50738 matches found
Opencart 3.0.3.8 Session Injection
Exploit Title: opencart 3.0.3.8 - Sessjion Injection Date: 28/11/2021 Exploit Author: Hubert Wojciechowski Contact Author: [email protected] Company: https://redteam.pl Vendor Homepage: https://www.opencart.com/ Software Link: https://www.opencart.com/ Version: 3.0.3.8 Testeted on: Windows 10...
WordPress NexosReal Estate Theme 1.7 Cross Site Scripting / SQL Injection
Exploit Title: WordPress Theme NexosReal Estate 1.7 - 'searchorder' SQL Injection Google Dork: inurl:/wp-content/themes/nexos/ Date: 2020-06-17 Exploit Author: Vlad Vector Vendor: Sanljiljan https://themeforest.net/user/sanljiljan Software Version: 1.7 Software Link:...
OpenSMTPD 6.6.2 Remote Code Execution
Exploit Title: OpenSMTPD 6.6.2 - Remote Code Execution Date: 2020-01-29 Exploit Author: 1F98D Original Author: Qualys Security Advisory Vendor Homepage: https://www.opensmtpd.org/ Software Link: https://github.com/OpenSMTPD/OpenSMTPD/releases/tag/6.6.1p1 Version: OpenSMTPD '.formatsys.argv0...
Ship Ferry Ticket Reservation System 1.0 SQL Injection
Titles: SFTRS - PHP by: oretnom23 v1.0 Multiple-SQLi Bonus: FU + RCE & XSS - Information disclosure Author: nu11secur1ty Date: 09/14/2024 Vendor: https://github.com/oretnom23 Software: https://www.sourcecodester.com/php/14923/shipferry-ticket-reservation-system-using-php-free-source-code.html...
Windows sxssrv!BaseSrvActivationContextCacheDuplicateUnicodeString Heap Buffer Overflow
Windows: heap buffer overflow in sxssrv!BaseSrvActivationContextCacheDuplicateUnicodeString SUMMARY A heap buffer overflow issue exists in Windows 11 and earlier versions. A malicious application may be able to execute arbitrary code with SYSTEM privileges. VULNERABILITY DETAILS int64 fastcall...
Pearson Vue VTS 2.3.1911 Unquoted Service Path
Exploit Title: Pearson Vue VTS 2.3.1911 Installer - 'VUEApplicationWrapper' Unquoted Service Path Discovery by: Jok3r Discovery Date: 2020-09-14 Vendor Homepage: https://home.pearsonvue.com/ Software Link: https://vss.pearsonvue.com/VSSFiles/Documents/ENUTCInstallGuide/DownloadVTSInstaller.htm...
SMB Group Policy Preference Saved Passwords Enumeration
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'SMB Group Policy Preference Saved Passwords Enumeration', 'Description' = %Q This module enumerates files from target domain controllers and...
Microsoft HVCIScan DLL Hijacking
Hi @ll, about a month ago Microsoft published HVCIScan-amd,arm64.exe, a "Tool to check devices for compatibility with memory integrity HVCI" The "Install instructions" on the download page tell: | Download the hvciscan.exe for your system architecture AMD64 or ARM64. | From an elevated command...
Sony BRAVIA Digital Signage 1.7.8 System API Information Disclosure
Sony BRAVIA Digital Signage 1.7.8 System API Information Disclosure Vendor: Sony Electronics Inc. Product web page: https://pro-bravia.sony.net https://pro-bravia.sony.net/resources/software/bravia-signage/ https://pro.sony/ueUS/products/display-software Affected version: =1.7.8 Summary: Sony's...
Multi Restaurant Table Reservation System 1.0 SQL Injection
Title: Multi Restaurant Table Reservation System - 'tableid' Unauthenticated SQL Injection Exploit Author: yunaranyancat Date: 02-11-2020 Vendor Homepage: www.sourcecodester.com Software Link: https://www.sourcecodester.com/sites/default/files/download/janobe/tablereservation.zip Version: 1.0...
Micro Focus UCMDB Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Micro Focus UCMDB Java Deserialization Unauthenticated Remote Code Execution', 'Description' = %q This module exploits two vulnerabilities, that...
EnBw SENEC Legacy Storage Box Exposed Interface
Advisory ID: Ph0s-2023-005 Product: EnBw - SENEC legacy storage box: V1-V3 Manufacturer: SENEC - a part of EnBw Affected Versions: Firmware: all as of 2023-06-19 Tested Versions: current Vulnerability Type: CWE-923: Improper Restriction of Communication Channel to Intended Endpoints Risk Level:...
