50737 matches found
We-Com Municipality Portal CMS 2.1.x Cross Site Scripting / SQL Injection
Exploit Title: We-com Municipality portal CMS SQL Injection & XSS Vulnerability Google Dork:N/A Date: 2020-04-17 Exploit Author: @ThelastVvV Vendor Homepage: https://www.we-com.it/ Version: 2.1.x Tested on: 5.5.0-kali1-amd64 --------------------------------------------------------- Vendor contact...
Super Backup 2.0.5 Directory Traversal
Document Title: =============== Super Backup v2.0.5 iOS - Directory Traversal Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2200 Release Date: ============= 2020-04-30 Vulnerability Laboratory ID VL-ID: ==================================...
Krpano Panorama Viewer 1.20.8 Cross Site Scripting
Exploit Title: XSS in krpano Panorama Viewer Google Dork: inurl:krpano.html Date: 10/05/2020 Exploit Author: Adriano Marcio Monteiro @adrianomarcmont Exploit Author Site: https://www.brztec.com Exploit Author E-mail: [email protected] Exploit Author Packetstorm Bio:...
SugarCRM Shell Upload
!/usr/bin/env python SugarCRM 0-day Auth Bypass + RCE Exploit Dorks: https://www.google.com/search?q=site:sugarondemand.com&filter=0 https://www.google.com/search?q=intitle:"SugarCRM"+inurl:index.php https://www.shodan.io/search?query=http.title:"SugarCRM"...
ISPConfig 3.2.11 PHP Code Injection
------------------------------------------------------------------------ ISPConfig = 3.2.11 languageedit.php PHP Code Injection Vulnerability ------------------------------------------------------------------------ - Software Link: https://www.ispconfig.org - Affected Versions: Version 3.2.11 and...
Testa Online Test Management System 3.4.7 SQL Injection
Exploit Title: Testa Online Test Management System 3.4.7 - 'q' SQL Injection Date: 2020-07-21 Google Dork: N/A Exploit Author: Ultra Security Team Team Members: Ashkan Moghaddas , AmirMohammad Safari , Behzad Khalifeh , Milad Ranjbar Vendor Homepage: https://testa.cc Version: v3.4.7 Tested on:...
Bolt CMS 3.7.0 XSS / CSRF / Shell Upload
Bolt CMS = 3.7.0 Multiple Vulnerabilities Author - Sivanesh Ashok | @sivaneshashok | stazot.com Date : 2020-03-24 Vendor : https://bolt.cm/ Version : = 3.7.0 CVE : CVE-2020-4040, CVE-2020-4041 Last Modified: 2020-07-03 -- Table of Contents 00 - Introduction 01 - Exploit 02 - Cross-Site Request...
📄 Microsoft SQL Server 2016 / 2017 / 2019 / 2022 Privilege Escalation
Microsoft SQL Server versions 2016, 2017, 2019, and 2022 suffer from a database privilege escalation vulnerability from ALTER ANY LOGIN To SYSADMIN. Title: MSSQL Database Privilege Elevation From ALTER ANY LOGIN To SYSADMIN Product: Microsoft SQL Server Vendor: Microsoft Affected Versions: SQL...
IPS Community Suite 4.5.4 SQL Injection
----------------------------------------------------------------------------- IPS Community Suite sortBy == 'popular' 56. 57. \IPS\Request::i-sortDir = \IPS\Request::i-sortDir ?: 'ASC'; 58. $sortBy = 'filerating ' . \IPS\Request::i-sortDir . ', filereviews'; 59. $where = array array 'filerating?'...
Microsoft SharePoint SSI / ViewState Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Microsoft SharePoint Server-Side Include and ViewState RCE', 'Description' = %q This module exploits a server-side include SSI in SharePoint to...
VestaCP 0.9.8-26 Session Validation
Document Title: =============== VestaCP v0.9.8-26 - Session Validation Web Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2238 Release Date: ============= 2020-11-25 Vulnerability Laboratory ID VL-ID: ====================================...
Gitea 1.22.0 Cross Site Scripting
Exploit Title: Stored XSS in Gitea Date: 27/08/2024 Exploit Authors: Catalin Iovita & Alexandru Postolache Vendor Homepage: https://github.com/go-gitea/gitea Version: 1.22.0 Tested on: Linux 5.15.0-107, Go 1.23.0 CVE: CVE-2024-6886 Vulnerability Description Gitea 1.22.0 is vulnerable to a Stored...
