50773 matches found
SonLogger 4.2.3.3 Shell Upload
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'SonLogger Arbitrary File Upload Exploit', 'Description' = %q This module exploits an unauthenticated arbitrary file upload via insecure POST...
Task Management System 1.0 SQL Injection
Exploit Title: Task Management System 1.0 - 'id' SQL Injection Exploit Author: Saeed Bala Ahmed r0b0tG4nG Date: 2020-12-08 Google Dork: N/A Vendor Homepage: https://www.sourcecodester.com/php/14615/task-management-system-using-phpmysqli-source-code.html Software Link:...
Rumble Mail Server 0.51.3135 Unquoted Service Path
Exploit Title: Rumble Mail Server 0.51.3135 - 'rumblewin32.exe' Unquoted Service Path Date: 2020-9-3 Exploit Author: Mohammed Alshehri Vendor Homepage: http://rumble.sf.net/ Software Link: https://sourceforge.net/projects/rumble/files/Windows%20binaries/rumble0.51.3135-setup.exe Version: Version...
📄 OpenSTAManager 2.9.8 SQL Injection
OpenSTAManager versions 2.9.8 and below suffer from a remote SQL injection vulnerability in ajaxselect.php. CVE-2025-69214: OpenSTAManager has a SQL Injection in ajaxselect.php componenti endpoint Overview | Field | Details | |---|---| | CVE ID | CVE-2025-69214 | | Severity | HIGH | | Advisory |...
NetAlertX 24.9.12 Command Injection
An attacker can update NetAlertX settings with no authentication, which results in command injection. Versions 23.01.14 through 24.9.12 are affected. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class...
Kafka UI 0.7.1 Command Injection
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Kafka UI Unauthenticated Remote Command Execution via the Groovy Filter option.', 'Description' = %q A command injection vulnerability exists in...
io_uring __io_uaddr_map() Dangerous Multi-Page Handling
iouring: iouaddrmap handles multi-page region dangerously iouaddrmap wants to import a region from userspace, and then address the imported region through the linear mapping area. This requires that the imported region is physically contiguous. A comment in iouaddrmap explains that the imported...
SugarCRM 12.2.0 PHP Object Injection
------------------------------------------------------------------------------- SugarCRM = 12.2.0 DocusignGlobalSettings PHP Object Injection Vulnerability ------------------------------------------------------------------------------- - Software Link: https://www.sugarcrm.com - Affected Versions...
Remote Control Collection Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Remote Control Collection RCE', 'Description' = %q This module utilizes the Remote Control Server's, part of the Remote Control Collection by...
Prestashop Blockwishlist 2.1.0 SQL Injection
Exploit Title: Prestashop blockwishlist module 2.1.0 - SQLi Date: 29/07/22 Exploit Author: Karthik UJ @5up3r541y4n Vendor Homepage: https://www.prestashop.com/en Software Link blockwishlist: https://github.com/PrestaShop/blockwishlist/releases/tag/v2.1.0 Software Link prestashop:...
WordPress Delightful Downloads Jquery File Tree 1.6.6 Path Traversal
Exploit Title: WordPress Plugin Delightful Downloads Jquery File Tree 1.6.6 - Path Traversal Date: 19/03/2021 Exploit Author: Nicholas Ferreira Vendor Homepage: https://github.com/A5hleyRich/delightful-downloads Version: =1.6.6 Tested on: Debian 11 CVE : CVE-2017-1000170 PHP version exploit: 7.3....
Rukovoditel 2.6.1 Shell Upload / Local File Inclusion
Exploit Title: Rukovoditel v2.6.1, RCE Date: 2020-06-11 Exploit Author: coiffeur Write Up: https://therealcoiffeur.github.io/c1010 Vendor Homepage: https://www.rukovoditel.net/ Software Link: https://www.rukovoditel.net/download.php Version: v2.6.1 set -e function usage echo "NAME: Rukovoditel...
Infor Storefront B2B 1.0 SQL Injection
Exploit Title: Infor Storefront B2B 1.0 - 'usrname' SQL Injection Google Dork: inurl:storefrontb2bweb Date: 2020-06-27 Exploit Author: ratboy Vendor Homepage: https://www.insitesoft.com/infor-storefront/ Version: Infor Storefront Tested on: Windows All Versions POC Multiple Vulns python sqlmap.py...
