50784 matches found
Siemens LOGO! 8 Recoverable Password Format
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2019-014 Product: LOGO! Manufacturer: Siemens Affected Versions: LOGO! 8 all versions Tested Versions: LOGO! 8, 6ED1052-2MD00-0BA8 FS:03, 0BA8.Standard V1.08.03 Vulnerability Type: Storing Passwords in a Recoverable Format CWE-257...
Moodle 3.9 Remote Code Execution
Exploit Title: Moodle 3.9 - Remote Code Execution RCE Authenticated Date: 12-05-2021 Exploit Author: lanz Vendor Homepage: https://moodle.org/ Version: Moodle 3.9 Tested on: FreeBSD !/usr/bin/python3 Moodle 3.9 - RCE Authenticated as teacher Based on PoC and Payload to assign full permissions to...
Digital Guardian Management Console 7.1.2.0015 XXE Injection
Title: Digital Guardian Managment Console - XML External Entity Vulnerability Author: Pawel Gocyla Date: 18 April 2018 CVE: CVE-2018-10175 Affected software: ================== Digital Guardian Managment Console Version 7.1.2.0015 Description: ============ Digital Guardian is an American data los...
Sonar Qube 8.3.1 Unquoted Service Path
Title: Sonar Qube 8.3.1 - 'SonarQube Service' Unquoted Service Path Author: Velayutham Selvaraj Date: 2020-06-03 Vendor Homepage: https://www.sonarqube.org Software Link: https://www.sonarqube.org/downloads/ Version : 8.3.1 Tested on: Windows 10 64bitEN About Unquoted Service Path :...
vBulletin 5.x Pre-Auth Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'vBulletin 5.x 0day pre-quth RCE exploit', 'Description' = %q vBulletin 5.x 0day pre-auth RCE exploit. This should work on all versions from 5.0.0...
📄 UNA CMS 14.0.0-RC4 PHP Object Injection
UNA CMS versions 14.0.0-RC4 and below suffer from a PHP object injection vulnerability in BxBaseMenuSetAclLevel.php. ------------------------------------------------------------------------------------ UNA CMS = 14.0.0-RC4 BxBaseMenuSetAclLevel.php PHP Object Injection Vulnerability...
Dovecot IMAP Server 2.2 / 2.3 Missing Rate Limiting
Affected product: Dovecot IMAP Server Internal reference: DOV-6464 Vulnerability type: CWE-770 Allocation of Resources Without Limits or Throttling Vulnerable version: 2.2, 2.3 Vulnerable component: lib-mail Report confidence: Confirmed Solution status: Fixed in 2.3.21.1 Researcher credits: Vendo...
Apache Superset 2.0.0 Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Apache Superset Signed Cookie RCE', 'Description' = %q Apache Superset versions MSFLICENSE, 'Author' = 'h00die', MSF module 'paradoxis', original...
SAP Application Server ABAP Open Redirection
SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Open Redirect in BSP Test Application it00 Bypass for CVE-2020-6215 Patch product: SAP® Application Server ABAP and ABAP® Platform SAPBASIS vulnerable version: see sectio...
GFI Mail Archiver 15.1 Arbitrary File Upload
Exploit Title: GFI Mail Archiver = 15.1 - Telerik UI Component Arbitrary File Upload Unauthenticated Date: 21 March 2021 Exploit Author: Amin Bohio https://aminbohio.com Original Research & Code By: Paul Taylor / Foregenix Ltd Original Exploit: https://github.com/bao7uo/RAUcrypto Vendor Homepage:...
ForgeRock / OpenAM Jato Java Deserialization
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'ForgeRock / OpenAM Jato Java Deserialization', 'Description' = %q This module leverages a pre-authentication remote code execution vulnerability ...
Android SPF Memory Issues
SPF in AOSP version 5.10 and 5.15 kernels can create dangling TLB entries by misdirecting TLB flushes on race with mremap. The AOSP 5.10/5.15 kernels contain a non-upstream memory management optimization called "Speculative Page Fault" SPF. There have been a series of issues in this before, see...
OpenTSDB 2.4.1 Unauthenticated Command Injection
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'OpenTSDB 2.4.1 unauthenticated command injection', 'Description' = %q This module exploits an unauthenticated command injection vulnerability in...
Backdoor.Win32.Prorat.ntz Weak Hardcoded Password
Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/ab96d7f9e008a0774239be6be0c8e7bbB.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Prorat.ntz Vulnerability: Weak Hardcoded Password Description: The malware runs an F...
