50748 matches found
📄 Hugging Face Transformers MobileViTV2 4.41.1 Remote Code Execution
Hugging Face Transformers MobileViTV2 version 4.41.1 suffers from a remote code execution vulnerability. Exploit Title: Hugging Face Transformers MobileViTV2 RCE Date: 29-11-2024 Exploit Author: The Kernel Panic Vendor Homepage: https://huggingface.co/ Software Link:...
📄 Vite 6.2.2 Arbitrary File Read
Vite versions 6.2.2 and below suffer from an arbitrary file read vulnerability. Exploit Title: Vite Arbitrary File Read - CVE-2025-30208 Date: 2025-04-03 Exploit Author: Sheikh Mohammad Hasan https://github.com/4mrr0r Vendor Homepage: https://vitejs.dev/ Software Link:...
PHPJabbers Cinema Booking System 2.0 SQL Injection
PHPJabbers Cinema Booking System version 2.0 suffers from a remote SQL injection vulnerability. CVE-2024-57430 An SQL injection vulnerability in the pjActionGetUser function of PHPJabbers Cinema Booking System v2.0 allows attackers to manipulate database queries via the column parameter. Exploiti...
ATutor 2.2.4 Cross Site Scripting
ATutor version 2.2.4 suffers from a cross site scripting vulnerability. Exploit Title: Reflected XSS - atutorv2.2.4 Date: 01/2025 Exploit Author: Andrey Stoykov Version: 2.2.4 Tested on: Ubuntu 22.04 Blog: https://msecureltd.blogspot.com/2025/01/friday-fun-pentest-series-17-reflected.html...
Taskhub 3.0.3 Insecure Settings
============================================================================================================================================= | Title : Taskhub v3.0.3 Insecure Settings Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 125.0.1 64 bit...
Emergency Ambulance Hiring Portal 1.0 Insecure Settings
==================================================================================================================================== | Title : Emergency Ambulance Hiring Portal 1.0 Insecure Settings Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox...
Bhojan Restaurant Management System 2.8 Insecure Direct Object Reference
==================================================================================================================================== | Title : Bhojon restaurant management system v2.8 IDOR Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 125.0.1 64...
GL.iNet AR300M 3.216 Remote Code Execution
!/usr/bin/env python3 Exploit Title: GL.iNet = 3.216 Remote Code Execution via OpenVPN Client Google Dork: intitle:"GL.iNet Admin Panel" Date: XX/11/2023 Exploit Author: Michele 'cyberaz0r' Di Bonaventura Vendor Homepage: https://www.gli-net.com Software Link:...
CMS Made Simple 2.2.19 Cross Site Scripting
Exploit Title: CMS Made Simple Version: 2.2.19 - Stored XSS Date: 2024-21-02 Exploit Author: tmrswrr Vendor Homepage: https://www.cmsmadesimple.org/ Version: 2.2.19 Tested on: https://www.softaculous.com/demos/CMSMadeSimple 1 log in as admin and go to Content File Manager 2 Write in New directory...
WordPress TextMe SMS 1.9.0 Cross Site Request Forgery
Exploit Title: WP Plugins TextMe SMS history.pushState'', '', '/'; document.forms0.submit; Recommendation Upgrade to version 1.9.1...
Ivanti Avalanche MDM Buffer Overflow
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Ivanti Avalanche MDM Buffer Overflow', 'Description' = %q This module exploits a buffer overflow condition in Ivanti Avalanche MDM versions befor...
Atom CMS 2.0 Directory Traversal
==================================================================================================================================== | Title : AtomCMS 2.0 Directory traversal Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 63.0.3 32-bit |...
Apache RocketMQ 5.1.0 Arbitrary Code Injection
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Apache RocketMQ update config RCE', 'Description' = %q RocketMQ versions 5.1.0 and below are vulnerable to Arbitrary Code Injection. Broker...
ApepBlack Premium Checker CMS 3.0.5 Cross Site Scripting
==================================================================================================================================== | Title : ApepBlack Premium Checker cms 3.0.5 XSS Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 63.0.3...
Active Newspaper 2.0 HTML Injection
==================================================================================================================================== | Title : Active Newspaper v2.0 HTML inject Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 64.0.2 32-bit...
Magento eCommerce 2.4.0 Information Disclosure
==================================================================================================================================== | Title : Magento eCommerce v 2.4.0 sensitive information disclosure Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser :...
Arris DG3450 AR01.02.056.18_041520_711.NCS.10 XSS / Missing Authentication
SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple Vulnerabilities product: Arris DG3450 Cable Gateway vulnerable version: AR01.02.056.18041520711.NCS.10 fixed version: - CVE number: CVE-2023-27571, CVE-2023-2757...
