50773 matches found
Prison Management System Using PHP SQL Injection
Exploit : Prison Management System Using PHP -SQL Injection Authentication Bypass Date: 15/03/2024 Exploit Author: Sanjay Singh Vendor Homepage: https://www.sourcecodester.com Software Link:https://www.sourcecodester.com/sql/17287/prison-management-system.html Tested on: Windows ,XAMPP CVE :...
Atlassian Confluence SSTI Injection
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Atlassian Confluence SSTI Injection', 'Description' = %q This module exploits an SSTI injection in Atlassian Confluence servers. A specially...
ProSysInfo TFTP Server TFTPDWIN 0.4.2 Denial Of Service
!/usr/bin/perl use IO::Socket::INET; Exploit Title: ProSysInfo TFTP Server TFTPDWIN 0.4.2 - Denial of Service DoS Discovery by: Fernando Mengali Discovery Date: 20 january 2024 Vendor Homepage: N/A Download to demo: https://drive.google.com/file/d/1MLqBkCyu0dA-cNgYxCAO8xbsVcof060Z/view?usp=sharin...
freeSSHd 1.0.9 Denial Of Service
!/usr/bin/perl use IO::Socket; Exploit Title: freeSSHd 1.0.9 - Denial of Service DoS Discovery by: Fernando Mengali Discovery Date: 13 january 2024 Vendor Homepage: N/A Download to demo: Notification vendor: No reported Tested Version: freeSSHd 1.0.9 - Denial of Service DoS Tested on: Window XP...
Greeva 2.0 SQL Injection
==================================================================================================================================== | Title : Greeva 2.0 Auth By Pass Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 115.0.264-bit | | Vendo...
Hospital Management System 1.0 Cross Site Scripting
┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...
Cameleon CMS 2.7.4 Cross Site Scripting
Exploit Title: Authenticated Persistent XSS in Cameleon CMS 2.7.4 Google Dork: intext:"Camaleon CMS is a free and open-source tool and a fexible content management system CMS based on Ruby on Rails" Date: 2023-10-05 Exploit Author: Yasin Gergin Vendor Homepage: http://camaleon.tuzitio.com Softwar...
MyBB External Redirect Warning 1.3 Cross Site Scripting
Exploit Title: MyBB External Redirect Warning Plugin 1.3 – Cross-Site Scripting Date: February 1, 2021 Author: 0xB9 Twitter: @0xB9sec Software Link: https://community.mybb.com/mods.php?action=view&pid=493 Version: 1.3 Tested On: Windows 10 CVE: CVE-2022-28353 Description: This plugin notifies the...
AeroCMS 0.0.1 SQL Injection
Title: AeroCMS-v0.0.1 SQLi Author: nu11secur1ty Date: 08.27.2022 Vendor: https://github.com/MegaTKC Software: https://github.com/MegaTKC/AeroCMS/releases/tag/v0.0.1 Reference: https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/MegaTKC/2021/AeroCMS-v0.0.1-SQLi Description: The auth...
Car Rental System 1.0 SQL Injection
Car Rental System SQL Injection Author: D4rkP0w4r Note = Login to customer Injection Point = http://192.168.1.101:8080/CarRental/booking.php?id=1 Exploit Exploit with Sqlmap + Burp Suite Use Burp Suite capture request Then save as sqlicar.txt GET /CarRental/booking.php?id=1 HTTP/1.1 Host:...
Backdoor.Win32.Controlit.10 Code Execution
Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/859aab793a42868343346163bd42f485.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Controlit.10 Vulnerability: Unauthenticated Remote Command Execution Description: The...
Backdoor.Win32.Hupigon.nqr Unauthenticated Open Proxy
Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/9603420a004d9559e610ddeb9d94e20a.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Hupigon.nqr Vulnerability: Unauthenticated Open Proxy Description: The malware listen...
Kingdia CD Extractor 3.0.2 Buffer Overflow
Exploit Title: Kingdia CD Extractor 3.0.2 - Buffer Overflow SEH Date: 31.10.2021 Software Link: https://en.softonic.com/download/kingdia-cd-extractor/windows/post-download Exploit Author: Achilles Tested Version: 3.0.2 Tested on: Windows 7 64bit 1.- Run python code : Kingdia.py 2.- Open EVIL.txt...
