50738 matches found
PHPJabbers Appointment Scheduler 2.3 Cross Site Scripting
Exploit Title: PHPJabbers Appointment Scheduler 2.3 - Reflected XSS Cross-Site Scripting Date: 2020-12-14 Exploit Author: Andrea Intilangelo Vendor Homepage: https://www.phpjabbers.com Software Link: https://www.phpjabbers.com/appointment-scheduler Version: 2.3 Tested on: Latest Version of Deskto...
File Sharing Wizard 1.5.0 SEH Buffer Overflow
import socket from struct import Exploit Title: File sharing wizard 'post' remote SEH overflow Date: 9/23/2019 Exploit Author: x00pwn Software Link: https://file-sharing-wizard.soft112.com/ Version: 1.5.0 Tested on: Windows 7 CVE : CVE-2019-16724 File-sharing-wizard-seh...
Jenkins Dependency Graph View 0.13 Cross Site Scripting
Exploit Title: Persistent XSS - Dependency Graph View Pluginv0.13 Vendor Homepage: https://wiki.jenkins.io/display/JENKINS/Dependency+Graph+View+Plugin Exploit Author: Ishaq Mohammed Contact: https://twitter.com/securityprince Website: https://about.me/security-prince Category: webapps Platform:...
Joomla JComments 2.10.0 Cross Site Scripting
Vulnerability ID: HTB22368 Reference: http://www.htbridge.ch/advisory/xssvulnerabilityinjcommentsjoomla.html Product: JComments Vendor: JoomlaTune .com Vulnerable Version: 2.1.0.0 07/08/2009 and Probably Prior Versions Vendor Notification: 04 May 2010 Vulnerability Type: XSS Cross Site Scripting...
📄 BeyondTrust PRA / RS Unauthenticated Remote Code Execution
This Metasploit module exploit achieves unauthenticated remote code execution against BeyondTrust Privileged Remote Access PRA and Remote Support RS. It leverages three different vulnerabilities depending on the user-selected target. The default target leverages CVE-2026-1731, a direct command...
ABB Cylon FLXeon 9.3.4 login.js Unauthenticated Root Remote Code Execution
ABB Cylon FLXeon version 9.3.4 suffers from an unauthenticated remote code execution vulnerability with root privileges. Input passed through the login.js script for the password JSON parameter allows out-of-band command injection. !/usr/bin/env python3 ABB Cylon FLXeon 9.3.4 login.js...
WordPress REST API Content Injection
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'WordPress REST API Content Injection', 'Description' = %q This module exploits a content injection vulnerability in WordPress versions 4.7 and...
Piwigo CVE-2023-26876 Gather Credentials via SQL Injection
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Piwigo CVE-2023-26876 Gather Credentials via SQL Injection ', 'Description' = %q This module allows an authenticated user to retrieve the usernam...
Control ID IDSecure Authentication Bypass
class MetasploitModule 'Control iD iDSecure Authentication Bypass CVE-2023-6329', 'Description' = %q This module exploits an improper access control vulnerability CVE-2023-6329 in Control iD iDSecure 'Michael Heinzl', MSF Module 'Tenable' Discovery and PoC , 'References' = 'CVE', '2023-6329',...
AccPack Cop 1.0 SQL Injection
============================================================================================================================================= | Title : AccPack Cop v1.0 Auth By Pass Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 125.0.1 64 bits |...
Sitefinity 15.0 Cross Site Scripting
Exploit Title: Sitefinity 15.0 - Cross-Site Scripting XSS Date: 2023-12-05 Exploit Author: Aldi Saputra Wahyudi Vendor Homepage: https://www.progress.com/sitefinity-cms Version:...
HTMLy 2.9.6 Cross Site Scripting
Exploit Title: HTMLy Version : 2.9.6 - Stored XSS Exploit Author: tmrswrr Vendor Homepage: https://www.htmly.com/ Version 3.10.8.21 Date : 04/08/2024 1 Login admin https://127.0.0.1/HTMLy/admin/config 2 General Setting Blog title " 3 After save it you will be see xss alert...
Invasor Diagonal CMS 1.0 Cross Site Scripting
==================================================================================================================================== | Title : Invasor Diagonal CMS 1.0 XSS Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 63.0.3 32-bit | |...
