50738 matches found
Instagram App 287.0.0.22.85 Denial Of Service
Exploit Title: Instagram App 287.0.0.22.85 - Denial of Service PoC Date: 2023-06-13 Exploit Author: Aryan Chehreghani Vendor Homepage: https://www.instagram.com Software Link: https://play.google.com/store/apps/details?id=com.instagram.android Version: 287.0.0.22.85 Tested on: Android 12 About Ap...
AirSpot 5410 0.3.4.1-4 Remote Command Injection
-- coding: utf-8 -- Exploit Title: AirSpot unauthenticated remote command injection Date: 7/26/2022 Exploit Author: Samy Younsi NSLABS https://samy.link Vendor Homepage: https://www.airspan.com/ Software Link: https://wdi.rfwel.com/cdn/techdocs/AirSpot5410.pdf Version: 0.3.4.1-4 and under. Tested...
BuilderTorCTPHPRAT.b Shell Upload
Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/838f67d7a4b6824ec59892057aab3bb7B.txt Contact: [email protected] Media: twitter.com/malvuln Threat: BuilderTorCTPHPRAT.b Vulnerability: Arbitrary File Upload - RCE Family: TorCTPHPRAT Type: WebUI MD5...
Cisco Small Business RV Series Authentication Bypass / Command Injection
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Cisco Small Business RV Series Authentication Bypass and Command Injection', 'Description' = %q This module exploits an authentication bypass...
IRC-Worm.Win32.Jane.a Authentication Bypass / Man-In-The-Middle
Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/2d1d6b0fd55eca12f58b8b6d80f8153fB.txt Contact: [email protected] Media: twitter.com/malvuln Threat: IRC-Worm.Win32.Jane.a Vulnerability: Authentication Bypass MITM Port Bounce Scan Description: The...
Yeastar TG400 GSM Gateway 91.3.0.3 Path Traversal
Path Traversal on Yeastar TG400 GSM Gateway - 91.3.0.3 This is a Proof of Concept for CVE-2021-27328 Example to get firmware decrypting password http://192.168.43.246/cgi/WebCGI?1404=../../../../../../../../../../bin/firmwaredetect to get /etc/paswd...
Apache protocol.c Cookie Disclosure
// Source: https://gist.github.com/1955a1c28324d4724b7b/7fe51f2a66c1d4a40a736540b3ad3fde02b7fb08 // Most browsers limit cookies to 4k characters, so we need multiple function setCookies good // Construct string for cookie value var str = ""; for var i=0; i content var content =...
📄 OpenSSL 3.x PKCS#12 PBMAC1 KeyLength Buffer Overflow
This proof of concept demonstrates a buffer overflow vulnerability in OpenSSL versions 3.4 to 3.6 related to improper handling of the PBMAC1 keyLength parameter in PKCS12 files. By crafting a malicious PKCS12 structure with an excessively large keyLength value, the proof of concept triggers a...
📄 Microsoft Windows 11 Administrator Protection UAC Bypass / Privilege Escalation
A privilege escalation vulnerability exists in Windows 11 Insider Preview Build 10.0.27919.1000 due to improper handling of user‑controlled environment variables by the Unified Background Process Manager UBPM when launching elevated scheduled tasks under Administrator Protection. Proof of concept...
Judge0 Sandbox Escape
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Judge0 sandbox escape', 'Description' = %q Judge0 does not account for symlinks placed inside the sandbox directory, which can be leveraged by an...
Employee Management System 1.0 SQL Injection
============================================================================================================================================= | Title : Employee Management System v1.0 Auth By Pass Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox...
Daily Habit Tracker 1.0 SQL Injection
Exploit Title: Daily Habit Tracker 1.0 - SQL Injection Date: 2 Feb 2024 Exploit Author: Yevhenii Butenko Vendor Homepage: https://www.sourcecodester.com Software Link: https://www.sourcecodester.com/php/17118/daily-habit-tracker-using-php-and-mysql-source-code.html Version: 1.0 Tested on: Debian...
CMS Made Simple 2.2.19 Remote Code Execution
Exploit Title: CMS Made Simple Version: 2.2.19 - Remote Code Execution Date: 2024-21-02 Exploit Author: tmrswrr Vendor Homepage: https://www.cmsmadesimple.org/ Version: 2.2.19 Tested on: https://www.softaculous.com/demos/CMSMadeSimple 1 log in as admin and go to Extensions User Defined Tags 2 Wri...