Atlassian Jira Server/Data Center 8.4.0 File Read
Exploit Title: Atlassian Jira Server/Data Center 8.4.0 - Limited Remote File Read/Include Date: 2021-10-05 Exploit Author: Mayank Deshmukh Vendor Homepage: https://www.atlassian.com/ Software Link: https://www.atlassian.com/software/jira/download/data-center Version: versions 8.5.14, 8.6.0 ≤...
LibreNMS 1.46 SQL Injection
Exploit Title: LibreNMS 1.46 - MAC Accounting Graph Authenticated SQL Injection Google Dork: Unknown Date: 13-12-2020 Exploit Author: Hodorsec Vendor Homepage: https://www.librenms.org Software Link: https://github.com/librenms/librenms Update notice:...
PHP Mass Mail 1.0 Shell Upload
Exploit Title: PHP Mass Mail 1.0 - Arbitrary File Upload Dork: N/A Date: 2018-11-14 Exploit Author: Ihsan Sencan Vendor Homepage: https://phpmassmail.sourceforge.io/ Software Link: https://netix.dl.sourceforge.net/project/phpmassmail/phpmassmail/1.0.0/phpmassmail.zip Version: 1.0 Category: Webapp...
Net-Billetterie 2.9 SQL Injection
Exploit Title: Net-Billetterie 2.9 - 'login' SQL Injection Dork: N/A Date: 2018-11-13 Exploit Author: Ihsan Sencan Vendor Homepage: http://net-billetterie.tuxfamily.org/ Software Link: https://netix.dl.sourceforge.net/project/netbilletterie/Netbilletterie2.9.zip Version: 2.9 Category: Webapps...
Skia Graphics Library Heap Overflow
Skia Graphics Library: heap overflow due to rounding error in SkEdge::setLine Skia bug: https://bugs.chromium.org/p/skia/issues/detail?id=6294 There is a heap overflow in SkARGB32ShaderBlitter::blitH caused by a rounding error in SkEdge::setLine. To trigger the bug Skia needs to be compiled with...
Fortinet FortiManager 7.6.0 Code Execution
Fortinet FortiManager version 7.6.0 suffers from a code execution vulnerability. ============================================================================================================================================= | Title : Fortinet FortiManager 7.6.0 PHP Code Injection Vulnerability | |...
GL.iNet 4.4.3 Code Injection
============================================================================================================================================= | Title : GL.iNet network 4.4.3 Code Injection Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 130.0.2 64...
K7 Ultimate Security NULL Pointer Dereference
Title: K7 Ultimate Security v17.0.2019 "K7RKScan.sys" Null Pointer Dereference Date: 13.08.2024 Author: M. Akil Gündoğan Vendor Homepage: https://k7computing.com/ Version: v17.0.2019 Tested on: Windows 10 Pro x64 CVE ID: CVE-2024-36424 Vulnerability Description:...
Perten Instruments Process Plus Software 1.11.6507.0 LFI / Hardcoded Credentials
CyberDanube Security Research 20240722-0 ------------------------------------------------------------------------------- title| Multiple Vulnerabilities product| Perten Instruments Process Plus Software vulnerable version| =1.11.6507.0 fixed version| 2.0.0 CVE number| CVE-2024-6911, CVE-2024-6912...
Nagios XI 2024R1.01 SQL Injection
Exploit Title: NAGIOS XI SQLI Google Dork: if applicable Date: 02/26/2024 Exploit Author: Jarod Jaslow MAWK https://www.linkedin.com/in/jarod-jaslow-codename-mawk-265144201/ Vendor Homepage: https://www.nagios.com/changelog/nagios-xi Software Link: https://github.com/MAWK0235/CVE-2024-24401...
WEBIGniter 28.7.23 Cross Site Scripting
Exploit Title: WEBIGniter v28.7.23 Stored Cross Site Scripting XSS Exploit Author: Sagar Banwa Date: 19/10/2023 Vendor: https://webigniter.net/ Software: https://webigniter.net/demo Reference: https://portswigger.net/web-security/cross-site-scripting Tested on: Windows 10/Kali Linux CVE :...
WordPress RSVPMaker 9.3.2 SQL Injection
!/bin/bash Set the URL of the website running the vulnerable plugin url="http://example.com/wp-content/plugins/rsvpmaker/rsvpmaker-email.php" Set the number of columns in the query columns=5 response=$curl -s "$url" query=$echo "$response" | grep -oP 'FROM . WHERE .' payload="' UNION SELECT...
