50738 matches found
Human Resource Information System 0.1 Remote Code Execution
Exploit Title: Human Resource Information System 0.1 - Remote Code Execution Unauthenticated Date: 04-05-2021 Exploit Author: Reza Afsahi Vendor Homepage: https://www.sourcecodester.com Software Link:...
Online News Portal 1.0 Cross Site Request Forgery / Cross Site Scripting
Exploit Title: Online News Portal | Stored XSS + CSRF Example Exploit Author: Richard Jones Date: 2021-03-18 Vendor Homepage: https://www.sourcecodester.com/php/14741/online-news-portal-using-phpmysqli-free-download-source-code.html Software Link:...
KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 Unauthenticated Log Disclosure
KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 Unauthenticated Log Disclosure Vendor: KZ Broadband Technologies, Ltd. | Jaton Technology, Ltd. Product web page: http://www.kzbtech.com | http://www.jatontec.com | https://www.neotel.mk http://www.jatontec.com/products/show.php?itemid=258...
Backdoor.Win32.WinShell.30 Remote Stack Buffer Overflow / Missing Authentication
Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/56a2b135c8d35561ea5b04694155eb77.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.WinShell.30 Vulnerability: Remote Stack Buffer Overflow / Missing Authentication...
H2 Database 1.4.199 JNI Code Execution
Exploit Title: H2 Database 1.4.199 - JNI Code Execution Exploit Author: 1F98D Original Author: Markus Wulftange Date: 28 April 2020 Vendor Hompage: https://www.h2database.com/ Tested on: Windows 10 x64, Java 1.8, H2 1.4.199 References:...
Trojan.Win32.Antavka.bz Insecure Permissions / Privilege Escalation
Discovery / credits: malvuln - Malvuln.com c 2021 Original source: http://malvuln.com/advisory/2e4573d8925be404a9a1ff49ee2f5bc3.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Trojan.Win32.Antavka.bz Vulnerability: Insecure Permissions EoP Description: Change permissions are...
Quick Player 1.3 Buffer Overflow
Exploit Title: Quick Player 1.3 - '.m3l' Buffer Overflow Unicode & SEH Date: 2020-06-05 Author: Felipe Winsnes Software Link: http://download.cnet.com/Quick-Player/3640-21684-10871418.html Version: 1.3 Tested on: Windows 7 Proof of Concept: 1.- Run the python script "poc.py", it will create a new...
Online Course Registration 1.0 SQL Injection
Exploit Title: Online Course Registration 1.0 - Authentication Bypass Google Dork: N/A Date: 2020-06-05 Exploit Author: BKpatron Vendor Homepage: https://www.sourcecodester.com/php/14251/online-course-registration.html Software Link:...
Microsoft Windows Internet Settings Security Feature Bypass
Exploit Title: Microsoft Windows 'Internet Settings' Misconfiguration Security Feature Bypass Vulnerability Google Dork: N/A Date: September, 17 2019 Exploit Author: Eduardo Braun Prado Vendor Homepage: http://www.microsoft.com/ Software Link: http://www.microsoft.com/ Version: Windows 7 SP1, 8.0...
CAMALEON CMS 2.4 Cross Site Scripting
Exploit Title: CAMALEON CMS 2.4 - Cross-Site Scripting Date: 2018-10-11 Exploit Author: Ismail Tasdelen Vendor Homepage: http://camaleon.tuzitio.com/ Software Link : https://github.com/owen2345/camaleon-cms Software : CAMALEON CMS Version : 2.4 Vulernability Type : Cross-site Scripting...
ABB Cylon Aspect 3.08.00 yumSettings.php Command Injection
ABB Cylon Aspect 3.08.00 yumSettings.php Remote Code Execution Vendor: ABB Ltd. Product web page: https://www.global.abb Affected version: NEXUS Series, MATRIX-2 Series, ASPECT-Enterprise, ASPECT-Studio Firmware: =3.08.00 Summary: ASPECT is an award-winning scalable building energy management and...
SPIP 4.2.7 Code Execution
============================================================================================================================================= | Title : SPIP 4.2.7 PHP Code execution Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 129.0.1 64 bits |...