Typesetter CMS 5.1 Remote Code Execution
Exploit Title: Typesetter CMS 5.1 - Arbitrary Code Execution Exploit Author: Rodolfo "t0gu" Tavares Contact: @t0guu TW Software Homepage: https://www.typesettercms.com/ Version : 5.1 Tested on: Linux / Apache Category: WebApp Google Dork: intext:"Powered by Typesetter" Date: 2020-09-29 CVE :...
Checkmk 1.6.0p16 Local Privilege Escalation
COMPASS SECURITY ADVISORY https://www.compass-security.com/research/advisories/ Product: Checkmk Vendor: tribe29 GmbH CSNC ID: CSNC-2020-005 Subject: Local Privilege Escalation Risk: High Effect: Locally exploitable Authors: Thierry Viaccoz Date: 21.09.2020 Introduction: ------------- Checkmk 1 i...
Mikrotik WinBox 6.42 Credential Disclosure
/ Title: Mikrotik WinBox 6.42 - Credential Disclosure golang edition Author: Maxim Yefimenko @slider Date: 2018-08-06 Sotware Link: https://mikrotik.com/download Vendor Page: https://www.mikrotik.com/ Version: 6.29 - 6.42 Tested on: Fedora 28 \ Debian 9 \ Windows 10 \ Android wherever it was...
Patient Record Management System 1.0 Authentication Bypass
Exploit Title: Patient Record Management System v1.0 - Authentication Bypass via PHP Loose Comparison Exploit Author: Joe Pollock Date: January 19, 2023 Vendor Homepage: https://www.sourcecodester.com/php/13505/patient-record-management-system.html Software Link:...
Apache Storm Nimbus 2.2.0 Command Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'rex/proto/thrift' require 'rex/stopwatch' class MetasploitModule 'Apache Storm Nimbus getTopologyHistory Unauthenticated Command Execution', 'Description' = %q...
OpenAsset Digital Asset Management Insecure Direct Object Reference
Title: Missing access controls Product: OpenAsset Digital Asset Management by OpenAsset Vendor Homepage: https://www.openasset.com/ Vulnerable Version: 12.0.19 Cloud 11.2.1 On-premise Fixed Version: 12.0.22 Cloud 11.4.10 On-premise CVE Number: CVE-2020-28861 Author: Jack Misiura from The Missing...
Sentrifugo 3.2 Shell Upload / Restriction Bypass
Exploit Title: Sentrifugo 3.2 - File Upload Restriction Bypass Authenticated Date: 26/10/2020 Exploit Author: Gurkirat Singh Vendor Homepage: http://www.sentrifugo.com/ POC Link: https://www.exploit-db.com/exploits/47323 Version: 3.2 Tested on: Linux and Windows CVE : CVE-2019-15813 Contact...
EasyPMS 1.0.0 Authentication Bypass
Exploit Title: EasyPMS 1.0.0 - Authentication Bypass Discovery by: Jok3r Vendor Homepage: https://www.elektraweb.com/en/ Software Link: https://github.com/Travelaps/EasyPMS/releases/ Tested Version: 1.0.0 Vulnerability Type: Authentication Bypass Tested on OS: Windows Server 2012 Description:...
PHPJabbers Car Rental 3.0 HTML Injection
Exploit Title: PHPJabbers Car Rental v3.0 - HTML Injection Date: 19/11/2023 Exploit Author: BugsBD Limited Discover by: Rahad Chowdhury Vendor Homepage: https://www.phpjabbers.com/ Software Link: https://www.phpjabbers.com/car-rental-script/ Version: v3.0 Tested on: Windows 10, Windows 11, Linux...
Best POS Management System 1.0 SQL Injection
Exploit Title: SQL Injection on Best pos Management System Google Dork: NA Date: 14/2/2023 Exploit Author: Ahmed Ismail @MrOz1l Vendor Homepage: https://www.sourcecodester.com/php/16127/best-pos-management-system-php.html Software Link:...
Cobian Backup Service Unquoted Service Path
Exploit Title: Cobian Backup Service sc qc CobianBackup11 SC QueryServiceConfig SUCCESS SERVICENAME: CobianBackup11 TYPE : 10 WIN32OWNPROCESS STARTTYPE : 2 AUTOSTART ERRORCONTROL : 1 Normal BINARYPATHNAME : C:\Program Files x86\Cobian Backup 11\cbService.exe LOADORDERGROUP : TAG : 0 DISPLAYNAME :...
