50738 matches found
VOTAB Voting Quiz PHP Script 1.0 SQL Injection
┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...
KODExplorer 4.49 Cross Site Request Forgery / Shell Upload
Exploit Title: KodExplorer ' path = '/data/User/admin/home/' targetpath = input' Target KODExplorer path ex /var/www...
Citrix Workspace App For Linux 2212 Credential Leak
Citrix Linux client credential leak The Citrix Linux client emits its session credentials when starting a Citrix session. These credentials end up being recorded in the client's system log. Citrix do not consider this to be a security vulnerability. Software affected - Citrix Workspace App for...
Franklin Fueling Systems Colibri Controller Module 1.8.19.8580 Local File Inclusion
Exploit Title: Franklin Fueling Systems Colibri Controller Module 1.8.19.8580 - Local File Inclusion LFI Date: 7/4/2022 Exploit Author: Momen Eldawakhly Cyber Guy Vendor Homepage: https://www.franklinfueling.com/ Version: 1.8.19.8580 Tested on: Linux Firefox CVE : CVE-2021-46417 Proof of Concept...
Backdoor.Win32.Wisell Remote Command Execution
Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/57bda78cc5fd6a06017148bae28e8e39.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Wisell Vulnerability: Unauthenticated Remote Command Execution Description: The malwa...
Gerapy 0.9.7 Remote Code Execution
Exploit Title: Gerapy 0.9.7 - Remote Code Execution RCE Authenticated Date: 03/01/2022 Exploit Author: Jeremiasz Pluta Vendor Homepage: https://github.com/Gerapy/Gerapy Version: All versions of Gerapy prior to 0.9.8 CVE: CVE-2021-43857 Tested on: Gerapy 0.9.6 Vulnerability: Gerapy prior to versio...
Backdoor.Win32.Wollf.a Hardcoded Password
Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/52d1341f73c34ba2638581469120b68a.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Wollf.a Vulnerability: Weak Hardcoded Password Description: The malware listens on TC...
Opencart 3 Extension TMD Vendor System SQL Injection
Exploit Title: Opencart 3 Extension TMD Vendor System - Blind SQL Injection Author: Muhammad Zaki Sulistya [email protected] Date: 03-11-2021 Product: TMD Vendor System Vendor Homepage: https://www.opencartextensions.in/ Software Link:...
Dynojet Power Core 2.3.0 Unquoted Service Path
Exploit Title: Dynojet Power Core 2.3.0 - Unquoted Service Path Exploit Author: Pedro Sousa Rodrigues https://www.0x90.zone/ / @PedroSECR Version: 2.3.0 Build 303 Date: 30.10.2021 Vendor Homepage: https://www.dynojet.com/ Software Link: https://docs.dynojet.com/Document/18762 Tested on: Windows 1...
Linux Kernel Netfilter Heap Out-Of-Bounds Write
/ CVE-2021-22555: Turning \x00\x00 into 10000$ by Andy Nguyen theflow@ theflow@theflow:$ gcc -m32 -static -o exploit exploit.c theflow@theflow:$ ./exploit + Linux Privilege Escalation by theflow@ - 2021 + STAGE 0: Initialization Setting up namespace sandbox... Initializing sockets and message...
Backdoor.Win32.RMFdoor.c Authentication Bypass / Code Execution
Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/5e2e6ca532c20ee6a59861d936df7076.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.RMFdoor.c Vulnerability: Authentication Bypass RCE Description: The malware listens o...
NetMotion Mobility Server MvcUtil Java Deserialization
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'NetMotion Mobility Server MvcUtil Java Deserialization', 'Description' = %q This module exploits an unauthenticated Java deserialization in the...
IGEL OS Secure VNC/Terminal Command Injection
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'IGEL OS Secure VNC/Terminal Command Injection RCE', 'Description' = %q This module exploits a command injection vulnerability in IGEL OS Secure...
