50738 matches found
Siemens LOGO! 8 Recoverable Password Format
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2019-014 Product: LOGO! Manufacturer: Siemens Affected Versions: LOGO! 8 all versions Tested Versions: LOGO! 8, 6ED1052-2MD00-0BA8 FS:03, 0BA8.Standard V1.08.03 Vulnerability Type: Storing Passwords in a Recoverable Format CWE-257...
📄 UNA CMS 14.0.0-RC4 PHP Object Injection
UNA CMS versions 14.0.0-RC4 and below suffer from a PHP object injection vulnerability in BxBaseMenuSetAclLevel.php. ------------------------------------------------------------------------------------ UNA CMS = 14.0.0-RC4 BxBaseMenuSetAclLevel.php PHP Object Injection Vulnerability...
Moodle 3.9 Remote Code Execution
Exploit Title: Moodle 3.9 - Remote Code Execution RCE Authenticated Date: 12-05-2021 Exploit Author: lanz Vendor Homepage: https://moodle.org/ Version: Moodle 3.9 Tested on: FreeBSD !/usr/bin/python3 Moodle 3.9 - RCE Authenticated as teacher Based on PoC and Payload to assign full permissions to...
Sonar Qube 8.3.1 Unquoted Service Path
Title: Sonar Qube 8.3.1 - 'SonarQube Service' Unquoted Service Path Author: Velayutham Selvaraj Date: 2020-06-03 Vendor Homepage: https://www.sonarqube.org Software Link: https://www.sonarqube.org/downloads/ Version : 8.3.1 Tested on: Windows 10 64bitEN About Unquoted Service Path :...
Android SPF Memory Issues
SPF in AOSP version 5.10 and 5.15 kernels can create dangling TLB entries by misdirecting TLB flushes on race with mremap. The AOSP 5.10/5.15 kernels contain a non-upstream memory management optimization called "Speculative Page Fault" SPF. There have been a series of issues in this before, see...
Apache Superset 2.0.0 Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Apache Superset Signed Cookie RCE', 'Description' = %q Apache Superset versions MSFLICENSE, 'Author' = 'h00die', MSF module 'paradoxis', original...
SAP Application Server ABAP Open Redirection
SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Open Redirect in BSP Test Application it00 Bypass for CVE-2020-6215 Patch product: SAP® Application Server ABAP and ABAP® Platform SAPBASIS vulnerable version: see sectio...
Typesetter CMS 5.1 Remote Code Execution
Exploit Title: Typesetter CMS 5.1 - Arbitrary Code Execution Exploit Author: Rodolfo "t0gu" Tavares Contact: @t0guu TW Software Homepage: https://www.typesettercms.com/ Version : 5.1 Tested on: Linux / Apache Category: WebApp Google Dork: intext:"Powered by Typesetter" Date: 2020-09-29 CVE :...
Mikrotik WinBox 6.42 Credential Disclosure
/ Title: Mikrotik WinBox 6.42 - Credential Disclosure golang edition Author: Maxim Yefimenko @slider Date: 2018-08-06 Sotware Link: https://mikrotik.com/download Vendor Page: https://www.mikrotik.com/ Version: 6.29 - 6.42 Tested on: Fedora 28 \ Debian 9 \ Windows 10 \ Android wherever it was...
OpenTSDB 2.4.1 Unauthenticated Command Injection
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'OpenTSDB 2.4.1 unauthenticated command injection', 'Description' = %q This module exploits an unauthenticated command injection vulnerability in...
Backdoor.Win32.Prorat.ntz Weak Hardcoded Password
Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/ab96d7f9e008a0774239be6be0c8e7bbB.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Prorat.ntz Vulnerability: Weak Hardcoded Password Description: The malware runs an F...
GFI Mail Archiver 15.1 Arbitrary File Upload
Exploit Title: GFI Mail Archiver = 15.1 - Telerik UI Component Arbitrary File Upload Unauthenticated Date: 21 March 2021 Exploit Author: Amin Bohio https://aminbohio.com Original Research & Code By: Paul Taylor / Foregenix Ltd Original Exploit: https://github.com/bao7uo/RAUcrypto Vendor Homepage:...
ForgeRock / OpenAM Jato Java Deserialization
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'ForgeRock / OpenAM Jato Java Deserialization', 'Description' = %q This module leverages a pre-authentication remote code execution vulnerability ...
