50738 matches found
Icewarp WebMail 11.4.5.0 Cross Site Scripting
Title: IceWarp WebMail Cross-Site Scripting Vulnerability + Date: 2020/10/25 + Author: Harun Karakış + Vendor Homepage: www.icewarp.com + Tested on: Windows 10 + Versions: 11.4.5.0 + Vulnerable Parameter: "language" Get Method + Vulnerable File: /webmail/ + Cve:CVE-2020-27982 PoC: + Go to :...
Oracle TNS Listener Checker
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Oracle TNS Listener Checker', 'Description' = %q This module checks the server for vulnerabilities like TNS Poison. Module sends a server a packe...
WBCE 1.6.0 SQL Injection
Exploit Title: |Unauthenticated SQL injection in WBCE 1.6.0 Date: 15.11.2023 Exploit Author: young pope Vendor Homepage: https://github.com/WBCE/WBCECMS Software Link: https://github.com/WBCE/WBCECMS/archive/refs/tags/1.6.0.zip Version: 1.6.0 Tested on: Kali linux CVE : CVE-2023-39796 There is an...
Palo Alto Networks Authenticated Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Palo Alto Networks Authenticated Remote Code Execution', 'Description' = %q An OS Command Injection vulnerability in the PAN-OS management...
Lansweeper 7.2 Default Account / Remote Code Execution
Exploit Title: Lansweeper 7.2 - Incorrect Access Control SHODAN DORK : title:"Lansweeper - Login" Date: 2020-06-14 Exploit Author: Amel BOUZIANE-LEBLOND Vendor Homepage: https://www.lansweeper.com/ Software Link: https://www.lansweeper.com Version: 6.0.x through 7.2.x Tested on: Windows CVE :...
SMTP Open Relay Detection
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'SMTP Open Relay Detection', 'Description' = %q This module tests if an SMTP server will accept via a code 250 an e-mail by using a variation of...
CVE-2019-0708 BlueKeep Microsoft Remote Desktop Remote Code Execution Check
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'CVE-2019-0708 BlueKeep Microsoft Remote Desktop RCE Check', 'Description' = %q This module checks a range of hosts for the CVE-2019-0708...
Payroll Management System 1.0 Remote Code Execution
Exploit Title: Payroll Management System v1.0 RCE Unauthenticated Google Dork: intitle:"Employee's Payroll Management System" Date: 16/06/2024 Exploit Author: ShellUnease Vendor Homepage: https://www.sourcecodester.com/ Software Link:...
BoidCMS 2.0.0 Command Injection
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'BoidCMS Command Injection', 'Description' = %q This module leverages CVE-2023-38836, an improper sanitization bug in BoidCMS version 2.0.0 and...
Checkpoint Gaia Portal R81.10 Remote Command Execution
========================= Exploit Title: Hostname injection leads to Remote Code Execution RCE Authenticated Product: Gaia Portal Vendor: Checkpoint Vulnerable Versions: R81.20 Take 14, R81.10 Take 95, R81 Take 82 and R80.40 Take 198 Tested Version: R81.10 take 335 Advisory Publication: July 27,...
D-Link DSL-3782 Pre-Authentication Remote Root
!/usr/bin/python2 preauth rece for dlink dsl-3782 found: 06.11.2021 pwned: 18.112021 @ 19:26 import sys import urllib2 requests import urllib import struct target = 'http://192.168.0.50/index.php' cgi-bin/ChgLang.asp' nopsled = "" NOP sled XOR $t0, $t0, $t0; as NOP is only null bytes for i in...
VNC Authentication None Detection
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'VNC Authentication None Detection', 'Description' = 'Detect VNC servers that support the "None" authentication method.', 'References' = 'CVE',...
Microsoft Office 265 Remote Code Execution
CVE-2024-30104 The problem is still in the "docx" files this vulnerability is a 0 day based on the Follina exploit. The Microsoft company still doesn't want to understand, that they MUST remove macros options from the 365 Office and their offline app. In this video, you will see an example of thi...
TextPattern CMS 4.8.7 Shell Upload
Exploit Title: TextPattern CMS 4.8.7 - Remote Command Execution RCE Authenticated Date: 2021/09/06 Exploit Author: Mert Daş [email protected] Software Link: https://textpattern.com/filedownload/113/textpattern-4.8.7.zip Software web: https://textpattern.com/ Tested on: Server: Xampp First of...
