50738 matches found
Pandora FMS 7.0NG.742 Remote Code Execution
Exploit Title: Pandora FMS v7.0NG.742 - Remote Code Execution RCE Authenticated Date: 05/20/2022 Exploit Author: UNICORD NicPWNs & Dev-Yeoj Vendor Homepage: https://pandorafms.com/ Software Link:...
Cibele Thinfinity VirtualUI 2.5.41.0 User Enumeration
Exploit Title: Cibele Thinfinity VirtualUI 2.5.41.0 - User Enumeration Date: 13/12/2021 Exploit Author: Daniel Morales, IT Security Team - ARHS Spikeseed Vendor Homepage: https://www.cybelesoft.com Software Link: https://www.cybelesoft.com/thinfinity/virtualui/ Version: vulnerable v3.0 Tested on:...
Advantech iView Unauthenticated Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Advantech iView Unauthenticated Remote Code Execution', 'Description' = %q This module exploits an unauthenticated configuration change combined...
Webmin 1.920 rpc.cgi Remote Root
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "Webmin %q This exploit takes advantage of a code execution issue within the function unserialisevariable located in web-lib-funcs.pl, in order to...
RVSiteBuilder RVGlobalSoft CMS 7.0 Bypass / Disclosure / SQL Injection
Exploit Title : RVSiteBuilder RVGlobalSoft CMS 7.0 Multiple Vulnerabilities Vulnerabilities are = SQL Injection / File Upload / Authentication Bypass / Database Disclosure Author Discovered By : KingSkrupellos Team : Cyberizm Digital Security Team Date : 14/02/2019 Vendor Homepages :...
Microsoft SRV2.SYS SMB Negotiate ProcessID Function Table Dereference
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Microsoft SRV2.SYS SMB Negotiate ProcessID Function Table Dereference', 'Description' = %q This module exploits an out of bounds function table...
4BRO Insecure Direct Object Reference / API Information Exposure
SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Broken access control & API Information Exposure product: 4BRO App vulnerable version: before 2024-04-17 fixed version: 2024-04-17 CVE number: - impact: Critical homepage...
GLPI 10.0.2 SQL Injection / Remote Code Execution
ADVISORY INFORMATION Exploit Title: GLPI v10.0.2 - SQL Injection Authentication Depends on Configuration Date of found: 11 Jun 2022 Application: GLPI =10.0.0, 10.0.3 Author: Nuri Çilengir Vendor Homepage: https://glpi-project.org/ Software Link: https://github.com/glpi-project/glpi Advisory:...
WebKit HTMLSelectElement Use-After-Free
WebKit use-after-free in HTMLSelectElement There is a use-after-free in HTMLSelectElement. If the length of the HTMLSelectElement is set to a value greater than the existing options length then dummy HTMLOptionElements elements are created. These HTMLOptionsElements are stored as raw pointers in...
WordPress Visual Slide Box Builder 3.2.9 SQL Injection
Title: WordPress 6.0 - Visual Slide Box Builder 3.2.9 SQLi Author: nu11secur1ty Date: 07.11.2022 Vendor: https://wphive.com/ Software: https://wphive.com/plugins/wp-visual-slidebox-builder/?pluginversion=3.2.9 Reference:...
TP-Link AX50 Remote Code Execution
Exploit Title: TP-Link Router AX50 firmware 210730 - Remote Code Execution RCE Authenticated Exploit Author: Tomas Melicher Technical Details: https://github.com/aaronsvk/CVE-2022-30075 Date: 2022-06-08 Vendor Homepage: https://www.tp-link.com/ Tested On: Tp-Link Archer AX50 Vulnerability...
WBCE CMS 1.5.1 Admin Password Reset
Exploit Title: WBCE CMS 1.5.1 - Admin Password Reset Google Dork: intext: "Way Better Content Editing" Date: 20/12/2021 Exploit Author: citril or https://github.com/maxway2021 Vendor Homepage: https://wbce.org/ Software Link: https://wbce.org/de/downloads/ Version: = 1.5.1 Tested on: Linux CVE :...
AbanteCart Arbitrary File Upload / Cross Site Scripting
SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple vulnerabilities product: AbanteCart e-commerce platform vulnerable version: 1.3.2 fixed version: 1.3.2 CVE number: CVE-2021-42050, CVE-2021-42051 impact: Medium...
