50738 matches found
OpenCMS 11.0.2 Cross Site Request Forgery / Open Redirection
OpenCMS v11.0.2 -------------------------------------------------------------------------------------------------------------------------------------------------- CSRF - Login page vulnerable https://vulnerablehost.com/system/login - CSRF needs valid JSESSIONID to work, maybe logged Admin user...
QuickBox Pro 2.1.8 Remote Code Execution
Exploit Title: QuickBox Pro 2.1.8 - Authenticated Remote Code Execution Date: 2020-05-26 Exploit Author: s1gh Vendor Homepage: https://quickbox.io/ Vulnerability Details: https://s1gh.sh/cve-2020-13448-quickbox-authenticated-rce/ Version: = 2.1.8 Description: An authenticated low-privileged user...
Sysaid 20.1.11 b26 Remote Command Execution
Exploit Title: Sysaid 20.1.11 b26 - Remote Command Execution Google Dork: intext:"Help Desk Software by SysAid " Date: 2020-03-09 Exploit Author: Ahmed Sherif Vendor Homepage: https://www.sysaid.com/free-help-desk-software Software Link: https://www.sysaid.com/free-help-desk-software Version:...
📄 Gnuboard5 5.3.2.8 SQL Injection
Gnuboard5 versions 5.3.2.8 and below suffer from a remote SQL injection vulnerability. Exploit Title: Gnuboard5 = 5.3.2.8 SQL Injection via tableprefix Parameter Date: 2024-10-26 Exploit Author: CodeSecLab Vendor Homepage: https://github.com/gnuboard/gnuboard5 Software Link:...
CrushFTP Unauthenticated Arbitrary File Read
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'CrushFTP Unauthenticated Arbitrary File Read', 'Description' = %q This module leverages an unauthenticated server-side template injection...
Xhibiter NFT Marketplace 1.10.2 SQL Injection
Exploit Title: xhibiter nft marketplace SQLI Google Dork: intitle:"View - Browse, create, buy, sell, and auction NFTs" Date: 29/06/204 Exploit Author: Sohel yousef - https://www.linkedin.com/in/sohel-yousef-50a905189/ Vendor Homepage:...
Boss Mini 1.4.0 Local File Inclusion
Exploit Title: Boss Mini 1.4.0 - local file inclusion Date: 07/12/2023 Exploit Author: nltt0 https://github.com/nltt-br CVE: CVE-2023-3643 ''' / \ | | / | | / / | | \ --. | | / | |/ | ' \ / |/ / | --. \ | /\ | | | | | | | | | | \ // / /,||,|| ||, |/|// / | |/ ''' from requests import...
Lepton CMS 7.0.0 Remote Code Execution
Exploit Title: LeptonCMS Version : 7.0.0 Remote Code Execution Date: 2024-1-19 Exploit Author: tmrswrr Category: Webapps Vendor Homepage: https://www.lepton-cms.com/ Version : 7.0.0 Tested on: https://www.softaculous.com/apps/cms/LEPTON 1 Login with admin cred...
CrafterCMS 4.0.2 Cross Site Scripting
--------------------------------------------------------------------------- CrafterCMS = 4.0.2 Multiple Reflected Cross-Site Scripting Vulnerabilities --------------------------------------------------------------------------- - Software Link: https://craftercms.org - Affected Versions: Version...
Evsanati Radyo 1.0 Insecure Settings
==================================================================================================================================== | Title : evsanati radyo v1.0 Insecure Settings Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 64.0.2...
Acon Architecture and Construction Website CMS 1.2 Insecure Settings
==================================================================================================================================== | Title : Acon - Architecture and Construction Website CMS v1.2 Insecure Settings Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro /...
Online Thesis Archiving System 1.0 SQL Injection
Title: OTAS - PHP by: oretnom23 v1.0 Multiple-SQLi Author: nu11secur1ty Date: 06.12.2023 Vendor: https://github.com/oretnom23 Software: https://www.sourcecodester.com/php/15083/online-thesis-archiving-system-using-phpoop-free-source-code.html Reference:...
