50738 matches found
Kleeja 1.5.4 Cross Site Scripting
==================================================================================================================================== | Title : Kleeja v1.5.4 XSS Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 63.0.3 32-bit | | Vendor :...
Tinycontrol LAN Controller 3 Remote Credential Extraction
!/usr/bin/env python Tinycontrol LAN Controller v3 LK3 Remote Credentials Extraction PoC Vendor: Tinycontrol Product web page: https://www.tinycontrol.pl Affected version: this with a calendar when - then. The device provides a user interface in the form of a web page. The website presents readin...
Adiscon LogAnalyzer 4.1.13 Cross Site Scripting
Exploit Title: Adiscon LogAnalyzer v.4.1.13 - Cross Site Scripting Date: 2023.Aug.01 Exploit Author: Pedro ISSDU TW Vendor Homepage: https://loganalyzer.adiscon.com/ Software Link: https://loganalyzer.adiscon.com/download/ Version: v4.1.13 and before Tested on: Linux CVE : CVE-2023-36306 There ar...
Nedal CMS 1.2 SQL Injection
==================================================================================================================================== | Title : Nedal CMS 1.2 Sql injection vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 63.0.3 32-bit | |...
Simple Customer Relationship Management CRM 2023 1.0 SQL Injection
Title: SCRMS-2023-05-27-1.0-Multiple-SQLi Author: nu11secur1ty Date: 05.27.2023 Vendor: https://github.com/oretnom23 Software: https://www.sourcecodester.com/php/15895/simple-customer-relationship-management-crm-system-using-php-free-source-coude.html Reference:...
WFTPD 3.25 Credential Disclosure
Exploit Title: WFTPD 3.25 - Unprotected Credential Storage Date: 04/01/2023 Exploit Author: golem445 Vendor Homepage: https://www.texis.com/ Tested on: Windows 10 CVE: CVE-2023-33263 Description: Usernames and hashes are stored in an openly viewable wftpd.ini configuration file within the host...
Control Web Panel 7 (CWP7) 0.9.8.1147 Remote Code Execution
// Exploit Title: Control Web Panel 7 CWP7 v0.9.8.1147 - Remote Code Execution RCE // Date: 2023-02-02 // Exploit Author: Mayank Deshmukh // Vendor Homepage: https://centos-webpanel.com/ // Affected Versions: version 0.9.8.1147 // Tested on: Kali Linux // CVE : CVE-2022-44877 // Github POC:...
Dreamer CMS 4.0.0 SQL Injection
Exploit Title: Dreamer CMS v4.0.0 - SQL Injection Date: 2022/10/02 Exploit Author: lvren Vendor Homepage: http://cms.iteachyou.cc/ Software Link: https://gitee.com/isoftforce/dreamercms/repository/archive/v4.0.0.zip Version: v4.0.0 CVE: CVE-2022-43128 Proof Of Concept: POST /admin/search/doSearch...
NVIDIA Data Center GPU Manager Remote Memory Corruption
!/usr/bin/python3 -- coding: UTF-8 -- heart.py NVIDIA Data Center GPU Manager Remote Memory Corruption Vulnerability Jeremy Brown jbrown3264/gmail NVIDIA DCGM runs on machines with NVIDIA GPUs to gather telemetry and GPU health data. nv-hostengine is a daemon that by default listens on the loopba...
Blockchain AltExchanger 1.2.1 SQL Injection
Information Vulnerability Name : Multiple Remote SQL Injections in Inout Blockchain AltExchanger Product : Inout Blockchain AltExchanger version : 1.2.1 Date : 2022-05-21 Vendor Site : https://www.inoutscripts.com/products/inout-blockchain-altexchanger/ Exploit Detail :...
Virus.Win32.Qvod.b Insecure Permissions
Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/c44a9580e17bad0aa27329e51b7d0ae0.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Virus.Win32.Qvod.b Vulnerability: Insecure Permissions Description: The malware writes a PE file wit...
WordPress International SMS For Contact Form 7 Integration 1.2 XSS
Exploit Title: WordPress Plugin International Sms For Contact Form 7 Integration V1.2 - Cross Site Scripting XSS Date: 2022-02-04 Author: Milad karimi Software Link: https://wordpress.org/plugins/cf7-international-sms-integration/ Version: 1.2 Tested on: Windows 11 CVE: N/A 1. Description: This...
