50738 matches found
Joomla! 4.2.7 Unauthenticated Information Disclosure
!/usr/bin/env ruby Exploit Title: Joomla! = 4.2.8 References: - https://nsfocusglobal.com/joomla-unauthorized-access-vulnerability-cve-2023-23752-notice/ - https://developer.joomla.org/security-centre/894-20230201-core-improper-access-check-in-webservice-endpoints.html -...
WordPress Watu Quiz 3.3.9 / GN Publisher 1.5.5 / Japanized For WooComerce 2.5.4 XSS
Description: Reflected Cross-Site Scripting Affected Plugin: Watu Quiz Plugin Slug: watu Affected Versions: = 3.3.9 CVE ID: CVE-2023-0968 CVSS Score: 6.1 Medium CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Researcher/s: Marco Wotschka Fully Patched Version: 3.3.9.1 Description:...
Monitorr 1.7.6m / 1.7.7d Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Monitorr unauthenticated Remote Code Execution RCE', 'Description' = %q This module exploits an arbitrary file upload vulnerability and achieving...
MyBB Export User 2.0 Cross Site Scripting
Exploit Title: MyBB Export User Plugin 2.0 – Cross-Site Scripting Date: January 29, 2021 Author: 0xB9 Twitter: @0xB9sec Software Link: https://community.mybb.com/mods.php?action=view&pid=1408 Version: 2.0 Tested On: Windows 10 CVE: CVE-2023-27890 Description: This plugin allows users to request...
Python CGI Documentation Cross Site Scripting
Is there low hanging fruit for the following observation? The documentation of the python cgi module is vulnerable to XSS cross site scripting https://docs.python.org/3/library/cgi.html form = cgi.FieldStorage print"name:", form"name".value print"addr:", form"addr".value First result on google fo...
Zyxel Unauthenticated LAN Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'openssl' class MetasploitModule 'Zyxel Unauthenticated LAN Remote Code Execution', 'Description' = %q This module exploits a buffer overflow in the zhttpd binar...
Human Resources Management System 1.0 SQL Injection
Exploit Title: Human Resources Management System - HRM - Multiple SQLi Date: 16/03/2023 Exploit Author: Abdulhakim Öner Vendor Homepage: https://www.sourcecodester.com Software Link:...
MyBB Active Threads 1.3.0 Cross Site Scripting
Exploit Title: MyBB Active Threads Plugin 1.3.0 – Cross-Site Scripting Date: February 9, 2022 Author: 0xB9 Twitter: @0xB9sec Software Link: https://community.mybb.com/mods.php?action=view&pid=1336 Version: 1.3.0 Tested On: Windows 10 CVE: CVE-2022-28354 Description: This plugin shows a page of...
Yoga Class Registration System 1.0 Cross Site Scripting
Exploit Title: Yoga Class Registration System - Cross Site Scripting Vulnerability Authenticated Date: 19/03/2023 Exploit Author: Abdulhakim Öner Vendor Homepage: https://www.sourcecodester.com Software Link:...
101+ News Portal 1.0 SQL Injection
Exploit Title: 101+ News Portal - SQLi Date: 19/03/2023 Exploit Author: Abdulhakim Öner Vendor Homepage: https://www.sourcecodester.com Software Link: https://www.sourcecodester.com/php/16067/best-online-news-portal-project-php-free-download.html Software Download:...
Music Gallery Site 1.0 Cross Site Scripting
Exploit Title: Music Gallery Site - Cross Site Scripting Vulnerability Authenticated Date: 19/03/2023 Exploit Author: Abdulhakim Öner Vendor Homepage: https://www.sourcecodester.com Software Link:...
Yoga Class Registration 1.0 SQL Injection
Title: Yoga Class Registration -1.0-2023 - Multiple SQLi Author: nu11secur1ty Date: 02.27.2023 Vendor: https://github.com/oretnom23 Software: https://www.sourcecodester.com/php/16097/yoga-class-registration-system-php-and-mysql-free-source-code.html Reference:...
Medicine Tracker System 1.0 Cross Site Scripting
Exploit Title: Medicine Tracker System - Cross Site Scripting Vulnerability Date: 19/03/2023 Exploit Author: Abdulhakim Öner Vendor Homepage: https://www.sourcecodester.com Software Link:...
