50748 matches found
Ray OS 2.6.3 Command Injection
Exploit Title: Ray OS v2.6.3 - Command Injection RCEUnauthorized Description: The Ray Project dashboard contains a CPU profiling page, and the format parameter is not validated before being inserted into a system command executed in a shell, allowing for arbitrary command execution. If the system...
Gasmark Pro 1.0 Shell Upload
Title: GASMARK PRO-1.0 File Upload RCE Author: nu11secur1ty Date: 03/17/2024 Vendor: https://www.mayurik.com/ Software: https://www.sourcecodester.com/php/15586/gas-agency-management-system-project-php-free-download-source-code.html Reference: https://portswigger.net/web-security/file-upload...
JetBrains TeamCity 2023.05.3 Remote Code Execution
Exploit Title: JetBrains TeamCity 2023.05.3 - Remote Code Execution RCE - Shodan Dork: http.title:TeamCity , http.favicon.hash:-1944119648 - Exploit Author: ByteHunter - Vendor: JetBrains - Email: [email protected] - vendor: JetBrains - Version: versions before 2023.05.4 - Tested on:...
doorGets CMS 12 Shell Upload
==================================================================================================================================== | Title : doorGets CMS v12 Unrestricted File Upload Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox...
Web Wiz Forums 12.06 Database Disclosure
==================================================================================================================================== | Title : Web Wiz Forums 12.06 Database Disclosure Exploit | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 108.032-bit ...
Bazaar Social Listing Shopping Web PHP Template 2.3.2 Privilege Escalation
==================================================================================================================================== | Title : Bazaar | Social Listing Shopping Web PHP Template v2.3.2 Privilege Escalation Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.P...
Active eCommerce CMS 6.5.0 Cross Site Scripting
┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...
Papaya Medical Viewer 1.0 Cross Site Scripting
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Title ===== SCHUTZWERK-SA-2022-001: Cross-Site-Scripting in Papaya Medical Viewer Status ====== PUBLISHED Version ======= 1.0 CVE reference ============= CVE-2023-33255 Link ==== https://www.schutzwerk.com/advisories/SCHUTZWERK-SA-2022-001/ Text-onl...
WordPress WPGateway 3.5 Privilege Escalation
Description: Unauthenticated Privilege Escalation Affected Plugin: WPGateway Plugin Slug: wpgateway Plugin Developer: Jack Hopman/WPGateway Affected Versions: = 3.5 CVE ID: CVE-2022-3180 CVSS Score: 9.8 Critical CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Fully Patched Version: N/A...
dbus-broker-29 Memory Corruption
SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple Memory Corruption Vulnerabilities product: dbus-broker vulnerable version: dbus-broker-29 fixed version: dbus-broker-31 CVE number: CVE-2022-31212, CVE-2022-3121...
Telesquare TLR-2855KS6 Arbitrary File Deletion
Exploit Title: Telesquare TLR-2855KS6 - Arbitrary File Deletion Date: 7/4/2022 Exploit Author: Momen Eldawakhly Cyber Guy Vendor Homepage: http://www.telesquare.co.kr/ Version: TLR-2855KS6 Tested on: Linux Firefox CVE : CVE-2021-46419 Proof of Concept DELETE /cgi-bin/test.cgi HTTP/1.1 Host:...
Razer Sila 2.0.418 Local File Inclusion
Exploit Title: Razer Sila - Local File Inclusion LFI Google Dork: N/A Date: 4/9/2022 Exploit Author: Kevin Randall Vendor Homepage: https://www2.razer.com/ap-en/desktops-and-networking/razer-sila Software Link: https://www2.razer.com/ap-en/desktops-and-networking/razer-sila Version:...
binutils 2.37 Objdump Segmentation Fault
Exploit Title: binutils 2.37 - Objdump Segmentation Fault Date: 2021-11-03 Exploit Author: p3tryx Vendor Homepage: https://www.gnu.org/software/binutils/ Version: binutils 2.37 Tested on: Ubuntu 18.04 CVE : CVE-2021-43149 Payload file %223"\972\00\0083=Q333A11111111411111333333A $$$\FF$\80 1114...
