50773 matches found
Evento Multivendor Event Ticket Booking 1.0 Cross Site Scripting
┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...
Rollout::UI 0.5 Cross Site Scripting
ADVISORY INFORMATION ======================= Exploit Title: Rollout::UI v0.5 Cross-site scripting Date: 2023-05-05 Exploit Author: Eduardo José de Borba Vendor Homepage: https://github.com/fetlife Software Link: https://github.com/fetlife/rollout-ui Type: Cross-Site Scripting CWE-79 Tested on:...
Ivanti Cloud Services Appliance (CSA) Command Injection
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Ivanti Cloud Services Appliance CSA Command Injection', 'Description' = %q This module exploits a command injection vulnerability in the Ivanti...
Ubuntu 22.04.1 X64 Desktop Enlightenment 0.25.3-1 Privilege Escalation
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Ubuntu Enlightenment Mount Priv Esc', 'Description' = %q This module exploits a command injection within Enlightenment's enlightenmentsys binary...
PHP Library Remote Code Execution
JAHx221 - RCE in copy/pasted PHP compat libraries, jsondecode function =============================================================================== Several PHP compatability libraries contain a potential remote code execution flaw in their jsondecode function based on having copy pasted existi...
MilleGPG5 5.7.2 Luglio 2021 Privilege Escalation
Exploit Title: MilleGPG5 5.7.2 Luglio 2021 x64 - Local Privilege Escalation Date: 2021-07-19 Author: Alessandro 'mindsflee' Salzano Vendor Homepage: https://millegpg.it/ Software Homepage: https://millegpg.it/ Software Link: https://www.millegpg.it/download/MilleGPGInstall.exe Version: 5.7.2 Test...
Email-Worm.Win32.Plexus.b Code Execution
Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/ee8990b5d076a7ed601a30eb677cc9be.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Email-Worm.Win32.Plexus.b Vulnerability: Unauthenticated Remote Code Execution Description: The...
WordPress Select All Categories And Taxonomies 1.3.1 Cross Site Scripting
Exploit Title: WordPress Plugin Select All Categories and Taxonomies 1.3.1 - Reflected Cross-Site Scripting XSS Date: 2/15/2021 Author: 0xB9 Software Link: https://downloads.wordpress.org/plugin/select-all-categories-and-taxonomies-change-checkbox-to-radio-buttons.1.3.1.zip Version: 1.3.1 Tested...
CASAP Automated Enrollment System 1.1 SQL Injection
Exploit Title: CASAP Automated Enrollment System 1.1 - Authentication Bypass cookie session Exploit Author: @nu11secur1ty Date: 03.02.2021 Vendor Homepage: https://www.sourcecodester.com/php/12210/casap-automated-enrollment-system.html Software Link:...
Online News Portal System 1.0 Cross Site Scripting
Exploit Title: Online News Portal System 1.0 - 'Title' Stored Cross Site Scripting Date: 24-11-2020 Exploit Author: Parshwa Bhavsar Vendor Homepage: https://www.sourcecodester.com/php/14600/online-news-portal-using-phpmysqli-source-code.html Software Link:...
Mac OS X Feedback Assistant Race Condition
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Mac OS X Feedback Assistant Race Condition', 'Description' = %q This module exploits a race condition vulnerability in Mac's Feedback Assistant. ...
RingsDB Software 1.0.0 Database Disclosure
Exploit Title : RingsDB Software 1.0.0 Database Disclosure Author Discovered By : KingSkrupellos Team : Cyberizm Digital Security Army Date : 20/04/2019 Vendor Homepage : ringsdb.com Software Download Link : github.com/Sydtrack/ringsdb/archive/1.0.0.zip Software Information Link : ringsdb.com/abo...
phpMyAdmin 4.8.1 Authenticated Local File Inclusion
Exploit Title: phpMyAdmin 4.8.1 - Authenticated Local File Inclusion Date: 27-11-2018 Exploit Author: Lucian Ioan Nitescu Contact: https://twitter.com/LucianNitescu Webiste: https://nitesculucian.github.io Vendor Homepage: https://www.phpmyadmin.net/ Software Link:...
Samba 3.5.0 Remote Code Execution
! /usr/bin/env python Title : ETERNALRED Date: 05/24/2017 Exploit Author: steelo Vendor Homepage: https://www.samba.org Samba 3.5.0 - 4.5.4/4.5.10/4.4.14 CVE-2017-7494 import argparse import os.path import sys import tempfile import time from smb.SMBConnection import SMBConnection from smb import...