Online Pizza Ordering System 1.0 SQL Injection
Exploit Title: Online Pizza Ordering System 1.0 - "id" SQLi Date: 19/03/2023 Exploit Author: Abdulhakim Öner Vendor Homepage: https://www.sourcecodester.com Software Link: https://www.sourcecodester.com/php/16166/online-pizza-ordering-system-php-free-source-code.html Software Download:...
MyBB External Redirect Warning 1.3 Cross Site Scripting
Exploit Title: MyBB External Redirect Warning Plugin 1.3 – Cross-Site Scripting Date: February 1, 2021 Author: 0xB9 Twitter: @0xB9sec Software Link: https://community.mybb.com/mods.php?action=view&pid=493 Version: 1.3 Tested On: Windows 10 CVE: CVE-2022-28353 Description: This plugin notifies the...
Adobe Connect 11.4.5 / 12.1.5 Local File Disclosure
Title: adobe connect - Local File Disclosure / Download security feature bypass vulnerability Author: h4shur date:2021.01.16-2023.02.17 CVE: CVE-2023-22232 Vendor Homepage: https://www.adobe.com Software Link: https://www.adobe.com/products/adobeconnect.html Version: 11.4.5 and earlier, 12.1.5 an...
Riello UPS Restricted Shell Bypass
I. VULNERABILITY ------------------------- Riello UPS systems allow to easily escape the configuration shell and get access to the operating system II. VENDOR ------------------------- Riello https://www.riello-ups.es/ III. DESCRIPTION ------------------------- Riello UPS systems allow SSH access...
Open Web Analytics 1.7.3 Remote Code Execution
class MetasploitModule 'Open Web Analytics 1.7.3 - Remote Code Execution RCE', 'Description' = %q Open Web Analytics OWA before 1.7.4 allows an unauthenticated remote attacker to obtain sensitive user information, which can be used to gain admin privileges by leveraging cache hashes. This occurs...
Bitbucket Environment Variable Remote Command Injection
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Bitbucket Environment Variable RCE', 'Description' = %q For various versions of Bitbucket, there is an authenticated command injection...
Microsoft SQL Server 2014 / 2016 / 2017 / 2019 / 2022 Audit Logging Failure
Title: Microsoft SQL Server Password Hash Exposure Product: Database Manufacturer: Microsoft Affected Versions: 2012-2022 Risk Level: Medium CVE Reference: N/A Author of Advisory: Emad Al-Mousa Overview: SQL Server is a popular database system, and database systems are a vital backbone in IT...
WordPress Profile Builder 3.9.0 Missing Authorization
Description: Profile Builder – User Profile & User Registration Forms get’. Finally, the function returns the value of the retrieved ‘key’ for the given ‘userid’. During this process, capability checks are not properly implemented to ensure that the user executing the function is authorized to...
Oracle DB Broken PDB Isolation / Metadata Exposure
Title: CVE-2021-2173 – PDB Isolation is broken through metadata exposure Product: Database Manufacturer: Oracle Affected Versions: 12.1.0.2, 12.2.0.1, 18c, 19c Tested Versions: 19c Risk Level: Medium Solution Status: Fixed CVE Reference: CVE-2021-2173 Author of Advisory: Emad Al-Mousa Overview:...
Fortinet FortiNAC keyUpload.jsp Arbitrary File Write
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Fortinet FortiNAC keyUpload.jsp arbitrary file write', 'Description' = %q This module uploads a payload to the /tmp directory in addition to a cr...
Apache Tomcat Privilege Escalation
This exploit sample shows how an exploit module could be written to exploit a bug in a command on a linux computer for priv esc. class MetasploitModule 'Apache Tomcat on RedHat Based Systems Insecure Temp Config Privilege Escalation', 'Description' = %q This module exploits a vulnerability in...
Fastly Secret Disclosure
Correspondence from Fastly declined to comment regarding new discovered vulnerabilities within their website. Poor practices regarding password changes. 1. Reset user password 2. Access link sent 3. Temporary password sent plaintext // HTTP POST request POST...
Shopify Cross Site Scripting
Correspondence from Shopify declined to comment regarding new discovered vulnerabilities within their website. Although 'frontend' vulnerabilities are considered out of scope, person/tester foundhimself a beefy bugbounty from the same page that has been listed below, including similar functionali...
