50738 matches found
Spring Cloud Gateway 3.1.0 Remote Code Execution
Exploit Title: Spring Cloud Gateway 3.1.0 - Remote Code Execution RCE Google Dork: N/A Date: 03/03/2022 Exploit Author: Carlos E. Vieira Vendor Homepage: https://spring.io/ Software Link: https://spring.io/projects/spring-cloud-gateway Version: This vulnerability affect Spring Cloud Gateway 3.0.7...
Cisco IP Phone Cleartext Password Storage
SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Cleartext Storage of Phone Password product: Cisco IP Phone Series 78x1, 88x5, 88x1, 7832, 8832, 8821 and 3905 vulnerable version: Firmware 14.1.1, Firmware 11.06SR2 devi...
WordPress AAWP 3.16 Cross Site Scripting
Exploit Title: WordPress Plugin AAWP 3.16 - 'tab' Reflected Cross Site Scripting XSS Authenticated Date: 04/01/2022 Exploit Author: Andrea Bocchetti Vendor Homepage: https://getaawp.com/ Software Link: https://getaawp.com/ Version: 3.16 Tested on: Windows 10 - Chrome, WordPress 5.8.2 Proof of...
Geutebruck Remote Command Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Geutebruck Multiple Remote Command Execution', 'Description' = %q This module bypasses the HTTP basic authentication used to access the /uapi-cgi...
VestaCP 0.9.8 Cross Site Request Forgery
Exploit Title: VestaCP 0.9.8 - File Upload CSRF Exploit Author: Fady Othman Date: 16-03-2021 Vendor Homepage: https://vestacp.com/ Software Link: https://github.com/myvesta/vesta Version: Vesta Control Panel aka VestaCP through 0.9.8-27 and myVesta through 0.9.8-26-39 CVE ID: CVE-2021-28379 Patch...
PEEL Shopping 9.3.0 Cross Site Scripting
Exploit Title: PEEL Shopping 9.3.0 - 'address' Stored Cross-Site Scripting Date: 2021-02-11 Exploit Author: Anmol K Sachan Vendor Homepage: https://www.peel.fr/ Software Link: https://sourceforge.net/projects/peel-shopping/ Software: : PEEL SHOPPING 9.3.0 Vulnerability Type: Stored Cross-site...
Microsoft Word MTA Handler Remote Code Execution
Exploit Author: Juan Sacco at KPN Red Team Developed using Exploit Pack - http://www.exploitpack.com Description: Microsoft Word CVE-2017-0199 is prone to a RCE trough a HTA Handler A remote code execution vulnerability exists in the way that Microsoft Office and WordPad parse specially crafted...
📄 EMQX 5.8.5 Remote Code Execution
A remote code execution vulnerability exists in the EMQX Dashboard component of EMQX, up to and including version 5.8.5. Authenticated users can upload plugins containing arbitrary code, including any kind of Erlang code, which may be executed on the server hosting the web interface. This is...
Check Point Security Gateway Arbitrary File Read
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Check Point Security Gateway Arbitrary File Read', 'Description' = %q This module leverages an unauthenticated arbitrary root file read...
Stock Management System 1.0 SQL Injection
Exploit Title: Stock Management System v1.0 - Unauthenticated SQL Injection Date: February 6, 2024 Exploit Author: Josué Mier aka blu3ming Security Researcher & Penetration Tester @wizlynx group Vendor Homepage:...
WordPress KiviCare 3.2.0 Cross Site Scripting
Exploit Title: WP Plugins KiviCare 3.2.0 - Reflected Cross-Site Scripting Date: 03-10-2023 Exploit Author: Arvandy Software Link: https://wordpress.org/plugins/kivicare-clinic-management-system/ Vendor Homepage: https://kivicare.io/ Version: 3.2.0 Tested on: Windows, Linux CVE: CVE-2023-2624...
Greenshot 1.3.274 Deserialization / Command Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Greenshot .NET Deserialization Fileformat Exploit', 'Description' = %q There exists a .NET deserialization vulnerability in Greenshot version...
i2soft CMS 2.0 Insecure Direct Object Reference
==================================================================================================================================== | Title : i2soft CMS v2.0 Insecure Direct Object Reference Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefo...
