50784 matches found
Medical Center Portal Management System 1.0 Cross Site Scripting
Exploit Title: Medical Center Portal Management System 1.0 - Multiple Stored XSS Exploit Author: Saeed Bala Ahmed r0b0tG4nG Date: 2020-12-10 Google Dork: N/A Vendor Homepage: https://www.sourcecodester.com/php/14594/medical-center-portal-management-system.html Software Link:...
SpamTitan 7.07 Remote Code Execution
Exploit Title: SpamTitan 7.07 - Unauthenticated Remote Code Execution Date: 2020-09-18 Exploit Author: Felipe Molina @felmoltor Vendor Homepage: https://www.titanhq.com/spamtitan/spamtitangateway/ Software Link: https://www.titanhq.com/signup/?producttype=spamtitangateway Version: 7.07 Tested on:...
📄 Dahua TPC-AEBF5201 P2P Camera ToolsComplete Security Analysis Suite
This PHP proof-of-concept provides defensive tooling to analyze DH-P2P / Easy4IP behaviors observed during DFIR activities. It includes routines to decrypt Account1SecEData, derive device-specific cryptographic keys, and reproduce authentication code generation logic. The project is intended to...
SPIP Remote Command Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'SPIP form PHP Injection', 'Description' = %q This module exploits a PHP code injection in SPIP. The vulnerability exists in the oubli parameter a...
Chrome CVE-2022-1096 Incomplete Fix
Chrome: Incomplete fix for CVE-2022-1096 VULNERABILITY DETAILS The fix for https://crbug.com/1309225 has modified SetPropertyInternal to fall back to SetSuperProperty whenever a property access interceptor is encountered because SetSuperProperty is robust against possible side effects caused by...
TYPO3 femanager 6.3.0 Cross Site Scripting
SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Stored Cross-Site Scripting vulnerability product: TYPO3 extension "femanager" vulnerable version: 6.0.0 - 6.3.0 and 5.5.0 and below fixed version: 6.3.1 and 5.5.1 CVE...
Gerdab.ir SQL Injection
This site belongs to the Revolutionary Guards Intelligence Organization of the Islamic Republic of Iran IRGC, which has a security problem with the SQL INJECTION Vulnerability "CWE-89". We have repeatedly reported to this site that it has a security problem and has ignored our report. We want to...
Docker Container Escape
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Docker Container Escape Via runC Overwrite', 'Description' = %q This module leverages a flaw in runc to escape a Docker container and get command...
Envira Gallery Lite 1.8.3.2 Cross Site Scripting
==== Tempest Security Intelligence - ADV-12/2020 ============================= Envira Gallery - Lite Edition - Version 1.8.3.2 Author: Rodolfo Tavares Tempest Security Intelligence - Recife, Pernambuco - Brazil ===== Table of Contents ================================================ • Overview •...
LimeSurvey 4.3.10 Cross Site Scripting
Exploit Title: LimeSurvey 4.3.10 - 'Survey Menu' Persistent Cross-Site Scripting Date: 2020-08-23 Exploit Author: Matthew Aberegg Vendor Homepage: https://www.limesurvey.org Version: LimeSurvey 4.3.10+200812 Tested on: Ubuntu 18.04.4 Patch Link:...
Bolt CMS 3.6.10 Cross Site Request Forgery
Exploit Title: Bolt CMS 3.6.10 - Cross-Site Request Forgery Date: 2019-10-15 Exploit Author: r3m0t3nu11Zero-Way Vendor Homepage: https://bolt.cm/ Software Link: https://bolt.cm/ Version: up to date and 6.5 Tested on: Linux CVE : N/A last version Csrf p0c Bolt v 3.x exploit 0day Bolt v 3.x csrf -...
vm2 3.9.19 Sandbox Escape
/ Exploit Title: vm2 Sandbox Escape vulnerability Date: 23/12/2023 Exploit Author: Calil Khalil & Adriel Mc Roberts Vendor Homepage: https://github.com/patriksimek/vm2 Software Link: https://github.com/patriksimek/vm2 Version: vm2 = 3.9.19 Tested on: Ubuntu 22.04 CVE : CVE-2023-37466 / const VM =...