OpenAsset Digital Asset Management Insecure Direct Object Reference
Title: Missing access controls Product: OpenAsset Digital Asset Management by OpenAsset Vendor Homepage: https://www.openasset.com/ Vulnerable Version: 12.0.19 Cloud 11.2.1 On-premise Fixed Version: 12.0.22 Cloud 11.4.10 On-premise CVE Number: CVE-2020-28861 Author: Jack Misiura from The Missing...
EasyPMS 1.0.0 Authentication Bypass
Exploit Title: EasyPMS 1.0.0 - Authentication Bypass Discovery by: Jok3r Vendor Homepage: https://www.elektraweb.com/en/ Software Link: https://github.com/Travelaps/EasyPMS/releases/ Tested Version: 1.0.0 Vulnerability Type: Authentication Bypass Tested on OS: Windows Server 2012 Description:...
Checkmk 1.6.0p16 Local Privilege Escalation
COMPASS SECURITY ADVISORY https://www.compass-security.com/research/advisories/ Product: Checkmk Vendor: tribe29 GmbH CSNC ID: CSNC-2020-005 Subject: Local Privilege Escalation Risk: High Effect: Locally exploitable Authors: Thierry Viaccoz Date: 21.09.2020 Introduction: ------------- Checkmk 1 i...
Dovecot IMAP Server 2.2 / 2.3 Missing Rate Limiting
Affected product: Dovecot IMAP Server Internal reference: DOV-6464 Vulnerability type: CWE-770 Allocation of Resources Without Limits or Throttling Vulnerable version: 2.2, 2.3 Vulnerable component: lib-mail Report confidence: Confirmed Solution status: Fixed in 2.3.21.1 Researcher credits: Vendo...
Patient Record Management System 1.0 Authentication Bypass
Exploit Title: Patient Record Management System v1.0 - Authentication Bypass via PHP Loose Comparison Exploit Author: Joe Pollock Date: January 19, 2023 Vendor Homepage: https://www.sourcecodester.com/php/13505/patient-record-management-system.html Software Link:...
Sentrifugo 3.2 Shell Upload / Restriction Bypass
Exploit Title: Sentrifugo 3.2 - File Upload Restriction Bypass Authenticated Date: 26/10/2020 Exploit Author: Gurkirat Singh Vendor Homepage: http://www.sentrifugo.com/ POC Link: https://www.exploit-db.com/exploits/47323 Version: 3.2 Tested on: Linux and Windows CVE : CVE-2019-15813 Contact...
vBulletin 5.x Pre-Auth Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'vBulletin 5.x 0day pre-quth RCE exploit', 'Description' = %q vBulletin 5.x 0day pre-auth RCE exploit. This should work on all versions from 5.0.0...
PHPJabbers Car Rental 3.0 HTML Injection
Exploit Title: PHPJabbers Car Rental v3.0 - HTML Injection Date: 19/11/2023 Exploit Author: BugsBD Limited Discover by: Rahad Chowdhury Vendor Homepage: https://www.phpjabbers.com/ Software Link: https://www.phpjabbers.com/car-rental-script/ Version: v3.0 Tested on: Windows 10, Windows 11, Linux...
Best POS Management System 1.0 SQL Injection
Exploit Title: SQL Injection on Best pos Management System Google Dork: NA Date: 14/2/2023 Exploit Author: Ahmed Ismail @MrOz1l Vendor Homepage: https://www.sourcecodester.com/php/16127/best-pos-management-system-php.html Software Link:...
Apache Storm Nimbus 2.2.0 Command Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'rex/proto/thrift' require 'rex/stopwatch' class MetasploitModule 'Apache Storm Nimbus getTopologyHistory Unauthenticated Command Execution', 'Description' = %q...
SAP Lumira 1.31 Cross Site Scripting
Exploit Title: SAP Lumira 1.31 - Stored Cross-Site Scripting Date: 13.08.2020 Exploit Author: Ilca Lucian Florin Vendor Homepage: https://www.sap.com Software Link: SAP Lumira Version: 123 •...
Cobian Backup Service Unquoted Service Path
Exploit Title: Cobian Backup Service sc qc CobianBackup11 SC QueryServiceConfig SUCCESS SERVICENAME: CobianBackup11 TYPE : 10 WIN32OWNPROCESS STARTTYPE : 2 AUTOSTART ERRORCONTROL : 1 Normal BINARYPATHNAME : C:\Program Files x86\Cobian Backup 11\cbService.exe LOADORDERGROUP : TAG : 0 DISPLAYNAME :...
WordPress SiteGround Security 1.2.5 Authentication Bypass
Description: Authentication Bypass via 2-Factor Authentication Setup Affected Plugin: SiteGround Security Plugin Slug: sg-security Plugin Developer: SiteGround Affected Versions: = 1.2.5 CVE ID: CVE-2022-0992 CVSS Score: 9.8 Critical CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H...