Codemonkey Multi Vendor Digital Product Mart 1.0 Cross Site Scripting
┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...
CreativeItem Academy Learning Management System 5.14 Cross Site Scripting
┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...
WordPress Weaver Xtreme 5.0.7 / Weaver Show Posts 1.6 Cross Site Scripting
On March 14, 2023, the Wordfence Threat Intelligence team initiated the responsible disclosure process for 2 nearly identical Cross-Site Scripting vulnerabilities in the Weaver Xtreme theme and the Weaver Show Posts plugin, which each have over 10,000 installations. The plugin developer responded...
Rocket Software Unidata udadmin_server Authentication Bypass
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Rocket Software Unidata udadminserver Authentication Bypass', 'Description' = %q This module exploits an authentication bypass vulnerability in t...
Froxlor 2.0.6 Remote Command Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Froxlor Log Path RCE', 'Description' = %q Froxlor v2.0.6 and below suffer from a bug that allows authenticated users to change the application lo...
ERPGo SaaS 3.9 CSV Injection
Exploit Title: ERPGo SaaS 3.9 - CSV Injection Date: 18/01/2023 Exploit Author: Sajibe Kanti CVE ID: Vendor Name: RajodiyaInfotech Vendor Homepage: https://rajodiya.com/ Software Link: https://codecanyon.net/item/erpgo-saas-all-in-one-business-erp-with-project-account-hrm-crm-pos/33263426 Version:...
ZTE ZXHN-H108NS Stack Buffer Overflow / Denial Of Service
Exploit Title: Router ZTE-H108NS - Stack Buffer Overflow DoS Date: 19-11-2022 Exploit Author: George Tsimpidas Vendor: https://www.zte.com.cn/global/ Firmware: H108NSV1.0.7uZRDGR2A68 Usage: python zte-exploit.py CVE: N/A Tested on: Debian 5.18.5 !/usr/bin/python3 import sys import socket from tim...
Spring Cloud Gateway 3.1.0 Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Spring Cloud Gateway Remote Code Execution', 'Description' = %q This module exploits an unauthenticated remote code execution vulnerability in...
Inout SiteSearch 2.0.1 Cross Site Scripting
┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...
Magnolia CMS 6.2.19 Cross Site Scripting
Exploit Title: Magnolia CMS = 6.2.19 - Stored Cross-Site Scripting XSS Date: 08/05/2022 Exploit Author: Giulio Garzia 'Ozozuz' Vendor Homepage: https://www.magnolia-cms.com/ Software Link:...
HealthForYou 1.11.1 / HealthCoach 2.9.2 Account Takeover
Trovent Security Advisory 2104-02 Account takeover with only email address possible Overview Advisory ID: TRSA-2104-02 Advisory version: 1.0 Advisory status: Public Advisory URL: https://trovent.io/security-advisory-2104-02 Affected product: HealthForYou & Sanitas HealthCoach mobile and web...
Dolibarr ERP/CRM 11.0.4 Bypass / Code Execution
Exploit Title: Dolibarr ERP/CRM 11.0.4 - File Upload Restrictions Bypass Authenticated RCE Date: 16/06/2020 Exploit Author: Andrea Gonzalez Vendor Homepage: https://www.dolibarr.org/ Software Link: https://github.com/Dolibarr/dolibarr Version: Prior to 11.0.5 Tested on: Debian 9.12 CVE :...
Rukovoditel 2.6.1 Cross Site Request Forgery
Exploit Title: Rukovoditel 2.6.1 - Cross-Site Request Forgery Change password Date: 2020-12-14 Exploit Author: KeopssGroup0day,Inc Vendor Homepage: https://www.rukovoditel.net/ Software Link: https://www.rukovoditel.net/download.php Version: v2.6.1 Tested on: Kali Linux...
