50748 matches found
Staubli Jacquard Industrial System JC6 Shellshock
Exploit Title: Staubli Jacquard Industrial System | GNU Bash Environment Variable Handling Code Injection Shellshock Date: 21.09.2018 Exploit Author: t4rkd3vilz Vendor Homepage: https://www.staubli.com Software Link: https://www.staubli.com/tr-tr/textile/textile-machinery-solutions/ Version:JC6...
📄 MagnusBilling 6.x / 7.x Command Injection
MagnusBilling versions 6.x and 7.x suffer from an unauthenticated remote command injection vulnerability. Exploit Title: MagnusBilling 6.x and 7.x Unauthenticated Remote Command Injection Vulnerability Date: 2024-10-26 Exploit Author: CodeSecLab Vendor Homepage:...
Quorum onQ OS 6.0.0.5.2064 Cross Site Scripting
Quorum onQ OS version 6.0.0.5.2064 suffers from a cross site scripting vulnerability. + Credits: Shahnawaz Shaikh, Security Researcher at Cybergate Defense LLC + twitter.com/striv3r Vendor https://quorum.com/about/ Product Quorum onQ OS - 6.0.0.5.2064 Vulnerability Type Reflected Cross Site...
Art Gallery Management System 1.0 PHP Code Injection
============================================================================================================================================= | Title : Art Gallery Management System 1.0 php code injection Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla...
Joomla Account Creation And Privilege Escalation
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Joomla Account Creation and Privilege Escalation', 'Description' = %q This module creates an arbitrary account with administrative privileges in...
TrojanSpy.Win64.EMOTET.A MVID-2024-0684 Code Execution
Discovery / credits: Malvuln John Page aka hyp3rlinx c 2024 Original source: https://malvuln.com/advisory/f917c77f60c3c1ac6dbbadbf366ddd30.txt Contact: [email protected] Media: twitter.com/malvuln Threat: TrojanSpy.Win64.EMOTET.A Vulnerability: Arbitrary Code Execution Description: The malware...
Flightio.com SQL Injection
This site which has a security problem with the SQL INJECTION Vulnerability "CWE-89". We have repeatedly reported to this site that it has a security problem and has ignored our report. We want to record this security issue Exploit Title : Site Flight agency airpol the Islamic Republic of Iran SQ...
Rail Pass Management System 1.0 SQL Injection
Exploit Title: Rail Pass Management System - 'searchdata' Time-Based SQL Injection Date: 02/10/2023 Exploit Author: Alperen Yozgat Vendor Homepage: https://phpgurukul.com/rail-pass-management-system-using-php-and-mysql/ Software Link: https://phpgurukul.com/?sdmprocessdownload=1&downloadid=17479...
Intrasrv Simple Web Server 1.0 Denial Of Service
!/usr/bin/perl use IO::Socket; Exploit Title: Intrasrv Simple Web Server 1.0 - Denial of Service DoS Discovery by: Fernando Mengali Discovery Date: 09 january 2024 Vendor Homepage: http://www.leighb.com/intrasrv.htm Download to demo: http://www.leighb.com/intrasrv.zip Download 2 to demo:...
PyroCMS 3.0.1 Cross Site Scripting
Exploit Title: PyroCMS v3.0.1 - Stored XSS Date: 2023-11-25 Exploit Author: tmrswrr Category : Webapps Vendor Homepage: https://pyrocms.com/ Version: v3.0.1 Tested on: https://www.softaculous.com/apps/cms/PyroCMS...
Equipment Rental Script 1.0 SQL Injection
Title: Equipment Rental Script-1.0 - SQLi Author: nu11secur1ty Date: 09/12/2023 Vendor: https://www.phpjabbers.com/ Software: https://www.phpjabbers.com/equipment-rental-script/sectionDemo Reference: https://portswigger.net/web-security/sql-injection Description: The packageid parameter appears t...
i-Gallery 3.4 Database Disclosure
==================================================================================================================================== | Title : i-Gallery v3.4 Database Disclosure Exploit | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 108.032-bit | |...
Erim Upload 4 Database Disclosure
==================================================================================================================================== | Title : Erim Upload V4 Database Disclosure Exploit | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 108.032-bit | |...
