50748 matches found
SPIP BigUp 4.3.1 / 4.2.15 / 4.1.17 Unauthenticated Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'SPIP BigUp Plugin Unauthenticated RCE', 'Description' = %q This module exploits a Remote Code Execution vulnerability in the BigUp plugin of SPIP...
Microsoft Exchange ProxyLogon Scanner
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework begin auxiliary class class MetasploitModule 'Microsoft Exchange ProxyLogon Scanner', 'Description' = %q This module scan for a vulnerability on Microsoft Exchange Serve...
Customer Support System 1.0 SQL Injection
Exploit Title: Customer Support System 1.0 - Multiple SQL injection vulnerabilities Date: 15/12/2023 Exploit Author: Geraldo Alcantara Vendor Homepage: https://www.sourcecodester.com/php/14587/customer-support-system-using-phpmysqli-source-code.html Software Link:...
PyLoad 0.5.0 Remote Code Execution
Exploit Title: PyLoad 0.5.0 - Pre-auth Remote Code Execution RCE Date: 06-10-2023 Credits: bAu @bauh0lz Exploit Author: Gabriel Lima 0xGabe Vendor Homepage: https://pyload.net/ Software Link: https://github.com/pyload/pyload Version: 0.5.0 Tested on: Ubuntu 20.04.6 CVE: CVE-2023-0297 import...
Faculty Evaluation System 1.0 Shell Upload
Exploit Title: Faculty Evaluation System 1.0 - Unauthenticated File Upload Date: 5/29/2023 Author: Alex Gan Vendor Homepage: https://www.sourcecodester.com/php/14635/faculty-evaluation-system-using-phpmysqli-source-code.html Software Link:...
Clinic Management System 1.0 Code Execution / SQL Injection
Exploit Title: Clinic Management System 1.0 - SQL injection to Remote Code Execution Date:21/10/2021 Exploit Author: Pablo Santiago Vendor Homepage: https://www.sourcecodester.com/php/14243/open-source-clinic-management-system-php-full-source-code.html Software Link:...
Blitar Tourism 1.0 SQL Injection
Exploit Title: Blitar Tourism 1.0 - Authentication Bypass SQLi Date: 13 April 2021 Exploit Author: sigeri94 Vendor Homepage: https://sourcecodeaplikasi.info/source-code-aplikasi-biro-travel-berbasis-web/ Software Link: https://codeload.github.com/satndy/Aplikasi-Biro-Travel/zip/master Version: 1....
FusionAuth-SAMLv2 0.2.3 Message Forging
COMPASS SECURITY ADVISORY https://www.compass-security.com/research/advisories/ Product: SAML v2.0 bindings in Java using JAXB Vendor: FusionAuth CSNC ID: CSNC-2020-002 CVE ID: CVE-2020-12676 Subject: Signature Exclusion Attack Risk: High Effect: Remotely exploitable Author: Felix Sieges Date:...
Cisco AnyConnect Path Traversal / Privilege Escalation
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Cisco AnyConnect Priv Esc through Path Traversal', 'Description' = %q The installer component of Cisco AnyConnect Secure Mobility Client for...
Microsoft Exchange 2019 15.2.221.12 Remote Code Execution
Exploit Title: Microsoft Exchange 2019 15.2.221.12 - Authenticated Remote Code Execution Date: 2020-02-28 Exploit Author: Photubias Vendor Advisory: 1 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0688 2...
Elasticsearch 8.5.3 Stack Overflow
Exploit Author: TOUHAMI KASBAOUI Vendor Homepage: https://elastic.co/ Version: 8.5.3 / OpenSearch Tested on: Ubuntu 20.04 LTS CVE : CVE-2023-31419 Ref: https://github.com/sqrtZeroKnowledge/Elasticsearch-Exploit-CVE-2023-31419 import requests import random import string esurl =...
WordPress Abandoned Cart Lite For WooCommerce 5.14.2 Authentication Bypass
Entering the URL in browser will give you access to the respective users account. If the wordpress admin user himself...
Atrocore 1.5.25 Shell Upload
Title: atrocore-1.5.25 User interaction - Unauthenticated File upload - RCE Author: nu11secur1ty Date: 02.16.2023 Vendor: https://atropim.com/ Software: https://github.com/atrocore/atrocore/releases/tag/1.5.25 Reference: https://portswigger.net/web-security/file-upload Description: The Create...
