50738 matches found
Sonicwall SonicOS 7.0 Host Header Injection
Exploit Title: Sonicwall SonicOS 7.0 - Host Header Injection Google Dork: inurl:"auth.html" intitle:"SonicWall" intitle:"SonicWall Analyzer Login" Discovered Date: 03/09/2020 Reported Date: 07/09/2020 Exploit Author: Ramikan Vendor Homepage:sonicwall.com Affected Devices: All SonicWall Next Gen 6...
Document Management System 1.0 SQL Injection / Remote Code Execution
Exploit Title: Document Management System - SQL Injection to RCE webshell Date: 23/04/21 Exploit Author: Richard Jones Vendor Homepage: https://www.sourcecodester.com/php/7652/document-management-system.html Version: 1.0 Tested on: Windows 10 build 19041 + xampp 3.2.4 !/usr/bin/python3 import...
Nagios XI 5.7.3 Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Nagios XI 5.5.0-5.7.3 - Snmptrap Authenticated Remote Code Exection', 'Description' = %q This module exploits an OS command injection vulnerabili...
Responsive Online Blog 1.0 SQL Injection
Exploit Title: Responsive Online Blog 1.0 - 'id' SQL Injection Date: 2020-06-23 Exploit Author: Eren Şimşek Vendor Homepage: https://www.sourcecodester.com/php/14194/responsive-online-blog-website-using-phpmysql.html Software Link:...
📄 CrushFTP 9.x / 10.8.4 / 11.3.1 Server-Side Request Forgery / Directory Traversal
CrushFTP versions 9.x, 10.x through 10.8.4, and 11.x through 11.3.1 suffer from server-side request forgery and directory traversal vulnerabilities. !-- Exploit Title: Server-Side Request Forgery SSRF in CrushFTP 10.7.1 and 11.1.0 as well as legacy 9.x Date: 2024-10-20 Exploit Author: Rafael...
Samba _netr_ServerPasswordSet Uninitialized Credential State
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Samba netrServerPasswordSet Uninitialized Credential State', 'Description' = %q This module checks if a Samba target is vulnerable to an...
Cisco ASA Directory Traversal
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Cisco ASA Directory Traversal', 'Description' = %q This module exploits a directory traversal vulnerability in Cisco's Adaptive Security Applianc...
One Identity Password Manager Kiosk Escape Privilege Escalation
SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Kiosk Escape Privilege Escalation product: One Identity Password Manager Secure Password Extension vulnerable version: 5.13.1 fixed version: 5.13.1 CVE number:...
WordPress WP Project Manager 2.6.4 Privilege Escalation
Description: WP Project Manager = 2.6.4 – Arbitrary Usermeta Update to Authenticated Subscriber+ Privilege Escalation Affected Plugin: WP Project Manager – Task, team, and project management plugin featuring kanban board and gantt charts Plugin Slug: wedevs-project-manager Affected Versions: =...
Loki RAT (Relapse) SQL Injection
Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/aabb54951546132e70a8e9f02bf8b5baB.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Loki RAT Relapse Vulnerability: SQL Injection Description: The LokiRAT WebUI panel for...
OrbiTeam BSCW Server XSS / LFI / User Enumeration
SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple vulnerabilities in BSCW Server product: OrbiTeam BSCW Server vulnerable version: BSCW Server 5.0.x, 5.1.x, =5.2.4, =7.3.x, =7.4.3 fixed version: 5.2.5, 7.4.4 CVE...
Payment Terminal 2.x / 3.x Cross Site Scripting
Document Title: =============== Payment Terminal 2.x & v3.x - Multiple XSS Web Vulnerabilities References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2280 Release Date: ============= 2021-11-05 Vulnerability Laboratory ID VL-ID:...
Backdoor.Win32.Agent.gmug Heap Corruption
Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/c7763bae3376a9f2865a1a18e84c259e.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Agent.gmug Vulnerability: Heap Corruption Description: The malware listens on TCP por...
Latrix 0.6.0 SQL Injection
Exploit Title: Latrix 0.6.0 – 'txtaccesscode' SQL Injection Date: 03/30/2021 Exploit Author: cptsticky Vendor Homepage: https://sourceforge.net/projects/latrix Software Link: https://sourceforge.net/projects/latrix/files/latest/download Version: 0.6.0 Tested on: Ubuntu 20.04 POST...