Veritas Backup Exec Server Registry Access
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Veritas Backup Exec Server Registry Access', 'Description' = %q This modules exploits a remote registry access flaw in the BackupExec Windows...
Magento 2.4.6 XSLT Server Side Injection / Command Execution
Exploit Title: Magento ver. 2.4.6 - XSLT Server Side Injection Date: 2023-11-17 Exploit Author: tmrswrr Vendor Homepage: https://magento2demo.firebearstudio.com/ Software Link: https://github.com/magento/magento2/archive/refs/tags/2.4.6-p3.zip Version: 2.4.6 Tested on: 2.4.6 POC: 1 Enter with adm...
Backdoor.Win32.Burbul.b Anonymous Login
Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/3ee4cb2e06eb1f7fe54c89db903f3e7a.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Burbul.b Vulnerability: Anonymous Logon Description: Backdoor Burbul.b listens on TCP...
ChurchCRM 4.2.1 Cross Site Scripting
Exploit Title: ChurchCRM 4.2.1- Persistent Cross Site ScriptingXSS Date: 2020- 10- 29 Exploit Author: Mufaddal Masalawala Vendor Homepage: https://churchcrm.io/ Software Link: https://github.com/ChurchCRM/CRM Version: 4.2.1 Tested on: Kali Linux 2020.3 Proof Of Concept: ChurchCRM application allo...
Nagios XI 5.7.3 Remote Command Injection
Exploit Title: Nagios XI 5.7.3 - 'mibs.php' Remote Command Injection Authenticated Date: 10-27-2020 Vulnerability Discovery: Chris Lyne Vulnerability Details: https://www.tenable.com/security/research/tra-2020-58 Exploit Author: Matthew Aberegg Vendor Homepage:...
📄 motionEye 0.43.1b4 Remote Command Injection
A remote command injection vulnerability exists in motionEye versions up to and including 0.43.1b4. The issue arises from improper validation and sanitization of user‑supplied input within camera configuration parameters. Under certain conditions, authenticated users can inject crafted input that...
BlackNET 3.7.0.0 Missing Authentication / File Deletion / Traversal
Exploit Title: BlackNET - Multiple Vulnerabilities Exploit Author: bRpsd Date: 20/09/2024 Vendor Homepage: https://github.com/AndroVirus Software Link: https://github.com/AndroVirus/BlackNET/ Version: v3.7.0.0 Tested on: MacOS - Xampp CVE: NA import requests Define the target URL for the POST...
KiTTY 0.76.1.13 Command Injection
!/usr/bin/python ---------------------------------------------------------------------------------------- Exploit: KiTTY ≤ 0.76.1.13 Command Injection Vulnerability in KiTTY Get Remote File Through SCP Input CVE-2024-23749 OS: Microsoft Windows 11/10/8/7/XP Author: DEFCESCO Austin A. DeFrancesco...
Lacabane 1.0 SQL Injection
==================================================================================================================================== | Title : lacabane v1.0 Auth by pass Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 63.0.3 32-bit | |...
PHP Shopping Cart 4.2 SQL Injection
Title: PHP Shopping Cart-4.2 Multiple-SQLi Author: nu11secur1ty Date: 09/13/2023 Vendor: https://www.phpjabbers.com/ Software:https://www.phpjabbers.com/php-shopping-cart-script/sectionPricing Reference: https://portswigger.net/web-security/sql-injection Description: The id parameter appears to b...
Ancillary Function Driver (AFD) For Winsock Privilege Escalation
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Ancillary Function Driver AFD for WinSock Elevation of Privilege', 'Description' = %q A vulnerability exists in the Windows Ancillary Function...
WordPress Real Estate 7 Theme 3.3.4 Abuse Of Functionality
==== Z://USB-00RESEARCH/WORDPRESS/ ============================================= 2023 == Report Title: WordPress Real Estate 7 Theme = 3.3.4 - Abuse of Functionality Google Dork: inurl:/wp-content/themes/realestate-7/ Research Date: 2023-02-10 Researcher: FearZzZz https://fearzzzz.ru Component...
PAN-OS 10.0 Remote Code Execution
Exploit Title: PAN-OS 10.0 - Remote Code Execution RCE Authenticated Date: 2022-08-13 Exploit Author: UnD3sc0n0c1d0 Software Link: https://security.paloaltonetworks.com/CVE-2020-2038 Category: Web Application Version: 10.0.1, 9.1.4 and 9.0.10 Tested on: PAN-OS 10.0 - Parrot OS CVE : CVE-2020-2038...