WordPress Bravo Translate 1.2 SQL Injection
Exploit Title: WP Plugins Bravo Translate = 1.2 - SQL Injection Date: 09-12-2023 Exploit Author: Arvandy Software Link: https://wordpress.org/plugins/bravo-translate/ Version: 1.2 Tested on: Windows, Linux CVE: CVE-2023-49161 Product Description This plugin allow you to translate your monolingual...
WordPress Directorist 7.5.4 Insecure Direct Object Reference / Privilege Escalation
Alongside our usual work to discover, report, and remediate vulnerabilities in the WordPress ecosystem, the WordPress Threat Intelligence team has been conducting a deep-dive into WordPress plugin code with the objective of finding methods to bypass authentication and gain elevated privileges in...
CuteEditor For PHP 6.6 Directory Traversal
Exploit Title: CuteEditor for PHP 6.6 - Directory Traversal Google Dork: N/A Date: November 17th, 2021 Exploit Author: Stefan Hesselman Vendor Homepage: http://phphtmledit.com/ Software Link: http://phphtmledit.com/download/phphtmledit.zip Version: 6.6 Tested on: Windows Server 2019 CVE : N/A The...
Vanguard 2.1 Cross Site Scripting
Document Title: =============== Vanguard v2.1 - Search POST Inject Web Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2283 Release Date: ============= 2021-10-26 Vulnerability Laboratory ID VL-ID: ==================================== 2283...
WordPress Ninja Tables 4.1.7 Cross Site Scripting
Exploit Title: WordPress Plugin Ninja Tables 4.1.7 - Stored Cross-Site Scripting XSS Date: 25-10-2021 Exploit Author: Akash Rajendra Patil Vendor Homepage: https://wordpress.org/plugins/ninja-tables/ Software Link: https://wpmanageninja.com/downloads/ninja-tables-pro-add-on/ Version: 4.1.7 Tested...
Alphaware E-Commerce System 1.0 Shell Upload / SQL Injection
Exploit Title: Alphaware E-Commerce System 1.0 - Unauthenicated Remote Code Execution File Upload + SQL injection Date: 15-03-2021 Exploit Author: Christian Vierschilling Vendor Homepage: https://www.sourcecodester.com Software Link:...
Mitel CS018 Information Disclosure
Exploit Title: Mitel mitel-cs018 - Call Data Information Disclosure Date: 2003-07-28 Exploit Author: Andrea Intilangelo acme olografix / paranoici Vendor Homepage: www.mitel.com Version: mitel-cs018 Tested on: Windows, Linux There is an interesting bug in a Mitel's servers for Voice over IP that...
Online Student Enrollment System 1.0 Cross Site Request Forgery
Exploit Title: Online Student Enrollment System 1.0 - Cross-Site Request Forgery Add Student Google Dork: N/A Date: 2020-06-20 Exploit Author: BKpatron Vendor Homepage: https://www.campcodes.com/projects/php/4745/online-student-enrollment-system-in-php-mysqli/ Software Link:...
WebKit JSC JIT Use-After-Free
WebKit: JSC: JIT: GetIndexedPropertyStorage can GC CVE-2018-4442 The doesGC function simply takes a node, and tells if it might cause a garbage collection. This function is used to determine whether to insert write barriers. But it's missing some cases such as StringCharAt, StringCharCodeAt and...
📄 Microsoft SQL Server 2022 Missing Log Entry
Microsoft SQL Server 2022 fails to properly log when a security audit is configured for SERVERPERMISSIONCHANGEGROUP. Title: SQL Server 2022 Security Audit Failure Vulnerability Product: Microsoft SQL Server Affected Versions: 2022 RTM-CU18 KB5050771 Tested Versions: 2022 RTM-CU18 KB5050771 Fix:...
MagnusBilling 6.x Code Injection
============================================================================================================================================= | Title : MagnusBilling 6.x Code Injection Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 130.0.2 64 bit...
OpenSSL Server-Side ChangeCipherSpec Injection Scanner
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule Msf::Auxiliary include Msf::Exploit::Remote::Tcp include Msf::Auxiliary::Scanner include Msf::Auxiliary::Report CIPHERSUITES = 0xc014,...
