50773 matches found
Monstra CMS 3.0.4 Remote Code Execution
Exploit Title: Monstra CMS 3.0.4 - Remote Code Execution Authenticated Date: 03.06.2021 Exploit Author: Ron Jost hacker5preme Vendor Homepage: https://monstra.org/ Software Link: https://monstra.org/monstra-3.0.4.zip Version: 3.0.4 Tested on: Ubuntu 20.04 CVE: CVE-2018-6383 Documentation:...
BSA Radar 1.6.7234.24750 Cross Site Scripting
Exploit title: BSA Radar 1.6.7234.24750 - Persistent Cross-Site Scripting Exploit Author: William Summerhill Date: 2020-06-22 Vendor homepage: https://www.globalradar.com/ Tested on: Window CVE-2020-14943 Description: The "Firstname" and "Lastname" parameters in Global RADAR BSA Radar 1.6.7234.X...
Visual Planning 8 Authentication Bypass
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Title ===== SCHUTZWERK-SA-2023-004: Authentication Bypass via Password Reset Functionality in Visual Planning Status ====== PUBLISHED Version ======= 1.0 CVE reference ============= CVE-2023-49232 Link ====...
Free School Management Software 1.0 Shell Upload
Exploit Title: Free School Management Software 1.0 - Remote Code Execution RCE Exploit Author: fuuzap1 Date: 7-12-2021 Category: Web application Vendor Homepage: https://www.sourcecodester.com/php/15073/free-school-management-software.html Software Link:...
AbsoluteTelnet 11.24 Denial Of Service
Exploit Title: AbsoluteTelnet 11.24 - 'Phone' Denial of Service PoC Discovered by: Yehia Elghaly Discovered Date: 2021-11-10 Vendor Homepage: https://www.celestialsoftware.net/ Software Link : https://www.celestialsoftware.net/telnet/AbsoluteTelnet32.11.24.exe Tested Version: 11.24 Vulnerability...
ZBL EPON ONU Broadband Router 1.0 Remote Privilege Escalation
ZBL EPON ONU Broadband Router 1.0 Remote Privilege Escalation Exploit Vendor: Zhejiang BC&TV Technology Co., Ltd. ZBL | W&D Corporation WAD TECHNOLOGY THAILAND Product web page: http://www.zblchina.com | http://www.wd-thailand.com Affected version: Firmwre: V100R001 Software model: HG104B-ZG-E /...
Jenkins 2.63 Sandbox Bypass
Exploit Title: Jenkins 2.63 - Sandbox bypass in pipeline: Groovy plug-in Date: 8th October 2020 Exploit Author: dmw0ng Vendor Homepage: https://www.jenkins.io Software Link: http://archives.jenkins-ci.org/windows/jenkins-2.63.zip Version: Jenkins 2.63 Tested on: Ubuntu 18.04 / 20.04 CVE :...
Eikon Thomson Reuters 4.0.42144 File Permissions
SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Extensive file permissions on service executable product: Eikon Thomson Reuters vulnerable version: 4.0.42144 fixed version: - CVE number: CVE-2019-10679 impact: High...
Serv-U FTP Server 15.1.6.25 Local Privilege Escalation
Issue: Local Privilege Escalation CVE: CVE-2018-19999 Security researcher: Chris Moberly @ The Missing Link Security Product name: Serv-U FTP Server Product version: Tested on 15.1.6.25 current as of Dec 2018 Fixed in: 15.1.7 Overview The Serv-U FTP Server is vulnerable to authentication bypass...
ABB Cylon Aspect 3.08.01 File Upload MD5 Checksum Bypass
ABB Cylon Aspect 3.08.01 badassMode File Upload MD5 Checksum Bypass Vendor: ABB Ltd. Product web page: https://www.global.abb Affected version: NEXUS Series, MATRIX-2 Series, ASPECT-Enterprise, ASPECT-Studio Firmware: =3.08.01 Summary: ASPECT is an award-winning scalable building energy managemen...
Cassandra Web File Read
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Cassandra Web File Read Vulnerability', 'Description' = %q This module exploits an unauthenticated directory traversal vulnerability in Cassandra...
SugarCRM 13.0.1 Server-Side Template Injection
---------------------------------------------------------------------------- SugarCRM = 13.0.1 GetControl Server-Side Template Injection Vulnerability ---------------------------------------------------------------------------- - Software Link: https://www.sugarcrm.com - Affected Versions: Versio...
