50738 matches found
BiP Messenger Denial Of Service
BiP Messenger - Remote Denial of Service Crash PoC My + Discovered by: KnocKout Contact : [email protected] HomePage : http://cyber-warrior.org Software info |Application : BiP Messenger |Affected Version : Latest version as of 15.11.2018 |Developer web page: http://www.turkcell.com.tr,...
Linux RNG Flaws
Linux RNG flaws CVE-2018-1108 There are several issues in drivers/char/random.c, in particular related to the behavior of the /dev/urandom RNG during and shortly after boot. I'm sending this to [email protected] and Theodore Ts'o for now; it might make sense to also add Jason Donenfeld, since...
TAIF LMS 5.8.0 Shell Upload
==================================================================================================================================== | Title : TAIF LMS v5.8.0 shell upload Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 125.0.1 64 bits | | Vendor ...
Easy File Sharing FTP 3.6 Denial Of Service
!/usr/bin/perl use Net::FTP; Exploit Title: Easy File Sharing FTP Server 3.6 - Denial of Service DoS Discovery by: Fernando Mengali Discovery Date: 17 january 2024 Vendor Homepage: N/A Download to demo: Notification vendor: No reported Tested Version: Easy File Sharing FTP Server 3.6 Tested on:...
R Radio Network FM Transmitter 1.07 system.cgi Password Disclosure
R Radio Network FM Transmitter 1.07 system.cgi Password Disclosure Vendor: R Radio Network Product web page: http://www.pktc.ac.th Affected version: 1.07 Summary: R Radio FM Transmitter that includes FM Exciter and FM Amplifier parameter setup. Desc: The transmitter suffers from an improper acces...
Maxima Max Pro Power 1.0 486A BLE Traffic Replay
Exploit Title: Maxima Max Pro Power - BLE Traffic Replay Unauthenticated Date: 13-Nov-2023 Exploit Author: Alok kumar [email protected], Cyberpwn Technologies Pvt. Ltd. Vendor Homepage: https://www.maximawatches.com Product Link: https://www.maximawatches.com/products/max-pro-power Firmware...
Zoo Management System 1.0 Shell Upload
Exploit Title: Zoo Management System 1.0 - Unauthenticated RCE Date: 16.10.2023 Exploit Author: Çağatay Ceyhan Vendor Homepage: https://www.sourcecodester.com/php/15347/zoo-management-system-source-code-php-mysql-database.htmlgooglevignette Software Link:...
Digisha CMS 1.2.7 SQL Injection
==================================================================================================================================== | Title : Digisha CMS V1.2.7 Auth by pass Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 66.0.332-bit | ...
GNOME Files 43.4 Privilege Escalation
Affected: GNOME Files 43.4 nautilus on fedora 37 Description: If an user A opens in GNOME files zip archive containing setuid file F, then F will be silently extracted to a subdirectory of CWD. If F is accessible by hostile local user B and B executes F, then F will be executed as from user A. ta...
GreenShot 1.2.10 Arbitrary Code Execution
Exploit Title: GreenShot 1.2.10 - Insecure Deserialization Arbitrary Code Execution Date: 26/07/2023 Exploit Author: p4r4bellum Vendor Homepage: https://getgreenshot.org Software Link: https://getgreenshot.org/downloads/ Version: 1.2.6.10 Tested on: windows 10.0.19045 N/A build 19045 CVE :...
Zstore 6.5.4 Database Disclosure
==================================================================================================================================== | Title : Zstore version 6.5.4 Database Disclosure Exploit | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 108.032-bit ...
Expert Job Portal Management System 1.0 Cross Site Scripting
┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...
FICO Origination Manager Decision Module 4.8.1 XSS / Session Hijacking
Exploit Title: Stored-XSS in FICO Origination Manager Decision Module 4.8.1 Leads to Session Hijacking Date: 2023-05-07 Exploit Author: Matei Josephs Vendor Homepage: https://www.fico.com/ Version: FICO Origination Manager Decision Module 4.8.1 CVE : CVE-2023-30056, CVE-2023-30057 Introduction...
Inout Music 5.1.1 SQL Injection
┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...
