50748 matches found
Razer Synapse 3.6.x DLL Hijacking
Advisory ID: SYSS-2021-058 Product: Razer Synapse Manufacturer: Razer Inc. Affected Versions: Versions prior to 3.7.0228.022817 Tested Versions: 3.6.0920.091710, 3.6.1010.101113, 3.6.1018.101823, 3.6.1130.111217, 3.6.1201.111814, 3.7.0131.011810 Vulnerability Type: Improper Privilege Management...
Backdoor.Win32.RemoteNC.beta4 Remote Command Execution
Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/2862de561d91eedb265df4ae9b0fc872.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.RemoteNC.beta4 Vulnerability: Unauthenticated Remote Command Execution Description: T...
WordPress Secure Copy Content Protection And Content Locking 2.8.1 SQL Injection
Exploit Title: WordPress Plugin Secure Copy Content Protection and Content Locking 2.8.1 - SQL-Injection Unauthenticated Date 08.02.2022 Exploit Author: Ron Jost Hacker5preme Vendor Homepage: https://ays-pro.com/ Software Link:...
Online Project Time Management 1.0 SQL Injection
Title: Online Project Time Management 1.0 Multiple SQL - Injections Author: nu11secur1ty Date: 01.20.2022 Vendor: https://www.sourcecodester.com/users/tips23 Software: https://www.sourcecodester.com/php/15136/online-project-time-management-system-phpoop-free-source-code.html Description: The pid...
Vehicle Service Management System 1.0 SQL Injection
Exploit Title: Vehicle Service Managment 1.0 - SQL Injection Error Based Date: 2021-10-02 Exploit Author: RICHARD JONES Vendor Homepage: https://www.sourcecodester.com/php/14972/vehicle-service-management-system-php-free-source-code.html Software Link:...
Vehicle Parking Management System 1.0 Cross Site Scripting
Exploit Title: Vehicle Parking Management System - Stored Cross-Site-Scripting XSS Date: 2021-07-09 Exploit Author: faisalfs10x https://github.com/faisalfs10x Vendor Homepage: https://phpgurukul.com Software Link: https://phpgurukul.com/vehicle-parking-management-system-using-php-and-mysql/...
Backdoor.Win32.Zombam.gen Code Execution
Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/ff6516c881dee555b0cd253408b64404B.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Zombam.gen Vulnerability: Unauthenticated URL Command Injection Description: Zombam...
Project Expense Monitoring System 1.0 SQL Injection
Exploit Title: Project Expense Monitoring System | SQL Login Bypass Multiple Exploit Author: Richard Jones Date: 2021-03-28 Vendor Homepage: https://www.sourcecodester.com/php/14001/project-expense-monitoring-system-project-php-source-code-2020.html Software Link:...
Trojan-Dropper.Win32.Demp.rft Insecure Permissions
Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/db01783710e0c5aff92156a0e76deade.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Trojan-Dropper.Win32.Demp.rft Vulnerability: Insecure Permissions Description: The specimen creates ...
Local Services Search Engine Management System 1.0 Cross Site Scripting
Exploit Title: Local Services Search Engine Management System LSSMES 1.0 - 'name' Persistent Cross-Site Scripting XSS Date: 2021-03-03 Exploit Author: Tushar Vaidya Vendor Homepage: https://phpgurukul.com/local-services-search-engine-management-system-using-php-and-mysql/ Software Link:...
Trojan-Spy.Win32.WinSpy.wlt Insecure Permissions
Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/00e1c4a654756dd6c9c81437c01ee3dd.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Trojan-Spy.Win32.WinSpy.wlt Vulnerability: Insecure Permissions Description: WinSpy.wlt trojan drops...
SCO Openserver 5.0.7 Cross Site Scripting
Exploit Title: SCO Openserver 5.0.7 - 'section' Reflected XSS Google Dork: inurl:/cgi-bin/manlist?section Discovered Date: 14/06/2020 Author: Ramikan Vendor Homepage: https://www.xinuos.com/products Software Link: https://www.sco.com/products/openserver507/-overview Affected Version: Tested on...
Blueman Local Root / Privilege Escalation
Exploit Title: Local Privilege Escalation in Blueman 2.1.4 Date: 2020-10-27 Exploit Author: Vaisha Bernard vbernard - at - eyecontrol.nl Vendor Homepage: https://github.com/blueman-project/blueman Software Link: https://github.com/blueman-project/blueman Version: 2.1.4 Tested on: Ubuntu 20.04 CVE...