Cockpit CMS 0.11.1 NoSQL Injection
Exploit Title: Cockpit CMS 0.11.1 - 'Username Enumeration & Password Reset' NoSQL Injection Date: 06-08-2021 Exploit Author: Brian Ombongi Vendor Homepage: https://getcockpit.com/ Version: Cockpit 0.11.1 Tested on: Ubuntu 16.04.7 CVE : CVE-2020-35847 & CVE-2020-35848 !/usr/bin/python3 import json...
WordPress Modern Events Calendar Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Wordpress Plugin Modern Events Calendar - Authenticated Remote Code Execution', 'Description' = %q This module allows an attacker with a privileg...
WordPress WP-PostRatings 1.86 Cross Site Scripting
Exploit Title: WordPress Plugin WP-PostRatings 1.86 - 'postratingsimage' Cross-Site Scripting Date: 20-12-2018 Software Link: https://wordpress.org/plugins/wp-postratings/ Exploit Author: Park Won Seok Version: wp-postratings.1.86 Tested on: Windows 10 x64 description: A Stored Cross-site scripti...
VTENEXT 19 CE Remote Code Execution
!/usr/bin/python3 Exploit Title: VTENEXT 19 CE - Remote Code Execution Google Dork: n/a Date: 2020/09/09 Exploit Author: Marco Ruela Vendor Homepage: https://www.vtenext.com/en/ Software Link: Vendor removed vulnerable version from sourceforge.net Version: 19 CE Tested on: Ubuntu 16.04 CVE : N/A...
Apache Log4j2 2.14.1 Remote Code Execution
Exploit Title: Apache Log4j 2 - Remote Code Execution RCE Date: 11/12/2021 Exploit Authors: kozmer, z9fr, svmorris Vendor Homepage: https://logging.apache.org/log4j/2.x/ Software Link: https://github.com/apache/logging-log4j2 Version: versions 2.0-beta-9 and 2.14.1. Tested on: Linux CVE:...
WordPress FCKEditor-For-Wordpress-Plugin 3.3.1 Shell Upload
Exploit Title : WordPress FCKEditor-For-Wordpress-Plugin 3.3.1 Remote Shell Upload Vulnerability Author Discovered By : KingSkrupellos from Cyberizm Digital Security Army Date : 20/12/2018 Vendor Homepage : wordpress.org/support/plugin/fckeditor-for-wordpress-plugin Software Download Link :...
Joomla HTTP Header Unauthenticated Remote Code Execution
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'Joomla HTTP Header Unauthenticated Remote Code Execution', 'Description' = %q Joomla suffers from an unauthenticated remote code...
Siemens CP-XXXX Series Exposed Serial Shell
SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Exposed Serial Shell on multiple PLCs product: Siemens CP-XXXX Series CP-2014, CP-2016, CP-2017, CP-2019, CP-5014 vulnerable version: All hardware revisions fixed version...
Fibaro Home Center MITM / Missing Authentication / Code Execution
IoT Inspector Research Lab Advisory IOT-20210408-0 title: Multiple vulnerabilities vendor/product: Fibaro Home Center Light / Fibaro Home Center 2 https://www.fibaro.com/ vulnerable version: 4.600 and older fixed version: 4.610 CVE number: CVE-2021-20989, CVE-2021-20990, CVE-2021-20991,...
OpenAsset Digital Asset Management Cross Site Request Forgery
Title: Cross-site request forgery CSRF Product: OpenAsset Digital Asset Management by OpenAsset Vendor Homepage: https://www.openasset.com/ Vulnerable Version: 12.0.19 Cloud 11.2.1 On-premise Fixed Version: 12.0.26 Cloud 11.4.10 On-premise CVE Number: CVE-2020-28858 Author: Jack Misiura from The...
OpenCart 3.0.3.6 Cross Site Request Forgery
Exploit Title: OpenCart 3.0.3.6 - Cross Site Request Forgery Date: 12-11-2020 Exploit Author: Mahendra Purbia Mah3Sec Vendor Homepage: https://www.opencart.com Software Link: https://www.opencart.com/index.php?route=cms/download Version: OpenCart CMS - 3.0.3.6 Tested on: Kali Linux Description:...
Foxit Reader 9.7.1 Remote Command Execution
Exploit Title: Foxit Reader 9.7.1 - Remote Command Execution Javascript API Exploit Author: Nassim Asrir CVE: CVE-2020-14425. Vendor Homepage: https://www.foxitsoftware.com/ Description: Foxit Reader before 10.0 allows Remote Command Execution via the unsafe app.opencPDFWebPage JavaScript AP whic...