Google Chrome 86.0.4240 V8 Remote Code Execution
/ BSD 2-Clause License Copyright c 2021, rajvardhan agarwal All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: 1. Redistributions of source code must retain the above copyright notice,...
Project Expense Monitoring System 1.0 Authentication Bypass
Exploit Title: Project expense Monitoring System | Create Admin Account Unauthorised Exploit Author: Richard Jones Date: 2021-03-28 Vendor Homepage: https://www.sourcecodester.com/php/14001/project-expense-monitoring-system-project-php-source-code-2020.html Software Link:...
📄 Anant Addons for Elementor 1.1.5 CSRF / Arbitrary Plugin Installation
Anant Addons for Elementor versions 1.1.5 and below cross site request forgery proof of concept that allows for arbitrary plugin installation. 🛡️ Anant Addons for Elementor Anant Addons for Elementor body background-color: 111; color: 0f0; font-family: monospace;...
ABB Cylon FLXeon 9.3.4 Cross Site Request Forgery
ABB Cylon FLXeon version 9.3.4 suffers from a cross site request forgery vulnerability. However, exploitation is limited to specific conditions due to the server's CORS configuration. !-- ABB Cylon FLXeon 9.3.4 Limited Cross-Site Request Forgery RCE Vendor: ABB Ltd. Product web page:...
PHPJabbers Cinema Booking System 2.0 Cross Site Request Forgery
PHPJabbers Cinema Booking System version 2.0 suffers from a cross site request forgery vulnerability. CVE-2024-57429 A cross-site request forgery CSRF vulnerability in the pjActionUpdate function of PHPJabbers Cinema Booking System v2.0 allows remote attackers to escalate privileges by tricking a...
ABB Cylon Aspect 3.08.00 setTimeServer.php Remote Code Execution
ABB Cylon Aspect 3.08.00 setTimeServer.php Remote Code Execution Vendor: ABB Ltd. Product web page: https://www.global.abb Affected version: NEXUS Series, MATRIX-2 Series, ASPECT-Enterprise, ASPECT-Studio Firmware: =3.08.00 Summary: ASPECT is an award-winning scalable building energy management a...
Simple Chatbot Application 1.0 Insecure Settings
============================================================================================================================================= | Title : Simple Chatbot Application v1.0 Insecure Settings Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firef...
Quiz Management System 1.0 Cross Site Request Forgery
============================================================================================================================================= | Title : Quiz Management System v1.0 CSRF Add user Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 130.0...
Men Salon Management System 2.0 PHP Code Injection
============================================================================================================================================= | Title : Men Salon Management System 2.0 php code injection Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla...
Prison Management System 1.0 Add Administrator
============================================================================================================================================= | Title : Prison Management System v1.0 Add Admin Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 128.0.3...
NTP.org ntpd Reserved Mode Denial of Service
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'NTP.org ntpd Reserved Mode Denial of Service', 'Description' = %q This module exploits a denial of service vulnerability within the NTP network...
Korenix JetPort Series 1.2 Command Injection / Insufficient Authentication
CyberDanube Security Research 20240805-0 ------------------------------------------------------------------------------- title| Multiple Vulnerabilities in JetPort Series product| Korenix JetPort Series vulnerable version| 1.2 fixed version| None CVE number| CVE-2024-7395, CVE-2024-7396,...
Dotclear 2.29 Remote Code Execution
Exploit Title: Dotclear 2.29 - Remote Code Execution RCE Discovered by: Ahmet Ümit BAYRAM Discovered Date: 26.04.2024 Vendor Homepage: https://git.dotclear.org/explore/repos Software Link: https://github.com/dotclear/dotclear/archive/refs/heads/master.zip Tested Version: v2.29 latest Tested on:...
Financials By Coda Authorization Bypass
Vulnerability type: Incorrect Access Control Vendor: https://www.unit4.com/ Product: Financials by Coda Product site: https://www.unit4.com/fr/products/financial-management-software Affected version: "user" : "", "password" : "", "company" : "", "newPassword" : "newpasswordfortargeteduser",...
