50738 matches found
Petrol Pump Management Software 1.0 Shell Upload
Exploit Title: Petrol pump management software - File Upload Remote Code Execution RCE unauthenticated Google Dork: N/A Application: Petrol pump management software Date: 20.02.2024 Bugs: File Upload Remote Code Execution RCE unauthenticated Exploit Author: SoSPiro Vendor Homepage:...
October CMS 3.4.0 Category Cross Site Scripting
OctoberCMS v3.4.0 Category Stored Cross-Site Scripting Vulnerability Vendor: October CMS Product web page: https://www.octobercms.com Affected version: 3.4.0 Summary: OctoberCMS is a self-hosted content management system CMS based on the PHP programming language and Laravel web application...
OpenPLC WebServer 3 Denial Of Service
Exploit Title: OpenPLC WebServer 3 - Denial of Service Date: 10.09.2023 Exploit Author: Kai Feng Vendor Homepage: https://autonomylogic.com/ Software Link: https://github.com/thiagoralves/OpenPLCv3.git Version: Version 3 and 2 Tested on: Ubuntu 20.04 import requests import sys import time import...
Wp2Fac 1.0 Command Injection
Exploit Title: Wp2Fac v1.0 - OS Command Injection Date: 2023-08-27 Exploit Author: Ahmet Ümit BAYRAM Vendor: https://github.com/metinyesil/wp2fac Tested on: Kali Linux & Windows 11 CVE: N/A import requests def sendpostrequesthost, revshell: url = f'http://host/send.php' headers = 'User-Agent':...
mooDating 1.2 Cross Site Scripting
Exploit Title: mooDating 1.2 - Reflected XSS Exploit Author: CraCkEr aka skalvin Date: 22/07/2023 Vendor: mooSocial Vendor Homepage: https://moodatingscript.com/ Software Link: https://demo.moodatingscript.com/home Tested on: Windows 10 Pro Impact: Manipulate the content of the site CVE:...
Anevia Flamingo XS 3.6.5 Authenticated Root Remote Code Execution
Anevia Flamingo XS 3.6.5 Authenticated Root Remote Code Execution Vendor: Ateme Product web page: https://www.ateme.com Affected version: 3.6.5 Hardware revision: 1.1 SoapLive 2.4.0 SoapSystem 1.3.1 Summary: Flamingo XL, a new modular and high-density IPTV head-end product for hospitality and...
Pydio Cells 4.1.2 Server-Side Request Forgery
For longer running processes, Pydio Cells allows for the creation of jobs, which are run in the background. The job "remote-download" can be used to cause the backend to send a HTTP GET request to a specified URL and save the response to a new file. The response file is then available in a...
Spryker Commerce OS 1.0 SQL Injection
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Title ===== SCHUTZWERK-SA-2023-001: SQL Injection in Spryker Commerce OS Status ====== PUBLISHED Version ======= 1.0 CVE reference ============= CVE-2023-27568 Link ==== https://www.schutzwerk.com/advisories/schutzwerk-sa-2023-001/ Text-only version...
Aigital Wireless-N Repeater Mini_Router.0.131229 Authentication Bypass
Exploit Title: Aigital Wireless-N Repeater - Login Bypass Exploit Author: Matteo Mandolini Date : 13/04/2023 Vendor Homepage: https://web.archive.org/web/20220625053314/https://www.aigital.com/ Version: MiniRouter.0.131229 Login bypass The device web application relies on a time-based mechanism t...
WEBY 1.2.5 Cross Site Request Forgery
==================================================================================================================================== | Title : WEBY v.1.2.5 CSRF Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 108.0.132-bit | | Vendor :...
Courier Deprixa 2.5 Backdoor Account
==================================================================================================================================== | Title : COURIER DEPRIXA V2.5 Backdoor Account Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox...
Online Birth Certificate Management System 1.0 Cross Site Scripting
Exploit Title: Online Birth Certificate Management System - Stored Cross-Site Scripting XSS Google Dork: N/A Date: 2022-9-27 Exploit Author: yousef alraddadi - https://twitter.com/y0usef11 Vendor Homepage:...
