUTERS Blazej Adamczyk br0x [email protected] http://sploit.tech/ aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa 12.10.2018 1 Directory Traversal in httpd server in several series of D-Link routers...
Apache Range Header Denial of Service (Apache Killer)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Apache Range Header DoS Apache Killer', 'Description' = %q The byterange filter in the Apache HTTP Server 2.0.x through 2.0.64, and 2.2.x through...
Spring4Shell Spring Framework Class Property Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Spring Framework Class property RCE Spring4Shell', 'Description' = %q Spring Framework versions 5.3.0 to 5.3.17, 5.2.0 to 5.2.19, and older...
Microsoft RTF Remote Code Execution
''' Exploit toolkit CVE-2017-0199 - v2.0 https://github.com/bhdresh/CVE-2017-0199 Exploit toolkit CVE-2017-0199 - v2.0 is a handy python script which provides a quick and effective way to exploit Microsoft RTF RCE. It could generate a malicious RTF file and deliver metasploit / meterpreter payloa...
Vehicle Parking Management System 1.0 Cross Site Scripting
Exploit Title: Vehicle Parking Management System 1.0 - 'catename' Persistent Cross-Site Scripting XSS Date: 2021-02-25 Exploit Author: Tushar Vaidya Vendor Homepage: https://www.sourcecodester.com/php/14415/vehicle-parking-management-system-project-phpmysql-full-source-code.html Software Link:...
SmarterMail 6985 Remote Code Execution
Exploit Title: SmarterMail Build 6985 - Remote Code Execution Exploit Author: 1F98D Original Author: Soroush Dalili Date: 10 May 2020 Vendor Hompage: re CVE: CVE-2019-7214 Tested on: Windows 10 x64 References:...
Heroic Knowledge Base 3.0.1 Cross Site Scripting
Exploit Title : Heroic Knowledge Base Plugin Methode POST POST /wp-admin/admin-ajax.php HTTP/1.1 Host: site.com User-Agent: Mozilla/5.0 Macintosh; Intel Mac OS X 10.15; rv:56.0 Gecko/20100101 Firefox/56.0 Waterfox/56.3 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate...
IBM Security Verify Access Appliance Insecure Transit / Hardcoded Passwords
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory Information Title: 4 vulnerabilities in ibmsecurity Advisory URL: https://pierrekim.github.io/advisories/2024-ibmsecurity.txt Blog URL: https://pierrekim.github.io/blog/2024-11-01-ibmsecurity-4-vulnerabilities.html Date published: 2024-11-0...
Job Castle 1.0 Arbitrary File Upload
============================================================================================================================================= | Title : Job Castle v1.0 Remote File Upload Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 128.0.3 64...
CMSimple 5.4 Local File Inclusion / Remote Code Execution
Exploit Title: CMSimple 5.4 - Local file inclusion LFI to Remote code execution RCE Authenticated Date: 11/15/2021 Exploit Author: S1lv3r Vendor Homepage: https://www.cmsimple.org/en/ Software Link: https://www.cmsimple.org/en/ Version: CMSimple 5.4 Tested on: CMSimple 5.4 writeup:...
Water Billing System 1.0 SQL Injection
Exploit Title: Water Billing System 1.0 - 'username' and 'password' parameters SQL Injection SQL Injection in 'username' and 'password' parameters allows attacker to run the SQL commands on the victim to extract entire DB. In advanced exploitation, an attacker can run the arbitrary code on the...
Monitorr 1.7.6m Remote Code Execution
!/usr/bin/python -- coding: UTF-8 -- Exploit Title: Monitorr 1.7.6m - Remote Code Execution Unauthenticated Date: September 12, 2020 Exploit Author: Lyhin's Lab Detailed Bug Description:...
Coship Wireless Router Unauthenticated Admin Password Reset
history.pushState'', '', '/'...
WordPress Heroic Knowledge Base 3.0.1 SQL Injection
Exploit Title : wordpress Heroic Knowledge Base Plugin = 3.0.1 - sql injection Exploit Author : begininvoke Exploit Date : 2020-11-29 Vendor Homepage : https://herothemes.com + Proof Of Concept: ===================== Parameters id is vulnerable Methode POST POST /wp-admin/admin-ajax.php HTTP/1.1...
CMSUno 1.6 Cross Site Request Forgery
Exploit Title: CMSUno 1.6 - Cross-Site Request Forgery Change Admin Password Date: 2020-05-31 Exploit Author: Noth Vendor Homepage: https://github.com/boiteasite/cmsuno Software Link: https://github.com/boiteasite/cmsuno Version: v1.6 CVE : 2020-15600 An issue was discovered in CMSUno before 1.6....
MS IIS 6.0 Buffer Overflow NSE Script
local nmap = require "nmap" local string = require "string" local shortport = require "shortport" local vulns = require "vulns" -- NSE Buffer Overflow vulnerability in IIS description = Buffer overflow in the ScStoragePathFromUrl function in the WebDAV service in Internet Information Services IIS...