50748 matches found
MS IIS 6.0 Buffer Overflow NSE Script
local nmap = require "nmap" local string = require "string" local shortport = require "shortport" local vulns = require "vulns" -- NSE Buffer Overflow vulnerability in IIS description = Buffer overflow in the ScStoragePathFromUrl function in the WebDAV service in Internet Information Services IIS...
Kibana Timelion Prototype Pollution Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Kibana Timelion Prototype Pollution RCE', 'Description' = %q Kibana versions before 5.6.15 and 6.6.1 contain an arbitrary code execution flaw in...
ProCaster LE-32F430 GStreamer souphttpsrc libsoup/2.51.3 Stack Overflow
!/bin/sh ProCaster LE-32F430 NotSoSmartTV remote code execution exploit through GStreamer souphttpsrc libsoup/2.51.3 HTTP stack overflow CVE-2017-2885 def 2020-02-15 ................. 850day exploit lol Exploit payload: ret2libc system nc reverse shell with a clean exit CMD="$CMD:-/bin/busybox nc...
Restaurant Reservation System 1.0 SQL Injection
Exploit Title: Restaurant Reservation System 1.0 - 'date' SQL Injection Authenticated Date: 2020-10-05 Exploit Author: b1nary Vendor Homepage: https://www.sourcecodester.com/php/14482/restaurant-reservation-system-php-full-source-code-2020.html Software Link:...
AMD Radeon DirectX 11 Driver 8.17.10.0871 Memory Corruption
/ Title : Advanced Micro Devices, Inc. Radeon DirectX 11 Driver Firefox/MS Edge Memory Corruption Date : 10.04.2020 Exploit Author : Marcin Ressel Vendor Homepage : https://www.amd.com/ Software Link: n/a Version: 8.17.10.0871 atidxx64.dll Tested on: Windows 10 home, AMD64 Family 23 Model 24...
Linux io_uring Use-After-Free
The Linux kernel suffers from a use-after-free of struct ioevfd because ioeventfddosignal frees an object when the refcount reaches zero without waiting for the required grace period. Summary UAF of struct ioevfd because ioeventfddosignal frees an object when the refcount reaches zero without...
Vicidial 2.14-783a Cross Site Scripting
Document Title: =============== Vicidial v2.14-783a - Multiple XSS Web Vulnerabilities References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2311 Release Date: ============= 2022-10-11 Vulnerability Laboratory ID VL-ID: ==================================== 23...
Textpattern CMS 4.6.2 Cross Site Request Forgery
Exploit Title: Textpattern CMS 4.6.2 - Cross-site Request Forgery Exploit Author: Alperen Ergel Contact: @alprenae Software Homepage: https://textpattern.com/ Version : 4.6.2 Tested on: windows 10 / xammp Category: WebApp Google Dork: intext:"Published with Textpattern CMS" Date: 2020-10-29...
Ignition 2.5.1 Remote Code Execution
Exploit Title: Laravel debug mode Remote Code Execution Ignition = 2.5.1 Date: 05/04/2021 Exploit Author: Tobias Marcotto Tested on: Kali Linux x64 Version: 2.5.1 Description: Ignition before 2.5.2, as used in Laravel and other products, allows unauthenticated remote attackers to execute arbitrar...
Chrome V8 JavaScript Engine Remote Code Execution
/ BSD 2-Clause License Copyright c 2021, rajvardhan agarwal All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: 1. Redistributions of source code must retain the above copyright notice,...
Daily Expense Tracker System 1.0 Cross Site Scripting
Exploit Title: Daily Expense Tracker System Stored Cross-Site Scripting Vulnerability Date: 2021-01-26 Exploit Author: Priyanka Samak Vendor Homepage: https://phpgurukul.com/ Software Link: https://phpgurukul.com/daily-expense-tracker-using-php-and-mysql/ Software: : Daily Expense Tracker System...
Worm.Win32.Recyl.dp Insecure Permissions
Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/e4737fb6c231bfb84d1a55ec2fb61641.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Worm.Win32.Recyl.dp Vulnerability: Insecure Permissions Description: creates a dir named "RECYCLER"...
📄 XWiki Platform Remote Code Execution
This Metasploit module exploits a template injection vulnerability in the the XWiki Platform. XWiki includes a macro called SolrSearch defined in Main.SolrSearchMacros that enables full-text search through the embedded Solr engine. The vulnerability stems from the way this macro evaluates search...
