50786 matches found
Nitro PDF Pro Local Privilege Escalation
SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Local Privilege Escalation via MSI Installer product: Nitro PDF Pro vulnerable version: 14.26.1.0 13.70.8.82 fixed version: 14.26.1.0 or higher 13.70.8.82 or higher CVE...
Outlook Web App (OWA) Brute Force Utility
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Outlook Web App OWA Brute Force Utility', 'Description' = %q This module tests credentials on OWA 2003, 2007, 2010, 2013, and 2016 servers. ,...
SMTP Open Relay Detection
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'SMTP Open Relay Detection', 'Description' = %q This module tests if an SMTP server will accept via a code 250 an e-mail by using a variation of...
Oracle TNS Listener Checker
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Oracle TNS Listener Checker', 'Description' = %q This module checks the server for vulnerabilities like TNS Poison. Module sends a server a packe...
Icewarp WebMail 11.4.5.0 Cross Site Scripting
Title: IceWarp WebMail Cross-Site Scripting Vulnerability + Date: 2020/10/25 + Author: Harun Karakış + Vendor Homepage: www.icewarp.com + Tested on: Windows 10 + Versions: 11.4.5.0 + Vulnerable Parameter: "language" Get Method + Vulnerable File: /webmail/ + Cve:CVE-2020-27982 PoC: + Go to :...
Textpattern CMS 4.6.2 Cross Site Scripting
Exploit Title: Textpattern CMS 4.6.2 - 'body' Persistent Cross-Site Scripting Exploit Author: Alperen Ergel Web Site: https://alperenae.gitbook.io/ Software Homepage: https://textpattern.com/ Version : 4.6.2 Tested on: windows 10 / xammp Category: WebApp Google Dork: intext:"Published with...
Craft CMS Twig Template Injection / Remote Code Execution
This Metasploit module exploits a Twig template injection vulnerability in Craft CMS by abusing the --templatesPath argument. The vulnerability allows arbitrary template loading via FTP, leading to remote code execution. This module requires Metasploit: https://metasploit.com/download Current...
Palo Alto Networks Authenticated Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Palo Alto Networks Authenticated Remote Code Execution', 'Description' = %q An OS Command Injection vulnerability in the PAN-OS management...
Movable Type 7 r.5002 XMLRPC API Remote Command Injection
class MetasploitModule "Movable Type XMLRPC API Remote Command Injection", 'Description' = %q This module exploit Movable Type XMLRPC API Remote Command Injection. , 'License' = MSFLICENSE, 'Author' = 'Etienne Gervais', author & msf module, 'Charl-Alexandre Le Brun' author & msf module ,...
WBCE 1.6.0 SQL Injection
Exploit Title: |Unauthenticated SQL injection in WBCE 1.6.0 Date: 15.11.2023 Exploit Author: young pope Vendor Homepage: https://github.com/WBCE/WBCECMS Software Link: https://github.com/WBCE/WBCECMS/archive/refs/tags/1.6.0.zip Version: 1.6.0 Tested on: Kali linux CVE : CVE-2023-39796 There is an...
Pulse Secure VPN Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Pulse Secure VPN gzip RCE', 'Description' = %q The Pulse Connect Secure appliance before 9.1R9 suffers from an uncontrolled gzip extraction...
Dolibarr 12.0.3 SQL Injection / Remote Code Execution
Exploit Title: Dolibarr 12.0.3, SQLi to RCE Date: 2/12/2020 Exploit Author: coiffeur Write Up: https://therealcoiffeur.github.io/c10010, https://therealcoiffeur.github.io/c10011 Vendor Homepage: https://www.dolibarr.org/ Software Link: https://www.dolibarr.org/downloads.php,...
D-Link DSL-3782 Pre-Authentication Remote Root
!/usr/bin/python2 preauth rece for dlink dsl-3782 found: 06.11.2021 pwned: 18.112021 @ 19:26 import sys import urllib2 requests import urllib import struct target = 'http://192.168.0.50/index.php' cgi-bin/ChgLang.asp' nopsled = "" NOP sled XOR $t0, $t0, $t0; as NOP is only null bytes for i in...
VMware View Planner 4.6 Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'VMware View Planner Unauthenticated Log File Upload RCE', 'Description' = %q This module exploits an unauthenticated log file upload within the...
