50773 matches found
Nagios XI 5.7.3 Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Nagios XI 5.6.0-5.7.3 - Mibs.php Authenticated Remote Code Exection', 'Description' = %q This module exploits CVE-2020-5791, an OS command...
WordPress WP Super Cache 1.7.1 Remote Code Execution
Exploit Title: WordPress Plugin WP Super Cache 1.7.1 - Remote Code Execution Authenticated Google Dork: inurl:/wp-content/plugins/wp-super-cache/ Date: 2021-03-13 Exploit Author: m0ze Version: Cache Location option. Direct access to the wp-cache-config.php file is not prohibited, so this...
Microsoft Outlook Web Access Build 15.1.1591 Header Injection
!/usr/bin/perl -w Microsoft Outlook Web Access build:15.1.1591 Remote Header 'Host' Injection Exploit Copyright 2019 c Todor Donev Disclaimer: This or previous programs are for Educational purpose ONLY. Do not use it without permission. The usual disclaimer applies, especially the fact that Todor...
WordPress 5.7 Media Library XML Injection
Exploit Title: WordPress 5.7 - 'Media Library' XML External Entity Injection XXE Authenticated Date: 16/09/2021 Exploit Author: David Utón M3n0sD0n4ld Vendor Homepage: https://wordpress.com Affected Version: WordPress 5.6-5.7 & PHP8 Tested on: Linux Ubuntu 18.04.5 LTS CVE : CVE-2021-29447...
Liferay Portal Remote Code Execution
Exploit Title: Data in Liferay Portal prior to 7.2.1 CE GA2 - Remote code execution Author: nu11secur1ty Date: 2020-01-24 Vendor: Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7961 https://github.com/nu11secur1ty/Windows10Exploits/tree/master/Undefined/CVE-2020-7961 CVE:...
Magento / Adobe Commerce Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'CosmicSting: Magento Arbitrary File Read CVE-2024-34102 + PHP Buffer Overflow in the iconv function of glibc CVE-2024-2961', 'Description' = %q...
Advantech iView NetworkServlet Command Injection
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Advantech iView NetworkServlet Command Injection', 'Description' = %q Versions of Advantech iView software below 5.7.04.6469 are vulnerable to an...
WordPress Popup 1.10.4 Cross Site Scripting
Exploit Title: WordPress Plugin Popup 1.10.4 - Reflected Cross-Site Scripting XSS Date: 3/28/2021 Author: 0xB9 Software Link: https://wordpress.org/plugins/popup-by-supsystic/ Version: 1.10.4 Tested on: Windows 10 CVE: CVE-2021-24275 1. Description: The plugin did not sanitize the tab parameter o...
phpFox 4.8.13 PHP Object Injection
-------------------------------------------------------------- phpFox = 4.8.13 redirect PHP Object Injection Vulnerability -------------------------------------------------------------- - Software Link: https://www.phpfox.com - Affected Versions: Version 4.8.13 and prior versions. - Vulnerability...
Microsoft Word Remote Code Execution
Title: Microsoft Word Remote Code Execution Vulnerability Author: nu11secur1ty Date: 04.14.2023 Vendor: https://www.microsoft.com/ Software: https://www.microsoft.com/en-us/microsoft-365/word?activetab=tabs%3afaqheaderregion3 Reference:...
Senayan Library Management System 9.2.0 Cross Site Scripting
Title: Senayan Library Management System v9.2.0 a.k.a SLIMS 9 XSS-Reflected - inserting gif - redirect to outside HTTPS server Author: nu11secur1ty Date: 12.19.2022 Vendor: https://slims.web.id/web/ Software: https://github.com/slims/slims9bulian/releases/tag/v9.2.0 Reference:...
Apple macOS Remote Events Memory Corruption
!/usr/bin/env python -- coding: UTF-8 -- naval.py Apple macOS Remote Events Remote Memory Corruption Vulnerability Jeremy Brown jbrown3264/gmail ===== Intro ===== eppc Hello from AEServer Remote Apple Events is a core service and remote system administration and automation tool for Macs. It can b...
TP-Link Cross Site Scripting
============================================================== Unauthenticated Stored Cross-site Scripting in Multiple TP-Link Devices ============================================================== Overview ======== Title:- Unauthenticated Stored Cross-site Scripting in TP-Link Devices. CVE-ID :-...