Ivanti Endpoint Manager CSA 4.5 / 4.6 Remote Code Execution
Exploit Title: Ivanti Endpoint Manager - Cloud Service Appliance Unauthenticated Remote Code Execution Date: 20/03/2022 Exploit Author: d7x Vendor Homepage: https://www.ivanti.com/ Software Link: https://forums.ivanti.com/s/article/Customer-Update-Cloud-Service-Appliance-4-6 Version: CSA 4.6 4.5 ...
Nokia Transport Module Authentication Bypass
title: Nokia Transport Module Authentication Bypass case id: CM-2020-02 product: BTS TRS web console FTMW20FP22019.08.160010 vulnerability type: Authentication Bypass severity: Critical found: 2020-09-28 CVE: CVE-2021-31932 by: Cristiano Maruti @cmaruti EXECUTIVE SUMMARY The TRS web console allow...
Ticket Booking 1.0 SQL Injection
Title: Ticket Booking 1.0 suffer from SQL - Injenction Author: nu11secur1ty Date: 12.14.2021 Vendor: https://code-projects.org/ticket-booking-in-php-with-source-code/ Software: https://code-projects.org/ticket-booking-in-php-with-source-code/ Description: The password parameter appears to be...
WordPress Pie Register 3.7.1.4 Authentication Bypass / Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'rex/zip' class MetasploitModule 'WordPress Plugin Pie Register Auth Bypass to RCE', 'Description' = %q This module uses an authentication bypass vulnerability i...
Company's Recruitment Management System 1.0 Cross Site Request Forgery
Exploit Title: Company's Recruitment Management System 1.0 - 'Add New user' Cross-Site Request Forgery CSRF Date: 18-10-2021 Exploit Author: Aniket Anil Deshmane Vendor Homepage: https://www.sourcecodester.com/php/14959/companys-recruitment-management-system-php-and-sqlite-free-source-code.html...
Backdoor.Win32.Androm.df Code Execution
Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/bf60f5b5c901bab08484838447f1b85e.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Androm.df Vulnerability: Unauthenticated Remote Command Execution Description: The...
Selenium 3.141.59 Remote Code Execution
Exploit Title: Selenium 3.141.59 - Remote Code Execution Firefox/geckodriver Date: 2021-05-27 Exploit Author: Jon Stratton Vendor Homepage: https://www.selenium.dev/ Software Link: https://selenium-release.storage.googleapis.com/3.141/selenium-server-standalone-3.141.59.jar Version: 3.141.59 Test...
Doctor Appointment System 1.0 SQL Injection
Exploit Title: Doctor Appointment System 1.0 Blind SQL injection in comment parameter Date: 02-03-2021 CVE: CVE-2021-27315 Exploit Author: Soham Bakore Vendor Homepage: https://www.sourcecodester.com/php/14182/doctor-appointment-system.html Software Link:...
CASAP Automated Enrollment System 1.0 Cross Site Scripting
Exploit Title: CASAP Automated Enrollment System 1.0 - 'First Name' Stored XSS Author: nu11secur1ty Date: 02.15.2021 Vendor: https://www.sourcecodester.com/php/12210/casap-automated-enrollment-system.html Software Athor: https://www.sourcecodester.com/users/yna-ecole Link:...
Employee Record System 1.0 Shell Upload
Exploit Title: Employee Record System 1.0 - Unrestricted File Upload to Remote Code Execution Exploit Author: Saeed Bala Ahmed r0b0tG4nG Date: 2021-01-05 Vendor Homepage: https://www.sourcecodester.com/php/14588/employee-record-system-phpmysqli-full-source-code.html Software Link:...
Rumble Mail Server 0.51.3135 Cross Site Scripting
Exploit Title: Rumble Mail Server 0.51.3135 - 'servername' Stored XSS Date: 2020-9-3 Exploit Author: Mohammed Alshehri Vendor Homepage: http://rumble.sf.net/ Software Link: https://sourceforge.net/projects/rumble/files/Windows%20binaries/rumble0.51.3135-setup.exe Version: Version 0.51.3135 Tested...