Apache Solr 7.0.1 XXE Injection / Code Execution
First Vulnerability: XML External Entity Expansion deftype=xmlparser Lucene includes a query parser that is able to create the full-spectrum of Lucene queries, using an XML data structure. Starting from version 5.1 Solr supports "xml" query parser in the search query. The problem is that lucene x...
libxslt xsltParseStylesheetProcess Use-After-Free
libxslt suffers from a use-after-free vulnerability in xsltParseStylesheetProcess. There is a use-after-free issue in libxslt read on a namespace URL stored in exclPrefixTab. The issue was reproduced on the latest Git version. The proof of concept and ASAN log are provided at the end of the repor...
Chrome v8::internal::Object::SetPropertyWithAccessor Type Confusion
Chrome: Type confusion in v8::internal::Object::SetPropertyWithAccessor VULNERABILITY DETAILS When SetSuperProperty can't find the requested property in the holder, it performs an OWN lookup on the receiver. If the receiver has a property interceptor installed, the function invokes the...
ExpressVPN VPN Router 1.0 Integer Overflow
Exploit Title: ExpressVPN VPN Router 1.0 - Router Login Panel's Integer Overflow Date: 09-04-2021 Exploit Author: Jai Kumar Sharma Vendor Homepage: https://www.expressvpn.com/ Software Link: https://www.expressvpn.com/vpn-software/vpn-router Version: version 1 Tested on: Windows/Ubuntu/MacOS CVE ...
FRITZ!Box 7.20 DNS Rebinding Protection Bypass
Advisory: FRITZ!Box DNS Rebinding Protection Bypass RedTeam Pentesting discovered a vulnerability in FRITZ!Box router devices which allows to resolve DNS answers that point to IP addresses in the private local network, despite the DNS rebinding protection mechanism. Details ======= Product:...
WordPress Database Backup Remote Command Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'WP Database Backup RCE', 'Description' = %q There exists a command injection vulnerability in the Wordpress plugin wp-database-backup for version...
pgAdmin 8.4 Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'pgAdmin Binary Path API RCE', 'Description' = %q pgAdmin MSFLICENSE, 'Author' = 'M.Selim Karahan', metasploit module 'Mustafa Mutlu', lab prep. a...
OX App Suite / OX Guard / OX Documents SSRF / Cross Site Scripting
Dear subscribers, we're sharing our latest advisory with you and like to thank everyone who contributed in finding and solving those vulnerabilities. Feel free to join our bug bounty programs for OX AppSuite, Dovecot and PowerDNS at HackerOne. Note that some bugfixes MWB-423, MWB-460, MWB-492,...
TP-Link TL-WA855RE V5_200415 Device Reset Authentication Bypass
Exploit Title: TP-Link TL-WA855RE V5200415 - Device Reset Auth Bypass Date: 2020/07/29 Exploit Author: malwrforensics Vendor Homepage: https://tp-link.com Software link: https://static.tp-link.com/2020/202004/20200430/TL-WA855REV5200415.zip Version: TL-WA855REUSV5200415 Tested on: N/A CVE :...
Exim 4.98 SQL Injection
Exim versions 4.98 before 4.98.1 suffer from a remote SQL injection vulnerability. CVE 2025-26794 - Sat, 08 Feb 2025 21:14:37 +0100: reported - by: "Oscar Bataille" - to: [email protected] - Sun, 9 Feb 2025 00:00:05 +0100: report confirmed - Tue, 11 Feb 2025 00:23:34 +0100: issue confirmed - Tue,...
BACnet Test Server 1.01 Remote Denial Of Service
!/usr/bin/perl BACnet Test Server 1.01 Remote Denial of Service Exploit Vendor: BACnet Interoperability Test Services, Inc. Product web page: https://www.bac-test.com https://sourceforge.com/projects/bacnetserver Affected version: 1.01 BACnet Stack Version 0.5.7 Summary: This is a simple BACnet...
