50738 matches found
Microsoft Exchange 2019 Unauthenticated Email Download
Exploit Title: Microsoft Exchange 2019 - Unauthenticated Email Download Date: 03-11-2021 Exploit Author: Gonzalo Villegas a.k.a Cl34r Vendor Homepage: https://www.microsoft.com/ Version: OWA Exchange 2013 - 2019 Tested on: OWA 2016 CVE : CVE-2021-26855 Details: checking users mailboxes and...
Fluig 1.7.0 Path Traversal
Exploit Title: Fluig 1.7.0 - Path Traversal Date: 26/11/2020 Exploit Author: Lucas Souza Vendor Homepage: https://www.totvs.com/fluig/ Version: payload.txt curl -s https://raw.githubusercontent.com/lucxssouza/banners/main/xFluig/banner banner -- FUNCTIONS -- function create-payload wordlist.txt...
Trojan.Win32.Pluder.o Insecure Permissions
Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/ee22eea131c0e00162e4ba370f396a00.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Trojan.Win32.Pluder.o Vulnerability: Insecure Permissions Description: Creates an insecure dir named...
PHP Mass Mail 1.0 Shell Upload
Exploit Title: PHP Mass Mail 1.0 - Arbitrary File Upload Dork: N/A Date: 2018-11-14 Exploit Author: Ihsan Sencan Vendor Homepage: https://phpmassmail.sourceforge.io/ Software Link: https://netix.dl.sourceforge.net/project/phpmassmail/phpmassmail/1.0.0/phpmassmail.zip Version: 1.0 Category: Webapp...
Net-Billetterie 2.9 SQL Injection
Exploit Title: Net-Billetterie 2.9 - 'login' SQL Injection Dork: N/A Date: 2018-11-13 Exploit Author: Ihsan Sencan Vendor Homepage: http://net-billetterie.tuxfamily.org/ Software Link: https://netix.dl.sourceforge.net/project/netbilletterie/Netbilletterie2.9.zip Version: 2.9 Category: Webapps...
Skia Graphics Library Heap Overflow
Skia Graphics Library: heap overflow due to rounding error in SkEdge::setLine Skia bug: https://bugs.chromium.org/p/skia/issues/detail?id=6294 There is a heap overflow in SkARGB32ShaderBlitter::blitH caused by a rounding error in SkEdge::setLine. To trigger the bug Skia needs to be compiled with...
Nagios Core Curl Command Injection / Code Execution
/ / / / / / / / / / / / / / / / / / // / / / /// / / / / // / // / // / / / / // / // , / / / ///, /,// // //,///||// // // ============================================= - Discovered by: Dawid Golunski - dawidatlegalhackers.com - https://legalhackers.com - CVE-2016-9565 - Release date:...
Fortinet FortiManager 7.6.0 Code Execution
Fortinet FortiManager version 7.6.0 suffers from a code execution vulnerability. ============================================================================================================================================= | Title : Fortinet FortiManager 7.6.0 PHP Code Injection Vulnerability | |...
GL.iNet 4.4.3 Code Injection
============================================================================================================================================= | Title : GL.iNet network 4.4.3 Code Injection Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 130.0.2 64...
Prison Management System 1.0 Code Injection
============================================================================================================================================= | Title : Prison Management System v1.0 php code injection Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefo...
MediaWiki SVG XML Entity Expansion Remote File Access
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'MediaWiki SVG XML Entity Expansion Remote File Access', 'Description' = %q This module attempts to read a remote file from the server using a...
K7 Ultimate Security NULL Pointer Dereference
Title: K7 Ultimate Security v17.0.2019 "K7RKScan.sys" Null Pointer Dereference Date: 13.08.2024 Author: M. Akil Gündoğan Vendor Homepage: https://k7computing.com/ Version: v17.0.2019 Tested on: Windows 10 Pro x64 CVE ID: CVE-2024-36424 Vulnerability Description:...
Nagios XI 2024R1.01 SQL Injection
Exploit Title: NAGIOS XI SQLI Google Dork: if applicable Date: 02/26/2024 Exploit Author: Jarod Jaslow MAWK https://www.linkedin.com/in/jarod-jaslow-codename-mawk-265144201/ Vendor Homepage: https://www.nagios.com/changelog/nagios-xi Software Link: https://github.com/MAWK0235/CVE-2024-24401...