GitLab 13.10.2 Remote Code Execution
Exploit Title: GitLab 13.10.2 - Remote Code Execution RCE Unauthenticated Shodan Dork: https://www.shodan.io/search?query=title%3A%22GitLab%22+%2B%22Server%3A+nginx%22 Date: 11/01/2021 Exploit Author: Jacob Baines Vendor Homepage: https://about.gitlab.com/ Software Link:...
Zabbix 3.4.7 Cross Site Scripting
Exploit Title: Zabbix 3.4.7 - Stored XSS Date: 30-03-2021 Exploit Author: Radmil Gazizov Vendor Homepage: https://www.zabbix.com/ Software Link: https://www.zabbix.com/rn/rn3.4.7 Version: 3.4.7 Tested on: Linux Reference - https://github.com/GloryToMoon/POCcodes/blob/main/zabbixstoredxss347.txt 1...
ScadaBR 1.0 Shell Upload
Exploit Title: ScadaBR 1.0 - Arbitrary File Upload Authenticated 1 Date: 03/2021 Exploit Author: Fellipe Oliveira Vendor Homepage: https://www.scadabr.com.br/ Version: ScadaBR 1.0, ScadaBR 1.1CE and ScadaBR 1.0 for Linux Tested on: Windows7, Windows10 !/usr/bin/python import requests,sys,time if...
Barco wePresent Undocumented SSH Interface
KL-001-2020-007 : Barco wePresent Undocumented SSH Interface Accessible Via Web UI Title: Barco wePresent Undocumented SSH Interface Accessible Via Web UI Advisory ID: KL-001-2020-007 Publication Date: 2020.11.20 Publication URL: https://korelogic.com/Resources/Advisories/KL-001-2020-007.txt 1...
Linux Kernel 2.6.32 Privilege Escalation
Source: http://www.halfdog.net/Security/2011/SuidBinariesAndProcInterface/ proc Handling of Already Opened Files: Subvert The Stack Base Address Randomization With Suid-Binaries Problem description: Latest ubuntu lucid stock kernel 2.6.32-27-generic contains a bug that allows to keep attached to...
Google Chrome 81.0.4044 V8 Remote Code Execution
Exploit Title: Google Chrome prior 83.0.4103.106 V8 - Remote Code Execution Date: 06/04/2021 Exploit Author: Tobias Marcotto Tested on: Kali Linux x64 Version: 83.0.4103.106 Description: Out of bounds write in V8 in Google Chrome prior to 83.0.4103.106 allowed a remote attacker to potentially...
Dokeos 1.8.6.1 / 1.8.6.3 Arbitrary File Upload
Exploit Title: Dokeos 1.8.6.3 and 1.8.6.1- Arbitrary File Upload Google Dork: "Plateforme Dokeos 1.8.6.3 " or 1.8.6.1 Date: 17/09/2019 Exploit Author: Sohel Yousef Jellyfish security team Vendor Homepage: https://www.dokeos.com/ Software Link: https://www.dokeos.com/ Version: 1.8.6.3 - 1.8.6.1...
Postfix SMTP Shellshock
!/bin/python Exploit Title: Shellshock SMTP Exploit Date: 10/3/2014 Exploit Author: fattymcwopr Vendor Homepage: gnu.org Software Link: http://ftp.gnu.org/gnu/bash/ Version: 4.2.x " argc = lensys.argv ifargc 3: usage sys.exit0 rport = 25 rhost = sys.argv1 cmd = sys.argv2 headers = "To",...
PHP-FPM 7.x Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'PHP-FPM Underflow RCE', 'Description' = %q This module exploits an underflow vulnerability in versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and...
Oracle WebLogic Server 12.2.1.0 Remote Code Execution
Exploit Title: Oracle WebLogic Server 12.2.1.0 - RCE Unauthenticated Google Dork: inurl:\"/console/login/LoginForm.jsp\" Date: 25/1/2021 Exploit Author: CHackA0101 Vendor Homepage: https://www.oracle.com/security-alerts/cpuoct2020.html Version: Oracle WebLogic Server, version 12.2.1.0 Tested...
Pandora FMS 7.0 NG 7XX Remote Command Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Pandora FMS Events Remote Command Execution', 'Description' = %q This module exploits a vulnerability CVE-2020-13851 in Pandora FMS versions 7.0 ...