Gadget Store Management System 1.0 Shell Upload
Exploit Title: Gadget Store Management System 1.0 - Remote Code Execution RCE Unauthenticated Date: 04/04/2022 Exploit Author: Saud Alenazi Vendor Homepage: https://www.campcodes.com/ Software Link: https://www.campcodes.com/projects/php/gadget-store-management-system/ Version: 1.0 Tested on:...
COMMAX Smart Home Ruvie CCTV Bridge DVR Service Unauthenticated Config Write / DoS
COMMAX Smart Home Ruvie CCTV Bridge DVR Service Unauthenticated Config Write / DoS Vendor: COMMAX Co., Ltd. Prodcut web page: https://www.commax.com Affected version: n/a Summary: COMMAX Smart Home System is a smart IoT home solution for a large apartment complex that provides advanced life value...
HackTool.Win32.Hidd.b Buffer Overflow
Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/665a408981294ca49be23096363eec2f.txt Contact: [email protected] Media: twitter.com/malvuln Threat: HackTool.Win32.Hidd.b Vulnerability: Remote Stack Buffer Overflow UDP Datagram Description: The...
Exam Hall Management System 1.0 Shell Upload
Exploit Title: Exam Hall Management System 1.0 - Unrestricted File Upload Unauthenticated Date: 06/07/2021 Exploit Author: Thamer Almohammadi @Thamerz88 Vendor Homepage: https://www.sourcecodester.com Software Link:...
CHIYU IoT Cross Site Scripting
Exploit Title: CHIYU IoT devices - 'Multiple' Cross-Site Scripting XSS Date: May 31 2021 Exploit Author: sirpedrotavares Vendor Homepage: https://www.chiyu-tech.com/msg/msg88.html Software Link: https://www.chiyu-tech.com/category-hardware.html Version: BF-430, BF-431, BF-450M, BF-630, BF631-W,...
QCubed 3.1.1 Cross Site Scripting
QCube Cross-Site-Scripting ====================== | Identifier: | AIT-SA-20210215-03 | | Target: | QCubed Framework | | Vendor: | QCubed | | Version: | all versions including 3.1.1 | | CVE: | CVE-2020-24912 | | Accessibility: | Remote | | Severity: | High | | Author: | Wolfgang Hotwagner AIT...
Unibox Cross Site Request Forgery
===================================================== Authenticated XSRF leads to complete Account Takeover ===================================================== . contents:: Table Of Content Overview ======== Title:- Authenticated XSRF leads to complete account takeover in all UNIBOX WiFi Hotspo...
Online Voting System Project In PHP Cross Site Scripting
Exploit Title: Online Voting System Project in PHP - 'username' Persistent Cross-Site Scripting Date: 27-11-2020 Exploit Author: Sagar Banwa Vendor Homepage: https://projectworlds.in/ Software Link: https://projectworlds.in/free-projects/php-projects/online-voting-system-project-in-php-2/ Tested...
SpinetiX Fusion Digital Signage 3.4.8 Path Traversal
SpinetiX Fusion Digital Signage 3.4.8 File Backup/Delete Path Traversal Vendor: SpinetiX AG Product web page: https://www.spinetix.com Affected version: = 3.4.8 1.0.36274 Summary: At SpinetiX we inspire businesses to unlock the potential of their story. We believe in the power of digital signage ...
PanaceaSoft Shell Upload
Exploit Title: PanaceaSoft products Arbitrary File Upload/RCE Google Dork: NA Date: 25/5/2020 Exploit Author: syfi Vendor Homepage: http://www.panacea-soft.com/ Software Link: http://www.panacea-soft.com/ Version: latest Tested on: Ubuntu CVE : NA Vulnerability Description: PanaceaSoft products...
Facebook Messenger Denial Of Service
Facebook Messenger Remote Denial of Service Vulnerability Report by Social Engineering Neo. Affected Platforms: - Android ≤9 IOS ≤11 Messenger Messenger Lite Tested On: - Android 6 & 7 IOS 11 Messenger build 228.1.0.10.116 Messenger Lite build 65.0.1.18.236 Class: - Denial of Service. Summary: -...