WordPress DZS Zoomsounds 6.45 Arbitrary File Read
Exploit Title: WordPress Plugin DZS Zoomsounds 6.45 - Arbitrary File Read Unauthenticated Google Dork: inurl:/wp-content/plugins/dzs-zoomsounds/ Date: 2/12/2021 Exploit Author: Uriel Yochpaz Vendor Homepage: https://digitalzoomstudio.net/docs/wpzoomsounds/ Software Link: Version: 1.10, 1.20, 1.30...
Pentaho Business Analytics / Pentaho Business Server 9.1 Authentication Bypass
Product: Pentaho Business Analytics / Pentaho Business Server Vendor / Manufacturer: Hitachi Vantara Affected Versions: sec:intercept-url pattern="\A/api/.require-js-cfg.js.\Z" access="Anonymous,...
Backdoor.Win32.Zdemon.126 Remote Command Execution
Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/cedc886b593f013133df39bb6b43a762.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Zdemon.126 Vulnerability: Unauthenticated Remote Command Execution Description: Zdemo...
Sipwise C5 NGCP CSC Cross Site Request Forgery
Sipwise C5 NGCP CSC CSRF Click2Dial Exploit Vendor: Sipwise GmbH Product web page: https://www.sipwise.com Affected version: =CEm39.3.1 NGCP wwwadmin version 3.6.7 Summary: Sipwise C5 also known as NGCP - the Next Generation Communication Platform is a SIP-based Open Source Class 5 VoIP soft-swit...
Fast PHP Chat 1.3 SQL Injection
Exploit Title: Fast PHP Chat 1.3 - 'myitemsearch' SQL Injection Date: 15/04/2021 Exploit Author: Fatih Coskun Vendor Homepage: https://codecanyon.net/item/fast-php-chat-responsive-live-ajax-chat/10721076 Version: 1.3 Category: Webapps Tested on: Kali linux Description : The vulnerability allows a...
Froala 3.2.6-1 Cross Site Scripting
Exploit Title: Stored XSS and Html Code Injection Editor Froala Version 3.2.6-1 Date:06.03.2021 Author: Vincent666 ibn Winnie Software Link: https://froala.com/wysiwyg-editor/ Tested on: Windows 10 Web Browser: Mozilla Firefox My Youtube Channel:...
Cisco RV110W / RV130(W) / RV215W Remote Command Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework linux/armle/meterpreter/bindtcp - segfault linux/armle/meterpreter/reversetcp - segfault linux/armle/meterpreterreversehttp - works linux/armle/meterpreterreversehttps -...
Dolibarr 20.0.1 SQL Injection
Titles: dolibarr 20.0.1 Multiple security token SQLi Author: nu11secur1ty Date: 10/15/2024 Vendor: https://www.dolibarr.org/ Software: https://www.dolibarr.org/downloads.php Reference: https://portswigger.net/web-security/sql-injection Description: The socid parameter appears to be vulnerable to...
Windows Firewall Control 6.11.0 Unquoted Service Path
Exploit Title: Microsoft Windows Firewall Control 6.11.0 - Unquoted Service Path Date: 2024-08-06 Exploit Author: Milad Karimi Ex3ptionaL Contact: [email protected] Zone-H: www.zone-h.org/archive/notifier=Ex3ptionaL MiRROR-H: https://mirror-h.org/search/hacker/49626/ Vendor Homepage:...
CrowdStrike Falcon Agent 6.44.15806 Uninstall Issue
Exploit Title: CrowdStrike Falcon AGENT 6.44.15806 - Uninstall without Installation Token Date: 30/11/2022 Exploit Author: Walter Oberacher, Raffaele Nacca, Davide Bianchin, Fortunato Lodari, Luca Bernardi Deda Cloud Cybersecurity Team Vendor Homepage: https://www.crowdstrike.com/ Author Homepage...
HackTool.Win32.Delf.vs Insecure Credential Storage
Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/92f7f9495ffd56d05a5acf395c9e0097.txt Contact: [email protected] Media: twitter.com/malvuln Threat: HackTool.Win32.Delf.vs Vulnerability: Insecure Credential Storage Description: The malware credentia...
Digital Crime Report Management System 1.0 SQL Injection
Exploit Title: Digital Crime Report Management System 1.0 - SQL Injection Authentication Bypass Date: 13 April 2021 Exploit Author: Galuh Muhammad Iman Akbar GaluhID Vendor Homepage: https://iwantsourcecodes.com/digital-crime-report-management-system-in-php-with-source-code/ Software Link:...
Gitea 1.12.5 Remote Code Execution
Exploit Title: Gitea 1.12.5 - Remote Code Execution Authenticated Date: 17 Feb 2020 Exploit Author: Podalirius PoC demonstration article: https://podalirius.net/articles/exploiting-cve-2020-14144-gitea-authenticated-remote-code-execution/ Vendor Homepage: https://gitea.io/ Software Link:...