Solaris 10 dtprintinfo / libXm / libXpm Security Issues
-- HNS-2022-01 - HN Security Advisory - https://security.humanativaspa.it/ Title: Multiple vulnerabilities in Solaris dtprintinfo and libXm/libXpm Products: Common Desktop Environment 1.6, Motif 2.1, X.Org libXpm Date: 2023-01-18 Oracle vulnerability tracking numbers: S1597707 - Arbitrary printer...
Pega Platform 8.7.3 Remote Code Execution
Exploit Title: Pega Platform 8.1.0 and higher Remote Code Execution Google Dork: N/A Date: 20 Oct 2022 Exploit Author: Marcin Wolak using MOGWAI LABS JMX Exploitation Toolkit Vendor Homepage: www.pega.com Software Link: Not Available Version: 8.1.0 on-premise and higher, up to 8.7.3 Tested on: Re...
OpenCart 3.x Newsletter Custom Popup 4.0 SQL Injection
Exploit Title: OpenCart v3.x So Newsletter Custom Popup Module - Blind SQL Injection Date: 18/09/2022 Exploit Author: Saud Alenazi Vendor Homepage: https://www.opencart.com/ Software Link:...
Stock Management System 2020 SQL Injection
Title: Stock-Management-System-2020 SQLi Author: nu11secur1ty Date: 07.02.2022 Vendor: https://github.com/Dav-ee Software: https://github.com/Dav-ee/Stock-Management-System Reference: https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/Kiprono-Davies/2022/Stock-Management-System-20...
Easy!Appointments Information Disclosure
!/usr/bin/env ruby Exploit Title: Easy!Appointments 1.4.3 - Unauthenticated PII events disclosure Exploit author: noraj Alexandre ZANNI for ACCEIS https://www.acceis.fr Author website: https://pwn.by/noraj/ Exploit source: https://github.com/Acceis/exploit-CVE-2022-0482 Date: 2022-04-11 Vendor...
ICEHRM 31.0.0.0S Cross Site Request Forgery
Exploit Title: ICEHRM 31.0.0.0S - Cross-site Request Forgery CSRF to Account Deletion Date: 29/03/2022 Exploit Author: Devansh Bordia Vendor Homepage: https://icehrm.com/ Software Link: https://github.com/gamonoid/icehrm/releases/tag/v31.0.0.OS Version: 31.0.0.OS Tested on: Windows 10 CVE:...
Printix Client 1.3.1106.0 Privilege Escalation
Exploit Title: Printix Client 1.3.1106.0 - Privilege Escalation Date: 3/2/2022 Exploit Author: Logan Latvala Vendor Homepage: https://printix.net Software Link: https://software.printix.net/client/win/1.3.1106.0/PrintixClientWindows.zip Version: = 1.3.1106.0 Tested on: Windows 7, Windows 8, Windo...
Wing FTP Server 4.3.8 Remote Code Execution
Exploit Title: Wing FTP Server 4.3.8 - Remote Code Execution RCE Authenticated Date: 02/06/2022 Exploit Author: notcos Credit: Credit goes to the initial discoverer of this exploit, Alex Haynes. Vendor Homepage: https://www.wftpserver.com/ Software Link:...
Oliver Library Server 5 Arbitrary File Download
Exploit Title: Oliver Library Server v5 - Arbitrary File Download Date: 14/12/2021 Exploit Authors: Mandeep Singh, Ishaan Vij, Luke Blues, CTRL Group Vendor Homepage: https://www.softlinkint.com/product/oliver/ Product: Oliver Server v5 Version: /oliver/FileServlet?source=serverFile&fileName= 2...
WordPress Pie Register 3.7.1.4 Authentication Bypass / Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'rex/zip' class MetasploitModule 'WordPress Plugin Pie Register Auth Bypass to RCE', 'Description' = %q This module uses an authentication bypass vulnerability i...
Trojan.Win32.Delf.bna Information Disclosure
Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/6bf08611410e3ef7df67d781a2e8efed.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Trojan.Win32.Delf.bna Vulnerability: Information Disclosure Description: The malware listens on TCP...
Company's Recruitment Management System 1.0 Cross Site Request Forgery
Exploit Title: Company's Recruitment Management System 1.0 - 'Add New user' Cross-Site Request Forgery CSRF Date: 18-10-2021 Exploit Author: Aniket Anil Deshmane Vendor Homepage: https://www.sourcecodester.com/php/14959/companys-recruitment-management-system-php-and-sqlite-free-source-code.html...
OpenNetAdmin 18.1.1 Remote Command Execution
!/usr/bin/env ruby Exploit Title: OpenNetAdmin 8.5.14 --debug FILE version --debug FILE -h | --help exploit: Exploit the RCE vuln version: Try to fetch OpenNetAdmin version Options: Root URL base path including HTTP scheme, port and root folder Command to execute on the target --debug Display...
Worm.Win32.Busan.k Insecure Transit
Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/bcad7aa6cb6cb9d94377cd88acbca1c9.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Worm.Win32.Busan.k Vulnerability: Insecure Communication Protocol Description: Busan.k launches a...
