50738 matches found
Microsoft Windows 10 Build 17134 Local Privilege Escalation
include "stdafx.h" include include "resource.h" void DropResourceconst wchart rsrcName, const wchart filePath HMODULE hMod = GetModuleHandleNULL; HRSRC res = FindResourcehMod, MAKEINTRESOURCEIDRDATA1, rsrcName; DWORD dllSize = SizeofResourcehMod, res; void dllBuff = LoadResourcehMod, res; HANDLE...
Wind River Software VxWorks 6.9 Weak Password Hashing Algorithms
The password hashing algorithm introduced in VxWorks 6.9 is considered insecure. This algorithm employs a single iteration of SHA-256 combined with a salt to hash user passwords. The password hashing algorithm used in VxWorks 7 24.04 is also considered insecure. This algorithm uses 5,000 iteratio...
Asterisk 20.1.0 Denial Of Service
Asterisk susceptible to Denial of Service via DTLS Hello packets during call initiation - Fixed versions: 18.20.1, 20.5.1, 21.0.1,18.9-cert6 - Enable Security Advisory: https://github.com/EnableSecurity/advisories/tree/master/ES2023-01-asterisk-dtls-hello-race - Vendor Security Advisory:...
Argon Dashboard 1.1.2 SQL Injection
==================================================================================================================================== | Title : Argon Dashboard - v1.1.2 Auth By Pass Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 109.064-b...
Online Event Booking And Reservation System 1.0 Cross Site Scripting
Exploit Title: Online Event Booking and Reservation System 1.0 - 'reason' Stored Cross-Site Scripting XSS Exploit Author: Alon Leviev Date: 22-10-2021 Category: Web application Vendor Homepage: https://www.sourcecodester.com/php/14241/online-event-booking-and-reservation-system-phpmysql.html...
WordPress Insert Or Embed Articulate Content 4.2997 Remote Code Execution
Exploit Title: Authenticated code execution in insert-or-embed-articulate-content-into-wordpress Wordpress plugin Description: It is possible to upload and execute a PHP file using the plugin option to upload a zip archive Date: june 2019 Exploit Author: xulchibalraa Vendor Homepage:...
Mirth Connect 4.4.0 Remote Command Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Mirth Connect Deserialization RCE', 'Description' = %q A vulnerability exists within Mirth Connect due to its mishandling of deserialized data...
ZoneMinder Language Settings Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'ZoneMinder Language Settings Remote Code Execution', 'Description' = %q This module exploits arbitrary file write in debug log file option chaine...
Supply Chain Management System SQL Injection
Exploit Title: Supply Chain Management System - Auth Bypass SQL Injection Date: 2020-12-11 Exploit Author: Piyush Malviya Vendor Homepage: https://www.sourcecodester.com/php/14619/supply-chain-management-system-phpmysqli-full-source-code.html Software Link:...
PDF Complete 3.5.310.2002 Unquoted Service Path
Exploit Title: PDF Complete 3.5.310.2002 - 'pdfsvc.exe' Unquoted Service Path Discovery by: Zaira Alquicira Discovery Date: 2020-12-10 Vendor Homepage: https://pdf-complete.informer.com/3.5/ Tested Version: 3.5.310.2002 Vulnerability Type: Unquoted Service Path Tested on OS: Windows 10 Pro x64 es...
Dabman And Imperial Web Radio Devices Undocumented Telnet Backdoor
Document Title: =============== Dabman & Imperial i&d Web Radio Devices - Undocumented Telnet Backdoor & Command Execution Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2183 Video: https://www.vulnerability-lab.com/getcontent.php?id=2190...
Nethserver 7 / 8 Cross Site Scripting
CVE-2024-34058: Nethserver 7 & 8 stored cross-site scripting XSS in WebTop package Suggested description The WebTop package for NethServer 7 and 8 allows stored XSS for example, via the Subject field if an e-mail message. ------------------------------------------ Additional Information NethServe...
Apache Tomcat 8.5.63 / 9.0.43 HTTP Response Smuggling
Exploit Title: CVE-2024-21733 Apache Tomcat HTTP Request Smuggling Date: 1/31/2024 Exploit Author: xer0dayz Vendor Homepage: https://tomcat.apache.org/ Software Link: https://tomcat.apache.org/ Version: 8.5.7 to 8.5.63 or 9.0.44 or later CVE : CVE-2024-21733 Description: Apache Tomcat from 8.5.7...