Sentrifugo 3.2 Cross Site Scripting
Exploit Title: Sentrifugo 3.2 - Persistent Cross-Site Scripting Google Dork: N/A Date: 8/29/2019 Exploit Author: creosote Vendor Homepage: http://www.sentrifugo.com/ Version: 3.2 Tested on: Ubuntu 18.04 CVE : CVE-2019-15814 Multiple Stored XSS vulnerabilities were found in Sentrifugo 3.2. In most...
Cisco RV320 Unauthenticated Configuration Export
Advisory: Cisco RV320 Unauthenticated Configuration Export RedTeam Pentesting discovered that the configuration of a Cisco RV320 router may be exported without authentication through the device's web interface. Details ======= Product: Cisco RV320 Dual Gigabit WAN VPN Router, possibly others...
Chamilo 1.11.6 Cross Site Scripting
Multiple Cross-site Scripting Vulnerabilities in Chamilo 1.11.6 Information -------------------- Advisory by Netsparker Name: Multiple Cross-site Scripting Vulnerabilities in Chamilo 1.11.6 Affected Software: Chamilo Affected Versions: 1.11.6 Homepage: https://chamilo.org/en/ Vulnerability:...
📄 Apache Tomcat Remote Code Execution
Apache Tomcat has a path equivalence remote code execution vulnerability. Versions prior to 11.0.3, 10.1.35, and 9.0.98 are affected. Exploit Title: Apache Tomcat Path Equivalence - Remote Code Execution Exploit Author: Al Baradi Joy CVE: CVE-2025-24813 Date: 2025-04-06 Vendor Homepage:...
MacOS CoreAudio Framework Sandbox Escape
MacOS suffers from a sandbox escape vulnerability due to a type confusion issue in coreaudiod/CoreAudio Framework. The com.apple.audio.audiohald Mach service on MacOS is hosted by the coreaudiod process. This process exposes the Hardware Abstraction Layer HAL of the CoreAudio framework, which...
Transport Management System 1.0 SQL Injection
============================================================================================================================================= | Title : Transport Management System 1.0 Sql INjection injection Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla...
Java RMI Registry Interfaces Enumeration
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'rex/java/serialization' class MetasploitModule 'Java RMI Registry Interfaces Enumeration', 'Description' = %q This module gathers information from an RMI endpoi...
Samba read_nttrans_ea_list Integer Overflow
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'rex/struct2' class MetasploitModule 'Samba readnttransealist Integer Overflow', 'Description' = %q Integer overflow in the readnttransealist function in nttrans...
Exam Form Submission 1.0 Arbitrary File Upload
============================================================================================================================================= | Title : Exam Form Submission v1.0 Remote File Upload Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox...
WordPress WPCode Lite 2.1.14 Cross Site Scripting
Exploit Title: Wordpress WPCode Lite Version 2.1.14 Stored XSS Date: 2024-06-30 Exploit Author: tmrswrr Category : Webapps Vendor Homepage: https://wpcode.com/?utmsource=wprepo&utmmedium=link&utmcampaign=liteplugin Version 2.1.14 Steps to Execute the Payload: 1. Access the Admin Panel: - Navigate...
Saflok System 6000 Key Derivation
// Exploit Title: Saflok KDF // Date: 2023-10-29 // Exploit Author: a51199deefa2c2520cea24f746d899ce // Vendor Homepage: https://www.dormakaba.com/ // Version: System 6000 // Tested on: Dormakaba Saflok cards // CVE: N/A include include define MAGICTABLESIZE 192 define KEYLENGTH 6 define UIDLENGT...
WordPress Slimstat Analytics 5.0.9 Cross Site Scripting / SQL Injection
Vulnerability Summary from Wordfence Intelligence Description: Slimstat Analytics = 5.0.9 – Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode Affected Plugin: Slimstat Analytics Plugin Slug: wp-slimstat Affected Versions: = 5.0.9 CVE ID: CVE-2023-4597 CVSS Score: 6.4 Medium CVS...