Luxcal Event Calendar 3.2.3 Cross Site Request Forgery
==================================================================================================================================== | Title : Luxcal Event Calendar v3.2.3 CSRF Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 63.0.3 32-bit...
WinRAR Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'zip' class MetasploitModule 'WinRAR CVE-2023-38831 Exploit', 'Description' = %q This module exploits a vulnerability in WinRAR CVE-2023-38831. When a user opens...
Ecommerce 1.0 Cross Site Scripting / Open Redirect
Title: Ecommerse-1.0 XSS-Reflected Hijack-credentials - JavaScript Injection Author: nu11secur1ty Date: 11.23.2022 Vendor: https://github.com/winston-dsouza Software: https://github.com/winston-dsouza/ecommerce-website Reference:...
Backdoor.Win32.SVC Directory Traversal
Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/011961a42700e7385a106d362eb661c7B.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.SVC Vulnerability: Directory Traversal Description: The malware listens on TCP port...
IM-Worm.Win32.Bropia.aa Insecure Permissions
Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/ea6dfec6c3900ab422875119972d9c62.txt Contact: [email protected] Media: twitter.com/malvuln Threat: IM-Worm.Win32.Bropia.aa Vulnerability: Insecure Permissions Description: The malware creates an hidd...
Mini Mouse 9.2.0 Remote Code Execution
Exploit Title: Mini Mouse 9.2.0 - Remote Code Execution Author: gosh Date: 01-04-2021 Vendor Homepage: http://yodinfo.com Software Link: https://imgv.oss-cn-hangzhou.aliyuncs.com/minimouse.msi Version: 9.2.0 Tested on: Windows 10 Pro build 19042.662 !/usr/bin/python3 import requests import json...
EyesOfNetwork 5.3 Local File Inclusion
Exploit Title: EyesOfNetwork 5.3 - LFI Date: 10/01/2021 Exploit Author: Audencia Business SCHOOL Red Team Vendor Homepage: https://www.eyesofnetwork.com/en Software Link: http://download.eyesofnetwork.com/EyesOfNetwork-5.3-x8664-bin.iso Version: 5.3 The php not exclude other tools than proposed...
Expanse Management System Cross Site Scripting
Exploit Title: Expense Management System - 'description' Stored Cross Site Scripting Date: 02/12/2020 Exploit Author: Nikhil Kumar Vendor Homepage: http://egavilanmedia.com/ Software Link: http://egavilanmedia.com/expense-management-system/ Tested On: Ubuntu Vunerable Parameter: "description="...
HRSALE 1.1.8 Cross Site Request Forgery
Exploit Title: HRSALE 1.1.8 - Cross-Site Request Forgery Add Admin Date: 2020-03-11 Exploit Author: Ismail Akıcı Vendor Homepage: http://hrsale.com/ Software Link : http://demo.hrsale.com/ Software : HRSALE v1.1.8 Product Version: v1.1.8 Vulnerability Type : Cross-Site Request Forgery Add Admin...
Broadcom CA Privileged Access Manager 2.8.2 Remote Command Execution
Title: Broadcom CA Privilged Access Manager 2.8.2 - Remote Command Execution Author: Peter Lapp Date: 2019-12-05 Vendor: https://techdocs.broadcom.com/us/product-content/recommended-reading/security-notices/ca20180614-01--security-notice-for-ca-privileged-access-manager.html CVE: CVE-2018-9021 an...
Alkacon OpenCMS 10.5.x Cross Site Scripting
Exploit Title: Alkacon OpenCMS 10.5.x - Multiple XSS in Alkacon OpenCms Site Management Google Dork: N/A Date: 18/07/2019 Exploit Author: Aetsu Vendor Homepage: http://www.opencms.org Software Link: https://github.com/alkacon/opencms-core Version: 10.5.x Tested on: 10.5.5 / 10.5.4 CVE :...
SQLite3 generate_series Stack Buffer Underflow
Vulnerability details static int seriesBestIndex sqlite3vtab pVTab, sqlite3indexinfo pIdxInfo int i, j; / Loop over constraints / int idxNum = 0; / The query plan bitmask / ifndef ZEROARGUMENTGENERATESERIES int bStartSeen = 0; / EQ constraint seen on the START column / endif int unusableMask = 0;...
Travel Management System Project 1.0 Arbitrary File Upload
============================================================================================================================================= | Title : Travel Management System Project v1.0 Remote File Upload Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozill...
