50738 matches found
Bandwidth Monitor 3.9 Full ROP Buffer Overflow
Exploit Title: Bandwidth Monitor 3.9 - Full ROP Buffer Overflow SEH,DEP,ASLR Exploit Author: Bobby Cooke Date: June 7th, 2020 Vendor Site: https://www.10-strike.com/ Software Download: https://www.10-strike.com/bandwidth-monitor/bandwidth-monitor.exe Tested On: Windows 10 - Pro 1909 x86 Version:...
WordPress Google Review Slider 6.1 SQL Injection
Exploit Title: Wordpress Plugin Google Review Slider 6.1 - 'tid' SQL Injection Google Dork: inurl:"/wp-content/plugins/wp-google-places-review-slider/" Date: 2019-07-02 Exploit Author: Princy Edward Exploit Author Blog : https://prinyedward.blogspot.com/ Vendor Homepage:...
Linux Polkit pkexec Helper PTRACE_TRACEME Local Root
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Linux Polkit pkexec helper PTRACETRACEME local root exploit', 'Description' = %q This module exploits an issue in ptracelink in kernel/ptrace.c...
BIND 9.10.5 Unquoted Service Path Privilege Escalation
Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/BIND9-PRIVILEGE-ESCALATION.txt + ISR: ApparitionSec Vendor: =========== www.isc.org Product: =========== BIND9 v9.10.5 x86 / x64 BIND is open source software that enables you...
📄 Microsoft Windows 11 Search Path Privilege Escalation
Microsoft Windows 11 suffers from an untrusted search path local privilege escalation vulnerability. Proof of concept Metasploit module included. ============================================================================================================================================= | Title :...
D Tale 3.15.1 Remote Command Execution
D Tale version 3.15.1 proof of concept remote command execution exploit. ============================================================================================================================================= | Title : D Tale v3.15.1 PHP code execution vulnerability | | Author : indoushka |...
Microsoft SRV2.SYS SMB 2 Remote Code Execution
Microsoft SRV2.SYS SMB version 2 remote code execution exploit that leverages a flaw from 2009. ============================================================================================================================================= | Title : Microsoft SRV2.SYS SMB v2 RCE Vulnerability | |...
ABB Cylon Aspect 3.08.01 vstatConfigurationDownload.php Configuration Download
ABB Cylon Aspect 3.08.01 vstatConfigurationDownload.php Config Download Vendor: ABB Ltd. Product web page: https://www.global.abb Affected version: NEXUS Series, MATRIX-2 Series, ASPECT-Enterprise, ASPECT-Studio Firmware: =3.08.01 Summary: ASPECT is an award-winning scalable building energy...
Booked Scheduler 2.8.5 Cross Site Scripting / Open Redirection
Exploit Title: Open Redirect / Reflected XSS - booked-schedulerv2.8.5 Date: 10/2024 Exploit Author: Andrey Stoykov Version: 2.8.5 Tested on: Ubuntu 22.04 Blog: https://msecureltd.blogspot.com/2024/10/friday-fun-pentest-series-13-reflected.html...
PHP-Nuke Top Module SQL Injection
Exploit Title: PHP-Nuke SQL injection Top Module + protection Bypass Google Dork: intext: Powered by PHP-Nuke Date: 2024-10-07 Exploit Author: Emiliano Febbi Vendor Homepage: https://phpnuke.org/ Software Link: https://sourceforge.net/projects/phpnuke/files/phpnuke/ Version: 6.x New concept of...
Aquatronica Control System 5.1.6 Hash Disclosure
============================================================================================================================================= | Title : Aquatronica Control System 5.1.6 Hash Disclosure Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefo...
GitLab GraphQL API User Enumeration
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'GitLab GraphQL API User Enumeration', 'Description' = %q This module queries the GitLab GraphQL API without authentication to acquire the list of...
Allegro Software RomPager Misfortune Cookie (CVE-2014-9222) Authentication Bypass
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "Allegro Software RomPager 'Misfortune Cookie' CVE-2014-9222 Authentication Bypass", 'Description' = %q This module exploits HTTP servers that...
SolarWinds Kiwi Syslog Server 9.6.7.1 Unquoted Service Path
Exploit Title: SolarWinds Kiwi Syslog Server 9.6.7.1 - Unquoted Service Path Date: 2024-07-31 Exploit Author: Milad Karimi Ex3ptionaL Contact: [email protected] Zone-H: www.zone-h.org/archive/notifier=Ex3ptionaL MiRROR-H: https://mirror-h.org/search/hacker/49626/ Vendor Homepage:...