SugarCRM 12.x Remote Code Execution / Shell Upload
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'securerandom' class MetasploitModule 'SugarCRM unauthenticated Remote Code Execution RCE', 'Description' = %q This module exploits CVE-2023-22952, a Remote Code...
Wondershare Dr Fone 12.9.6 Weak Permissions / Privilege Escalation
Executive Summary: Product Name: Wondershare Dr. Fone Vendor Home Page: https://drfone.wondershare.com Affected Versions: Dr Fone version 12.9.6 Vulnerability Type: Execution with Unnecessary Privileges CWE-250 CVE Reference: CVE-2023-27010. Credit: Thurein Soe Vendor Description: Wondershare Dr...
Webpower UPS 5.53 Denial Of Service
Exploit Title: Webpower UPS v5.53 HTTP Denial of Service Date: 2023-03-09 Exploit Author: Yehia Elghaly Vendor Homepage: https://www.eaton.com/ae/en-gb.html Software Link: https://www.eaton.com/ae/en-gb.html Version: Revision v5.53 Tested on: WebPower UPS CVE: N/A !/usr/bin/env python Webpower UP...
Real Time Automation 460MCBS 5.2.14 Cross Site Scripting
Exploit Title: Real Time Automation 460MCBS Cross Site Scripting XSS Date: 2023-03-09 Exploit Author: Yehia Elghaly Vendor Homepage: https://www.rtautomation.com/ Software Link: https://www.rtautomation.com/product/460mcbs/ Version: Revision 5.2.14 Tested on: Real Time Automation CVE: N/A Summary...
Purchase Order Management 1.0 Shell Upload
Title: Purchase Order Management-1.0 - File Inclusion Vulnerabilities - Unprivileged user interaction - file upload in the server Author: nu11secur1ty Date: 03.06.2023 Vendor: https://www.sourcecodester.com/user/257130/activity Software:...
Oracle 19c Access Bypass
Title: Oracle Database Vault Protected Table With Realm Data Extraction Vulnerability Product: Database Manufacturer: Oracle Affected Versions: 19c 19.18 and below Risk Level: Medium Solution Status: Fixed in Oracle Critical Patch Update October 2022 back-port patch for 21c version CVE Reference:...
CoreDial sipXcom sipXopenfire 21.04 Remote Command Execution / Weak Permissions
¯¯¯¯¯¯¯/ ༼ つ ◕◕ ༽つ ง'̀-'́ง ╯°□°)╯︵ ┻━┻ ヽ´ー`ノ /¯¯ ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯ Product: sipXcom sipXopenfire Vendor: CoreDial Name: "sipXcom sipXopenfire XMPP message system command argument injection and insecure service file permissions RCE" Version:...
Arris DG3450 AR01.02.056.18_041520_711.NCS.10 XSS / Missing Authentication
SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple Vulnerabilities product: Arris DG3450 Cable Gateway vulnerable version: AR01.02.056.18041520711.NCS.10 fixed version: - CVE number: CVE-2023-27571, CVE-2023-2757...
ZwiiCMS 12.2.04 Remote Code Execution
Exploit Title: ZwiiCMS 12.2.04 Remote Code Execution Authenticated Date: 03/06/2023 Exploit Author: Hadi Mene Vendor Homepage: https://zwiicms.fr/ Version: 12.2.04 and potentially lower versions CVE: CVE-2020-10567 Category: webapps ZwiiCMS 12.2.04 uses "Responible FileManager" 9.14.0 for its fil...
Purchase Order Management 1.0 SQL Injection
Title: Purchase Order Management-1.0 - SQLi Author: nu11secur1ty Date: 03.06.2023 Vendor: https://www.sourcecodester.com/user/257130/activity Software: https://www.sourcecodester.com/php/14935/purchase-order-management-system-using-php-free-source-code.html Reference:...
Agilebio Lab Collector 4.234 Remote Code Execution
Exploit Title: Agilebio Lab Collector Electronic Lab Notebook Remote Code Execution Date: 2023-02-28 Exploit Author: Anthony Cole Vendor Homepage: https://labcollector.com/labcollector-lims/add-ons/eln-electronic-lab-notebook/ Version: v4.234 Contact: http://twitter.com/acole76 Website:...