WyreStorm Apollo VX20 Incorrect Access Control
Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/WYRESTORMAPOLLOVX20INCORRECTACCESSCONTROLDOSCVE-2024-25736.txt + twitter.com/hyp3rlinx + ISR: ApparitionSec Vendor www.wyrestorm.com Product APOLLO VX20 1.3.58 Vulnerability...
Hesk Rtl CMS 1 Cross Site Scripting
==================================================================================================================================== | Title : Hesk Rtl CMS v1 XSS Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 63.0.3 32-bit | | Vendor :...
OVOO Movie Portal CMS 3.3.3 SQL Injection
Exploit Title: OVOO Movie Portal CMS v3.3.3 - SQL Injection Date: 2023-08-12 Exploit Author: Ahmet Ümit BAYRAM Vendor: https://codecanyon.net/item/ovoomovie-video-streaming-cms-with-unlimited-tvseries/20180569 Tested on: Kali Linux & MacOS CVE: N/A Request POST /filtermovies/1 HTTP/2 Host:...
Easy Web Portal 2.1.1 Cross Site Scripting
==================================================================================================================================== | Title : Easy Web Portal v2.1.1 XSS Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 64.0.2 32-bit | |...
Microsoft Excel / 365 MSO Remote Code Execution
Title: Microsoft Excel Microsoft® Microsoft 365 MSO Version 2305 Build 16.0.16501.20074 32-bit Remote Code Execution Vulnerability Author: nu11secur1ty Date: 06.27.2023 Vendor: https://www.microsoft.com/ Software: https://www.microsoft.com/en-us/microsoft-365/excel Reference:...
WordPress WP File Manager 7.1.7 Backup Disclosure
==================================================================================================================================== | Title : WordPress - wp file manager pro 7.1.7 Backup Disclosure Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla...
WordPress Backup Migration 1.2.8 Backup Disclosure
Exploit Title: WordPress Plugin Backup Migration 1.2.8 - Unauthenticated Database Backup Google Dork: intitle:"Index of /wp-content/plugins/backup-backup" AND inurl:"plugins/backup-backup/" Date: 2023-05-10 Exploit Author: Wadeek Vendor Homepage: https://backupbliss.com/ Software Link:...
W3 Eden Download Manager 3.2.70 Cross Site Scripting
W3 Eden recently patched an Authenticated Stored Cross-Site Scripting vulnerability in Download Manager. On April 25, 2023, our Wordfence Threat Intelligence team identified and began the responsible disclosure process for a stored Cross-Site Scripting XSS vulnerability in W3 Eden’s Download...
Delta Electronics DX-2100-L1-CN 1.5.0.10 Command Injection / XSS
CyberDanube Security Research 20221130-0 ------------------------------------------------------------------------------- title| Multiple Vulnerabilities product| Delta Electronics DX-2100-L1-CN vulnerable version| V1.5.0.10 fixed version| V1.5.0.12 CVE number| - impact| High homepage|...
Printix Client 1.3.1106.0 Remote Code Execution
Exploit Title: Printix Client 1.3.1106.0 - Remote Code Execution RCE Date: 3/1/2022 Exploit Author: Logan Latvala Vendor Homepage: https://printix.net Software Link: https://software.printix.net/client/win/1.3.1106.0/PrintixClientWindows.zip Version: = 1.3.1106.0 Tested on: Windows 7, Windows 8,...
Google Play Protect 22.4.25 Detection Bypass
Exploit Title: Google Play Protect 22.4.25 - Detection Bypass Date: 2022-02-14 Exploit Author: Aryan Chehreghani Contact: [email protected] Vendor Homepage: https://play.google.com Version: 22.4.25 Possibly all versions Tested on: Android 5.1.1 About - Google Play Protect : Google Play...
Backdoor.Win32.Prexot.a Authentication Bypass
Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/29bc048d58ab8038c7001ef0d5e69c9b.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Prexot.a Vulnerability: Authentication Bypass Description: The malware listens on...
