50773 matches found
OpenSMTPD 6.6.2 Remote Code Execution
Exploit Title: OpenSMTPD 6.6.2 - Remote Code Execution Date: 2020-01-29 Exploit Author: 1F98D Original Author: Qualys Security Advisory Vendor Homepage: https://www.opensmtpd.org/ Software Link: https://github.com/OpenSMTPD/OpenSMTPD/releases/tag/6.6.1p1 Version: OpenSMTPD '.formatsys.argv0...
Ship Ferry Ticket Reservation System 1.0 SQL Injection
Titles: SFTRS - PHP by: oretnom23 v1.0 Multiple-SQLi Bonus: FU + RCE & XSS - Information disclosure Author: nu11secur1ty Date: 09/14/2024 Vendor: https://github.com/oretnom23 Software: https://www.sourcecodester.com/php/14923/shipferry-ticket-reservation-system-using-php-free-source-code.html...
SMB Group Policy Preference Saved Passwords Enumeration
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'SMB Group Policy Preference Saved Passwords Enumeration', 'Description' = %Q This module enumerates files from target domain controllers and...
Concrete CMS 9.1.3 XPATH Injection
Title: concretecms-9.1.3 Xpath injection Author: nu11secur1ty Date: 11.28.2022 Vendor: https://www.concretecms.org/ Software: https://www.concretecms.org/download Reference: https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/concretecms.org/2022/concretecms-9.1.3 Description: The...
Windows sxssrv!BaseSrvActivationContextCacheDuplicateUnicodeString Heap Buffer Overflow
Windows: heap buffer overflow in sxssrv!BaseSrvActivationContextCacheDuplicateUnicodeString SUMMARY A heap buffer overflow issue exists in Windows 11 and earlier versions. A malicious application may be able to execute arbitrary code with SYSTEM privileges. VULNERABILITY DETAILS int64 fastcall...
Pearson Vue VTS 2.3.1911 Unquoted Service Path
Exploit Title: Pearson Vue VTS 2.3.1911 Installer - 'VUEApplicationWrapper' Unquoted Service Path Discovery by: Jok3r Discovery Date: 2020-09-14 Vendor Homepage: https://home.pearsonvue.com/ Software Link: https://vss.pearsonvue.com/VSSFiles/Documents/ENUTCInstallGuide/DownloadVTSInstaller.htm...
WordPress NexosReal Estate Theme 1.7 Cross Site Scripting / SQL Injection
Exploit Title: WordPress Theme NexosReal Estate 1.7 - 'searchorder' SQL Injection Google Dork: inurl:/wp-content/themes/nexos/ Date: 2020-06-17 Exploit Author: Vlad Vector Vendor: Sanljiljan https://themeforest.net/user/sanljiljan Software Version: 1.7 Software Link:...
Microsoft HVCIScan DLL Hijacking
Hi @ll, about a month ago Microsoft published HVCIScan-amd,arm64.exe, a "Tool to check devices for compatibility with memory integrity HVCI" The "Install instructions" on the download page tell: | Download the hvciscan.exe for your system architecture AMD64 or ARM64. | From an elevated command...
Atlassian Confluence WebWork OGNL Injection
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Atlassian Confluence WebWork OGNL Injection', 'Description' = %q This module exploits an OGNL injection in Atlassian Confluence's WebWork compone...
Sony BRAVIA Digital Signage 1.7.8 System API Information Disclosure
Sony BRAVIA Digital Signage 1.7.8 System API Information Disclosure Vendor: Sony Electronics Inc. Product web page: https://pro-bravia.sony.net https://pro-bravia.sony.net/resources/software/bravia-signage/ https://pro.sony/ueUS/products/display-software Affected version: =1.7.8 Summary: Sony's...
Multi Restaurant Table Reservation System 1.0 SQL Injection
Title: Multi Restaurant Table Reservation System - 'tableid' Unauthenticated SQL Injection Exploit Author: yunaranyancat Date: 02-11-2020 Vendor Homepage: www.sourcecodester.com Software Link: https://www.sourcecodester.com/sites/default/files/download/janobe/tablereservation.zip Version: 1.0...
Micro Focus UCMDB Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Micro Focus UCMDB Java Deserialization Unauthenticated Remote Code Execution', 'Description' = %q This module exploits two vulnerabilities, that...
