50738 matches found
Kirby CMS 3.5.3.1 Cross Site Scripting
Exploit Title: Kirby CMS 3.5.3.1 - 'file' Cross-Site Scripting XSS Date: 21-04-2021 Exploit Author: Sreenath Raghunathan Vendor Homepage: https://getkirby.com/ Software Link: https://github.com/getkirby/kirby Version: 3.5.3.1REQUIRED CVE : CVE-2021-29460 POST /api/users//avatar HTTP/1.1 Host:...
Joomla SIGE 3.4.1-FREE / 3.5.3-PRO RFI / Cross Site Scripting
Title: SIGE - Simple Image Gallery Extended joomla extension 3.4.1-FREE / 3.5.3-PRO - Multi Vulnerability Remote File Inclusion RFI & Cross Site Scripting XSS date: 2020-11-11 Vendor Homepage: https://kubik-rubik.de/ Software Link: https://kubik-rubik.de/sige-simple-image-gallery-extended Softwar...
Cisco RV320 / RV325 Unauthenticated Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "Cisco RV320 and RV325 Unauthenticated Remote Code Execution", 'Description' = %q This exploit module combines an information disclosure...
MySQL Authentication Bypass Password Dump
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'rex/proto/mysql/client' class MetasploitModule 'MySQL Authentication Bypass Password Dump', 'Description' = %Q This module exploits a password bypass...
Synology Forget Password User Enumeration Scanner
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Synology Forget Password User Enumeration Scanner', 'Description' = %q This module attempts to enumerate users on the Synology NAS by sending GET...
Backdoor.Win32.Ncx.b Buffer Overflow
Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/885e74a43b4f7caec3cfb4dba0787de4.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Ncx.b Vulnerability: Remote Stack Buffer Overflow Description: The malware listens on...
Lot Reservation Management System 1.0 SQL Injection
Exploit Title: lot reservation management system 1.0 - Authentication Bypass Date: 2020-10-22 Exploit Author: Ankita Pal Vendor Homepage: https://www.sourcecodester.com/php/14530/lot-reservation-management-system-using-phpmysqli-source-code.html Software Link:...
Apache Tomcat JSP Upload Bypass / Remote Code Execution
When running on Windows with HTTP PUTs enabled e.g. via setting the readonly initialisation parameter of the Default to false it was possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the...
Apple iOS 17.2.1 Screen Time Passcode Retrieval / Mitigation Bypass
Document Title: =============== Apple iOS 17.2.1 - Screen Time Passcode Retrieval Mitigation Bypass Release Date: ============= 2024-09-24 Affected Products: ==================== Vendor: Apple Inc. Product: Apple iOS 17.2.1 possibly all 18.0 excluding 18.0 References: ==================== VIDEO...
Apache Tomcat Privilege Escalation
This exploit sample shows how an exploit module could be written to exploit a bug in a command on a linux computer for priv esc. class MetasploitModule 'Apache Tomcat on RedHat Based Systems Insecure Temp Config Privilege Escalation', 'Description' = %q This module exploits a vulnerability in...
KONGA 0.14.9 Privilege Escalation
Exploit Title: KONGA 0.14.9 - Privilege Escalation Date: 10/11/2021 Exploit Author: Fabricio Salomao & Paulo Trindade @paulotrindadec Vendor Homepage: https://github.com/pantsel/konga Software Link: https://github.com/pantsel/konga/archive/refs/tags/0.14.9.zip Version: 0.14.9 Tested on: Linux -...
Backdoor.Win32.Agent.afq Missing Authentication
Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/853754de6b8ffbe1321a8c91aab5c232.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Agent.afq Vulnerability: Missing Authentication Description: The malwares built-in...
Simple Online Food Ordering System 1.0 SQL Injection
Exploit Title: Simple Online Food Ordering System 1.0 - 'id' SQL Injection Unauthenticated Google Dork: N/A Date: 2020-09-22 Exploit Author: Eren 'Aporlorxl23' Şimşek Vendor Homepage: https://www.sourcecodester.com/php/14460/simple-online-food-ordering-system-using-phpmysql.html Software Link:...
Hyland OnBase SQL Injection
CVSSv3.1 Score ------------------------------------------------- AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H Vendor ------------------------------------------------- Hyland Software - https://www.hyland.com/en/ and https://www.onbase.com/en/ Product ------------------------------------------------- Hylan...
