50738 matches found
Foodiee CMS 1.0.1 Insecure Direct Object Reference
==================================================================================================================================== | Title : Foodiee CMS v1.0.1 Insecure Direct Object Reference Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla...
Deprixa 3.2.5 Cross Site Request Forgery
==================================================================================================================================== | Title : Deprixa 3.2.5 CSRF Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 103.064-bit | | Vendor :...
Frappe Framework 13.4.0 Remote Code Execution
Exploit Title: Frappe Framework ERPNext 13.4.0 - Remote Code Execution Authenticated Exploit Author: Sander Ferdinand Date: 2023-06-07 Version: 13.4.0 Vendor Homepage: http://erpnext.org Software Link: https://github.com/frappe/frappe/ Tested on: Ubuntu 22.04 CVE : none Silly sandbox escape. Frap...
Teachers Record Management System 1.0 Validation Bypass
Exploit Title: Teachers Record Management System 1.0 – File Upload Type Validation Date: 17-01-2023 EXPLOIT-AUTHOR: AFFAN AHMED Vendor Homepage: Software Link: Version: 1.0 Tested on: Windows 11 + XAMPP CVE : CVE-2023-3187 =============================== STEPSTOREPRODUCE...
PHPJabbers Simple CMS 5.0 SQL Injection
Exploit Title: PHPJabbers Simple CMS 5.0 - SQL Injection Date: 2023-04-29 Exploit Author: Ahmet Ümit BAYRAM Vendor Homepage: https://www.phpjabbers.com/faq.php Software Link: https://www.phpjabbers.com/simple-cms/ Version: 5.0 Tested on: Kali Linux Request GET...
ESET Forwarder 16.0.26.0 Unquoted Service Path
Exploit Title: ESET Forwarder 16.0.26.0 - Unquoted Service Path Privilege Escalation Date: 2023-04-30 Author: Milad Karimi Ex3ptionaL Vendor Homepage: https://www.eset.com Software Link: https://www.eset.com/download/ version : 16.0.26.0 Latest Tested on: Windows 11 ESET installs as a service wit...
Online Pizza Ordering 1.0 SQL Injection
Title: Online-Pizza-Ordering-1.0-Multiple-SQLi Author: nu11secur1ty Date: 03.31.2023 Vendor: https://github.com/oretnom23 Software: https://www.sourcecodester.com/php/16166/online-pizza-ordering-system-php-free-source-code.html Reference: https://portswigger.net/web-security/sql-injection...
Online Shopping System Advanced 1.0 XSS / SQL Injection / Code Execution
Exploit Title: Online shopping system advanced 1.0 - Multiple Vulnerabilities Discovery by: Rafael Pedrero Discovery Date: 2020-09-24 Vendor Homepage: https://github.com/PuneethReddyHC/online-shopping-system-advanced Software Link :...
Zimbra Privilege Escalation
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Zimbra sudo + postfix privilege escalation', 'Description' = %q This module exploits a vulnerable sudo configuration that permits the zimbra user...
Backdoor.Win32.Psychward.03.a Weak Hardcoded Password
Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/4b9a42ca1e65cf0a7febbe18f397ef24.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Psychward.03.a Vulnerability: Weak Hardcoded Password Description: The malware listen...
Backdoor.Win32.FTP.Nuclear.10 Hardcoded Credential
Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/9c23dad9ba11305fecf38bed46b0cec2.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.FTP.Nuclear.10 Vulnerability: Hardcoded Credentials Description: The malware builds...
Hospital Management System 4.0 SQL Injection
Title: Hospital Management System v4.0 Multiple SQL-Injections Author: nu11secur1ty Date: 02.06.2022 Vendor: https://github.com/kishan0725 Software: https://github.com/kishan0725/Hospital-Management-System CVE-2022-24263 Description: The Hospital Management System v4.0 is suffering from Multiple...
Backdoor.Win32.DRA.c Weak Hardcoded Password
Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/5ff832ce6af4b03a709eaf380672cf34.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.DRA.c Vulnerability: Weak Hardcoded Password Description: The malware listens on TCP...