Virus.Win32.Ipamor.c Unauthenticated Reboot
Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/b6bfdfe91c3e37865b6a269dc9ff9302.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Virus.Win32.Ipamor.c Vulnerability: Unauthenticated Remote System Reboot Description: The malware...
Panasonic Sanyo CCTV Network Camera 2.03-0x Cross Site Request Forgery
!-- Panasonic Sanyo CCTV Network Camera 2.03-0x CSRF Disable Authentication / Change Password Vendor: Panasonic Corporation | SANYO Electric Co., Ltd. Product web page: https://www.panasonic.com https://www.sanyo-av.com https://panasonic.net/sanyo/cs/index.html Affected version: Model: VCC-HD5600...
Apache MyFaces 2.x Cross Site Request Forgery
Ceritude Securiy Advisory - CSA-2021-001 PRODUCT : Apache MyFaces VENDOR : The Apache Software Foundation SEVERITY : High AFFECTED VERSION : =2.2.13, =2.3.7, =2.3-next-M4, =2.1 branches IDENTIFIERS : CVE-2021-26296 PATCH VERSION : 2.2.14, 2.3.8, 2.3-next-M5, 3.0.0 FOUND BY : Wolfgang Ettlinger,...
Knockpy 4.1.1 CSV Injection
Exploit Title: Knockpy 4.1.1 - CSV Injection Author: Dolev Farhi Date: 2020-12-29 Vendor Homepage: https://github.com/guelfoweb/knock Version : 4.1.1 Tested on: Debian 9.13 Knockpy, as part of its subdomain brute forcing flow of a remote domain, issues a HEAD request to the server to fetch detail...
D-Link DIR-615 T1 20.10 CAPTCHA Bypass
Exploit Title: D-Link DIR-615 T1 20.10 - CAPTCHA Bypass Date: 2019-10-12 Exploit Author: huzaifa hussain Vendor Homepage: https://in.dlink.com/ Version: DIR-615 T1 ver:20.10 Tested on: D-LINK ROUTER "MODEL NO: DIR-615" with "FIRMWARE VERSION:20.10" & "HARDWARE VERSION:T1 CVE: CVE-2019-17525 D-LIN...
WebLogic Server Deserialization Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'WebLogic Server Deserialization RCE BadAttributeValueExpException ExtComp', 'Description' = %q There exists a Java object deserialization...
Find A Place CMS Directory 1.5 SQL Injection
Exploit Title: Find a Place CMS Directory 1.5 - 'assets/external/data2.php cate' SQL Injection Google Dork: inurl:"assets/external/data.php" Date: 14 Feb 2019 Exploit Author: Deyaa Muhammad Author EMail: contact at deyaa.me Author Blog: http://deyaa.me Vendor Homepage: https://themerig.com/...
Webmin 2.202 Remote Command Execution
Webmin version 2.202 remote command execution exploit that provides a reverse shell. ============================================================================================================================================= | Title : Webmin 2.202 Reverse Shell attack | | Author : indoushka | |...
Leads Manager Tool SQL Injection / Cross Site Scripting
x========================================================================================================================================x | Title : Leads Manager Tool SQL & XSSstored Vulnerabilities | Software : Leads Manager Tool Using PHP and MySQL with Source Code | Create By :...
HAWKI 1.0.0-beta.1 XSS / File Overwrite / Session Fixation
SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple vulnerabilities product: HAWKI Interaction Design Team at the University of Applied Sciences and Arts in Hildesheim/Germany vulnerable version: 1.0.0-beta.1,...
SISQUAL WFM 7.1.319.103 Host Header Injection
Exploit Title: SISQUAL WFM 7.1.319.103 Host Header Injection Discovered Date: 17/03/2023 Reported Date: 17/03/2023 Exploit Author: Omer Shaik unknownexploit Vendor Homepage: https://www.sisqualwfm.com Version: 7.1.319.103 Tested on: SISQUAL WFM 7.1.319.103 Affected Version: sisqualWFM - 7.1.319.1...
October CMS 3.4.0 About Cross Site Scripting
OctoberCMS v3.4.0 About Stored Cross-Site Scripting Vulnerability Vendor: October CMS Product web page: https://www.octobercms.com Affected version: 3.4.0 Summary: OctoberCMS is a self-hosted content management system CMS based on the PHP programming language and Laravel web application framework...