FusionPBX 4.5.29 Remote Code Execution
Exploit Title: FusionPBX 4.5.29 - Remote Code Execution RCE Authenticated Date: 11/08/2021 Exploit Author: Luska Vendor Homepage: https://www.fusionpbx.com/ Software Link: https://github.com/fusionpbx/fusionpbx Version: 4.5.30 Tested on: Debian CVE : CVE-2021-43405 !/usr/bin/python3 import reques...
Online Traffic Offense Management System 1.0 Remote Code Execution
Exploit Title: Online Traffic Offense Management System 1.0 - Remote Code Execution RCE Unauthenticated Date: 20-08-2021 Exploit Author: Halit AKAYDIN hLtAkydn Vendor Homepage: https://www.sourcecodester.com Software Link:...
Company Crime Tracking Software 1.0 Cross Site Scripting
Exploit Title: Company Crime Tracknig Software | 'fname,surname,email' Stored Cross Site Scripting Exploit Author: Richard Jones Date: 01-04-2021 Vendor Homepage: https://www.sourcecodester.com/ Software Link: https://www.sourcecodester.com/php/12644/company-crime-tracking-system.html Version: 1....
e107 CMS 2.3.0 Cross Site Request Forgery
Exploit Title: e107 CMS 2.3.0 - CSRF Date: 04/03/2021 Exploit Author: Tadjmen Vendor Homepage: https://e107.org Software Link: https://e107.org/download Version: 2.3.0 Tested on: Windows 10 CVE : CVE-2021-27885 CSRF vulnerability on e107 CMS Bug Description Hi. I found a CSRF on the e107 CMS...
WordPress Under Construction, Coming Soon, And Maintenance Mode 1.1.1 SSRF / XSS
There are SSRF and RXSS vulnerabilities in the WordPress plugin Under Construction, Coming Soon & Maintenance Mode version 1.1.1. Both vulnerabilities are fixed in version 1.1.2: https://wordpress.org/plugins/under-construction-maintenance-mode/developers 1 SSRF Here is the relevant code from fil...
Backdoor.Win32.DarkKomet.irv Insecure Permissions
Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/a229acff4e0605ad24eaf3d9c44fdb1b.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.DarkKomet.irv Vulnerability: Insecure Permissions Description: DarkKomet.irv creates ...
Oracle Business Intelligence Enterprise Edition 5.5.0.0.0 / 12.2.1.3.0 / 12.2.1.4.0 LFI
Exploit Title: Oracle Business Intelligence Enterprise Edition 5.5.0.0.0 / 12.2.1.3.0 / 12.2.1.4.0 - 'getPreviewImage' Directory Traversal/Local File Inclusion Date: 2020-10-27 Exploit Author: Ivo Palazzolo @palaziv Reference: https://www.oracle.com/security-alerts/cpuoct2020.html Vendor Homepage...
Kentico CMS 9.0-12.0.49 Cross Site Scripting
Exploit Title: Kentico CMS 9.0-12.0.49 - Persistent Cross Site Scripting Exploit Author: Ataberk YAVUZER CVE: CVE-2019-19493 Type: Webapps Vendor Homepage: https://www.kentico.com/ Version: 9.0-12.0.49 Date: 29-11-2019 CVE Details: https://nvd.nist.gov/vuln/detail/CVE-2019-19493 Details Persisten...
GitLab Omnibus 12.2.1 Logrotate Privilege Escalation
Privilege Escalation via Logrotate in Gitlab Omnibus Overview Identifier: AIT-SA-20190930-01 Target: GitLab Omnibus Vendor: GitLab Version: 7.4 through 12.2.1 Fixed in Version: 12.2.3, 12.1.8 and 12.0.8 CVE: CVE-2019-15741 Accessibility: Local Severity: Low Author: Wolfgang Hotwagner AIT Austrian...
Listing Hub CMS 1.0 SQL Injection
Exploit Title: Listing Hub CMS 1.0 - 'pages.php id' SQL Injection Google Dork: inurl:"pages.php?title=privacy-policy" Date: 14 Feb 2019 Exploit Author: Deyaa Muhammad Author EMail: contact at deyaa.me Author Blog: http://deyaa.me Vendor Homepage: https://themerig.com/ Software Link:...
Watchguard AP100/AP102/AP200 1.2.9.15 Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Watchguard AP Backdoor Shell', 'Description' = 'Watchguard AP's have a backdoor account with known credentials. This can be used to gain a valid...