Win32k NtGdiResetDC Use-After-Free / Local Privilege Escalation
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Win32k NtGdiResetDC Use After Free Local Privilege Elevation', 'Description' = %q A use after free vulnerability exists in the NtGdiResetDC...
OTRS 6.0.1 Remote Command Execution
Exploit Title: OTRS 6.0.1 - Remote Command Execution 2 Date: 21-04-2021 Exploit Author: Hex26 Vendor Homepage: https://www.otrs.com/ Software Link: http://ftp.otrs.org/pub/otrs/ Version: 4.0.1 - 4.0.26, 5.0.0 - 5.0.24, 6.0.0 - 6.0.1 Tested on: OTRS 5.0.2/CentOS 7.2.1511 CVE : CVE-2017-16921...
Twitter Analytics Open Redirect
================================================================================Twitter Analytics Open Redirect Vulnerability ================================================================================ Credit by Asheesh Anaconda Description An open redirect vulnerability exists in Twitter...
Input Director 1.4.3 Unquoted Service Path
Exploit Title: Input Director 1.4.3 - 'Input Director' Unquoted Service Path Discovery Date: 2020-09-08 Response from Input Director Support: 09/09/2020 Exploit Author: TOUHAMI Kasbaoui Vendor Homepage: https://www.inputdirector.com/ Version: 1.4.3 Tested on: Windows Server 2012, Windows 10 Find...
Sophos VPN Web Panel 2020 Denial Of Service
Exploit Title: Sophos VPN Web Panel 2020 - Denial of Service Poc Date: 2020-06-17 Exploit Author: Berk KIRAS Vendor Homepage: https://www.sophos.com/ Version:2020 Web Panel Tested on: Apache Berk KIRAS PwC - Cyber Security Specialist Sophos VPN Web Portal Denial of Service Vulnerability System...
15 TOTOLINK Routers Remote Command Execution
Hash: SHA512 Advisory Information Title: 15 TOTOLINK router models vulnerable to multiple RCEs Advisory URL: https://pierrekim.github.io/advisories/2015-totolink-0x00.txt Blog URL: https://pierrekim.github.io/blog/2015-07-16-15-TOTOLINK-products-vulnerable-to-multiple-RCEs.html Date published:...
Company's Recruitment Management System SQL Injection
Description of vulnerability: The Company's Recruitment Management System by: oretnom23 in id=2 of the parameter from viewvacancy app on-page appears to be vulnerable to SQL Injection - Stealing the Password Hashes attacks. The payloads 19424269' or '1309'='1309 and 39476597' or '2917'='2923 were...
ASUS TM-AC1900 Arbitrary Command Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'ASUS TM-AC1900 - Arbitrary Command Execution', 'Description' = %q This module exploits a code execution vulnerability within the ASUS TM-AC1900...
📄 Zimbra Collaboration 10.0 / 10.1 Local File Inclusion
This is a proof of concept exploiting a local file inclusion vulnerability existing in the Webmail Classic UI of Zimbra Collaboration ZCS versions 10.0 and 10.1. The issue is due to improper handling of user-supplied request parameters in the RestFilter servlet. zimbramail-CVE-2025-68645-poc A...
Pentaho Business Analytics / Pentaho Business Server 9.1 Remote Code Execution
Product: Pentaho Business Analytics / Pentaho Business Server Vendor / Manufacturer: Hitachi Affected Versions: = 9.1 Vulnerability Type: Remote Code Execution through Pentaho Report Bundles Solution Status: Fix Released on public GitHub repository Manufacturer Notification: 8th February 2021...
Client Management System 1.1 Cross Site Scripting
Exploit Title: Client Management System 1.1 - 'cname' Stored Cross-site scripting XSS Date: 2021-08-04 Exploit Author: Mohammad Koochaki Vendor Homepage: https://phpgurukul.com/client-management-system-using-php-mysql/ Software Link: https://phpgurukul.com/?smdprocessdownload=1&downloadid=10841...
Pallets Werkzeug 0.15.4 Path Traversal
!/usr/bin/env python3 PoC code by @faisalfs10x https://github.com/faisalfs10x """ $ pip3 install colorama==0.3.3, argparse, requests, urllib3 $ python3 CVE-2019-14322.py -l listtarget.txt" """ import argparse import urllib3 urllib3.disablewarningsurllib3.exceptions.InsecureRequestWarning import...
