50738 matches found
Apache ActiveMQ Unauthenticated Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Apache ActiveMQ Unauthenticated Remote Code Execution', 'Description' = %q This module exploits a deserialization vulnerability in the OpenWire...
SIGE 3.4.1 / 3.5.3 Pro Cross Site Scripting / Remote File Inclusion
Document Title: =============== SIGE Joomla 3.4.1 & 3.5.3 Pro - Multiple Vulnerabilities References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2265 Release Date: ============= 2020-11-11 Vulnerability Laboratory ID VL-ID: ====================================...
Dreamehome 2.1.5 Broken Authorization
SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Broken authorization product: Dreamehome app vulnerable version: =2.1.5 iOS fixed version: none, see solution CVE number: - impact: medium homepage:...
ZoneMinder Snapshots Command Injection
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'ZoneMinder Snapshots Command Injection', 'Description' = %q This module exploits an unauthenticated command injection in zoneminder that can be...
Xmind 2020 Cross Site Scripting / Code Execution
Exploit Title: Xmind 2020 XSS to RCE Exploit Author: TaurusOmar Twitter:@TaurusOmar HomePage:taurusomar.com Date: May 4th, 2021 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Risk: High 8.8 Vendor Homepage: https://www.xmind.net/ Version: 2020 Tested on: Windows, Linux, MacOs Software Description:...
Linux 6.6 Race Condition
Summary I found a security-relevant race between mremap and THP code. Reaching the buggy code typically requires the ability to create unprivileged namespaces. The bug leads to installing physical address 0 as a page table, which is likely exploitable in several ways: For example, triggering the...
RiteCMS 3.1.0 Arbitrary File Deletion
Exploit Title: RiteCMS 3.1.0 - Arbitrary File Deletion Authenticated Date: 25/07/2021 Exploit Author: faisalfs10x https://github.com/faisalfs10x Vendor Homepage: https://ritecms.com/ Software Link: https://github.com/handylulu/RiteCMS/releases/download/V3.1.0/ritecms.v3.1.0.zip Version: = 3.1.0...
WordPress Slider Revolution 4.x.x Shell Upload
================================================================================================= | Title : WordPress - Slider Revolution 4.x.x WordPress - arbitrary file upload exploit | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 66.064-bit | |...
Tableau Server Open Redirection
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2020-032 Product: Tableau Server Manufacturer: Tableau Software, LLC, a Salesforce Company Affected Versions: 2019.4-2019.4.17, 2020.1-2020.1.13, 2020.2-2020.2.10, 2020.3-2020.3.6, 2020.4-2020.4.2 Tested Versions: 2020.2.1...
Rockwell FactoryTalk View SE SCADA Unauthenticated Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Rockwell FactoryTalk View SE SCADA Unauthenticated Remote Code Execution', 'Description' = %q This module exploits a series of vulnerabilities to...
Android Binder Use-After-Free
CVE-2019-2215 Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1942 https://bugs.chromium.org/p/project-zero/issues/attachmentText?aid=414885 Samsung S7 and S7 Edge with Kernel 3.18.x seem not vulnerable could be however, with more work with PoC adjustments. Could not see more,...
ZoneMinder XSS / CSRF / File Disclosure / Authentication Bypass
========================================================================== Product: ZoneMinder Versions: Multiple versions - see inline Vulnerabilities: File disclosure, XSS, CSRF, Auth bypass & Info disclosure CVE-IDs: CVE-2017-5595, CVE-2017-5367, CVE-2017-5368, CVE-2016-10140 Author: John...
Navy Federal Cross Site Scripting
Vendor ------------------------------------------------- Navy Federal - https://www.navyfederal.org/ Product ------------------------------------------------- Front pubic facing application Credit ------------------------------------------------- Arthrocyber http://arthrocyber.com/research/findin...