TypeORM SQL Injection
typeorm CVE-2022-33171 findOneid, findOneOrFailid The findOne function in TypeORM before 0.3.0 can either be supplied with a string or a FindOneOptions object. When input to the function is a user-controlled parsed JSON object, supplying a crafted FindOneOptions instead of an id string leads to S...
PHP 8.1.0-dev Backdoor Remote Command Injection
Exploit Title: PHP 8.1.0-dev backdoor | Remote Command Injection Unauthenticated Date: 23/05/2021 Exploit Author: Richard Jones Vendor Homepage: https://www.php.net/ Software Link: https://github.com/vulhub/vulhub/tree/master/php/8.1-backdoor Version: PHP 8.1.0-dev Tested on: Linux Ubuntu 20.04.2...
Agent Tesla Botnet Cross Site Scripting
Exploit Title: Agent Tesla Botnet - Cross Site Scripting Vulnerability Google Dork: n/a Date: 29/10/2020 Exploit Author: n4pst3r Vendor Homepage: unkn0wn Software Link: http://www.agenttesla.com/ ¡ Down ! Version: unkn0wn Tested on: Windows 10, debian 7 CVE : n/a Vuln-Code:...
htmlLawed 1.2.5 Remote Command Execution
!/bin/bash Exploit Title: htmlLawed -c \n" exit 1 else echo -e "\n htmlLawed ' | sed -E 's/\ \0-9+\ =\ ./\1/' echo -e "$cmdoutput\n" exit 0 fi...
Forma LMS 2.3 Cross Site Scripting
Exploit Title: Forma LMS 2.3 - 'First & Last Name' Stored Cross-Site Scripting Date: 04-12-2020 Exploit Author: Hemant Patidar HemantSolo Vendor Homepage: https://www.formalms.org/download.html Software Link: https://www.formalms.org/ Version: 2.3 Tested on: Windows 10/Kali Linux...
Moodle 3.10.3 Cross Site Scripting
Exploit Title: Moodle 3.10.3 Calendar Cross Site Scripting Date: 25.03.2021 Author: Vincent666 ibn Winnie Software Link: https://moodle.org/ Tested on: Windows 10 Web Browser: Mozilla Firefox Google Dorks: inurl:/lib/editor/atto/plugins/managefiles/ or calendar/view.php?view=month My Youtube...
WordPress Buddypress 6.2.0 Cross Site Scripting
Document Title: =============== Buddypress v6.2.0 WP Plugin - Persistent Web Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2263 Release Date: ============= 2020-11-13 Vulnerability Laboratory ID VL-ID: ===================================...
m-privacy TightGate-Pro Code Execution / Insecure Permissions
SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple Vulnerabilities product: m-privacy TightGate-Pro vulnerable version: Rolling Release, servers with the following package versions are vulnerable: tightgatevnc...
Kernel Live Patch Security Notice LSN-0109-1
Several security issues were fixed in the Linux kernel, including use-after-free, dangling pointer, and permission checks. Linux kernel vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS - Ubuntu 22.04 LT...
Cisco 7937G Denial Of Service / Privilege Escalation
Exploit Title: Cisco 7937G 1-4-5-7 - DoS/Privilege Escalation Date: 2020-08-10 Exploit Author: Cody Martin Vendor Homepage: https://cisco.com Version: =SIP-1-4-5-7 Tested On: SIP-1-4-5-5, SIP-1-4-5-7 !/usr/bin/python import sys import getopt import requests import paramiko import socket import os...
Microsoft SQL Server Privilege Escalation
Microsoft SQL Server versions 2016, 2017, 2019, and 2022 suffer from multiple privilege escalation vulnerabilities to the SYSADMIN role. Title: Microsoft SQL Server Privilege Escalation from Control Server To Sysadmin role Product: Microsoft SQL Server Affected Versions: sql server...
Log4Shell HTTP Header Injection
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Log4Shell HTTP Header Injection', 'Description' = %q Versions of Apache Log4j2 impacted by CVE-2021-44228 which allow JNDI features used in...
WonderCMS 3.1.3 Cross Site Scripting
Exploit Title: WonderCMS 3.1.3 - 'uploadFile' Stored Cross-Site Scripting Google Dork: "WonderCMS" Date: 2020-11-27 Exploit Author: SunCSR Sun Cyber Security Research Vendor Homepage: https://www.wondercms.com/ Software Link:...