Online Library Management System 1.0 Shell Upload
Exploit Title: Online Library Management System 1.0 - Arbitrary File Upload Date: 22-10-2020 Exploit Author: Jyotsna Adhana Vendor Homepage: https://www.sourcecodester.com/php/14545/online-library-management-system-phpmysqli-full-source-code-2020.html Software Link:...
aaPanel 6.6.6 Privilege Escalation
Exploit Title: aaPanel 6.6.6 - Authenticated Privilege Escalation Google Dork: Date: 04.05.2020 Exploit Author: Ünsal Furkan Harani Zemarkhos Vendor Homepage: https://www.aapanel.com/ Software Link: https://github.com/aaPanel/aaPanel Version: 6.6.6 REQUIRED Tested on: Linux ubuntu 4.4.0-131-gener...
BlazeDVD 7.0 Professional Buffer Overflow
Title: BlazeDVD 7.0 Professional - '.plf' Local Buffer Overflow SEH,ASLR,DEP Author: emalp Date: 2020-08-31 Vendor Homepage: http://www.blazevideo.com/ Software Link: http://www.blazevideo.com/download/BlazeDVDProSetup.exe Version: 7.0.0.0 Tested on: Windows 7 Home Basic Run this file bfile.plf...
SNMPc Enterprise Edition 9 / 10 Mapping Filename Buffer Overflow
!/usr/bin/python -- coding: utf-8 -- -------------------------------------------------------------------- Exploit: SNMPc Enterprise Edition 9 & 10 Mapping File Name BOF Date: 11 July 2019 Exploit Author: @xerubus | mogozobo.com Vendor Homepage: https://www.castlerock.com/ Software Linke:...
Zikula Core CMS 2.0.13 Database Disclosure
Exploit Title : Zikula Core CMS 2.0.13 Database Disclosure Author Discovered By : KingSkrupellos Team : Cyberizm Digital Security Army Date : 20/04/2019 Vendor Homepage : ziku.la Software Download Link : github.com/zikula/core/releases/download/2.0.13/2.0.zip Software Information Link :...
📄 libxml2 2.9.14 Remote Code Execution
libxml2 version 2.9.14 2022 proof of concept exploit for a heap buffer overflow in the xmlRegEpxFromParse function in xmlregexp.c. This version from the author is in the form of a Metasploit module...
Nipah Virus Testing Management System 1.0 Insecure Settings
==================================================================================================================================== | Title : Nipah virus NiV – Testing Management System 1.0 Insecure Settings Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozill...
NETGEAR Administrator Password Disclosure
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'NETGEAR Administrator Password Disclosure', 'Description' = %q This module will collect the password for the admin user. The exploit will not...
Cisco IOX XE Unauthenticated OS Command Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Cisco IOX XE unauthenticated OS command execution', 'Description' = %q This module leverages both CVE-2023-20198 and CVE-2023-20273 against...
CMSimple 5.15 Remote Shell Upload
Exploit Title: CMSimple 5.15 - Remote Command Execution Date: 04/28/2024 Exploit Author: Ahmet Ümit BAYRAM Vendor Homepage: https://www.cmsimple.org Software Link: https://www.cmsimple.org/downloadscmsimple50/CMSimple5-15.zip Version: latest Tested on: MacOS Log in to SimpleCMS. Go to Settings CM...
Nokia BMC Log Scanner 13 Command Injection
Exploit Title: Nokia BMC Log Scanner Remote Code Execution Google Dork: N/A Date: November 29, 2023 Exploit Author: Carlos Andres Gonzalez, Matthew Gregory Vendor Homepage: https://www.nokia.com/ Software Link: N/A Version: 13 Tested on: Linux CVE : CVE-2022-45899 Description The BMC Log Scanner...