Backdoor.Win32.Jeemp.c MVID-2024-0672 Hardcoded Credential
Discovery / credits: Malvuln John Page aka hyp3rlinx c 2024 Original source: https://malvuln.com/advisory/d6b192a4027c7d635499133ca6ce067f.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Jeemp.c Vulnerability: Cleartext Hardcoded Credentials Description: The...
SitePad 1.8.2 Cross Site Scripting
Exploit Title: SitePad Version : 1.8.2 - Stored XSS Date: 2024-21-02 Exploit Author: tmrswrr Vendor Homepage: https://sitepad.com/ Version : 1.8.2 Tested on: https://www.softaculous.com/apps/blogs/SitePad 1 Go to Templates Header Edit Pagelayer Template 2 Write in Name : " 3 After save and refres...
Solar FTP Server 2.1.2 Denial Of Service
!/usr/bin/perl use IO::Socket::INET; Exploit Title: Solar FTP Server 2.1.2 - PASV - Denial of Service DoS Discovery by: Fernando Mengali Discovery Date: 23 january 2024 Vendor Homepage: N/A Download to demo: https://drive.google.com/file/d/1o4xTt67bUJYAAKm0pqNIG99ly--xRQBp/view?usp=sharing...
Academy LMS 6.2 Cross Site Scripting
Exploit Title: Academy LMS 6.2 - Reflected XSS Exploit Author: CraCkEr Date: 29/08/2023 Vendor: Creativeitem Vendor Homepage: https://creativeitem.com/ Software Link: https://demo.creativeitem.com/academy/ Tested on: Windows 10 Pro Impact: Manipulate the content of the site CVE: CVE-2023-4973 CWE...
iSmile Soft CMS 0.3.0 Add Administrator
==================================================================================================================================== | Title : iSmile Soft CMS v0.3.0 Add Admin Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 63.0.3 32-bit ...
VMware vRealize Log Insight Unauthenticated Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'rex/proto/thrift' require 'rex/stopwatch' class MetasploitModule 'VMware vRealize Log Insight Unauthenticated RCE', 'Description' = %q VMware vRealize Log...
G And G Corporate CMS 1.0 Cross Site Scripting
==================================================================================================================================== | Title : G&G Corporate CMS v1.0 XSS Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 66.0.232-bit | |...
Camaleon CMS 2.7.0 Server-Side Template Injection
Exploit Title: Camaleon CMS v2.7.0 - Server-Side Template Injection SSTI Exploit Author: PARAG BAGUL CVE: CVE-2023-30145 Description Camaleon CMS v2.7.0 was discovered to contain a Server-Side Template Injection SSTI vulnerability via the formats parameter. Affected Component All versions below...
ChurchCRM 4.5.4 Cross Site Scripting
Exploit Title: ChurchCRM v4.5.4 - Reflected XSS via Image Authenticated Date: 2023-04-17 Exploit Author: Rahad Chowdhury Vendor Homepage: http://churchcrm.io/ Software Link: https://github.com/ChurchCRM/CRM/releases/tag/4.5.4 Version: 4.5.4 Tested on: Windows 10, PHP 7.4.29, Apache 2.4.53 CVE:...
Reprise Software RLM 14.2BL4 Cross Site Scripting
Exploit Title: Reprise Software RLM v14.2BL4 - Cross-Site Scripting XSS Exploit Author: Mohammed A.Siledar Author Company : reprisesoftware Version: rlm.v14.2BL4 Vendor home page : https://reprisesoftware.com Software Link:...
Lepin EP-KP001 KP001_V19 Authentication Bypass
Advisory ID: SYSS-2022-024 Product: EP-KP001 Manufacturer: Lepin Affected Versions: KP001V19 Tested Versions: KP001V19 Vulnerability Type: Violation of Secure Design Principles CWE-657 Risk Level: High Solution Status: Open Manufacturer Notification: 2022-04-12 Solution Date: - Public Disclosure:...