SNMP Community Login Scanner
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'metasploit/framework/communitystringcollection' require 'metasploit/framework/loginscanner/snmp' class MetasploitModule 'SNMP Community Login Scanner',...
TP-Link Archer AX21 Command Injection
!/usr/bin/python3 Exploit Title: TP-Link Archer AX21 - Unauthenticated Command Injection Date: 07/25/2023 Exploit Author: Voyag3r https://github.com/Voyag3r-Security Vendor Homepage: https://www.tp-link.com/us/ Version: TP-Link Archer AX21 AX1800 firmware versions before 1.1.4 Build 20230219...
py7zr 0.20.0 Directory Traversal
CVE-2022-44900: path traversal vulnerability in py7zr Directory traversal vulnerability in SevenZipFile.extractall function of the python library py7zr version 0.20.0 and earlier allow attackers to read arbitrary files on the local machine via malicious 7z file extraction. CVE-2022-44900...
VMware vCenter Server Unauthenticated Log4Shell JNDI Injection Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'VMware vCenter Server Unauthenticated JNDI Injection RCE via Log4Shell', 'Description' = %q VMware vCenter Server is affected by the Log4Shell...
Online Learning System 2.0 Remote Code Execution
Exploit Title: Online Learning System 2.0 - Remote Code Execution RCE Date: 15/11/2021 Exploit Author: djebbaranon Vendor Homepage: https://github.com/oretnom23 Software Link: https://www.sourcecodester.com/sites/default/files/download/oretnom23/elearningv20.zip Version: 2.0 Tested on: Kali linux...
WordPress LearnPress SQL Injection
Exploit Title: WordPress Plugin LearnPress /wp-admin 2. Login with a cred 3. Execute the payload POST /wordpress/wp-admin/post-new.php?posttype=lporder HTTP/1.1 Host: localhost User-Agent: Mozilla/5.0 Windows NT 10.0; Win64; x64; rv:89.0 Gecko/20100101 Firefox/89.0 Accept: application/json,...
Cisco HyperFlex HX Data Platform Command Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Cisco HyperFlex HX Data Platform Command Execution', 'Description' = %q This module exploits an unauthenticated command injection in Cisco...
html5_snmp 1.11 SQL Injection
Exploit Title: html5snmp 1.11 - 'RouterID' SQL Injection Date: 2019-11-01 Exploit Author: Cakes Vendor Homepage: https://github.com/lolypop55/html5snmp Software Link: https://github.com/lolypop55/html5snmp.git Version: 1.11 Tested on: CentOS 7 CVE: N/A PoC for error, time, boolean and Union based...
LightDM (Ubuntu 16.04/16.10) Privilege Escalation
Source: https://blogs.securiteam.com/index.php/archives/3134 Vulnerability Summary The following advisory describes a local privilege escalation via LightDM found in Ubuntu versions 16.10 / 16.04 LTS. Ubuntu is an open source software platform that runs everywhere from IoT devices, the smartphone...
📄 Mobile Mouse 3.6.0.4 WebSocket Remote Code Execution
Mobile Mouse version 3.6.0.4 contains a remote code execution vulnerability through its WebSocket interface. Exploit Title: Mobile Mouse 3.6.0.4 WebSocket Remote code execution Date: 06/17/2025 Exploit Author: Chokri Hammedi Vendor Homepage: https://mobilemouse.com/ Software Link:...
SMTP User Enumeration Utility
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'SMTP User Enumeration Utility', 'Description' = %q The SMTP service has two internal commands that allow the enumeration of users: VRFY confirmin...
ManageEngine ADSelfService Plus Custom Script Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'ManageEngine ADSelfService Plus Custom Script Execution', 'Description' = %q This module exploits the "custom script" feature of ADSelfService...
Simple Student Information System 1.0 SQL Injection
Exploit Title: Simple Student Information System 1.0 - SQL Injection Authentication Bypass Date: 13 April 2021 Exploit Author: Galuh Muhammad Iman Akbar GaluhID Vendor Homepage: https://www.sourcecodester.com/php/11400/simple-student-information-system-ajax-live-search.html Software Link:...