Pandora FMS 7.0 NG 749 SQL Injection
Exploit Title: Pandora FMS 7.0 NG 749 - 'CG Items' SQL Injection Authenticated Date: 11-14-2020 Exploit Author: Matthew Aberegg, Alex Prieto Vendor Homepage: https://pandorafms.com/ Patch Link: https://github.com/pandorafms/pandorafms/commit/1258a1a63535f60924fb69b1f7812c678570cc8e Software Link:...
Cisco Content Security Virtual Appliance M380 IronPort Remote Cross Site Host Modification
// // // Disclaimer: // This or previous programs are for Educational purpose ONLY. Do not use it without permission. // The usual disclaimer applies, especially the fact that Todor Donev is not liable for any damages // caused by direct or indirect use of the information or functionality provide...
Going1up The Newspaper CMS 1998-2019 1.x Open Redirection
Exploit Title : 1up! Software Going1up The Newspaper CMS 1998-2019 1.x Open Redirection Author Discovered By : KingSkrupellos Team : Cyberizm Digital Security Army Date : 26/02/2019 Vendor Homepage : going1up.com Software Information Link : going1up.com/main.asp?SectionID=4&SubSectionID=16 Softwa...
WordPress LMS 4.2.7 SQL Injection
CVE-2024-8522 LearnPress – WordPress LMS Plugin execute class-lp-course-db.php:564, LPCourseDB-getcourses Courses.php:241, LearnPress\Models\Courses::getcourses class-lp-rest-courses-v1-controller.php:502, LPJwtCoursesV1Controller-getcourses class-wp-rest-server.php:1230,...
Limesurvey Unauthenticated File Download
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework for extracting files require 'zip' class MetasploitModule 'Limesurvey Unauthenticated File Download', 'Description' = %q This module exploits an unauthenticated file...
Orangescrum 1.8.0 Privilege Escalation
Exploit Title: orangescrum 1.8.0 - Privilege escalation Authenticated Date: 07/10/2021 Exploit Author: Hubert Wojciechowski Contact Author: [email protected] Company: https://redteam.pl Vendor Homepage: https://www.orangescrum.org/ Software Link: https://www.orangescrum.org/ Version: 1.8.0 Teste...
WordPress File Manager 6.8 Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'WordPress File Manager Unauthenticated Remote Code Execution', 'Description' = %q The File Manager wp-file-manager plugin from 6.0 to 6.8 for...
MilleGPG5 5.9.2 Local Privilege Escalation
Exploit Title: MilleGPG5 5.9.2 Gennaio 2023 - Local Privilege Escalation / Incorrect Access Control Date: 2023-04-28 Exploit Author: Andrea Intilangelo Vendor Homepage: https://millegpg.it/ Software Homepage: https://millegpg.it - https://millewin.it/prodotti/governo-clinico-3/ Software Link:...
Laravel 11.0 Cross Site Scripting
/! - VULNERABILITY: Cross Site Scripting Laravel version 11.0 - Authenticated Persistent XSS - GOOGLE DORK: inurl:.com/?q= - GOOGLE DORK: Site:.com/?q= - DATE: 2024-12-01 - SECURITY RESEARCHER: E1.Coders - VENDOR: LARAVEL https://laravel.com/ - SOFTWARE LINK:...
Statamic CMS Cross Site Scripting
SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple Stored Cross-Site Scripting vulnerabilities product: Statamic CMS vulnerable version: =4.46.0, =3.4.17 CVE number: CVE-2024-24570 impact: high homepage:...
Serva 4.4.0 TFTP Remote Buffer Overflow
Exploit Title: Serva 4.4.0 TFTP Server Remote Buffer Overflow Metasploit Date: 2021-11-23 Exploit Author: Yehia Elghaly Vendor Homepage: https://www.vercot.com/ Software Link : https://www.vercot.com/serva/download/ServaCommunityv4.4.0-21081411.zip Tested Version: 4.4.0 Tested on: Windows XP SP3 ...
Inductive Automation Ignition Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Inductive Automation Ignition Remote Code Execution', 'Description' = %q This module exploits a Java deserialization vulnerability in the Inducti...
Sistem Informasi Pengumuman Kelulusan Online 1.0 CSRF
Exploit Title: Sistem Informasi Pengumuman Kelulusan Online 1.0 - Cross-Site Request Forgery Add Admin Google Dork: N/A Date: 2020-06-10 Exploit Author: Extinction Vendor Homepage: https://adikiss.net/ Software Link:...