SACCO-2022 SQL Injection
Title: SACCO-2022 SQLi Author: nu11secur1ty Date: 08.27.2022 Vendor: https://www.mayurik.com/ Software: https://www.sourcecodester.com/php/15372/open-source-sacco-management-system-free-download.html Reference: https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/mayurik/2022/SACCO...
Laundry Management System 1.0 SQL Injection
Exploit Title: Laundry Management System 1.0 - Authenticated SQL Injection Date: 29-06-2022 Exploit Author: syad Vendor Homepage: https://www.sourcecodester.com Software Link: https://www.sourcecodester.com/sites/default/files/download/oretnom23/php-cilaundry.zip Version: 1.0 Tested on: Windows 1...
Magento eCommerce CE 2.3.5-p2 SQL Injection
Exploit Title: Magento eCommerce CE v2.3.5-p2 - Blind SQLi Date: 2021-4-21 Exploit Author: Aydin Naserifard Vendor Homepage: https://www.adobe.com/ Software Link: https://github.com/magento/magento2/releases/tag/2.3.5-p2 Version: 2.3.5-p2 Tested on: 2.3.5-p2 POC: 1PUT...
WordPress Learnpress 4.1.4.1 Arbitrary Image Renaming
Exploit Title: WordPress Plugin Learnpress 4.1.4.1 - Arbitrary Image Renaming Date: 08-01-2022 Exploit Author: Ceylan Bozogullarindan Author Webpage: https://bozogullarindan.com Vendor Homepage: https://thimpress.com/ Software Link: https://thimpress.com/learnpress-plugin/ Version: 4.1.4.1 Tested...
WordPress Popular Posts 5.3.2 Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Wordpress Popular Posts Authenticated RCE', 'Description' = %q This exploit requires Metasploit to have a FQDN and the ability to run a payload w...
Zucchetti Axess CLOKI Access Control 1.64 Cross Site Request Forgery
!-- Zucchetti Axess CLOKI Access Control 1.64 CSRF Disable Access Control Vendor: Zucchetti Axess S.p.A. Product web page: https://www.axesstmc.com Affected version: 1.64 1.63 1.54 Summary: CLOKI is the pre-installed application on our terminals that provides simple to use access control manageme...
Student Quarterly Grading System 1.0 Cross Site Scripting
Exploit Title: Student Quarterly Grading System 1.0 - 'grade' Stored Cross-Site Scripting XSS Date: 11.10.2021 Exploit Author: Hüseyin Serkan Balkanli Vendor Homepage: https://www.sourcecodester.com/php/14953/student-quarterly-grading-system-using-php-and-sqlite-free-source-code.html Software Lin...
VMware vCenter Server Analytics (CEIP) Service File Upload
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'VMware vCenter Server Analytics CEIP Service File Upload', 'Description' = %q This module exploits a file upload in VMware vCenter Server's...
Riak Insecure Default Configuration / Remote Command Execution
Riak KV Insecure Default Cookie RCE ===== Intro ===== Riak is a NoSQL key-value database that is built to maximize data availability and performance, especially useful for eg. big data environments. It's built to survive data and network failures with design principles similar to DynamoDB while...
Backdoor.Win32.Zombam.gen Cross Site Scripting
Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/ff6516c881dee555b0cd253408b64404.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Zombam.gen Vulnerability: Cross Site Scripting XSS Description: Zombam malware listen...
OpenCart 3.0.3.7 Cross Site Request Forgery
Exploit Title : OpenCart 3.0.3.7 - 'Change Password' Cross-Site Request Forgery CSRF Date : 2021/08/06 Exploit Author : Mert Daş [email protected] Software Link : http://www.opencart.com/index.php?route=download/download : https://github.com/opencart Software web : www.opencart.com Tested on...
Sandboxie Plus 0.7.4 Unquoted Service Path
Exploit Title: Sandboxie Plus 0.7.4 - 'SbieSvc' Unquoted Service Path Discovery by: Erick Galindo Discovery Date: 2020-05-06 Vendor Homepage: https://github.com/sandboxie-plus/Sandboxie/releases/download/0.7.4/Sandboxie-Plus-x64-v0.7.4.exe Tested Version: 0.7.4 Vulnerability Type: Unquoted Servic...
