50738 matches found
Oracle Weblogic PreAuth Remote Command Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule Taken from page 24 of https://docs.oracle.com/cd/E1321101/wle/wle42/corba/giop.pdf NOEXCEPTION = 0 USEREXCEPTION = 1 SYSTEMEXCEPTION = 2...
WordPress Workreap 2.2.2 Shell Upload
Exploit Title: WordPress Theme Workreap 2.2.2 - Unauthenticated Upload Leading to Remote Code Execution Dork: inurl:/wp-content/themes/workreap/ Date: 2023-06-01 Category : Webapps Vendor Homepage: https://themeforest.net/item/workreap-freelance-marketplace-wordpress-theme/23712454 Exploit Author...
Anevia Flamingo XL 3.2.9 Remote Root Jailbreak
Anevia Flamingo XL 3.2.9 login Remote Root Jailbreak Vendor: Ateme Product web page: https://www.ateme.com Affected version: 3.2.9 Hardware revision 1.0 SoapLive 2.0.3 Summary: Flamingo XL, a new modular and high-density IPTV head-end product for hospitality and corporate markets. Flamingo XL...
osCommerce 4 Local File Inclusion
==================================================================================================================================== | Title : oscommerce V4 LFI Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 102.0.164-bit | | Vendor :...
PhotoSwipe 5.3.7 Arbitrary File Download
=========================================================================================== | Title : PhotoSwipe 5.3.7 Arbitrary File Download Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 103.064-bit | | Vendor : https://photoswipe.com...
Movierocket 1.0 Cross Site Scripting
┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...
EasyAnswer 1.0.1 Cross Site Scripting
┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...
PHP Live 3.1 Cross Site Scripting
==================================================================================================================================== | Title : PHP Live 3.1 XSS Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 69.0.332-bit | | Vendor :...
P2S CMS 0.1 Cross Site Scripting
==================================================================================================================================== | Title : P2s-cms v0.1 XSS Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 65.032-bit | | Vendor :...
Zyxel IKE Packet Decoder Unauthenticated Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Zyxel IKE Packet Decoder Unauthenticated Remote Code Execution', 'Description' = %q This module exploits a remote unauthenticated command injecti...
Codemonkey Multi Vendor Digital Product Mart 1.0 Cross Site Scripting
┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...
Thruk Monitoring Web Interface 3.06 Path Traversal
Exploit Title: Path Traversal Vulnerability in Thruk Monitoring Web Interface ≤ 3.06 Date: 08-Jun-2023 Exploit Author: Galoget Latorre @galoget CVE: CVE-2023-34096 Galoget Latorre Vendor Homepage: https://thruk.org/ Software Link: https://github.com/sni/Thruk/archive/refs/tags/v3.06.zip Software...
Scriptio 1.4 Cross Site Scripting
┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...
Kesion CMS X 2.0 Add Administrator
==================================================================================================================================== | Title : KesionCMS X2.0 Reinstall Add Admin Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 105.0.32-bit...
MVC Shop 0.5 Directory Traversal
==================================================================================================================================== | Title : mvc-shop v0.5 Directory Traversal Vulnerability Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox...
Acelle Email Marketing 4.0.25 Arbitrary File Upload
==================================================================================================================================== | Title : Acelle Email Marketing 4.0.25 LTS unrestricted file uploads Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser :...
Anuranan SBAdmin 2 Insecure Settings
==================================================================================================================================== | Title : Anuranan SBAdmin 2 Insecure Settings Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 113.0.1 64...
Microsoft HVCIScan DLL Hijacking
Hi @ll, about a month ago Microsoft published HVCIScan-amd,arm64.exe, a "Tool to check devices for compatibility with memory integrity HVCI" The "Install instructions" on the download page tell: | Download the hvciscan.exe for your system architecture AMD64 or ARM64. | From an elevated command...
Expert Restaurant eCommerce 1.0 SQL Injection
┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...
MVC Shop 0.5 Cross Site Scripting
==================================================================================================================================== | Title : mvc-shop v0.5 XSS Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 65.032-bit | | Vendor :...