MedDream PACS Server 6.8.3.751 Remote Code Execution
!/usr/bin/python Exploit Title: MedDream PACS Server 6.8.3.751 - Remote Code Execution Authenticated Exploit Author: bzyo Twitter: @bzyo Exploit Title: MedDream PACS Server 6.8.3.751 - Remote Code Execution Authenticated Date: 2020-10-01 Vulnerable Software:...
ProFTPd CPFR / CPTO Proof Of Concept
''' for educational purpouse ONLY! c0ded by daldana. daniel.aldana.moreno at gmail.com please, first read https://github.com/chcx/cpxproftpd/ ''' import sys from ftplib import FTP def mainargv: if lenargv == 4: ip = argv1 src = argv2 dst = argv3 option = 1 elif lenargv == 3: ip = argv1 dst = argv...
Easy Chat Server 3.1 Buffer Overflow
Exploit Title: Easy Chat Server 3.1 - Remote Stack Buffer Overflow SEH Exploit Author: r00tpgp @ http://www.r00tpgp.com Usage: python easychat-exploit.py Spawns reverse meterpreter LHOST=192.168.0.162 LPORT=1990 CVE: CVE-2004-2466 Installer: http://www.echatserver.com/ Tested on: Microsoft Window...
WordPress DirectoriesPro 1.3.45 Cross Site Scripting
Title: Reflected XSS Product: WordPress DirectoriesPro Plugin by SabaiApps Vendor Homepage: https://directoriespro.com/ Vulnerable Version: 1.3.45 Fixed Version: 1.3.46 CVE Number: CVE-2020-29303 Author: Jack Misiura from The Missing Link Website: https://www.themissinglink.com.au Timeline:...
Tailor MS 1.0 Cross Site Scripting
Exploit Title: Tailor MS 1.0 - Reflected Cross-Site Scripting Exploit Author: Bobby Cooke boku & Adeeb Shah @hyd3sec Date: 2020-09-14 CVE ID: CVE-2020-23835 Vendor Homepage: https://www.sourcecodester.com Software Link:...
College-Management-System-Php 1.0 SQL Injection
Exploit Title: College-Management-System-Php 1.0 - Authentication Bypass / SQL Injection Exploit Author: BLAY ABU SAFIAN Inveteck Global Website: https://github.com/olotieno/College-Management-System-Php Date: 2020-06-16 Google Dork: N/A Vendor: https://github.com/olotieno/ Software Link:...
Outlook Web App (OWA) Brute Force Utility
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Outlook Web App OWA Brute Force Utility', 'Description' = %q This module tests credentials on OWA 2003, 2007, 2010, 2013, and 2016 servers. ,...
Internet Radio auna IR-160 SE UIProto DoS / XSS / Missing Authentication
The internet radio device auna IR-160 SE has multiple vulnerabilities. It uses the firmware UIProto, different versions of which can also be found in many other radios. 1. The firmware offers a rudimentary web API that can be reached on the local network on port 80. This API is completely...
Movable Type 7 r.5002 XMLRPC API Remote Command Injection
class MetasploitModule "Movable Type XMLRPC API Remote Command Injection", 'Description' = %q This module exploit Movable Type XMLRPC API Remote Command Injection. , 'License' = MSFLICENSE, 'Author' = 'Etienne Gervais', author & msf module, 'Charl-Alexandre Le Brun' author & msf module ,...
Textpattern CMS 4.6.2 Cross Site Scripting
Exploit Title: Textpattern CMS 4.6.2 - 'body' Persistent Cross-Site Scripting Exploit Author: Alperen Ergel Web Site: https://alperenae.gitbook.io/ Software Homepage: https://textpattern.com/ Version : 4.6.2 Tested on: windows 10 / xammp Category: WebApp Google Dork: intext:"Published with...
Craft CMS Twig Template Injection / Remote Code Execution
This Metasploit module exploits a Twig template injection vulnerability in Craft CMS by abusing the --templatesPath argument. The vulnerability allows arbitrary template loading via FTP, leading to remote code execution. This module requires Metasploit: https://metasploit.com/download Current...
Nitro PDF Pro Local Privilege Escalation
SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Local Privilege Escalation via MSI Installer product: Nitro PDF Pro vulnerable version: 14.26.1.0 13.70.8.82 fixed version: 14.26.1.0 or higher 13.70.8.82 or higher CVE...