Lansweeper 7.2 Default Account / Remote Code Execution
Exploit Title: Lansweeper 7.2 - Incorrect Access Control SHODAN DORK : title:"Lansweeper - Login" Date: 2020-06-14 Exploit Author: Amel BOUZIANE-LEBLOND Vendor Homepage: https://www.lansweeper.com/ Software Link: https://www.lansweeper.com Version: 6.0.x through 7.2.x Tested on: Windows CVE :...
BoidCMS 2.0.0 Command Injection
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'BoidCMS Command Injection', 'Description' = %q This module leverages CVE-2023-38836, an improper sanitization bug in BoidCMS version 2.0.0 and...
Invision Community 4.5.4 Cross Site Scripting
Exploit Title: Invision Community 4.5.4 - 'Field Name' Stored Cross-Site Scripting Date: 02-12-2020 Exploit Author: Hemant Patidar HemantSolo Vendor Homepage: https://invisioncommunity.com/ Software Link: https://invisioncommunity.com/buy Version: 4.5.4 Tested on: Windows 10/Kali Linux Vulnerable...
Sierra Wireless AirLink ES450 ACEManager Information Exposure
Talos Vulnerability Report TALOS-2018-0754 Sierra Wireless AirLink ES450 ACEManager Information Exposure Vulnerability April 25, 2019 CVE Number CVE-2018-4069 Summary An information disclosure vulnerability exists in the ACEManager authentication functionality of Sierra Wireless AirLink ES450 FW...
Serenity / StartSharp Software File Upload / XSS / User Enumeration / Reusable Tokens
SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple Vulnerabilities product: Serenity and StartSharp Software vulnerable version: 6.7.1 fixed version: 6.7.1 or higher CVE number: CVE-2023-31285, CVE-2023-31286,...
WordPress Smart Product Review 1.0.4 Shell Upload
Exploit Title: Wordpress Plugin Smart Product Review 1.0.4 - Arbitrary File Upload Google Dork: inurl: /wp-content/plugins/smart-product-review/ Date: 16/11/2021 Exploit Author: Keyvan Hardani Vendor Homepage: https://demo.codeflist.com/wordpress-plugins/smart-product-review/ Version: = 1.0.4...
TextPattern CMS 4.8.7 Shell Upload
Exploit Title: TextPattern CMS 4.8.7 - Remote Command Execution RCE Authenticated Date: 2021/09/06 Exploit Author: Mert Daş [email protected] Software Link: https://textpattern.com/filedownload/113/textpattern-4.8.7.zip Software web: https://textpattern.com/ Tested on: Server: Xampp First of...
Police Crime Record Management System 1.0 SQL Injection
Exploit Title: Police Crime Record Management System 1.0 - 'casedetails' SQL Injection Date: 12/08/2021 Exploit Author: Ömer Hasan Durmuş Software Link: https://www.sourcecodester.com/php/14894/police-crime-record-management-system.html Version: v1.0 Category: Webapps Tested on: Linux/Windows Ste...
SOYAL Biometric Access Control System 5.0 Master Code Disclosure
SOYAL Biometric Access Control System 5.0 Master Code Disclosure Vendor: SOYAL Technology Co., Ltd Product web page: https://www.soyal.com.tw | https://www.soyal.com Affected version: AR-727 i/CM - F/W: 5.0 AR837E/EF - F/W: 4.3 AR725Ev2 - F/W: 4.3 191231 AR331/725E - F/W: 4.2 AR837E/EF - F/W: 4.1...
OpenAsset Digital Asset Management IP Access Control Bypass
Title: IP access control bypass Product: OpenAsset Digital Asset Management by OpenAsset Vendor Homepage: https://www.openasset.com/ Vulnerable Version: 12.0.19 Cloud 11.2.1 On-premise Fixed Version: 12.0.20 Cloud 11.4.10 On-premise CVE Number: CVE-2020-28856 Author: Jack Misiura from The Missing...
Acelle Email Marketing 3.0.15 Arbitrary File Upload
==================================================================================================================================== | Title : Acelle Email Marketing v3.0.15 unrestricted file uploads Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozill...
Agent Tesla Panel Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Agent Tesla Panel Remote Code Execution', 'Description' = %q This module exploits a command injection vulnerability within the Agent Tesla contro...