WordPress RSVPMaker 9.3.2 SQL Injection
!/bin/bash Set the URL of the website running the vulnerable plugin url="http://example.com/wp-content/plugins/rsvpmaker/rsvpmaker-email.php" Set the number of columns in the query columns=5 response=$curl -s "$url" query=$echo "$response" | grep -oP 'FROM . WHERE .' payload="' UNION SELECT...
Luxcal Event Calendar 3.2.3 Cross Site Request Forgery
==================================================================================================================================== | Title : Luxcal Event Calendar v3.2.3 CSRF Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 63.0.3 32-bit...
WinRAR Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'zip' class MetasploitModule 'WinRAR CVE-2023-38831 Exploit', 'Description' = %q This module exploits a vulnerability in WinRAR CVE-2023-38831. When a user opens...
Cameleon CMS 2.7.4 Cross Site Scripting
Exploit Title: Authenticated Persistent XSS in Cameleon CMS 2.7.4 Google Dork: intext:"Camaleon CMS is a free and open-source tool and a fexible content management system CMS based on Ruby on Rails" Date: 2023-10-05 Exploit Author: Yasin Gergin Vendor Homepage: http://camaleon.tuzitio.com Softwar...
Ecommerce 1.0 Cross Site Scripting / Open Redirect
Title: Ecommerse-1.0 XSS-Reflected Hijack-credentials - JavaScript Injection Author: nu11secur1ty Date: 11.23.2022 Vendor: https://github.com/winston-dsouza Software: https://github.com/winston-dsouza/ecommerce-website Reference:...
Backdoor.Win32.Hupigon.nqr Unauthenticated Open Proxy
Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/9603420a004d9559e610ddeb9d94e20a.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Hupigon.nqr Vulnerability: Unauthenticated Open Proxy Description: The malware listen...
Kingdia CD Extractor 3.0.2 Buffer Overflow
Exploit Title: Kingdia CD Extractor 3.0.2 - Buffer Overflow SEH Date: 31.10.2021 Software Link: https://en.softonic.com/download/kingdia-cd-extractor/windows/post-download Exploit Author: Achilles Tested Version: 3.0.2 Tested on: Windows 7 64bit 1.- Run python code : Kingdia.py 2.- Open EVIL.txt...
LibreNMS 1.46 SQL Injection
Exploit Title: LibreNMS 1.46 - MAC Accounting Graph Authenticated SQL Injection Google Dork: Unknown Date: 13-12-2020 Exploit Author: Hodorsec Vendor Homepage: https://www.librenms.org Software Link: https://github.com/librenms/librenms Update notice:...
Broadcom CA Privileged Access Manager 2.8.2 Remote Command Execution
Title: Broadcom CA Privilged Access Manager 2.8.2 - Remote Command Execution Author: Peter Lapp Date: 2019-12-05 Vendor: https://techdocs.broadcom.com/us/product-content/recommended-reading/security-notices/ca20180614-01--security-notice-for-ca-privileged-access-manager.html CVE: CVE-2018-9021 an...
Alkacon OpenCMS 10.5.x Cross Site Scripting
Exploit Title: Alkacon OpenCMS 10.5.x - Multiple XSS in Alkacon OpenCms Site Management Google Dork: N/A Date: 18/07/2019 Exploit Author: Aetsu Vendor Homepage: http://www.opencms.org Software Link: https://github.com/alkacon/opencms-core Version: 10.5.x Tested on: 10.5.5 / 10.5.4 CVE :...
📄 aaPanel 7.x.x Remote Command Execution
aaPanel version 7.x.x suffers from an authenticated remote command execution vulnerability. This was discovered prior and noted in CVE-2020-14421 where it states that it affects versions 6.6.6 and below. The developers claim it is patched but it still affects the 7.x.x version. This is...
SQLite3 generate_series Stack Buffer Underflow
Vulnerability details static int seriesBestIndex sqlite3vtab pVTab, sqlite3indexinfo pIdxInfo int i, j; / Loop over constraints / int idxNum = 0; / The query plan bitmask / ifndef ZEROARGUMENTGENERATESERIES int bStartSeen = 0; / EQ constraint seen on the START column / endif int unusableMask = 0;...