WordPress 4.7.0 / 4.7.1 REST API Privilege Escalation
!/usr/bin/env python ''' WordPress 4.7.0-4.7.1 REST API Post privilege escalation / defacement exploit @dustyfresh Date: 02-01-2017 Original vuln disclosed by Sucuri's research team Reference: https://blog.sucuri.net/2017/02/content-injection-vulnerability-wordpress-rest-api.html...
MS16-032 Secondary Logon Handle Privilege Escalation
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' require 'msf/core/payloadgenerator' require 'msf/core/exploit/powershell' require 'rex' class MetasploitModule 'MS16-032 Secondary Logon Handle Privile...
Libssh Authentication Bypass Scanner
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'libssh Authentication Bypass Scanner', 'Description' = %q This module exploits an authentication bypass in libssh server code where a...
PHPJabbers Time Slots Booking Calendar 4.0 Missing Rate Limiting
Exploit Title: PHPJabbers Time Slots Booking Calendar v4.0 - No Rate Limit in Email Date: 19/11/2023 Exploit Author: BugsBD Limited Discover by: Rahad Chowdhury Vendor Homepage: https://www.phpjabbers.com/ Software Link: https://www.phpjabbers.com/time-slots-booking-calendar/ Version: v4.0 Tested...
Anuko Time Tracker 1.19.23.5311 Password Reset
Exploit Title: Anuko Time Tracker 1.19.23.5311 Password Reset Vulnerability leading to Account Takeover Date: 2020-11-11 Exploit Author: Mufaddal Masalawala Vendor Homepage: https://www.anuko.com/ Software Link: https://www.anuko.com/time-tracker/index.htm Version Tested: 1.19.23.5311 Patched...
vBulletin 5.5.4 Remote Code Execution
--------------------------------------------------------------------- vBulletin = 5.5.4 updateAvatar Remote Code Execution Vulnerability --------------------------------------------------------------------- - Software Link: https://www.vbulletin.com/ - Affected Versions: Version 5.5.4 and prior...
Korenix JetNet Series Unauthenticated Access
CyberDanube Security Research 20240109-0 ------------------------------------------------------------------------------- title| Multiple Vulnerabilities product| Korenix JetNet Series vulnerable version| See "Vulnerable versions" fixed version| - CVE number| CVE-2023-5376, CVE-2023-5347 impact|...
Senayan Library Management System 9.0.0 Cross Site Scripting
Title: Senayan Library Management System v9.0.0 a.k.a SLIMS 9 Multiple XSS-Reflected vulnerabilities Author: nu11secur1ty Date: 12.09.2022 Vendor: https://slims.web.id/web/ Software: https://github.com/slims/slims9bulian/releases/download/v9.0.0/slims9bulian-9.0.0.zip Reference:...
uftpd 2.10 Directory Traversal
Exploit Title: uftpd 2.10 - Directory Traversal Authenticated Google Dork: N/A Exploit Author: Aaron Esau arinerron Vendor Homepage: https://github.com/troglobit/uftpd Software Link: https://github.com/troglobit/uftpd Version: 2.7 to 2.10 Tested on: Linux CVE : CVE-2020-20277 Reference:...
Strapi 3.6.8 Password Disclosure / Insecure Handling
Exploit Title: Strapi " Date: 2022-03-30 Exploit Author: Kitchaphan Singchai idealphase Vendor Homepage: https://strapi.io/ Software Link: https://github.com/strapi/strapi/releases Vulnerable Version: ..SNIP.. Redirecting to /documentati...
Medical Hub Directory Site 1.0 SQL Injection
Title: Medical Hub Directory Site 1.0 Blind Time SQLi To Rce Author: Hejap Zairy Date: 30.07.2022 Vendor: https://www.sourcecodester.com/php/15252/simple-medical-hub-directory-site-phpoop-source-code.html Software:https://www.sourcecodester.com/sites/default/files/download/oretnom23/mhds.zip...
Simple Mobile Comparison Website 1.0 SQL Injection
Title: Simple Mobile Comparison Website v1.0 - SQLi Author: nu11secur1ty Date: 02.23.2022 Vendor: https://www.sourcecodester.com/users/tips23 Software: https://www.sourcecodester.com/php/15186/simple-mobile-comparison-website-phpoop-free-source-code.html Reference:...
Apache NiFi 0.0.2 Remote Code Execution
Apache NiFi version 0.0.2 proof of concept remote code execution exploit that takes advantage of a flaw from 2023. ============================================================================================================================================= | Title : Apache NiFi 0.0.2 RCE...