Linux SELinux PTRACE_TRACEME Handler Use-After-Free
Linux: UAF read in SELinux handler for PTRACETRACEME There's a UAF read in the SELinux handler for PTRACETRACEME, selinuxptracetraceme. The bug was introduced in commit eb1231f73c4d7 "selinux: clarify task subjective and objective credentials". Part of the issue is that while the "cred" member...
Atlassian Confluence 6.12.1 Template Injection
Exploit Title: Atlassian Confluence Widget Connector Macro - SSTI Date: 21-Jan-2021 Exploit Author: 46o60 Vendor Homepage: https://www.atlassian.com/software/confluence Software Link: https://product-downloads.atlassian.com/software/confluence/downloads/atlassian-confluence-6.12.1-x64.bin Version...
Microsoft Exchange ProxyLogon Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Microsoft Exchange ProxyLogon RCE', 'Description' = %q This module exploit a vulnerability on Microsoft Exchange Server that allows an attacker...
Microsoft Windows Uninitialized Variable Local Privilege Escalation
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core/post/file' require 'msf/core/exploit/exe' require 'msf/core/post/windows/priv' class MetasploitModule 'Microsoft Windows Uninitialized Variable Local...
Joomla GMapFP J3.5 / J3.5F Arbitrary File Upload
Exploit Title: Joomla! Component GMapFP J3.5/J3.5F - Unauthenticated Arbitrary File Upload Google Dork: inurl:''comgmapfp'' Date: 2020-03-27 Exploit Author: ThelastVvV Vendor Homepage:https://gmapfp.org/ Version:Version J3.5 /J3.5free Tested on: Ubuntu CVE:CVE-2020-23972 Description: An attacker...
WordPress 4.7.0 / 4.7.1 Insert PHP Code Injection
Exploit Title: WordPress 4.7.0/4.7.1 Plugin Insert PHP - PHP Code Injection Exploit Author: sucuri.net @sucurisecurity Date: 2017-02-09 Google Dork : inurl:/wp-content/plugins/insert-php/ Vendor Homepage: https://fr.wordpress.org/plugins/insert-php/ Tested on: MSWin32 Version: 3.3.1 Explanation :...
Joomla API Improper Access Checks
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Joomla API Improper Access Checks', 'Description' = %q Joomla versions between 4.0.0 and 4.2.7, inclusive, contain an improper API access...
Purchase Order Management 1.0 Shell Upload
Title: Purchase Order Management-1.0 - File Inclusion Vulnerabilities - Unprivileged user interaction - file upload in the server Author: nu11secur1ty Date: 03.06.2023 Vendor: https://www.sourcecodester.com/user/257130/activity Software:...
PHPFusion 9.03.50 Remote Code Execution
Exploit Title: PHPFusion 9.03.50 - Remote Code Execution Date: 20/05/2021 Exploit Author: g0ldm45k Vendor Homepage: https://www.php-fusion.co.uk/home.php Software Link: https://www.php-fusion.co.uk/infusions/downloads/downloads.php?catid=30&downloadid=606 Version: 9.03.50 Tested on: Docker + Debi...
Docker cgroups Container Escape
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Docker cgroups Container Escape', 'Description' = %q This exploit module takes advantage of a Docker image which has either the privileged flag, ...
Safari Webkit Proxy Object Type Confusion
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Safari Webkit Proxy Object Type Confusion', 'Description' = %q This module exploits a type confusion bug in the Javascript Proxy object in WebKit...
Linux Kernel 5.1.x PTRACE_TRACEME pkexec Local Privilege Escalation
Exploit Title: Linux Kernel 5.1.x - 'PTRACETRACEME' pkexec Local Privilege Escalation 2 Date: 11/22/21 Exploit Author: Ujas Dhami Version: 4.19 - 5.2.1 Platform: Linux Tested on: Ubuntu 19.04 kernel 5.0.0-15-generic Parrot OS 4.5.1 kernel 4.19.0-parrot1-13t-amd64 Kali Linux kernel...
Dolibarr ERP / CRM 13.0.2 Cross Site Scripting
Trovent Security Advisory 2105-02 Stored cross-site scripting in Dolibarr ERP & CRM Overview Advisory ID: TRSA-2105-02 Advisory version: 1.0 Advisory status: Public Advisory URL: https://trovent.io/security-advisory-2105-02 Affected product: Dolibarr ERP & CRM Tested versions: Dolibarr 13.0.2...