Roxy Fileman 1.4.5 Shell Upload
Exploit Title: Roxy Fileman 1.4.5 For .NET Arbitrary File Upload Date: 09/04/2023 Exploit Author: Zer0FauLT [email protected] Vendor Homepage: roxyfileman.com Software Link: https://web.archive.org/web/20190317053437/http://roxyfileman.com/download.php?f=1.4.5-net Version: = 1.4.5 Tested on:...
WordPress Quiz And Survey Master 8.0.8 Media Deletion
RCE Security Advisory https://www.rcesecurity.com 1. ADVISORY INFORMATION ======================= Product: Quiz And Survey Master Vendor URL: https://wordpress.org/plugins/quiz-master-next/ Type: Missing Authentication for Critical Function CWE-306 Date found: 2023-01-13 Date published: 2023-02-0...
WordPress iQ Block Country 1.2.13 Arbitrary File Deletion
Exploit Title: Wordpress Plugin iQ Block Country 1.2.13 - Arbitrary File Deletion via Zip Slip Authenticated Date: 02-17-2022 Exploit Author: Ceylan Bozoğullarından Blog Post: https://bozogullarindan.com/en/2022/01/wordpress-iq-block-country-1.2.13-admin-arbitray-file-deletion-via-zip-slip/...
WordPress AAWP 3.16 Cross Site Scripting
Exploit Title: WordPress Plugin AAWP 3.16 - 'tab' Reflected Cross Site Scripting XSS Authenticated Date: 04/01/2022 Exploit Author: Andrea Bocchetti Vendor Homepage: https://getaawp.com/ Software Link: https://getaawp.com/ Version: 3.16 Tested on: Windows 10 - Chrome, WordPress 5.8.2 Proof of...
Backdoor.Win32.Antilam.14.o Remote Command Execution
Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/2914f01e65d848655d4f1aac51ff04d1.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Antilam.14.o Vulnerability: Unauthenticated Remote Command Execution Description: The...
VeryFitPro 3.2.8 Insecure Transit
Trovent Security Advisory 2105-01 Unencrypted cleartext transmission of sensitive information Overview Advisory ID: TRSA-2105-01 Advisory version: 1.0 Advisory status: Public Advisory URL: https://trovent.io/security-advisory-2105-01 Affected product: VeryFitPro Android mobile application...
Trojan-Downloader.Win32.Delf.nzg Insecure Permissions
Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/3c5c6f0f6f78af12d6b76119696a4074.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Trojan-Downloader.Win32.Delf.nzg Vulnerability: Insecure Permissions Description: Win32.Delf.nzg...
Cisco Adaptive Security Appliance Software 9.11 Local File Inclusion
Exploit Title: Cisco Adaptive Security Appliance Software 9.11 - Local File Inclusion Google Dork: inurl:/+CSCOE+/ Date: 2020-08-27 Exploit Author: 0xmmnbassel Vendor Homepage: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-ro-path-KJuQhB86 Version: Cisco AS...
SD.NET RIM 4.7.3c SQL Injection
Exploit Title: SD.NET RIM 4.7.3c - 'idtyp' SQL Injection Date: 2019-11-05 Exploit Author: Fabian Mosch r-tec IT Security GmbH Vendor Homepage: https://www.sitzungsdienst.net/ Software Link: https://www.sitzungsdienst.net/2018/12/sd-net-rim-4-7-3-veroeffentlicht/ Version: 4.7.3c Tested on: 4.7.3c...
📄 Adobe Commerce Insecure Deserialization
This flaw in Magento 2 / Adobe Commerce 2.4.x enables remote attackers to manipulate internal session handling paths and abuse PHP object chains Guzzle FileCookieJar gadget to achieve arbitrary file write, leading to remote code execution...
SeedDMS 6.0.29 Cross Site Scripting
SeedDMS version 6.0.29 suffers from a cross site scripting vulnerability. 📌 CVE-2025-25461 - Stored Cross-Site Scripting XSS in SeedDMS 6.0.29 📝 Description A Stored Cross-Site Scripting XSS vulnerability exists in SeedDMS 6.0.29. A user or rogue admin with the "Add Category" permission can injec...
MagnusBilling 7.x Command Injection
============================================================================================================================================= | Title : MagnusBilling 7.x Code Injection Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 130.0.2 64 bit...