FireBear Improved Import And Export 3.8.6 XSLT Server Side Injection
Exploit Title: FireBear Improved Import & Export ver. 3.8.6 for Magento 2.4.6 - XSLT Server Side Injection Command Execution Date: 2023-11-17 Exploit Author: tmrswrr Vendor Homepage: https://commercemarketplace.adobe.com/ Software Link:...
Nagios XI 5.7.5 Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Nagios XI 5.5.6 to 5.7.5 - ConfigWizards Authenticated Remote Code Exection', 'Description' = %q This module exploits CVE-2021-25296,...
WordPress NextScripts: Social Networks Auto-Poster 4.3.20 XSS
Description: Reflected Cross-Site ScriptingXSS Affected Plugin: NextScripts: Social Networks Auto-Poster Plugin Slug: social-networks-auto-poster-facebook-twitter-g Affected Versions: sprintf'Edit',$REQUEST'page','edit',$item-ID, 'delete' = sprintf'Delete',$REQUEST'page','delete',$item-ID, ;...
Ultimate POS 4.4 Cross Site Scripting
Document Title: =============== Ultimate POS v4.4 - Products Persistent XSS Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2296 Release Date: ============= 2021-10-26 Vulnerability Laboratory ID VL-ID: ====================================...
Chrome JS WasmJs::InstallConditionalFeatures Object Corruption
Chrome: JS object corruption in WasmJs::InstallConditionalFeatures VULNERABILITY DETAILS void WasmJs::InstallConditionalFeaturesIsolate isolate, Handle context // Exception handling may have been enabled by an origin trial. If so, make // sure that the WebAssembly.Exception constructor is set up...
Trojan-Dropper.Win32.Dycler.vrp Insecure Permissions
Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/1d6d6d3c077250b7b3ad053e71054ecc.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Trojan-Dropper.Win32.Dycler.vrp Vulnerability: Insecure Permissions Description: The malware creates...
EyesOfNetwork 5.3 Remote Code Execution
Exploit Title: EyesOfNetwork 5.3 - File Upload Remote Code Execution Date: 10/01/2021 Exploit Author: Ariane.Blow Vendor Homepage: https://www.eyesofnetwork.com/en Software Link: http://download.eyesofnetwork.com/EyesOfNetwork-5.3-x8664-bin.iso Version: 5.3-10 12/9/2020-lastest !/bin/bash /!\ You...
SugarCRM 12.2.0 Bean Manipulation
------------------------------------------------------------------------ SugarCRM = 12.2.0 updateGeocodeStatus Bean Manipulation Vulnerability ------------------------------------------------------------------------ - Software Link: https://www.sugarcrm.com - Affected Versions: Version 12.2.0 and...
WordPress LearnDash LMS 4.6.0 Insecure Direct Object Reference
Description: LearnDash LMS = 4.6.0 – Authenticated Subscriber+ Insecure Direct Object Reference to Arbitrary User Password Change Affected Plugin: LearnDash LMS Plugin Slug: sfwd-lms Affected Versions: = 4.6.0 CVE ID: CVE-2023-3105 CVSS Score: 8.8 High CVSS Vector:...
SAP SAPControl Web Service Interface Local Privilege Escalation
SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Local privilege escalation product: SAP® SAPControl Web Service Interface sapuxuserchk vulnerable version: see section "Vulnerable / tested versions" fixed version: see S...
Docker Dashboard Remote Command Execution
!/usr/bin/python -- coding: UTF-8 -- dockdash.py Docker Dashboard Remote Command Execution Exploit Jeremy Brown jbrown3264/gmail July 2021 "A simple web based GUI for managing Docker containers and images" Note: this app is NOT part of the official docker product, nor related to the Docker...
Sipwise C5 NGCP CSC Cross Site Scripting
Sipwise C5 NGCP CSC Multiple Stored/Reflected XSS Vulnerabilities Vendor: Sipwise GmbH Product web page: https://www.sipwise.com Affected version: =CEm39.3.1 NGCP wwwadmin version 3.6.7 Summary: Sipwise C5 also known as NGCP - the Next Generation Communication Platform is a SIP-based Open Source...
Bludit 3.9.12 Directory Traversal
Exploit Title: Bludit 3.9.12 - Directory Traversal Date: 2020-06-05 Exploit Author: Luis Vacacas Vendor Homepage: https://www.bludit.com Software Link: https://github.com/bludit/bludit Version: = 3.9.12 Tested on: Ubuntu 19.10 CVE : CVE-2019-16113 !/usr/bin/env python3 -- coding: utf-8 -- import...