Travel Management System Project 1.0 Arbitrary File Upload
============================================================================================================================================= | Title : Travel Management System Project v1.0 Remote File Upload Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozill...
Perten Instruments Process Plus Software 1.11.6507.0 LFI / Hardcoded Credentials
CyberDanube Security Research 20240722-0 ------------------------------------------------------------------------------- title| Multiple Vulnerabilities product| Perten Instruments Process Plus Software vulnerable version| =1.11.6507.0 fixed version| 2.0.0 CVE number| CVE-2024-6911, CVE-2024-6912...
WEBIGniter 28.7.23 Cross Site Scripting
Exploit Title: WEBIGniter v28.7.23 Stored Cross Site Scripting XSS Exploit Author: Sagar Banwa Date: 19/10/2023 Vendor: https://webigniter.net/ Software: https://webigniter.net/demo Reference: https://portswigger.net/web-security/cross-site-scripting Tested on: Windows 10/Kali Linux CVE :...
WordPress Quiz And Survey Master 8.0.8 Media Deletion
RCE Security Advisory https://www.rcesecurity.com 1. ADVISORY INFORMATION ======================= Product: Quiz And Survey Master Vendor URL: https://wordpress.org/plugins/quiz-master-next/ Type: Missing Authentication for Critical Function CWE-306 Date found: 2023-01-13 Date published: 2023-02-0...
AeroCMS 0.0.1 SQL Injection
Title: AeroCMS-v0.0.1 SQLi Author: nu11secur1ty Date: 08.27.2022 Vendor: https://github.com/MegaTKC Software: https://github.com/MegaTKC/AeroCMS/releases/tag/v0.0.1 Reference: https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/MegaTKC/2021/AeroCMS-v0.0.1-SQLi Description: The auth...
Backdoor.Win32.SVC Directory Traversal
Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/011961a42700e7385a106d362eb661c7B.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.SVC Vulnerability: Directory Traversal Description: The malware listens on TCP port...
Backdoor.Win32.Antilam.14.o Remote Command Execution
Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/2914f01e65d848655d4f1aac51ff04d1.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Antilam.14.o Vulnerability: Unauthenticated Remote Command Execution Description: The...
Atlassian Jira Server/Data Center 8.4.0 File Read
Exploit Title: Atlassian Jira Server/Data Center 8.4.0 - Limited Remote File Read/Include Date: 2021-10-05 Exploit Author: Mayank Deshmukh Vendor Homepage: https://www.atlassian.com/ Software Link: https://www.atlassian.com/software/jira/download/data-center Version: versions 8.5.14, 8.6.0 ≤...
VeryFitPro 3.2.8 Insecure Transit
Trovent Security Advisory 2105-01 Unencrypted cleartext transmission of sensitive information Overview Advisory ID: TRSA-2105-01 Advisory version: 1.0 Advisory status: Public Advisory URL: https://trovent.io/security-advisory-2105-01 Affected product: VeryFitPro Android mobile application...
IM-Worm.Win32.Bropia.aa Insecure Permissions
Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/ea6dfec6c3900ab422875119972d9c62.txt Contact: [email protected] Media: twitter.com/malvuln Threat: IM-Worm.Win32.Bropia.aa Vulnerability: Insecure Permissions Description: The malware creates an hidd...
Mini Mouse 9.2.0 Remote Code Execution
Exploit Title: Mini Mouse 9.2.0 - Remote Code Execution Author: gosh Date: 01-04-2021 Vendor Homepage: http://yodinfo.com Software Link: https://imgv.oss-cn-hangzhou.aliyuncs.com/minimouse.msi Version: 9.2.0 Tested on: Windows 10 Pro build 19042.662 !/usr/bin/python3 import requests import json...
Trojan-Downloader.Win32.Delf.nzg Insecure Permissions
Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/3c5c6f0f6f78af12d6b76119696a4074.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Trojan-Downloader.Win32.Delf.nzg Vulnerability: Insecure Permissions Description: Win32.Delf.nzg...
EyesOfNetwork 5.3 Local File Inclusion
Exploit Title: EyesOfNetwork 5.3 - LFI Date: 10/01/2021 Exploit Author: Audencia Business SCHOOL Red Team Vendor Homepage: https://www.eyesofnetwork.com/en Software Link: http://download.eyesofnetwork.com/EyesOfNetwork-5.3-x8664-bin.iso Version: 5.3 The php not exclude other tools than proposed...