Schneider Electric Pelco Endura NET55XX Encoder
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "Schneider Electric Pelco Endura NET55XX Encoder", 'Description' = %q This module exploits inadequate access controls within the webUI to enable...
Rapid7 Security Advisory 36
R7-0036: FCKEditor.NET File Upload Code Execution August 30, 2010 -- Vulnerability Details: FCKEditor contains a file renaming bug that allows remote code execution. Specifically, it is possible to upload ASP code via the ASP.NET connector in FCKEditor. The vulnerability requires that the remote...
WordPress WP Forms 1.6.3.1 Cross SIte Scripting
Exploit Title : Wordpress Plugin WPForms 1.6.3.1 - Persistent Cross Site Scripting Authenticated Exploit Author : ZwX Exploit Date : 2020-10-23 Vendor Homepage : https://wpforms.com/ Download Plugin : https://downloads.wordpress.org/plugin/wpforms-lite.1.6.3.1.zip + Description Vulnerability:...
PHP 5.2.3 imap_open Bypass
/tmp/test0001 $server = "x -oProxyCommand=echo\tZWNobyAnMTIzNDU2Nzg5MCc+L3RtcC90ZXN0MDAwMQo=|base64\t-d|sh"; imapopen''.$server.':143/imapINBOX', '', '' or die"\n\nError: ".imaplasterror;...
Paradox IP150 Internet Module 1.40.00 Cross Site Request Forgery
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Paradox IP150 Internet Module Cross-Site Request Forgery Link: https://github.com/sbaresearch/advisories/tree/public/2024/SBA-ADV-20240321-01ParadoxCrossSiteRequestForgery Vulnerability Overview The Paradox IP150 Internet Module in version 1.40.00 i...
Traceroute 2.1.2 Privilege Escalation
Description: In Traceroute 2.0.12 through to 2.1.2 fixed in 2.1.3, the wrapper scripts mishandle shell metacharacters, which can lead to privilege escalation if the wrapper scripts are executed via sudo. The affected wrapper scripts are: tcptraceroute, tracepath, traceproto and traceroute-nanog...
WordPress SP Project And Document Manager 4.21 Shell Upload
Exploit Title: Wordpress Plugin SP Project & Document Manager 4.21 - Remote Code Execution RCE Authenticated Date 07.07.2021 Exploit Author: Ron Jost Hacker5preme Vendor Homepage: https://smartypantsplugins.com/ Software Link:...
Sonatype Nexus 3.21.1 Remote Code Execution
Exploit Title: Sonatype Nexus 3.21.1 - Remote Code Execution Authenticated Exploit Author: 1F98D Original Author: Alvaro Muñoz Date: 27 May 2020 Vendor Hompage: https://www.sonatype.com/ CVE: CVE-2020-10199 Tested on: Windows 10 x64 References:...
Karel IP Phone IP1211 Web Management Panel Directory Traversal
Exploit Title: Karel IP Phone IP1211 Web Management Panel - Directory Traversal Exploit Author: Berat Gokberk ISLER Date: 2020-09-01 CVE: N/A Type: Webapps Vendor Homepage: https://www.karel.com.tr/urun-cozum/ip1211-ip-telefon Version: IP1211 Details Directory traversal vulnerability on the Karel...
Cabot 0.11.12 Cross Site Scripting
Exploit Title: Cabot 0.11.12 - Persistent Cross-Site Scripting Date: 2020-09-06 Exploit Author: Abhiram V Vendor Homepage: https://cabotapp.com/ Software Link: https://github.com/arachnys/cabot Version: 0.11.12 Tested on: Ubuntu Linux Introduction Cabot is a free, open-source, self-hosted...
Microsoft Office365 / ProPlus 16.0.11901.20204 Code Execution / Protection Bypass
Exploit Title: Microsoft Office Code Execution/Protection Bypass Exploit Author: Social Engineering Neo - @EngineeringNeo Software Link: https://products.office.com/en-nz/compare-all-microsoft-office-products Version: Office365/ProPlus - build 16.0.11901.20204 Tested on: Windows - build 18362.295...