MailDepot 2032 SP2 Session Expiration
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Advisory ID: SYSS-2019-049 Product: MailDepot Manufacturer: REDDOXX GmbH Affected Versions: 2032 SP2 2.2.1242 Tested Versions: 2032 SP2 2.2.1242 Vulnerability Type: Insufficient Session Expiration CWE-613 Risk Level: Low Solution Status: Fixed...
vCloud Director 9.7.0.15498291 Remote Code Execution
!/usr/bin/python Exploit Title: vCloud Director - Remote Code Execution Exploit Author: Tomas Melicher Technical Details: https://citadelo.com/en/blog/full-infrastructure-takeover-of-vmware-cloud-director-CVE-2020-3956/ Date: 2020-05-24 Vendor Homepage: https://www.vmware.com/ Software Link:...
Citrix ADC (NetScaler) Directory Traversal / Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Citrix ADC NetScaler Directory Traversal RCE', 'Description' = %q This module exploits a directory traversal in Citrix Application Delivery...
phpMyAdmin 4.9.0.1 Cross Site Request Forgery
============================================= MGC ALERT 2019-003 - Original release date: June 13, 2019 - Last revised: September 13, 2019 - Discovered by: Manuel Garcia Cardenas - Severity: 4,3/10 CVSS Base Score - CVE-ID: CVE-2019-12922 ============================================= I...
SpagoBI 3.5.1 Cross Site Scripting
SpagoBI versions 3.5.1 and below suffer from persistent cross site scripting vulnerabilities. CVE-2024-54795 Severity : Medium 5.4 CVSS score : CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N Summary : Engineering Ingegneria Informatica SpagoBI version 3.5.1 is affected by multiple stored XSS inside...
Nipah Virus Testing Management System 1.0 PHP Code Injection
============================================================================================================================================= | Title : Nipah virus NiV – Testing Management System 1.0 php code injection Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browse...
Relate Learning And Teaching System SSTI / Remote Code Execution
Exploit Title: Relate Learning And Teaching system Version before 2024.1 SSTIBatch-Issue Exam Tickets function lead to RCE Date: 24/04/2024 Exploit Author: kai6u Vendor Homepage: https://github.com/inducer/ Software Link: https://github.com/inducer/relate Affected Version:before 2024.1...
EnBw SENEC Legacy Storage Box Information Disclosure
Advisory ID: Ph0s-2023-002 Product: EnBw - SENEC legacy storage box: V1-V3 Manufacturer: SENEC - a part of EnBw Affected Versions: Firmware: all as of 2023-06-19 Tested Versions: current Vulnerability Type: CWE-200: Exposure of Sensitive Information to an Unauthorized Actor Risk Level: CVSS v3.1...
Italia Mediasky CMS 2.0 Cross Site Scripting
==================================================================================================================================== | Title : İtalia Mediasky CMS v2.0 XSS Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 63.0.3 32-bit | |...
Foody Friend 1.0 Arbitrary File Upload / Cross Site Scripting
Exploit Title: Foody Friend 1.0 - Arbitrary File Upload Exploit Author: CraCkEr Date: 12/07/2023 Vendor: Bug Finder Vendor Homepage: https://bugfinder.net/ Software Link: https://bugfinder.net/product/foody-friend-a-saas-based-web-app-food-ordering-bot-for-telegram-and-messenger/25 Tested on:...
Microsoft Windows PowerShell Remote Command Execution
from base64 import b64encode import argparse,sys,os PSTrojanFile.py By hyp3rlinx c 2023 ApparitionSec hyp3rlinx.altervista.org twitter.com/hyp3rlinx twitter.com/malvuln PoC Video: https://www.youtube.com/watch?v=-ZJnA70Cf4I...
Expert Restaurant eCommerce 1.0 Cross Site Scripting
┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...
hyiplab 2.1 Default Credentials
==================================================================================================================================== | Title : hyiplab V2.1 Insecure Settings Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 108.064-bit | |...
Inbit Messenger 4.9.0 Remote Command Execution
Exploit Title: Inbit Messenger v4.9.0 - Unauthenticated Remote Command Execution RCE Date: 11/08/2022 Exploit Author: a-rey Vendor Homepage: http://www.inbit.com/support.html Software Link: http://www.softsea.com/review/Inbit-Messenger-Basic-Edition.html Version: v4.6.0 - v4.9.0 Tested on: Window...