PodcastGenerator 3.2.9 Cross Site Scripting
Exploit Title: PodcastGenerator 3.2.9 - Multiple Stored Cross-Site Scripting XSS Application: PodcastGenerator Version: v3.2.9 Bugs: Stored Xss Technology: PHP Vendor URL: https://podcastgenerator.net/ Software Link: https://github.com/PodcastGenerator/PodcastGenerator Date of found: 14-05-2023...
Piwigo 13.5.0 SQL Injection
===== Tempest Security Intelligence - ADV-03/2023 ========================== Piwigo - Version 13.5.0 Author: Rodolfo Tavares Tempest Security Intelligence - Recife, Pernambuco - Brazil ===== Table of Contents================================================== Overview Detailed description Timeline...
WSO2 Management Console Cross Site Scripting
Exploit Title: WSO2 Management Console Multiple Products - Unauthenticated Reflected Cross-Site Scripting XSS Date: 21 Apr 2022 Exploit Author: cxosmo Vendor Homepage: https://wso2.com Software Link: API Manager https://wso2.com/api-manager/, Identity Server https://wso2.com/identity-server/,...
Backdoor.Win32.Acropolis.10 Insecure Permissions
Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/e865fc7225c84165d7aa0c7d8a1bcb77.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Acropolis.10 Vulnerability: Insecure Permissions Description: The malware writes an...
WordPress TheCartPress 1.5.3.6 Privilege Escalation
Exploit Title: Wordpress Plugin TheCartPress 1.5.3.6 - Privilege Escalation Unauthenticated Google Dork: inurl:/wp-content/plugins/thecartpress/ Date: 04/10/2021 Exploit Author: spacehen Vendor Homepage: https://wordpress.org/plugin/thecartpress Version: spacehen www.github.com/spacehen" def...
rConfig 3.9.6 Shell Upload
Exploit Title: rConfig 3.9.6 - Arbitrary File Upload to Remote Code Execution Authenticated Date: 2021-03-17 Exploit Author: Murat ŞEKER Vendor Homepage: https://www.rconfig.com Software Link: https://www.rconfig.com/downloads/rconfig-3.9.6.zip Version: rConfig v3.9.6 Install scripts :...
BlogEngine 3.3.8 Cross Site Scripting
Exploit Title: BlogEngine 3.3.8 - 'Content' Stored XSS Date: 11/2020 Exploit Author: Andrey Stoykov Vendor Homepage: https://blogengine.io/ Software Link: https://github.com/BlogEngine/BlogEngine.NET/releases/download/v3.3.8.0/3380.zip Version: 3.3.8 Tested on: Windows Server 2016 Exploit and...
Microsoft Windows VCF Denial Of Service
Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/MICROSOFT-WINDOWS-VCF-MAILTO-LINK-DENIAL-OF-SERVICE.txt + twitter.com/hyp3rlinx + ISR: ApparitionSec Vendor www.microsoft.com Product A VCF file is a standard file format for...
Apache Rave 0.20 User Information Disclosure
Apache Rave version 0.20 proof of concept user information disclosure exploit that leverages a flaw from 2013. ============================================================================================================================================= | Title : Apache Rave 0.20 Disclosure of use...
Hospital Management System Project In ASP.Net MVC 1 SQL Injection
Exploit Title: Hospital Management System Project in ASP.Net MVC - SQL Injection / Authentication Bypass Date: 07/16/2024 Exploit Author: 0xMykull Vendor Hompage: https://itsourcecode.com/free-projects/asp/hospital-management-system-project-in-asp-net-mvc-with-source-code/ Software Link:...
WordPress Royal Elementor 1.3.78 Shell Upload
Today, on October 13, 2023, the Wordfence Threat Intelligence Team became aware of a vulnerability that was recently patched in Royal Elementor Addons and Templates, a WordPress plugin installed on over 200,000 sites, that makes it possible for unauthenticated attackers to upload arbitrary files ...
TinyWebGallery 2.5 Shell Upload
Exploit Title: TinyWebGallery v2.5 - Remote Code Execution RCE Application: TinyWebGallery Version: v2.5 Bugs: RCE Technology: PHP Vendor URL: http://www.tinywebgallery.com/ Software Link: https://www.tinywebgallery.com/download.php?tinywebgallery=latest Date of found: 07-05-2023 Author: Mirabbas...
ManageEngine ADAudit Plus Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'ManageEngine ADAudit Plus Authenticated File Write RCE', 'Description' = %q This module exploits security issues in ManageEngine ADAudit Plus pri...