Desenvolvido C3iM CMS 2.0 Cross Site Scripting
==================================================================================================================================== | Title : Desenvolvido C3iM CMS v2.0 XSS Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 64.0.2 32-bit | ...
BD-Schools LMS 1.0.2 Cross Site Scripting
==================================================================================================================================== | Title : BD-Schools LMS v1.0.2 XSS Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 66.0.264-bit | | Vend...
Quickad Classified Ads CMS 10.4 SQL Injection
┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...
Bang Resto 1.0 Cross Site Scripting
Exploit Title: Bang Resto v1.0 - Stored Cross-Site Scripting XSS Date: 2023-04-02 Exploit Author: Rahad Chowdhury Vendor Homepage: https://www.hockeycomputindo.com/2021/05/restaurant-pos-source-code-free.html Software Link: https://github.com/mesinkasir/bangresto/archive/refs/heads/main.zip...
Responsive FileManager 9.9.5 Remote Shell Upload
Exploit Title: Responsive FileManager 9.9.5 - Remote Code Execution RCE Date: 02-Feb-2023 Exploit Author: Galoget Latorre @galoget Vendor Homepage: https://responsivefilemanager.com Software Link: https://github.com/trippo/ResponsiveFilemanager/releases/download/v9.9.5/responsivefilemanager.zip...
Intelbras WiFiber 120AC inMesh 1.1-220216 Command Injection
CyberDanube Security Research 20221009-0 ------------------------------------------------------------------------------- title| Authenticated Command Injection product| Intelbras WiFiber 120AC inMesh vulnerable version| 1.1-220216 fixed version| 1-1-220826 CVE number| CVE-2022-40005 impact| High...
Backdoor.Win32.Jokerdoor MVID-2022-0628 Buffer Overflow
Discovery / credits: Malvuln John Page aka hyp3rlinx c 2022 Original source: https://malvuln.com/advisory/783a191e7944e1af84ec0fa96d933f30.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Jokerdoor Vulnerability: Remote Stack Buffer Overflow Description: The...
rpc.py 0.6.0 Remote Code Execution
Exploit Title: rpc.py 0.6.0 - Remote Code Execution RCE Google Dork: N/A Date: 2022-07-12 Exploit Author: Elias Hohl Vendor Homepage: https://github.com/abersheeran Software Link: https://github.com/abersheeran/rpc.py Version: v0.4.2 - v0.6.0 Tested on: Debian 11, Ubuntu 20.04 CVE : CVE-2022-3541...
OctoBot WebInterface 0.4.3 Remote Code Execution
Exploit Title: OctoBot WebInterface 0.4.3 - Remote Code Execution RCE Date: 9/2/2021 Exploit Author: Samy Younsi, Thomas Knudsen Vendor Homepage: https://www.octobot.online/ Software Link: https://github.com/Drakkar-Software/OctoBot Version: 0.4.0beta3 - 0.4.3 Tested on: Linux Ubuntu, CentOs CVE ...
REDCap Cross Site Scripting
Exploit Title: REDCap var target = document.location.host; var csrftoken = csrftoken; var userId = ''; // Replace with your user ID. function privesc var xhr = new XMLHttpRequest; xhr.open"POST", "https://" + target + "/index.php?route=ControlCenterController:saveNewAdminPriv", true;...
Microfinance Management System 1.0 SQL Injection
Title: Microfinance Management System 1.0 SQLi To Rce Author: Hejap Zairy Date: 24.07.2022 Vendor: https://www.sourcecodester.com/php/14822/microfinance-management-system.html Software: https://www.sourcecodester.com/sites/default/files/download/oretnom23/mims0.zip Reference:...
BuilderPandoraRat.b Insecure Credential Storage
Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/ae4a409d217bbd538009fbbb5457e754.txt Contact: [email protected] Media: twitter.com/malvuln Threat: BuilderPandoraRat.b - Pandora Rat 2.2 Beta.exe Vulnerability: Insecure Credential Storage Descriptio...
Hades RAT Web Panel Insecure Credential Storage
Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/c4cc1317aea42f7dd4a1b786c5278a24.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Hades RAT - Web Panel Vulnerability: Insecure Credential Storage Family: Hades Type: WebUI MD5:...
Axis IP Camera Shell Upload
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Axis IP Camera Application Upload', 'Description' = %q This module exploits the "Apps" feature in Axis IP cameras. The feature allows third party...