SquirrelMail 1.4.22 Cross Site Scripting
Advisory ID: SYSS-2019-016 Product: SquirrelMail Manufacturer: The SquirrelMail Project Affected Versions: 1.4.22, SVN Tested Versions: SVN Vulnerability Type: Cross-Site Scripting CWE-79 Risk Level: Medium Solution Status: Open Manufacturer Notification: 2019-04-17 Solution Date: N/A Public...
Backdoor.Win32.Hupigon.afjk Man-In-The-Middle
Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/80b0fc8c0657c0ae7971f09af45c706bB.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Hupigon.afjk Vulnerability: Port Bounce Scan Description: The malware runs an FTP...
Seat Reservation System 1.0 Cross Site Scripting
Exploit Title: Seat Reservation System 1.0 Persistent Cross-Site Scripting Date: 10-08-2020 Exploit Author: George Tsimpidas Vendor Homepage: www.sourcecodester.com Software Link: https://www.sourcecodester.com/sites/default/files/download/oretnom23/seat-reservation-system-using-php0.zip Version:...
Siemens A8000 CP-8050 / CP-8031 Code Execution / Command Injection
SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple Vulnerabilities including Unauthenticated RCE product: Siemens A8000 CP-8050 MASTER MODULE 6MF2805-0AA00 Siemens A8000 CP-8031 MASTER MODULE 6MF2803-1AA00...
Atlassian Confluence WebWork OGNL Injection
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Atlassian Confluence WebWork OGNL Injection', 'Description' = %q This module exploits an OGNL injection in Atlassian Confluence's WebWork compone...
Cassandra Web 0.5.0 Remote File Read
!/usr/bin/python -- coding: UTF-8 -- cassmoney.py Cassandra Web 0.5.0 Remote File Read Exploit Jeremy Brown jbrown3264/gmail Dec 2020 Cassandra Web is vulnerable to directory traversal due to the disabled Rack::Protection module. Apache Cassandra credentials are passed via the CLI in order for th...
Rapid7 Metasploit Framework msfvenom APK Template Command Injection
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'rex/zip/jar' class MetasploitModule 'Rapid7 Metasploit Framework msfvenom APK Template Command Injection', 'Description' = %q This module exploits a command...
osCommerce 4 Cross Site Scripting
Exploit Title: osCommerce 4 - Reflected XSS Exploit Author: skalvin Date: 22/04/2024 Vendor: osCommerce ltd. Vendor Homepage: https://www.oscommerce.com/ Software Link: https://demo.oscommerce.com/ Demo Link: https://demo.oscommerce.com/furniture/ Tested on: Windows 11 Pro Impact: Manipulate the...
Palo Alto Networks PAN-OS Unauthenticated Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Palo Alto Networks PAN-OS Unauthenticated Remote Code Execution', 'Description' = %q This module exploits two vulnerabilities in Palo Alto Networ...
Cisco RV Authentication Bypass / Code Execution
IoT Inspector Research Lab Security Advisory IOT-20210414-0 title: Cisco RV series Authentication Bypass and Remote Command Execution vendor/product: Cisco https://www.cisco.com/ vulnerable version: RV16X/RV26X: 1.0.01.02 & below. RV34X: 1.0.03.20 & below. fixed version: RV16X/RV26X: 1.0.01.03...
ATX MiniCMTS200a Broadband Gateway 2.0 Credential Disclosure
Exploit Title: ATX MiniCMTS200a Broadband Gateway 2.0 - Credential Disclosure Date: 2020-11-20 Exploit Author: Zagros Bingol Vendor Homepage: http://www.atx.com Software Link: https://atx.com/products/commercial-services-gateways/minicmts200a-broadband-gateway/ Version: 2.0 and earlier Tested on:...
Cisco ASA / FTD 9.6.4.42 Path Traversal
Exploit Title: Cisco ASA and FTD 9.6.4.42 - Path Traversal Date: 2020-10-10 Exploit Author: 3ndG4me Vendor: www.cisco.com Product: https://www.cisco.com/c/en/us/products/security/asa-firepower-services/index.html CVE : CVE-2020-3452 TARGET=$1 CISCOKNOWNFILES="logo.gif httpauth.html userdialog.htm...
