50748 matches found
Online Health Care System 1.0 Cross Site Scripting
Exploit Title: Online Health Care System 1.0 - Multiple Cross Site Scripting Stored Google Dork: N/A Date: 2020/10/24 Exploit Author: Akıner Kısa Vendor Homepage: https://www.sourcecodester.com/php/14526/online-health-care-system-php-full-source-code-2020.html Software Link:...
Verint Impact 360 15.1 Script Insertion / HTML Injection
!-- Exploit Title: Verint Impact 360 Open iFrame Date: 7-13-2020 Exploit Author: Ryan Delaney Author Contact: [email protected] Author LinkedIn: https://www.linkedin.com/in/infosecrd/ Vendor Homepage: https://www.verint.com/ Software Link:...
Mereo 1.9.4 Denial Of Service
!/usr/bin/python ''' Exploit Title: Mereo 1.9.4 - Remote HTTP Server Denial of Service Date: 06-2020 Exploit Author: Saeed reza Zamanian Vendor Homepage: https://sourceforge.net/projects/mereo/ Software Link: https://sourceforge.net/projects/mereo/files/ Version: 1.9.4 Tested on: Windows 7 ,...
VxWorks 6.8 Integer Underflow
Exploit Title: VxWorks TCP Urgent pointer = 0 integer underflow vulnerability Discovered By: Armis Security PoC Author: Zhou Yu twitter: @504137480 Vendor Homepage: https://www.windriver.com Tested on: VxWorks 6.8 CVE: CVE-2019-12255 More Details:...
GPON Router Authentication Bypass / Comand Injection
!/bin/bash echo "+ Sending the Commanda| " We send the commands with two modes backtick and semicolon ; because different models trigger on different devices curl -k -d "XWebPageName=diag&diagaction=ping&wanconlist=0&desthost=$2;$2&ipv=0" $1/GponForm/diagForm?images/ 2/dev/null 1/dev/null echo "+...
MS17-010 EternalRomance / EternalSynergy / EternalChampion SMB Remote Windows Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework Windows XP systems that are not part of a domain default to treating all network logons as if they were Guest. This prevents SMB relay attacks from gaining administrativ...
Microsoft Office Equation Editor Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Microsoft Office CVE-2017-11882', 'Description' = %q Module exploits a flaw in how the Equation Editor that allows an attacker to execute arbitra...
PHP File Vault 0.9 Directory Traversal / File Read
PHP File Vault version 0.9 , remote directory traversal and read file vulnerabilty ================================================================================== Discovered by NA, NAattutanota.com ====================================== Description =========== A very small PHP website...
sxVideo 2.1.0 SQL Injection
Exploit Title: sxVideo v2.1.0 Sql Ýnjection Vulnerability Google Dork: Powered By sxVideo v2.1.0 Date: 19/06/2011 Author: HeRoTuRK- http://by-heroturk.blogspot.com/ Demo :http://www.huntvideo.net/index.php?p=View&id=1128 Version: v2.1.0 Tested on: Windows 7 Greetz; F0RTYS3V3N - Lazmania61 -...
PHPizabi 0.848b C1 HFP1-3 File Upload
date"U"-300 43. 44. fnc"laneMakeToken", "file", $GET"id", array 45. "user.username" = me"username", 46. "file" = "system/cache/temp/".$filename, 47. ; 48. PHPizabi is prone to a vulnerability that lets remote attackers to upload and execute arbitrary script code. The uploaded file is saved into...
📄 Typecho 1.3.0 Race Condition
Typecho versions 1.3.0 and below suffer from a race condition vulnerability. // Exploit Title: Typecho = 1.3.0 Race Condition // Google Dork: intext:"Powered by Typecho" inurl:/index.php // Date: 18/08/2024 // Exploit Author: Michele 'cyberaz0r' Di Bonaventura // Vendor Homepage:...
vBulletin 5.0.0 Beta 28 SQL Injection
vBulletin version 5.0.0 Beta 28 proof of concept remote SQL injection exploit that leverages a vulnerability discovered in 2013. ============================================================================================================================================= | Title : vBulletin 5.0.0...