Global Domains International 2.0 Cross Site Scripting
==================================================================================================================================== | Title : Global Domains International v2.0 XSS Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 63.0.3...
Color Prediction Game 1.0 SQL Injection
Exploit Title: Color Prediction Game v1.0 - SQL Injection Date: 2023-08-12 Exploit Author: Ahmet Ümit BAYRAM Vendor: https://www.codester.com/items/44411/color-prediction-game-php-script Tested on: Kali Linux & MacOS CVE: N/A Request POST /loginNow.php HTTP/1.1 Host: localhost Cookie:...
BookingWizz 5.5 Information Disclosure
==================================================================================================================================== | Title : BookingWizz v5.5 sensitive information disclosure Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firef...
CCOM Events CMS 0.1.02 SQL Injection
==================================================================================================================================== | Title : CCOM Events CMS v0.1.02 Sql injecion Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 66.0.264-b...
Bigware Shop 2.3 Cross Site Scripting
==================================================================================================================================== | Title : Bigware Shop v2.3 XSS Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 66.0.264-bit | | Vendor :...
3CX Open Standards Software IP PBX Thailand 2.0.3 Cross Site Scripting
==================================================================================================================================== | Title : 3CX Open Standards Software IP PBX Thailand v 2.0.3 XSS Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla...
WordPress WP Sticky Social 1.0.1 CSRF / Cross Site Scripting
Exploit Title: WP Sticky Social 1.0.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting XSS Dork: inurl:/admin/views/admin.php Date: 2023-06-20 Exploit Author: Amirhossein Bahramizadeh Category : Webapps Vendor Homepage: https://wordpress.org/plugins/wp-sticky-social Version: 1.0.1...
PHPJabbers Simple CMS 5.0 Cross Site Scripting
Exploit Title: PHPJabbers Simple CMS V5.0 - Stored Cross-Site Scripting XSS Date: 2023-04-29 Exploit Author: Ahmet Ümit BAYRAM Vendor Homepage: https://www.phpjabbers.com/faq.php Software Link: https://www.phpjabbers.com/simple-cms/ Version: 5.0 Tested on: Kali Linux Steps to Reproduce - Please...
OPSWAT Metadefender Core 4.21.1 Privilege Escalation
Exploit Title: OPSWAT Metadefender Core - Privilege Escalation Date: 24 October 2022 Exploit Author: Ulascan Yildirim Vendor Homepage: https://www.opswat.com/ Version: Metadefender Core 4.21.1 Tested on: Windows / Linux CVE : CVE-2022-32272...
WebTareas 2.4 SQL Injection
Exploit Title: WebTareas 2.4 - SQL Injection Unauthorised Date: 15/10/2022 Exploit Author: Hubert Wojciechowski Contact Author: [email protected] Vendor Homepage: https://sourceforge.net/projects/webtareas/ Software Link: https://sourceforge.net/projects/webtareas/ Version: 2.4 Testeted on:...
Trojan.Win32.Autoit.fhj MVID-2022-0637 Insecure Permissions
Discovery / credits: Malvuln John Page aka hyp3rlinx c 2022 Original source: https://malvuln.com/advisory/d871836f77076eeed87eb0078c1911c7.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Trojan.Win32.Autoit.fhj Vulnerability: Insecure Permissions Description: The malware write...
WordPress Netroics Blog Posts Grid 1.0 Cross Site Scripting
Exploit Title: Stored XSS in posttitle parameter in WordPress Plugin "Netroics Blog Posts Grid" v1.0 Date: 08/08/2022 Exploit Author: saitamang, syad, yunaranyancat Vendor Homepage: wordpress.org Software Link: https://downloads.wordpress.org/plugin/netroics-blog-posts-grid.zip Version: 1.0 Teste...
Backdoor.Win32.Bushtrommel.122 MVID-2022-0629 Authentication Bypass
Discovery / credits: Malvuln John Page aka hyp3rlinx c 2022 Original source: https://malvuln.com/advisory/76c09bc82984c7f7ef55eb13018e0d87.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Bushtrommel.122 Vulnerability: Authentication Bypass Description: The malwa...