Log4Shell HTTP Scanner
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Log4Shell HTTP Scanner', 'Description' = %q Versions of Apache Log4j2 impacted by CVE-2021-44228 which allow JNDI features used in configuration,...
MS17-010 EternalRomance/EternalSynergy/EternalChampion SMB Remote Windows Command Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'MS17-010 EternalRomance/EternalSynergy/EternalChampion SMB Remote Windows Command Execution', 'Description' = %q This module will exploit SMB wit...
WordPress 6.4.3 Username Disclosure
Title: wordpress 6.4.3 - Username Disclosure Author: h4shur date:2024-02-21 Vendor Homepage: https://www.wordpress.org Software Link: https://www.wordpress.org/download Version: 6.4.3 and earlier Tested on: Windows 10 & Google Chrome Category : Web Application Bugs Description : the REST API allo...
WordPress Contact Form To Any API 1.1.2 SQL Injection
Exploit Title: WP Plugins Contact Form to Any API = 1.1.2 - SQL Injection Date: 12-11-2023 Exploit Author: Arvandy Software Link: https://wordpress.org/plugins/contact-form-to-any-api/ Vendor Homepage: https://www.itpathsolutions.com/ Version: 1.1.2 Tested on: Windows, Linux CVE: CVE-2023-32741...
Moodle 3.11.5 SQL Injection
Exploit Title: Moodle 3.11.5 - SQLi Authenticated Date: 2/3/2022 Exploit Author: Chris Anastasio @mufinnnnnnn Vendor Homepage: https://moodle.com/ Software Link: https://github.com/moodle/moodle/archive/refs/tags/v3.11.5.zip Write Up: https://muffsec.com/blog/moodle-2nd-order-sqli/ Tested on:...
Constructor.Win32.SS.11.c Unauthenticated Open Proxy
Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/da60b92742abff72930879fa8560b3c3.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Constructor.Win32.SS.11.c Vulnerability: Unauthenticated Open Proxy Description: The malware listens...
Virtual Airlines Manager 2.6.2 Cross Site Scripting
Exploit Title: Virtual Airlines Manager 2.6.2 - Persistent Cross-Site Scripting Google Dork: inurl:"/vam/indexvamop.php" Date: 2020-06-29 Exploit Author: Peter Blue Vendor Homepage: https://virtualairlinesmanager.net Software Link: https://virtualairlinesmanager.net Version: 2.6.2 Tested on: Linu...
Clinic Queuing System 1.0 Remote Code Execution
Exploit Title: Clinic Queuing System 1.0 RCE Date: 2024/1/7 Exploit Author: Juan Marco Sanchez Vendor Homepage: https://www.sourcecodester.com/ Software Link: https://www.sourcecodester.com/php/16439/clinic-queuing-system-using-php-and-sqlite3-source-code-free-download.html Version: 1.0 Tested on...
Docker Privileged Container Kernel Escape
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Docker Privileged Container Kernel Escape', 'Description' = %q This module performs a container escape onto the host as the daemon user. It takes...
TinyDir 1.2.5 Buffer Overflow
-- HNS-2023-04 - HN Security Advisory - https://security.humanativaspa.it/ Title: Buffer overflow vulnerabilities with long path names in TinyDir Product: TinyDir Date: 2023-12-04 CVE ID: CVE-2023-49287 Severity: High - 7.7 - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H Vendor URL:...
Warehouse Management System 2022 SQL Injection
Title: Warehouse Management System 2022 ML-SQLi Author: nu11secur1ty Date: 06.13.2022 Vendor: https://www.sourcecodester.com/users/tips23 Software: https://www.sourcecodester.com/php-codeigniter-warehouse-management-system-free-source-code Reference:...
Mida eFramework 2.9.0 Remote Code Execution
Exploit Title: Mida eFramework 2.9.0 - Remote Code Execution Google Dork: Server: Mida eFramework Date: 2020-08-27 Exploit Author: elbae Vendor Homepage: https://www.midasolutions.com/ Software Link: http://ova-efw.midasolutions.com/ Reference:...
