50748 matches found
Screen SFT DAB 600/C Authentication Bypass / Password Change
!/usr/bin/env python3 Screen SFT DAB 600/C Authentication Bypass Password Change Exploit Vendor: DB Elettronica Telecomunicazioni SpA Product web page: https://www.screen.it | https://www.dbbroadcast.com https://www.dbbroadcast.com/products/radio/sft-dab-series-compact-air/ Affected version:...
Zhuhai Suny Technology ESL Tag Forgery / Replay Attacks
SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Replay attacks & Displaying arbitrary contents product: Zhuhai Suny Technology ESL Tag / ETAG-TECH protocol electronic shelf labels vulnerable version: All fixed version:...
WordPress SeatReg 1.23.0 Open Redirect
Exploit Title: WordPress Plugin ‘SeatReg’ - Unauthenticated Open Redirect Date: 01-08-2022 Exploit Author: Mariam Tariq - HunterSherlock Vendor Homepage: https://wordpress.org/plugins/seatreg/ Version: 1.23.0 Tested on: Firefox Contact me: [email protected] Description: An Open Redirection...
SIEMENS-SINEMA Remote Connect 3.0.1.0-01.01.00.02 Cross Site Scripting
SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Reflected Cross Site Scripting product: SIEMENS-SINEMA Remote Connect vulnerable version: =V3.0.1.0-01.01.00.02 fixed version: V3.1.0 CVE number: CVE-2022-29034 impact:...
Sofico Miles RIA 2020.2 Build 127964T Cross Site Scripting
SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Stored Cross Site Scripting product: Sofico Miles RIA vulnerable version: 2020.2 build 127964T fixed version: 2020.2 build 128076 or higher CVE number: CVE-2021-41557...
Employee Daily Task Management System 1.0 Cross Site Scripting
Exploit Title: Employee Daily Task Management System 1.0 - 'Name' Stored Cross-Site Scripting XSS Date: 09/11/2021 Exploit Author: Ragavender A G Vendor Homepage: https://www.sourcecodester.com/ Software Link: https://www.sourcecodester.com/sites/default/files/download/oretnom23/edtms.zip Version...
Backdoor.Win32.IRCBot.gen Remote Command Execution
Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/96f5cdfa5b3416c819d76060f11dc88d.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.IRCBot.gen Vulnerability: Unauthenticated Remote Command Execution Description: The...
Trojan-Dropper.Win32.Agent.xtp Insecure Permissions
Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/360bbc9e0926488f085029948ff6c759.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Trojan-Dropper.Win32.Agent.xtp Vulnerability: Insecure Permissions Description: The malware creates ...
Monitoring Of Students Cyber Accounts System 1.0 SQL Injection
Exploit Title: Monitoring of Students Cyber Accounts System | 'un' SQL Injection Exploit Author: Richard Jones Date: 2021-03-12 Vendor Homepage: https://www.sourcecodester.com/php/11743/monitoring-students-cyber-accounts.html Software Link:...
Backdoor.Win32.Agent.aak Hardcoded Credentials
Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/64f2fd4dbd9039e5bc054f475eaa582a.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Agent.aak Vulnerability: Weak Hardcoded Credentials Description: The HTTP backdoor...
SmartBlog 2.0.1 Blind SQL Injection
Exploit Title: SmartBlog 2.0.1 - 'idpost' Blind SQL injection Date: 2020-11-05 Exploit Author: C0wnuts Vendor Homepage: https://github.com/smartdatasoft/smartblog Version: 2.0.1 Tested on: Linux Description : A blind SQL injection is present in the "idpost" parameter of the "details" controller. ...
iDS6 DSSPro Digital Signage System 6.2 Password Disclosure
iDS6 DSSPro Digital Signage System 6.2 autoSave Cookie User Password Disclosure Vendor: Guangzhou Yeroo Tech Co., Ltd. Product web page: http://www.yerootech.com Affected version: V6.2 B2014.12.12.1220 V5.6 B2017.07.12.1757 V4.3 Summary: iDS6 Software's DSSPro network digital signage management...
