50738 matches found
vBulletin 5.2.2 / 4.2.3 / 3.8.9 Server Side Request Forgery
============================================= - Discovered by: Dawid Golunski - http://legalhackers.com - dawid at legalhackers.com - CVE-2016-6483 - Release date: 05.08.2016 - Severity: High ============================================= I. VULNERABILITY ------------------------- vBulletin = 5.2....
๐ Online Exam Mastering System 1.0 Cross Site Scripting
Online Exam Mastering System version 1.0 suffers from a cross site scripting vulnerability. Exploit Title: code-projects Online Exam Mastering System 1.0 - Reflected Cross-Site Scripting XSS Google Dork: inurl:/exam/feedback.php Date: 2025-04-19 Exploit Author: Pruthu Raut Vendor Homepage:...
๐ Apache Commons Text 1.10.0 Remote Code Execution
Apache Commons Text version 1.10.0 suffers from a remote code execution vulnerability. Exploit Title: Apache Commons Text 1.10.0 - Remote Code Execution Text4Shell - POST-based Date: 2025-04-17 Exploit Author: Arjun Chaudhary Vendor Homepage: https://commons.apache.org/proper/commons-text/ Softwa...
ABB Cylon FLXeon 9.3.4 cmds.js Authenticated Root Remote Code Execution
ABB Cylon FLXeon version 9.3.4 is vulnerable to authenticated root command execution via the cmds API. An authenticated attacker can execute arbitrary system commands with root privileges. !/usr/bin/env python3 ABB Cylon FLXeon 9.3.4 cmds.js Authenticated Root Remote Code Execution Vendor: ABB Lt...
Simple Chat System 1.0 Cross Site Scripting
Exploit Title:Simple Chat System 1.0 Reflected XSS Date:05/12/2024 Exploit Author:Merve Hatice Arslan Vendor Homepage:https://code-projects.org/simple-chat-system/ Sofware Link:https://download.code-projects.org/details/ec6340ea-ef68-48d9-b9b2-da397f52b2dc Version:1.0 Tested on:Linux / XAMPP...
Teacher Subject Allocation Management System 1.0 Cross Site Scripting
==================================================================================================================================== | Title : Teacher Subject Allocation Management System 1.0 XSS Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox...
Emergency Ambulance Hiring Portal 1.0 WYSIWYG Code Injection
============================================================================================================================================= | Title : Emergency Ambulance Hiring Portal 1.0 WYSIWYG code injection Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser :...
Orange Station 1.0 Shell Upload
Title: ORANGE STATION-1.0 File Upload Remote Code Execution Vulnerability Author: nu11secur1ty Date: 03/26/2024 Vendor: https://www.mayurik.com/ Software: https://www.sourcecodester.com/php/15485/garage-management-system-using-phpmysql-source-code.html Reference:...
Online Nurse Hiring System 1.0 SQL Injection
Exploit Title: Online Nurse Hiring System 1.0 - 'bookid' Time-Based SQL Injection Date: 03/10/2023 Exploit Author: Alperen Yozgat Vendor Homepage: https://phpgurukul.com/online-nurse-hiring-system-using-php-and-mysql Software Link: https://phpgurukul.com/?sdmprocessdownload=1&downloadid=17826...
PHPJabbers Appointment Scheduler 3.0 HTML Injection
Exploit Title: PHPJabbers Appointment Scheduler v3.0 - Multiple HTML Injection Date: 19/11/2023 Exploit Author: BugsBD Limited Discover by: Rahad Chowdhury Vendor Homepage: https://www.phpjabbers.com/ Software Link: https://www.phpjabbers.com/appointment-scheduler/ Version: v3.0 Tested on: Window...
ImgHosting 1.3 Cross Site Scripting
==================================================================================================================================== | Title : ImgHosting v1.3 XSS Vulnerability | | Author : indoushka | | Tested on : windows 10 Franรงais V.Pro / browser : Mozilla firefox 65.032-bit | | Vendor :...
BookingWizz 6.0.1 Information Disclosure
==================================================================================================================================== | Title : BookingWizz v6.0.1 sensitive information disclosure Vulnerability | | Author : indoushka | | Tested on : windows 10 Franรงais V.Pro / browser : Mozilla...