Backdoor.Win32.Wollf.16 Hardcoded Credential
Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/204613443e555f73237ea43a2faecaa5B.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Wollf.16 Vulnerability: Weak Hardcoded Credentials Description: The malware runs wit...
Backdoor.Win32.Jtram.a Insecure Credential Storage
Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/596882dfba543b23ad3225d24ee5e800.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Jtram.a Vulnerability: Insecure Credential Storage Description: The malware listens o...
Simple Cold Storage Management System 1.0 SQL Injection
Title: Simple Cold Storage Management System 1.0 SQL - Injection Author: nu11secur1ty Date: 12.15.2021 Vendor: https://www.sourcecodester.com/users/tips23 Software: https://www.sourcecodester.com/php/15088/simple-cold-storage-management-system-using-phpoop-source-code.html Description: The id...
Simple Client Management System 1.0 SQL Injection
Exploit Title: Simple Client Management System 1.0 - 'uemail' SQL Injection Unauthenticated Date: 24-06-2021 Exploit Author: Barış Yıldızoğlu Vendor Homepage: https://www.sourcecodester.com/ Software Link: https://www.sourcecodester.com/sites/default/files/download/oretnom23/client-details.zip...
Dolibarr ERP-CRM 12.0.3 Remote Code Execution
Exploit Title: Dolibarr ERP-CRM 12.0.3 - Remote Code Execution Authenticated Date: 2020.12.17 Exploit Author: Yilmaz Degirmenci Vendor Homepage: https://github.com/Dolibarr/dolibarr Software Link: https://sourceforge.net/projects/dolibarr/ Version: 12.0.3 Tested on: Kali Linux 2020.2 Vulnerabilit...
BigTree CMS 4.4.10 Remote Code Execution
Exploit Title: BigTree CMS 4.4.10 - Remote Code Execution Google Dork: " BigTree CMS " Date: 2020-25-09 Exploit Author: SunCSR ThienNV and HoaVT - Sun Cyber Security Research Vendor Homepage: https://www.bigtreecms.org/ Software Link: https://www.bigtreecms.org/ Version: 4.4.10 Tested on: Windows...
Online Book Store 1.0 Code Execution
!/usr/bin/env python3 Exploit Title: Online Book Store 1.0 - Unauthenticated Remote Code Execution modified by cesgami Google Dork: N/A Date: 2020-01-07 2020-22-07 Exploit Author: Tib3rius Vendor Homepage: https://projectworlds.in/free-projects/php-projects/online-book-store-project-in-php/...
GAT-Ship Web Module 1.30 Information Disclosure
GAT-Ship Web Module 1.30 - Unauthenticated Information Disclosure Vulnerability It is possible in versions 1.30 and below for unauthenticated attackers to query the GAT-Ship Web Module for system information via a crafted request: PoC:...
WordPress Wysija-Newsletters 2.10.2 Database Disclosure
Exploit Title : WordPress Wysija-Newsletters 2.10.2 Database Backup Disclosure Author Discovered By : KingSkrupellos from Cyberizm Digital Security Army Date : 08/12/2018 Vendor Homepage : mailpoet.com wordpress.org/plugins/wysija-newsletters/ Software Download Link :...
📄 jQuery 3.3.1 Cross Site Scripting
jQuery version 3.3.1 proof of concept exploit that demonstrates cross site scripting via improper script handling and prototype pollution. Exploit Title: jQuery Prototype Pollution & XSS Exploit CVE-2019-11358 & CVE-2020-7656 Google Dork: N/A Date: 2025-02-13 Exploit Author: xOryus Vendor Homepag...
LTL Freight Quotes – Old Dominion Edition 4.2.10 SQL Injection
LTL Freight Quotes – Old Dominion Edition versions 4.2.10 and below suffer from an unauthenticated remote SQL injection vulnerability. CVE-2024-13489 LTL Freight Quotes – Old Dominion Edition = 4.2.10 - Unauthenticated SQL Injection Description The LTL Freight Quotes – Old Dominion Edition plugin...