DzzOffice 2.02.1 Cross Site Scripting
Exploit Title: XSS attack app/setting in DzzOffice-2.02.1 Author: @nu11secur1ty Testing and Debugging: @nu11secur1ty, g3ck0dr1v3r Date: 04.23.2021 Vendor: http://www.dzzoffice.com/ Link: https://github.com/zyx0814/dzzoffice CVE: CVE-2021-3318 + Exploit Source: !/usr/bin/python3 Author:...
Print Job Accounting 4.4.10 Unquoted Service Path
Exploit Title: Print Job Accounting 4.4.10 - 'OkiJaSvc' Unquoted Service Path Discovery by: Brian Rodriguez Date: 07-03-2021 Vendor Homepage: https://www.oki.com Software Links:...
Trojan.Win32.Hotkeychick.am Insecure Permissions
Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/5ea9840970e78188f73eb1763363eeac.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Trojan.Win32.Hotkeychick.am Vulnerability: Insecure Permissions Description: The trojan creates an...
Packed.Win32.Katusha.o Insecure Permissions
Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/e184abe44bec183a522d2c66bc3f90e0.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Packed.Win32.Katusha.o Ransomeware Vulnerability: Insecure Permissions EoP Description: The malware...
House Rental And Property Listing 1.0 Cross Site Scripting
Exploit Title: House Rental and Property Listing 1.0 - Multiple Stored XSS Tested on: Windows 10 Exploit Author: Mohamed habib Smidi Craniums Date: 2020-12-28 Google Dork: N/A Vendor Homepage: https://www.sourcecodester.com/php/14649/house-rental-and-property-listing-php-full-source-code.html...
HiSilicon Video Encoder Malicious Firmware Code Execution
!/usr/bin/env bash Exploit Title: HiSilicon video encoders - RCE via unauthenticated upload of malicious firmware Date: 2020-09-20 Exploit Author: Alexei Kojenov Vendor Homepage: multiple vendors Software Link: N/A Version: vendor-specific Tested on: Linux CVE: CVE-2020-24217 Vendors: URayTech,...
Sangoma SBC 2.3.23-119-GA Unauthenticated User Creation
Introduction Description A remotely exploitable vulnerability exists in the 2.3.23-119-GA version of Sangoma SBC that would allow an unauthenticated user to create a privileged user on the system using the web application login interface. Vulnerability Type - Argument Injection or Modification...
Jenkins Dependency Graph View 0.13 Cross Site Scripting
Exploit Title: Persistent XSS - Dependency Graph View Pluginv0.13 Vendor Homepage: https://wiki.jenkins.io/display/JENKINS/Dependency+Graph+View+Plugin Exploit Author: Ishaq Mohammed Contact: https://twitter.com/securityprince Website: https://about.me/security-prince Category: webapps Platform:...
ABB Cylon FLXeon 9.3.4 users.js Authenticated Root Remote Code Execution
ABB Cylon FLXeon version 9.3.4 is vulnerable to authenticated remote root code execution via the /api/users/password endpoint. An attacker with valid credentials can inject arbitrary system commands by manipulating the newPassword PUT parameter. The issue arises in users.js, where the new passwor...
ABB Cylon FLXeon 9.3.4 login.js Unauthenticated Root Remote Code Execution
ABB Cylon FLXeon version 9.3.4 suffers from an unauthenticated remote code execution vulnerability with root privileges. Input passed through the login.js script for the password JSON parameter allows out-of-band command injection. !/usr/bin/env python3 ABB Cylon FLXeon 9.3.4 login.js...
Backdoor.Win32.Optix.02.b MVID-2024-0690 Hardcoded Credential
Discovery / credits: Malvuln John Page aka hyp3rlinx c 2024 Original source: https://malvuln.com/advisory/706ddc06ebbdde43e4e97de4d5af3b19.txt Contact: [email protected] Media: x.com/malvuln Threat: Backdoor.Win32.Optix.02.b Vulnerability: Weak Hardcoded Credentials Description: Optix listens o...
Squid Proxy Range Header Denial of Service
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Squid Proxy Range Header DoS', 'Description' = %q The range handler in The Squid Caching Proxy Server 3.0-4.1.4 and 5.0.1-5.0.5 suffers from...