NTP Clock Variables Disclosure
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'NTP Clock Variables Disclosure', 'Description' = %q This module reads the system internal NTP variables. These variables contain potentially...
Online Bus Ticketing 1.0 Insecure Direct Object Reference
============================================================================================================================================= | Title : Online Bus Ticketing v1.0 IDOR Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 128.0.3 64 bits ...
Helmholz Industrial Router REX100 / MBConnectline mbNET.mini 2.2.11 Command Injection
CyberDanube Security Research 20240703-0 ------------------------------------------------------------------------------- title| Authenticated Command Injection product| Helmholz Industrial Router REX100 | MBConnectline mbNET.mini vulnerable version| = 2.2.11 fixed version| 2.2.13 CVE number|...
Systemd Insecure PTY Handling
Systemd Insecure PTY Handling Vulnerability =========================================== CVSSv3.BaseScore: 5.8 CVSSv3.Vector: AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:L/A:N Short Description ================= Systemd-run/run0 allocates user-owned pty's and attaches the slave to high privilege programs withou...
Numbas Remote Code Execution
Exploit Title: Numbas v7.3 - Remote Code Execution Google Dork: N/A Date: March 7th, 2024 Exploit Author: Matheus Boschetti Vendor Homepage: https://www.numbas.org.uk/ Software Link: https://github.com/numbas/Numbas Version: 7.2 and below Tested on: Linux CVE: CVE-2024-27612 import sys, requests,...
XAMPP 5.6.40 SQL Injection
Exploit Title: XAMPP - Error Based SQL Injection Date: 02/2024 Exploit Author: Andrey Stoykov Version: 5.6.40 Tested on: Ubuntu 22.04 Blog: http://msecureltd.blogspot.com Steps to Reproduce: 1. Login to phpmyadmin 2. Visit Export New Template test Create 3. Navigate to "Existing Templates" 4...
User Registration And Login And User Management System 3.0 Cross Site Scripting
Exploit Title: User Registration & Login and User Management System v3.0 - Stored Cross-Site Scripting XSS Google Dork: NA Date: 19/08/2023 Exploit Author: Ashutosh Singh Umath Vendor Homepage: https://phpgurukul.com Software Link:...
FAST TECH CMS 1.0 SQL Injection
==================================================================================================================================== | Title : FAST TECH CMS v1.0 Auth By Pass Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 73.0.132-bit | ...
Crypto Currency Tracker (CCT) 9.5 Add Administrator
Exploit Title: Crypto Currency Tracker CCT - Admin Account Creation Unauthenticated Date: 11.08.2023 Exploit Author: 0xBr Software Link: https://codecanyon.net/item/crypto-currency-tracker-prices-charts-news-icos-info-and-more/21588008 Version: =9.5 CVE: CVE-2023-37759 POST /en/user/register HTTP...
Rocket LMS 1.7 Cross Site Scripting
┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...
ACJWEB DESIGNER 1.0 Cross Site Scripting
======================================================================================| | Title : ACJWEB DESIGNER v 1.0 XSS Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 108.032-bit | | Vendor : [email protected] | | Drok :...
projectSend r1605 Cross Site Scripting
Exploit Title: projectSend r1605 - Stored XSS Application: projectSend Version: r1605 Bugs: Stored Xss Technology: PHP Vendor URL: https://www.projectsend.org/ Software Link: https://www.projectsend.org/ Date of found: 11-06-2023 Author: Mirabbas Ağalarov Tested on: Linux 2. Technical Details & P...
Anevia Flamingo XL/XS 3.6.x Default / Hardcoded Credentials
Anevia Flamingo XL/XS 3.6.x Default/Hard-coded Credentials Vendor: Ateme Product web page: https://www.ateme.com Affected version: 3.6.20, 3.2.9 Hardware revision 1.1, 1.0 SoapLive 2.4.1, 2.0.3 SoapSystem 1.3.1 Summary: Flamingo XL, a new modular and high-density IPTV head-end product for...
eBankIT 6 Arbitrary OTP Generation
CVE-2023-33291 Description In eBankIT 6, the public endpoints /public/token/Email/generate and /public/token/SMS/generate allow generation of OTP messages to any email address or phone number without validation. ------------------------------------------ Additional Information The cookies in the...