Clinic's Patient Management System 1.0 Shell Upload
Exploit Title: Clinic's Patient Management System 1.0 - Unauthenticated RCE Date: 07.10.2023 Exploit Author: Oğulcan Hami Gül Vendor Homepage: https://www.sourcecodester.com/php-clinics-patient-management-system-source-code Software Link:...
WordPress Elementor Iframe Injection
Exploit Title: Wordpress Plugin Elementor 3.5.5 - Iframe Injection Date: 28.08.2023 Exploit Author: Miguel Santareno Vendor Homepage: https://elementor.com/ Version: 3.5.5 Tested on: Google and Firefox latest version CVE : CVE-2022-4953 1. Description The plugin does not filter out user-controlle...
HTTPDebuggerPro 9.11 Unquoted Service Path
Exploit Title: HTTPDebuggerPro 9.11 - Unquoted Service Path Exploit Author: Aryan Chehreghani Date: 23/11/2021 Vendor Homepage: https://www.httpdebugger.com Software Link: https://www.httpdebugger.com/download.html Version: 9.11 Tested on: Windows 10 x64 SERVICENAME: HTTPDebuggerPro TYPE : 10...
Easy Chat Server 3.1 Directory Traversal
Exploit Title: Easy Chat Server 3.1 - Directory Traversal and Arbitrary File Read Date: 11 October 2021 Exploit Author: z4nd3r Vendor Homepage: http://www.echatserver.com/ Software Link: http://www.echatserver.com/ Version: 3.1 Tested on: Windows 10 Pro Build 19042, English Description: The web...
Trojan.Win32.Gofot.htx Buffer Overflow
Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/ae062bfe4abd59ac1b9be693fbc45f60.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Trojan.Win32.Gofot.htx Vulnerability: Local File Buffer Overflow Description: HackerJLY PE Parser to...
Oracle Solaris SunSSH PAM parse_user_name() Buffer Overflow
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Oracle Solaris SunSSH PAM parseusername Buffer Overflow', 'Description' = %q This module exploits a stack-based buffer overflow in the Solaris PA...
LibreHealth 2.0.0 Remote Code Execution
Exploit Title: LibreHealth v2.0.0 - Authenticated Remote Code Execution Exploit Author: Bobby Cooke Date: July 17th, 2020 Vendor Homepage: https://librehealth.io/ Software Link: https://github.com/LibreHealthIO/lh-ehr Version: 2.0.0 Tested On: Windows 10 Pro 1909 x6486 + XAMPP 7.4.4 Exploit Teste...
WeBid 1.0.6 SQL Injection
Exploit Title: WeBid 1.0.6 SQL Injection Vulnerability Google Dork: "Powered by WeBid" Date: 1/9/13 Exploit Author: Life Wasted Vendor Homepage: http://www.webidsupport.com/ Version: Tested on 1.0.6, but could affect other version Tested On: Linux, Windows Vulnerable Code: Line 53 of the...
ynp-lfi.txt
YNP Portal System 2.2.0 showpage.cgi p Remote File Disclosure Vulnerability D0RK : inurl:"showpage.cgi?p=popsearch.html" : inurl:"showpage.cgi?p=support.html" : inurl:"showpage.cgi?p=dialup.html" : inurl:"showpage.cgi?p=" POC: http://xxxx.com/showpage.cgi?p=../../../../../../etc/passwd Discovered...
Python 3.12 Documentation Cross Site Scripting
The official Python 3.12 documentation provides a code example that results in implementing insecure code susceptible to cross site scripting. Python's official documentation contains textbook example of insecure code XSS Date: 2025-02-18 Author: Georgi Guninski From the official Python 3.12...
Seo Panel 4.10.0 Remote File Inclusion
==================================================================================================================================== | Title : Seo Panel 4.10.0 File inclusion Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 125.0.1 64 bits | | Vend...
Ivanti Virtual Traffic Manager Authentication Bypass
class MetasploitModule 'Ivanti Virtual Traffic Manager Authentication Bypass CVE-2024-7593', 'Description' = %q This module exploits an access control issue in Ivanti Virtual Traffic Manager vTM, by adding a new administrative user to the web interface of the application. Affected versions includ...
Samba Symlink Directory Traversal
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Samba Symlink Directory Traversal', 'Description' = %Q This module exploits a directory traversal flaw in the Samba CIFS server. To exploit this...
