50738 matches found
Backdoor.Win32.NetCat32.10 Remote Command Execution
Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/dcf16aed5ad4e0058a6cfcc7593dd9e3.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.NetCat32.10 Vulnerability: Unauthenticated Remote Command Execution Description: The...
Ericsson Network Location MPS GMPC21 Privilege Escalation
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Ericsson Network Location MPS - Privilege Escalation Meow Variant', 'Description' = %q This module exploits privilege escalation vulnerability in...
Savsoft Quiz 5 Cross Site Scripting
Exploit Title: Savsoft Quiz 5 - 'Skype ID' Stored XSS Exploit Author: Dipak Panchalth3.d1p4k Vendor Homepage: https://savsoftquiz.com Software Link: https://github.com/savsofts/savsoftquizv5 Version: 5 Tested on Windows 10 Attack Vector: This vulnerability can results attacker to inject the XSS...
Online Course Registration 1.0 Remote Code Execution
Exploit Title: Online Course Registration 1.0 - Unauthenticated Remote Code Execution Exploit Author: Bobby Cooke Credit to BKpatron for similar Auth Bypass on admin page - exploit-db.com/exploits/48559 Date: 2020-07-15 Vendor Homepage: Vendor Homepage:...
Windows Defender Antivirus 4.18.1908.7-0 File Extension Spoofing
SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: File Extension Spoofing product: Windows Defender Antivirus vulnerable version: 4.18.1908.7-0 fixed version: Virus Definition Update of 2019/09/30 CVE number: - impact:...
WordPress 5.0.0 crop-image Shell Upload
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'WordPress Crop-image Shell Upload', 'Description' = %q This module exploits a path traversal and a local file inclusion vulnerability on WordPres...
dhtmlxFileExplorer 8.4.6 Directory Traversal
dhtmlxFileExplorer version 8.4.6 is susceptible to a path traversal attack, enabling unauthorized access to system files. Exploit Title: dhtmlxFileExplorer 8.4.6 - Access Sensitive Floder via Directory Traversal in DHX File Exlploer Date: Feb 6, 2025 Exploit Author: Nutchaya Augkanavitayakul,...
ABB Cylon FLXeon 9.3.4 cert.js Authenticated Root Remote Code Execution
ABB Cylon FLXeon version 9.3.4 is vulnerable to authenticated remote root code execution via the /api/cert endpoint. An attacker with valid credentials can inject arbitrary system commands by manipulating the affected parameters. The issue arises due to improper input validation in cert.js, where...
Employee Management System 1.0 Cross Site Request Forgery
============================================================================================================================================= | Title : Employee Management System v1.0 CSRF Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 128.0.3 64...
WordPress Hide My WP SQL Injection
Exploit Title: Wordpress Plugin Hide My WP 6.2.9 - Unauthenticated SQLi Publication Date: 2023-01-11 Original Researcher: Xenofon Vassilakopoulos Exploit Author: Xenofon Vassilakopoulos Submitter: Xenofon Vassilakopoulos Vendor Homepage: https://wpwave.com/ Version: Hide My WP v6.2.8 and prior...
WordPress Simple URLs Cross Site Scripting
Exploit Title: simple urls alertorigin...
Moodle 4.3 Cross Site Scripting
Exploit Title: Moodle 4.3 Reflected XSS Date: 21/10/2023 Exploit Author: tmrswrr Vendor Homepage: https://moodle.org/ Software Demo: https://school.moodledemo.net/ Version: 4.3 Tested on: Linux Vulnerability Details ====================== Steps : 1. Log in to the application with the given...
Event Booking Calendar 1.8 Cross Site Scripting
┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...
Microsoft 365 MSO 2305 Build 16.0.16501.20074 Remote Code Execution
Title: Microsoft 365 MSO Version 2305 Build 16.0.16501.20074 64-bit Remote Code Execution Vulnerability Author: nu11secur1ty Date: 04.17.2023 Vendor: https://www.microsoft.com/ Software: https://www.microsoft.com/en-us/microsoft-365/ Reference:...