Sony BRAVIA Digital Signage 1.7.8 Unauthenticated Remote File Inclusion
Sony BRAVIA Digital Signage 1.7.8 Unauthenticated Remote File Inclusion Vendor: Sony Electronics Inc. Product web page: https://pro-bravia.sony.net https://pro-bravia.sony.net/resources/software/bravia-signage/ https://pro.sony/ueUS/products/display-software Affected version: =1.7.8 Summary: Sony...
Cisco Adaptive Security Appliance Software 9.7 Arbitrary File Deletion
Exploit Title: Cisco Adaptive Security Appliance Software 9.7 - Unauthenticated Arbitrary File Deletion Google Dork: inurl:/+CSCOE+/ Date: 2020-08-27 Exploit Author: 0xmmnbassel Vendor Homepage: https://www.cisco.com/c/en/us/products/security/asa-firepower-services/index.htmlmodels Version: Cisco...
Backdoor.Win32.Jokerdoor Buffer Overflow
Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/6ec85a641656f63f4de853468509d3e3.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Jokerdoor Vulnerability: Remote Stack Buffer Overflow Description: The malware listen...
Schlix CMS 2.2.6-6 Shell Upload / Directory Traversal
Exploit Title: Schlix CMS 2.2.6-6 - Arbitary File Upload And Directory Traversal Leads To RCE Authenticated Date: 21.05.2021 Exploit Author: Emir Polat Vendor Homepage: https://www.schlix.com/ Software Link: https://www.schlix.com/html/schlix-cms-downloads.html Version: 2.2.6-6 Tested On: Ubuntu...
Sony BRAVIA Digital Signage 1.7.8 Insecure Direct Object Reference
Sony BRAVIA Digital Signage 1.7.8 Client-Side Protection Bypass / IDOR Vendor: Sony Electronics Inc. Product web page: https://pro-bravia.sony.net https://pro-bravia.sony.net/resources/software/bravia-signage/ https://pro.sony/ueUS/products/display-software Affected version: =1.7.8 Summary: Sony'...
Siemens Energy Omnivise T3000 8.2 SP3 Privilege Escalation / File Download
SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple vulnerabilities product: Siemens Energy Omnivise T3000 vulnerable version: =8.2 SP3 fixed version: see solution section CVE number: CVE-2024-38876, CVE-2024-3887...
Apple iOS 17.2.1 Screen Time Passcode Retrieval / Mitigation Bypass
Document Title: =============== Apple iOS 17.2.1 - Screen Time Passcode Retrieval Mitigation Bypass Release Date: ============= 2024-09-24 Affected Products: ==================== Vendor: Apple Inc. Product: Apple iOS 17.2.1 possibly all 18.0 excluding 18.0 References: ==================== VIDEO...
My Movie Collection Sinatra App Login Cross Site Scripting
Document Title: =============== My Movie Collection Sinatra App - Login XSS Vulnerabilities References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2293 Release Date: ============= 2021-11-01 Vulnerability Laboratory ID VL-ID: ==================================...
OpenBSD OpenSMTPD 6.6 Remote Code Execution
Exploit Title: OpenBSD OpenSMTPD Remote Code Execution Vulnerability Date: 05/04/2021 Exploit Author: Tobias Marcotto Tested on: Kali Linux x64 Version: 6.6 Description: smtpmailaddr in smtpsession.c in OpenSMTPD 6.6, as used in OpenBSD 6.6 and other products, allows remote attackers to execute...
Discord Probot Arbitrary File Upload
Exploit Title: Discord Probot - Unrestricted File Upload Google Dork: N/A Date: 2021-02-08 Exploit Author: ThelastVvV Vendor Homepage:probot.io Version:Version 2021 Tested on: Debian 5.7.10-1parrot2 CVE:CVE-2021-26918 About: Probot is a discord very customizable multipurpose bot for welcome image...
Library Management System 2.0 SQL Injection
Exploit Title: Library Management System 2.0 - Auth Bypass SQL Injection Date: 2020-12-09 Exploit Author: Manish Solanki Vendor Homepage: https://www.sourcecodester.com/php/6849/library-management-system.html Software Link:...