SEO Panel 4.6.0 Remote Code Execution
Exploit Title: SEO Panel 4.6.0 - Remote Code Execution Google Dork: N/A Date: 2020-10-03 Exploit Author: Kiko Andreu kikoas1995 & Daniel Monzón stark0de Vendor Homepage: https://seopanel.org/ Software Link: https://www.seopanel.org/spdownload/4.6.0 Version: 4.6.0 Tested on: Kali Linux x64 5.4.0 C...
Fastweb Fastgate 0.00.81 Remote Code Execution
Exploit Title: Fastweb Fastgate 0.00.81 - Remote Code Execution Date: 2019-11-13 Exploit Author: Riccardo Gasparini Vendor Homepage: https://www.fastweb.it/ Software Link: http://59.0.121.191:8080/ACS-server/file/0.00.81FW200Askey only from Fastweb ISP network Version: 0.00.81 Tested on: Linux CV...
Carel pCOWeb HVAC Insecure Credential Storage
Advisory: Unsafe Storage of Credentials in Carel pCOWeb HVAC The Carel pCOWeb card stores password hashes in the file "/etc/passwd", allowing privilege escalation by authenticated users. Additionally, plaintext copies of the passwords are stored. Details ======= Product: HVAC units using the OEM...
Cisco IronPort C350 Header Injection
!/usr/bin/perl -w Cisco IronPort C350 Remote Header 'Host' Injection Copyright 2019 c Todor Donev Disclaimer: This or previous programs are for Educational purpose ONLY. Do not use it without permission. The usual disclaimer applies, especially the fact that Todor Donev is not liable for any...
WordPress Ninja Forms 3.3.17 Cross Site Scripting
Exploit Title: Wordpress Plugin Ninja Forms 3.3.17 - Cross-Site Scripting Date: 2018-11-15 Exploit Author: MTK Vendor Homepage: https://ninjaforms.com Softwae Link: https://wordpress.org/plugins/ninja-forms/ Version: Up to V3.3.17 Tested on: Debian 9 - Apache2 - Wordpress 4.9.8 - Firefox CVE :...
📄 Grav CMS 1.7.49.5 Sandbox Bypass
This code is a standalone PHP proof of concept exploit targeting Grav CMS version 1.7.49.5 that demonstrates an authenticated remote code execution vulnerability caused by a Twig server-side template injection combined with a sandbox bypass...
📄 Online Shopping System Advanced 1.0 Shell Upload / SQL Injection
Online Shopping System Advanced version 1.0 suffers from remote shell upload and remote SQL injection vulnerabilities. Exploit Title: Online Shopping System Advanced - Remote Code Execution Date: 2025-03-11 Exploit Author: bRpsd Contact: [email protected] Zone-H: www.zone-h.org/archive/notifier=bRpsd...
📄 GestioIP 3.5.7 Cross Site Request Forgery
GestioIP version 3.5.7 suffers from a cross site request forgery vulnerability. Exploit Title: GestioIP 3.5.7 - GestioIP Vulnerability: Auth. Cross-Site Request Forgery CSRF Exploit Author: m4xth0r Maximiliano Belino Author website: https://maxibelino.github.io/ Author email : max.cybersecurity a...
Adobe Reader 11.0.10 CoolType Out-Of-Bounds Read
Adobe Reader version 11.0.10 proof of concept exploit that demonstrates an out-of-bounds read found in 2015. ============================================================================================================================================= | Title : Adobe Reader 11.0.10 CoolType...
OpenAdmin 0.3.4 Cross Site Request Forgery
Cross site request forgery in the Users and Change Root Password functions in OpenAdmin version 0.3.4 allows remote attackers to perform attacks enabling unauthorized actions that could lead to privilege escalation. Exploit Title: OpenAdmin 0.3.4 - Multiple CSRF Vulnerabilities Date: Nov 8, 2024...
Grafana 9.5.1 Server-Side Request Forgery
Grafana version 9.5.1 suffers from a server-side request forgery vulnerability. ============================================================================================================================================= | Title : Grafana 9.5.1 PHP Code Injection Vulnerability | | Author :...
Siemens Unlocked JTAG Interface / Buffer Overflow
SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Unlocked JTAG interface and buffer overflow product: Siemens SM-2558 Protocol Element extension module for Siemens SICAM AK3/TM/BC, Siemens CP-2016 & CP-2019 vulnerable...