BYOB Unauthenticated Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'sqlite3' class MetasploitModule 'BYOB Unauthenticated RCE via Arbitrary File Write and Command Injection CVE-2024-45256, CVE-2024-45257', 'Description' = %q Thi...
WordPress Duplicator 1.3.26 Arbitrary File Read
Exploit Title: Wordpress Plugin Duplicator 1.3.26 - Unauthenticated Arbitrary File Read Date: October 16, 2021 Exploit Author: nam3lum Vendor Homepage: https://wordpress.org/plugins/duplicator/ Software Link: https://downloads.wordpress.org/plugin/duplicator.1.3.26.zip Version: 1.3.26 Tested on:...
PHP 7.2 imagecolormatch() Out-Of-Band Heap Write
&c= Example: GET/POST /exploit.php?f=0x7fe83d1bb480&c=id++/dev/shm/titi Target: PHP 7.2.x Tested on: PHP 7.2.12 / buf = unsigned long safeemallocsizeofunsigned long, 5 im2-colorsTotal, 0; for x=0; xsx; x++ for y=0; ysy; y++ color = im2-pixelsyx; rgb = im1-tpixelsyx; bp = buf + color 5; bp++++; bp...
Proxmox VE 7.4-1 TOTP Brute Force
Exploit Title: Proxmox VE TOTP Brute Force Date: 09/23/2023 Exploit Author: Cory Cline, Gabe Rust Vendor Homepage: https://www.proxmox.com/en/ Software Link: http://download.proxmox.com/iso/ Version: 5.4 - 7.4-1 Tested on: Debian CVE : CVE-2023-43320 import time import requests import urllib.pars...
Linux CoW Incorrect Access Grant
Linux: CoW can wrongly grant write access because of pinned references or THP bug I've stumbled over two ways in which copy-on-write of anonymous memory after fork is currently broken: Page references through the page refcount and a bug in THP logic. == Page refcount isn't being accounted for ==...
Microsoft OMI Management Interface Authentication Bypass
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'http://schemas.dmtf.org/wbem/wscim/1/cim-schema/2/SCXOperatingSystem' .freeze def initializeinfo = super updateinfo info, 'Name' = 'Microsoft OMI...
Sudo Buffer Overflow / Privilege Escalation
Exploit Title: Local Privilege Escalation - LPE Authors and Contributors: cts, help from r4j, debug by nu11secur1ty Date: 30.01.2021 Vendor: https://www.sudo.ws/ Link: https://www.sudo.ws/download.html CVE: CVE-2021-3156 + Credits: Ventsislav Varbanovski @ nu11secur1ty + Website:...
mojoPortal Forums 2.7.0.0 Cross Site Scripting
Exploit Title: mojoPortal forums 2.7.0.0 - 'Title' Persistent Cross-Site Scripting Date: 3-12-2020 Exploit Author: Sagar Banwa Vendor Homepage: https://mojoportal.com Software Link: https://www.mojoportal.com/download Version: 2.7.0.0 Tested on: Windows 10/Kali Linux Attack vector: This...
Customer Support System 1.0 Cross Site Request Forgery
Exploit Title: Customer Support System 1.0 - Cross-Site Request Forgery Admin Account Takeover Date: 2020-11-11 Exploit Author: Ahmed Abbas Vendor Homepage: https://www.sourcecodester.com/php/14587/customer-support-system-using-phpmysqli-source-code.html Software Link:...
Checkmk 2.3.0p2 / NagVis 1.9.40 Shell Upload
The NagVis component within Checkmk is vulnerable to remote code execution. An authenticated attacker with administrative level privileges is able to upload a malicious PHP file and modify specific settings to execute the contents of the file as PHP. KL-001-2025-002: Checkmk NagVis Remote Code...
Rapid7 Nexpose Installer 6.6.39 Local Privilege Escalation
Rapid7 Nexpose Installer 6.6.39 Local Privilege Escalation Vendor: Rapid7 Product web page: https://www.rapid7.com Affected version: sc qc nexposeengine SC QueryServiceConfig SUCCESS SERVICENAME: nexposeengine TYPE : 10 WIN32OWNPROCESS STARTTYPE : 2 AUTOSTART ERRORCONTROL : 0 IGNORE BINARYPATHNAM...
CMSMS 2.2.19 Arbitrary File Upload
Title: cmsms-2.2.19 - File Upload - RCE Author: nu11secur1ty Date: 12/29/2023 Vendor: https://www.cmsmadesimple.org/ Software: https://www.cmsmadesimple.org/downloads-header/cmsms/ Reference: https://portswigger.net/web-security/file-upload,...