GetSimple CMS 3.3.16 Shell Upload
Exploit Title: GetSimple CMS v3.3.16 - Remote Code Execution RCE Data: 18/5/2023 Exploit Author : Youssef Muhammad Vendor: Get-simple Software Link: Version app: 3.3.16 Tested on: linux CVE: CVE-2022-41544 import sys import hashlib import re import requests from xml.etree import ElementTree from...
eScan Management Console 14.0.1400.2281 SQL Injection
Exploit Title: eScan Management Console 14.0.1400.2281 - SQL Injection Authenticated Date: 16/05/2023 Exploit Author: Sahil Ojha Vendor Homepage: https://www.escanav.com Software Link: https://cl.escanav.com/ewconsole.dll Version: 14.0.1400.2281 Tested on: Windows CVE : CVE-2023-31702 Step of...
pdfkit 0.8.7.2 Command Injection
!/usr/bin/env python3 Exploit Title: pdfkit v0.8.7.2 - Command Injection Date: 02/23/2023 Exploit Author: UNICORD NicPWNs & Dev-Yeoj Vendor Homepage: https://pdfkit.org/ Software Link: https://github.com/pdfkit/pdfkit Version: 0.0.0-0.8.7.2 Tested on: pdfkit 0.8.6 CVE: CVE-2022–25765 Source:...
ChatGPT Cross Site Scripting
Exploit Title: ChatGPT OpenAI - Cross-Site Scripting XSS Vulnerability. Date: 25/03/2023 Vendor Homepage: https://openai.com/ Exploit Author: Miguel Segovia Software Link: https://chat.openai.com/chat CVE : Requested N/A Description: A reflected Cross-Site Scripting XSS vulnerability has been...
EQS Integrity Line Cross Site Scripting / Information Disclosure
EQS Integrity Line: Multiple Vulnerabilities Name Multiple Vulnerabilities in EQS Integrity Line Systems Affected EQS Integrity Line through 2022-07-01 Severity High Impact CVSSv2 High 8.8/10, score: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Vendor EQS Group AG https://www.eqs.com/ Advisory...
Poly EagleEye Director II 2.2.1.1 Command Injection / Authentication Bypass
SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple Critical Vulnerabilities product: Poly EagleEye Director II vulnerable version: 2.2.1.1 Jul 1, 2021 fixed version: 2.2.2.1 or higher CVE number: CVE-2022-26479,...
m1k1o's Blog 1.3 Remote Code Execution
Exploit Title: m1k1o's Blog v.10 - Remote Code Execution RCE Authenticated Date: 2022-01-06 Exploit Author: Malte V Vendor Homepage: https://github.com/m1k1o/blog Software Link: https://github.com/m1k1o/blog/archive/refs/tags/v1.3.zip Version: 1.3 and below Tested on: Linux CVE : CVE-2022-23626...
Kabir Alhasan Student Management System 1.0 SQL Injection
Exploit Title: Student Management System 1.0 - SQLi Authentication Bypass Date: 2020-07-06 Exploit Author: Enes Özeser Vendor Homepage: https://www.sourcecodester.com/php/14268/student-management-system.html Version: 1.0 Tested on: Windows & WampServer CVE: CVE-2020-23935 1- Go to following url...
Trojan-Proxy.Win32.Ranky.z Unauthenticated Open Proxy
Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/e312385f64e6b8fd667b4f9b5ea1ff70.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Trojan-Proxy.Win32.Ranky.z Vulnerability: Unauthenticated Open Proxy Description: The malware listen...
XOS Shop 1.0.9 Arbitrary File Deletion
Exploit Title: XOS Shop 1.0.9 - 'Multiple' Arbitrary File Deletion Authenticated Date: 2021-07-25 Exploit Author: faisalfs10x https://github.com/faisalfs10x Vendor Homepage: https://xos-shop.com Software Link: https://github.com/XOS-Shop/xosshopsystem/releases/tag/v1.0.9 Version: 1.0.9 Tested on:...
Webmin 1.973 Cross Site Request Forgery
Exploit Title: Webmin 1.973 - 'run.cgi' Cross-Site Request Forgery CSRF Date: 24/04/2021 Exploit Author: Mesh3l911 & Z0ldyck Vendor Homepage: https://www.webmin.com Repo Link: https://github.com/Mesh3l911/CVE-2021-31761 Version: Webmin 1.973 Tested on: All versions POC By \0331;m...