Tenda N300 F3 12.01.01.48 Header Processing
!/usr/bin/python3 Exploit Title: Tenda N300 F3 12.01.01.48 - Malformed HTTP Request Header Processing Shodan Dork: http.favicon.hash:-2145085239 http.title:"Tenda | LOGIN" Date: 09/03/2023 Exploit Author: @h454nsec Github: https://github.com/H454NSec/CVE-2020-35391 Vendor Homepage:...
io_uring Same Type Object Reuse Privilege Escalation
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'iouring Same Type Object Reuse Priv Esc', 'Description' = %q This module exploits a bug in iouring leading to an additional putcred that can be...
WordPress Zephyr Project Manager 3.2.42 SQL Injection
Exploit Title: Wordpress Plugin Zephyr Project Manager 3.2.42 - Multiple SQLi Date: 14-08-2022 Exploit Author: Rizacan Tufan Blog Post: https://rizax.blog/blog/wordpress-plugin-zephyr-project-manager-multiple-sqli-authenticated Software Link: https://wordpress.org/plugins/zephyr-project-manager/...
WordPress Duplicator 1.4.7 Information Disclosure
Exploit Title: WordPress Plugin Duplicator 1.4.7 - Information Disclosure Google Dork: N/A Date: 07.27.2022 Exploit Author: SecuriTrust Vendor Homepage: https://snapcreek.com/ Software Link: https://wordpress.org/plugins/duplicator/ Version: = 1.4.7 Tested on: Linux, Windows CVE : CVE-2022-2552...
Musical World 1 Shell Upload
Musical-World-Unrestricted-File-Upload-RCE-POC Author: D4rkP0w4r Note Login to client. don't need login to admin Description Upload web shell at UploadedSongs Step to Reproduct Login to user - TRACK - UploadedSongs - Choose File - UPLOAD - access /songs/uploadedsongs/shell.php Exploit When upload...
Accu-Time Systems MAXIMUS 1.0 Buffer Overflow / Denial Of Service
Exploit Title: Accu-Time Systems MAXIMUS 1.0 Telnet Remote Buffer Overflow Discovered by: Yehia Elghaly Discovered Date: 2021-12-22 Vendor Homepage: https://www.accu-time.com/ Software Link : https://www.accu-time.com/maximus-employee-time-clock-3/ Tested Version: 1.0 Vulnerability Type: Buffer...
PuneethReddyHC Online Shopping System Advanced 1.0 SQL Injection
CVE-2021-41648 CVE-2021-41648 SQL Injection in online-shopping-system The online-shopping-system is vulnerable to un-authenticated error/boolean-based blind & error based SQL Injection attacks. The proId parameter on the /action.php page does not sanitize the user input, an attacker can extract...
Backdoor.Win32.Agent.sah Heap Corruption
Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/3ee7a90b5fc3f2b7ba68911e8220df17.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Agent.sah Vulnerability: Heap Corruption Description: The malware listens on TCP port...
CSZ CMS 1.2.9 Arbitrary File Deletion
Exploit Title: CSZ CMS 1.2.9 - 'Multiple' Arbitrary File Deletion Date: 2021-07-20 Exploit Author: faisalfs10x https://github.com/faisalfs10x Vendor Homepage: https://www.cszcms.com Software Link: https://sourceforge.net/projects/cszcms/files/latest/download Version: 1.2.9 Tested on: Windows 10,...
LogonTracer 1.2.0 Remote Code Execution
Exploit Title: LogonTracer 1.2.0 - Remote Code Execution Unauthenticated Date: 29/05/2021 Exploit Author: g0ldm45k Vendor Homepage: https://www.jpcert.or.jp/ Software Link: https://github.com/JPCERTCC/LogonTracer/releases/tag/v1.2.0 Version: 1.2.0 and earlier Tested on: Version 1.2.0 on Debian...
Trojan.Win32.Agentb.iofv Insecure Permissions
Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/d4ac133a9df0c627f899bb6039d04215.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Trojan.Win32.Agentb.iofv Vulnerability: Insecure Permissions Description: Agentb.iofv creates an...
Trojan-Dropper.Win32.Delf.da Buffer Overflow
Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/a2f1adfd7a35fd0e0207a24be169b4c1.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Trojan-Dropper.Win32.Delf.da Vulnerability: Remote Stack Buffer Overflow UDP Datagram Description:...