ABB Cylon Aspect 3.08.01 databaseFileDelete.php Command Injection
ABB Cylon Aspect 3.08.01 databaseFileDelete.php Remote Code Execution Vendor: ABB Ltd. Product web page: https://www.global.abb Affected version: NEXUS Series, MATRIX-2 Series, ASPECT-Enterprise, ASPECT-Studio Firmware: =3.08.01 Summary: ASPECT is an award-winning scalable building energy...
Craft CMS 4.4.14 Code Injection
============================================================================================================================================= | Title : Craft CMS 4.4.14 Code Injection Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 130.0.2 64 bits...
ABB Cylon Aspect 3.08.00 syslogSwitch.php Remote Code Execution
ABB Cylon Aspect 3.08.00 syslogSwitch.php Remote Code Execution Vendor: ABB Ltd. Product web page: https://www.global.abb Affected version: NEXUS Series, MATRIX-2 Series, ASPECT-Enterprise, ASPECT-Studio Firmware: =3.08.00 Summary: ASPECT is an award-winning scalable building energy management an...
Windows Escalate UAC Execute RunAs
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Windows Escalate UAC Execute RunAs', 'Description' = %q This module will attempt to elevate execution level using the ShellExecute undocumented...
Build Your Own Botnet 2.0.0 Remote Code Execution
Exploit Title: BYOB Build Your Own Botnet v2.0.0 Unauthenticated RCE Remote Code Execution Date: 2024-08-14 Exploit Author: @chebuya Software Link: https://github.com/malwaredllc/byob Version: v2.0.0 Tested on: Ubuntu 22.04 LTS, Python 3.10.12, change numpy==1.17.3-numpy CVE: CVE-2024-?????,...
Student Attendance Management System 1.0 SQL Injection
Titles: Student Attendance Management System-1.0 Bypass Authentication SQLi Author: nu11secur1ty Date: 06/22/2024 Vendor: https://github.com/oretnom23 Software: https://www.sourcecodester.com/php/14561/student-attendance-management-system-using-phpmysqli-source-code.html Reference:...
AEGON LIFE 1.0 Remote Code Execution
Exploit Title: Life Insurance Management System- Unauthenticated Remote Code Execution RCE Exploit Author: Aslam Anwar Mahimkar Date: 18-05-2024 Category: Web application Vendor Homepage: https://projectworlds.in/ Software Link: https://projectworlds.in/life-insurance-management-system-in-php/...
Quick CMS 6.7 Shell Upload
Title : Authenticated Shell Upload Product : Quick CMS Vendor : https://opensolution.org/ Affected Version : 6.7 Researcher : Eagle Eye Tested on : Window & Linux Date : 11/06/2024 Report : Already contact the vendor but no response Affected path : admin.php , core/common-admin.php,...
Cacti Import Packages Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Cacti Import Packages RCE', 'Description' = %q This exploit module leverages an arbitrary file write vulnerability CVE-2024-25641 in Cacti versio...
BoidCMS 2.0.1 Cross Site Scripting
Exploit Title: Multiple XSS Issues in boidcmsv2.0.1 Date: 3/2024 Exploit Author: Andrey Stoykov Version: 2.0.1 Tested on: Ubuntu 22.04 Blog: http://msecureltd.blogspot.com XSS via SVG File Upload Steps to Reproduce: 1. Login with admin user 2. Visit "Media" page 3. Upload xss.svg 4. Click "View"...
GL.iNet AR300M 4.3.7 Arbitrary File Write
!/usr/bin/env python3 Exploit Title: GL.iNet = 4.3.7 Arbitrary File Write Google Dork: intitle:"GL.iNet Admin Panel" Date: XX/11/2023 Exploit Author: Michele 'cyberaz0r' Di Bonaventura Vendor Homepage: https://www.gli-net.com Software Link:...
xbtitFM 4.1.18 SQL Injection / Shell Upload / Traversal
Exploit Title: xbtitFM 4.1.18 Multiple Vulnerabilities Date: 22-01-2024 Exploit Author: Who cares anyway Vendor Homepage: https://xbtitfm.eu Affected versions: 4.1.18 and prior CVE : Who cares anyway Description: The SQLi and the path traversal are unauthenticated, they don't require any user...
PHPJabbers Night Club Booking Software 1.0 Missing Rate Limiting
Exploit Title: PHPJabbers Night Club Booking Software v1.0 - No Rate Limit Date: 19/12/2023 Exploit Author: BugsBD Limited Discover by: Rahad Chowdhury Vendor Homepage: https://www.phpjabbers.com/ Software Link: https://www.phpjabbers.com/night-club-booking-software/sectionDemo Version: v1.0 Test...