Rocket.Chat 3.7.1 Email Address Enumeration
Trovent Security Advisory 2010-01 Email address enumeration in reset password Overview Advisory ID: TRSA-2010-01 Advisory version: 1.0 Advisory status: Public Advisory URL: https://trovent.io/security-advisory-2010-01 Affected product: Web application Rocket.Chat Affected version: = 3.7.1 Vendor:...
NewsLister Cross Site Scripting
Exploit Title: NewsLister - Authenticated Persistent Cross-Site Scripting Date: 2020-11-27 Exploit Author: Emre Aslan Vendor Homepage: https://www.netartmedia.net/newslister.html Tested on: Windows & XAMPP == PoC HTTP Request == GET /admin/index.php?page=add HTTP/1.1 Host: 127.0.0.1:8080...
Trend Micro IMSVA CSRF / XML Injection / SSRF / File Disclosure
SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple Vulnerabilities product: Trend Micro InterScan Messaging Security Virtual Appliance IMSVA vulnerable version: 9.1.0 Critical Patch Build 2025 fixed version: 9.1....
Oriol Espinal CMS 1.0 SQL Injection
Exploit Title: Oriol Espinal CMS 1.0 - 'id' SQL Injection Google Dork: inurl:/eotoolsshare/ Date: 2020-06-03 Exploit Author: TSAR Vendor Homepage: http://www.oriolespinal.es/eowd Software Link: http://www.oriolespinal.es/eotools Version: ALL VERSION UP TO LATEST Tested on: MACOS 10.11.2 CVE : NOt...
Max Secure Anti Virus Plus 19.0.4.020 Insecure Permissions
Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/MAX-SECURE-PLUS-ANTIVIRUS-INSECURE-PERMISSIONS.txt + ISR: ApparitionSec Vendorwww.maxpcsecure.com Affected Product Code Base Max Secure Anti Virus Plus - 19.0.4.020 File hash:...
Haraka Remote Command Execution
!/usr/bin/python Exploit Title: Harakiri ShortDescription: Haraka comes with a plugin for processing attachments. Versions before 2.8.9 can be vulnerable to command injection Exploit Author: xychix xychix at hotmail.com / mark at outflank.nl Date: 26 January 2017 Category: Remote Code Execution...
Incomedia WebSite X5 Evolution 9.0.4.1748 XSS / Bypass
========================================= Vulnerable Software: Incomedia WebSite X5 Evolution alert1; Fix: Open imsearch.php and find: =============VULNERABLE CODE============== search@$GET'search', @$GET'page'; ? ==========END OF VULNERABLE CODE========== REPLACE WITH: ==============FIXED...
GitLab Tags RSS Feed Email Disclosure
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'GitLab Tags RSS feed email disclosure', 'Description' = %q An issue has been discovered in GitLab affecting all versions before 16.6.6, 16.7 prio...
Invesalius 3.1 Remote Code Execution
Exploit Title: Invesalius 3.1 - Remote Code Execution RCE Discovered By: Riccardo Degli Esposti partywave, Alessio Romano sfoffo Exploit Author: Riccardo Degli Esposti partywave, Alessio Romano sfoffo Vendor Homepage: https://invesalius.github.io/ Software Link:...
LMS PHP 1.0 SQL Injection
Title: LMS-PHP-byoretnom23-v1.0 Multiple-SQLi Author: nu11secur1ty Date: 03/28/2024 Vendor: https://github.com/oretnom23 Software: https://www.sourcecodester.com/php/17268/computer-laboratory-management-system-using-php-and-mysql.htmlcomment-104400 Reference:...
GilaCMS 1.15.4 SQL Injection
Description: GilaCMS widget and use wiget area filter to perform search Sample payload: http://targeturl/cm/listrows/widget?page=1&area=dashboard'%20UNION%20ALL%20SELECT%20NULL,NULL,NULL,NULL,@@version,NULL--%20 Attack Vector 2: After login into admin portal, go to edit...
DigaSell Digital Store PHP Script 1.0.0 Cross Site Scripting
==================================================================================================================================== | Title : DigaSell - Digital store PHP Script V1.0.0 XSS Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox...