Redis Lua Sandbox Escape
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Redis Lua Sandbox Escape', 'Description' = %q This module exploits CVE-2022-0543, a Lua-based Redis sandbox escape. The vulnerability was...
ipTIME DHCP Remote Command Execution
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory Information Title: 127 ipTIME router models vulnerable to an unauthenticated RCE by sending a crafted DHCP request Advisory URL: https://pierrekim.github.io/advisories/2015-iptime-0x02.txt Blog URL:...
VMware vRealize Operations Manager Server-Side Request Forgery / Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'VMware vRealize Operations vROps Manager SSRF RCE', 'Description' = %q This module exploits a pre-auth SSRF CVE-2021-21975 and post-auth file wri...
MS12-020 Microsoft Remote Desktop Checker
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'MS12-020 Microsoft Remote Desktop Checker', 'Description' = %q This module checks a range of hosts for the MS12-020 vulnerability. This does not...
Huawei HedEx Lite (DM) Path Traversal
Document Title: =============== Huawei HedEx Lite DM - Path Traversal Web Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2268 Release Date: ============= 2020-11-24 Vulnerability Laboratory ID VL-ID: ====================================...
Apache HTTP Server 2.4.49 Path Traversal
Exploit Title: Apache HTTP Server 2.4.49 - Path Traversal Date: 10/05/2021 Exploit Author: Lucas Souza https://lsass.io Vendor Homepage: https://apache.org/ Version: 2.4.49 Tested on: 2.4.49 CVE : CVE-2021-41773 Credits: Ash Daulton and the cPanel Security Team !/bin/bash if $1 =3D=3D '' ; $2...
PHP CGI Argument Injection Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'PHP CGI Argument Injection Remote Code Execution', 'Description' = %q This module exploits a PHP CGI argument injection vulnerability affecting P...
MobileIron Log4Shell Remote Command Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'MobileIron Core Unauthenticated JNDI Injection RCE via Log4Shell', 'Description' = %q MobileIron Core is affected by the Log4Shell vulnerability...
Elasticsearch ECE 7.13.3 Database Disclosure
Exploit Title: Elasticsearch ECE 7.13.3 - Anonymous Database Dump Date: 2021-07-21 Exploit Author: Joan Martinez @magichk Vendor Homepage: https://www.elastic.co/ Software Link: https://www.elastic.co/ Version: = 7.10.0 to = 7.13.3 Tested on: Elastic ECE Cloud CVE : CVE-2021-22146 Reference:...
Microsoft Windows WebDAV BSoD Proof Of Concept
/ Source: https://github.com/koczkatamas/CVE-2016-0051 Proof-of-concept BSoD Blue Screen of Death code for CVE-2016-0051 MS-016. Full Proof of Concept: https://github.com/koczkatamas/CVE-2016-0051/archive/master.zip...
VestaCP 0.9.8-26 Token Session
Document Title: =============== VestaCP v0.9.8-26 - LoginAs Token Session Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2240 Release Date: ============= 2020-11-26 Vulnerability Laboratory ID VL-ID: ====================================...
sudo 1.9.12p1 Privilege Escalation
!/usr/bin/env bash Exploit Title: sudo 1.8.0 to 1.9.12p1 - Privilege Escalation Exploit Author: n3m1.sys CVE: CVE-2023-22809 Date: 2023/01/21 Vendor Homepage: https://www.sudo.ws/ Software Link: https://www.sudo.ws/dist/sudo-1.9.12p1.tar.gz Version: 1.8.0 to 1.9.12p1 Tested on: Ubuntu Server 22.0...
Maltrail 0.53 Remote Code Execution
Exploit Title: Maltrail v0.53 - Unauthenticated Remote Code Execution RCE Exploit Author: Iyaad Luqman K init6 Application: Maltrail v0.53 Tested on: Ubuntu 22.04 CVE: CVE-2023-27163 PoC import sys; import os; import base64; def main: listeningIP = None listeningPORT = None targetURL = None if...
MariaDB 10.2 Command Execution
Exploit Title: MariaDB 10.2 /MySQL - 'wsrepprovider' OS Command Execution Date: 03/18/2021 Exploit Author: Central InfoSec Version: MariaDB 10.2 before 10.2.37, 10.3 before 10.3.28, 10.4 before 10.4.18, and 10.5 before 10.5.9; Percona Server through 2021-03-03; and the wsrep patch through...