Emagic Data Center Management Suite 6.0 Remote Command Execution
Exploit Title: Emagic Data Center Management Suite v6.0 - OS Command Injection Date: 03-08-2023 Exploit Author: Shubham Pandey & thewhiteh4t Vendor Homepage: https://www.esds.co.in/enlight360 Version: 6.0.0 Tested on: Kali Linux CVE : CVE-2023-37569 URL=$1 LHOST=$2 LPORT=$3 echo "" echo " ESDS...
Simmeth System GmbH Supplier Manager LFI / SQL Injection / Bypass
SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple Critical Vulnerabilities product: Simmeth System GmbH Supplier manager Lieferantenmanager vulnerable version: 5.6 fixed version: 5.6 CVE number: CVE-2022-44012,...
Backdoor.Win32.Coredoor.10.a MVID-2022-0618 Authentication Bypass
Discovery / credits: Malvuln John Page aka hyp3rlinx c 2022 Original source: https://malvuln.com/advisory/49da40a2ac819103da9dc5ed10d08ddb.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Coredoor.10.a Vulnerability: Authentication Bypass Description: The malware...
Event Management System 1.0 Shell Upload
Title: Event Management System 1.0 Shell Upload Author: Hejap Zairy Date: 24.07.2022 Vendor: https://www.sourcecodester.com/php/15238/event-management-system-project-php-source-code.html Software: https://www.sourcecodester.com/sites/default/files/download/oretnom23/Royal%20Event.zip Reference:...
WordPress iQ Block Country 1.2.13 Arbitrary File Deletion
Exploit Title: Wordpress Plugin iQ Block Country 1.2.13 - Arbitrary File Deletion via Zip Slip Authenticated Date: 02-17-2022 Exploit Author: Ceylan Bozoğullarından Blog Post: https://bozogullarindan.com/en/2022/01/wordpress-iq-block-country-1.2.13-admin-arbitray-file-deletion-via-zip-slip/...
PHP Everywhere 2.0.3 Remote Code Execution
On January 4, 2022, the Wordfence Threat Intelligence team began the responsible disclosure process for several Remote Code Execution vulnerabilities in PHP Everywhere, a WordPress plugin installed on over 30,000 websites. One of these vulnerabilities allowed any authenticated user of any level,...
Backdoor.Win32.Mellpon.b Information Disclosure
Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/e499a4c359a8cc46e641f39c0ed548f9.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Mellpon.b Vulnerability: Remote Unauthenticated Information Disclosure Description: T...
Modbus Slave 7.3.1 Buffer Overflow
Vendor has been notified and fixed https://www.modbustools.com/ModSlaveChangeLog.txt tested on: Windows XP SP3 - Windows 7 Professional x86 SP1 - Windows 10 x64 Steps to reproduce: 1. - Download and install Modbus Slave 2. - Run the python script and it will create modbus.txt file. 3. - Modbus...
WonderCMS 3.1.3 Remote Code Execution
Exploit Title: WonderCMS 3.1.3 - Authenticated Remote Code Execution Date: 2020-11-27 Exploit Author: zetc0de Vendor Homepage: https://www.wondercms.com/ Software Link: https://github.com/robiso/wondercms/releases/download/3.1.3/WonderCMS-3.1.3.zip Version: 3.1.3 Tested on: Ubuntu 16.04 CVE : N/A...
CMSUno 1.6.2 Remote Code Execution
Exploit Title: CMSUno 1.6.2 - 'user' Remote Code Execution Authenticated Google Dork: N/A Date: 2020.09.30 Exploit Author: Fatih Çelik Vendor Homepage: https://github.com/boiteasite/cmsuno/ Software Link: https://github.com/boiteasite/cmsuno/ Blog:...
Cisco Adaptive Security Appliance Software 9.11 Local File Inclusion
Exploit Title: Cisco Adaptive Security Appliance Software 9.11 - Local File Inclusion Google Dork: inurl:/+CSCOE+/ Date: 2020-08-27 Exploit Author: 0xmmnbassel Vendor Homepage: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-ro-path-KJuQhB86 Version: Cisco AS...
Thailand Union Library Management 6.2 SQL Injection / XSS
Exploit Title : Thailand Union Library Management 6.2 Cross Site Scripting SQL Injection Author Discovered By : KingSkrupellos Team : Cyberizm Digital Security Army Date : 07/10/2019 Vendor Homepage : ulibm.net - 202.29.234.1/ULIB/index.php Software Affected Versions : 6 and 6.2 Tested On : Windo...