Simple Image Gallery 1.0 Shell Upload
Exploit Title: Simple Image Gallery 1.0 - Remote Code Execution RCE Unauthenticated Date: 17.08.2021 Exploit Author: Tagoletta Tağmaç Software Link: https://www.sourcecodester.com/php/14903/simple-image-gallery-web-app-using-php-free-source-code.html Version: V 1.0 Tested on: Ubuntu import reques...
IntelliChoice eFORCE Software Suite 2.5.9 Username Enumeration
IntelliChoice eFORCE Software Suite v2.5.9 Username Enumeration Vendor: IntelliChoice, Inc. Product web page: https://www.eforcesoftware.com Affected version: 2.5.9.6 2.5.9.5 2.5.9.3 2.5.9.2 2.5.9.1 2.5.8.0 2.5.7.20 2.5.7.18 2.5.6.18 2.5.4.6 2.5.3.11 Summary: IntelliChoice is a United States...
HEUR.Backdoor.Win32.Winnti.gen Insecure Permissions
Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/eb272fe923ccf3e66fde1bf309cbc464.txt Contact: [email protected] Media: twitter.com/malvuln Threat: HEUR.Backdoor.Win32.Winnti.gen Vulnerability: Insecure Permissions Description: The malware creates ...
Billing System Project 1.0 Shell Upload
Exploit Title: Billing System Project 1.0 - Remote Code Execution RCE Unauthenticated Date: 06.07.2021 Exploit Author: Talha DEMİRSOY Software Link: https://www.sourcecodester.com/php/14831/billing-system-project-php-source-code-free-download.html Version: V 1.0 Tested on: Linux & Windows import...
Veyon 4.4.1 Unquoted Service Path
Exploit Title: Veyon 4.4.1 - 'VeyonService' Unquoted Service Path Discovery by: Víctor García Discovery Date: 2020-03-23 Vendor Homepage: https://veyon.io/ Software Link: https://github.com/veyon/veyon/releases/download/v4.4.1/veyon-4.4.1.0-win64-setup.exe Tested Version: 4.4.1 Vulnerability Type...
Epic Games Easy Anti-Cheat 4.0 Local Privilege Escalation
Epic Games Easy Anti-Cheat 4.0 Local Privilege Escalation Vendor: Epic Games, Inc. Product web page: https://www.epicgames.com https://www.easy.ac Affected version: 4.0.0.0 Summary: Easy Anti-Cheat is the industry-leading anti–cheat service, countering hacking and cheating in multiplayer PC games...
HEUR.Backdoor.Win32.Generic File Download
Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/d7648b676dd139d1b7ba781816726510.txt Contact: [email protected] Media: twitter.com/malvuln Threat: HEUR.Backdoor.Win32.Generic Vulnerability: Unauthenticated Open Proxy Description: The backdoor...
Sandboxie Plus 0.7.2 Unquoted Service Path
Exploit Title: Sandboxie Plus v0.7.2 - 'SbieSvc' Unquoted Service Path Date: 2021-1-20 Exploit Author: Mohammed Alshehri Vendor Homepage: sandboxie-plus.com Software Link: https://github.com/sandboxie-plus/Sandboxie/releases/download/0.7.2/Sandboxie-Plus-x64-v0.7.2.exe Version: Version 0.7.2 Test...
Backdoor.Win32.RemoteManipulator.fdo Insecure Permissions
Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/66ef21e8d1cf30dce6e084a9e306c18f.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.RemoteManipulator.fdo Vulnerability: Insecure Permissions Description: The backdoor...
Trojan.Win32.Antavka.bz Insecure Permissions / Privilege Escalation
Discovery / credits: malvuln - Malvuln.com c 2021 Original source: http://malvuln.com/advisory/2e4573d8925be404a9a1ff49ee2f5bc3.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Trojan.Win32.Antavka.bz Vulnerability: Insecure Permissions EoP Description: Change permissions are...
