50728 matches found
Cisco IOX XE Unauthenticated Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Cisco IOX XE Unauthenticated RCE Chain', 'Description' = %q This module leverages both CVE-2023-20198 and CVE-2023-20273 against vulnerable...
Apache OFBiz XML-RPC Java Deserialization
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Apache OFBiz XML-RPC Java Deserialization', 'Description' = %q This module exploits a Java deserialization vulnerability in Apache OFBiz's...
Citrix ADC NetScaler Local File Inclusion
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Citrix ADC NetScaler - Local File Inclusion Metasploit', 'Description' = % The remote device is affected by multiple vulnerabilities. An...
PHPFox 3.4.1 Cross Site Scripting
PHPFox v3.4.1 XSS vulnerabilities ------------------------------------------------------------ == Description == - Software link: http://www.phpfox.com - Affected versions: version 3.4.1 and 3.5.1 is vulnerable. Other versions might be affected as well. - Vulnerability discovered by: Mehdi Dadkha...
SPIP 4.2.12 Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'SPIP Unauthenticated RCE via porteplume Plugin', 'Description' = %q This module exploits a Remote Code Execution vulnerability in SPIP versions u...
MS17-010 SMB Remote Code Execution Detection
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'MS17-010 SMB RCE Detection', 'Description' = %q Uses information disclosure to determine if MS17-010 has been patched or not. Specifically, it...
Apache 2.2.14 mod_isapi Remote SYSTEM Exploit
/ Apache 2.2.14 modisapi Dangling Pointer Remote SYSTEM Exploit CVE-2010-0425 ------------------------------------------------------------------------------ Advisory: http://www.senseofsecurity.com.au/advisories/SOS-10-002 Description: pwn-isapi.cpp exploits a dangling pointer vulnerabilty in...
Linux Kernel Dirty COW PTRACE_POKEDATA Privilege Escalation
// // This exploit uses the pokemon exploit as a base and automatically // generates a new passwd line. The original /etc/passwd is then // backed up to /tmp/passwd.bak and overwritten with the new line. // The user will be prompted for the new password when the binary is run. // After running th...
Xerox Printers Authenticated Remote Code Execution
SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Authenticated Remote Code Execution product: Multiple Xerox printers EC80xx, AltaLink, VersaLink, WorkCentre vulnerable version: see vulnerable versions below fixed...
Webmin 1.890 expired Remote Root
!/usr/bin/perl -w Webmin 1.890 based on 1.920 research 'expired' Remote Root Exploit Copyright 2019 c Todor Donev Installation on CentOS: rpm -ivh https://sourceforge.net/projects/webadmin/files/webmin/1.890/webmin-1.890-1.noarch.rpm/download Disclaimer: This or previous programs are for...
rConfig 3.9.4 searchField Remote Code Execution
Exploit Title: rConfig 3.9.4 - 'searchField' Unauthenticated Root Remote Code Execution Exploit Author: vikingfr Greetz : Orange Cyberdefense - team CSR-SO https://cyberdefense.orange.com Date: 2020-03-12 CVE-2019-19509 + CVE-2019-19585 + CVE-2020-10220 Exploit link :...
Microsoft RDP Remote Code Execution
!/usr/bin/python import socket from OpenSSL import from struct import pack, unpack from sys import argv, exit class x224ConnectionRequestPacket: def initself: total of 8 bytes self.rdpNegReq = pack ' 1110 E CDT - 0000 0 for class 0 and 1 0, dest-ref , 2 bytes fuzzable 0, src-ref , 2 bytes fuzzabl...
Linux OverlayFS Local Privilege Escalation
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Local Privilege Escalation via CVE-2023-0386', 'Description' = %q This exploit targets the Linux kernel bug in OverlayFS. A flaw was found in the...
Comsenz SupeSite CMS 7.0 SQL Injection
Comsenz SupeSite 7.0 CMS SQL Injection Security Vulnerabilities Exploit Title: Comsenz SupeSite CMS SQL Injection Security Vulnerabilities Product: SupeSite CMS Content Management System Vendor: Comsenz Vulnerable Versions: 6.0.1UC 7.0 Tested Version: 7.0 Advisory Publication: March 14, 2015 Late...
Kong Gateway Admin API Remote Code Execution
frozenstringliteral: true This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Kong Gateway Admin API Remote Code Execution', 'Description' = ' This module uses the Kong admin API to create a route...
Linux TIOCSPGRP Broken Locking
Linux: Broken locking in TIOCSPGRP leads to corrupted tty-pgrp refcount tiocspgrp, the handler for the TIOCSPGRP ioctl, has the following signature: static int tiocspgrpstruct ttystruct tty, struct ttystruct realtty, pidt user p It receives two ttystruct pointers because, for PTY pairs, userspace...
VMware vCenter Server File Upload / Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'VMware vCenter Server Unauthenticated OVA File Upload RCE', 'Description' = %q This module exploits an unauthenticated OVA file upload and path...