DMIS:CRI LMS 2.0 SQL Injection
==================================================================================================================================== | Title : DMIS:CRI LMS V2.0 SQL Injection Vulnerability | | Author : indoushka | | Tested on : windows 10 Franรงais V.Pro / browser : Mozilla firefox 67.0.164-bit | ...
TP-Link TL-WR740N Directory Traversal
Exploit Title: TP-Link TL-WR740N - Authenticated Directory Transversal Date: 13/7/2023 Exploit Author: Anish Feroz Zeroxinn Vendor Homepage: http://www.tp-link.com Version: TP-Link TL-WR740n 3.12.11 Build 110915 Rel.40896n Tested on: TP-Link TL-WR740N...
Polycom BToE Connector 4.4.0.0 Buffer Overflow / Man-In-The-Middle
Microsoftยฎ Lyncโข Better Together over Ethernet BToE feature on Polycomยฎ VVXยฎ business media. phones enables you to control phone activity from your computer using your Lync client. The BToE feature enables you to place, answer, and hold audio and video calls from your Polycom VVX phone and your...
Epson Stylus SX510W Denial Of Service
Exploit Title: Epson Stylus SX510W Printer Remote Power Off - Denial of Service PoC Discovery by: Rafael Pedrero Discovery Date: 2020-05-16 Vendor Homepage: https://www.epson.es/ Software Link : https://www.epson.es/products/printers/inkjet-printers/for-home/epson-stylus-sx510w Tested Version:...
Multi-Vendor Online Groceries Management System 1.0 Remote Code Execution
Exploit Title: Multi-Vendor Online Groceries Management System 1.0 - Remote Code Execution RCE Date: 4/23/2023 Author: Or4nG.M4n Vendor Homepage: https://www.sourcecodester.com/ Software Link:...
Roxy WI 6.1.1.0 Remote Code Execution
ADVISORY INFORMATION Exploit Title: Roxy WI v6.1.1.0 - Unauthenticated Remote Code Execution RCE via sslcert Upload Date of found: 21 July 2022 Application: Roxy WI .oastify.com;...
CVAT 2.0 Server-Side Request Forgery
Exploit Title: CVAT 2.0 - SSRF Server Side Request Forgery Exploit Author: Emir Polat Vendor Homepage: https://github.com/opencv/cvat Version: 2.0.0 Tested On: Version 1.7.0 - Ubuntu 20.04.4 LTS GNU/Linux 5.4.0-122-generic x8664 CVE: CVE-2022-31188 Description: CVAT is an opensource interactive...
Mobile Mouse Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Mobile Mouse RCE', 'Description' = %q This module utilizes the Mobile Mouse Server by RPA Technologies, Inc protocol to deploy a payload and run ...
WordPress Sabai Discuss 1.4.13 Cross Site Scripting
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ โโ C r a C k E r โโ โโ T H E C R A C K O F E T E R N A L M I G H T โโ โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ โโโโโ From The Ashes and Dust Rises An...
Trend Micro Virtual Mobile Infrastructure 6.0.1278 Denial Of Service
Exploit Title: Trend Micro Virtual Mobile Infrastructure TMVMI version 6 - Denial of Service PoC Date: 24/03/2022 Exploit Author: Saud Alenazi Vendor Homepage: https://www.trendmicro.com/ Software Link: App Store for iOS devices Version: 6.0.1278 Tested: iPhone 6 iOS 12.4.7 Vulnerability Type:...
WordPress Catch Themes Demo Import Shell Upload
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Wordpress Plugin Catch Themes Demo Import RCE', 'Description' = %q The Wordpress Plugin Catch Themes Demo Import versions MSFLICENSE, 'Author' =...
Backdoor.Win32.Bifrose.ahyg Insecure Permissions
Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/d6aff119c03ff378d386b30b36b07a69.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Bifrose.ahyg Vulnerability: Insecure Permissions Description: The malware creates an...