Linux Kernel SO_SNDBUFFORCE / SO_RCVBUFFORCE Local Privilege Escalation
// CAPNETADMIN - root LPE exploit for CVE-2016-9793 // No KASLR, SMEP or SMAP bypass included // Affected kernels: 3.11 - 4.8 // Tested in QEMU only // https://github.com/xairy/kernel-exploits/tree/master/CVE-2016-9793 // // Usage: // gcc -pthread exploit.c -o exploit // chown guest:guest exploit...
InvoiceShelf 1.3.0 Remote Code Execution
This Metasploit module exploits a PHP deserialization vulnerability in InvoiceShelf versions 1.3.0 and below that results in remote code execution. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModul...
Vicidial 2.14-783a SQL Injection
Document Title: =============== Vicidial v2.14-783a - DB SQL Injection Web Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2312 Release Date: ============= 2022-02-17 Vulnerability Laboratory ID VL-ID: ====================================...
Simplephpscripts Simple CMS 2.1 Cross Site Scripting
Document Title: =============== Simplephpscripts Simple CMS v2.1 - XSS Web Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2301 Release Date: ============= 2021-10-18 Vulnerability Laboratory ID VL-ID: ====================================...
Apache Druid 0.20.0 Remote Command Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Apache Druid 0.20.0 Remote Command Execution', 'Description' = %q Apache Druid includes the ability to execute user-provided JavaScript code...
Jenkins 2.251 / LTS 2.235.3 Cross Site Scripting
Exploit Title: Jenkins Stored XSS vulnerability in 'Trigger builds remotely' Date: 11/12/2020 Exploit Author: gx1 Vendor Homepage: https://www.jenkins.io/ Software Link: https://updates.jenkins-ci.org/download/war/ Version: '. To understand how remote build trigger works, have a look at this post...
Task Management System 1.0 Cross Site Scripting
Exploit Title: Task Management System 1.0 - 'First Name and Last Name' Stored XSS Exploit Author: Saeed Bala Ahmed r0b0tG4nG Date: 2020-12-08 Google Dork: N/A Vendor Homepage: https://www.sourcecodester.com/php/14615/task-management-system-using-phpmysqli-source-code.html Software Link:...
Noise-Java AESGCMOnCtrCipherState.encryptWithAd() Insufficient Boundary Checks
Vulnerability title: Noise-Java AESGCMOnCtrCipherState.encryptWithAd insufficient boundary checks Author: Pietro Oliva CVE: CVE-2020-25023 Vendor: Rhys Weatherley Creator of Noise Framework's reference implementation in Java Product: Noise-Java Affected version: No version information is currentl...
Webmin 1.910 Remote Command Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Webmin Package Updates Remote Command Execution', 'Description' = %q This module exploits an arbitrary command execution vulnerability in Webmin...
PHPMailer Remote Code Execution
Exploit Title: PHPMailer Exploit v1.0 Date: 29/12/2016 Exploit Author: Daniel aka anarc0der Version: PHPMailer 3 - Open other terminal and run the exploit: python3 anarcoder.py Video PoC: https://www.youtube.com/watch?v=DXeZxKr-qsU Full Advisory:...
Nginx 0.6.36 Path Traversal
Exploit Title: nginx engine x http server Software Link: http://nginx.org/ Version: = 0.6.36 Tested on: Win32 Path Traversal: A Path Traversal attack aims to access files and directories that are stored outside the web root folder. By browsing the application, the attacker looks for absolute link...
Nginx, Varnish, Cherokee, etc Log Injection
Nginx, Varnish, Cherokee, thttpd, mini-httpd, WEBrick, Orion, AOLserver, Yaws and Boa log escape sequence injection Name Nginx, Varnish, Cherokee, thttpd, mini-httpd, WEBrick, Orion, AOLserver, Yaws and Boa log escape sequence injection Systems Affected nginx 0.7.64 Varnish 2.0.6 Cherokee 0.99.30...
📄 HP Sure Access Enterprise / Sure Click Enterprise Missing Authentication
SEC Consult conducted penetration tests on Sure Access in 2022 and on Sure Click in 2023 and established a contact with HP afterwards. After several rounds of emails and meetings with the product development team, the scope and limitations of Sure Access and Sure Click were made clear. This...
Teacher Subject Allocation Management System 1.0 SQL Injection
Exploit Title: Teacher Subject Allocation Management System 1.0 - 'searchdata' SQLi Date: 2023-11-15 Exploit Author: Ersin Erenler Vendor Homepage: https://phpgurukul.com/teacher-subject-allocation-system-using-php-and-mysql Software Link:...