Backdoor.Win32.Hanuman.b Code Execution
Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/4087cffab90fa22c2882e2f97a467e8e.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Hanuman.b Vulnerability: Unauthenticated Remote Command Execution Description: The...
Microsoft OMI Management Interface Authentication Bypass
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Microsoft OMI Management Interface Authentication Bypass', 'Description' = %q By removing the authentication exchange, an attacker can issue...
Trojan.Win32.Banpak.kh Insecure Permissions
Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/304fb160949dcaec3e718481464f9ce6.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Trojan.Win32.Banpak.kh Vulnerability: Insecure Permissions Description: The malware creates a dir wi...
Polkit 0.105-26 0.117-2 Privilege Escalation
Exploit Title: Polkit 0.105-26 0.117-2 - Local Privilege Escalation Date: 06/11/2021 Exploit Author: J Smith CadmusofThebes Vendor Homepage: https://www.freedesktop.org/ Software Link: https://www.freedesktop.org/software/polkit/docs/latest/polkitd.8.html Version: polkit 0.105-26 Ubuntu, polkit...
Ext2Fsd 0.68 Unquoted Service Path
Exploit Title: Ext2Fsd v0.68 - 'Ext2Srv' Unquoted Service Path Date: 2021-1-19 Exploit Author: Mohammed Alshehri Software Link: https://sourceforge.net/projects/ext2fsd/files/latest/download Version: 0.68 Tested on: Microsoft Windows 10 Education - 10.0.17763 N/A Build 17763 Service info:...
KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 Authenticated Command Injection
KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 Authenticated Command Injection Vendor: KZ Broadband Technologies, Ltd. | Jaton Technology, Ltd. Product web page: http://www.kzbtech.com | http://www.jatontec.com | https://www.neotel.mk http://www.jatontec.com/products/show.php?itemid=258...
SLMail 5.1.0.4420 Remote Code Execution
-- coding: utf-8 -- import socket from time import sleep from os import system system"clear" print 'Shell-code-foi-informada?\r\n' print '1 sim' print '2 nao\n' quest = intinput' ' def main: system"clear" ============================ --ensira-sua-shell-code-aqui buf = "" buf +=...
Adobe Connect 10 Username Disclosure
Title: adobe connect 10 Local Route Disclosure Author: h4shur date:2021-02-07 Vendor Homepage: https://www.adobe.com Software Link: https://www.adobe.com/products/adobeconnect.html Version: 10 and earlier Tested on: Windows 10 & Google Chrome Category : Web Application Bugs Description : There ar...
HEUR.RISKTOOL.WIN32.BITMINER.GEN Remote Memory Corruption / Null Pointer
Discovery / credits: malvuln - Malvuln.com c 2021 Original source: http://malvuln.com/advisory/b85ae73dbbfff1d3b90cb7c78356f2a3.txt Contact: [email protected] Media: twitter.com/malvuln Threat: HEUR.RISKTOOL.WIN32.BITMINER.GEN Vulnerability: Remote Memory Corruption Description: Null pointer...
Comodo Unified Threat Management Web Console 2.7.0 Remote Code Execution
Exploit Title: Comodo Unified Threat Management Web Console 2.7.0 - Remote Code Execution Date: 2018-08-15 Exploit Author: Milad Fadavvi Author's LinkedIn: https://www.linkedin.com/in/fadavvi/ Vendor Homepage: https://www.comodo.com/ Version: Releases before 2.7.0 & 1.5.0 Tested on:...
FreeRadius 3.0.19 Logrotate Privilege Escalation
Privilege Escalation via Logrotate in FreeRadius Overview Identifier: AIT-SA-20191112-01 Target: FreeRadius Vendor: FreeRadius Version: all versions including 3.0.19 Fixed in Version: 12.2.3, 12.1.8 and 12.0.8 CVE: https://nvd.nist.gov/vuln/detail/CVE-2019-10143 Accessibility: Local Severity: Low...