Apache Reverse Proxy Bypass
===============================ADVISORY============================== Systems Affected: Apache httpd Severity: High Category: Proxy Bypass Author: Context Information Security Ltd Reported to vendor: 16th November 2011 Advisory Issued: 5th October 2011 Reference: CVE-2011-3368...
Joomla 4.2.8 Information Disclosure
!/bin/bash Exploit Title: Joomla! \n" exit 1 else echo -e "\n Joomla! out.tmp echo -e "\ni Database info:\n" echo -e "+ DB Type: $sed -E 's/."dbtype":"^"+"./\1/' out.tmp" echo -e "+ DB Host: $sed -E 's/."host":"^"+"./\1/' out.tmp" echo -e "\e92m+ DB User: $sed -E 's/."user":"^"+"./\1/' out.tmp\e0...
Online Tours And Travels Management System 1.0 SQL Injection
Titles: Travel-Manager-OTMSP-1.0 Multiple SQLi Author: nu11secur1ty Date: 05/01/2024 Vendor: https://mayurik.com/ Software: https://www.sourcecodester.com/php/14510/online-tours-travels-management-system-project-using-php-and-mysql.html Reference: https://portswigger.net/web-security/sql-injectio...
NDtaskmatic 1.0 SQL Injection
Title: NDtaskmatic-1.0-by-Mayuri.K Multiple-SQLi Author: nu11secur1ty Date: 03/07/2024 Vendor: https://www.mayurik.com/ Software: https://www.sourcecodester.com/php/17217/employee-management-system-php-and-mysql-free-download.html Reference: https://portswigger.net/web-security/sql-injection...
STARFACE 7.3.0.10 Broken Authentication
Advisory: STARFACE: Authentication with Password Hash Possible RedTeam Pentesting discovered that the web interface of STARFACE as well as its REST API allows authentication using the SHA512 hash of the password instead of the cleartext password. While storing password hashes instead of cleartext...
WordPress BeTheme BeCustom 1.0.5.2 Cross Site Request Forgery
RCE Security Advisory https://www.rcesecurity.com 1. ADVISORY INFORMATION ======================= Product: BeCustom Wordpress Plugin Vendor URL: https://muffingroup.com/betheme/features/be-custom/ Type: Cross-Site Request Forgery CWE-253 Date found: 2021-10-28 Date published: 2022-11-10 CVSSv3...
Transposh WordPress Translation 1.0.8.1 SQL Injection
RCE Security Advisory https://www.rcesecurity.com 1. ADVISORY INFORMATION ======================= Product: Transposh WordPress Translation Vendor URL: https://wordpress.org/plugins/transposh-translation-filter-for-wordpress/ Type: Improper Authorization CWE-285 Date found: 2022-02-21 Date...
Backdoor.Win32.Hupigon.afjk Directory Traversal
Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/80b0fc8c0657c0ae7971f09af45c706b.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Hupigon.afjk Vulnerability: Directory Traversal Description: The malware deploys a We...
WordPress Media-Tags 3.2.0.2 Cross Site Scripting
Exploit Title: WordPress Plugin Media-Tags 3.2.0.2 - Stored Cross-Site Scripting XSS Date: 25-10-2021 Exploit Author: Akash Rajendra Patil Vendor Homepage: https://wordpress.org/plugins/media-tags/ Software Link: www.codehooligans.com/projects/wordpress/media-tags/ Version: 3.2.0.2 Tested on...
Trojan-Dropper.Win32.Small.fp Unauthenticated Open Proxy
Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/07122dd3b069bbbb445e060c1249d5a2.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Trojan-Dropper.Win32.Small.fp Vulnerability: Unauthenticated Open Proxy Description: The malware...
Windows Server 2012 SrClient DLL Hijacking
class MetasploitModule 'Windows Server 2012 SrClient DLL hijacking', 'Description' = %q All editions of Windows Server 2012 but not 2012 R2 are vulnerable to DLL hijacking due to the way TiWorker.exe will try to call the non-existent SrClient.dll file when Windows Update checks for updates. This...
Backdoor.Win32.NinjaSpy.c Remote Stack Buffer Overflow
Discovery / credits: malvuln - Malvuln.com c 2021 Original source: https://malvuln.com/advisory/6eece319bc108576bd1f4a8364616264.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.NinjaSpy.c Vulnerability: Remote Stack Buffer Overflow Description: The specimen drop...