SOYAL Biometric Access Control System 5.0 Master Code Disclosure
SOYAL Biometric Access Control System 5.0 Master Code Disclosure Vendor: SOYAL Technology Co., Ltd Product web page: https://www.soyal.com.tw | https://www.soyal.com Affected version: AR-727 i/CM - F/W: 5.0 AR837E/EF - F/W: 4.3 AR725Ev2 - F/W: 4.3 191231 AR331/725E - F/W: 4.2 AR837E/EF - F/W: 4.1...
Pulse Secure VPN Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Pulse Secure VPN gzip RCE', 'Description' = %q The Pulse Connect Secure appliance before 9.1R9 suffers from an uncontrolled gzip extraction...
Dolibarr 12.0.3 SQL Injection / Remote Code Execution
Exploit Title: Dolibarr 12.0.3, SQLi to RCE Date: 2/12/2020 Exploit Author: coiffeur Write Up: https://therealcoiffeur.github.io/c10010, https://therealcoiffeur.github.io/c10011 Vendor Homepage: https://www.dolibarr.org/ Software Link: https://www.dolibarr.org/downloads.php,...
OpenAsset Digital Asset Management IP Access Control Bypass
Title: IP access control bypass Product: OpenAsset Digital Asset Management by OpenAsset Vendor Homepage: https://www.openasset.com/ Vulnerable Version: 12.0.19 Cloud 11.2.1 On-premise Fixed Version: 12.0.20 Cloud 11.4.10 On-premise CVE Number: CVE-2020-28856 Author: Jack Misiura from The Missing...
Sierra Wireless AirLink ES450 ACEManager Information Exposure
Talos Vulnerability Report TALOS-2018-0754 Sierra Wireless AirLink ES450 ACEManager Information Exposure Vulnerability April 25, 2019 CVE Number CVE-2018-4069 Summary An information disclosure vulnerability exists in the ACEManager authentication functionality of Sierra Wireless AirLink ES450 FW...
Invision Community 4.5.4 Cross Site Scripting
Exploit Title: Invision Community 4.5.4 - 'Field Name' Stored Cross-Site Scripting Date: 02-12-2020 Exploit Author: Hemant Patidar HemantSolo Vendor Homepage: https://invisioncommunity.com/ Software Link: https://invisioncommunity.com/buy Version: 4.5.4 Tested on: Windows 10/Kali Linux Vulnerable...
Agent Tesla Panel Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Agent Tesla Panel Remote Code Execution', 'Description' = %q This module exploits a command injection vulnerability within the Agent Tesla contro...
Schneider Electric Pelco Endura NET55XX Encoder
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "Schneider Electric Pelco Endura NET55XX Encoder", 'Description' = %q This module exploits inadequate access controls within the webUI to enable...
Rapid7 Security Advisory 36
R7-0036: FCKEditor.NET File Upload Code Execution August 30, 2010 -- Vulnerability Details: FCKEditor contains a file renaming bug that allows remote code execution. Specifically, it is possible to upload ASP code via the ASP.NET connector in FCKEditor. The vulnerability requires that the remote...
Acelle Email Marketing 3.0.15 Arbitrary File Upload
==================================================================================================================================== | Title : Acelle Email Marketing v3.0.15 unrestricted file uploads Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozill...
Serenity / StartSharp Software File Upload / XSS / User Enumeration / Reusable Tokens
SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple Vulnerabilities product: Serenity and StartSharp Software vulnerable version: 6.7.1 fixed version: 6.7.1 or higher CVE number: CVE-2023-31285, CVE-2023-31286,...
Police Crime Record Management System 1.0 SQL Injection
Exploit Title: Police Crime Record Management System 1.0 - 'casedetails' SQL Injection Date: 12/08/2021 Exploit Author: Ömer Hasan Durmuş Software Link: https://www.sourcecodester.com/php/14894/police-crime-record-management-system.html Version: v1.0 Category: Webapps Tested on: Linux/Windows Ste...
VMware View Planner 4.6 Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'VMware View Planner Unauthenticated Log File Upload RCE', 'Description' = %q This module exploits an unauthenticated log file upload within the...