PlaceOS 1.2109.1 Open Redirection
Exploit Title: PlaceOS 1.2109.1 - Open Redirection Date: 29-09-2021 Exploit Author: Hamza Khedr @ Accenture Austalia AARO Team Vendor Homepage: https://place.technology/ Software Link: https://github.com/PlaceOS Version: 1.29.10 Tested on: Ubuntu 20.04 CVE: CVE-2021-41826 PoC:...
Pi-Hole Remove Commands Linux Privilege Escalation
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Pi-Hole Remove Commands Linux Priv Esc', 'Description' = %q Pi-Hole versions 3.0 - 5.3 allows for command line input to the removecustomcname,...
Backdoor.Win32.Surila.j Authentication Bypass
Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/b1cec4b806c71c82bbd9002bdaf21d1fB.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Surila.j Vulnerability: Authentication Bypass Description: The malware listens on...
SuiteCRM Log File Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'SuiteCRM Log File Remote Code Execution', 'Description' = %q This module exploits an input validation error on the log file extension parameter. ...
Backdoor.Win32.Agent.dcbh Insecure Permissions / Privilege Escalation
Discovery / credits: malvuln - Malvuln.com c 2021 Original source: https://malvuln.com/advisory/bba63df41adcf2cf80c74e4a62539d44.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Agent.dcbh Vulnerability: Insecure Permissions EoP Description: Drops an executable...
Gitea 1.7.5 Remote Code Execution
Exploit Title: Gitea 1.7.5 - Remote Code Execution Date: 2020-05-11 Exploit Author: 1F98D Original Author: LoRexxar Software Link: https://gitea.io/en-us/ Version: Gitea before 1.7.6 and 1.8.x before 1.8-RC3 Tested on: Debian 9.11 x64 CVE: CVE-2019-11229 References:...
Nxlog Community Edition 2.10.2150 Denial Of Service
Exploit Title: Nxlog Community Edition 2.10.2150 - DoS Poc Date: 15/12/2020 Exploit Author: Guillaume PETIT Vendor Homepage: https://nxlog.co Software Link: https://nxlog.co/products/nxlog-community-edition/download Version: 2.10.2150 Tested on: Linux Debian 10 && Windows Server 2019...
Verint Impact 360 15.1 Open Redirect
!-- Exploit Title: Verint Impact 360 onLogin open redirect Date: 7-13-2020 Exploit Author: Ryan Delaney Author Contact: [email protected] Author LinkedIn: https://www.linkedin.com/in/infosecrd/ Vendor Homepage: https://www.verint.com/ Software Link:...
Microsoft Office365 Protection Bypass / Remote Code Execution
Exploit Title: Microsoft Office365 Remote Code Execution Vulnerability Date: 2/11/19 Exploit Author: Social Engineering Neo - @EngineeringNeo Vendor Homepage: https://microsoft.com Software Link: https://office.com Version: Office365/ProPlus build 16.0.11727.20222, 16.0.11901.20170,...
SugarCRM 9.0.1 Broken Access Controls
---------------------------------------------------------------- SugarCRM = 9.0.1 Multiple Broken Access Control Vulnerabilities ---------------------------------------------------------------- - Software Link: https://www.sugarcrm.com - Affected Versions: Version 9.0.1 and prior versions, 8.0.3...
Drupal 8.6.9 REST Remote Code Execution
!/usr/bin/env python3 CVE-2019-6340 Drupal = 8.6.9 REST services RCE PoC 2019 @leonjza Technical details for this exploit is available at: https://www.drupal.org/sa-core-2019-003 https://www.ambionics.io/blog/drupal8-rce https://twitter.com/jcran/status/1099206271901798400 Sample usage: $ python...
SureMDM Local / Remote File Inclusion
Exploit Title: SureMDM LFI/RFI Prior to 2018-11 Patch Google Dork: inurl:/api/DownloadUrlResponse.ashx Date: 2019-02-01 Exploit Author: Digital Interruption Vendor Homepage: https://www.42gears.com/ Software Link: https://www.42gears.com/products/suremdm-home/ Version: Versions prior to the...
mamboserverstat044.txt
=-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-= + +Mambo comserverstat Component =0.4.4 Remote File Include Vulnerability + =-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-= + +Author: xoron turkish hacker +...