Nagios XI getprofile.sh Remote Command Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Nagios XI Prior to 5.6.6 getprofile.sh Authenticated Remote Command Execution', 'Description' = %q This module exploits a vulnerability in the...
DMA Radius Manager 4.4.0 Cross Site Request Forgery
Exploit Title: DMA Radius Manager 4.4.0 - Cross-Site Request Forgery CSRF Date: April 8, 2021 04/08/2021 Exploit Author: Issac Briones Vendor Homepage: http://www.dmasoftlab.com/ Software Download: https://sourceforge.net/projects/radiusmanager/ Version: 4.4.0 CVE: CVE-2021-30147...
OpenAsset Digital Asset Management Cross Site Scripting
Title: Stored cross-site scripting XSS Product: OpenAsset Digital Asset Management by OpenAsset Vendor Homepage: https://www.openasset.com/ Vulnerable Version: 12.0.19 Cloud 11.2.1 On-premise Fixed Version: 12.0.23 Cloud 11.4.10 On-premise CVE Number: CVE-2020-28857 Author: Jack Misiura from The...
RAD SecFlow-1v SF_0290_2.3.01.26 Cross Site Scripting
Exploit Title: RAD SecFlow-1v SF02902.3.01.26 - Persistent Cross-Site Scripting Date: 2020-08-31 Exploit Author: Jonatan Schor and Uriel Yochpaz Vendor Homepage: https://www.rad.com/products/secflow-1v-IIoT-Gateway Version: SecFlow-1v os-image SF02902.3.01.26 Tested on: RAD SecFlow-1v CVE : N/A A...
QNAP QTS And Photo Station 6.0.3 Remote Command Execution
Exploit Title: QNAP QTS and Photo Station 6.0.3 - Remote Command Execution Exploit Author: Yunus YILDIRIM Th3Gundy Team: CT-Zer0 @CRYPTTECH - https://www.crypttech.com Date: 2020-05-28 Vendor Homepage: https://www.qnap.com Version: QTS 4.4.1 | Photo Station 6.0.3 CVE: CVE-2019-7192, CVE-2019-7193...
KeePass 2.44 Denial Of Service
Exploit Title : KeePass 2.44 - Denial of Service PoC Product : KeePass Password Safe Version : Help About KeePass Help any local help area Drag&Drop HTML File Save the contents to html. Payload-1: DoS & Run Cmd //=0;i-- tryo+=x.c" + "harAti;catchereturn o;f"\"function fx,yvar i,o=\"\\\""+...
Linux Kernel 4.4.0 Ubuntu DCCP Double-Free Privilege Escalation
// A proof-of-concept local root exploit for CVE-2017-6074. // Includes a semireliable SMAP/SMEP bypass. // Tested on 4.4.0-62-generic 83-Ubuntu kernel. // https://github.com/xairy/kernel-exploits/tree/master/CVE-2017-6074 // // Usage: // $ gcc poc.c -o pwn // $ ./pwn // . namespace sandbox setup...
BADPDF Malicious PDF Creator
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'BADPDF Malicious PDF Creator', 'Description' = ' This module can either creates a blank PDF file which contains a UNC link which can be used to...
SpamTitan 7.07 Remote Code Execution
Exploit Title: SpamTitan 7.07 - Unauthenticated Remote Code Execution Date: 2020-09-18 Exploit Author: Felipe Molina @felmoltor Vendor Homepage: https://www.titanhq.com/spamtitan/spamtitangateway/ Software Link: https://www.titanhq.com/signup/?producttype=spamtitangateway Version: 7.07 Tested on:...
RAD SecFlow-1v SF_0290_2.3.01.26 Cross Site Request Forgery
Exploit Title: RAD SecFlow-1v SF02902.3.01.26 - Cross-Site Request Forgery Reboot Date: 2020-08-31 Exploit Author: Uriel Yochpaz and Jonatan Schor Vendor Homepage: https://www.rad.com/products/secflow-1v-IIoT-Gateway Version: SecFlow-1v os-image SF02902.3.01.26 Tested on: RAD SecFlow-1v CVE : N/A...
Chrome CVE-2022-1096 Incomplete Fix
Chrome: Incomplete fix for CVE-2022-1096 VULNERABILITY DETAILS The fix for https://crbug.com/1309225 has modified SetPropertyInternal to fall back to SetSuperProperty whenever a property access interceptor is encountered because SetSuperProperty is robust against possible side effects caused by...