Fruits-Bazar 2021 1.0 SQL Injection
Title: Fruits-Bazar 2021 v1.0 SQLi Author: nu11secur1ty Date: 06.29.2022 Vendor: https://github.com/creativesaiful Software: https://github.com/creativesaiful/Ecommerce-project-with-php-and-mysqli-Fruits-Bazar- Reference:...
WordPress CleanTalk 5.173 Cross Site Scripting
Description: Reflected Cross-Site Scripting Affected Plugin: Spam protection, AntiSpam, FireWall by CleanTalk Plugin Slug: cleantalk-spam-protect Plugin Developer: CleanTalk Affected Versions: = 5.173 CVE ID: CVE-2022-28221 CVSS Score: 6.1 Medium CVSS Vector:...
Backdoor.Win32.FTP.Ics Remote Command Execution
Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/584bc06128469423f9e50e8a359d18acB.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.FTP.Ics Vulnerability: Unauthenticated Remote Command Execution Description: The...
WebHMI 4.1.1 Remote Code Execution
Exploit Title: WebHMI 4.1.1 - Remote Code Execution RCE Authenticated Date: 03/01/2022 Exploit Author: Antonio Cuomo arkantolo Vendor Homepage: https://webhmi.com.ua/en/ Version: WebHMI 4.1.1.7662 Tested on: WebHMI-4.1.1.7662 !/usr/bin/python import sys import re import argparse import requests...
Subrion CMS 4.2.1 Cross Site Request Forgery
Exploit Title: Subrion CMS 4.2.1 - Cross Site Request Forgery CSRF Add Amin Date: 2022-02-09 Exploit Author: Aryan Chehreghani Vendor Homepage: https://subrion.org Software Link: https://subrion.org/download Version: 4.2.1 Tested on: Windows 10 About - Subrion CMS : Subrion is a PHP/MySQL based C...
Servisnet Tessa Authentication Bypass
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Servisnet Tessa - Add sysAdmin User Unauthenticated Metasploit', 'Description' = %q This module exploits an authentication bypass in Servisnet...
Pet Shop Management System 1.0 Privilege Escalation / Shell Upload
!/usr/bin/python3 Exploit Title: Pet Shop Management System v1.0 - Authenticated Privilege Escalation to Remote Code Execution Exploit Author: Oscar Gutierrez m4xp0w3r Date: October 01, 2021 Vendor Homepage:...
WordPress Database Backups 1.2.2.6 Cross Site Request Forgery
Exploit Title: WordPress Plugin Database Backups 1.2.2.6 - 'Database Backup Download' CSRF Date: 2/10/2021 Author: 0xB9 Software Link: https://wordpress.org/plugins/database-backups/ Version: 1.2.2.6 Tested on: Windows 10 CVE: CVE-2021-24174 1. Description: This plugin allows admins to create and...
Backdoor.Win32.Zombam.gen Buffer Overflow
Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/ff6516c881dee555b0cd253408b64404C.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Zombam.gen Vulnerability: Remote Stack Buffer Overflow Description: Zombam malware...
OpenCart 3.0.3.7 Cross Site Request Forgery
Exploit Title : OpenCart 3.0.3.7 - 'Change Password' Cross-Site Request Forgery CSRF Date : 2021/08/06 Exploit Author : Mert Daş [email protected] Software Link : http://www.opencart.com/index.php?route=download/download : https://github.com/opencart Software web : www.opencart.com Tested on...
10-Strike Bandwidth Monitor 3.9 Buffer Overflow
Exploit Title: 10-Strike Bandwidth Monitor 3.9 - ROP VirtualAlloc - Buffer Overflow SEH,DEP,ASLR Exploit Author: Bobby Cooke Date: June 7th, 2020 Vendor Site: https://www.10-strike.com/ Software Download: https://www.10-strike.com/bandwidth-monitor/bandwidth-monitor.exe Tested On: Windows 10 - Pr...
Integard Pro NoJs 2.2.0.9026 Remote Buffer Overflow
Exploit Title: Integard Pro NoJs 2.2.0.9026 - Remote Buffer Overflow Date: 2019-09-22 Exploit Author: purpl3f0xsecur1ty Vendor Homepage: https://www.tucows.com/ Software Link: http://www.tucows.com/preview/519612/Integard-Home Version: Pro 2.2.0.9026 / Home 2.0.0.9021 Tested on: Windows XP / Win7...