Wolters Kluwer TeamMate+ 3.1 Cross Site Request Forgery
Title: ==== Wolters Kluwer TeamMate+ Cross-Site Request Forgery CSRF vulnerability Credit: ====== Name: Bhadresh Patel CVE: ==== CVE-2019-10253 Date: ==== 19/03/2019 dd/mm/yyyy Vendor: ====== Wolters Kluwer is a global leader in professional information, software solutions, and services for the...
📄 Adobe Commerce Insecure Deserialization
This flaw in Magento 2 / Adobe Commerce 2.4.x enables remote attackers to manipulate internal session handling paths and abuse PHP object chains Guzzle FileCookieJar gadget to achieve arbitrary file write, leading to remote code execution...
ScadaBR Credentials Dumper
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'ScadaBR Credentials Dumper', 'Description' = %q This module retrieves credentials from ScadaBR, including service credentials and unsalted SHA1...
Xhibiter NFT Marketplace 1.10.2 Cross Site Scripting
==================================================================================================================================== | Title : Xhibiter NFT Marketplace 1.10.2 XSS Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 125.0.1 64 bits | |...
Ladder 0.0.21 Server-Side Request Forgery
Exploit Title: Ladder v0.0.21 Server-side request forgery SSRF Date: 2024-01-20 Exploit Author: @chebuya Software Link: https://github.com/everywall/ladder Version: v0.0.1 - v0.0.21 Tested on: Ubuntu 20.04.6 LTS on AWS EC2 ami-0fd63e471b04e22d0 CVE: CVE-2024-27620 Description: Ladder fails to app...
Multilaser RE160V / RE160 URL Manipulation Access Bypass
=====Tempest Security Intelligence - Security Advisory - CVE-2023-38945======= Access Control Bypass in Multilaser routers' Web Management Interface Author: Vinicius Moraes =====Table of Contents======================================================== 1. Overview 2. Detailed description 3. Other...
WordPress Admin Bar And Dashboard Access Control 1.28 XSS
Exploit Title: WordPress Plugin Admin Bar & Dashboard Access Control Version: 1.2.8 - "Dashboard Redirect" field Stored Cross-Site Scripting XSS Google Dork: NA Date: 28/10/2023 Exploit Author: Rachit Arora Vendor Homepage: Software Link: https://wordpress.org/plugins/admin-bar-dashboard-control/...
Enpass Desktop Application 6.9.2 HTML Injection
==================================================================== HTML Injection in Enpass Desktop Application Version 6.9.2 Product: Enpass Password Manager Version: 6.9.2 Issue date: 2024-02-11 Download: https://www.enpass.io/beta/ Discovered by Muhammad Danial...
Lamano CMS 2.0 Cross Site Request Forgery
==================================================================================================================================== | Title : Lamano CMS v2.0 CSRF Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 69.032-bit | | Vendor :...
osCommerce 4 Local File Inclusion
==================================================================================================================================== | Title : oscommerce V4 LFI Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 102.0.164-bit | | Vendor :...
Osprey Pump Controller 1.0.1 Unauthenticated Remote Code Execution
!/usr/bin/env python Osprey Pump Controller 1.0.1 Unauthenticated Remote Code Execution Exploit Vendor: ProPump and Controls, Inc. Product web page: https://www.propumpservice.com | https://www.pumpstationparts.com Affected version: Software Build ID 20211018, Production 10/18/2021 Mirage App:...
Builder XtremeRAT 3.7 MVID-2022-0624 Insecure Crypto Bypass
Discovery / credits: Malvuln John Page aka hyp3rlinx c 2022 Original source: https://malvuln.com/advisory/7f314e798c150aedd9ce41ed39318f65B.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Builder XtremeRAT v3.7 Vulnerability: Insecure Crypto Bypass Description: The malware...
Kitty 0.76.0.8 Stack Buffer Overflow
Exploit Title: Kitty 0.76.0.8 Stack Buffer Overflow Discovered by: Yehia Elghaly Discovered Date: 2022-06-08 Vendor Homepage: http://www.9bis.net/kitty/index.html!index.md Software Link : https://www.fosshub.com/KiTTY.html?dwl=kittyportable-0.76.0.8.exe Tested Version: 0.76.0.8 Vulnerability Type...
