50738 matches found
Alkacon OpenCMS 10.5.x Local File Inclusion
Exploit Title: Alkacon OpenCMS 10.5.x - Multiple LFI in Alkacon OpenCms Site Management Google Dork: N/A Date: 18/07/2019 Exploit Author: Aetsu Vendor Homepage: http://www.opencms.org Software Link: https://github.com/alkacon/opencms-core Version: 10.5.x Tested on: 10.5.5 / 10.5.4 CVE :...
Alkacon OpenCMS 10.5.x Cross Site Scripting
Exploit Title: Alkacon OpenCMS 10.5.x - Multiple XSS in Apollo Template Google Dork: N/A Date: 18/07/2019 Exploit Author: Aetsu Vendor Homepage: http://www.opencms.org Software Link: https://github.com/alkacon/apollo-template Version: 10.5.x Tested on: 10.5.5 / 10.5.4 CVE : CVE-2019-13234,...
Simple E-Document 1.31 SQL Injection
Exploit Title: Simple E-Document 1.31 - 'username' SQL Injection Dork: N/A Date: 2018-11-14 Exploit Author: Ihsan Sencan Vendor Homepage: http://www.tecorange.com/index.php/download-free-open-source-software/79-simple-e-document-free-open-source-document-and-paper-m Software Link:...
PHP-Fusion 7.02.05 XSS / LFI / SQL Injection
waraxe-2013-SA097 - Multiple Vulnerabilities in PHP-Fusion 7.02.05 =============================================================================== Author: Janek Vind "waraxe" Date: 27. February 2013 Location: Estonia, Tartu Web: http://www.waraxe.us/advisory-97.html Description of vulnerable...
OpenPanel 0.3.4 Directory Traversal
OpenPanel version 0.3.4 suffers from multiple directory traversal vulnerabilities. Exploit Title: OpenPanel 0.3.4 - Directory Traversal in Copy Function of File Manager Date: Nov 25, 2024 Exploit Author: Korn Chaisuwan, Punthat Siriwan, Pongtorn Angsuchotmetee Vendor Homepage:...
3DSecure 2.0 3DS Authorization Method Cross Site Scripting
Product: 3DSecure 2.0 Manufacturer: Redsys Affected Versions: 3DSecure 2.0 3DS Authorization Method Tested Versions: 3DSecure 2.0 3DS Authorization Method Vulnerability Type: Cross-Site Scripting XSS Risk Level: Medium Solution Status: Not yet fixed Manufacturer Notification: 2024-01-17 Solution...
Texas Instruments Fusion Digital Power Designer 7.10.1 Credential Disclosure
Insufficiently Protected Credentials in Texas Instruments Fusion Digital Power Designer v.7.10.1 Credit: Gionathan Armando Reale...
Serendipity 2.5.0 Remote Code Execution
Exploit Title: Serendipity 2.5.0 - Remote Code Execution RCE Discovered by: Ahmet Ümit BAYRAM Discovered Date: 26.04.2024 Vendor Homepage: https://docs.s9y.org/ Software Link:https://www.s9y.org/latest Tested Version: v2.5.0 latest Tested on: MacOS import requests import time import random import...
Chrome 121 Javascript Fork Malloc Bomb
Searching the web for javascript fork malloc bomb returns results, e.g. here1: and here2: We got a javascript fork malloc bomb which crashed Chrome 121 on linux with SIGILL and about one in five runs the virtual machine freezes. SIGILL almost always is a sign of memory corruption : On android it...
ProSSHD 1.2 20090726 Denial Of Service
!/usr/bin/perl use Net::SSH2 Exploit Title: ProSSHD 1.2 20090726 - Denial of Service DoS Discovery by: Fernando Mengali Discovery Date: 13 january 2024 Vendor Homepage: https://prosshd.com/ Notification vendor: No reported Tested Version: ProSSHD 1.2 20090726 Tested on: Window XP Professional -...
PHPJabbers Hotel Booking System 4.0 CSV Injection
Exploit Title: PHPJabbers Hotel Booking System v4.0 - CSV Injection Date: 19/12/2023 Exploit Author: BugsBD Limited Discover by: Rahad Chowdhury Vendor Homepage: https://www.phpjabbers.com/ Software Link: https://www.phpjabbers.com/hotel-booking-system/sectionDemo Version: v4.0 Tested on: Windows...