Palo Alto Expedition 1.2.91 Remote Code Execution
class MetasploitModule 'Palo Alto Expedition Remote Code Execution CVE-2024-5910 and CVE-2024-9464', 'Description' = %q Obtain remote code execution in Palo Alto Expedition version 1.2.91 and below. The first vulnerability, CVE-2024-5910, allows to reset the password of the admin user, and the...
Sysax Multi Server 6.99 Cross Site Scripting
Exploit Title: Sysax Multi Server 6.99 - Reflected XSS Date: 2024-11-03 Exploit Author: Yehia Elghaly Mrvar0x Vendor Homepage: https://www.sysax.com/ Software Link: https://www.sysax.com/download/sysaxservsetup.msi Version: MultiServer 6.99 Tested on: Windows 10 x64 Reflected XSS - Affected...
Qualitor 8.24 Server-Side Request Forgery
CVE-2024-48360 | Qualitor = v8.24 Unauthenticated SSRF Description Qualitor is a platform for business process management, and this system is present in various companies in Brazil that can be identified simply by using Google dorking. Our team identified a vulnerability in the application...
SPIP BigUp 4.2.15 Code Injection
============================================================================================================================================= | Title : SPIP BigUp 4.2.15 php code injection Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 130.0.0 64...
Appointment Scheduler 3.0 Insecure Direct Object Reference
============================================================================================================================================= | Title : Appointment Scheduler v3.0 IDOR Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 128.0.3 64 bits...
Chyrp 2.5.2 Cross Site Scripting
Chyrp 2.5.2 - Stored Cross-Site Scripting XSS Date: 2024-04-24 Exploit Author: Ahmet Ümit BAYRAM Vendor Homepage: https://github.com/chyrp/ Software Link: https://github.com/chyrp/chyrp/archive/refs/tags/v2.5.2.zip Version: 2.5.2 Tested on: MacOS Steps to Reproduce - Login from the address:...
GUnet OpenEclass E-learning 3.15 File Upload / Command Execution
import requests import argparse import zipfile import os import sys RED = '\03391m' GREEN = '\03392m' YELLOW = '\03393m' RESET = '\0330m' ORANGE = '\03338;5;208m' MALICIOUSPAYLOAD = """\ """ def banner: printf'''RED YELLOW ============================ Author: Frey ============================...
SUPERAntiSpyware Professional X 10.0.1264 DLL Hijacking / Privilege Escalation
Title: SUPERAntiSpyware Professional X Version =10.0.1264 "version.dll" Local Privilege Escalation Date: 03.04.2024 Author: M. Akil Gündoğan Vendor Homepage: https://superantispyware.com/ Version: 10.0.1262 and lastest version 10.0.1264 Tested on: Windows 10 Professional x64 PoC Video:...
PHPJabbers Bus Reservation System 1.1 CSV Injection
Exploit Title: PHPJabbers Bus Reservation System v1.1 - CSV Injection Date: 19/12/2023 Exploit Author: BugsBD Limited Discover by: Rahad Chowdhury Vendor Homepage: https://www.phpjabbers.com/ Software Link: https://www.phpjabbers.com/bus-reservation-system/sectionDemo Version: v1.1 Tested on:...
GaatiTrack Courier Management System 1.0 SQL Injection
Exploit Title: GaatiTrack Courier Management System v1.0 - SQL Injection Date: 13/11/2023 Exploit Author: BugsBD Limited Discover by: Rahad Chowdhury Vendor Homepage: https://www.mayurik.com/ Software Link: https://www.mayurik.com/source-code/P0998/best-courier-management-system-project-in-php...
EnBw SENEC Legacy Storage Box Hardcoded Credentials
Advisory ID: Ph0s-2023-003 Product: EnBw - SENEC legacy storage box: V1-V3 Manufacturer: SENEC - a part of EnBw Affected Versions: Firmware: all as of 2023-06-19 Tested Versions: current Vulnerability Type: CWE-307: Improper Restriction of Excessive Authentication Attempts CWE-798: Use of...
NLB mKlik Makedonija 3.3.12 SQL Injection
NLB mKlik Makedonija 3.3.12 SQL Injection Vendor: NLB Banka AD Skopje Product web page: https://www.nlb.mk Google Play: https://play.google.com/store/apps/details?id=hr.asseco.android.jimba.tutunskamk.production Affected version: 3.3.12 Summary: NLB mKlik е мобилна апликација наменета за физички...