Django CRM 0.2.1 Cross Site Request Forgery
Information -------------------- Advisory by Netsparker Name: Multiple CSRF Vulnerabilities in Django CRM 0.2.1 Affected Software: Django CRM Affected Versions: 0.2.1 Homepage: https://github.com/MicroPyramid/Django-CRM Vulnerability: Cross-site Request Forgery Severity: 8.8 High Status: Not Fixe...
Budabot 4.0 Denial Of Service
4.0 Tested on: 4.0 CVE: CVE-2018-19290 1. Description In modules/HELPBOTMODULE in Budabot 0.6 through 4.0, lax syntax validation allows remote attackers to perform a command injection attack against the PHP daemon with a crafted command, resulting in a denial of service or possibly unspecified...
SmartJobBoard 5.0.9 Cross Site Scripting / Information Disclosure
https://www.osisecurity.com.au/smartjobboard---cross-site-scripting-personal-information-disclosure-and-phpmailer-package.html Date: 04-Apr-2017 Product: SmartJobBoard Versions affected: v5.0.9 and below. Vulnerability: 1 Cross-site scripting vulnerabilities in the following locations and...
Webmin 2.202 Remote Code Execution
Webmin version 2.202 suffers from a remote code execution vulnerability. Exploit Title: Webmin RCE Leading to Privilege Escalation Google Dork: N/A Date: 05-03-2025 Exploit Author: Buğra Enis Dönmez Vendor Homepage: https://webmin.com/ Software Link: https://webmin.com/ Version: 2.202 Tested on:...
Monero 18.3.4 Denial of Service
Monero version 18.3.4 suffers from a memory exhaustion vulnerability. Hello, About an hour ago, a group appearing to be named WyRCV2 posted a note on the nostr social network, which can be found at the following link:...
SPIP 4.2.12 Code Execution
============================================================================================================================================= | Title : SPIP 4.2.12 PHP Code execution Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 129.0.1 64 bits ...
Journyx 11.5.4 Unauthenticated Password Reset Bruteforce
KL-001-2024-007: Journyx Unauthenticated Password Reset Bruteforce Title: Journyx Unauthenticated Password Reset Bruteforce Advisory ID: KL-001-2024-007 Publication Date: 2024.08.07 Publication URL: https://korelogic.com/Resources/Advisories/KL-001-2024-007.txt 1. Vulnerability Details Affected...
Small CRM 1.0 SQL Injection
Exploit Title: Small CRM Developed using PHP and MySQL - SQLi Authentication Bypass Date: 05.06.2024 Exploit Author: Furkan Eren Tetik Vendor Homepage: https://phpgurukul.com/php-projects-free-downloads Software Link: https://phpgurukul.com/small-crm-php Version: 1.0 Tested on: Windows 11, Kali...
Moodle 3.10.1 SQL Injection
Exploit Title: Moodle Authenticated Time-Based Blind SQL Injection - "sort" Parameter Google Dork: Date: 04/11/2023 Exploit Author: Julio Ángel Ferrari Aka. T0X1Cx Vendor Homepage: https://moodle.org/ Software Link: Version: 3.10.1 Tested on: Linux CVE : CVE-2021-36393 import requests import stri...
DerbyNet 9.0 photo.php Cross Site Scripting
CVE ID: CVE-2024-30921 Description: A Cross-Site Scripting XSS vulnerability has been identified in DerbyNet version 9.0, specifically affecting the photo.php component. This vulnerability allows remote attackers to execute arbitrary code via crafted URLs, without requiring authentication...
Hospital Management System 1.0 SQL Injection
Exploit Title: Hospital Management System - SQL Injection Google Dork: N/A Application: Hospital Management System Date: 26.02.2024 Bugs: SQL Injection Exploit Author: SoSPiro Vendor Homepage: https://www.sourcecodester.com/ Software Link:...
Gabriels FTP Server 1.2 Denial Of Service
!/usr/bin/perl use IO::Socket::INET; Exploit Title: Gabriels FTP Server 1.2 - Denial of Service DoS Discovery by: Fernando Mengali Discovery Date: 25 january 2024 Vendor Homepage: N/A Download to demo: https://drive.google.com/file/d/1k8QxfP6x908E-1QpRAVulKoAM9OEo1a8/view?usp=sharing Notification...