Gila CMS 1.1.18.1 SQL Injection / Shell Upload
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' require "net/http" require "uri" require 'nokogiri' class MetasploitModule 'Gila CMS 1.1.18.1 Shell Upload ', 'Description' = %q This module exploits...
vBulletin 4.2.0 ChangUonDyU Chatbox 3.6.0 Cross Site Scripting
Exploit Title : vBulletin 4.2.0 ChangUonDyU Chatbox Plugins 3.6.0 Cross Site Scripting Author Discovered By : KingSkrupellos Team : Cyberizm Digital Security Army Date : 26/02/2019 Vendor Homepages : vbulletin.com vietvbb.vn Software Download Link : vietvbb.vn/up/showthread.php?t=40346&page=3...
Microsoft IIS Shortname Scanner
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Microsoft IIS shortname vulnerability scanner', 'Description' = %q The vulnerability is caused by a tilde character "" in a GET or OPTIONS reques...
Moodle 3.8 Arbitary File Upload
Exploit Title: Moodle 3.8 - Unrestricted File Upload Date: 2019-09-08 Exploit Author: Sirwan Veisi Vendor Homepage: https://moodle.org/ Software Link: https://github.com/moodle/moodle Version: Moodle Versions 3.8, 3.7, 3.6, 3.5, 3.4... Tested on: Moodle Version 3.8 CWE : CWE-434 I found an...
Linux SO_PEERCRED / SO_PEERGROUPS Race Condition / Use-After-Free
Linux: UAF read: SOPEERCRED and SOPEERGROUPS race with listen and connect bug description In sockgetsockopt in net/core/sock.c, the handlers for the socket options SOPEERCRED has probably had a data race since forever that got turned into a UAF read in v2.6.36, commit "afunix: Allow SOPEERCRED to...
Apache Struts 2.5.20 Double OGNL Evaluation
Exploit Title: Apache Struts 2.5.20 - Double OGNL evaluation Date: 08/18/2020 Exploit Author: West Shepherd Vendor Homepage: https://struts.apache.org/download.cgi Version: Struts 2.0.0 - Struts 2.5.20 S2-059 CVE : CVE-2019-0230 Credit goes to reporters Matthias Kaiser, Apple InformationSecurity,...
Quick N Easy FTP Service 3.2 Unquoted Service Path
Exploit Title: Quick 'n Easy FTP Service 3.2 - Unquoted Service Path Discovery by: yunaranyancat Discovery Date: October 2020 Vendor Homepage: https://www.pablosoftwaresolutions.com/html/quickneasyftpservice.html Software Link : www.pablosoftwaresolutions.com/download.php?id=10 Tested Version: 3....
Siemens A8000 Firmware Insecurities
Siemens A8000 suffers from multiple firmware vulnerabilities. The PLC allows the downgrade to previous firmware versions. Therefore, an attacker is able to downgrade to a firmware version with known vulnerabilities and exploit them on the PLC, which may lead to leaking data or backdoored devices....
Microsoft Internet Explorer 11 Use-After-Free
Exploit Title: Internet Explorer 11 - Use-After-Free Google Dork: if applicable Date: 2020-09-06 Exploit Author: Tgroup Vendor Homepage: Microsoft.com Version: IE 11 REQUIRED Tested on: Windows 7 x64 CVE : CVE-2020-0674 //...
SuiteCRM 7.11.18 Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'SuiteCRM Log File Remote Code Execution', 'Description' = %q This module exploits an input validation error on the log file extension parameter. ...
Simple Image Gallery System 1.0 SQL Injection
Exploit Title: Simple Image Gallery System 1.0 - 'id' SQL Injection Date: 2020-08-12 Exploit Author: Azumah Foresight Xorlali M4sk0ff Vendor Homepage: https://www.sourcecodester.com/php/14903/simple-image-gallery-web-app-using-php-free-source-code.html Software Link:...
Codiad 2.8.4 Remote Code Execution
Exploit Title: Codiad 2.8.4 - Remote Code Execution Authenticated Discovery by: WangYihang Vendor Homepage: http://codiad.com/ Software Links : https://github.com/Codiad/Codiad/releases Tested Version: Version: 2.8.4 CVE: CVE-2018-14009 !/usr/bin/env python encoding: utf-8 import requests import...
vBulletin 3.8.x vBadvanced CMPS 3.2.3 Open Redirection
Exploit Title : vBulletin 3.8.x vBadvanced CMPS v3.2.3 Open Redirection Author Discovered By : KingSkrupellos Team : Cyberizm Digital Security Army Date : 01/03/2019 Vendor Homepage : vbulletin.com vbadvanced.com Software Download Link : vbadvanced.com/products.php?do=productinfo&productid=4...