ScadaBR 1.0 / 1.1CE Linux Shell Upload
!/usr/bin/python Exploit Title: Authenticated Arbitrary File Upload Remote Code Execution Google Dork: N/A Date: 04/21 Exploit Author: Fellipe Oliveira Vendor Homepage: https://www.scadabr.com.br/ Software Link: Version: ScadaBR 1.0, ScadaBR 1.1CE and ScadaBR 1.0 for Linux Tested on:...
Covid-19 Contact Tracing System 1.0 Code Execution
Exploit Title: Covid-19 Contact Tracing System 1.0 - Remote Code Execution Unauthenticated Date: 28-02-2021 Exploit Author: Christian Vierschilling Vendor Homepage: https://www.sourcecodester.com Software Link:...
Backdoor.Win32.Indexer.a Denial Of Service
Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/2b576e7551afe1c7575dc680396f1b5bB.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Indexer.a Vulnerability: Remote Denial Of Service Description: Indexer.a runs an FTP...
WordPress Supsystic Pricing Table 1.8.7 SQL Injection / Cross Site Scripting
Exploit Title: WordPress Plugin Supsystic Pricing Table 1.8.7 - Multiple Vulnerabilities Date: 24/07/2020 Exploit Author: Erik David Martin Vendor Homepage: https://supsystic.com/ Software Link: https://downloads.wordpress.org/plugin/pricing-table-by-supsystic.1.8.7.zip Version: 1.8.7 and 1.8.6...
PhreeBooks 5.2.3 Remote Code Execution
Exploit Title: PhreeBooks 5.2.3 - Remote Code Execution Date: 22 Jan 2021 Exploit Author: Kr0ff Vendor Homepage: https://www.phreesoft.com/ Software Link: https://sourceforge.net/projects/phreebooks/ Version: 5.2.3 Tested on: Windows Server 2016 !/usr/bin/env python3 ''' DESCRIPTION: - PhreeBooks...
Grav CMS 1.6.30 Cross Site Scripting
Exploit Title: Grav CMS 1.6.30 Admin Plugin 1.9.18 - 'Page Title' Persistent Cross-Site Scripting Date: 13-12-2020 Exploit Author: Sagar Banwa Vendor Homepage: https://getgrav.org/ Software Link: https://getgrav.org/downloads Version: Grav v1.6.30 - Admin v1.9.18 Tested on: Windows 10/Kali Linux...
iDS6 DSSPro Digital Signage System 6.2 Cross Site Request Forgery
iDS6 DSSPro Digital Signage System 6.2 Cross-Site Request Forgery CSRF Vendor: Guangzhou Yeroo Tech Co., Ltd. Product web page: http://www.yerootech.com Affected version: V6.2 B2014.12.12.1220 V5.6 B2017.07.12.1757 V4.3 Summary: iDS6 Software's DSSPro network digital signage management system is ...
Employee Management System 1.0 Cross Site Scripting
Exploit Title: Employee Management System 1.0 - Stored Cross Site Scripting Date: 2020-10-16 Exploit Author: Ankita Pal Vendor Homepage: https://www.sourcecodester.com/php/14432/employee-management-system-using-php.html Software Link:...
OwnCloud 8.1.8 Username Disclosure
OwnCloud version 8.1.8 stable are vulnerable to recovery all username login list. PoC: 1. Create an account in OwnCloud 2. Intercept connection with Burp 3. Share a file, typing anything --------------------------------------------------------- 4. Burp will capture this request GET...
CMS Made Simple 2.2.7 Remote Code Execution
Exploit Title: CMS Made Simple 2.2.7 - Remote Code Execution Date: 04-11-2018 Exploit Author: Lucian Ioan Nitescu Contact: https://twitter.com/LucianNitescu Webiste: https://nitesculucian.github.io Vendor Homepage: https://www.cmsmadesimple.org/ Software Link:...
joomlaastats-sql.txt
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Joomla Component astatsPRO Remote SQL Injection Vulnerability -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- bug found by ka0x D.O.M TEAM 2008 we are: ka0x, an0de, xarnuz http://www.domlabs.org/ contact:...