EnBw SENEC Legacy Storage Box Exposed Interface
Advisory ID: Ph0s-2023-005 Product: EnBw - SENEC legacy storage box: V1-V3 Manufacturer: SENEC - a part of EnBw Affected Versions: Firmware: all as of 2023-06-19 Tested Versions: current Vulnerability Type: CWE-923: Improper Restriction of Communication Channel to Intended Endpoints Risk Level:...
Linux SELinux PTRACE_TRACEME Handler Use-After-Free
Linux: UAF read in SELinux handler for PTRACETRACEME There's a UAF read in the SELinux handler for PTRACETRACEME, selinuxptracetraceme. The bug was introduced in commit eb1231f73c4d7 "selinux: clarify task subjective and objective credentials". Part of the issue is that while the "cred" member...
Microsoft Exchange ProxyLogon Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Microsoft Exchange ProxyLogon RCE', 'Description' = %q This module exploit a vulnerability on Microsoft Exchange Server that allows an attacker...
Atlassian Confluence 6.12.1 Template Injection
Exploit Title: Atlassian Confluence Widget Connector Macro - SSTI Date: 21-Jan-2021 Exploit Author: 46o60 Vendor Homepage: https://www.atlassian.com/software/confluence Software Link: https://product-downloads.atlassian.com/software/confluence/downloads/atlassian-confluence-6.12.1-x64.bin Version...
Joomla API Improper Access Checks
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Joomla API Improper Access Checks', 'Description' = %q Joomla versions between 4.0.0 and 4.2.7, inclusive, contain an improper API access...
WordPress 4.7.0 / 4.7.1 Insert PHP Code Injection
Exploit Title: WordPress 4.7.0/4.7.1 Plugin Insert PHP - PHP Code Injection Exploit Author: sucuri.net @sucurisecurity Date: 2017-02-09 Google Dork : inurl:/wp-content/plugins/insert-php/ Vendor Homepage: https://fr.wordpress.org/plugins/insert-php/ Tested on: MSWin32 Version: 3.3.1 Explanation :...
Purchase Order Management 1.0 Shell Upload
Title: Purchase Order Management-1.0 - File Inclusion Vulnerabilities - Unprivileged user interaction - file upload in the server Author: nu11secur1ty Date: 03.06.2023 Vendor: https://www.sourcecodester.com/user/257130/activity Software:...
Microsoft Windows Uninitialized Variable Local Privilege Escalation
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core/post/file' require 'msf/core/exploit/exe' require 'msf/core/post/windows/priv' class MetasploitModule 'Microsoft Windows Uninitialized Variable Local...
Joomla GMapFP J3.5 / J3.5F Arbitrary File Upload
Exploit Title: Joomla! Component GMapFP J3.5/J3.5F - Unauthenticated Arbitrary File Upload Google Dork: inurl:''comgmapfp'' Date: 2020-03-27 Exploit Author: ThelastVvV Vendor Homepage:https://gmapfp.org/ Version:Version J3.5 /J3.5free Tested on: Ubuntu CVE:CVE-2020-23972 Description: An attacker...
Docker cgroups Container Escape
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Docker cgroups Container Escape', 'Description' = %q This exploit module takes advantage of a Docker image which has either the privileged flag, ...
PHPFusion 9.03.50 Remote Code Execution
Exploit Title: PHPFusion 9.03.50 - Remote Code Execution Date: 20/05/2021 Exploit Author: g0ldm45k Vendor Homepage: https://www.php-fusion.co.uk/home.php Software Link: https://www.php-fusion.co.uk/infusions/downloads/downloads.php?catid=30&downloadid=606 Version: 9.03.50 Tested on: Docker + Debi...
SquirrelMail 1.4.22 Cross Site Scripting
Advisory ID: SYSS-2019-016 Product: SquirrelMail Manufacturer: The SquirrelMail Project Affected Versions: 1.4.22, SVN Tested Versions: SVN Vulnerability Type: Cross-Site Scripting CWE-79 Risk Level: Medium Solution Status: Open Manufacturer Notification: 2019-04-17 Solution Date: N/A Public...
Safari Webkit Proxy Object Type Confusion
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Safari Webkit Proxy Object Type Confusion', 'Description' = %q This module exploits a type confusion bug in the Javascript Proxy object in WebKit...