OpenEMR 5.0.0 Remote Shell Upload
Exploit Title: OpenEMR 5.0.0 - Remote Code Execution Authenticated Date 10.06.2021 Exploit Author: Ron Jost Hacker5preme Vendor Homepage: https://www.open-emr.org/ Software Link: https://sourceforge.net/projects/openemr/files/OpenEMR%20Current/5.0.0/openemr-5.0.0.zip/download Version: 5.0.0 Teste...
Backdoor.Win32.Psychward.ds Weak Hardcoded Password
Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/9e22514c9b0e74c7fcb07b7c091f6123.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Psychward.ds Vulnerability: Weak Hardcoded Password Description: The malware listens ...
Microsoft Internet Explorer 8/11 Use-After-Free
Exploit Title: Microsoft Internet Explorer 8/11 and WPAD service 'Jscript.dll' - Use-After-Free Date: 2021-05-04 Exploit Author: deadlock Forrest Orr Vendor Homepage: https://www.microsoft.com/ Software Link: https://www.microsoft.com/en-gb/download/internet-explorer.aspx Versions: IE 8-11 64-bit...
WifiHotSpot 1.0.0.0 Unquoted Service Path
Exploit Title: WifiHotSpot 1.0.0.0 - 'WifiHotSpotService.exe' Unquoted Service Path Discovery by: Erick Galindo Discovery Date: 2020-05-06 Vendor Homepage: https://www.gearboxcomputers.com/downloads/wifihotspot.exe Tested Version: 1.0.0.0 Vulnerability Type: Unquoted Service Path Tested on OS:...
Voting System 1.0 Shell Upload
Exploit Title: Voting System 1.0 - Remote Code Execution Unauthenticated Date: 07/05/2021 Exploit Author: secure77 Vendor Homepage: https://www.sourcecodester.com/php/12306/voting-system-using-php.html Software Link:...
Backdoor.Win32.Floder.gqe Insecure Permissions
Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/0629e3b2ab8a973a3e37e4e97cb9cfea.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Floder.gqe Vulnerability: Insecure Permissions Description: The malware creates an...
SpamTitan 7.07 Command Injection
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'SpamTitan Unauthenticated RCE', 'Description' = %q TitanHQ SpamTitan Gateway is an anti-spam appliance that protects against unwanted emails and...
URVE Software Build 24.03.2020 Missing Authorization
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2020-041 Product: URVE Software Manufacturer: Eveo Sp. z o.o. Affected Versions: Build "24.03.2020" Tested Versions: Build "24.03.2020" Vulnerability Type: Missing Authorization CWE-862 Risk Level: High Solution Status: Open...
ccbill.txt
Date: Thu, 03 Jul 2003 12:46:39 -0400 From: Dayne Jordan Subject: Another overflow exploit for Apache? RESOLVED Greetings again, We found that this exploit was NOT a result of an Apache exploit. After waiting for the culprits to attempt their mischeif again, we were waiting and watched as they...
POMS PHP 1.0 SQL Injection / Shell Upload
Titles: POMS-PHP-by oretnom23 -v1.0-FU-SQLi-RCE-HAT.TRICK 1. SQLi Bypass Authentication 2. File Upload 3. RCE Latest update from the vendor: 5 hours 32 minutes ago Author: nu11secur1ty Date: 05/07/2024 Vendor: https://github.com/oretnom23 Software:...
Online Hotel Booking In PHP 1.0 SQL Injection
Exploit Title: Online Hotel Booking In PHP 1.0 - Blind SQL Injection Unauthenticated Google Dork: n/a Date: 04/02/2024 Exploit Author: Gian Paris C. Agsam Vendor Homepage: https://github.com/projectworldsofficial Software Link: https://projectworlds.in/wp-content/uploads/2019/06/hotel-booking.zip...
Backdoor.Win32.Armageddon.r MVID-2024-0670 Hardcoded Credential
Discovery / credits: Malvuln John Page aka hyp3rlinx c 2024 Original source: https://malvuln.com/advisory/68d135936512e88cc0704b90bb3839e0.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Armageddon.r Vulnerability: Hardcoded Cleartext Credentials Description: Th...