GOM Player 2.3.90.5360 Buffer Overflow
Exploit Title: GOM Player 2.3.90.5360 - Buffer Overflow PoC Discovered by: Ahmet Ümit BAYRAM Discovered Date: 30.08.2023 Vendor Homepage: https://www.gomlab.com Software Link: https://cdn.gomlab.com/gretech/player/GOMPLAYERGLOBALSETUPNEW.EXE Tested Version: 2.3.90.5360 latest Tested on: Windows 1...
Humhub 1.3.13 Shell Upload
==================================================================================================================================== | Title : Humhub v1.3.13 Unrestricted File Upload Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox...
Quicklancer Freelance Marketplace 2.4 Cross Site Scripting
┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...
e-Biz Technocrats Pvt.Ltd SQL Injection
Exploit Title: Sql Injection on one site credentials can be use on other sites - Google Dork:" Designed and Developed by e-Biz Technocrats Pvt.Ltd " - Date: 05/11/2023 - Exploit Author: K1LL3rB4LL - Tested on: Mac, Windows, Linux Description: The vulnerability found is an SQL injection. You may r...
Roxy WI 6.1.0.0 Remote Command Execution
Exploit Title: Roxy WI v6.1.0.0 - Unauthenticated Remote Code Execution RCE via subprocessexecute Exploit Author: Iyaad Luqman K Application: Roxy WI = v6.1.0.0 Vendor Homepage: https://roxy-wi.org Software Link: https://github.com/hap-wi/roxy-wi.git Tested on: Ubuntu 22.04 CVE : CVE-2022-31137 P...
Tiki Wiki CMS Groupware 25.0 Cross Site Scripting
┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...
Gitea Git Fetch Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Gitea Git Fetch Remote Code Execution', 'Description' = %q This module exploits Git fetch command in Gitea repository migration process that lead...
Sagemath 9.0 Overflow / Denial Of Service
sagemath 9.0 and reportedly later on ubuntu 20. sagemath gives access to the python interpreter, so code execution is trivial. We give DoS attacks, which terminates the sagemath process with abort, when raising symbolic expression to large integer power. We get abort with stack: gmp: overflow in...
CodoForum 5.1 Remote Code Execution
Exploit Title: CodoForum v5.1 - Remote Code Execution RCE Date: 06/07/2022 Exploit Author: Krish Pandey @vikaran101 Vendor Homepage: https://codoforum.com/ Software Link: https://bitbucket.org/evnix/codoforumdownloads/downloads/codoforum.v.5.1.zip Version: CodoForum v5.1 Tested on: Ubuntu 20.04...
Online Car Wash Booking System 1.0 Blind SQL Injection
Exploit Title: Online Car Wash Booking System 1.0 - Unauthenticated blind SQL Injection Exploit Author: segf0lt Date: April 14, 2022 Vendor Homepage: https://www.sourcecodester.com/php/15274/online-car-wash-booking-system-phpoop-free-source-code.html Software Link:...
qdPM 9.2 Cross Site Request Forgery
Exploit Title: qdPM 9.2 - Cross-site Request Forgery CSRF Google Dork: NA Date: 03/27/2022 Exploit Author: Chetanya Sharma @AggressiveUser Vendor Homepage: https://qdpm.net/ Software Link: https://sourceforge.net/projects/qdpm/files/latest/download Version: 9.2 Tested on: KALI OS CVE :...
Plastic SCM 10.0.16.5622 Insecure Direct Object Reference
Exploit Title: Plastic SCM 10.0.16.5622 - WebAdmin Server Access Shodan Dork: title:"Plastic SCM" Date: 18.10.2021 Exploit Author: Basavaraj Banakar Vendor Homepage: https://www.plasticscm.com/ Software Link: https://www.plasticscm.com/download/releasenotes/10.0.16.5622 Version: Plastic SCM...
Textpattern CMS 4.8.3 Remote Code Execution
Exploit Title: Textpattern 4.8.3 - Remote code execution Authenticated 2 Date: 03/03/2021 Exploit Author: Ricardo Ruiz @ricardojoserf Vendor Homepage: https://textpattern.com/ Software Link: https://textpattern.com/start Version: Previous to 4.8.3 Tested on: CentOS, textpattern 4.5.7 and 4.6.0...