Backdoor.Win32.Azbreg.amw Insecure Permissions
Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/5eb58198721d4ded363e41e243e685cc.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Azbreg.amw Vulnerability: Insecure Permissions Description: The backdoor creates an...
Backdoor.Win32.Ncx.bt Remote Stack Buffer Overflow
Discovery / credits: malvuln - Malvuln.com c 2021 Original source: https://malvuln.com/advisory/ad5c01b3e6d0254adfe0898c6d16f927.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Ncx.bt Vulnerability: Remote Stack Buffer Overflow Description: The malware listens o...
DotNetNuke Cookie Deserialization Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core/exploit/powershell' require 'openssl' require 'set' class MetasploitModule activetimeout payload handler is normally set up and started here but has be...
BiP Messenger Denial Of Service
BiP Messenger - Remote Denial of Service Crash PoC My + Discovered by: KnocKout Contact : [email protected] HomePage : http://cyber-warrior.org Software info |Application : BiP Messenger |Affected Version : Latest version as of 15.11.2018 |Developer web page: http://www.turkcell.com.tr,...
spymacXSS.txt
Spymac Web OS v4 blogs and notes multiple variable XSS Vendor url: http://www.spymac.com & http://arnieshwartz.spymac.com/thespymacwebos.htm Advisore: http://lostmon.blogspot.com/2005/11/ spymac-web-os-v4-blogs-and-notes.html Vendor notify :yes exploit available: yes Spymac is powered by an...
PHP SPM 1.0 WYSIWYG Code Injection
============================================================================================================================================= | Title : php spm 1.0 WYSIWYG code injection vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 130.0.0 64...
VICIdial Multiple Authenticated SQL Injection
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'VICIdial Multiple Authenticated SQLi', 'Description' = %q This module exploits several authenticated SQL Inject vulnerabilities in VICIdial...
Easy File Sharing FTP 3.6 Denial Of Service
!/usr/bin/perl use Net::FTP; Exploit Title: Easy File Sharing FTP Server 3.6 - Denial of Service DoS Discovery by: Fernando Mengali Discovery Date: 17 january 2024 Vendor Homepage: N/A Download to demo: Notification vendor: No reported Tested Version: Easy File Sharing FTP Server 3.6 Tested on:...
R Radio Network FM Transmitter 1.07 system.cgi Password Disclosure
R Radio Network FM Transmitter 1.07 system.cgi Password Disclosure Vendor: R Radio Network Product web page: http://www.pktc.ac.th Affected version: 1.07 Summary: R Radio FM Transmitter that includes FM Exciter and FM Amplifier parameter setup. Desc: The transmitter suffers from an improper acces...
Maxima Max Pro Power 1.0 486A BLE Traffic Replay
Exploit Title: Maxima Max Pro Power - BLE Traffic Replay Unauthenticated Date: 13-Nov-2023 Exploit Author: Alok kumar [email protected], Cyberpwn Technologies Pvt. Ltd. Vendor Homepage: https://www.maximawatches.com Product Link: https://www.maximawatches.com/products/max-pro-power Firmware...
Infinity Market Classified Ads Script 1.6.2 Cross Site Scripting
==================================================================================================================================== | Title : Infinity Market Classified Ads Script 1.6.2 xss via file uploads Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro | | Vendor...
iBilling CRM 4.5.0 Add Administrator / Insecure Direct Object Reference
==================================================================================================================================== | Title : iBilling CRM v4.5.0 Add Admin vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 63.0.3 32-bit | |...
ExcessWeb And Network CMS 4.0 Database Disclosure
==================================================================================================================================== | Title : ExcessWeb & Network CMS v4.0 Database Disclosure Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefo...
EI Tube YouTube API 3 SQL Injection
==================================================================================================================================== | Title : EI Tube YouTube API V3 site builder Sql Injection Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firef...
Expert Job Portal Management System 1.0 Cross Site Scripting
┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...
VMware Workspace ONE Access Privilege Escalation
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'VMware Workspace ONE Access CVE-2022-22960', 'Description' = %q This module exploits CVE-2022-22960 which allows the user to overwrite the...
WordPress Limit Login Attempts 1.7.1 Cross Site Scripting
On January 26, 2023, the Wordfence team responsibly disclosed an unauthenticated stored Cross-Site Scripting vulnerability in Limit Login Attempts, a WordPress plugin installed on over 600,000 sites that provides site owners with the ability to block IP addresses that have made repeated failed...
Human Resource Management System 1.0 SQL Injection
Exploit Title: Human Resource Management System - SQL Injection unauthenticated Date: 08-11-2022 Exploit Author: Matthijs van der Vaart eMVee Vendor Homepage: https://www.sourcecodester.com/php/15740/human-resource-management-system-project-php-and-mysql-free-source-code.html Software Link:...
Inout Music 5.1.1 SQL Injection
┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...