📄 ERPNext 15.67.0 / Frappe 15.72.4 Blind SQL Injection
A time-based blind SQL injection vulnerability was discovered in the frappe.client.getvalue API endpoint in Frappe Framework version 15.72.4 and it is also present in ERPNext version 15.67.0. An authenticated user with access to the reporting/client API can inject SQL via the fieldname parameter...
📄 Android 13 Local Privilege Escalation
Android version 13 local privilege escalation proof of concept exploit. Exploit Title: Android 13 - Local Privilege Escalation Date: 2025-04-16 Exploit Author: Milad Karimi Ex3ptionaL Contact: [email protected] Zone-H: www.zone-h.org/archive/notifier=Ex3ptionaL Version: = 13 Tested on: Win,...
Dovecot IMAP Server 2.2 / 2.3 Denial Of Service
Affected product: Dovecot IMAP Server Internal reference: DOV-6601 Vulnerability type: CWE-770 Allocation of Resources Without Limits or Throttling Vulnerable version: 2.2, 2.3 Vulnerable component: lib-mail Report confidence: Confirmed Solution status: Fixed in 2.3.21.1 Researcher credits: Vendo...
CloudPanel 2.2.2 Privilege Escalation / Path Traversal
Title : Privilege Escalation through path traversal CVE ID : CVE-2023-33747 Exploit Author : EagleEye Github : https://github.com/EagleTube/CloudPanel/tree/main/CVE-2023-33747 Version Affected : CloudPanel v2.0.0 - v2.2.2 Vendor : CloudPanel.io Date : 31/05/2023 , 12:00 PM Step : Login as ssh as...
Microsoft SAFER Bypass
Hi @ll, Microsoft introduced SAFER alias Software Restriction Policies SRP with Windows XP about 20 years ago. See for the API, plus the TechNet articles "How Software Restriction Policies Work" and "Using Software Restriction Policies to Protect Against Unauthorized Software" for the use case...
Complaint Management System 1.0 Shell Upload
Title: Complaint Management System v1.0- unrestricted file upload leading to RCE Exploit Author: Mohamed Elobeid 0b3!d Date: 2020-08-21 Vendor Homepage: https://www.sourcecodester.com/php/14206/complaint-management-system.html Software Link:...
ZenTao Pro 8.8.2 Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'ZenTao Pro 8.8.2 Remote Code Execution', 'Description' = %q This module exploits a command injection vulnerability in ZenTao Pro 8.8.2 and earlie...
Microsoft Windows BasicRender.sys WARPGPUCMDSYNC NULL Pointer
A Null pointer deference exists in the WARPGPUCMDSYNC function of the BasicRender.sys driver. An unprivileged user can trigger the vulnerability to crash the system and deny the service to the rest of the users. PoC: include include D3DKMTCREATEDEVICE device = NULL; device = new D3DKMTCREATEDEVIC...
Employee Management System 1.0 SQL Injection
Exploit Title: Employee Management System 1.0 - txtfullname and txtphone SQL Injection Date: 2 Feb 2024 Exploit Author: Yevhenii Butenko Vendor Homepage: https://www.sourcecodester.com Software Link: https://www.sourcecodester.com/php/16999/employee-management-system.html Version: 1.0 Tested on:...
Senayan Library Management System 9.4.0 Cross Site Scripting
Title: Senayan Library Management System v9.4.0 a.k.a SLIMS 9 XSS-Reflected- PHPSESSID Hijacking Author: nu11secur1ty Date: 12.08.2022 Vendor: https://slims.web.id/web/ Software: https://slims.web.id/web/news/rilis-9.4.0/ Reference:...
mRemoteNG 1.77.3.1784-NB Sensitive Information Extraction
Exploit Title: mRemoteNG v1.77.3.1784-NB - Cleartext Storage of Sensitive Information in Memory Google Dork: - Date: 21.07.2023 Exploit Author: Maximilian Barz Vendor Homepage: https://mremoteng.org/ Software Link: https://mremoteng.org/download Version: mRemoteNG = v1.77.3.1784-NB Tested on:...
Nagios XI 5.7.3 Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Nagios XI 5.6.0-5.7.3 - Mibs.php Authenticated Remote Code Exection', 'Description' = %q This module exploits CVE-2020-5791, an OS command...