XenForo 2.2.13 ArchiveImport.php Zip Slip
------------------------------------------------------------ XenForo zip; 201. $DS = \XF::$DS; 202. 203. if $this-extracted 204. 205. return; 206. 207. 208. for $i = 0; $i numFiles; $i++ 209. 210. $zipFileName = $zip-getNameIndex$i; 211. $fsFileName = $this-getFsFileNameFromZipName$zipFileName;...
Backdoor.Win32.Hupigon.afjk Authentication Bypass / Code Execution
Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/80b0fc8c0657c0ae7971f09af45c706bC.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Hupigon.afjk Vulnerability: Authentication Bypass RCE Description: The malware runs ...
Anuko Time Tracker 1.19.23.5311 Missing Rate Limiting
Exploit Title: Anuko Time Tracker 1.19.23.5311 No rate Limit on Password Reset functionality Date: 2020-10-11 Exploit Author: Mufaddal Masalawala Vendor Homepage: https://www.anuko.com/ Software Link: https://www.anuko.com/time-tracker/index.htm Version: 1.19.23.5311 Patched Version: 1.19.23.5325...
Samba is_known_pipename() Arbitrary Module Load
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Samba isknownpipename Arbitrary Module Load', 'Description' = %q This module triggers an arbitrary shared library load vulnerability in Samba...
MySCADA MyPRO Manager 1.2 Command Injection
MySCADA MyPRO Manager versions 1.2 and below suffer from an unauthenticated command injection vulnerability. The vulnerability can be exploited by a remote attacker to inject arbitrary operating system commands which will get executed in the context of the myscada9 administrative user that is...
Siemens CP-8000 / CP-8021 / CP8-022 / CP-8031 / CP-8050 / SICORE Buffer Overread / Escalation
SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple Vulnerabilities in Power Automation Products product: Siemens CP-8000/CP-8021/CP8-022/CP-8031/CP-8050/SICORE vulnerable version: CPC80 V16.41 / CPCI85 V5.30 /...
WordPress Slider Revolution 4.6.5 Shell Upload
==================================================================================================================================== | Title : WordPress - Slider Revolution 4.6.5 WordPress - Slider Revolution 4.6.5 shell upload 0-day exploit | | Author : indoushka | | Tested on : windows 10...
IBM Sterling B2B Integrator Cross Site Scripting
SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Reflected cross-site scripting vulnerability product: IBM Sterling B2B Integrator vulnerable version: 5.2.0.0 - 5.2.6.53 6.0.0.0 - 6.0.3.4 6.1.0.0 - 6.1.0.2 fixed version...
Online Car Rental 1.0 Shell Upload
Exploit Title: Online Car Rental 1.0 | Arbitrary file upload Exploit Author: Richard Jones Date: 2021/09/02 Vendor Homepage: https://www.sourcecodester.com/cc/14145/online-car-rental-system-using-phpmysql.html Software Link:...
Tibco ObfuscationEngine 5.11 Fixed Key Password Decryption
Exploit Title: Tibco ObfuscationEngine 5.11 - Fixed Key Password Decryption Date: December 8th 2020 Exploit Author: Tess Sluijter Vendor Homepage: https://www.tibco.com Version: 5.11x and before Tested on: MacOS, Linux, Windows Tibco password decryption exploit Background Tibco's documentation...
WordPress Simple File List Unauthenticated Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'WordPress Simple File List Unauthenticated Remote Code Execution', 'Description' = %q Simple File List simple-file-list plugin before 4.2.3 for...
MikroTik RouterOS 6.45.6 DNS Cache Poisoning
Exploit Title: MikroTik RouterOS 6.45.6 - DNS Cache Poisoning Date: 2019-10-30 Exploit Author: Jacob Baines Vendor Homepage: https://mikrotik.com/ Software Link: https://mikrotik.com/download Version: 6.45.6 Stable and below or 6.44.5 Long-term and below Tested on: Various x86 and MIPSBE RouterOS...
Argus Surveillance DVR 4.0.0.0 SYSTEM Privilege Escalation
Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/ARGUS-SURVEILLANCE-DVR-v4-SYSTEM-PRIVILEGE-ESCALATION.txt + ISR: ApparitionSec Greetz: Greetz: indoushka | Eduardo | GGA Vendor www.argussurveillance.com Product Argus...