JSC JIT Out-Of-Bounds Access
JSC: JIT: Incorrect Common Subexpression Elimination for ArithNegate, leading to OOB accesses The DFG and FTL JIT compilers incorrectly replace Checked with Unchecked ArithNegate operations and vice versa during Common Subexpression Elimination. This can then be exploited to cause out-of-bounds...
RUNCMS1.3a-sql.tyxt
refrence: http://www.runcms.org/public/modules/forum/viewtopic.php?topicid=4003&forum=18 http://hamid.ir/security/ ----------------------------------------------- RUNCMS 1.3a SQL injection Runcms Includes most things a webmaster would expect from a cms: downloads, links, tutorials section, polls,...
ProFTPD 1.3.5 Mod_Copy Command Execution
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'ProFTPD 1.3.5 ModCopy Command Execution', 'Description' = %q This module exploits the SITE CPFR/CPTO commands in ProFTPD version...
Microsoft Windows TOCTOU Local Privilege Escalation
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Windows Kernel Time of Check Time of Use LPE in AuthzBasepCopyoutInternalSecurityAttributes', 'Description' = %q CVE-2024-30088 is a Windows Kern...
Joomla Kunena Forum 3.0.5 SQL Injection
Kunena forum extension for Joomla multiple SQL injection vulnerabilities Class: Input Validation Error CVE: N/A Remote: Yes Local: No Published: 02/07/2014 Credit: Raymond Rizk of Dionach [email protected] Vendor: Kunena Vulnerable: Kunena v3.0.5 Solution Status: Fixed by Vendor Kunena Forum is...
XZero Community Classifieds 4.97.8 XSS
-----------------------------I AM MUSLIM !!------------------------------ ============================================================================== / \ | | | | / \ | | | | / \ | | | | / \ | || | / \ | | | | / \ | | IN THE NAME OF // \ || || // \ || ||...
VegaBird Vooki 5.2.9 DLL Hijacking
==================================== CVE ID: CVE-2024-45874 Author: Iulian Florea Vendor: VegaBird Product: Vooki - Dynamic Web Application & REST API Vulnerability Scanner DAST Tool Vulnerability Type: DLL Hijacking ==================================== ==================================== Summar...
SmarterTools SmarterMail Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'SmarterTools SmarterMail less than build 6985 - .NET Deserialization Remote Code Execution', 'Description' = %q This module exploits a...
XCMS 1.83 Remote Command Execution
Exploit Title: XCMS v1.83 - Remote Command Execution RCE Author: Onurcan Email: [email protected] Site: ihteam.net Script Download : http://www.xcms.it Date: 26/12/2022 The xcms's footerthat is in "/dati/generali/footer.dtb" is included in each page of the xcms. Taking "home.php" for example...
VestaCP 0.9.8-26 Cross Site Scripting
Document Title: =============== VestaCP v0.9.8-26 - period Cross Site Web Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2239 Release Date: ============= 2020-11-24 Vulnerability Laboratory ID VL-ID: ====================================...
Dahua DVR Authentication Bypass Scanner
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule %qDahua DVR Auth Bypass Scanner, 'Description' = %qScans for Dahua-based DVRs and then grabs settings. Optionally resets a user's password and...
WordPress Fancy Product Designer For WooCommerce 4.5.1 File Upload
About Fancy Product Designer for WooCommerce Fancy Product Designer for WooCommerce is a WordPress plugin which allows users to design custom products in a vendor's WooCommerce store. It is sold through the third-party marketplace "Envato Market" and boasts over 15,000 sales. Unrestricted File...
SPIP 4.2.9 Code Execution
============================================================================================================================================= | Title : SPIP 4.2.9 PHP Code execution Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 129.0.1 64 bits |...
Opolis.eu Secure Mail Blind SQL Injection / XSS / CSRF / DoS
========================================================================================================================================================================= OPOLIS.EU SECURE MAIL Blind SQLInjection / Cross site scripting / CSRF / Apacche httpd Remote D.O.S /PHP hangs on parsing...
Advanced Comment System 1.0 SQL Injection
...
Car Rental Project 2.0 Shell Upload
Exploit Title: Car Rental Project 2.0 - Arbitrary File Upload to Remote Code Execution Date: 3/2/2021 Exploit Author: Jannick Tiger Vendor Homepage: https://phpgurukul.com/ Software Link: https://phpgurukul.com/car-rental-project-php-mysql-free-download/ Version : V 2.0 Vulnerability Type:...
Cisco VoIP Script Insertion / Weak Passwords / Undocumented Functionality
SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple Vulnerabilities product: Cisco VoIP Phones, e.g. models 88XX vulnerable version: See list of vulnerable devices/firmwares below fixed version: 12.5.1 MN CVE...