Education Time Indonesian School CRM 1.7 SQL Injection
==================================================================================================================================== | Title : Education Time Indonesian School CRM v 1.7 Sql injection Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozill...
Vaidya-Mitra 1.0 SQL Injection
Title: Vaidya-Mitra 1.0 Multiple - SQLi Author: nu11secur1ty Date: 07.12.2023 Vendor: https://mayurik.com/ Software: free: https://www.sourcecodester.com/php/16720/free-hospital-management-system-small-practices.html, https://mayurik.com/source-code/P5890/best-hospital-management-system-in-php...
Bloly 1.3 Add Administrator
==================================================================================================================================== | Title : Bloly v1.3 Add admin Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 66.0.264-bit | | Vendor :...
Property Listing Script 1.0 Cross Site Scripting
┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...
ESET Forwarder 16.0.26.0 Unquoted Service Path
Exploit Title: ESET Forwarder 16.0.26.0 - Unquoted Service Path Privilege Escalation Date: 2023-04-30 Author: Milad Karimi Ex3ptionaL Vendor Homepage: https://www.eset.com Software Link: https://www.eset.com/download/ version : 16.0.26.0 Latest Tested on: Windows 11 ESET installs as a service wit...
GitLab GitHub Repo Import Deserialization Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'GitLab GitHub Repo Import Deserialization RCE', 'Description' = %q An authenticated user can import a repository from GitHub into GitLab. If a us...
Advanced Testimonials Manager 5.6 SQL Injection
==================================================================================================================================== | Title : Advanced Testimonials Manager v5.6 Auth by pass Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox...
Ransom Lockbit 3.0 MVID-2022-0621 Code Execution
Discovery / credits: Malvuln John Page aka hyp3rlinx c 2022 Original source: https://malvuln.com/advisory/38745539b71cf201bb502437f891d799B.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Ransom Lockbit 3.0 Vulnerability: Code Execution Description: The ransomware apparently n...
PHP Melody 3.0 Cross Site Scripting
Document Title: =============== PHP Melody v3.0 - Editor Persistent XSS Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2291 Bulletin: https://www.phpsugar.com/blog/2021/09/php-melody-3-0-vulnerability-report-fix/ Release Date: ===========...
SolarWinds Kiwi CatTools 3.11.8 Unquoted Service Path
Exploit Title: SolarWinds Kiwi CatTools 3.11.8 - Unquoted Service Path Exploit Author: Mert DAŞ Version: 3.11.8 Date: 14.10.2021 Vendor Homepage: https://www.solarwinds.com/ Tested on: Windows 10 Step to discover Unquoted Service Path : -------------------------------------- C:\Users\Mertsc qc...
Backdoor.Win32.MoonPie.40 Remote Command Execution
Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/Backdoor.Win32.MoonPie.40.9dbb6d56bc9a7813305883acd0f9a355C.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.MoonPie.40 Vulnerability: Unauthenticated Remote Command...
Backdoor.Win32.IRCBot.gen Hardcoded Credential
Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/bcfc89ca07bd0ad7b9396a0815c9fc39.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.IRCBot.gen Vulnerability: Hardcoded Weak Password Description: The malware listens on...
Hotel And Lodge Management System 1.0 Shell Upload
Exploit Title: Hotel and Lodge Management System 1.0 - Remote Code Execution Unauthenticated Date: 07-03-2021 Exploit Author: Christian Vierschilling Vendor Homepage: https://www.sourcecodester.com Software Link: https://www.sourcecodester.com/php/13707/hotel-and-lodge-management-system.html...
SolarWinds Serv-U FTP Server 15.2.1 Cross Site Scripting
Title: Stored XSS Product: SolarWinds Serv-U FTP Server Vendor Homepage: https://www.solarwinds.com/ Vulnerable Version: 15.2.1 and lower Fixed Version: 15.2.2 CVE Number: CVE-2020-28001 Author: Jack Misiura from The Missing Link Website: https://www.themissinglink.com.au Timeline: 2020-10-30...