Backdoor.Win32.Cabrotor.10.d MVID-2022-0612 Remote Command Execution
Discovery / credits: Malvuln John Page aka hyp3rlinx c 2022 Original source: https://malvuln.com/advisory/40acf109fa9621eae6930ef18f804909.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Cabrotor.10.d Vulnerability: Unauthenticated Remote Command Execution...
WordPress Photoswipe Masonry Gallery 1.2.14 Cross Site Scripting
On November 11, 2021 the Wordfence Threat Intelligence team initiated the responsible disclosure process for a vulnerability we discovered in “Photoswipe Masonry Gallery”, a WordPress plugin that is installed on over 10,000 sites. This flaw makes it possible for an authenticated attacker to injec...
Microsoft Windows SMB Direct Session Takeover
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Microsoft Windows SMB Direct Session Takeover', 'Description' = %q This module will intercept direct SMB authentication requests to another host,...
Moodle Teacher Enrollment Privilege Escalation / Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Moodle Teacher Enrollment Privilege Escalation to RCE', 'Description' = %q Moodle version 3.9, 3.8 to 3.8.3, 3.7 to 3.7.6, 3.5 to 3.5.12 and...
CyberPanel 2.1 Remote Code Execution
Title: CyberPanel 2.1 - Remote Code Execution RCE Authenticated Date: 27.08.2021 Author: Numan Türle Vendor Homepage: https://cyberpanel.net/ Software Link: https://github.com/usmannasir/cyberpanel Version: =2.1 https://www.youtube.com/watch?v=J8iLELVgkE !/usr/bin/python3 -- coding: utf-8 --...
MobileTogether Server 7.3 XML Injection
Advisory: XML External Entity Expansion in MobileTogether Server RedTeam Pentesting discovered a vulnerability in the MobileTogether server which allows users with access to at least one app to read arbitrary, non-binary files from the file system and perform server-side requests. The vulnerabili...
Ampache 4.4.2 Cross Site Scripting
Information -------------------- Advisory by Netsparker Name: Cross-site Scripting vulnerability in Ampache 4.4.2 Affected Software: Ampache Affected Versions: 4.4.2 Homepage: http://ampache.org/ Vulnerability: Cross-Site Scripting Severity: High Status: Fixed CVSS Score 3.0: 7.4 High Netsparker...
SyncBreeze 10.1.16 Buffer Overflow
Exploit Title: SyncBreeze 10.1.16 - XML Parsing Stack-based Buffer Overflow Date: 03/27/2021 Author: Filipe Oliveira - filipecenturiaoathotmail.com Rafael Machado - nnszsatprotonmail.com Vendor: https://www.syncbreeze.com/ Software Link:...
WordPress NAB Transact WooCommerce 2.1.0 Payment Bypass
Title: Payment bypass Product: WordPress NAB Transact WooCommerce Plugin Vendor Homepage: https://woocommerce.com/products/nab-transact-direct-post/ Vulnerable Version: 2.1.0 Fixed Version: 2.1.2 CVE Number: CVE-2020-11497 Author: Jack Misiura from The Missing Link Website:...
IntelBras TELEFONE IP TIP200/200 LITE 60.61.75.15 Arbitrary File Read
!/usr/bin/perl -w IntelBras TELEFONE IP TIP200/200 LITE 60.61.75.15 'dumpConfigFile' Pre-Auth Remote Arbitrary File Read Todor Donev 2019 c Disclaimer: This or previous programs are for Educational purpose ONLY. Do not use it without permission. The usual disclaimer applies, especially the fact...
Nanopool Claymore Dual Miner APIs Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core/exploit/powershell' class MetasploitModule 'Nanopool Claymore Dual Miner APIs RCE', 'Description' = %q This module takes advantage of miner remote...
📄 Typecho 1.3.0 Cross Site Scripting
Typecho versions 1.3.0 and below suffer from a persistent cross site scripting vulnerability. // Exploit Title: Typecho = 1.3.0 Stored Cross-Site Scripting XSS // Google Dork: intext:"Powered by Typecho" inurl:/index.php // Date: 18/08/2024 // Exploit Author: Michele 'cyberaz0r' Di Bonaventura //...
AutoLib Software Systems OPAC 20.10 Secret Disclosure
AutoLib Software Systems OPAC version 20.10 discloses multiple API keys within the source code. Attackers may use these keys to access the backend API or other sensitive information. + Credits: Shahnawaz Shaikh, Security Researcher at Cybergate Defense LLC + twitter.com/striv3r Vendor Autolib-ind...