WordPress WP Forms 1.6.3.1 Cross SIte Scripting
Exploit Title : Wordpress Plugin WPForms 1.6.3.1 - Persistent Cross Site Scripting Authenticated Exploit Author : ZwX Exploit Date : 2020-10-23 Vendor Homepage : https://wpforms.com/ Download Plugin : https://downloads.wordpress.org/plugin/wpforms-lite.1.6.3.1.zip + Description Vulnerability:...
Paradox IP150 Internet Module 1.40.00 Cross Site Request Forgery
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Paradox IP150 Internet Module Cross-Site Request Forgery Link: https://github.com/sbaresearch/advisories/tree/public/2024/SBA-ADV-20240321-01ParadoxCrossSiteRequestForgery Vulnerability Overview The Paradox IP150 Internet Module in version 1.40.00 i...
WordPress Smart Product Review 1.0.4 Shell Upload
Exploit Title: Wordpress Plugin Smart Product Review 1.0.4 - Arbitrary File Upload Google Dork: inurl: /wp-content/plugins/smart-product-review/ Date: 16/11/2021 Exploit Author: Keyvan Hardani Vendor Homepage: https://demo.codeflist.com/wordpress-plugins/smart-product-review/ Version: = 1.0.4...
WordPress SP Project And Document Manager 4.21 Shell Upload
Exploit Title: Wordpress Plugin SP Project & Document Manager 4.21 - Remote Code Execution RCE Authenticated Date 07.07.2021 Exploit Author: Ron Jost Hacker5preme Vendor Homepage: https://smartypantsplugins.com/ Software Link:...
Sonatype Nexus 3.21.1 Remote Code Execution
Exploit Title: Sonatype Nexus 3.21.1 - Remote Code Execution Authenticated Exploit Author: 1F98D Original Author: Alvaro Muñoz Date: 27 May 2020 Vendor Hompage: https://www.sonatype.com/ CVE: CVE-2020-10199 Tested on: Windows 10 x64 References:...
Cabot 0.11.12 Cross Site Scripting
Exploit Title: Cabot 0.11.12 - Persistent Cross-Site Scripting Date: 2020-09-06 Exploit Author: Abhiram V Vendor Homepage: https://cabotapp.com/ Software Link: https://github.com/arachnys/cabot Version: 0.11.12 Tested on: Ubuntu Linux Introduction Cabot is a free, open-source, self-hosted...
Microsoft Office365 / ProPlus 16.0.11901.20204 Code Execution / Protection Bypass
Exploit Title: Microsoft Office Code Execution/Protection Bypass Exploit Author: Social Engineering Neo - @EngineeringNeo Software Link: https://products.office.com/en-nz/compare-all-microsoft-office-products Version: Office365/ProPlus - build 16.0.11901.20204 Tested on: Windows - build 18362.295...
FusionPBX 4.4.3 Remote Command Execution
Exploit Title: FusionPBX = 4.4.3 Command Injection RCE via XSS Date: 06-11-2019 Exploit Author: Dustin Cobb Vendor Homepage: https://www.fusionpbx.com Software Link: https://https://github.com/fusionpbx/fusionpbx Version: = 4.4.3 Tested on: Debian 8.11 CVE : CVE-2019-11408 XSS AND CVE-2019-11409...
PHP 5.2.3 imap_open Bypass
/tmp/test0001 $server = "x -oProxyCommand=echo\tZWNobyAnMTIzNDU2Nzg5MCc+L3RtcC90ZXN0MDAwMQo=|base64\t-d|sh"; imapopen''.$server.':143/imapINBOX', '', '' or die"\n\nError: ".imaplasterror;...
Traceroute 2.1.2 Privilege Escalation
Description: In Traceroute 2.0.12 through to 2.1.2 fixed in 2.1.3, the wrapper scripts mishandle shell metacharacters, which can lead to privilege escalation if the wrapper scripts are executed via sudo. The affected wrapper scripts are: tcptraceroute, tracepath, traceproto and traceroute-nanog...
Check Point Identity Agent Arbitrary File Write
Advisory: Privileged File Write Description =========== The Check Point Identity Agent allows low privileged users to write files to protected locations of the file system. Details ======= Advisory ID: usd-2021-0005 Product: Check Point Identity Agent Affected Version: R81.018.0000 Vulnerability...