SOPlanning 1.52.00 SQL Injection
Exploit Title: SOPlanning v1.52.00 'projets.php' SQLi Application: SOPlanning Version: 1.52.00 Date: 4/22/24 Exploit Author: Joseph McPeters Liquidsky Vendor Homepage: https://www.soplanning.org/en/ Software Link: https://sourceforge.net/projects/soplanning/ Tested on: Linux CVE: Not yet assigned...
WordPress Neon Text 1.1 Cross Site Scripting
Exploit Title: Wordpress Plugin Neon Text = 1.1 - Stored Cross Site Scripting XSS Date: 2023-11-15 Exploit Author: Eren Car Vendor Homepage: https://www.eralion.com/ Software Link: https://downloads.wordpress.org/plugin/neon-text.zip Category: Web Application Version: 1.0 Tested on: Debian /...
Microsoft Windows 11 apds.dll DLL Hijacking
--------------------------------------------------------- Title: Microsoft Windows 11 - 'apds.dll' DLL hijacking Forced Date: 2023-09-01 Author: Moein Shahabi Vendor: https://www.microsoft.com Version: Windows 11 Pro 10.0.22621 Tested on: Windows 11x64 eng...
Invasor Diagonal CMS 1.0 Cross Site Scripting
==================================================================================================================================== | Title : Invasor Diagonal CMS 1.0 XSS Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 63.0.3 32-bit | |...
Color Prediction Game 1.0 SQL Injection
Exploit Title: Color Prediction Game v1.0 - SQL Injection Date: 2023-08-12 Exploit Author: Ahmet Ümit BAYRAM Vendor: https://www.codester.com/items/44411/color-prediction-game-php-script Tested on: Kali Linux & MacOS CVE: N/A Request POST /loginNow.php HTTP/1.1 Host: localhost Cookie:...
EMH CMS 0.1 Cross Site Scripting
==================================================================================================================================== | Title : EMH CMS v0.1 XSS Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 66.0.364-bit | | Vendor :...
EMIS WEB School CMS 1 SQL Injection
==================================================================================================================================== | Title : EMIS WEB School CMS V 1 blind SQL injection Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox...
Bigware Shop 2.3 Cross Site Scripting
==================================================================================================================================== | Title : Bigware Shop v2.3 XSS Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 66.0.264-bit | | Vendor :...
HiSecOS 04.0.01 Privilege Escalation
Exploit Title: HiSecOS 04.0.01 - Privilege Escalation Google Dork: HiSecOS Web Server Vulnerability Allows User Role Privilege Escalation Date: 21.06.2023 Exploit Author: dreizehnutters Vendor Homepage:...
Ulicms 2023.1 Create Administrator
Exploit Title: Ulicms 2023.1 - create admin user via mass assignment Application: Ulicms Version: 2023.1-sniffing-vicuna Bugs: create admin user via mass assignment Technology: PHP Vendor URL: https://en.ulicms.de/ Software Link:...
PHPJabbers Simple CMS 5.0 Cross Site Scripting
Exploit Title: PHPJabbers Simple CMS V5.0 - Stored Cross-Site Scripting XSS Date: 2023-04-29 Exploit Author: Ahmet Ümit BAYRAM Vendor Homepage: https://www.phpjabbers.com/faq.php Software Link: https://www.phpjabbers.com/simple-cms/ Version: 5.0 Tested on: Kali Linux Steps to Reproduce - Please...
Sielco Radio Link 2.06 Improper Access Control
!-- This will set/modify user1 p...
pfsenseCE 2.6.0 Protection Bypass
!/usr/bin/python3 Exploit Title: pfsenseCE v2.6.0 - Anti-brute force protection bypass Google Dork: intitle:"pfSense - Login" Date: 2023-04-07 Exploit Author: FabDotNET Fabien MAISONNETTE Vendor Homepage: https://www.pfsense.org/ Software Link:...
WebTareas 2.4 SQL Injection
Exploit Title: WebTareas 2.4 - SQL Injection Unauthorised Date: 15/10/2022 Exploit Author: Hubert Wojciechowski Contact Author: [email protected] Vendor Homepage: https://sourceforge.net/projects/webtareas/ Software Link: https://sourceforge.net/projects/webtareas/ Version: 2.4 Testeted on:...