WordPress Backup Guard Authenticated Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Wordpress Plugin Backup Guard - Authenticated Remote Code Execution', 'Description' = %q This module allows an attacker with a privileged Wordpre...
VisualWare MyConnection Server 11.x Remote Code Execution
Document Title: =============== VisualWare MyConnection Server 11.x Remote Code Execution Vulnerability References Source: ==================== https://www.securifera.com/advisories/cve-2021-27198/ https://myconnectionserver.visualware.com/download.html Release Date: ============= 2020-02-25...
Beauty Parlour Management System 1.0 SQL Injection
Exploit Title: Beauty Parlour Management System 1.0 - 'Service Name' SQL Injection Google Dork: N/A Date: 19/2/2021 Exploit Author: Thinkland Security Team Vendor Homepage: https://phpgurukul.com/beauty-parlour-management-system-using-php-and-mysql/ Software Link:...
EHUB SQL Injection
By : CR9 Greetz : Perspicacious Hackers In The World . ++++++++++++++++++++++++++++++++++++++++++++++++++++++ Title : EHUB SQL Injection Vulnerability Vendor : http://www.ehub.co.in Author : CR9 Home : Http://Nopotm.ir Archive : http://CR9Exploits.zio.ir Email : [email protected]...
InvokeAI Remote Code Execution
InvokeAI has a critical vulnerability leading to remote code execution in the /api/v2/models/install API through unsafe model deserialization. The API allows users to specify a model URL, which is downloaded and loaded server-side using torch.load without proper validation. This functionality...
OpenCart CMS 4.0.2.2 Brute Force
Exploit Title: OpenCart CMS v4.0.2.2 Login Vulnerability Date: 5-9-2023 Category: Web Application CMS Exploit Author: Rajdip Dey Sarkar Version: 4.0.2.2 Tested on: Windows/Kali CVE: CVE-2023-40834 Description: ---------------- OpenCart CMS version 4.0.2.2 is susceptible to login brute-force...
Joomla! 4.2.7 Unauthenticated Information Disclosure
!/usr/bin/env ruby Exploit Title: Joomla! = 4.2.8 References: - https://nsfocusglobal.com/joomla-unauthorized-access-vulnerability-cve-2023-23752-notice/ - https://developer.joomla.org/security-centre/894-20230201-core-improper-access-check-in-webservice-endpoints.html -...
Xlight FTP 3.9.3.1 Buffer Overflow
Exploit Title: Xlight FTP 3.9.3.1 - 'Buffer Overflow' PoC Discovered by: Yehia Elghaly Discovered Date: 2021-11-12 Vendor Homepage: https://www.xlightftpd.com/ Software Link: https://www.xlightftpd.com/download/setup.exe Tested Version: 3.9.3.1 Vulnerability Type: Buffer Overflow Local Tested on...
Balbooa Joomla Forms Builder 2.0.6 SQL Injection
Exploit Title: Balbooa Joomla Forms Builder 2.0.6 - SQL Injection Unauthenticated Date: 24.10.2021 Exploit Author: blockomat2100 Vendor Homepage: https://www.balbooa.com/ Version: 2.0.6 Tested on: Docker An example request to trigger the SQL-Injection: POST /index.php?option=combaforms HTTP/1.1...
GetSimple CMS 3.3.16 Cross Site Scripting / Shell Upload
Exploit Title: GetSimple CMS 3.3.16 - Reflected XSS to RCE Exploit Author: Bobby Cooke boku Discovery Credits: Bobby Cooke boku & Adeeb Shah @hyd3sec Date: March 29th, 2021 CVE ID: CVE-2020-23839 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-23839 Vendor Homepage: http://get-simple.in...
iBall-Baton WRA150N File Disclosure
Exploit Title: iBall-Baton WRA150N Rom-0 Backup - File Disclosure Sensitive Information Date: 07/01/2021 Exploit Author: h4cks1n Vendor Homepage: iball.co.in Version: iBall-Baton WRA150N Tested on : Windows 7/8/8.1/10, Parrot Linux OS The iBall-Baton router version WRA150N is vulnerable to the...
Task Management System 1.0 Shell Upload
Exploit Title: Task Management System 1.0 - Unrestricted File Upload to Remote Code Execution Exploit Author: Saeed Bala Ahmed r0b0tG4nG Date: 2020-12-08 Google Dork: N/A Vendor Homepage: https://www.sourcecodester.com/php/14615/task-management-system-using-phpmysqli-source-code.html Software Lin...