๐ Spring Boot common-user-management 0.1 Shell Upload
Spring Boot common-user-management version 0.1 suffers from a remote shell upload vulnerability. Exploit Title: Unrestricted File Upload Google Dork: Date: 14/Nov/2024 Exploit Author: d3sca Vendor Homepage: https://github.com/OsamaTaher/Java-springboot-codebase Software Link:...
asteval 1.06 Arbitrary Code Execution / Sandbox Escape
An attacker who can pass input to the asteval library, when this is used with numpy functions in the symbol table the default setting, can bypass restrictions and execute arbitrary code as the user who ran the python process. Versions 1.06 and below are affected. CVE pending Sandboxing Python is...
3DSecure 2.0 3DS Authorization Challenge Cross Site Scripting
Product: 3DSecure 2.0 Manufacturer: Redsys Affected Versions: 3DSecure 2.0 3DS Authorization Challenge Tested Versions: 3DSecure 2.0 3DS Authorization Challenge Vulnerability Type: Cross-Site Scripting XSS Risk Level: Medium Solution Status: Not yet fixed Manufacturer Notification: 2024-01-17...
SPIP 4.2.11 Code Execution
============================================================================================================================================= | Title : SPIP 4.2.11 PHP Code execution Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 129.0.1 64 bits ...
AccPack Khanepani 1.0 SQL Injection
============================================================================================================================================= | Title : AccPack Khanepani v1.0 Auth By Pass Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 125.0.1 64...
Backdrop CMS 1.23.0 Cross Site Scripting
Exploit Title: Backdrop CMS 1.23.0 - Stored Cross-Site Scripting - Post Body Field Date: 2023-08-21 Exploit Author: Sinem ลahin Vendor Homepage: https://backdropcms.org/ Version: 1.23.0 Tested on: Windows & XAMPP == Tutorial http://HOST/backdrop/node/add/post 2- Write your xss payload in the body...
Lot Reservation Management System 1.0 Shell Upload
Exploit Title: Lot Reservation Management System Unauthenticated File Upload and Remote Code Execution Google Dork: N/A Date: 10th December 2023 Exploit Author: Elijah Mandila Syoyi Vendor Homepage:...
ImgHosting 1.3 SQL Injection
==================================================================================================================================== | Title : ImgHosting v1.3 Sql Injection Vulnerability | | Author : indoushka | | Tested on : windows 10 Franรงais V.Pro / browser : Mozilla firefox 65.032-bit | |...
Freefloat FTP Server 1.0 Buffer Overflow
Exploit title: Freefloat FTP Server 1.0 - 'PWD' Remote Buffer Overflow Date: 08/22/2023 Exploit Author: Waqas Ahmed Faroouqi ZEROXINN Vendor Homepage: http://www.freefoat.com Version: 1.0 Tested on Windows XP SP3 !/usr/bin/python import socket Metasploit Shellcode msfvenom -p...
Kingo ROOT 1.5.8 Unquoted Service Path
Exploit Title: Kingo ROOT 1.5.8 - Unquoted Service Path Date: 8/22/2023 Exploit Author: Anish Feroz ZEROXINN Vendor Homepage: https://www.kingoapp.com/ Software Link: https://www.kingoapp.com/android-root/download.htm Version: 1.5.8.3353 Tested on: Windows 10 Pro -------------Discovering Unquoted...
Blogator Script 0.93 Insecure Settings
==================================================================================================================================== | Title : Blogator script v 0.93 Reinstall default Password Vulnerability | | Author : indoushka | | Tested on : windows 10 Franรงais V.Pro / browser : Mozilla firef...
Multirent Multivendor Equipment Rental 1.0 Cross Site Scripting
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ โโ C r a C k E r โโ โโ T H E C R A C K O F E T E R N A L M I G H T โโ โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ โโโโโ From The Ashes and Dust Rises An...
TinyWebGallery 2.5 Cross Site Scripting
Exploit Title: TinyWebGallery v2.5 - Stored Cross-Site Scripting XSS Application: TinyWebGallery Version: v2.5 Bugs: Stored Xss Technology: PHP Vendor URL: http://www.tinywebgallery.com/ Software Link: https://www.tinywebgallery.com/download.php?tinywebgallery=latest Date of found: 07-05-2023...