RenderDoc 1.26 Local Privilege Escalation / Remote Code Execution
Qualys Security Advisory LPE and RCE in RenderDoc: CVE-2023-33865, CVE-2023-33864, CVE-2023-33863 ======================================================================== Contents ======================================================================== Summary CVE-2023-33865, a symlink...
Microsoft Windows PowerShell Remote Command Execution
from base64 import b64encode import argparse,sys,os PSTrojanFile.py By hyp3rlinx c 2023 ApparitionSec hyp3rlinx.altervista.org twitter.com/hyp3rlinx twitter.com/malvuln PoC Video: https://www.youtube.com/watch?v=-ZJnA70Cf4I...
Expert Restaurant eCommerce 1.0 Cross Site Scripting
┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...
WordPress Directorist 7.5.4 Insecure Direct Object Reference / Privilege Escalation
Alongside our usual work to discover, report, and remediate vulnerabilities in the WordPress ecosystem, the WordPress Threat Intelligence team has been conducting a deep-dive into WordPress plugin code with the objective of finding methods to bypass authentication and gain elevated privileges in...
NETXPERTS CMS 0.1 SQL Injection
==================================================================================================================================== | Title : NETXPERTS-CMS v0.1 Auth By Pass Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 69.032-bit | |...
Delta Electronics InfraSuite Device Master Deserialization
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Delta Electronics InfraSuite Device Master Deserialization', 'Description' = %q Delta Electronics InfraSuite Device Master versions below v1.0.5...
WordPress Updraft 0.6.1 Backup Disclosure
==================================================================================================================================== | Title : WordPress - updraft 0.6.1 Backup Disclosure Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox...
Expert Job Portal Management System 1.0 SQL Injection
┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...
Magento eCommerce 2.4.0 Information Disclosure
==================================================================================================================================== | Title : Magento eCommerce v 2.4.0 sensitive information disclosure Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser :...
CloudPanel 2.2.2 Privilege Escalation / Path Traversal
Title : Privilege Escalation through path traversal CVE ID : CVE-2023-33747 Exploit Author : EagleEye Github : https://github.com/EagleTube/CloudPanel/tree/main/CVE-2023-33747 Version Affected : CloudPanel v2.0.0 - v2.2.2 Vendor : CloudPanel.io Date : 31/05/2023 , 12:00 PM Step : Login as ssh as...
PaperCut PaperCutNG Authentication Bypass
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'cgi' class MetasploitModule 'PaperCut PaperCutNG Authentication Bypass', 'Description' = %q This module leverages an authentication bypass in PaperCut NG. If...
USB Flash Drives Control 4.1.0.0 Unquoted Service Path
Exploit Title: USB Flash Drives Control 4.1.0.0 - Unquoted Service Path Date: 2023-31-05 Exploit Author: Jeffrey Bencteux Vendor Homepage: https://binisoft.org/ Software Link: https://binisoft.org/wfc Version: 4.1.0.0 Tested on: Microsoft Windows 11 Pro Vulnerability Type: Unquoted Service Path P...
Wizcyb Interactive 2.0 SQL Injection
==================================================================================================================================== | Title : wizcyb interactive v2.0 auth by pass Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox...
Macro Expert 4.9 Unquoted Service Path
Exploit Title: Macro Expert 4.9 - Unquoted Service Path Date: 04/06/2023 Exploit Author: Murat DEMIRCI Vendor Homepage: http://www.macro-expert.com/ Software Link: http://www.macro-expert.com/product/gmsetup4.9.exe Version: 4.9 Tested on: Windows 10 Proof of Concept : C:\Users\Muratsc qc "Macro...
ManageEngine ADManager Plus Command Injection
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'ManageEngine ADManager Plus ChangePasswordAction Authenticated Command Injection', 'Description' = %q ManageEngine ADManager Plus prior to build...
WordPress WP File Manager 7.1.7 Backup Disclosure
==================================================================================================================================== | Title : WordPress - wp file manager pro 7.1.7 Backup Disclosure Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla...
Expert Job Portal Management System 1.0 Cross Site Scripting
┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...