WordPress Contact Form To Any API 1.1.6 Cross Site Request Forgery
Exploit Title: WP Plugins Contact Form to Any API history.pushState'', '', '/'; document.forms0.submit; Recommendation Upgrade to version 1.1.7...
WordPress WP ERP 1.12.2 SQL Injection
Exploit Title: WP Plugins WP ERP = 1.12.2 - SQL Injection Date: 15-10-2023 Exploit Author: Arvandy Software Link: https://wordpress.org/plugins/erp/ Vendor Homepage: https://wperp.com/ Version: 1.12.2 Tested on: Windows, Linux CVE: CVE-2023-2744 Product Description WP ERP is the first full-fledge...
Gusto Recipes Management 1.5.1 Cross Site Scripting
==================================================================================================================================== | Title : Gusto - Recipes Management v1.5.1 System XSS Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox...
Buzzy News Viral Lists Polls And Videos 2.5.1 Insecure Settings
====================================================================================================================================== | Title : Buzzy - News Viral Lists Polls and Videos V 2.5.1 Insecure Settings Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro /...
phpAnalyzer 2.0.4 Insecure Settings
==================================================================================================================================== | Title : phpAnalyzer v2.0.4 Insecure Settings Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 66.0.232-b...
SoftExpert Suite 2.1.3 Local File Inclusion
Exploit Title: SoftExpert SE Suite v2.1.3 - Local File Inclusion Date: 27-04-2023 Exploit Author: Felipe Alcantara Filiplain Vendor Homepage: https://www.softexpert.com/ Version: 2.0 target=$1 u=$2 p=$3 file=$echo -n "$4"|base64 -w 0 end="\0330m\e0m" red="\e0;31m\0331m" blue="\e0;34m\0331m" echo ...
PHPJabbers Simple CMS 5.0 SQL Injection
Exploit Title: PHPJabbers Simple CMS 5.0 - SQL Injection Date: 2023-04-29 Exploit Author: Ahmet Ümit BAYRAM Vendor Homepage: https://www.phpjabbers.com/faq.php Software Link: https://www.phpjabbers.com/simple-cms/ Version: 5.0 Tested on: Kali Linux Request GET...
AspEmail 5.6.0.2 Weak Permissions / Local Privilege Escalation
Exploit Title: AspEmail 5.6.0.2 - Local Privilege Escalation Vulnerability Category: Weak Services Permission - Binary Permission Vulnerability Date: 13/04/2023 Exploit Author: Zer0FauLT [email protected] Vendor Homepage: https://www.aspemail.com Software Link:...
Dompdf 1.2.1 Remote Code Execution
!/usr/bin/python3 Exploit Title: Dompdf 1.2.1 - Remote Code Execution RCE Date: 16 February 2023 Exploit Author: Ravindu Wickramasinghe @rvizx9 Vendor Homepage: https://dompdf.github.io/ Software Link: https://github.com/dompdf/dompdf Version: 1.2.1 Tested on: Kali linux CVE : CVE-2022-28368 Gith...
Online Pizza Ordering 1.0 SQL Injection
Title: Online-Pizza-Ordering-1.0-Multiple-SQLi Author: nu11secur1ty Date: 03.31.2023 Vendor: https://github.com/oretnom23 Software: https://www.sourcecodester.com/php/16166/online-pizza-ordering-system-php-free-source-code.html Reference: https://portswigger.net/web-security/sql-injection...
Online Shopping System Advanced 1.0 XSS / SQL Injection / Code Execution
Exploit Title: Online shopping system advanced 1.0 - Multiple Vulnerabilities Discovery by: Rafael Pedrero Discovery Date: 2020-09-24 Vendor Homepage: https://github.com/PuneethReddyHC/online-shopping-system-advanced Software Link :...
SuperMailer 11.20 Buffer Overflow / Denial Of Service
Exploit Title: SuperMailer v11.20 - Buffer overflow DoS Exploit Author: Rafael Pedrero Discovery Date: 2021-02-07 Vendor Homepage: https://int.supermailer.de/downloadnewslettersoftware.htm Software Link : https://int.supermailer.de/smintsw.zip / https://int.supermailer.de/smintswx64.zip Tested...