Easy Chat Server 3.1 Buffer Overflow
Exploit Title: Easy Chat Server 3.1 - Remote Stack Buffer Overflow SEH Exploit Author: r00tpgp @ http://www.r00tpgp.com Usage: python easychat-exploit.py Spawns reverse meterpreter LHOST=192.168.0.162 LPORT=1990 CVE: CVE-2004-2466 Installer: http://www.echatserver.com/ Tested on: Microsoft Window...
WordPress WP-PostRatings 1.86 Cross Site Scripting
Exploit Title: WordPress Plugin WP-PostRatings 1.86 - 'postratingsimage' Cross-Site Scripting Date: 20-12-2018 Software Link: https://wordpress.org/plugins/wp-postratings/ Exploit Author: Park Won Seok Version: wp-postratings.1.86 Tested on: Windows 10 x64 description: A Stored Cross-site scripti...
SAP Lumira 1.31 Cross Site Scripting
Exploit Title: SAP Lumira 1.31 - Stored Cross-Site Scripting Date: 13.08.2020 Exploit Author: Ilca Lucian Florin Vendor Homepage: https://www.sap.com Software Link: SAP Lumira Version: 123 •...
WordPress FCKEditor-For-Wordpress-Plugin 3.3.1 Shell Upload
Exploit Title : WordPress FCKEditor-For-Wordpress-Plugin 3.3.1 Remote Shell Upload Vulnerability Author Discovered By : KingSkrupellos from Cyberizm Digital Security Army Date : 20/12/2018 Vendor Homepage : wordpress.org/support/plugin/fckeditor-for-wordpress-plugin Software Download Link :...
CVE-2019-0708 BlueKeep Microsoft Remote Desktop Remote Code Execution Check
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'CVE-2019-0708 BlueKeep Microsoft Remote Desktop RCE Check', 'Description' = %q This module checks a range of hosts for the CVE-2019-0708...
WordPress SiteGround Security 1.2.5 Authentication Bypass
Description: Authentication Bypass via 2-Factor Authentication Setup Affected Plugin: SiteGround Security Plugin Slug: sg-security Plugin Developer: SiteGround Affected Versions: = 1.2.5 CVE ID: CVE-2022-0992 CVSS Score: 9.8 Critical CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H...
Cockpit CMS 0.11.1 NoSQL Injection
Exploit Title: Cockpit CMS 0.11.1 - 'Username Enumeration & Password Reset' NoSQL Injection Date: 06-08-2021 Exploit Author: Brian Ombongi Vendor Homepage: https://getcockpit.com/ Version: Cockpit 0.11.1 Tested on: Ubuntu 16.04.7 CVE : CVE-2020-35847 & CVE-2020-35848 !/usr/bin/python3 import json...
WordPress Modern Events Calendar Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Wordpress Plugin Modern Events Calendar - Authenticated Remote Code Execution', 'Description' = %q This module allows an attacker with a privileg...
Foxit Reader 9.7.1 Remote Command Execution
Exploit Title: Foxit Reader 9.7.1 - Remote Command Execution Javascript API Exploit Author: Nassim Asrir CVE: CVE-2020-14425. Vendor Homepage: https://www.foxitsoftware.com/ Description: Foxit Reader before 10.0 allows Remote Command Execution via the unsafe app.opencPDFWebPage JavaScript AP whic...
VTENEXT 19 CE Remote Code Execution
!/usr/bin/python3 Exploit Title: VTENEXT 19 CE - Remote Code Execution Google Dork: n/a Date: 2020/09/09 Exploit Author: Marco Ruela Vendor Homepage: https://www.vtenext.com/en/ Software Link: Vendor removed vulnerable version from sourceforge.net Version: 19 CE Tested on: Ubuntu 16.04 CVE : N/A...
Microsoft Office 265 Remote Code Execution
CVE-2024-30104 The problem is still in the "docx" files this vulnerability is a 0 day based on the Follina exploit. The Microsoft company still doesn't want to understand, that they MUST remove macros options from the 365 Office and their offline app. In this video, you will see an example of thi...
Checkpoint Gaia Portal R81.10 Remote Command Execution
========================= Exploit Title: Hostname injection leads to Remote Code Execution RCE Authenticated Product: Gaia Portal Vendor: Checkpoint Vulnerable Versions: R81.20 Take 14, R81.10 Take 95, R81 Take 82 and R80.40 Take 198 Tested Version: R81.10 take 335 Advisory Publication: July 27,...