Microsoft IIS WebDav ScStoragePathFromUrl Overflow
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule ' Microsoft IIS WebDav ScStoragePathFromUrl Overflow', 'Description' = %q Buffer overflow in the ScStoragePathFromUrl function in the WebDAV servic...
PHP Trainers SQL Injection
=========================================== PHP Trainers Blind SQL Injection =========================================== +Title : PHP Trainers SQL Injection +Software : PHP Trainers +Vendor : NN +Download : NN +Author : josalijoe +Contact : josalijoeatyahoodotcom +Home :...
Wind River Software VxWorks 6.9 Weak Password Hashing Algorithms
The password hashing algorithm introduced in VxWorks 6.9 is considered insecure. This algorithm employs a single iteration of SHA-256 combined with a salt to hash user passwords. The password hashing algorithm used in VxWorks 7 24.04 is also considered insecure. This algorithm uses 5,000 iteratio...
HackTool.Win32.IpcScan.c Buffer Overflow
Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/8f44374d587eb1657d25da9628cb2b87.txt Contact: [email protected] Media: twitter.com/malvuln Threat: HackTool.Win32.IpcScan.c Vulnerability: Local Stack Buffer Overflow Description: Loading a specially...
Vsftpd 2.3.2 Denial Of Service
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 vsftpd 2.3.2 remote denial-of-service Author: Maksymilian Arciemowicz http://securityreason.com/ http://cxib.net/ Date: - - Dis.: 23.12.2010 - - Pub.: 01.03.2011 CVE: CVE-2011-0762 CERT: VU590604 Fix: vsftpd 2.3.4 15.02.2011 Affected Software verified...
Argon Dashboard 1.1.2 SQL Injection
==================================================================================================================================== | Title : Argon Dashboard - v1.1.2 Auth By Pass Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 109.064-b...
Apache CouchDB Erlang Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Apache Couchdb Erlang RCE', 'Description' = %q In Apache CouchDB prior to 3.2.2, an attacker can access an improperly secured default installatio...
PHP Event Calendar Lite Edition SQL Injection
Advisory ID: SYSS-2021-048 Product: PHP Event Calendar Manufacturer: Kayson Group Ltd. Affected Versions: PHP Event Calendar Lite edition Tested Versions: PHP Event Calendar Lite edition Vulnerability Type: SQL injection CWE-89 Risk Level: High Solution Status: Closed Manufacturer Notification:...
Acronis Cyber Backup 12.5 Build 16341 Server-Side Request Forgery
RCE Security Advisory https://www.rcesecurity.com 1. ADVISORY INFORMATION ======================= Product: Acronis Cyber Backup Vendor URL: https://www.acronis.com Type: Server-Side Request Forgery CWE-918 Date found: 2020-07-30 Date published: 2020-09-14 CVSSv3 Score: 8.3...
CloudMe Sync 1.11.2 Buffer Overflow
Exploit Title: CloudMe Sync v1.11.2 Buffer Overflow - WoW64 - DEP Bypass Date: 24.01.2019 Exploit Author: Matteo Malvica Vendor Homepage:https://www.cloudme.com/en Software: https://www.cloudme.com/downloads/CloudMe1112.exe Category: Remote Contact:https://twitter.com/matteomalvica Version: Cloud...
Microsoft Windows 10 Build 17134 Local Privilege Escalation
include "stdafx.h" include include "resource.h" void DropResourceconst wchart rsrcName, const wchart filePath HMODULE hMod = GetModuleHandleNULL; HRSRC res = FindResourcehMod, MAKEINTRESOURCEIDRDATA1, rsrcName; DWORD dllSize = SizeofResourcehMod, res; void dllBuff = LoadResourcehMod, res; HANDLE...
MySQL 5.7.15 / 5.6.33 / 5.5.52 Remote Code Execution
============================================= - Discovered by: Dawid Golunski - http://legalhackers.com - dawid at legalhackers.com - CVE-2016-6662 - Release date: 12.09.2016 - Severity: Critical ============================================= I. VULNERABILITY ------------------------- MySQL = 5.7....
Asterisk 20.1.0 Denial Of Service
Asterisk susceptible to Denial of Service via DTLS Hello packets during call initiation - Fixed versions: 18.20.1, 20.5.1, 21.0.1,18.9-cert6 - Enable Security Advisory: https://github.com/EnableSecurity/advisories/tree/master/ES2023-01-asterisk-dtls-hello-race - Vendor Security Advisory:...