Invision Community 4.7.15 SQL Injection
-------------------------------------------------------------------- Invision Community filter and \isarray \IPS\Request::i-filter 128 129 $url = $url-setQueryString 'filter', \IPS\Request::i-filter ; 130 foreach \IPS\Request::i-filter as $filterId = $allowedValues 131 132 $where = array...
Maltrail 0.53 Unauthenticated Command Injection
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Maltrail Unauthenticated Command Injection', 'Description' = %q Maltrail is a malicious traffic detection system, utilizing publicly available...
📄 Flask 3.0.0 Remote Code Execution
Flask version 3.0.0 suffers from multiple remote code execution vulnerabilities. Exploit Title: Flask 3.0.0 CookApp - Multiple Unauthenticated RCE Vulnerabilities Date: 2024-12-05 Exploit Author: nu11secur1ty Vendor Homepage: https://flask.palletsprojects.com/ Software Link:...
Qualcomm Adreno/KGSL Data Leakage
Qualcomm Adreno/KGSL: pages can be freed to page pool while having GPU references on !CONFIGQCOMKGSLUSESHMEM Tested on a Pixel 4 again with a slightly outdated version of KGSL. I ordered a Pixel 5a but don't have it yet... On KGSL builds where CONFIGQCOMKGSLUSESHMEM is not set or on older KGSL...
tmux 1.3 / 1.4 Privilege Escalation
--------------------------------------- | Team ph0x90bic proudly presents | | tmux -S 1.3/1.4 local utmp exploit | --------------------------------------- Exploit Title: tmux '-S' Option Incorrect SetGID Local Privilege Escalation Vulnerability Date: 11.04.2011 Author: ph0x90bic Software Link:...
TP-Link Cloud Cameras NCXXX Bonjour Command Injection
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'TP-Link Cloud Cameras NCXXX Bonjour Command Injection', 'Description' = %q TP-Link cloud cameras NCXXX series NC200, NC210, NC220, NC230, NC250,...
Microsoft Exchange Server DlpUtils AddTenantDlpPolicy Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Microsoft Exchange Server DlpUtils AddTenantDlpPolicy RCE', 'Description' = %q This vulnerability allows remote attackers to execute arbitrary co...
Phoenix Contact TC Router / TC Cloud Client Command Injection
SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Authenticated Command Injection product: Phoenix Contact TC Router & TC Cloud Client vulnerable version: =2.05.3 & =2.03.17 & =1.03.17 fixed version: 2.05.4 & 2.03.18 &...
M/Monit 3.7.4 Password Disclosure
Title: M/Monit 3.7.4 - Password Disclosure Author: Dolev Farhi Date: 2020-07-09 Vendor Homepage: https://mmonit.com/ Version : 3.7.4 import sys import requests url = 'http://youriphere:8080' username = 'test' password = 'test123' sess = requests.Session sess.gethost def login: print'Attempting to...
FortiLogger Arbitrary File Upload
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'FortiLogger Arbitrary File Upload Exploit', 'Description' = %q This module exploits an unauthenticated arbitrary file upload via insecure POST...
Kernel Live Patch Security Notice LSN-0110-1
A half dozen vulnerabilities have been addressed in the Linux kernel including use-after-free and heap overflow issues. Linux kernel vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS - Ubuntu 22.04 LTS -...
Gemtek WVRTM-127ACN 01.01.02.141 Command Injection
Exploit Title: Gemtek WVRTM-127ACN 01.01.02.141 - Authenticated Arbitrary Command Injection Date: 13/09/2020 Exploit Author: Gabriele Zuddas Version: 01.01.02.127, 01.01.02.141 CVE : CVE-2020-24365 Service Provider : Linkem Product Name : LTE CPE Model ID : WVRTM-127ACN Serial ID : GMK17041801108...