F5 BIG-IP 16.0.x Remote Code Execution
Exploit Title: F5 BIG-IP 16.0.x - Remote Code Execution RCE Exploit Author: Yesith Alvarez Vendor Homepage: https://www.f5.com/products/big-ip-services Version: 16.0.x CVE : CVE-2022-1388 from requests import Request, Session import sys import json def title: print''' / \ \ / / | | \ / \ | \ / | ...
Social Codia SMS 1 Shell Upload
sms-Unrestricted-File-Upload-RCE-POC Author: D4rkP0w4r Description - Upload web shell at avartar teacher in admin panel Step to Reproduct Login to admin - Teacher - Add Teacher - upload web shell at avartar teacher - Add Teacher Exploit Upload web shell at avartar teacher When upload success acce...
Tokheim Profleet DiaLOG Fuel Management System 11.005.02 SQL Injection / Code Execution
Exploit Title: Tokheim Profleet DiaLOG Fuel Management System 11.005.02 - SQLi Unauthenticated Date: 02/9/2022 Exploit Author: golem445 Vendor Homepage: https://www.tsg-solutions.com Tested on: Kali Linux CVE: CVE-2021-34235 Description: FieldUserLogin parameter is vulnerable to crafted MySQL...
CollectorStealerBuilder Panel 2.0.0 Insecure Credential Storage
Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/54530f88c8e4f4371c9418f00c256b1d.txt Contact: [email protected] Media: twitter.com/malvuln Threat: CollectorStealerBuilder v2.0.0 Panel Vulnerability: Insecure Credential Storage Description: The pan...
XNU inm_merge Heap Use-After-Free
XNU: heap-use-after-free in inmmerge VULNERABILITY DETAILS bsd/netinet/inmcast.c: int inpjoingroupstruct inpcb inp, struct sockopt sopt ... if isnew if imo-imonummemberships == imo-imomaxmemberships error = imogrowimo, 0; // 1 if error goto outimolocked; / Allocate the new slot upfront so we can...
Simplephpscripts Simple CMS 2.1 Cross Site Scripting
Document Title: =============== Simplephpscripts Simple CMS v2.1 - Persistent Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2302 Release Date: ============= 2021-10-19 Vulnerability Laboratory ID VL-ID: ==================================...
Open Game Panel Remote Code Execution
Exploit Title: Open Game Panel - Remote Code Execution RCE Authenticated Google Dork: intext:"Open Game Panel 2021" Date: 08/14/2021 Exploit Author: prey Vendor Homepage: https://www.opengamepanel.org/ Software Link: https://github.com/OpenGamePanel/OGP-Website Version: before 14 Aug patch...
Wyomind Help Desk 1.3.6 XSS / Traversal / Shell Upload
Exploit Title: Wyomind Help Desk 1.3.6 - Remote Code Execution RCE Date: 2021-07-07 Exploit Author: Patrik Lantz Vendor Homepage: https://www.wyomind.com/magento2/helpdesk-magento-2.html Version: Content-Type: multipart/form-data; boundary=---------------------------243970849510445067673127196635...
Backdoor.Win32.Delf.adag Hardcoded Credentials / Traversal
Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/0e997ab441cd8c35010dd8db98aae2c2.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Delf.adag Vulnerability: Weak Hardcoded Credentials Description: The backdoor runs an...
📄 FreePBX SQL Injection / Remote Code Execution
This Metasploit module exploits an unauthenticated SQL injection flaw in FreePBX prior to versions 15.0.66, 16.0.89, and 17.0.3. The vulnerability lies in the /admin/ajax.php endpoint, which is accessible without authentication. Additionally, the database user created by FreePBX can schedule...
Ivanti EPM Agent Portal Command Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'rex/proto/msnrtp/client' class MetasploitModule 'Ivanti EPM Agent Portal Command Execution', 'Description' = %q This module leverages an unauthenticated RCE in...
ABB Cylon Aspect 3.08.01 networkDiagAjax.php Remote Network Utility Execution
ABB Cylon Aspect 3.08.01 networkDiagAjax.php Remote Network Utility Execution Vendor: ABB Ltd. Product web page: https://www.global.abb Affected version: NEXUS Series, MATRIX-2 Series, ASPECT-Enterprise, ASPECT-Studio Firmware: =3.08.01 Summary: ASPECT is an award-winning scalable building energy...