M/Monit 3.7.4 Privilege Escalation
Title: M/Monit 3.7.4 - Privilege Escalation Author: Dolev Farhi Date: 2020-07-09 Vendor Homepage: https://mmonit.com/ Version : 3.7.4 import sys import requests url = 'http://youriphere:8080' username = 'test' password = 'test123' sess = requests.Session sess.gethost def login: print'Attempting t...
WatchGuard XTM Firebox Unauthenticated Remote Command Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'zlib' class MetasploitModule 'WatchGuard XTM Firebox Unauthenticated Remote Command Execution', 'Description' = %q This module exploits a buffer overflow at the...
Documalis Free PDF Scanner Buffer Overflow
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Documalis Free PDF Scanner', 'Description' = %qDocumalis Free PDF Scanner is prone to a security vulnerability when open PDF files.When the...
User Registration And Login And User Management System 2.1 Cross Site Scripting
Exploit Title: User Registration & Login and User Management System With admin panel 2.1 - Persistent XSS Google Dork: N/A Date: 2020-08-07 Exploit Author: yusufmalikul Vendor Homepage: https://phpgurukul.com Software Link:...
SQL Server Reporting Services (SSRS) ViewState Deserialization
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'SQL Server Reporting Services SSRS ViewState Deserialization', 'Description' = %q A vulnerability exists within Microsoft's SQL Server Reporting...
Slims CMS Akasia 8.3.1 SQL Injection
Exploit Title : Slims CMS Akasia 8.3.1 Improper Authorization Vulnerability Author Discovered By : KingSkrupellos Team : Cyberizm Digital Security Army Date : 20/05/2019 Vendor Homepage : slimsetd.id - slims.web.id Software Download Link : slims.web.id/goslims/?wpdmpro=slims-8-3-1-akasia Software...
GitLab File Read Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient prepend Msf::Exploit::Remote::AutoCheck From Rails class...
NTP Amplification Denial Of Service Tool
!/usr/bin/env python from scapy.all import import sys import threading import time NTP Amp DOS attack by DaRkReD usage ntpdos.py ex: ntpdos.py 1.2.3.4 file.txt 10 packet sender def deny: Import globals to function global ntplist global currentserver global data global target ntpserver =...
VICIdial 2.14-917a Remote Code Execution
KL-001-2024-012: VICIdial Authenticated Remote Code Execution Title: VICIdial Authenticated Remote Code Execution Advisory ID: KL-001-2024-012 Publication Date: 2024-09-10 Publication URL: https://korelogic.com/Resources/Advisories/KL-001-2024-012.txt 1. Vulnerability Details Affected Vendor:...
Tenda AC6 AC1200 15.03.06.50_multi Cross Site Scripting
Exploit Title: Stored Cross-Site scripting in the Tenda router via the deviceId parameter in the Parental Control module Google Dork: None. Date: Aug-30-2022 Exploit Author: 0x783 Vendor Homepage: https://tendacn.com/default.html Software Link: https://www.tendacn.com/product/download/AC6.html...
EmbedThis GoAhead Web Server 5.1.1 Digest Authentication Capture Replay Nonce Reuse
!/usr/bin/env python3 -- coding: utf-8 -- EmbedThis GoAhead Web Server 5.1.1 Digest Authentication Capture Replay Nonce Reuse Vendor: Embedthis Software LLC Product web page: https://www.embedthis.com Affected version: =5.1.2 and =4.1.3 Summary: GoAhead is the world's most popular, tiny embedded...
ECTouch ECShop 2.7.3 SQL Injection
Exploit Title : ECTouch ECShop v2.7.3 SQL Injection Author Discovered By : KingSkrupellos Team : Cyberizm Digital Security Army Date : 22/01/2020 Vendor Homepage : ecshop.com - ectouch.cn Software Download Link : ecshop.com/download Software Affected Versions : 1.0 and 2.7.3 Tested On : Windows a...
Ubuntu Overlayfs Local Privilege Escalation
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule '2021 Ubuntu Overlayfs LPE', 'Description' = %q This module exploits a vulnerability in Ubuntu's implementation of overlayfs. The vulnerability is...
Realtek Managed Switch Controller RTL83xx Stack Overflow
SOT Subject Realtek Managed Switch Controller RTL83xx PoC 2019 bashis https://www.realtek.com/en/products/communications-network-ics/category/managed-switch-controller Brief description 1. Boa/Hydra suffer of exploitable stack overflow with a 'one byte read-write loop' w/o boundary check. all FW...