Joomla Publisher 3.0.19 Cross Site Scripting
Exploit Title: Joomla Publisher V 3.0.19 Stored XSS Date: 03.11.2020 Author: Vincent666 ibn Winnie Software Link: https://publisher.ijoomla.com/demo Tested on: Windows 10 Web Browser: Mozilla Firefox Blog : https://pentest.vincent.blogspot.com/ PoC:...
Employee Management System 1.0 SQL Injection
Exploit Title: SQL Injection vulnerability in Employee Management System. Date: 20-03-2024 Exploit Author: Shubham Pandey Vendor Homepage: https://www.sourcecodester.com Software Link: https://www.sourcecodester.com/php/17217/employee-management-system-php-and-mysql-free-download.html Version: 1....
WordPress Royal Elementor Addons And Templates Remote Shell Upload
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'WordPress Royal Elementor Addons RCE', 'Description' = %q Exploit for the unauthenticated file upload vulnerability in WordPress Royal Elementor...
Datalife Engine 10 SQL Injection
==================================================================================================================================== | Title : Datalife Engine v10 ir SQl injection Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 64.0.2...
Student Attendance Management System 1.0 SQL Injection
Title: Student-Attendance-Management-System 1.0 from Erick O. Omundi Multiple-SQLi Author: nu11secur1ty Date: 12.25.2022 Vendor: https://github.com/rickxy Software: https://github.com/rickxy/Student-Attendance-Management-System Reference:...
WordPress Weblizar 8.9 Code Execution
Exploit Title: WordPress Plugin Weblizar 8.9 - Backdoor Google Dork: 'wp-json/am-member/license' Exploit Author: Sobhan Mahmoodi Vendor Homepage: https://weblizar.com/plugins/school-management/ Version: 8.9 Tested on: windows/linux Vulnerable code: addaction 'restapiinit', function...
Backdoor.Win32.BNLite Buffer Overflow
Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/a8818da39c7d36d9b5497d1a875798b8.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.BNLite Vulnerability: Remote Heap Based Buffer Overflow Description: The malware...
PHP Event Calendar Lite Edition Cross Site Scripting
Advisory ID: SYSS-2021-049 Product: PHP Event Calendar Manufacturer: Kayson Group Ltd. Affected Versions: PHP Event Calendar Lite edition Tested Versions: PHP Event Calendar Lite edition Vulnerability Type: Cross-site Scripting CWE-79 Risk Level: High Solution Status: Open Manufacturer...
Kite 1.2020.1119.0 Unquoted Service Path
Exploit Title: Kite 1.2020.1119.0 - 'KiteService' Unquoted Service Path Discovery by: Ismael Nava Discovery Date: 05-12-2020 Vendor Homepage: https://www.kite.com/ Software Links : https://www.kite.com/download/ Tested Version: 1.2020.1119.0 Vulnerability Type: Unquoted Service Path Tested on OS:...
ChurchCRM 4.2.0 CSV Injection
Exploit Title: ChurchCRM 4.2.1- CSV/Formula Injection Date: 2020- 10- 24 Exploit Author: Mufaddal Masalawala Vendor Homepage: https://churchcrm.io/ Software Link: https://github.com/ChurchCRM/CRM Version: 4.2.0 Payload: =10+20+cmd|' /C calc'!A0 Tested on: Kali Linux 2020.3 Proof Of Concept: CSV...
Online Student Enrollment System 1.0 Shell Upload
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' require "net/http" require "uri" require 'nokogiri' class MetasploitModule 'Online Student Enrollment System v1.0 Shell Upload ', 'Description' = %q...
WordPress Caldera Forms 1.7.4 Database Disclosure
Exploit Title : WordPress Caldera Forms Plugins 1.7.4 Database Backup Disclosure Author Discovered By : KingSkrupellos from Cyberizm Digital Security Army Date : 06/12/2018 Vendor Homepage : wordpress.org/plugins/caldera-forms/ calderaforms.com/updates/caldera-forms-1-7-4/ Software Download Link ...
Bitrix24 Remtoe Code Execution
Exploit Title: Bitrix24 - Remote Code Execution RCE Authenticated Date: 4/22/2022 Exploit Author: picaroo Vendor Homepage: https://www.bitrix24.com/apps/desktop.php Tested on: Linux os /usr/bin/env python Created by heinjame import requests import re from bs4 import BeautifulSoup import...