SugarCRM 13.0.1 Shell Upload
------------------------------------------------------------------------------- SugarCRM = 13.0.1 setnoteattachment Unrestricted File Upload Vulnerability ------------------------------------------------------------------------------- - Software Link: https://www.sugarcrm.com - Affected Versions:...
GZ Multi Hotel Booking System 1.8 Cross Site Scripting
┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...
Advanced ASP Chat 2.0 Database Disclosure
==================================================================================================================================== | Title : Advanced ASP chat 2.0 Database Disclosure Exploit | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 108.032-bit...
RockMongo 1.1.7 Cross Site Scripting
Exploit Title: RockMongo 1.1.7 - Stored Cross-Site Scripting XSS Discovery by: Rafael Pedrero Discovery Date: 2020-09-19 Vendor Homepage: https://github.com/iwind/rockmongo/ Software Link : https://github.com/iwind/rockmongo/ Tested Version: 1.1.7 Tested on: Windows 7 and 10 Vulnerability Type:...
Chitor-CMS 1.1.2 SQL Injection
!/usr/bin/python3 Exploit Title: Chitor-CMS v1.1.2 - Pre-Auth SQL Injection Date: 2023/04/13 ExploitAuthor: msd0pe Project: https://github.com/waqaskanju/Chitor-CMS My Github: https://github.com/msd0pe-1 Patched the 2023/04/16: 69d3442 commit description = 'Chitor-CMS 1.1.2 Pre-Auth SQL Injection...
SAP FRUN 2.00 / 3.00 Cross Site Scripting
Onapsis Security Advisory 2022-0003: Cross-Site Scripting XSS vulnerability in SAP Focused Run Real User Monitoring Impact on Business Impact depends on the victim's privileges. In most cases, a successful attack allows an attacker to hijack a session, or force the victim to perform undesired...
Backdoor.Win32.NetCat32.10 Remote Command Execution
Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/dcf16aed5ad4e0058a6cfcc7593dd9e3.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.NetCat32.10 Vulnerability: Unauthenticated Remote Command Execution Description: The...
Backdoor.Win32.Dsklite.a Insecure Transit
Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/6c9665de78ae60a8e057d2c9cdb91596B.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Dsklite.a Vulnerability: Insecure Transit Description: The malware listens on TCP...
Kabir Alhasan Student Management System 1.0 SQL Injection
Exploit Title: Student Management System 1.0 - SQLi Authentication Bypass Date: 2020-07-06 Exploit Author: Enes Özeser Vendor Homepage: https://www.sourcecodester.com/php/14268/student-management-system.html Version: 1.0 Tested on: Windows & WampServer CVE: CVE-2020-23935 1- Go to following url...
COMMAX Biometric Access Control System 1.0.0 Authentication Bypass
COMMAX Biometric Access Control System 1.0.0 Authentication Bypass Vendor: COMMAX Co., Ltd. Prodcut web page: https://www.commax.com Affected version: 1.0.0 Summary: Biometric access control system. Desc: The application suffers from an authentication bypass vulnerability. An unauthenticated...
rconfig 3.9.6 Shell Upload
Exploit Title: rconfig 3.9.6 - Arbitrary File Upload to Remote Code Execution Authenticated 2 Exploit Author: Vishwaraj Bhattrai Date: 18/04/2021 Vendor Homepage: https://www.rconfig.com/ Software Link: https://www.rconfig.com/ Vendor: rConfig Version: = v3.9.6 Tested against Server Host:...
Discourse 2.7.0 2FA Bypass
Exploit Title: Discourse 2.7.0 - Rate Limit Bypass leads to 2FA Bypass Date: 14/01/2021 Exploit Author: Mesh3l911 Vendor Homepage: https://www.discourse.org/ Software Link:https://github.com/discourse/discourse Version: Discourse 2.7.0 CVE: CVE-2021-3138 import requests username = input"\n input ...
GetSimple CMS Custom JS 0.1 Cross Site Request Forgery / Cross Site Scripting
Exploit Title: GetSimple CMS Custom JS Plugin 0.1 - CSRF to Persistent XSS Exploit Author: Abhishek Joshi Date: March 25, 2021 Vendor Homepage: http://get-simple.info/extend/plugin/custom-js/1267 / http://get-simple.info/download Software Link:...