Device Manager Express 7.8.20002.47752 SQL Injection / XSS / Code Execution / Traversal
Product Name: Device Manager Express Vendor Homepage: https://www.audiocodes.com Software Link: https://www.audiocodes.com/solutions-products/products/management-products-solutions/device-manager Version: = 7.8.20002.47752 Tested on: Windows 10 / Server 2019 Default credentials: admin/admin...
Inout Search Engine 10.1.3 Cross Site Scripting
┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...
MyBB Admin Control Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'MyBB Admin Control Code Injection RCE', 'Description' = %q This exploit module leverages an improper input validation vulnerability in MyBB prior...
WordPress UpdraftPlus Cross Site Scripting
Tittle: WordPress Plugin UpdraftPlus confirm1 Classification Type XSS OWASP top 10 A7: Cross-Site Scripting XSS CWE-79 wpScan: https://wpscan.com/vulnerability/7337543f-4c2c-4365-aebf-3423e9d2f872...
Backdoor.Win32.WinShell.50 Hardcoded Password
Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/8170928cd3e0f1a79b9d40ae19a4d217.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.WinShell.50 Vulnerability: Weak Hardcoded Password Description: The malware listens o...
Confluence Server 7.12.4 OGNL Injection Remote Code Execution
Exploit Title: Confluence Server 7.12.4 - 'OGNL injection' Remote Code Execution RCE Unauthenticated Date: 01/09/2021 Exploit Author: h3v0x Vendor Homepage: https://www.atlassian.com/ Software Link: https://www.atlassian.com/software/confluence/download-archives Version: All 7.12.x versions befor...
Simple Image Gallery 1.0 Shell Upload
Exploit Title: Simple Image Gallery 1.0 - Remote Code Execution RCE Unauthenticated Date: 17.08.2021 Exploit Author: Tagoletta Tağmaç Software Link: https://www.sourcecodester.com/php/14903/simple-image-gallery-web-app-using-php-free-source-code.html Version: V 1.0 Tested on: Ubuntu import reques...
GitLab Community Edition (CE) 13.10.3 User Enumeration
Exploit Title: GitLab Community Edition CE 13.10.3 - User Enumeration Date: 4/29/2021 Exploit Author: @4D0niiS https://github.com/4D0niiS Vendor Homepage: https://gitlab.com/ Version: 13.10.3 Tested on: Kali Linux 2021.1 !/bin/bash Colors RED='\03338;5;196m' GREEN='\e38;5;47m' NC='\0330m'...
HEUR.Backdoor.Win32.Generic File Download
Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/d7648b676dd139d1b7ba781816726510.txt Contact: [email protected] Media: twitter.com/malvuln Threat: HEUR.Backdoor.Win32.Generic Vulnerability: Unauthenticated Open Proxy Description: The backdoor...
KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 Insufficient Session Expiration
KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 Insufficient Session Expiration Vendor: KZ Broadband Technologies, Ltd. | Jaton Technology, Ltd. Product web page: http://www.kzbtech.com | http://www.jatontec.com | https://www.neotel.mk http://www.jatontec.com/products/show.php?itemid=258...
Sandboxie Plus 0.7.2 Unquoted Service Path
Exploit Title: Sandboxie Plus v0.7.2 - 'SbieSvc' Unquoted Service Path Date: 2021-1-20 Exploit Author: Mohammed Alshehri Vendor Homepage: sandboxie-plus.com Software Link: https://github.com/sandboxie-plus/Sandboxie/releases/download/0.7.2/Sandboxie-Plus-x64-v0.7.2.exe Version: Version 0.7.2 Test...
Backdoor.Win32.RemoteManipulator.fdo Insecure Permissions
Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/66ef21e8d1cf30dce6e084a9e306c18f.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.RemoteManipulator.fdo Vulnerability: Insecure Permissions Description: The backdoor...
Home Assistant Community Store 1.10.0 Path Traversal
Exploit Title: Home Assistant Community Store HACS 1.10.0 - Path Traversal to Account Takeover Date: 2021-01-28 Exploit Author: Lyghtnox Vendor Homepage: https://www.home-assistant.io/ Software Link: https://github.com/hacs/integration Version: 1.10.0 Tested on: Raspbian + Home Assistant 2021.1.0...