Online Shop Project 1.0 SQL Injection
Exploit Title: Online Shop Project 1.0 - 'p' SQL Injection Date: 2020-09-20 Exploit Author: Augkim Vendor Homepage: https://www.sourcecodester.com/php/14448/online-shop-project-using-phpmysql.html Software Link:...
Socusoft Photo To Video Converter Professional 8.07 Buffer Overflow
Exploit Title: Socusoft Photo to Video Converter Professional 8.07 - 'Output Folder' Buffer Overflow SEH Egghunter Date: 2020-07-23 Exploit Author: MasterVlad Vendor Homepage: http://www.dvd-photo-slideshow.com/photo-to-video-converter.html Software Link:...
Anchor CMS 0.12.3a Information Disclosure
Exploit Title: Information disclosure MySQL password in error log Date: 2/10/2019 Exploit Author: Tijme Gommers https://twitter.com/finnwea/ Vendor Homepage: https://anchorcms.com/ Software Link: https://github.com/anchorcms/anchor-cms/releases Version: 0.12.3a Tested on: Linux CVE : CVE-2018-725...
š Bitrix24 25.100.300 Remote Code Execution
Bitrix24 versions 25.100.300 and below have a vulnerability that is located within the Translate Module, which allows users to upload and extract archive files into a temporary directory. However, the application fails to properly verify the contents of these archives before extracting them. This...
TX Text Control .NET Server For ASP.NET Arbitrary File Read / Write
Hej, Let's keep it short ... ===== Intro ===== A "sudo make me a sandwich" security issue has been identified in the TX Text Control .NET Server for ASP.NET1. According to the vendor2, "the most powerful, MS Word compatible document editor that runs in all browsers". Likely all versions are...
CheckPoint Firewall-1 SecuRemote Topology Service Hostname Disclosure
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'CheckPoint Firewall-1 SecuRemote Topology Service Hostname Disclosure', 'Description' = %q This module sends a query to the port 264/TCP on...
WordPress PayPlus Payment Gateway SQL Injection
!/usr/bin/env python3.11 import requests import time def exploiturl: payload = "wc-api": "payplusgateway&statuscode=true&moreinfo=selectfromselectsleep5a" start = time.time with requests.Session as session: session.headers.update 'User-Agent': 'Mozilla/5.0 Windows NT 10.0; Win64; x64...
FleetCart 4.1.1 Information Disclosure
Exploit Title: FleetCart 4.1.1 - WebPage Content Information Disclosure Exploit Author: CraCkEr Date: 13/05/2024 Vendor: EnvaySoft Vendor Homepage: https://codecanyon.net/item/fleetcart-laravel-ecommerce-system/23014826 Software Demo Link: https://demo.fleetcart.envaysoft.com/en Tested on: Window...
GNU screen 4.9.0 Privilege Escalation
Exploit Title: GNU screen v4.9.0 - Privilege Escalation Date: 03.02.2023 Exploit Author: Manuel Andreas Vendor Homepage: https://www.gnu.org/software/screen/ Software Link: https://ftp.gnu.org/gnu/screen/screen-4.9.0.tar.gz Version: 4.9.0 Tested on: Arch Linux CVE : CVE-2023-24626 import os impor...
Wavlink WN530HG4 Password Disclosure
Exploit Title: Wavlink WN530HG4 - Password Disclosure Date: 2022-06-12 Exploit Author: Ahmed Alroky Author Company : AIactive Version: M30HG4.V5030.191116 Vendor home page : wavlink.com Authentication Required: No CVE : CVE-2022-34047 Tested on: Windows Exploit...
openSIS Student Information System 8.0 SQL Injection
Exploit Title: openSIS Student Information System 8.0 - 'multiple' SQL Injection Date: 26/12/2021 Exploit Author: securityforeveryone.com Author Mail: helloATsecurityforeveryone.com Vendor Homepage: https://opensis.com Software Link: https://opensis.com Version: 8.0 Community Edition Tested on:...
Trojan.Win32.SkynetRef.y Unauthenticated Open Proxy
Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/e2d249f86890d290bb8af599ea0367f3.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Trojan.Win32.SkynetRef.y Vulnerability: Unauthenticated Open Proxy Description: The malware listens ...
WordPress Backup And Restore 1.0.3 Arbitrary File Deletion
Exploit Title: WordPress Plugin Backup and Restore 1.0.3 - Arbitrary File Deletion Date: 11/07/2021 Exploit Author: Murat DEMIRCI @butterflyhunt3r Vendor Homepage: https://www.miniorange.com/ Software Link: https://wordpress.org/plugins/backup-and-restore-for-wp/ Version: 1.0.3 Tested on : Window...