OpenNetAdmin 18.1.1 Command Injection
class MetasploitModule 'OpenNetAdmin Ping Command Injection', 'Description' = %q This module exploits a command injection in OpenNetAdmin between 8.5.14 and 18.1.1. , 'Author' = 'mattpascoe', Vulnerability discovery 'Onur ER ' Metasploit module , 'References' = 'EDB', '47691' , 'DisclosureDate' =...
EA Origin Remote Code Execution
Exploit Title: EA Origin 10.5.38 Remote Code Execution Date: 05/22/2019 Exploit Author: Dominik Penner @zer0pwn Vendor Homepage: https://www.origin.com Software Link: https://www.origin.com/can/en-us/store/download Version: 10.5.38 and below Tested on: Windows 7, Windows 8, Windows 10 CVE :...
Qualcomm Adreno/KGSL Unchecked Cast / Type Confusion
Qualcomm Adreno/KGSL: unchecked cast of vma-vmfile-privatedata in kgslsetupdmabufuseraddr Tested on a Pixel 4 flame, on the latest update from 2023-02, which self-reports as SPL 2022-10-05, since I don't yet have any newer device with KGSL here - but as far as I can tell from the sources, it shou...
Microsoft SharePoint Server 2019 Remote Code Execution
Exploit Title: Microsoft SharePoint Server 2019 - Remote Code Execution 2 Google Dork: inurl:quicklinks.aspx Date: 2020-08-14 Exploit Author: West Shepherd Vendor Homepage: https://www.microsoft.com Version: SharePoint Enterprise Server 2013 Service Pack 1, SharePoint Enterprise Server 2016 ,...
Horde Groupware Webmail 5.2.22 Cross Site Scripting
Exploit Title: Horde Groupware Webmail 5.2.22 - Stored XSS Author: Alex Birnberg Testing and Debugging: Ventsislav Varbanovski @nu11secur1ty Date: 04.14.2021 Vendor: https://www.horde.org/apps/webmail Link: https://github.com/horde/webmail/releases CVE: CVE-2021-26929 + Exploit Source:...
eClass LMS 2.6 Shell Upload
...
HorizontCMS 1.0.0-beta Shell Upload
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'HorizontCMS Arbitrary PHP File Upload', 'Description' = %q This module exploits an arbitrary file upload vulnerability in HorizontCMS 1.0.0-beta ...
TinyMCE 5 HTML Injection
Exploit Title: iframe Injection\Html Injection TinyMCE 5 HTML WYSIWYG Date:18.10.2020 Author: Vincent666 ibn Winnie Software Link: https://www.tiny.cloud/features/ Tested on: Windows 10 Web Browser: Mozilla Firefox Blog : https://pentest-vincent.blogspot.com/ PoC:...
AudioCodes VoIP Phones Hardcoded Key
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2022-054 Product: AudioCodes VoIP Phones Manufacturer: AudioCodes Ltd. Affected Versions: Firmware Versions = 3.4.8.M4 Tested Versions: Firmware Version 3.4.4.1000 Vulnerability Type: Use of Hard-coded Cryptographic Key CWE-321 Ris...
Backdoor.Win32.Coredoor.10.a Man-In-The-Middle
Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/4d10cd3fa86239ade05d2b741892b1e5B.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Coredoor.10.a Vulnerability: Port Bounce Scan Description: The malware listens on TC...
Backdoor.Win32.Kwak.12 Denial Of Service
Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/c25393545e5ead3a35996ef9a887bd34C.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Kwak.12 Vulnerability: Remote Denial of Service Description: The backdoor runs an FT...
Audio Playback Recorder 3.2.2 Local Buffer Overflow
Exploit Title: Audio Playback Recorder 3.2.2 - Local Buffer Overflow SEH Date: 2020-09-08 Author: Felipe Winsnes Software Link: https://archive.org/download/tucows288670AudioPlaybackRecorder/AudioRec.exe Version: 3.2.2 Tested on: Windows 7 x86 Blog: https://whitecr0wz.github.io/ Proof of the...
Apache Tomcat JSP Upload Bypass / Remote Code Execution
When running on Windows with HTTP PUTs enabled e.g. via setting the readonly initialisation parameter of the Default to false it was possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the...