Vsftpd 2.3.2 Denial Of Service
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 vsftpd 2.3.2 remote denial-of-service Author: Maksymilian Arciemowicz http://securityreason.com/ http://cxib.net/ Date: - - Dis.: 23.12.2010 - - Pub.: 01.03.2011 CVE: CVE-2011-0762 CERT: VU590604 Fix: vsftpd 2.3.4 15.02.2011 Affected Software verified...
Siemens A8000 CP-8050 / CP-8031 Code Execution / Command Injection
SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple Vulnerabilities including Unauthenticated RCE product: Siemens A8000 CP-8050 MASTER MODULE 6MF2805-0AA00 Siemens A8000 CP-8031 MASTER MODULE 6MF2803-1AA00...
Linux Kernel 5.1.x PTRACE_TRACEME pkexec Local Privilege Escalation
Exploit Title: Linux Kernel 5.1.x - 'PTRACETRACEME' pkexec Local Privilege Escalation 2 Date: 11/22/21 Exploit Author: Ujas Dhami Version: 4.19 - 5.2.1 Platform: Linux Tested on: Ubuntu 19.04 kernel 5.0.0-15-generic Parrot OS 4.5.1 kernel 4.19.0-parrot1-13t-amd64 Kali Linux kernel...
Dolibarr ERP / CRM 13.0.2 Cross Site Scripting
Trovent Security Advisory 2105-02 Stored cross-site scripting in Dolibarr ERP & CRM Overview Advisory ID: TRSA-2105-02 Advisory version: 1.0 Advisory status: Public Advisory URL: https://trovent.io/security-advisory-2105-02 Affected product: Dolibarr ERP & CRM Tested versions: Dolibarr 13.0.2...
Backdoor.Win32.Hupigon.afjk Man-In-The-Middle
Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/80b0fc8c0657c0ae7971f09af45c706bB.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Hupigon.afjk Vulnerability: Port Bounce Scan Description: The malware runs an FTP...
Cisco RV Authentication Bypass / Code Execution
IoT Inspector Research Lab Security Advisory IOT-20210414-0 title: Cisco RV series Authentication Bypass and Remote Command Execution vendor/product: Cisco https://www.cisco.com/ vulnerable version: RV16X/RV26X: 1.0.01.02 & below. RV34X: 1.0.03.20 & below. fixed version: RV16X/RV26X: 1.0.01.03...
Cassandra Web 0.5.0 Remote File Read
!/usr/bin/python -- coding: UTF-8 -- cassmoney.py Cassandra Web 0.5.0 Remote File Read Exploit Jeremy Brown jbrown3264/gmail Dec 2020 Cassandra Web is vulnerable to directory traversal due to the disabled Rack::Protection module. Apache Cassandra credentials are passed via the CLI in order for th...
Cisco ASA / FTD 9.6.4.42 Path Traversal
Exploit Title: Cisco ASA and FTD 9.6.4.42 - Path Traversal Date: 2020-10-10 Exploit Author: 3ndG4me Vendor: www.cisco.com Product: https://www.cisco.com/c/en/us/products/security/asa-firepower-services/index.html CVE : CVE-2020-3452 TARGET=$1 CISCOKNOWNFILES="logo.gif httpauth.html userdialog.htm...
Seat Reservation System 1.0 Cross Site Scripting
Exploit Title: Seat Reservation System 1.0 Persistent Cross-Site Scripting Date: 10-08-2020 Exploit Author: George Tsimpidas Vendor Homepage: www.sourcecodester.com Software Link: https://www.sourcecodester.com/sites/default/files/download/oretnom23/seat-reservation-system-using-php0.zip Version:...
📄 Zimbra Collaboration 10.0 / 10.1 Local File Inclusion
This is a proof of concept exploiting a local file inclusion vulnerability existing in the Webmail Classic UI of Zimbra Collaboration ZCS versions 10.0 and 10.1. The issue is due to improper handling of user-supplied request parameters in the RestFilter servlet. zimbramail-CVE-2025-68645-poc A...
HackTool.Win32.IpcScan.c Buffer Overflow
Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/8f44374d587eb1657d25da9628cb2b87.txt Contact: [email protected] Media: twitter.com/malvuln Threat: HackTool.Win32.IpcScan.c Vulnerability: Local Stack Buffer Overflow Description: Loading a specially...
Rapid7 Metasploit Framework msfvenom APK Template Command Injection
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'rex/zip/jar' class MetasploitModule 'Rapid7 Metasploit Framework msfvenom APK Template Command Injection', 'Description' = %q This module exploits a command...