Trojan.Win32.Cafelom.bu Heap Corruption
Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/146ce177ab03b8f62a9fc6e7bbf40dc1.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Trojan.Win32.Cafelom.bu Vulnerability: Heap Corruption Description: This malware drops two executabl...
Cockpit 234 Server-Side Request Forgery
Exploit Title: Cockpit Version 234 - Server-Side Request Forgery Unauthenticated Date: 08.01.2021 Exploit Author: Metin Yunus Kandemir Vendor Homepage: https://cockpit-project.org/ Version: v234 Tested on: Ubuntu 18.04 !/usr/bin/python3 import argparse import requests import sys import urllib3...
WordPress Simple Social Buttons 3.1.1 Cross Site Scripting
The WordPress plugin Simple Social Buttons version 3.1.1 a.k.a. Simple Social Media Share Buttons suffers from a reflected cross-site scripting vulnerability found by Mr.F. It was fixed in version 3.2.0: https://wordpress.org/plugins/simple-social-buttons/developers HTML POC: xss poc...
MailDepot 2032 SP2 (2.2.1242) Authorization Bypass
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Advisory ID: SYSS-2019-048 Product: MailDepot Manufacturer: REDDOXX GmbH Affected Versions: 2032 SP2 2.2.1242 Tested Versions: 2032 SP2 2.2.1242 Vulnerability Type: Improper Authorization CWE-285 Risk Level: High Solution Status: Fixed Manufacturer...
FileRun 2019.05.21 Cross Site Scripting
Exploit Title: FileRun 2019.05.21 - Reflected Cross-Site Scripting Date: 2019-07-01 Exploit Author: Emre ÖVÜNÇ Vendor Homepage: https://www.filerun.com/ Software Link: https://filerun.com/download Version: v2019.05.21 Tested on: Windows/Linux CVE: CVE-2019-12905 CVE-2019-12905...
Cayin Digital Signage System xPost 2.5 Code Execution / SQL Injection
!/usr/bin/env python3 Cayin Digital Signage System xPost 2.5 Pre-Auth SQLi Remote Code Execution Vendor: CAYIN Technology Co., Ltd. Product web page: https://www.cayintech.com Affected version: 2.5.18103 2.0 1.0 Summary: CAYIN xPost is the web-based application software, which offers a combinatio...
Nextcloud 17 Cross Site Request Forgery
Exploit Title: Nextcloud 17 - Cross-Site Request Forgery Date: 08.11.2019 Exploit Author: Ozer Goker Vendor Homepage: https://nextcloud.com Software Link: https://nextcloud.com/install/instructions-server Version: 17 Nextcloud offers the industry-leading, on-premises content collaboration platfor...
Cisco Email Security Virtual Appliance C600V IronPort Header Injection
!/usr/bin/perl -w Cisco Email Security Virtual Appliance C600V IronPort Remote Header 'Host' Injection Copyright 2019 c Todor Donev Disclaimer: This or previous programs are for Educational purpose ONLY. Do not use it without permission. The usual disclaimer applies, especially the fact that Todo...
Cisco Email Security Virtual Appliance C370 IronPort Header Injection
!/usr/bin/perl -w Cisco Email Security Virtual Appliance C370 IronPort Remote Header 'Host' Injection Copyright 2019 c Todor Donev Disclaimer: This or previous programs are for Educational purpose ONLY. Do not use it without permission. The usual disclaimer applies, especially the fact that Todor...
DomainMOD 4.11.01 Cross Site Scripting
Exploit Title: DomainMOD 4.11.01 - Cross-Site Scripting Date: 2018-11-09 Exploit Author: Dawood Ansar Vendor Homepage: domainmod https://domainmod.org/ Software Link: domainmod https://github.com/domainmod/domainmod Version: v4.09.03 to v4.11.01 CVE : CVE-2018-19136 A Reflected Cross-site scripti...
Adobe Coldfusion 11.0.03.292866 Remote Code Execution
Exploit Title: Adobe Coldfusion BlazeDS Java Object Deserialization RCE Date: February 6, 2018 Exploit Author: Faisal Tameesh @DreadSystems Company: Depth Security https://depthsecurity.com Version: Adobe Coldfusion 11.0.03.292866 Tested On: Windows 10 Enterprise 10.0.15063 CVE: CVE-2017-3066...
Apache Struts Jakarta Multipart Parser OGNL Injection
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule 'Apache Struts Jakarta Multipart Parser OGNL Injection', 'Description' = %q This module exploits a remote code execution...
ABB Cylon FLXeon 9.3.4 login.js Node Timing Attack
ABB Cylon FLXeon version 9.3.4 has a timing attack vulnerability in the authentication process due to an improper comparison of password hashes in login.js and uukl.js. !/usr/bin/env python3 ABB Cylon FLXeon 9.3.4 login.js Node Timing Attack Vendor: ABB Ltd. Product web page: https://www.global.a...
Vaidya-Mitra 1.0 Cross Site Request Forgery
============================================================================================================================================= | Title : Vaidya-Mitra v 1.0 CSRF Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 125.0.1 64 bits | |...
SPIP BigUp 4.2.15 Code Injection
============================================================================================================================================= | Title : SPIP BigUp 4.2.15 php code injection Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 130.0.0 64...
Microsoft Word UNC Path Injector
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework Gems for extracting files require 'zip' Project for creating files require 'rex/zip' class MetasploitModule 'Microsoft Word UNC Path Injector', 'Description' = %q This...
Magento XXE Unserialize Arbitrary File Read
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Magento XXE Unserialize Arbitrary File Read', 'Description' = %q This module exploits a XXE vulnerability in Magento 2.4.7-p1 and below which...
CouchDB Enum Utility
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'CouchDB Enum Utility', 'Description' = %q This module enumerates databases on CouchDB using the REST API without authentication by default. ,...
Cab Management System 1.0 Cross Site Request Forgery
============================================================================================================================================= | Title : cab management system 1.0 CSRF Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 128.0.3 64 bits ...
Elber Signum DVB-S/S2 IRD For Radio Networks 1.999 Authentication Bypass
Elber Signum DVB-S/S2 IRD For Radio Networks 1.999 Authentication Bypass Vendor: Elber S.r.l. Product web page: https://www.elber.it Affected version: 1.999 Revision 1243 1.317 Revision 602 1.220 Revision 1250 1.220 Revision 12481249 1.220 Revision 597 1.217 Revision 1242 1.214 Revision 1023 1.19...
Lost And Found Information System 1.0 Insecure Direct Object Reference
Exploit Title: Lost and Found Information System v1.0 - idor leads to Account Take over Date: 2023-12-03 Exploit Author: OR4NG.M4N Category : webapps CVE : CVE-2023-38965 Python p0c : import argparse import requests import time parser = argparse.ArgumentParserdescription='Send a POST request to t...
Grawlix CMS 1.1.1 Cross Site Scripting
============================================================================================================================ | Title : Grawlix Cms v1.1.1 xss Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro | | Vendor : http://getgrawlix.com/ | | Dork : Powered by Th...
Rudder Server SQL Injection / Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Rudder Server SQLI Remote Code Execution', 'Description' = %q This Metasploit module exploits a SQL injection vulnerability in RudderStack's...
P2S CMS 0.1 Cross Site Scripting
==================================================================================================================================== | Title : P2s-cms v0.1 XSS Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 65.032-bit | | Vendor :...
Lost And Found Information System 1.0 Broken Access Control / Privilege Escalation
Vulnerability: Broken Access Control Author: Akash Pandey CVE: CVE-2023-3018 Source: https://www.sourcecodester.com/php/16525/lost-and-found-information-system-using-php-and-mysql-db-source-code-free-download.html Steps to re-produce: 1. Go to https://site.com/admin/?page=user/list as staff user...
FusionInvoice 2023-1.0 Cross Site Scripting
Exploit Title: FusionInvoice 2023-1.0 - Stored XSS Cross-Site Scripting Date: 2023-05-24 Exploit Author: Andrea Intilangelo Vendor Homepage: https://www.squarepiginteractive.com Software Link: https://www.fusioninvoice.com/store Version: 2023-1.0 Tested on: Latest Version of Desktop Web Browsers...