Win32.Ransom.Conti MVID-2022-0662 Cryptography Logic Flaw
Discovery / credits: Malvuln John Page aka hyp3rlinx c 2022 Original source: https://malvuln.com/advisory/99e55ce93392068c970384ab24a0e13d.txt Contact: [email protected] Media: twitter.com/malvuln Backup media: infosec.exchange/@malvuln Threat: Win32.Ransom.Conti Vulnerability: Crypto Logic Fla...
Booked Scheduler 2.7.5 Shell Upload
Exploit Title: Booked Scheduler 2.7.5 - Remote Command Execution RCE Authenticated Vulnerability founder: AkkuS Date: 13/12/2021 Exploit Author: 0sunday Vendor Homepage: https://www.bookedscheduler.com/ Software Link: N/A Version: Booked Scheduler 2.7.5 Tester on: Kali 2021.2 CVE: CVE-2019-9581...
Simple Online College Entrance Exam System 1.0 Unauthenticated Admin Creation
Exploit Title: Simple Online College Entrance Exam System 1.0 - Unauthenticated Admin Creation Date: 07.10.2021 Exploit Author: Amine ismail @aminei Vendor Homepage: https://www.sourcecodester.com/php/14976/simple-online-college-entrance-exam-system-php-and-sqlite-free-source-code.html Software...
MyBB 1.8.25 SQL Injection
Exploit Title: MyBB 1.8.25 - Poll Vote Count SQL Injection Exploit Author: SivertPL [email protected] Date: 20.03.2021 Description: Lack of sanitization in the "votes" parameter in "Edit Poll" causes a second-order semi-blind SQL Injection that is triggered when performing a "Move/Copy"...
openMAINT 2.1-3.3-b Cross Site Scripting
Exploit Title: openMAINT openMAINT 2.1-3.3-b - 'Multiple' Persistent Cross-Site Scripting Date: 13/03/2021 Exploit Author: Hosein Vita Vendor Homepage: https://www.openmaint.org/ Software Link: https://sourceforge.net/projects/openmaint/files/2.1/Core%20updates/openmaint-2.1-3.3.1/ Version: 2.1-3...
Trojan-Proxy.Win32.Delf.ai Buffer Overflow
Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/1dd6eb39a388f4c8a3eaf248d86aaabc.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Trojan-Proxy.Win32.Delf.ai Vulnerability: Remote SEH Buffer Overflow Description: The malware listen...
Backdoor.Win32.Agent.aak Buffer Overflow
Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/64f2fd4dbd9039e5bc054f475eaa582aC.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Agent.aak Vulnerability: Remote Buffer Overflow Description: The HTTP backdoor serve...
flatCore CMS XSS / File Disclosure / SQL Injection
SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple Vulnerabilities product: flatCore CMS vulnerable version: 2.0.0 Build 139 fixed version: Release 2.0.0 Build 139 CVE number: CVE-2021-23835, CVE-2021-23836,...
Backdoor.Win32.Xtreme.yvp Insecure Permissions / Privilege Escalation
Discovery / credits: malvuln - Malvuln.com c 2021 Original source: https://malvuln.com/advisory/7bd93c10c9373cfc2bcc8eff712631f1.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Xtreme.yvp Vulnerability: Insecure Permissions EoP Description: Change permissions ar...
MonoCMS Blog 1.0 File Deletion / CSRF / Hardcoded Credentials
Exploit Title: MonoCMS Blog 1.0 - Arbitrary File Deletion Authenticated Date: 2020-09-20 Exploit Author: Shahrukh Iqbal Mirza @shahrukhiqbal24 Vendor Homepage: https://monocms.com/download Software Link: https://monocms.com/download Version: 1.0 Tested On: Windows 10 XAMPP CVE: N/A Proof of...
Bandwidth Monitor 3.9 Full ROP Buffer Overflow
Exploit Title: Bandwidth Monitor 3.9 - Full ROP Buffer Overflow SEH,DEP,ASLR Exploit Author: Bobby Cooke Date: June 7th, 2020 Vendor Site: https://www.10-strike.com/ Software Download: https://www.10-strike.com/bandwidth-monitor/bandwidth-monitor.exe Tested On: Windows 10 - Pro 1909 x86 Version:...