Windows Common Log File System Driver (clfs.sys) Privilege Escalation
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Windows Common Log File System Driver clfs.sys Elevation of Privilege Vulnerability', 'Description' = %q A privilege escalation vulnerability...
IRC-Worm.Win32.Silentium.a Insecure Permissions
Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/7a3c4ec00ba952207f25d1189c86ce22.txt Contact: [email protected] Media: twitter.com/malvuln Threat: IRC-Worm.Win32.Silentium.a Vulnerability: Insecure Permissions Description: Silentium.a creates an...
VMware vCenter 6.5 / 7.0 Remote Code Execution Proof Of Concept
-- coding:utf-8 -- banner = """ 888888ba dP 88 8b 88 a88aaaa8P' .d8888b. d8888P .d8888b. dP dP 88 8b. 88' 88 88 Y8ooooo. 88 88 88 .88 88. .88 88 88 88. .88 88888888P 88888P8 dP 88888P' 88888P' ooooooooooooooooooooooooooooooooooooooooooooooooooooo @time:2021/02/24 CVE-2021-21972.py C0de by...
Palo Alto Expedition 1.2.91 Remote Code Execution
class MetasploitModule 'Palo Alto Expedition Remote Code Execution CVE-2024-5910 and CVE-2024-9464', 'Description' = %q Obtain remote code execution in Palo Alto Expedition version 1.2.91 and below. The first vulnerability, CVE-2024-5910, allows to reset the password of the admin user, and the...
Zyxel zysh Format String Proof Of Concept
!/usr/bin/expect -f raptorzyshfhtagn.exp - zysh format string PoC exploit Copyright c 2022 Marco Ivaldi "We live on a placid island of ignorance in the midst of black seas of infinity, and it was not meant that we should voyage far." -- H. P. Lovecraft, The Call of Cthulhu "Multiple improper inpu...
WordPress WP Symposium Pro 2021.10 Cross Site Scripting
Exploit Title: WordPress Plugin WP Symposium Pro 2021.10 - 'wpsadminforumaddname' Stored Cross-Site Scripting XSS Date: 11/11/2021 Exploit Author: Murat DEMIRCI @butterflyhunt3r Vendor Homepage: http://www.wpsymposiumpro.com/ Software Link: https://wordpress.org/plugins/wp-symposium-pro/ Version:...
Pentaho Business Analytics / Pentaho Business Server 9.1 User Enumeration
Product: Pentaho Business Analytics / Pentaho Business Server Vendor / Manufacturer: Hitachi Vantara Affected Versions: = 9.1 Vulnerability Type: Jackrabbit User Enumeration Solution Status: Fix Released on public GitHub repository Manufacturer Notification: 8th February 2021 Solution Date: Wont...
CS-Cart 1.3.3 Local File Inclusion
Exploit Title: CS-Cart unauthenticated LFI Date: 2020-09-22 Exploit Author: 0xmmnbassel Vendor Homepage: https://www.cs-cart.com/e-commerce-platform.html Tested at: ver. 1.3.4 Vulnerability Type: unauthenticated LFI...
Platinum Mobile 1.0.4.850 Authorization Bypass
SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Broken Access Control product: Platinum Mobile vulnerable version: 1.0.4.850 fixed version: 1.0.4.851 CVE number: - impact: critical homepage:...
Cisco UCS Director Cloupia Script Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Cisco UCS Director Cloupia Script RCE', 'Description' = %q This module exploits an authentication bypass and directory traversals in Cisco UCS...
📄 Meshtastic Buffer Overflow
A fault in the handling of mesh packets containing invalid protobuf data can result in an attacker-controlled buffer overflow, allowing an attacker to hijack execution flow, potentially resulting in remote code execution. This attack does not require authentication or user interaction, as long as...
Netman 204 4.05 SQL Injection / Unauthenticated Password Reset
CyberDanube Security Research 20240919-0 ------------------------------------------------------------------------------- title| Multiple Vulnerabilities product| Netman 204 vulnerable version| 4.05 fixed version| - CVE number| CVE-2024-8877, CVE-2024-8878 impact| High homepage|...
Courier Management System 1.0 Cross Site Scripting
Exploit Title: Courier Management System 1.0 - 'First Name' Stored XSS Exploit Author: Zhaiyi Zeo Date: 2020-12-11 Google Dork: N/A Vendor Homepage: https://www.sourcecodester.com/php/14615/task-management-system-using-phpmysqli-source-code.html Software Link:...