SyncBreeze 15.2.24 Denial Of Service
Exploit Title: SyncBreeze 15.2.24 -'login' Denial of Service Date: 30/08/2023 Exploit Author: mohamed youssef Vendor Homepage: https://www.syncbreeze.com/ Software Link: https://www.syncbreeze.com/setups/syncbreezesetupv15.4.32.exe Version: 15.2.24 Tested on: windows 10 64-bit import socket impor...
Gravigra CMS 1.0 SQL Injection
==================================================================================================================================== | Title : Gravigra CMS v1.0 Sql injection Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 63.0.3 32-bit |...
Joomla Fireboard 1.3 SQL Injection
==================================================================================================================================== | Title : Joomla com fireboard v1.3 SQL Injection Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 63.0.3...
Jedox 2020.2.5 Groovy-Scripts Remote Code Execution
Exploit Title: Jedox 2020.2.5 - Remote Code Execution via Executable Groovy-Scripts Date: 28/04/2023 Exploit Author: Syslifters - Christoph Mahrl, Aron Molnar, Patrick Pirker and Michael Wedl Vendor Homepage: https://jedox.com Version: Jedox 2020.2 20.2.5 and older CVE : CVE-2022-47876 Introducti...
WordPress WPvivid Backup Path Traversal
===== Tempest Security Intelligence - ADV-15/2022 ========================== Wordpress plugin - WPvivid Backup - Version 0.9.76 Author: Rodolfo Tavares Tempest Security Intelligence - Recife, Pernambuco - Brazil ===== Table of Contents================================================== Overview...
DouPHP 1.2 Release 20141027 SQL Injection
==================================================================================================================================== | Title : DouPHP v1.2 Release 20141027 SQL Injection Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox...
Sherpa Connector Service 2020.2.20328.2050 Unquoted Service Path
Exploit Title: Sherpa Connector Service v2020.2.20328.2050 - Unquoted Service Path Exploit Author: Manthan Chhabra netsectuna, Harshit fumenoid Version: 2020.2.20328.2050 Date: 02/04/2022 Vendor Homepage: http://gimmal.com/ Vulnerability Type: Unquoted Service Path Tested on: Windows 10 CVE:...
Tdarr 2.00.15 Command Injection
Exploit Title: Tdarr 2.00.15 - Command Injection Date: 10/03/2022 Exploit Author: Sam Smith Vendor Homepage: https://tdarr.io Software Link: https://f000.backblazeb2.com/file/tdarrs/versions/2.00.15/linuxarm64/TdarrServer.zip Version: 2.00.15 likely also older versions Tested on: 2.00.15 Exploit:...
Kyocera Command Center RX ECOSYS M2035dn Directory Traversal
Exploit Title: Kyocera Command Center RX ECOSYS M2035dn - Directory Traversal File Disclosure Unauthenticated Author: Luis Martinez Discovery Date: 2022-02-10 Vendor Homepage: https://www.kyoceradocumentsolutions.com/asia/en/products/business-application/command-center-rx.html Tested Version:...
Backdoor.Win32.FTP.Simpel.12 Insecure Crypto Implementation
Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/1d12f9b921b38d7b521f12442bdd52d8B.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.FTP.Simpel.12 Vulnerability: Insecure Crypto Description: The malware listens on TCP...
Logitech Media Server 8.2.0 Cross Site Scripting
Exploit Title: Logitech Media Server 8.2.0 - 'Title' Cross-Site Scripting XSS Shodan Dork: Search Logitech Media Server Date: 12.10.2021 Exploit Author: Mert Das Vendor Homepage: www.logitech.com Version: 8.2.0 Tested on: Windows 10, Linux POC: 1. Go to Settings / Interface tab 2. Add payload to...
College Management System 1.0 Arbitrary File Upload
Exploit Title: college management system - Arbitrary File Upload Unauthenticated Date: 01/10/2021 Exploit Author: Abdulrahman https://twitter.com/infosec90 Vendor Homepage: https://www.eedunext.com/ Software Link: https://code-projects.org/college-management-system-in-php-with-source-code/ Versio...
Backdoor.Win32.Delf.acz Buffer Overflow
Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/065d89c63fa1057de98c727d4b044b98.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Delf.acz Vulnerability: Remote Stack Buffer Overflow SEH Description: The malware...