📄 Frigate NVR 0.16.3 Remote Command Execution
This Python exploit targets a critical configuration manipulation vulnerability in Frigate NVR versions up to 0.16.3 both authenticated and unauthenticated paths. By injecting a malicious go2rtc stream and a fake camera entry, it triggers arbitrary command execution as the Frigate process during...
ABB Cylon Aspect 3.07.02 sshUpdate.php Unauthenticated Remote SSH Service Control
ABB Cylon Aspect 3.07.02 sshUpdate.php Unauthenticated Remote SSH Service Control Vendor: ABB Ltd. Product web page: https://www.global.abb Affected version: NEXUS Series, MATRIX-2 Series, ASPECT-Enterprise, ASPECT-Studio Firmware: =3.07.02 Summary: ASPECT is an award-winning scalable building...
ABB Cylon Aspect 3.08.01 caldavUtil.php Remote Code Execution
ABB Cylon Aspect 3.08.01 caldavUtil.php Remote Code Execution Vendor: ABB Ltd. Product web page: https://www.global.abb Affected version: NEXUS Series, MATRIX-2 Series, ASPECT-Enterprise, ASPECT-Studio Firmware: =3.08.01 Summary: ASPECT is an award-winning scalable building energy management and...
MS09-020 IIS6 WebDAV Unicode Auth Bypass Directory Scanner
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'MS09-020 IIS6 WebDAV Unicode Auth Bypass Directory Scanner', 'Description' = %q This module is based on et's HTTP Directory Scanner module, with...
Cisco SSL VPN Bruteforce Login Utility
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Cisco SSL VPN Bruteforce Login Utility', 'Description' = % This module scans for Cisco SSL VPN web login portals and performs login brute force t...
Ivanti ADC 9.9 Authentication Bypass
Exploit Title: Ivanti vADC 9.9 - Authentication Bypass Date: 2024-08-03 Exploit Author: ohnoisploited Vendor Homepage: https://www.ivanti.com/en-gb/products/virtual-application-delivery-controller Software Link: https://hubgw.docker.com/r/pulsesecure/vtm Version: 9.9 Tested on: Linux Name Changes...
Telerik Report Server Authentication Bypass / Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'rex/zip' class MetasploitModule 'Telerik Report Server Auth Bypass and Deserialization RCE', 'Description' = %q This module chains an authentication bypass...
Check Point Security Gateway Information Disclosure
Exploit Title: Check Point Security Gateway - Information Disclosure Unauthenticated Exploit Author: Yesith Alvarez Vendor Homepage: https://support.checkpoint.com/results/sk/sk182336 Version: R77.20 EOL, R77.30 EOL, R80.10 EOL, R80.20 EOL, R80.20.x, R80.20SP EOL, R80.30 EOL, R80.30SP EOL, R80.40...
Kleeja 1.5.4 Cross Site Scripting
==================================================================================================================================== | Title : Kleeja v1.5.4 XSS Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 63.0.3 32-bit | | Vendor :...
Tinycontrol LAN Controller 3 Remote Credential Extraction
!/usr/bin/env python Tinycontrol LAN Controller v3 LK3 Remote Credentials Extraction PoC Vendor: Tinycontrol Product web page: https://www.tinycontrol.pl Affected version: this with a calendar when - then. The device provides a user interface in the form of a web page. The website presents readin...
Blood Donor Management System 1.0 Cross Site Scripting
Exploit Title: Blood Donor Management System - Stored XSS Application: Blood Donor Management System Version: v1.0 Bugs: Stored XSS Technology: PHP Vendor Homepage: https://phpgurukul.com/ Software Link: https://phpgurukul.com/blood-donor-management-system-using-codeigniter/ Date: 15.08.2023...
Adiscon LogAnalyzer 4.1.13 Cross Site Scripting
Exploit Title: Adiscon LogAnalyzer v.4.1.13 - Cross Site Scripting Date: 2023.Aug.01 Exploit Author: Pedro ISSDU TW Vendor Homepage: https://loganalyzer.adiscon.com/ Software Link: https://loganalyzer.adiscon.com/download/ Version: v4.1.13 and before Tested on: Linux CVE : CVE-2023-36306 There ar...