Zabbix 5.0.0 Cross Site Scripting
Exploit Title: Zabbix 5.0.0 - Stored XSS via URL Widget Iframe Date: 8/11/2020 Exploit Author: Shwetabh Vishnoi Vendor Homepage: https://www.zabbix.com/ Software Link: https://www.zabbix.com/download Affected Version: Zabbix before 3.0.32rc1, 4.x before 4.0.22rc1, 4.1.x through 4.4.x before...
HTTP Protocol Stack Denial Of Service / Remote Code Execution
!/usr/bin/python Author @nu11secur1ty CVE-2022-21907 from colorama import init, Fore, Back, Style initconvert=True import requests import time printFore.RED +"Please input your host...\n" printStyle.RESETALL printFore.YELLOW host = input printStyle.RESETALL printFore.BLUE +"Sending an especially...
Microsoft Windows Finger Security Bypass / C2 Channel
Title: Windows TCPIP Finger Command - C2 Channel and Bypassing Security Software + Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/WindowsTCPIPFingerCommandC2ChannelandBypassingSecuritySoftware.txt + twitter.com/hyp3rlinx +...
Zyxel Chained Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'socket' require 'digest/md5' class MetasploitModule 'Zyxel chained RCE using LFI and weak password derivation algorithm', 'Description' = %q This module exploit...
PEEL Shopping 9.3.0 SQL Injection
Exploit Title: PEEL Shopping 9.3.0 - 'id' Time-based SQL Injection Date: 2021-07-10 Exploit Author: faisalfs10x https://github.com/faisalfs10x Vendor Homepage: https://www.peel.fr Software Link: https://sourceforge.net/projects/peel-shopping/files/peel-shopping930.zip/download Version: prior to...
Artworks Gallery 1.0 Shell Upload
Artworks Gallery - Arbitrary File Upload - RCE Authenticated - Edit Profile Exploit Title: Artworks Gallery - Arbitrary File Upload - RCE Authenticated - Edit Profile Date: November 17th, 2020 Exploit Author: Shahrukh Iqbal Mirza @shahrukhiqbal24 Vendor Homepage: Source Code & Projects...
mRemoteNG 1.76.20 Privilege Escalation
mRemoteNG mRemoteNG v1.76.20 Privilege Escalation Detailed Information ------------------------------------------------------------------------------------------------------------------------------------------------------------------------ Product Name: mRemoteNG Vendor Home Page:...
Google Chrome SimplfiedLowering Integer Overflow
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Google Chrome versions before 87.0.4280.88 integer overflow during SimplfiedLowering phase', 'Description' = %q This module exploits an issue in...
Liman 0.7 Cross Site Request Forgery
Exploit Title: Liman v0.7 - Cross-Site Request Forgery CSRF Date: 27-03-2018 Exploit Author: George Tsimpidas Software Link : https://github.com/salihciftci/liman/releases/tag/v0.7 Version: 0.7 Tested on: 18.04.5 LTS Bionic Beaver Category: Webapp 1. Description:- There is no CSRF protection in...
Cisco Device Hardcoded Credentials / GNU glibc / BusyBox
SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple vulnerabilities product: Cisco RV340, Cisco RV340W, Cisco RV345, Cisco RV345P, Cisco RV260, Cisco RV260P, Cisco RV260W, Cisco 160, Cisco 160W vulnerable version:...
Ping Identity PingIDM 7.5.0 Query Filter Injection
SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Query Filter Injection product: Ping Identity PingIDM formerly known as ForgeRock Identity Management vulnerable version: v7.0.0 - v7.5.0 and older unsupported versions...
XenForo 2.2.15 Cross Site Request Forgery
------------------------------------------------------------------------------- XenForo = 2.2.15 Widget::actionSave Cross-Site Request Forgery Vulnerability ------------------------------------------------------------------------------- - Software Link: https://xenforo.com - Affected Versions:...
OpenSSH 7.2p1 xauth Command Injection / Bypass
Author: Ref: https://github.com/tintinweb/pub/tree/master/pocs/cve-2016-3115 Version: 0.2 Date: Mar 3rd, 2016 Tag: openssh xauth command injection may lead to forced-command and /bin/false bypass Overview -------- Name: openssh Vendor: OpenBSD References: http://www.openssh.com/1 Version: 7.2p1 2...
Joomla JomEstate 4.1 SQL Injection
Exploit Title : Joomla 2.5.28 ComJomEstate Real Estate Components 4.1 SQL Injection Author Discovered By : KingSkrupellos Team : Cyberizm Digital Security Army Date : 29/08/2019 Vendor Homepage : comdev.eu/jomestate Joomla Affected Versions : Joomla 1.5.18 Joomla 1.5.26 - Joomla 1.6 - Joomla 1.7...
Drupalgeddon2 Drupal Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Drupalgeddon2', 'Description' = %q CVE-2018-7600 / SA-CORE-2018-002 Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before...
Payara Platform Path Traversal
SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Path Traversal Vulnerability product: Payara Platform vulnerable version: Enterprise: 5.45.0 Community: 6.2022.1, 5.2022.4, 4.1.2.191.38 fixed version: Enterprise: 5.45.0...