FusionPBX 4.4.3 Remote Command Execution
Exploit Title: FusionPBX = 4.4.3 Command Injection RCE via XSS Date: 06-11-2019 Exploit Author: Dustin Cobb Vendor Homepage: https://www.fusionpbx.com Software Link: https://https://github.com/fusionpbx/fusionpbx Version: = 4.4.3 Tested on: Debian 8.11 CVE : CVE-2019-11408 XSS AND CVE-2019-11409...
Linux 6.4 io_uring Use-After-Free
iouring in Linux 6.4 suffers from a iouring page use-after-free condition via buffer ring mmap. Since commit c56e022c0a27 "iouring: add support for user mapped provided buffer ring", landed in Linux 6.4, iouring makes it possible to allocate, mmap, and deallocate "buffer rings". A "buffer ring" c...
ARM Mali r44p0 Use-After-Free
Arm Mali r44p0: UAF by freeing waitqueue with elements on it In Mali r44p0, it became possible to free the kbasecontext of a kbasefile while still having a file pointing to the kbasefile. This is supposed to be safe because of the kfile-fopscount and kfile-mapcount checks. However, kbasepoll will...
GLPI GZIP(Py3) 9.4.5 Remote Code Execution
!/usr/bin/env python3 Exploit Title: GLPI GZIPPy3 9.4.5 - RCE Date: 08-30-2021 Exploit Authors: Brian Peters & n3rada Vendor Homepage: https://glpi-project.org/ Software Link: https://github.com/glpi-project/glpi/releases Version: 0.8.5-9.4.5 Tested on: Exploit ran on Kali 2021. GLPI Ran on Windo...
Opencart 3.0.3.8 Session Injection
Exploit Title: opencart 3.0.3.8 - Sessjion Injection Date: 28/11/2021 Exploit Author: Hubert Wojciechowski Contact Author: [email protected] Company: https://redteam.pl Vendor Homepage: https://www.opencart.com/ Software Link: https://www.opencart.com/ Version: 3.0.3.8 Testeted on: Windows 10...
Check Point Identity Agent Arbitrary File Write
Advisory: Privileged File Write Description =========== The Check Point Identity Agent allows low privileged users to write files to protected locations of the file system. Details ======= Advisory ID: usd-2021-0005 Product: Check Point Identity Agent Affected Version: R81.018.0000 Vulnerability...
Atlassian Confluence WebWork OGNL Injection
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Atlassian Confluence WebWork OGNL Injection', 'Description' = %q This module exploits an OGNL injection in Atlassian Confluence's WebWork compone...
Apache OFBiz SOAP Java Deserialization
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'http://ofbiz.apache.org/service/', 'soapenv' = 'http://schemas.xmlsoap.org/soap/envelope/' .freeze def initializeinfo = super updateinfo info,...
Zoom Meeting Connector Post-Auth Remote Root
!/usr/bin/python -- coding: UTF-8 -- zoomer.py Zoom Meeting Connector Post-auth Remote Root Exploit Jeremy Brown jbrown3264/gmail Dec 2020 The Meeting Connector Web Console listens on port 5480. On the dashboard under Network - Proxy, one can enable a proxy server. All of the fields are sanitized...
WordPress Backup Migration 1.3.7 Remote Command Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'WordPress Backup Migration Plugin PHP Filter Chain RCE', 'Description' = %q This module exploits an unauth RCE in the WordPress plugin: Backup...
Dongyoung Media DM-AP240T/W Wireless Access Point Remote Configuration Disclosure
!/usr/bin/perl -w Dongyoung Media DM-AP240T/W Wireless Access Point Remote Configuration Disclosure Copyright 2019 c Todor Donev Disclaimer: This or previous programs are for Educational purpose ONLY. Do not use it without permission. The usual disclaimer applies, especially the fact that Todor...
Ship Ferry Ticket Reservation System 1.0 SQL Injection
Titles: SFTRS - PHP by: oretnom23 v1.0 Multiple-SQLi Bonus: FU + RCE & XSS - Information disclosure Author: nu11secur1ty Date: 09/14/2024 Vendor: https://github.com/oretnom23 Software: https://www.sourcecodester.com/php/14923/shipferry-ticket-reservation-system-using-php-free-source-code.html...
Backdoor.Win32.NetSpy.10 Remote Command Execution
Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/45d413b46f1d14a45e8fd36921813d62.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.NetSpy.10 Vulnerability: Unauthenticated Remote Command Execution Description: The...