IBM Instana 243-0 Missing Authentication
Exploit Title: Docker based datastores for IBM Instana 241-2 243-0 - No Authentication Google Dork: if applicable Date: 06 March 2023 Exploit Author: Shahid Parvez zippon Vendor Homepage: https://www.instana.com/trial/ and https://www.ibm.com/docs/en/instana-observability Software Link:...
Wondershare Dr Fone 12.9.6 Weak Permissions / Privilege Escalation
Executive Summary: Product Name: Wondershare Dr. Fone Vendor Home Page: https://drfone.wondershare.com Affected Versions: Dr Fone version 12.9.6 Vulnerability Type: Execution with Unnecessary Privileges CWE-250 CVE Reference: CVE-2023-27010. Credit: Thurein Soe Vendor Description: Wondershare Dr...
Purchase Order Management 1.0 Cross Site Scripting
Title: Purchase Order Management-1.0 - XSS-Reflected - Information-gathering Author: nu11secur1ty Date: 03.06.2023 Vendor: https://www.sourcecodester.com/user/257130/activity Software: https://www.sourcecodester.com/php/14935/purchase-order-management-system-using-php-free-source-code.html...
Barracuda CloudGen WAN OS Command Injection
SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: OS Command Injection product: Barracuda CloudGen WAN vulnerable version: v8. hotfix 1089 fixed version: v8. with hotfix webui-sdwan-1089-8.3.1-174141891 or above version...
AmazCart Laravel Ecommerce System CMS 3.4 Cross Site Scripting
Exploit Title: AmazCart - Laravel Ecommerce System CMS 3.4 - 'Search' Cross-Site-Scripting — Reflected AJAX Date: 17/01/2023 Exploit Author: Sajibe Kanti CVE ID: Vendor Name: CodeThemes Vendor Homepage: https://spondonit.com/ Software Link:...
WordPress GetYourGuide Ticketing 1.0.1 Cross Site Scripting
Exploit Title: WordPress Plugin ‘GetYourGuide Ticketing’ - Stored Cross-Site Scripting Date: 18-09-2022 Exploit Author: Mariam Tariq - HunterSherlock Vendor Homepage: https://wordpress.org/plugins/search/GetYourGuide+Ticketing/ Version: 1.0.1 Tested on: Firefox Contact me: [email protected]...
Kite 1.2021.610.0 Unquoted Service Path
Exploit Title: Kite 1.2021.610.0 - Unquoted Service Path Date: 2020-11-6 Exploit Author: Ghaleb Al-otaibi Vendor Homepage: https://www.kite.com/ Version: Version 4.2.0.1 U1 Tested on: Microsoft Windows 10 Pro - 10.0.19044 N/A Build 19044 CVE : NA Service info: C:\Windows\system32\cmd.exesc qc...
Sourcegraph Gitserver 3.36.3 Remote Code Execution
Exploit Title: Sourcegraph Gitserver 3.36.3 - Remote Code Execution RCE Date: 2022-06-10 Exploit Author: Altelus Vendor Homepage: https://about.sourcegraph.com/ Version: 3.63.3 Tested on: Linux CVE : CVE-2022-23642 Docker Container: sourcegraph/server:3.36.3 Sourcegraph prior to 3.37.0 has a remo...
Multi Store Inventory Management System 1.0 Information Disclosure
Exploit Title: Multi Store Inventory Management System - Information Disclosure Date: 04/04/2022 Exploit Author: Saud Alenazi Vendor Homepage: https://www.bdtask.com/ Software Link: https://www.campcodes.com/projects/php/complete-multi-store-inventory-management-system-in-php-mysql/ Version: 1.0...
Razer Synapse 3.6.x DLL Hijacking
Advisory ID: SYSS-2021-058 Product: Razer Synapse Manufacturer: Razer Inc. Affected Versions: Versions prior to 3.7.0228.022817 Tested Versions: 3.6.0920.091710, 3.6.1010.101113, 3.6.1018.101823, 3.6.1130.111217, 3.6.1201.111814, 3.7.0131.011810 Vulnerability Type: Improper Privilege Management...
Backdoor.Win32.RemoteNC.beta4 Remote Command Execution
Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/2862de561d91eedb265df4ae9b0fc872.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.RemoteNC.beta4 Vulnerability: Unauthenticated Remote Command Execution Description: T...