Rocket.Chat 3.12.1 NoSQL Injection / Code Execution
Title: Rocket.Chat 3.12.1 - NoSQL Injection to RCE Unauthenticated 2 Author: enox Date: 06-06-2021 Product: Rocket.Chat Vendor: https://rocket.chat/ Vulnerable Versions: Rocket.Chat 3.12.1 2 CVE: CVE-2021-22911 Credits: https://blog.sonarsource.com/nosql-injections-in-rocket-chat Info : This is a...
Trojan-Dropper.Win32.Hamer.10 Denial Of Service
Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/afe4e5219829a286e0b84025b073c259.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Trojan-Dropper.Win32.Hamer.10 Vulnerability: Remote Floating-point Exception DoS Description: Trojan...
WordPress WP-FileManager 6.8 Remote Code Execution
Exploit Title: WordPress Plugin Wp-FileManager 6.8 - RCE Date: September 4,2020 Exploit Author: Mansoor R @time4ster Version Affected: 6.0 to 6.8 Vendor URL: https://wordpress.org/plugins/wp-file-manager/ Patch: Upgrade to wp-file-manager 6.9 Tested on: wp-file-manager 6.0...
CMS Made Simple 2.1.6 Server-Side Template Injection
Exploit Title: CMS Made Simple 2.1.6 - 'cntnt01detailtemplate' Server-Side Template Injection Google Dork: N/A Date: 11/10/2017 Exploit Author: Gurkirat Singh Vendor Homepage: http://www.cmsmadesimple.org/ Software Link: N/A Version: 2.1.6 Tested on: Linux CVE : CVE-2017-16783 POC :...
Micro Focus Vibe 4.0.6 Cross Site Scripting
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2019-047 Product: Micro Focus Vibe formerly Novelle Vibe Manufacturer: Micro Focus International plc Affected Versions: 4.0.6 Tested Versions: 4.0.6 Vulnerability Type: Cross-Site Scripting CWE-79 Risk Level: Medium Solution Status...
Oracle Weblogic Server Deserialization Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Oracle Weblogic Server Deserialization RCE - AsyncResponseService ', 'Description' = %q An unauthenticated attacker with network access to the...
Exim 4.90 Remote Code Execution
Exploit Title: exim 4.90 - Remote Code Execution Date: 2018-10-24 Exploit Author: hackk.gr Vendor Homepage: exim.org Version: exim -1: authplainavailable = True if test: if lenl 70: sys.stdout.writel:70 + " ...\n" sys.stdout.flush else: print l.strip"\r".strip"\n" data = data + l if data.finddeli...
Ewon Cosy+ / Talk2M Remote Access Solution Improper Authentication
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2024-043 Product: Ewon Cosy+ / Talk2M Remote Access Solution Manufacturer: HMS Industrial Networks AB Affected Versions: N.A. Tested Versions: N.A. Vulnerability Type: Improper Authentication CWE-287 Risk Level: High Solution Statu...
SoftMaker Office / FreeOffice Local Privilege Escalation
SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Local Privilege Escalation via MSI installer product: SoftMaker Office / FreeOffice vulnerable version: SoftMaker Office 2024 / NX before revision 1214 FreeOffice 2021...
Artica Proxy 4.40 / 4.50 Local File Inclusion / Traversal
KL-001-2024-001: Artica Proxy Unauthenticated LFI Protection Bypass Vulnerability Title: Artica Proxy Unauthenticated LFI Protection Bypass Vulnerability Advisory ID: KL-001-2024-001 Publication Date: 2024.03.05 Publication URL: https://korelogic.com/Resources/Advisories/KL-001-2024-001.txt 1...
Jenkins 2.441 / LTS 2.426.3 Arbitrary File Read
python poc.py usage: python poc.py http://127.0.0.1:8888/ /etc/passwd import threading import http.client import time import uuid import urllib.parse import sys if lensys.argv != 3: print' usage: python poc.py http://127.0.0.1:8888/ /etc/passwd' exit databytes =...
SugarCRM 12.2.0 SQL Injection
---------------------------------------------------- SugarCRM = 12.2.0 Two SQL Injection Vulnerabilities ---------------------------------------------------- - Software Link: https://www.sugarcrm.com - Affected Versions: Version 12.2.0 and prior versions. Version 12.0.2 and prior versions. Versio...