BlackStratus LOGStorm 4.5.1.35 / 4.5.1.96 Remote Root
!/usr/bin/python logstorm-root.py BlackStratus LOGStorm Remote Root Exploit Jeremy Brown jbrown3264/gmail Dec 2016 -Synopsis- "Better Security and Compliance for Any Size Business" BlackStratus LOGStorm has multiple vulnerabilities that allow a remote unauthenticated user, among other things, to...
CSE Bookstore 1.0 Cross Site Scripting
Exploit Title: CSE Bookstore 1.0 - 'quantity' Persistent Cross-site Scripting Date: 30/10/2020 Exploit Author: Vyshnav NK Vendor Homepage: https://projectworlds.in/ Software Link: https://github.com/projectworlds32/online-book-store-project-in-php/archive/master.zip Version: 1.0 Tested on: Window...
Apache Struts 2 2.3.x / 2.5.x Remote Code Execution
CVE-2017-5638 Apache Struts 2 Vulnerability Remote Code Execution Reverse shell from target Author: anarc0der - github.com/anarcoder Tested with tomcat8 Install tomcat8 Deploy WAR file https://github.com/nixawk/labs/tree/master/CVE-2017-5638 Ex: Open: $ nc -lnvp 4444 python2 struntsrce.py...
2ad Guestbook 2.0 Database Disclosure
==================================================================================================================================== | Title : 2ad guestbook version 2.0 Database Disclosure Exploit | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox...
Linksys EA7500 2.0.8.194281 Cross Site Scripting
Exploit Title: Linksys EA7500 2.0.8.194281 - Cross-Site Scripting Date: 3/24/21 Exploit Author: MiningOmerta Vendor Homepage: https://www.linksys.com/ Version: EA7500 Firmware Version: 2.0.8.194281 CVE: CVE-2012-6708 Tested On: Linksys EA7500 jQuery version 1.7.1 Cross-Site Scripting Vulnerabilit...
Elementor Website Builder SQL Injection
EXPLOIT Elementor Website Builder Replace URL page. On the Replace URL page, enter any random string as the "New URL" and the following malicious payload as the "Old URL": code : http://localhost:8080/?test',metakey='key4'where+metaid=SLEEP2; Press "Replace URL" on the Replace URL page. Burp Suit...
Linux Kernel 3.x usb-midi Local Privilege Escalation
Source: https://xairy.github.io/blog/2016/cve-2016-2384 Source: https://github.com/xairy/kernel-exploits/tree/master/CVE-2016-2384 Source: https://www.youtube.com/watch?v=lfl1NJn1nvo Exploit-DB Note: This requires physical access to the machine, as well as local access on the system. - - - This...
Obehotel CMS Denial Of Service / SQL Injection
OBEHOTEL Spanish CMS Blind SQLinjection / Apache httpd Remote Denial of Service / Directory Listing / Insecure transition from HTTPS to HTTP in form post I-VULNERABILITY ------------------------- Title: OBEHOTEL CMS Blind SQLinjection / Apache httpd Remote Denial of Service / Directory Listing /...
Zontal Arcade HTML 5 Game Portal PHP Script SQL Injection
Zontal Arcade HTML 5 Game Portal PHP Script suffers from a remote SQL injection vulnerability. This software does not list a version but was reported as of March 05, 2025 to be vulnerable. Exploit Title: Zontal Arcade HTML 5 Game Portal PHP Script - SQL Injection Date: 05-03-2025 Exploit Author:...
Vtiger CRM 7.0 Cross Site Scripting
Document Title: =============== VTiger v7.0 CRM - To Persistent Email Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2227 Release Date: ============= 2020-11-18 Vulnerability Laboratory ID VL-ID: ==================================== 2227...
Krpano Panorama Viewer 1.20.8 Cross Site Scripting
Exploit Title: XSS in krpano Panorama Viewer Google Dork: inurl:krpano.html Date: 10/05/2020 Exploit Author: Adriano Marcio Monteiro @adrianomarcmont Exploit Author Site: https://www.brztec.com Exploit Author E-mail: [email protected] Exploit Author Packetstorm Bio:...