Mobile Mouse 3.6.0.4 Remote Code Execution
Exploit Title: Mobile Mouse 3.6.0.4 Remote Code Execution Date: Aug 09, 2022 Exploit Author: Chokri Hammedi Vendor Homepage: https://mobilemouse.com/ Software Link: https://www.mobilemouse.com/downloads/setup.exe Version: 3.6.0.4 Tested on: Windows 10 Enterprise LTSC Build 17763 !/usr/bin/env...
Crime Reporting System 1.0 SQL Injection
Exploit Title: Crime Reporting System - Blind SQL Injection on Login email parameter Date: 31/07/2022 Exploit Author: saitamang Vendor Homepage: code-projects.org Software Link:...
Webrun 3.6.0.42 SQL Injection
Exploit Title: Webrun 3.6.0.42 - 'P0' SQL Injection Google Dork: intitle:"Webrun 3.6.0.42" Date: 23/11/2021 Exploit Author: Vinicius Alves Vendor Homepage: https://softwell.com.br/ Version: 3.6.0.42 Tested on: Kali Linux 2021.3 =-=-=-= Description =-=-=-= Webrun version 3.6.0.42 is vulnerable to...
Talariax sendQuick Alertplus Server Admin 4.3 SQL Injection
Dear Full Disclosure Team, We are writing to submit a full disclosure for the following vulnerability discovered for product Talariax sendQuick Alertplus server admin version 4.3. This is an updated reference for https://seclists.org/fulldisclosure/2021/Oct/1...
Money Transfer Management System 1.0 SQL Injection
Exploit Title: Money Transfer Management System 1.0 - Authentication Bypass Date: 2021-11-07 Exploit Author: Aryan Chehreghani Vendor Homepage: https://www.sourcecodester.com Software Link:...
10-Strike Network Inventory Explorer Pro 9.31 Unquoted Service Path
Exploit Title: 10-Strike Network Inventory Explorer Pro 9.31 - 'srvInventoryWebServer' Unquoted Service Path Discovery by: Brian Rodriguez Date: 04-11-2021 Vendor Homepage: https://www.10-strike.com/ Software Link: https://www.10-strike.com/networkinventoryexplorer/network-inventory-pro-setup.exe...
TripSpark VEO Transportation SQL Injection
Exploit Title: TripSpark VEO Transportation - 'editOEN' Blind SQL Injection Google Dork: inhtml:"Student Busing Information" Date: 07/27/2021 Exploit Author: Sedric Louissaint @LKn0w Vendor Homepage: https://www.tripspark.com Software Document Link:...
School Registration And Fee System 1.0 SQL Injection
Exploit Title: School Registration and Fee System | 'username ' Blind SQL Injection Exploit Author: Richard Jones Date: 01-04-2021 Vendor Homepage: https://www.sourcecodester.com/ Software Link: https://www.sourcecodester.com/php/10932/school-registration-and-fee-system.html Version: 1.0 Tested O...
Backdoor.Win32.Kurbadur.a Remote Stack Buffer Overflow
Discovery / credits: malvuln - Malvuln.com c 2021 Original source: https://malvuln.com/advisory/821d3d5a9b15dc3388fe17f233cce296.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Kurbadur.a Vulnerability: Remote Stack Buffer Overflow Description: The malware liste...
WebUntis 2020.12.1 Cross Site Scripting
I. VULNERABILITY ------------------------- WebUntis 2020.12.1 - Authenticated Cross Site Scripting II. BACKGROUND ------------------------- WebUntis is a tool for schools and universities to deliver electronic timetables to their students. Depending from the activated modules it does also contain...
LumisXP 16.1.x Cross Site Scripting
===== Tempest Security Intelligence - ADV-6/2024 ========================== LumisXP v15.0.x to v16.1.x Author: Rodolfo Tavares Tempest Security Intelligence - Recife, Pernambuco - Brazil ===== Table of Contents================================================== Overview Detailed description Timeli...
Netis MW5360 Remote Command Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Netis router MW5360 unauthenticated RCE.', 'Description' = %q Netis router MW5360 has a command injection vulnerability via the password paramete...