Android GKI Kernels Contain Broken Non-Upstream Speculative Page Faults MM Code
Android: GKI kernels contain broken non-upstream Speculative Page Faults MM code A central recurring theme in Linux MM development is that contention on the mmap lock can have a big negative performance impact on multithreaded workloads: If one thread is holding the mmap lock in exclusive mode fo...
Purchase Order Management 1.0 Cross Site Scripting
Title: Purchase Order Management-1.0 - XSS-Reflected - Information-gathering Author: nu11secur1ty Date: 03.06.2023 Vendor: https://www.sourcecodester.com/user/257130/activity Software: https://www.sourcecodester.com/php/14935/purchase-order-management-system-using-php-free-source-code.html...
Barracuda CloudGen WAN OS Command Injection
SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: OS Command Injection product: Barracuda CloudGen WAN vulnerable version: v8. hotfix 1089 fixed version: v8. with hotfix webui-sdwan-1089-8.3.1-174141891 or above version...
Real Estate CRM Pro 5.7 SQL Injection
==================================================================================================================================== | Title : Real Estate CRM Pro v 5.7 Auth By Pass Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 69.032-b...
Lucee Authenticated Scheduled Job Code Execution
class MetasploitModule 'Lucee Authenticated Scheduled Job Code Execution', 'Description' = %q This module can be used to execute a payload on Lucee servers that have an exposed administrative web interface. It's possible for an administrator to create a scheduled job that queries a remote...
Oracle E-Business Suite (EBS) Unauthenticated Arbitrary File Upload
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'rex/zip' class MetasploitModule 'Oracle E-Business Suite EBS Unauthenticated Arbitrary File Upload', 'Description' = %q This module exploits an unauthenticated...
Osprey Pump Controller 1.0.1 userName Command Injection
Osprey Pump Controller 1.0.1 userName Blind Command Injection Vendor: ProPump and Controls, Inc. Product web page: https://www.propumpservice.com | https://www.pumpstationparts.com Affected version: Software Build ID 20211018, Production 10/18/2021 Mirage App: MirageAppManager, Release 1.0.1 Mira...
Osprey Pump Controller 1.0.1 Unauthenticated File Disclosure
Osprey Pump Controller 1.0.1 Unauthenticated File Disclosure Vendor: ProPump and Controls, Inc. Product web page: https://www.propumpservice.com | https://www.pumpstationparts.com Affected version: Software Build ID 20211018, Production 10/18/2021 Mirage App: MirageAppManager, Release 1.0.1 Mirag...
Osprey Pump Controller 1.0.1 Authentication Bypass
!/usr/bin/env python Osprey Pump Controller 1.0.1 Authentication Bypass Credentials Modification Vendor: ProPump and Controls, Inc. Product web page: https://www.propumpservice.com | https://www.pumpstationparts.com Affected version: Software Build ID 20211018, Production 10/18/2021 Mirage App:...
WordPress Real Estate 7 Theme 3.3.4 Cross Site Scripting
==== Z://USB-00RESEARCH/WORDPRESS/ ============================================= 2023 == Report Title: WordPress Real Estate 7 Theme = 3.3.4 - Unauthenticated Reflected Cross-Site Scripting XSS Google Dork: inurl:/wp-content/themes/realestate-7/ Research Date: 2023-02-10 Researcher: FearZzZz...
Osprey Pump Controller 1.0.1 Cross Site Request Forgery
!-- Osprey Pump Controller 1.0.1 Cross-Site Request Forgery Vendor: ProPump and Controls, Inc. Product web page: https://www.propumpservice.com | https://www.pumpstationparts.com Affected version: Software Build ID 20211018, Production 10/18/2021 Mirage App: MirageAppManager, Release 1.0.1 Mirage...
ME-FI DOT 2.2 SQL Injection
==================================================================================================================================== | Title : ME-FI DOT SQL Injection Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 108.0.332-bit | | Vendo...
Osprey Pump Controller 1.0.1 Predictable Session Token / Session Hijacking
Osprey Pump Controller 1.0.1 Predictable Session Token / Session Hijack Vendor: ProPump and Controls, Inc. Product web page: https://www.propumpservice.com | https://www.pumpstationparts.com Affected version: Software Build ID 20211018, Production 10/18/2021 Mirage App: MirageAppManager, Release...