WordPress Getwid Gutenberg Blocks 1.8.3 Improper Authorization / SSRF
On April 6, 2023, the Wordfence Threat Intelligence team initiated the responsible disclosure process for two vulnerabilities in Getwid – Gutenberg Blocks, a plugin installed on over 50,000 WordPress sites. The plugin’s developers responded immediately, and we sent over the full disclosure the sa...
WordPress Tree Page View 1.6.7 Cross Site Scripting
Exploit Title: Tree Page View Plugin 1.6.7 - Cross Site Scripting XSS Google Dork: inurl:/wp-content/plugins/cms-tree-page-view/ Date: 2023-04-24 Exploit Author: LEE SE HYOUNG hackintoanetwork Vendor Homepage: https://wordpress.org/plugins/cms-tree-page-view/ Software Link:...
WordPress WPtouch Pro 4 Backup Disclosure
==================================================================================================================================== | Title : WordPress - WPtouch Pro 4 Backup Disclosure Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox...
FC Red Bull Salzburg App 5.1.9-R Improper Authorization
RCE Security Advisory https://www.rcesecurity.com 1. ADVISORY INFORMATION ======================= Product: FC Red Bull Salzburg App Vendor URL: https://play.google.com/store/apps/details?id=laola.redbull Type: Improper Authorization in Handler for Custom URL Scheme CWE-939 Date found: 2023-04-06...
Advance Charity Management 1.0 Insecure Settings
Title: Advance Charity Management-1.0 - TLS cookie without secure flag set-PHPSESSID NEVER EXPIRATION-current session-Hijacking Author: nu11secur1ty Date: 06.04.2023 Vendor: https://www.sourcecodester.com/users/aown-shah Software:...
Barebones CMS 2.0.2 Cross Site Scripting
Exploit Title: Barebones CMS v2.0.2 - Stored Cross-Site Scripting XSS Authenticated Date: 2023-06-03 Exploit Author: tmrswrr Vendor Homepage: https://barebonescms.com/ Software Link: https://github.com/cubiclesoft/barebones-cms/archive/master.zip Version: v2.0.2 Tested :...
File Manager Advanced Shortcode 2.3.2 Remote Code Execution
Exploit Title: File Manager Advanced Shortcode 2.3.2 - Unauthenticated Remote Code Execution RCE Date: 05/31/2023 Exploit Author: Mateus Machado Tesser Vendor Homepage: https://advancedfilemanager.com/ Version: File Manager Advanced Shortcode 2.3.2 Tested on: Wordpress 6.1 / Linux Ubuntu 5.15 CVE...
WordPress Circle Progress 1.0 Cross Site Scripting
Exploit Title: WordPress Plugin Circle progress bar – Cross site scripting-Stored Date: 2-06-2023 Exploit Author: Taliya Bilal- NightHawk Vendor Homepage: https://wordpress.org/plugins/circle-progress-bar/ Version: 1.0 Tested on: Firefox Contact me: [email protected] Steps to reproduce: 1...
Total CMS 1.7.4 Cross Site Scripting
┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...
Enrollment System Project 1.0 Authentication Bypass / SQL Injection
Exploit Title: Enrollment System Project v1.0 - SQL Injection Authentication Bypass SQLI Date of found: 18/05/2023 Exploit Author: VIVEK CHOUDHARY @sudovivek Version: V1.0 Tested on: Windows 10 Vendor Homepage: https://www.sourcecodester.com Software Link:...
MotoCMS 3.4.3 SQL Injection
Title: MotoCMS Version 3.4.3 - SQL Injection Author: tmrswrr Date: 01/06/2023 Vendor: https://www.motocms.com Link: https://www.motocms.com/website-templates/demo/189526.html Vulnerable Versions: MotoCMS 3.4.3 Description MotoCMS Version 3.4.3 SQL Injection via the keyword parameter. Steps to...
KesionCMS ASP 9.5 Add Administrator
==================================================================================================================================== | Title : KesionCMS ASP v9.5 Reinstall Add Admin Exploit | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 105.0.32-bit |...
Biig Order CMS 2 SQL Injection
================================================================================ | Title : E-commerce Biig Order CMS V2 Auth by Pass Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : firefox 113.0.164 bits | | Vendor : https://www.vaskar.in/ | | Dork :...