WordPress RFC WordPress 6.0.8 Shell Upload
Exploit for Remote Code Execution RCE in RFC WordPress 6.0.8 import requests import sys target = "https://target.com" Exploit for Remote Code Execution RCE in RFC WordPress 6.0.8 CODE BY E1.Coders "The King of Security" def exploitrfcwordpress: url =...
AjaxPro Deserialization Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'AjaxPro Deserialization Remote Code Execution', 'Description' = %q This module leverages an insecure deserialization of data to get remote code...
Intelbras Router RF 301K 1.1.2 Authentication Bypass
Exploit Title: Intelbras Router RF 301K 1.1.2 - Authentication Bypass Date: 27/11/2020 Exploit Author: Kaio Amaral Vendor Homepage: https://www.intelbras.com/pt-br/ Software Link: http://backend.intelbras.com/sites/default/files/2020-10/RF301Kv1.1.2.zip Version: firmware version 1.1.2 Tested on:...
Red Lion N-Tron 702-W / 702M12-W 2.0.26 XSS / CSRF / Shell
SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple Vulnerabilities product: Red Lion N-Tron 702-W, Red Lion N-Tron 702M12-W vulnerable version: =2.0.26 fixed version: CVE number: CVE-2020-16210, CVE-2020-16206,...
glibc syslog() Heap-Based Buffer Overflow
Qualys Security Advisory CVE-2023-6246: Heap-based buffer overflow in the glibc's syslog ======================================================================== Contents ======================================================================== Summary Analysis Proof of concept Exploitation...
Cacti 1.2.22 Command Injection
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Cacti 1.2.22 unauthenticated command injection', 'Description' = %q This module exploits an unauthenticated command injection vulnerability in...
Millewin 13.39.028 Unquoted Service Path / Insecure Permissions
Exploit Title: Millewin - Local Privilege Escalation Date: 2021-02-07 Author: Andrea Intilangelo Vendor Homepage: https://www.millewin.it Software Homepage: https://www.millewin.it/index.php/prodotti/millewin Software Link:...
📄 BentoML 1.4.2 Remote Code Execution
A remote code execution vulnerability caused by insecure deserialization has been identified in version 1.4.2 of BentoML. It allows any unauthenticated user to execute arbitrary code on the server. This module requires Metasploit: https://metasploit.com/download Current source:...
FreeSWITCH 1.10.6 Missing SIP MESSAGE Authentication
FreeSWITCH does not authenticate SIP MESSAGE requests, leading to spam and message spoofing - Fixed versions: v1.10.7 - Enable Security Advisory: https://github.com/EnableSecurity/advisories/tree/master/ES2021-07-freeswitch-SIP-MESSAGE-without-auth - Vendor Security Advisory:...
Dell OpenManage Server Administrator 9.4.0.0 File Read
Exploit Title: Dell OpenManage Server Administrator 9.4.0.0 - Arbitrary File Read Date: 4/27/2020 Exploit Author: Rhino Security Labs Version: :' exit This XML to imitate a Dell OMSA remote system comes from https://www.exploit-db.com/exploits/39909 Also check out...
Billing Management System 2.0 SQL Injection
Exploit Title: Billing Management System 2.0 - 'email' SQL injection Auth Bypass Date: 2021-02-16 Exploit Author: Pintu Solanki Vendor Homepage: https://www.sourcecodester.com/ Software Link: https://www.sourcecodester.com/php/14380/billing-management-system-php-mysql-updated.html Software: Billi...
XAMPP 3.3.0 Buffer Overflow
Exploit Title: XAMPP v3.3.0 — '.ini' Buffer Overflow Unicode + SEH Date: 2023-10-26 Author: Talson @Ripp3rdoc Software Link: https://sourceforge.net/projects/xampp/files/XAMPP%20Windows/8.0.28/xampp-windows-x64-8.0.28-0-VS16-installer.exe Version: 3.3.0 Tested on: Windows 11 CVE-2023-46517 \ / \ ...
Kyocera TASKalfa 4053ci 2VG_S000.002.561 Path Traversal / Denial Of Service
SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Path traversal bypass & Denial of service product: Kyocera TASKalfa 4053ci printer vulnerable version: TASKalfa 4053ci Version = 2VGS000.002.561 fixed version:...