Backdoor.Win32.Acropolis.10 Insecure Permissions
Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/c3e2bbe5dca96687422f2b4e8c80f4ce.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Acropolis.10 Vulnerability: Insecure Permissions Description: The malware writes a PE...
WordPress Secure Copy Content Protection And Content Locking 2.8.1 SQL Injection
Exploit Title: WordPress Plugin Secure Copy Content Protection and Content Locking 2.8.1 - SQL-Injection Unauthenticated Date 08.02.2022 Exploit Author: Ron Jost Hacker5preme Vendor Homepage: https://ays-pro.com/ Software Link:...
Ab Stealer Web Panel Cross Site Scripting
Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/9e44c10307aa8194753896ecf8102167.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Ab Stealer Web Panel Vulnerability: Unauthenticated Remote Persistent XSS Description: The "Ab...
Vehicle Service Management System 1.0 SQL Injection
Exploit Title: Vehicle Service Managment 1.0 - SQL Injection Error Based Date: 2021-10-02 Exploit Author: RICHARD JONES Vendor Homepage: https://www.sourcecodester.com/php/14972/vehicle-service-management-system-php-free-source-code.html Software Link:...
Vehicle Parking Management System 1.0 Cross Site Scripting
Exploit Title: Vehicle Parking Management System - Stored Cross-Site-Scripting XSS Date: 2021-07-09 Exploit Author: faisalfs10x https://github.com/faisalfs10x Vendor Homepage: https://phpgurukul.com Software Link: https://phpgurukul.com/vehicle-parking-management-system-using-php-and-mysql/...
HEUR.Backdoor.Win32.Winnti.gen Insecure Permissions
Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/eb272fe923ccf3e66fde1bf309cbc464.txt Contact: [email protected] Media: twitter.com/malvuln Threat: HEUR.Backdoor.Win32.Winnti.gen Vulnerability: Insecure Permissions Description: The malware creates ...
Aruba Instant 8.7.1.0 Arbitrary File Modification
Exploit Title: Aruba Instant 8.7.1.0 - Arbitrary File Modification Date: 15/07/2021 Exploit Author: Gr33nh4t Vendor Homepage: https://www.arubanetworks.com/ Version: Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below Aruba Instant 6.5.x: 6.5.4.18 and below Aruba Instant 8.3.x: 8.3.0.14 and below Aru...
Backdoor.Win32.Zombam.gen Code Execution
Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/ff6516c881dee555b0cd253408b64404B.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Zombam.gen Vulnerability: Unauthenticated URL Command Injection Description: Zombam...
Trojan.Win32.Sharer.h Code Execution
Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/9f80c3b1e7f5f6f7d0c8aea25fe83551.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Trojan.Win32.Sharer.h Vulnerability: Anonymous Logon RCE Description: Sharer.h by GOLDSWORD -...
Project Expense Monitoring System 1.0 SQL Injection
Exploit Title: Project Expense Monitoring System | SQL Login Bypass Multiple Exploit Author: Richard Jones Date: 2021-03-28 Vendor Homepage: https://www.sourcecodester.com/php/14001/project-expense-monitoring-system-project-php-source-code-2020.html Software Link:...
Trojan-Dropper.Win32.Demp.rft Insecure Permissions
Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/db01783710e0c5aff92156a0e76deade.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Trojan-Dropper.Win32.Demp.rft Vulnerability: Insecure Permissions Description: The specimen creates ...
SCO Openserver 5.0.7 Cross Site Scripting
Exploit Title: SCO Openserver 5.0.7 - 'section' Reflected XSS Google Dork: inurl:/cgi-bin/manlist?section Discovered Date: 14/06/2020 Author: Ramikan Vendor Homepage: https://www.xinuos.com/products Software Link: https://www.sco.com/products/openserver507/-overview Affected Version: Tested on...
Carel pCOWeb HVAC Insecure Credential Storage
Advisory: Unsafe Storage of Credentials in Carel pCOWeb HVAC The Carel pCOWeb card stores password hashes in the file "/etc/passwd", allowing privilege escalation by authenticated users. Additionally, plaintext copies of the passwords are stored. Details ======= Product: HVAC units using the OEM...