Online Leave Management System 1.0 SQL Injection
Exploit Title: OLMS - PHP by: oretnom23 v1.0 SQL-Injection-Bypass-Authentication in /leavesystem/classes/Login.php. Author: nu11secur1ty Testing and Debugging: nu11secur1ty Date: 08.31.2021 Vendor: https://www.sourcecodester.com/php/14910/online-leave-management-system-php-free-source-code.html...
ASX To MP3 Converter 3.1.3.7.2010.11.05 Buffer Overflow
Exploit Title: ASX to MP3 converter 3.1.3.7.2010.11.05 - '.wax' Local Buffer Overflow DEP,ASLR Bypass PoC Software Link Download: https://github.com/x00x00x00x00/ASXtoMP3Converter3.1.3.7.2010.11.05/blob/master/ASXtoMP3Converter3.1.3.7.2010.11.05.exe?raw=true Exploit Author: Paras Bhatia Discovery...
Aardvark Topsites PHP 5.2 Cross Site Scripting / Local File Inclusion
Aardvark Topsites PHP 5.2 Multi Vulnerability ============================================= Author : indoushka Vondor : www.p30vel.ir http://www.aardvarktopsitesphp.com/ http://www.avatic.com/ Dork : My Topsites List - Powered by Aardvark Topsites PHP 5.2.1 ======================================...
Packed.Win32.Black.d Unauthenticated Open Proxy
Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/17e3836682ffb0913459ece7c3f0786d.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Packed.Win32.Black.d Vulnerability: Unauthenticated Open Proxy Description: The malware listens on T...
OX App Suite / OX Documents XSS / SSRF / Bypass
Dear subscribers, we're sharing our latest advisory with you and like to thank everyone who contributed in finding and solving those vulnerabilities. Feel free to join our bug bounty programs for OX App Suite, Dovecot and PowerDNS at HackerOne. Yours sincerely, Martin Heiland, Open-Xchange GmbH...
Pulse Secure 8.1R15.1 / 8.2 / 8.3 / 9.0 SSL VPN Remote Code Execution
!/usr/bin/python Exploit Title: Pulse Secure Post-Auth Remote Code Execution Google Dork: inurl:/dana-na/ filetype:cgi Date: 09/05/2019 Exploit Author: Justin Wagner 0xDezzy, Alyssa Herrera @AlyssaHerrera Vendor Homepage: https://pulsesecure.net Version: 8.1R15.1, 8.2 before 8.2R12.1, 8.3 before...
Zyxel USG/UAG/ATP/VPN/NXC External DNS Requests
SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: External DNS Requests product: Zyxel USG/UAG/ATP/VPN/NXC series vulnerable version: see "Vulnerable / tested version" fixed version: see "Solution" CVE number: - impact:...
š MCPJam Inspector 1.4.2 Remote Code Execution
MCPJam Inspector versions 1.4.2 and below proof of concept remote code execution exploit. !/usr/bin/env python3 CVE-2026-23744.py for testing only import requests import argparse import json import sys import urllib3 urllib3.disablewarningsurllib3.exceptions.InsecureRequestWarning def main: parse...
ABB Cylon Aspect 3.08.00 sslCertAjax.php Remote Command Execution
ABB Cylon Aspect 3.08.00 sslCertAjax.php Remote Code Execution Vendor: ABB Ltd. Product web page: https://www.global.abb Affected version: NEXUS Series, MATRIX-2 Series, ASPECT-Enterprise, ASPECT-Studio Firmware: =3.08.00 Summary: ASPECT is an award-winning scalable building energy management and...
Linux i915 PTE Use-After-Free
I found a bug in the i915 code that allows a process with access to a render node /dev/dri/renderD128 to corrupt kernel memory. This bug is subject to a 90-day disclosure deadline. If a fix for this issue is made available to users before the end of the 90-day deadline, this bug report will becom...
ColdFusion password.properties Hash Extraction
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "ColdFusion 'password.properties' Hash Extraction", 'Description' = %q This module uses a directory traversal vulnerability to extract information...
RouterOS 6.44 / 6.49.10 Denial Of Service
Exploit Title: CVE-2024-27686: RouterOS-SMB-DOS Google Dork: N/A Date: 03/04/2024 Exploit Author: ice-wzl, Solstice Cyber Solutions Vendor Homepage: https://mikrotik.com/ Software Link: https://mikrotik.com/download/archive Version: RouterOS devices ranging from 6.40.5 - 6.44 and 6.48.1 - 6.49.10...