Online Course Registration 1.0 SQL Injection
Exploit Title: Online Course Registration 1.0 - Authentication Bypass Google Dork: N/A Date: 2020-06-05 Exploit Author: BKpatron Vendor Homepage: https://www.sourcecodester.com/php/14251/online-course-registration.html Software Link:...
CyberArk Password Vault 10.6 Authentication Bypass
Exploit Title: CyberArk Password Vault 10.6 - Authentication Bypass Date: 2019-10-16 Author: Daniel Martinez Adan adon90 Vendor: https://www.cyberark.com Software: https://www.cyberark.com/products/privileged-account-security-solution/enterprise-password-vault/ Collaborator: Luis Buendía...
BitZoom 1.0 SQL Injection
Exploit Title: BitZoom 1.0 - 'rollno' SQL Injection Dork: N/A Date: 2018-11-14 Exploit Author: Ihsan Sencan Vendor Homepage: https://bitzoom.sourceforge.io/ Software Link: https://excellmedia.dl.sourceforge.net/project/bitzoom/bitzoom-master.zip Version: 1.0 Category: Webapps Tested on:...
Microsoft Office Equation Editor Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Microsoft Office CVE-2017-11882', 'Description' = %q Module exploits a flaw in how the Equation Editor that allows an attacker to execute arbitra...
OpenPanel 0.3.4 Remote Code Execution
OpenPanel version 0.3.4 suffers from a remote code execution vulnerability via /fix-permissions. Exploit Title: OpenPanel 0.3.4 - Remote Code Execution via Fix Permission Date: Nov 7, 2024 Exploit Author: Punthat Siriwan, Korn Chaisuwan, Pongtorn Angsuchotmetee Vendor Homepage:...
Online Food Management System 1.0 Insecure Direct Object Reference
==================================================================================================================================== | Title : Online Food Management System 1.0 idor Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 130.0.0 64 bits |...
Online Exam System 1.0 Information Disclosure
==================================================================================================================================== | Title : Online Exam System 1.0 HTML Form found in redirect page Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox...
Online Food Management System 1.0 SQL Injection
==================================================================================================================================== | Title : Online Food Management System 1.0 Auth By Pass Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 130.0.0 6...
C-MOR Video Surveillance 5.2401 Improper Access Control
Advisory ID: SYSS-2024-024 Product: C-MOR Video Surveillance Manufacturer: za-internet GmbH Affected Versions: 5.2401 Tested Versions: 5.2401 Vulnerability Type: Improper Access Control CWE-284 Risk Level: High Solution Status: Fixed Manufacturer Notification: 2024-04-05 Solution Date: 2024-07-31...
Online Bus Ticketing 1.0 Insecure Direct Object Reference
============================================================================================================================================= | Title : Online Bus Ticketing v1.0 IDOR Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 128.0.3 64 bits ...
Aruba 501 CN12G5W0XX Remote Command Execution
Exploit Title: Remote Command Execution | Aurba 501 Date: 17-07-2024 Exploit Author: Hosein Vita Vendor Homepage: https://www.hpe.com Version: Aurba 501 CN12G5W0XX Tested on: Linux import requests from requests.auth import HTTPBasicAuth def getinputprompt, defaultvalue: userinput = inputprompt...
WordPress Shield Security 20.0.5 Cross Site Scripting
Exploit Title: CVE-2024-7313 - Reflected XSS to Unauthorised Administrator Account Creation Google Dork: inurl:"/wp-content/plugins/wp-simple-firewall/" Cannot find version numbers from this DORK Date: 16/08/2024 Exploit Author: Tim Lepp Vendor Homepage: https://getshieldsecurity.com/ Software...
WinRAR 6.22 Remote Code Execution
Exploit Title : EXPLOIT WinRAR version 6.22 Vulnerability CVE-2023-38831 Author : E1.Coders Contact : E1.Coders at Mail dot RU Security Risk : High Description : All target's GOV & Military websites Expl0iTs: include include include include "zip.h" define PDFFILE "document.pdf" define FOLDERNAME...