Checkmk Agent 2.0.0 / 2.1.0 / 2.2.0 Local Privilege Escalation
SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Local Privilege Escalation via writable files product: Checkmk Agent vulnerable version: 2.0.0, 2.1.0, 2.2.0 fixed version: 2.1.0p40, 2.2.0p23, 2.3.0b1, 2.4.0b1 CVE numbe...
Copyright Loan Management System 2024 1.0 SQL Injection
Title: Copyright © Loan Management System 2024-1.0 Multiple-SQLi Author: nu11secur1ty Date: 01/12/2024 Vendor: https://twitter.com/razormist Software: https://www.sourcecodester.com/php/15529/loan-management-system-oop-php-mysqlijquery-free-source-code.html Reference:...
Diebold Nixdorf Vynamic View Console 5.3.1 DLL Hijacking
Exploit Title: DLL Hijacking in Diebold Nixdorf Vynamic View Console 5.3.1 Banking Software Date: 2023-08-04 Exploit Author: Matei Josephs Vendor Homepage:https://www.dieboldnixdorf.com/ Version: Diebold Nixdorf Vynamic View Console 5.3.1 CVE : CVE-2023-36344 Introduction ================= An iss...
Apache Superset 2.0.0 Authentication Bypass
Exploit Title: Apache Superset 2.0.0 - Authentication Bypass Date: 10 May 2023 Exploit Author: MaanVader Vendor Homepage: https://superset.apache.org/ Version: Apache Superset= 1.4.1 b'thisISaSECRET1234', deployment template b'YOUROWNRANDOMGENERATEDSECRETKEY', documentation b'TESTNONDEVSECRET'...
Wondershare Filmora 12.2.9.2233 Unquoted Service Path
Exploit Title: Wondershare Filmora 12.2.9.2233 - Unquoted Service Path Date: 2023/04/23 Exploit Author: msd0pe Vendor Homepage: https://www.wondershare.com My Github: https://github.com/msd0pe-1 Wondershare Filmora: Versions = wmic service get name,pathname,displayname,startmode | findstr /i auto...
Email-Worm.Win32.Pluto.b Insecure Permissions
Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/60a7d5e2d446110d84ef65f6a37af0eb.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Email-Worm.Win32.Pluto.b Vulnerability: Insecure Permissions Description: The malware writes a dir a...
Win32k ConsoleControl Offset Confusion / Privilege Escalation
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Win32k ConsoleControl Offset Confusion', 'Description' = %q A vulnerability exists within win32k that can be leveraged by an attacker to escalate...
HEUR.Backdoor.Win32.Denis.gen Denial Of Service
Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/1a4d58e281103fea2a4ccbfab93f74d2.txt Contact: [email protected] Media: twitter.com/malvuln Threat: HEUR.Backdoor.Win32.Denis.gen Vulnerability: Remote Denial of Service UDP Datagram Description: The...
PHPJabbers Simple CMS 5 Cross Site Scripting
Document Title: =============== PHPJabbers Simple CMS v5 - Persistent XSS Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2300 Release Date: ============= 2021-10-28 Vulnerability Laboratory ID VL-ID: ====================================...
WordPress Enfold Theme 4.8.3 Cross Site Scripting
Exploit Title: WordPress Theme Enfold 4.8.3 - Reflected Cross-Site Scripting XSS Google Dork: "inurl:avia-element-paging" Date: 18/10/2021 Exploit Author: Francisco Díaz-Pache Alonso, Sergio Corral Cristo and David Álvarez Robles Vendor Homepage: https://kriesi.at/ Version: Enfold This URL must...
ERPNext 12.18.0 / 13.0.0 Cross Site Scripting
Trovent Security Advisory 2103-02 Multiple XSS vulnerabilities in ERPNext 13.0.0/12.18.0 Overview Advisory ID: TRSA-2103-02 Advisory version: 1.0 Advisory status: Public Advisory URL: https://trovent.io/security-advisory-2103-02 Affected product: ERPNext Tested versions: 12.18.0 and 13.0.0 beta...
Sitecore CVE-2025-27218 BinaryFormatter Deserialization
This Metasploit module exploits a .NET deserialization vulnerability in Sitecore Experience Manager XM and Experience Platform XP 10.4 by injecting a malicious Base64-encoded BinaryFormatter payload into an HTTP header. This module requires Metasploit: https://metasploit.com/download Current...