Microsoft Windows PowerShell Code Execution / Event Log Bypass
Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/WINDOWSPOWERSHELLSINGLEQUOTECODEEXECEVENTLOGBYPASS.txt + twitter.com/hyp3rlinx + ISR: ApparitionSec Vendor www.microsoft.com Product Microsoft Windows PowerShell Built on the...
Active Super Shop CMS 2.5 HTML Injection
Document Title: =============== Active Super Shop CMS v2.5 - HTML Injection Vulnerabilities References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2278 Release Date: ============= 2023-07-04 Vulnerability Laboratory ID VL-ID: ==================================...
ProjeQtOr Project Management System 10.4.1 Cross Site Scripting
Exploit Title: ProjeQtOr Project Management System V10.4.1 - Multiple XSS Version: V10.4.1 Bugs: Multiple XSS Technology: PHP Vendor URL: https://www.projeqtor.org Software Link: https://sourceforge.net/projects/projectorria/files/projeqtorV10.4.1.zip/download Date of found: 09.07.2023 Author:...
BBook 5.7 Shell Upload
==================================================================================================================================== | Title : BBook - BookStore Script System with website v5.7 Unrestricted File Upload Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro ...
GZ E Learning Platform 1.8 Cross Site Scripting
┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...
Advanced Testimonials Manager 5.5 Add Administrator
==================================================================================================================================== | Title : Advanced Testimonials Manager v5.5 Reinstall Add Admin Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla...
PHPJabbers Forum Script 3.0 Persistent Cross Site Scripting
┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...
Franklin Fueling Systems TS-550 Hash Disclosure / Default Credentials
Exploit Title: Franklin Fueling Systems TS-550 - Default Password Date: 4/16/2023 Exploit Author: parsa rezaie khiabanloo Vendor Homepage: Franklin Fueling Systems http://www.franklinfueling.com/ Version: TS-550 Tested on: Linux/Androidtermux Step 1 : attacker can using these dorks and access to...
Cisco RV Series Authentication Bypass / Command Injection
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Cisco RV Series Authentication Bypass and Command Injection', 'Description' = %q This module exploits two vulnerabilities, a session ID directory...
101news By Mayuri K 1.0 SQL Injection
Title: 101news-by-Mayuri-K-1.0 Multiple-SQLi Author: nu11secur1ty Date: 02.02.2023 Vendor: https://mayurik.com/ Software: https://mayurik.com/source-code/P4030/news-portal-project-in-php Reference: https://portswigger.net/web-security/sql-injection Description: The comment parameter appears to be...
Drupal H5P Module 2.0.0 Zip Slip Traversal
------------------------------------------------------------------ Drupal H5P Module statIndex$i'name'; 892. 893. if pregmatch'/^.|/./', $fileName !== 0 894. continue; // Skip any file or folder starting with a . or 894. This regex check should be enough to prevent path traversal attacks through...
Backdoor.Win32.RemServ.d MVID-2022-0655 Remote Command Execution
Discovery / credits: Malvuln John Page aka hyp3rlinx c 2022 Original source: https://malvuln.com/advisory/05a082d441d9cf365749c0e1eb904c85.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.RemServ.d Vulnerability: Unauthenticated Remote Command Execution Family:...
Backdoor.Win32.Delf.arh MVID-2022-0650 Authentication Bypass
Discovery / credits: Malvuln John Page aka hyp3rlinx c 2022 Original source: https://malvuln.com/advisory/b3b19524967d22d6eb7517b03b660b00.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Delf.arh Vulnerability: Authentication Bypass Description: The malware runs...
WiFiMouse 1.8.3.4 Remote Code Execution
Exploit Title: WiFiMouse 1.8.3.4 - Remote Code Execution RCE Date: 15-08-2022 Author: Febin Vendor Homepage: http://necta.us/ Software Link: http://wifimouse.necta.us/download Version: 1.8.3.4 Tested on: Windows 10 !/bin/bash printf " WiFiMouse / MouseServer 1.8.3.4 Exploit by FEBIN " printf "...