BoidCMS 2.0.0 Shell Upload
!/usr/bin/python3 Exploit Title: BoidCMS v2.0.0 - authenticated file upload vulnerability Date: 08/21/2023 Exploit Author: 1337kid Vendor Homepage: https://boidcms.github.io// Software Link: https://boidcms.github.io/BoidCMS.zip Version: ' with open'shell.php','w' as f: f.writelinesphpcode ====...
SolarView Compact 6.00 Remote Command Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'SolarView Compact unauthenticated remote command execution vulnerability.', 'Description' = %q CONTEC's SolarView™ Series enables you to monitor...
Innovins CMS 4.7 SQL Injection
==================================================================================================================================== | Title : Innovins CMS v4.7 Sql Injection Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 63.0.3 32-bit |...
Jorani 1.0.3 Cross Site Scripting
Title: Jorani -v1.0.3-©2014-2023-Benjamin-BALET-XSS-Reflected-Information-Disclosure Author: nu11secur1ty Date: 08/27/2023 Vendor: https://jorani.org/ Software: https://demo.jorani.org/session/login Reference: https://portswigger.net/web-security/cross-site-scripting Reference:...
CMS Made Simple 2.2.17 Cross Site Scripting
Exploit Title: CmsMadeSimple v2.2.17 - Stored Cross-Site Scripting XSS Application: CmsMadeSimple Version: v2.2.17 Bugs: Stored Xss Technology: PHP Vendor URL: https://www.cmsmadesimple.org/ Software Link: https://www.cmsmadesimple.org/downloads/cmsms Date of found: 12-07-2023 Author: Mirabbas...
CakePHP Test Suite 2.7.0 Cross Site Scripting
==================================================================================================================================== | Title : CakePHP Test Suite v2.7.0 Xss Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 66.0.264-bit | |...
PHPJabbers Knowledge Base Builder 3.0 Cross Site Scripting
┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...
Leeloo Multipath Authorization Bypass / Symlink Attack
Qualys Security Advisory Leeloo Multipath: Authorization bypass and symlink attack in multipathd CVE-2022-41974 and CVE-2022-41973 ======================================================================== Contents ======================================================================== Summary...
WordPress Simple Page Transition 1.4.1 Cross Site Scripting
Exploit Title: WordPress Plugin ‘Simple Page Transition’ - Stored Cross Site Scripting Date: 27-06-2022 Exploit Author: Mariam Tariq - HunterSherlock Vendor Homepage: https://wordpress.org/plugins/simple-page-transition/ Version: 1.4.1 Tested on: Firefox Contact me: [email protected]...
Car Driving School Management 1.0 SQL Injection
Title: Car Driving School Management v1.0 SQLi Author: nu11secur1ty Date: 03.02.2022 Vendor: https://www.sourcecodester.com/users/tips23 Software: https://www.sourcecodester.com/php/15070/car-driving-school-management-system-phpoop-free-source-code.html Reference:...
Crestron HD-MD4X2-4K-E 1.0.0.2159 Credential Disclosure
Advisory: Credential Disclosure in Web Interface of Crestron Device When the administrative web interface of the Crestron HDMI switcher is accessed unauthenticated, user credentials are disclosed which are valid to authenticate to the web interface. Details ======= Product: Crestron HD-MD4X2-4K-E...
Pinkie 2.15 Remote Buffer Overflow
Exploit Title: Pinkie 2.15 - TFTP Remote Buffer Overflow PoC Discovered by: Yehia Elghaly Discovered Date: 2021-11-19 Vendor Homepage: http://www.ipuptime.net/ Software Link : http://ipuptime.net/PinkieSetup.zip Tested Version: 2.15 Vulnerability Type: Buffer Overflow DoS Remote Tested on OS:...
Trojan.Win32.Servstar.poa Unquoted Service Path
Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/7588da376f496aa678cdfca4e404f38a.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Trojan.Win32.Servstar.poa Vulnerability: Insecure Service Path Description: The malware creates a...