Karel IP Phone IP1211 Web Management Panel Directory Traversal
Exploit Title: Karel IP Phone IP1211 Web Management Panel - Directory Traversal Exploit Author: Berat Gokberk ISLER Date: 2020-09-01 CVE: N/A Type: Webapps Vendor Homepage: https://www.karel.com.tr/urun-cozum/ip1211-ip-telefon Version: IP1211 Details Directory traversal vulnerability on the Karel...
ARM Mali r44p0 Use-After-Free
Arm Mali r44p0: UAF by freeing waitqueue with elements on it In Mali r44p0, it became possible to free the kbasecontext of a kbasefile while still having a file pointing to the kbasefile. This is supposed to be safe because of the kfile-fopscount and kfile-mapcount checks. However, kbasepoll will...
GLPI GZIP(Py3) 9.4.5 Remote Code Execution
!/usr/bin/env python3 Exploit Title: GLPI GZIPPy3 9.4.5 - RCE Date: 08-30-2021 Exploit Authors: Brian Peters & n3rada Vendor Homepage: https://glpi-project.org/ Software Link: https://github.com/glpi-project/glpi/releases Version: 0.8.5-9.4.5 Tested on: Exploit ran on Kali 2021. GLPI Ran on Windo...
Linux 6.4 io_uring Use-After-Free
iouring in Linux 6.4 suffers from a iouring page use-after-free condition via buffer ring mmap. Since commit c56e022c0a27 "iouring: add support for user mapped provided buffer ring", landed in Linux 6.4, iouring makes it possible to allocate, mmap, and deallocate "buffer rings". A "buffer ring" c...
WordPress Backup Migration 1.3.7 Remote Command Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'WordPress Backup Migration Plugin PHP Filter Chain RCE', 'Description' = %q This module exploits an unauth RCE in the WordPress plugin: Backup...
Zoom Meeting Connector Post-Auth Remote Root
!/usr/bin/python -- coding: UTF-8 -- zoomer.py Zoom Meeting Connector Post-auth Remote Root Exploit Jeremy Brown jbrown3264/gmail Dec 2020 The Meeting Connector Web Console listens on port 5480. On the dashboard under Network - Proxy, one can enable a proxy server. All of the fields are sanitized...
Dongyoung Media DM-AP240T/W Wireless Access Point Remote Configuration Disclosure
!/usr/bin/perl -w Dongyoung Media DM-AP240T/W Wireless Access Point Remote Configuration Disclosure Copyright 2019 c Todor Donev Disclaimer: This or previous programs are for Educational purpose ONLY. Do not use it without permission. The usual disclaimer applies, especially the fact that Todor...
Backdoor.Win32.NetSpy.10 Remote Command Execution
Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/45d413b46f1d14a45e8fd36921813d62.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.NetSpy.10 Vulnerability: Unauthenticated Remote Command Execution Description: The...
Opencart 3.0.3.8 Session Injection
Exploit Title: opencart 3.0.3.8 - Sessjion Injection Date: 28/11/2021 Exploit Author: Hubert Wojciechowski Contact Author: [email protected] Company: https://redteam.pl Vendor Homepage: https://www.opencart.com/ Software Link: https://www.opencart.com/ Version: 3.0.3.8 Testeted on: Windows 10...
GetSimple CMS My SMTP Contact 1.1.1 CSRF / Remote Code Execution
Exploit Title: GetSimple CMS My SMTP Contact Plugin = v1.1.1 - CSRF to RCE Exploit Author: Bobby Cooke boku Date: April 15th, 2021 Vendor Homepage: http://get-simple.info Software Link: http://get-simple.info/extend/download.php?file=files/18274/1221/my-smtp-contact1.1.1.zip&id=1221 Vendor:...
Apache OFBiz SOAP Java Deserialization
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'http://ofbiz.apache.org/service/', 'soapenv' = 'http://schemas.xmlsoap.org/soap/envelope/' .freeze def initializeinfo = super updateinfo info,...
Laravel Administrator 4 File Upload
Exploit title: Laravel Administrator 4 - Unrestricted File Upload Authenticated Author: Victor Campos and Xavi Beltran Contact: [email protected] Exploit Development: https://xavibel.com/2020/03/23/unrestricted-file-upload-in-frozennode-laravel-administrator/ Date: 25/3/2020 Software link:...