Microsoft IIS WebDav ScStoragePathFromUrl Overflow
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule ' Microsoft IIS WebDav ScStoragePathFromUrl Overflow', 'Description' = %q Buffer overflow in the ScStoragePathFromUrl function in the WebDAV servic...
Wind River Software VxWorks 6.9 Weak Password Hashing Algorithms
The password hashing algorithm introduced in VxWorks 6.9 is considered insecure. This algorithm employs a single iteration of SHA-256 combined with a salt to hash user passwords. The password hashing algorithm used in VxWorks 7 24.04 is also considered insecure. This algorithm uses 5,000 iteratio...
osCommerce 4 Cross Site Scripting
Exploit Title: osCommerce 4 - Reflected XSS Exploit Author: skalvin Date: 22/04/2024 Vendor: osCommerce ltd. Vendor Homepage: https://www.oscommerce.com/ Software Link: https://demo.oscommerce.com/ Demo Link: https://demo.oscommerce.com/furniture/ Tested on: Windows 11 Pro Impact: Manipulate the...
Palo Alto Networks PAN-OS Unauthenticated Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Palo Alto Networks PAN-OS Unauthenticated Remote Code Execution', 'Description' = %q This module exploits two vulnerabilities in Palo Alto Networ...
ATX MiniCMTS200a Broadband Gateway 2.0 Credential Disclosure
Exploit Title: ATX MiniCMTS200a Broadband Gateway 2.0 - Credential Disclosure Date: 2020-11-20 Exploit Author: Zagros Bingol Vendor Homepage: http://www.atx.com Software Link: https://atx.com/products/commercial-services-gateways/minicmts200a-broadband-gateway/ Version: 2.0 and earlier Tested on:...
PHP Trainers SQL Injection
=========================================== PHP Trainers Blind SQL Injection =========================================== +Title : PHP Trainers SQL Injection +Software : PHP Trainers +Vendor : NN +Download : NN +Author : josalijoe +Contact : josalijoeatyahoodotcom +Home :...
PHP Event Calendar Lite Edition SQL Injection
Advisory ID: SYSS-2021-048 Product: PHP Event Calendar Manufacturer: Kayson Group Ltd. Affected Versions: PHP Event Calendar Lite edition Tested Versions: PHP Event Calendar Lite edition Vulnerability Type: SQL injection CWE-89 Risk Level: High Solution Status: Closed Manufacturer Notification:...
Argon Dashboard 1.1.2 SQL Injection
==================================================================================================================================== | Title : Argon Dashboard - v1.1.2 Auth By Pass Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 109.064-b...
Apache CouchDB Erlang Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Apache Couchdb Erlang RCE', 'Description' = %q In Apache CouchDB prior to 3.2.2, an attacker can access an improperly secured default installatio...
SonicWall SMA 10.2.1.0-17sv Password Reset
Exploit Title: SonicWall SMA 10.2.1.0-17sv - Password Reset Description: Overwrite the persistent database, resulting in password reset on reboot. Shodan Dork: https://www.shodan.io/search?query=title%3A%22Virtual+Office%22+%22Server%3A+SonicWall%22 Date: 10/19/2021 Exploit Author: Jacob Baines...
Acronis Cyber Backup 12.5 Build 16341 Server-Side Request Forgery
RCE Security Advisory https://www.rcesecurity.com 1. ADVISORY INFORMATION ======================= Product: Acronis Cyber Backup Vendor URL: https://www.acronis.com Type: Server-Side Request Forgery CWE-918 Date found: 2020-07-30 Date published: 2020-09-14 CVSSv3 Score: 8.3...
WordPress Insert Or Embed Articulate Content 4.2997 Remote Code Execution
Exploit Title: Authenticated code execution in insert-or-embed-articulate-content-into-wordpress Wordpress plugin Description: It is possible to upload and execute a PHP file using the plugin option to upload a zip archive Date: june 2019 Exploit Author: xulchibalraa Vendor Homepage:...
CloudMe Sync 1.11.2 Buffer Overflow
Exploit Title: CloudMe Sync v1.11.2 Buffer Overflow - WoW64 - DEP Bypass Date: 24.01.2019 Exploit Author: Matteo Malvica Vendor Homepage:https://www.cloudme.com/en Software: https://www.cloudme.com/downloads/CloudMe1112.exe Category: Remote Contact:https://twitter.com/matteomalvica Version: Cloud...