VestaCP 0.9.8 Cross Site Scripting
Title: VestaCP 0.9.8 - 'vinterface' Add IP Stored XSS Date: 07.03.2021 Author: Numan Türle Vendor Homepage: https://vestacp.com Software Link: https://myvestacp.com alert1&vshared=on&vowner=admin&vname=&vnat=&ok=Add...
Backdoor.Win32.NetTerrorist Authentication Bypass / Code Execution
Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/5131a9b441c9f9b20228f171c327a4f5.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.NetTerrorist Vulnerability: Unauthorized Remote Command Execution Description:...
jQuery UI 1.12.1 Denial Of Service
Exploit Title: jQuery UI 1.12.1 - Denial of Service DoS Date: 20 Jan, 2021 Exploit Author: Rafael Cintra Lopes Vendor Homepage: https://jqueryui.com/ Software Link: https://jqueryui.com/download/ Version: DoS - jQuery UI 1.12.1 DoS - jQuery UI 1.12.1 Exploit PoC by Rafael Cintra Lopes function...
BigBlueButton 2.2.29 E-mail Validation Bypass
Title: BigBlueButton E-mail Validation Bypass Google Dork: N/A Date: 24.11.2020 Author: Seccops https://seccops.com Vendor Homepage: bigbluebutton.org Version: 2.2.29 and previous versions CVE: CVE-2020-29043 === Summary === An issue was discovered in BigBlueButton through 2.2.29. When at attacke...
DynPG 4.9.1 Cross Site Scripting
Exploit Title: DynPG 4.9.1 - Persistent Cross-Site Scripting Authenticated Date: 2020-10-09 Exploit Author: Enes Özeser Vendor Homepage: https://dynpg.org/ Version: 4.9.1 Tested on: Windows & XAMPP == Tutorial alert"XSS"; == HTTP Request alert"XSS";...
Online Course Registration 1.0 Remote Code Execution
Exploit Title: Online Course Registration 1.0 - Unauthenticated Remote Code Execution Exploit Author: Bobby Cooke Credit to BKpatron for similar Auth Bypass on admin page - exploit-db.com/exploits/48559 Date: 2020-07-15 Vendor Homepage: Vendor Homepage:...
Windows Defender Antivirus 4.18.1908.7-0 File Extension Spoofing
SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: File Extension Spoofing product: Windows Defender Antivirus vulnerable version: 4.18.1908.7-0 fixed version: Virus Definition Update of 2019/09/30 CVE number: - impact:...
Carel pCOWeb HVAC Modbus Interface Authentication Bypass
Advisory: Unauthenticated Access to Modbus Interface in Carel pCOWeb HVAC As part of it's features, the Carel pCOWeb card exposes a Modbus interface to the network. By design, Modbus does not provide authentication, allowing to control the affected system. Details ======= Product: HVAC units usin...
OpenDocMan Document Management System 1.3.5 Database Disclosure
Exploit Title : OpenDocMan Document Management System 1.3.5 Database Disclosure Author Discovered By : KingSkrupellos Team : Cyberizm Digital Security Army Date : 20/04/2019 Vendor Homepage : opendocman.com Software Download Link : opendocman.com/free-download/...
Using Valgrind on Chrome
Brief script that demonstrates running valgrind and afl-fuzz on Google Chrome. This favorite code for security auditing and memory leak detection with Valgrind runs the Valgrind tool and several other tools to check for memory leaks, which can lead to resource buffer overflows and more. Exploit /...
NFS Mount Scanner
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'NFS Mount Scanner', 'Description' = %q This module scans NFS mounts and their permissions. , 'Author' = '', 'References' = 'CVE', '1999-0170',...
UBM CMS 1.2 Insecure Direct Object Reference
==================================================================================================================================== | Title : UBM CMS v1.2 IDOR Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 128.0.1 64 bits | | Vendor :...
Jcow Social Network Cross Site Scripting
Exploit Title: Jcow Social Networking 14.2 3 After Send invitations you will be see alert button...