Wing FTP Server 6.3.8 Remote Code Execution
Exploit Title: Wing FTP Server 6.3.8 - Remote Code Execution Authenticated Date: 2020-06-26 Exploit Author: v1n1v131r4 Vendor Homepage: https://www.wftpserver.com/ Software Link: https://www.wftpserver.com/download.htm Version: 6.3.8 Tested on: Windows 10 CVE : -- Wing FTP Server have a web conso...
Cisco Adaptive Security Appliance Path Traversal
''' Cisco Adaptive Security Appliance - Path Traversal CVE-2018-0296 A security vulnerability in Cisco ASA that would allow an attacker to view sensitive system information without authentication by using directory traversal techniques. Vulnerable Products This vulnerability affects Cisco ASA...
Apache CouchDB Remote Code Execution
Title: Apache CouchDB 2.1.0 - Remote Code Execution Author: Cody Zacharias Shodan Dork: port:5984 Vendor Homepage: http://couchdb.apache.org/ Software Link: http://archive.apache.org/dist/couchdb/source/1.6.0/ Version: = 1.7.0 and 2.x - 2.1.0 Tested on: Debian CVE : CVE-2017-12636 References:...
Core Security Technologies Advisory 2007.0219
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Core Security Technologies - CoreLabs Advisory http://www.coresecurity.com/corelabs/ OpenBSD's IPv6 mbufs remote kernel buffer overflow Date Published: 2007-03-13 Last Update: 2007-03-13 Advisory ID: CORE-2007-0219 Bugtraq ID: None currently assigned...
Peel Shopping 2.x Cross Site Scripting / SQL Injection
Exploit Title: Peel Shopping "catid=" SQL injection Google Dork: inurl:/lire/index.php?rubid= Date: 2024-10-02 Exploit Author: Emiliano Febbi Vendor Homepage: https://www.peel-shopping.com/ Software Link: https://github.com/advisto/peel-shopping Version: 2.x Peel Shopping 2.x Peel Shopping 2.x 3....
MongoDB 2.0.1 / 2.1.1 / 2.1.4 / 2.1.5 Local Password Disclosure
Title: MongoDB MONGOSH Password Exposure Vulnerability Product: MongoDB database Tool: mongosh Affected Versions: 2.0.1 , 2.1.1,2.1.4,2.1.5 Tested Versions: 2.0.1 , 2.1.1,2.1.4,2.1.5 Risk Level: Low Author of Advisory: Emad Al-Mousa Vulnerability Details: Vulnerability in MongoDB database system...
Laravel Media Library Pro 2.1.6 Shell Upload
Exploit Title: Laravel Media Library Pro Vendor Homepage: https://spatie.be/ Software Link: https://spatie.be/products/media-library-pro Version: =1.17.10 & =2.1.6 Tested on: Laradock PHP 8.0 inside Ubuntu 20.04 CVE : CVE-2021-45040 Description: The Spatie media-library-pro library through 1.17.1...
Mumara Classic 2.93 SQL Injection
Exploit Title: Mumara Classic 2.93 - 'license' SQL Injection Unauthenticated Date: 2021-11-11 Exploit Author: v0yager Shain Lakin Vendor Homepage: https://mumara.com Version: = 2.93 Tested on: CentOS 7 -==== Vulnerability ====- An SQL injection vulnerability in licenseupdate.php in Mumara Classic...
Macro Expert 4.7 Unquoted Service Path
Exploit Title: Macro Expert 4.7 - Unquoted Service Path Exploit Author: Mert DAŞ Version: 3.11.8 Date: 20.10.2021 Vendor Homepage: http://www.macro-expert.com/ Tested on: Windows 10 C:\Users\Mertsc qc "Macro Expert" SC QueryServiceConfig SUCCESS SERVICENAME: Macro Expert TYPE : 10 WIN32OWNPROCESS...
Pandora FMS 7.0 NG 750 SQL Injection
Exploit Title: Pandora FMS 7.0 NG 750 - 'Network Scan' SQL Injection Authenticated Date: 12-21-2020 Exploit Author: Matthew Aberegg, Alex Prieto Vendor Homepage: https://pandorafms.com/ Patch Link: https://github.com/pandorafms/pandorafms/commit/d08e60f13a858fbd22ce6b83fa8ca391c608ec5c Software...