Expanse Management System Cross Site Scripting
Exploit Title: Expense Management System - 'description' Stored Cross Site Scripting Date: 02/12/2020 Exploit Author: Nikhil Kumar Vendor Homepage: http://egavilanmedia.com/ Software Link: http://egavilanmedia.com/expense-management-system/ Tested On: Ubuntu Vunerable Parameter: "description="...
HRSALE 1.1.8 Cross Site Request Forgery
Exploit Title: HRSALE 1.1.8 - Cross-Site Request Forgery Add Admin Date: 2020-03-11 Exploit Author: Ismail Akıcı Vendor Homepage: http://hrsale.com/ Software Link : http://demo.hrsale.com/ Software : HRSALE v1.1.8 Product Version: v1.1.8 Vulnerability Type : Cross-Site Request Forgery Add Admin...
SD.NET RIM 4.7.3c SQL Injection
Exploit Title: SD.NET RIM 4.7.3c - 'idtyp' SQL Injection Date: 2019-11-05 Exploit Author: Fabian Mosch r-tec IT Security GmbH Vendor Homepage: https://www.sitzungsdienst.net/ Software Link: https://www.sitzungsdienst.net/2018/12/sd-net-rim-4-7-3-veroeffentlicht/ Version: 4.7.3c Tested on: 4.7.3c...
SeedDMS 6.0.29 Cross Site Scripting
SeedDMS version 6.0.29 suffers from a cross site scripting vulnerability. 📌 CVE-2025-25461 - Stored Cross-Site Scripting XSS in SeedDMS 6.0.29 📝 Description A Stored Cross-Site Scripting XSS vulnerability exists in SeedDMS 6.0.29. A user or rogue admin with the "Add Category" permission can injec...
MagnusBilling 7.x Command Injection
============================================================================================================================================= | Title : MagnusBilling 7.x Code Injection Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 130.0.2 64 bit...
Citrix ADC (NetScaler) Directory Traversal Scanner
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Citrix ADC NetScaler Directory Traversal Scanner', 'Description' = % This module exploits a directory traversal vulnerability CVE-2019-19781 with...
Drupal-Wiki 8.31 / 8.30 Cross Site Scripting
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 secuvera-SA-2024-02: Multiple Persistent Cross-Site Scritping XSS flaws in Drupal-Wiki Affected Products Drupal Wiki 8.31 Drupal Wiki 8.30 older releases have not been tested References https://www.secuvera.de/advisories/secuvera-SA-2024-02.txt used...
Win32.STOP.Ransomware (Smokeloader) MVID-2024-0676 Remote Code Execution
Discovery / credits: Malvuln John Page aka hyp3rlinx c 2024 Original source: https://malvuln.com/advisory/3b9e9e130d52fe95c8be82aa4b8feb74.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Win32.STOP.Ransomware smokeloader Vulnerability: Remote Code Execution MITM Family: Stop...
Ansible Agent Payload Deployer
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Ansible Agent Payload Deployer', 'Description' = %q This exploit module creates an ansible module for deployment to nodes in the network. It...
User Registration And Login And User Management System 3.0 SQL Injection
Exploit Title: User Registration & Login and User Management System v3.0 - SQL Injection Unauthenticated Google Dork: NA Date: 19/08/2023 Exploit Author: Ashutosh Singh Umath Vendor Homepage: https://phpgurukul.com Software Link:...
WordPress Charitable Donations Plugin And Fundraising Platform 1.7.0.12 Privilege Escalation
Description: Donation Forms by Charitable = 1.7.0.12 – Unauthenticated Privilege Escalation Affected Plugin: Charitable – Donations Plugin & Fundraising Platform for WordPress Plugin Slug: charitable Affected Versions: = 1.7.0.12 CVE ID: CVE-2023-4404 CVSS Score: 9.8 Critical CVSS...
Roxy Fileman 1.4.5 Shell Upload
Exploit Title: Roxy Fileman 1.4.5 For .NET Arbitrary File Upload Date: 09/04/2023 Exploit Author: Zer0FauLT [email protected] Vendor Homepage: roxyfileman.com Software Link: https://web.archive.org/web/20190317053437/http://roxyfileman.com/download.php?f=1.4.5-net Version: = 1.4.5 Tested on:...