Infosysta Jira 1.6.13_J8 User Name Disclosure
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2019-043 Product: In-App & Desktop Notification for Jira Manufacturer: Infosysta Affected Versions: 1.6.13J8 Tested Versions: 1.6.13J8 Vulnerability Type: Authentication/Authorization Bypass Risk Level: Medium Solution Status: Clos...
Totaljs CMS 12.0 Insecure Admin Session Cookie
Author/Discoverer: Riccardo Krauter @CertimeterGroup + Title: Totaljs CMS Insecure Admin Session cookie + Affected software: Totaljs CMS 12.0 + Description: A low privilege user can easily crack the owned cookie to obtain the “random” values inside it. If this user can leak a session cookie owned...
Android su Privilege Escalation
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "Android 'su' Privilege Escalation", 'Description' = %q This module uses the su binary present on rooted devices to run a payload as root. A roote...
📄 AlegroCart 1.2.9 Cross Site Scripting
AlegroCart version 1.2.9 suffers from persistent and reflective cross site scripting vulnerabilities. Exploit Title: XSS via SVG Image Upload - alegrocartv1.2.9 Date: 04/2025 Exploit Author: Andrey Stoykov Version: 1.2.9 Tested on: Debian 12 Blog: https://msecureltd.blogspot.com/ XSS via SVG Imag...
XWiki Standard 14.10 Remote Code Execution
XWiki Standard version 14.10 proof of concept remote code execution exploit. Exploit Title: CVE-2023-48292 Remote Code Execution Exploit Google Dork: N/A Date: 23 March 2025 Exploit Author: Mehran Seifalinia Vendor Homepage: https://www.xwiki.org/ Software Link:...
C-MOR Video Surveillance 5.2401 Cross Site Scripting
Advisory ID: SYSS-2024-020 Product: C-MOR Video Surveillance Manufacturer: za-internet GmbH Affected Versions: 5.2401 Tested Versions: 5.2401 Vulnerability Type: Reflected Cross-Site Scripting CWE-79 Risk Level: Medium Solution Status: Fixed Manufacturer Notification: 2024-04-05 Solution Date:...
IntelliNet 2.0 Remote Root
!/usr/local/bin/node const execSync = require'childprocess'; const readline = require'readline'; let TARGET = ''; let COMMAND = ''; let SESSION = ''; const ESCALATE = '/usr/aes/bin/execsuid'; console.log ⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⡀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀ ⠀⠀⠀⠀⠀⠀⠀⠀⠀⢠⣾⡄⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀ ⠀⠀⠀⠀⠀⠀⠀⠀⢀⣼⣿⣧⣶⣶⣶⣦⣤⣀⡀⠀⠀⠀⠀⠀⠀⠀⠀⠀...
Ray cpu_profile Command Injection
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Ray cpuprofile command injection', 'Description' = %q Ray RCE via cpuprofile command injection vulnerability. , 'Author' = 'sierrabearchell',...
AMPLE BILLS 1.0 Cross Site Scripting
============================================================================================================================================= | Title : AMPLE BILLS v1.0 XSS Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 125.0.1 64 bits | | Vendor...
VSCode ipynb Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'VSCode ipynb Remote Development RCE', 'Description' = %q VSCode when opening an Jupyter notebook .ipynb file bypasses the trust model. On version...
OpenCart Core 4.0.2.3 SQL Injection
Exploit Title: OpenCart Core 4.0.2.3 - 'search' SQLi Date: 2024-04-2 Exploit Author: Saud Alenazi Vendor Homepage: https://www.opencart.com/ Software Link: https://github.com/opencart/opencart/releases Version: 4.0.2.3 Tested on: XAMPP, Linux Contact: https://twitter.com/dmaral3noz Description :...
Gibbon LMS 26.0.00 PHP Deserialization / Code Execution
Exploit Title: Gibbon LMS has a PHP Deserialization vulnerability on the v26.0.00 version Date: 22.01.2024 Exploit Author: SecondX.io Research TeamAli Maharramli,Fikrat Guliev,Islam Rzayev Vendor Homepage: https://gibbonedu.org/ Software Link: https://github.com/GibbonEdu/core Version: v26.0.00...