📄 Palo Alto Networks Expedition 1.2.90.1 Privilege Escalation
Palo Alto Networks Expedition version 1.2.90.1 proof of concept exploit that allows for an administrative password reset. - Exploit Title: PoC for Admin Account Password Reset of Palo Alto Networks Expedition tool - Shodan Dork: html:"expedition project" - FOFA Dork: "expedition project" &&...
Plikli CMS 4.1.5 SQL Injection
Plikli CMS version 4.1.5 suffers from a remote SQL injection vulnerability. Exploit Title: Plikli CMS 4.1.5 - 'randkey' SQL Injection Discovered by: Ahmet Ümit BAYRAM Discovered Date: 05.03.2024 Vendor Homepage: https://github.com/kkumar326/plikli Software Link:...
Sysax Multi Server 6.99 SSH Denial Of Service
Exploit Title: Sysax Multi Server 6.99 - SSH Denial of Service Date: 2024-11-03 Exploit Author: Yehia Elghaly Mrvar0x Vendor Homepage: https://www.sysax.com/ Software Link: https://www.sysax.com/download/sysaxservsetup.msi Version: Sysax Multi Server 6.99 Tested on: Windows 10 x64 Steps -- Compil...
GYM Management System 1.0 Insecure Settings
==================================================================================================================================== | Title : GYM Management System 1.0 Insecure Settings Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 130.0.0 64...
Car Washing Management System 1.0 Insecure Settings
==================================================================================================================================== | Title : Car Washing Management System 1.0 Insecure Settings Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox...
Simple Machines Forum 2.1.4 Code Injection
Exploit Title: Authenticated Code Injection - smfv2.1.4 Date: 8/2024 Exploit Author: Andrey Stoykov Version: 2.1.4 Tested on: Ubuntu 22.04 Blog: https://msecureltd.blogspot.com/2024/06/friday-fun-pentest-series-7-smfv214.html Code Injection Authenticated: Steps to Reproduce: 1. Login as admin 2...
Online Shopping Portal Project 2.0 SQL Injection
x========================================================================================================================================x | Title : Online Shopping Portal Project 2.0 SQL Vulnerabilities | Software : Online Shopping Portal Project | Create By :...
DerbyNet 9.0 inc/kisosks.inc Cross Site Scripting
CVE ID: CVE-2024-30926 Description: A Cross-Site Scripting XSS vulnerability has been identified in DerbyNet version 9.0, affecting the ./inc/kiosks.inc component. This vulnerability permits remote attackers to execute arbitrary code by exploiting the addressforcurrentkiosk function. The issue...
ESET NOD32 Antivirus 17.0.16.0 Unquoted Service Path
Exploit Title: ESET NOD32 Antivirus 17.0.16.0 - Unquoted Service Path Exploit Author: Milad Karimi Ex3ptionaL Exploit Date: 2024-04-01 Vendor : https://www.eset.com Version : 17.0.16.0 Tested on OS: Microsoft Windows 10 pro x64 C:\wmic service get name,displayname,pathname,startmode |findstr /i...
Solar FTP Server 2.1.1 Denial Of Service
!/usr/bin/python Exploit Title: Solar FTP Server 2.1.1 PASV Command - Denial of Service DoS Discovery by: Fernando Mengali Discovery Date: 31 january 2024 Vendor Homepage: N/A Download to demo: Notification vendor: No reported Tested Version: Solar FTP Server 2.1.1 Tested on: Window XP Profession...
minaliC 2.0.0 Denial Of Service
!/usr/bin/perl use Socket; Exploit Title: minaliC 2.0.0 - Denial of Service DoS Discovery by: Fernando Mengali Discovery Date: 03 january 2024 Vendor Homepage: http://minalic.sourceforge.net/ Download to demo: https://drive.google.com/file/d/1WoDbps6up2s5Xa40YXDSABRU9J17yRQd/view?usp=sharing...
Inosoft VisiWin 7 2022-2.1 Insecure Permissions / Privilege Escalation
Exploit Title: Inosoft VisiWin 7 2022-2.1 - Insecure Folders Permissions Privilege Escalation Date: 2023-08-09 Exploit Author: Carlo Di Dato for Deloitte Risk Advisory Italia Vendor Homepage: https://www.inosoft.com/ Version: Up to 2022-2.1 Runtime RT7.3 RC3 20221209.5 Tested on: Windows CVE:...