Apache Log4j2 2.14.1 Remote Code Execution
Exploit Title: Apache Log4j 2 - Remote Code Execution RCE Date: 11/12/2021 Exploit Authors: kozmer, z9fr, svmorris Vendor Homepage: https://logging.apache.org/log4j/2.x/ Software Link: https://github.com/apache/logging-log4j2 Version: versions 2.0-beta-9 and 2.14.1. Tested on: Linux CVE:...
OpenCart 3.0.3.6 Cross Site Request Forgery
Exploit Title: OpenCart 3.0.3.6 - Cross Site Request Forgery Date: 12-11-2020 Exploit Author: Mahendra Purbia Mah3Sec Vendor Homepage: https://www.opencart.com Software Link: https://www.opencart.com/index.php?route=cms/download Version: OpenCart CMS - 3.0.3.6 Tested on: Kali Linux Description:...
Joomla HTTP Header Unauthenticated Remote Code Execution
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'Joomla HTTP Header Unauthenticated Remote Code Execution', 'Description' = %q Joomla suffers from an unauthenticated remote code...
Siemens CP-XXXX Series Exposed Serial Shell
SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Exposed Serial Shell on multiple PLCs product: Siemens CP-XXXX Series CP-2014, CP-2016, CP-2017, CP-2019, CP-5014 vulnerable version: All hardware revisions fixed version...
Internet Radio auna IR-160 SE UIProto DoS / XSS / Missing Authentication
The internet radio device auna IR-160 SE has multiple vulnerabilities. It uses the firmware UIProto, different versions of which can also be found in many other radios. 1. The firmware offers a rudimentary web API that can be reached on the local network on port 80. This API is completely...
Fibaro Home Center MITM / Missing Authentication / Code Execution
IoT Inspector Research Lab Advisory IOT-20210408-0 title: Multiple vulnerabilities vendor/product: Fibaro Home Center Light / Fibaro Home Center 2 https://www.fibaro.com/ vulnerable version: 4.600 and older fixed version: 4.610 CVE number: CVE-2021-20989, CVE-2021-20990, CVE-2021-20991,...
OpenAsset Digital Asset Management Cross Site Request Forgery
Title: Cross-site request forgery CSRF Product: OpenAsset Digital Asset Management by OpenAsset Vendor Homepage: https://www.openasset.com/ Vulnerable Version: 12.0.19 Cloud 11.2.1 On-premise Fixed Version: 12.0.26 Cloud 11.4.10 On-premise CVE Number: CVE-2020-28858 Author: Jack Misiura from The...
MedDream PACS Server 6.8.3.751 Remote Code Execution
!/usr/bin/python Exploit Title: MedDream PACS Server 6.8.3.751 - Remote Code Execution Authenticated Exploit Author: bzyo Twitter: @bzyo Exploit Title: MedDream PACS Server 6.8.3.751 - Remote Code Execution Authenticated Date: 2020-10-01 Vulnerable Software:...
College-Management-System-Php 1.0 SQL Injection
Exploit Title: College-Management-System-Php 1.0 - Authentication Bypass / SQL Injection Exploit Author: BLAY ABU SAFIAN Inveteck Global Website: https://github.com/olotieno/College-Management-System-Php Date: 2020-06-16 Google Dork: N/A Vendor: https://github.com/olotieno/ Software Link:...
ProFTPd CPFR / CPTO Proof Of Concept
''' for educational purpouse ONLY! c0ded by daldana. daniel.aldana.moreno at gmail.com please, first read https://github.com/chcx/cpxproftpd/ ''' import sys from ftplib import FTP def mainargv: if lenargv == 4: ip = argv1 src = argv2 dst = argv3 option = 1 elif lenargv == 3: ip = argv1 dst = argv...
Nitro PDF Pro Local Privilege Escalation
SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Local Privilege Escalation via MSI Installer product: Nitro PDF Pro vulnerable version: 14.26.1.0 13.70.8.82 fixed version: 14.26.1.0 or higher 13.70.8.82 or higher CVE...
Oracle TNS Listener Checker
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Oracle TNS Listener Checker', 'Description' = %q This module checks the server for vulnerabilities like TNS Poison. Module sends a server a packe...
Payroll Management System 1.0 Remote Code Execution
Exploit Title: Payroll Management System v1.0 RCE Unauthenticated Google Dork: intitle:"Employee's Payroll Management System" Date: 16/06/2024 Exploit Author: ShellUnease Vendor Homepage: https://www.sourcecodester.com/ Software Link:...