Advanced Page Visit Counter 1.0 Cross Site Scripting
Exploit Title: Advanced Page Visit Counter 1.0 - Admin+ Stored Cross-Site Scripting XSS Authenticated Date: 11.10.2023 Exploit Author: Furkan ÖZER Software Link: https://wordpress.org/plugins/advanced-page-visit-counter/ Version: 8.0.5 Tested on: Kali-Linux,Windows10,Windows 11 CVE: N/A...
7 Sticky Notes 1.9 Command Injection
Exploit Title: 7 Sticky Notes v1.9 - OS Command Injection Discovered by: Ahmet Ümit BAYRAM Discovered Date: 12.09.2023 Vendor Homepage: http://www.7stickynotes.com Software Link: http://www.7stickynotes.com/download/Setup7StickyNotesv19.exe Tested Version: 1.9 latest Tested on: Windows 2019 Serve...
JPC2 CMS 1.0 SQL Injection
====================================================================================================================================== | Title : JPC2 CMS v1.0 Sql injection Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 61.0.1 32-bit | |...
Global Domains International 2.0 HTML Injection
==================================================================================================================================== | Title : Global Domains International v2.0 HTML inject Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox...
FreshRSS 1.11.1 HTML Injection
==================================================================================================================================== | Title : FreshRSS v1.11.1 Html Inject Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 63.0.3 32-bit | |...
WordPress Login Configurator 2.1 Cross Site Scripting
Tittle: WordPress Plugin Login Configurator = 2.1 - Reflected Cross-Site Scripting References: CVE-2023-1893 Author: Taurus Omar Description: The plugin does not properly escape a URL parameter before outputting it to the page, leading to a reflected cross-site scripting vulnerability targeting...
NetArt Media Blog LITE 2.1 Cross Site Scripting
┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...
MVC Shop 0.5 Directory Traversal
==================================================================================================================================== | Title : mvc-shop v0.5 Directory Traversal Vulnerability Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox...
Wekan 6.74 Cross Site Scripting
SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Stored XSS vulnerability in rename functionality product: Wekan Open-Source kanban vulnerable version: =6.74 fixed version: 6.75 or higher CVE number: CVE-2023-28485...
CoolerMaster MasterPlus 1.8.5 Unquoted Service Path
Exploit Title: CoolerMaster MasterPlus 1.8.5 - 'MPService' Unquoted Service Path Date: 11/17/2022 Exploit Author: Damian Semon Jr Blue Team Alpha Version: 1.8.5 Vendor Homepage: https://masterplus.coolermaster.com/ Software Link: https://masterplus.coolermaster.com/ Tested on: Windows 10 64x Step...
SAP@ Host Agent Privilege Escalation
SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Privilege Escalation Vulnerabilities UNIX Insecure File Handling product: SAP® Host Agent saposcol vulnerable version: see section "Vulnerable / tested versions" fixed...
Backdoor.Win32.DarkSky.23 MVID-2022-0648 Buffer Overflow
Discovery / credits: Malvuln John Page aka hyp3rlinx c 2022 Original source: https://malvuln.com/advisory/1164ef21ef2af97e0339359c0dce5e7d.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.DarkSky.23 Vulnerability: Remote Stack Buffer Overflow SEH Description: The...
Apache Spark Unauthenticated Command Injection
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'rex/stopwatch' class MetasploitModule 'Apache Spark Unauthenticated Command Injection RCE', 'Description' = %q This module exploits an unauthenticated command...
minewebcms 1.15.2 Cross Site Scripting
Exploit Title: minewebcms 1.15.2 - Cross-site Scripting XSS Google Dork: NA Date: 02/20/2022 Exploit Author: Chetanya Sharma @AggressiveUser Vendor Homepage: https://mineweb.org/ Software Link: https://github.com/mineweb/minewebcms Version: 1.15.2 Tested on: KALI OS CVE : CVE-2022-1163...
Online Sports Complex Booking System 1.0 SQL Injection
Exploit Title: Online Sports Complex Booking System - 'id' Blind SQL Injection Date: 24/03/2022 Exploit Author: Saud Alenazi Vendor Homepage: https://www.sourcecodester.com/ Software Link: https://www.sourcecodester.com/php/15236/online-sports-complex-booking-system-phpmysql-free-source-code.html...