PHPJabbers Event Booking Calendar 4.0 Missing Rate Limiting
Exploit Title: PHPJabbers Event Booking Calendar v4.0 - No Rate Limit on Forgot Password Date: 19/12/2023 Exploit Author: BugsBD Limited Discover by: Rahad Chowdhury Vendor Homepage: https://www.phpjabbers.com/ Software Link: https://www.phpjabbers.com/event-booking-calendar/sectionDemo Version:...
PHPJabbers Availability Booking Calendar 5.0 Missing Rate Limiting
Exploit Title: PHPJabbers Availability Booking Calendar v5.0 - No Rate Limit in Email Date: 19/11/2023 Exploit Author: BugsBD Limited Discover by: Rahad Chowdhury Vendor Homepage: https://www.phpjabbers.com/ Software Link: https://www.phpjabbers.com/availability-booking-calendar/sectionDemo...
CE Phoenix 1.0.8.20 Remote Code Execution
Exploit Title: CE Phoenix v1.0.8.20 - Remote Code Execution RCE Authenticated Date: 2023-11-25 Exploit Author: tmrswrr Category: Webapps Vendor Homepage: CE Phoenix Version: v1.0.8.20 Tested on: Softaculous Demo - CE Phoenix EXPLOIT : import requests from bs4 import BeautifulSoup import sys impor...
AeroCMS 0.0.1 Cross Site Scripting
AeroCMS-Comment-StoredXSS-POC Author: D4rkP0w4r Note = Don't need register or login account Description = StoredXSS at comment box Step to Reproduct Click Read More - input payload at Author - click Submit button Exploit Input payload at Author - click Submit button When admin login to admin pane...
Backdoor.Win32.Delf.zho Authentication Bypass / Code Execution
Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/6b9f5a0512af3ab33c26eaa4bdf94f1f.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Delf.zho Vulnerability: Authentication Bypass RCE Description: The malware listens on...
WordPress Colorbox Lightbox 1.1.1 Cross Site Scripting
Exploit Title: WordPress Plugin Colorbox Lightbox v1.1.1 - Persistent Cross-Site Scripting Vulnerability Authenticated Date: 10.8.2020. Exploit Author: n1x MS-WEB Software Homepage: https://wordpress.org/plugins/wp-colorbox/ Software Link v1.1.1:...
Pi-hole 4.4.0 Remote Code Execution
Exploit Title: Pi-hole 4.4.0 - Remote Code Execution Authenticated Date: 2020-05-22 Exploit Author: Photubias Vendor Advisory: 1 https://github.com/pi-hole/AdminLTE Version: Pi-hole . Based and improved on: https://github.com/Frichetten/CVE-2020-11108-PoC/blob/master/cve-2020-11108-rce.py File na...
XiongMai uc-http 1.0.0 Local File Inclusion / Directory Traversal
| \ | \ | | | | | | / \ | | | |/ / | |/ / | | | | | | | | | / / | | | / | / | | | | | | | | | | | | | | | |\ \ \ / / // / | | | /\ | | | | | / / / / / | | | \ | | / | | | / \ | | | | | \ | | | | \ \ / / | | | | | \ --. | | | / / | | | | | |/ / | | | | \ V / | | | . | --. \ | | | | | |...
Debian/Ubuntu ntfs-3g Local Privilege Escalation
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule 'Debian/Ubuntu ntfs-3g Local Privilege Escalation', 'Description' = %q ntfs-3g mount helper in Ubuntu 16.04, 16.10, Debian 7, 8,...
Blood Bank 1.0 SQL Injection
Exploit Title: Blood Bank 1.0 - 'bid' SQLi Date: 2023-11-15 Exploit Author: Ersin Erenler Vendor Homepage: https://code-projects.org/blood-bank-in-php-with-source-code Software Link: https://download-media.code-projects.org/2020/11/BloodBankInPHPWithSourcecode.zip Version: 1.0 Tested on:...
WordPress LiteSpeed Cache 5.6 Cross Site Scripting
Vulnerability Summary from Wordfence Intelligence Description: LiteSpeed Cache = 5.6 – Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode Affected Plugin: LiteSpeed Cache Plugin Slug: litespeed-cache Affected Versions: = 5.6 CVE ID: CVE-2023-4372 CVSS Score: 6.4 Medium CVSS...
Acelle Email Marketing 4.0.25 Arbitrary File Upload
==================================================================================================================================== | Title : Acelle Email Marketing 4.0.25 LTS unrestricted file uploads Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser :...