50748 matches found
Backdoor.Win32.LanaFTP.k Heap Corruption
Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/e2660742a80433e027ee9bdedc40e190.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.LanaFTP.k Vulnerability: Heap Corruption Description: The malware listens on TCP port...
Unified Office Total Connect Now 1.0 SQL Injection
Exploit Title: Unified Office Total Connect Now 1.0 – 'data' SQL Injection Shodan Filter: http.title:"TCN User Dashboard" Date: 06-16-2021 Exploit Author: Ajaikumar Nadar Vendor Homepage: https://unifiedoffice.com/ Software Link: https://unifiedoffice.com/voip-business-solutions/ Version: 1.0...
Online Bus Booking System Project Using PHP MySQL 1.0 SQL Injection
For CVE-2020-25889: Exploit Title: online bus booking system project using PHP MySQL - SQL Injection Exploit Author: Krishna Yadav Vendor Homepage: https://www.sourcecodester.com Software Link: https://www.sourcecodester.com/php/14438/online-bus-booking-system-project-using-phpmysql.html Version:...
Oracle Weblogic 10.3.6.0.0 Remote Command Execution
Exploit Title: Oracle Weblogic 10.3.6.0.0 - Remote Command Execution Date: 2020-01-08 Exploit Author: Waffles & Paveway3 Vendor Homepage: https://www.oracle.com/middleware/technologies/weblogic.html Version: 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0 Tested on: Windows CVE : CVE-2019-2729 SerialLogic.py...
FutureNet NXR-G240 Series ShellShock Command Injection
-- coding: utf-8 -- Title: FutureNet NXR-G240 Series - "ShellShock" Remote Command Injection Date: 2018-06-12 Author: Nassim Asrir You have a Q ? Contact me at: https://www.linkedin.com/in/nassim-asrir-b73a57122/ Vendor: http://www.centurysys.co.jp/ CVE: CVE-2014-6271 Greetz to : Nadia BENCHIKHA...
C-MOR Video Surveillance 5.2401 Path Traversal
Advisory ID: SYSS-2024-025 Product: C-MOR Video Surveillance Manufacturer: za-internet GmbH Affected Versions: 5.2401 Tested Versions: 5.2401 Vulnerability Type: Relative Path Traversal CWE-23 Risk Level: High Solution Status: Fixed Manufacturer Notification: 2024-04-05 Solution Date: 2024-07-31...
ManageEngine DataSecurity Plus Xnode Enumeration
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'ManageEngine DataSecurity Plus Xnode Enumeration', 'Description' = %q This module exploits default admin credentials for the DataEngine Xnode...
QNAP QTS and Photo Station Local File Inclusion
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'QNAP QTS and Photo Station Local File Inclusion', 'Description' = %q This module exploits a local file inclusion in QNAP QTS and Photo Station th...
E-Insurance 1.0 Cross Site Scripting
Exploit Title: E-INSUARANCE v1.0 - Stored Cross Site Scripting XSS Google Dork: NA Date: 28-03-2024 Exploit Author: Sandeep Vishwakarma Vendor Homepage: https://www.sourcecodester.com Software Link:https://www.sourcecodester.com/php/16995/insurance-management-system-php-mysql.html Version: v1.0...
Coppermine Gallery 1.6.25 Remote Code Execution
Exploit Title: coppermine-gallery 1.6.25 RCE Application: coppermine-gallery Version: v1.6.25 Bugs: RCE Technology: PHP Vendor URL: https://coppermine-gallery.net/ Software Link: https://github.com/coppermine-gallery/cpg1.6.x/archive/refs/tags/v1.6.25.zip Date of found: 05.09.2023 Author: Mirabba...
EasyPX CMS 06.02.04 Cross Site Scripting
==================================================================================================================================== | Title : EasyPX CMS V06.02.04 XSS Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 64.0.2 32-bit | | Vend...
Doubleclick Admin 1 Cross Site Request Forgery
==================================================================================================================================== | Title : Doubleclick Admin v1 CSRF Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 115.0.264-bit | |...
mooSocial 3.1.8 Cross Site Scripting
Exploit Title: mooSocial 3.1.8 - Reflected XSS Exploit Author: CraCkEr Date: 28/07/2023 Vendor: mooSocial Vendor Homepage: https://moosocial.com/ Software Link: https://travel.moosocial.com/ Tested on: Windows 10 Pro Impact: Manipulate the content of the site CVE: CVE-2023-4173 Greetings...
Screen SFT DAB 600/C Authentication Bypass / Admin Password Change
!/usr/bin/env python3 Screen SFT DAB 600/C Authentication Bypass Admin Password Change Exploit Vendor: DB Elettronica Telecomunicazioni SpA Product web page: https://www.screen.it | https://www.dbbroadcast.com https://www.dbbroadcast.com/products/radio/sft-dab-series-compact-air/ Affected version...
Optoma 1080PSTX Firmware C02 Authentication Bypass
Exploit Title: Optoma 1080PSTX Firmware C02 - Auth Bypass Date: 2023/05/09 Exploit Author: Anthony Cole Contact: http://twitter.com/acole76 Website: http://twitter.com/acole76 Vendor Homepage: http://optoma.com Version: Optoma 1080PSTX Firmware C02 Tested on: N/A CVE : CVE-2023-27823 Details By...
Arris Router Firmware 9.1.103 Remote Code Execution
c Exploit Title: Arris Router Firmware 9.1.103 - Remote Code Execution RCE Authenticated Date: 17/11/2022 Exploit Author: Yerodin Richards Vendor Homepage: https://www.commscope.com/ Version: 9.1.103 Tested on: TG2482A, TG2492, SBG10 CVE : CVE-2022-45701 import requests import base64 routerhost =...
Sanitization Management System 1.0 SQL Injection
Title: SMS - PHP by: oretnom23 v1.0 SQLi Author: nu11secur1ty Date: 11.25.2022 Vendor: https://github.com/oretnom23, https://www.sourcecodester.com/users/tips23 Software:...
Zyxel Buffer Overflow / Format String / Command Injection
-- HNS-2022-02 - HN Security Advisory - https://security.humanativaspa.it/ Title: Multiple vulnerabilities in Zyxel zysh Products: Zyxel firewalls, AP controllers, and APs Author: Marco Ivaldi Date: 2022-06-07 CVE Names and Vendor CVSS Scores: CVE-2022-26531:...
Explore CMS 1.0 SQL Injection
Exploit Title: explore CMS - Boolean Based SQL Injection Date: 19/03/2022 Exploit Author: Sajibe Kanti Vendor Name : EXPLORE IT Vendor Homepage: https://exploreit.com.bd CVE: On Request POC SQL Injection SQL injection is a web security vulnerability that allows an attacker to interfere with the...
WordPress Cab-Fare-Calculator 1.0.3 Local File Inclusion
Exploit Title: WordPress Plugin cab-fare-calculator 1.0.3 - Local File Inclusion - Unauthenticated Google Dork: inurl:/wp-content/plugins/cab-fare-calculator/ Date: 29-03-2022 Exploit Author: Hassan Khan Yusufzai - Splint3r7 Vendor Homepage: https://wordpress.org/plugins/cab-fare-calculator/...
Online Diagnostic Lab Management System 1.0 Cross Site Scripting
Exploit Title: Online Diagnostic Lab Management System 1.0 - Stored Cross Site Scripting XSS Date: 11/01/2022 Exploit Author: Himash Vendor Homepage: https://www.sourcecodester.com/php/15129/online-diagnostic-lab-management-system-php-free-source-code.html Software Link:...
WordPress Frontend Uploader 1.3.2 Cross Site Scripting
Exploit Title: WordPress Plugin Frontend Uploader 1.3.2 - Stored Cross Site Scripting XSS Unauthenticated Date: 10/01/2022 Exploit Author: Veshraj Ghimire Vendor Homepage: https://wordpress.org/plugins/frontend-uploader/ Software Link: https://plugins.trac.wordpress.org/browser/frontend-uploader/...
Online Thesis Archiving System 1.0 SQL Injection / Cross Site Scripting
Exploit Title: Online Thesis Archiving System 1.0 - SQLi Authentication Bypass & Stored XSS Exploit Author: Yehia Elghaly YME Vendor Homepage: https://www.sourcecodester.com/ Software Link: https://www.sourcecodester.com/php/15083/online-thesis-archiving-system-using-phpoop-free-source-code.html...
College Management System 1.0 SQL Injection
Exploit Title: college management system - SQL Injection Authentication Bypass Date: 01/10/2021 Exploit Author: Abdulrahman https://twitter.com/infosec90 Vendor Homepage: https://www.eedunext.com/ Software Link: https://code-projects.org/college-management-system-in-php-with-source-code/ Version:...
Xiaomi 10.2.4.g Information Disclosure
Exploit Title: Xiaomi browser 10.2.4.g - Browser Search History Disclosure Date: 27-Dec-2018 Exploit Author: Vishwaraj101 Vendor Homepage: https://www.mi.com/us Software Link: https://www.apkmirror.com/apk/xiaomi-inc/mi-browse/mi-browse-10-2-4-release/ Version: 10.2.4.g Tested on: Tested in Andro...
Trojan.Win32.SecondThought.ak Insecure Permissions
Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/21cd8bab6b3569f7b375a69a37e36c50.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Trojan.Win32.SecondThought.ak Vulnerability: Insecure Permissions Description: The malware creates a...
Atlassian JIRA 8.11.1 User Enumeration
Title: Atlassian JIRA 8.11.1 - User Enumeration Author: Dolev Farhi Vulnerable versions: version ' print'e.g. python3 script.py https://jiratarget.com usernames.txt' sys.exit if lensys.argv 3: help server = sys.argv1 usernames = sys.argv2 randomuser = '0x00001' try: os.path.existsusernames except...
qdPM 9.1 PHP Object Injection
-------------------------------------------------------------- qdPM getParameter'format'; 299. $filename = $request-getParameter'filename'; 300. 301. $export = unserialize$request-getParameter'export'; User input passed through the "export" request parameter is not properly sanitized before being...
iDS6 DSSPro Digital Signage System 6.2 CAPTCHA Security Bypass
iDS6 DSSPro Digital Signage System 6.2 CAPTCHA Security Bypass Vendor: Guangzhou Yeroo Tech Co., Ltd. Product web page: http://www.yerootech.com Affected version: V6.2 B2014.12.12.1220 V5.6 B2017.07.12.1757 V4.3 Summary: iDS6 Software's DSSPro network digital signage management system is a...
F5 BIG-IP TMUI Directory Traversal / File Upload / Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'F5 BIG-IP TMUI Directory Traversal and File Upload RCE', 'Description' = %q This module exploits a directory traversal in F5's BIG-IP Traffic...
Microsoft Internet Explorer Use-After-Free
IE: Use-after-free in JScript arguments during toJSON callback There is a use-after-free issue in JSCript triggerable via Internet Explorer where the members of the 'arguments' object aren't tracked by the garbage collector during the 'toJSON' callback. Thus, during the 'toJSON' callback, it is...
Microsoft Windows Net-NTLMv2 Reflection DCOM/RPC Privilege Escalation
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core/post/windows/reflectivedllinjection' class MetasploitModule 'Windows Net-NTLMv2 Reflection DCOM/RPC Juicy', 'Description' = %q This module utilizes the...
Easy Outlook Express Recovery 2.0 Denial Of Service
Exploit Title: Easy Outlook Express Recovery 2.0 - Denial of Service PoC Dork: N/A Date: 2018-11-15 Exploit Author: Ihsan Sencan Vendor Homepage: https://www.munsoft.com/EasyOutlookExpressRecovery/ Software Link:...
yabb-lfi.txt
Local File Include Vulnerabilities Problem: Local File Include Vulnerabilities Product: YaBB 1,640,000 clients 2. Local File Include I found many bugs like it in this board.Bugs relate one special variable for user$language, you can edit this variable in your profile. Examples, where I found bugs...
📄 Sitecore XP Post-Authentication File Upload
This Metasploit module exploits Sitecore XP with a file upload vulnerability in PowerShell extensions and a hardcoded credential vulnerability with the ServicesAPI account to gain a foothold. This module requires Metasploit: https://metasploit.com/download Current source:...
PHP SPM 1.0 Code Injection
============================================================================================================================================= | Title : php spm 1.0 php code injection Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 130.0.0 64 bits ...
Sentry Switched CDU Bruteforce Login Utility
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Sentry Switched CDU Bruteforce Login Utility', 'Description' = % This module scans for ServerTech's Sentry Switched CDU Cabinet Power Distributio...
Siemens SIPROTEC 4 and SIPROTEC Compact EN100 Ethernet Module Denial Of Service
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Siemens SIPROTEC 4 and SIPROTEC Compact EN100 Ethernet Module - Denial of Service', 'Description' = %q This module sends a specially crafted pack...
Ivanti EPM RecordGoodApp SQL Injection / Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Ivanti EPM RecordGoodApp SQLi RCE', 'Description' = %q Ivanti Endpoint Manager EPM 2022 SU5 and prior are vulnerable to unauthenticated SQL...
SOPlanning 1.52.00 Cross Site Request Forgery
/ !-- Update the following field to change the admins password to the...
Backdoor.Win32.Dumador.c MVID-2024-0679 Buffer Overflow
Discovery / credits: Malvuln John Page aka hyp3rlinx c 2024 Original source: https://malvuln.com/advisory/6cc630843cabf23621375830df474bc5.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Dumador.c Vulnerability: Remote Stack Buffer Overflow SEH Description: The...
PHPJabbers Cleaning Business Software 1.0 Missing Rate Limiting
Exploit Title: PHPJabbers Cleaning Business Software v1.0 - No Rate Limit Date: 19/12/2023 Exploit Author: BugsBD Limited Discover by: Rahad Chowdhury Vendor Homepage: https://www.phpjabbers.com/ Software Link: https://www.phpjabbers.com/cleaning-business-software/sectionDemo Version: v1.0 Tested...
Videoplay 1.3.0 Insecure Settings
====================================================================================================================================== | Title : Videoplay V1.3.0 Insecure Settings Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 66.0.332-b...
Bazaar Social Listing Shopping Web PHP Template 2.3.2 Cross Site Scripting
==================================================================================================================================== | Title : Bazaar Social Listing Shopping Web PHP Template v2.3.2 XSS Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser :...
QuickJob Portal 6.1 Cross Site Scripting
┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...
QUICKAD CMS 7.3 Cross Site Request Forgery
==================================================================================================================================== | Title : QUICKAD CMS 7.3 CSRF Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 66.0.332-bit | | Vendor :...
thrsrossi Millhouse-Project 1.414 Shell Upload
sdsdsds ------WebKitFormBoundaryzlHN0BEvvaJsDgh8 Content-Disposition: form-data; name="files"; filename="" Content-Type: application/octet-stream ------WebKitFormBoundaryzlHN0BEvvaJsDgh8 Content-Disposition: form-data; name="category" 1 ------WebKitFormBoundaryzlHN0BEvvaJsDgh8 Content-Disposition...
Prestashop 8.0.4 CSV Injection
Exploit Title: Prestashop 8.0.4 - CSV injection Application: prestashop Version: 8.0.4 Bugs: CSV Injection Technology: PHP Vendor URL: https://prestashop.com/ Software Link: https://prestashop.com/prestashop-edition-basic/ Date of found: 14.05.2023 Author: Mirabbas Ağalarov Tested on: Windows 2...
Osprey Pump Controller 1.0.1 Predictable Session Token / Session Hijacking
Osprey Pump Controller 1.0.1 Predictable Session Token / Session Hijack Vendor: ProPump and Controls, Inc. Product web page: https://www.propumpservice.com | https://www.pumpstationparts.com Affected version: Software Build ID 20211018, Production 10/18/2021 Mirage App: MirageAppManager, Release...
WordPress Real Estate 7 Theme 3.3.4 Cross Site Request Forgery
==== Z://USB-00RESEARCH/WORDPRESS/ ============================================= 2023 == Report Title: WordPress Real Estate 7 Theme = 3.3.4 - Multiple Cross-Site Request Forgery CSRF Vulnerabilities Google Dork: inurl:/wp-content/themes/realestate-7/ Research Date: 2023-02-10 Researcher: FearZzZ...