ABB Cylon Aspect 3.08.01 jsonProxy.php Cross Site Scripting
ABB Cylon Aspect 3.08.01 jsonProxy.php Unauthenticated Reflected XSS Vendor: ABB Ltd. Product web page: https://www.global.abb Affected version: NEXUS Series, MATRIX-2 Series, ASPECT-Enterprise, ASPECT-Studio Firmware: =3.08.01 Summary: ASPECT is an award-winning scalable building energy manageme...
Membership Management System 1.0 SQL Injection
Title: Membership Management System - SQL injection - Application: Hospital Management System - Date: 01.03.2024 - Bugs: SQL injection - Exploit Author: SoSPiro - Vendor Homepage: https://codeastro.com/author/nbadmin/ - Software Link:...
WordPress Canto Remote Shell Upload
Exploit Title: Wordpress Plugin Canto " def createadminfilelocaldir, localshell=None: if not os.path.exis...
PHPJabbers Meeting Room Booking System 1.0 CSV Injection
Exploit Title: PHPJabbers Meeting Room Booking System v1.0 - CSV Injection Date: 19/12/2023 Exploit Author: BugsBD Limited Discover by: Rahad Chowdhury Vendor Homepage: https://www.phpjabbers.com/ Software Link: https://www.phpjabbers.com/meeting-room-booking-system/sectionDemo Version: v1.0 Test...
Shelly PRO 4PM 0.11.0 Authentication Bypass
!/bin/bash Exploit Title: Shelly PRO 4PM v0.11.0 - Authentication Bypass Google Dork: NA Date: 2nd August 2023 Exploit Author: The Security Team exploitsecurity.io Exploit Blog: https://www.exploitsecurity.io/post/cve-2023-33383-authentication-bypass-via-an-out-of-bounds-read-vulnerability Vendor...
Pydio Cells 4.1.2 Privilege Escalation
Advisory: Pydio Cells: Unauthorised Role Assignments Pydio Cells allows users by default to create so-called external users in order to share files with them. By modifying the HTTP request sent when creating such an external user, it is possible to assign the new user arbitrary roles. By assignin...
File Thingie 2.5.7 Shell Upload
!/usr/bin/python Exploit Title: File Thingie 2.5.7 - Remote Code Execution RCE Google Dork: N/A Date: 27th of April, 2023 Exploit Author: Maurice Fielenbach grimlockx - Hexastrike Cybersecurity UG haftungsbeschränkt Software Link: https://github.com/leefish/filethingie Version: 2.5.7 Tested on: N...
Zillya Total Security 3.0.2367.0 / 3.0.2368.0 Local Privilege Escalation
Title: Zillya Total Security - Link Following Local Privilege Escalation AVGater Vulnerability Date: 02.12.2022 Author: M. Akil Gündoğan Contact: https://twitter.com/akilgundogan Vendor Homepage: https://zillya.com/ Software Link: https://download.zillya.com/ZTS3.exe /...
Backdoor.Win32.Guptachar.20 MVID-2022-0631 Insecure Credential Storage
Discovery / credits: Malvuln John Page aka hyp3rlinx c 2022 Original source: https://malvuln.com/advisory/857999d2306f257b80d1b8f6a51ae8b0.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Guptachar.20 Vulnerability: Insecure Credential Storage Description: The...
Online Fire Reporting System 1.0 SQL Injection
Title: Online Fire Reporting System 1.0 SQLi Author: nu11secur1ty Date: 05.24.2022 Vendor: https://www.sourcecodester.com/users/tips23 Software: https://www.sourcecodester.com/php/15346/online-fire-reporting-system-phpoop-free-source-code.html Reference:...
WBCE CMS 1.5.2 Remote Code Execution
Exploit Title: WBCE CMS 1.5.2 - Remote Code Execution RCE Authenticated Date: 02/01/2022 Exploit Author: Antonio Cuomo arkantolo Vendor Homepage: https://wbce.org/ Software Link: https://wbce.org/de/downloads/ Version: 1.5.2 Tested on: Linux - PHP Version: 8.0.14 Github repo:...
Ransomware Builder Babuk Insecure Permissions
Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/5dfa998f62612e10d5d28d26948dd50f.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Ransomware Builder Babuk Vulnerability: Insecure Permissions Description: The malware creates...