Task Management System 1.0 SQL Injection
Exploit Title: SourceCodester PHP Task Management System 1.0 update-employee.php - SQL Injection Date: 22 March 2024 Exploit Author: Gnanaraj Mauviel @0xm3m Vendor Homepage: https://www.sourcecodester.com/php/17217/employee-management-system-php-and-mysql-free-download.html Software Link:...
islamnt CMS 2.1.0 Add Administrator
==================================================================================================================================== | Title : islamnt CMS v2.1.0 Add ADmin Vulnerability Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox...
G And G Corporate CMS 1.0 SQL Injection
==================================================================================================================================== | Title : G&G Corporate CMS v1.0 Auth by Pass Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 66.0.232-bi...
Evsanati Radyo 1.0 Shell Upload
==================================================================================================================================== | Title : evsanati radyo v1.0 Remote File Upload Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 64.0.2...
Chevereto CMS 3.7.0 SQL Injection
==================================================================================================================================== | Title : Chevereto CMS V3.7.0 Sql injection Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 66.0.264-bit...
Kolibri 2.0 Buffer Overflow
!/usr/bin/python3 Exploit Title: Kolibri GET request buffer Overflow Stack Egghunter Date: 2 Augst 2023 Exploit Author: Mahmoud NourEldin @Engacker Vendor App: https://www.exploit-db.com/apps/4d4e15b98e105facf94e4fd6a1f9eb78-Kolibri-2.0-win.zip Version: Kolibri 2.0 Tested on: Windows 10...
Ciuis CRM 1.0.8 Add Administrator
==================================================================================================================================== | Title : Ciuis™ CRM v1.0.7 add administrator Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 66.0.264-bi...
Bigware-Shop CMS 2.1 Insecure Direct Object Reference
==================================================================================================================================== | Title : Bigware-Shop CMS v2.1 IDOR Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 66.0.264-bit | |...
Argon Dashboard 2 SQL Injection
==================================================================================================================================== | Title : Argon Dashboard 2 Auth By Pass Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 109.064-bit | |...
WordPress Shield Security 17.0.17 Cross Site Scripting / Missing Authorization
Affected Plugin: Shield Security – Smart Bot Blocking & Intrusion Prevention Plugin Slug: wp-simple-firewall Affected Versions: = 17.0.17 CVE ID: CVE-2023-0992 CVSS Score: 7.2 High CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N Researcher/s: Ramuel Gall Fully Patched Version: 17.0.18 T...
IBM Instana 243-0 Missing Authentication
Exploit Title: Docker based datastores for IBM Instana 241-2 243-0 - No Authentication Google Dork: if applicable Date: 06 March 2023 Exploit Author: Shahid Parvez zippon Vendor Homepage: https://www.instana.com/trial/ and https://www.ibm.com/docs/en/instana-observability Software Link:...
Active eCommerce CMS 6.3.0 Cross Site Scripting
Exploit Title: Active eCommerce CMS Cross Site Scripting Exploit Author: th3d1gger Vendor Homepage: https://codecanyon.net Software Link: https://codecanyon.net/item/active-ecommerce-cms/23471405 Version: Version 6.3.0 Tested on Ubuntu 18.04 -------Request----------- POST /ajax-search HTTP/1.1...
Polar Flow Android 5.7.1 Secret Disclosure
Trovent Security Advisory 2110-01 Insecure data storage in Polar Flow Android application Overview Advisory ID: TRSA-2110-01 Advisory version: 1.0 Advisory status: Public Advisory URL: https://trovent.io/security-advisory-2110-01 Affected product: Polar Flow Android mobile application...
Backdoor.Win32.InfecDoor.17.c MVID-2022-0614 Insecure Permissions
Discovery / credits: Malvuln John Page aka hyp3rlinx c 2022 Original source: https://malvuln.com/advisory/1fd70e41918c3a75c634b1c234ec36fb.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.InfecDoor.17.c Vulnerability: Insecure Permissions Description: The malware...