50748 matches found
Botble 5.28.3 Backdoor Account
==================================================================================================================================== | Title : Botble 5.28.3 Backdoor Account Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 103.064-bit | |...
Consultine Consulting Business And Finance Website CMS 1.8 Backdoor Account
======================================================================================================================================================================================= | Title : consultine consulting business and finance website cms v1.8 Backdoor Account Vulnerability | | Author :...
Courier Deprixa 2.5 Backdoor Account
==================================================================================================================================== | Title : COURIER DEPRIXA V2.5 Backdoor Account Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox...
Student Attendance Management System 1.0 SQL Injection
Title: Student-Attendance-Management-System 1.0 from Erick O. Omundi Multiple-SQLi Author: nu11secur1ty Date: 12.25.2022 Vendor: https://github.com/rickxy Software: https://github.com/rickxy/Student-Attendance-Management-System Reference:...
Car Dealer Pro 2.01 Backdoor Account
==================================================================================================================================== | Title : Car Dealer Pro v2.01 Backdoor Account Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox...
Stock Management System 2022 1.0 From Erick Cesar SQL Injection
Title: Stock-Management-System-2022-1.0-from-Erick-Cesar Multiple SQLi Author: nu11secur1ty Date: 12.22.2022 Vendor: https://github.com/rickxy/Stock-Management-System Software: https://github.com/rickxy/Stock-Management-System Reference:...
OpenTSDB 2.4.0 Command Injection
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'OpenTSDB 2.4.0 unauthenticated command injection', 'Description' = %q This module exploits an unauthenticated command injection vulnerability in...
WordPress Yith WooCommerce Gift Cards Premium 3.19.0 Shell Upload
Description: Unauthenticated Arbitrary File Upload Affected Plugin: Yith WooCommerce Gift Cards Premium Plugin Slug: yith-woocommerce-gift-cards-premium Affected Versions: = 3.19.0 CVE ID: CVE-2022-45359 CVSS Score: 9.8 Critical CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N...
4images 1.9 Remote Command Execution
Exploit Title: 4images 1.9 - Remote Command Execution Exploit Author: Andrey Stoykov Software Link: https://www.4homepages.de/download-4images Version: 1.9 Tested on: Ubuntu 20.04 To reproduce do the following: 1. Login as administrator user 2. Browse to "General" - " Edit Templates" - "Select...
Eclipse Business Intelligence Reporting Tool 4.11.0 Remote Code Execution
SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Remote code execution - CVE-2021-34427 bypass product: Eclipse Business Intelligence Reporting Tool BiRT vulnerable version: = 4.11.0 fixed version: 4.12 CVE number:...
Senayan Library Management System 9.2.2 Cross Site Scripting
Title: Senayan Library Management System v9.2.2 a.k.a SLIMS 9 XSS-Reflected - inserting gif - redirect to outside HTTPS server Author: nu11secur1ty Date: 12.21.2022 Vendor: https://slims.web.id/web/ Software: https://github.com/slims/slims9bulian/releases/tag/v9.2.2 Reference:...
Senayan Library Management System 9.2.2 SQL Injection
Title: Senayan Library Management System v9.2.2 a.k.a SLIMS 9 Multiple SQLi-Not sanitizing correctly cookie session. Author: nu11secur1ty Date: 12.20.2022 Vendor: https://slims.web.id/web/ Software: https://github.com/slims/slims9bulian/releases/tag/v9.2.2 Reference:...
Senayan Library Management System 9.2.1 Cross Site Scripting
Title: Senayan Library Management System v9.2.1 a.k.a SLIMS 9 XSS-Reflected - inserting gif - redirect to outside HTTPS server Author: nu11secur1ty Date: 12.20.2022 Vendor: https://slims.web.id/web/ Software: https://github.com/slims/slims9bulian/releases/download/v9.2.1/slims9bulian-9.2.1.zip...
Senayan Library Management System 9.2.1 SQL Injection
Title: Senayan Library Management System v9.2.1 a.k.a SLIMS 9 SQLi Author: nu11secur1ty Date: 12.20.2022 Vendor: https://slims.web.id/web/ Software: https://github.com/slims/slims9bulian/releases/tag/v9.2.1 Reference:...
Senayan Library Management System 9.1.1 Cross Site Scripting
Title: Senayan Library Management System v9.1.1 a.k.a SLIMS 9 XSS-Reflected - PHPSESSID Hijacking + inserting webp image Author: nu11secur1ty Date: 12.17.2022 Vendor: https://slims.web.id/web/ Software: https://github.com/slims/slims9bulian/releases/tag/v9.1.1 Reference:...
Senayan Library Management System 9.1.1 SQL Injection
Title: Senayan Library Management System v9.1.1 a.k.a SLIMS 9 SQLi Author: nu11secur1ty Date: 11.09.2022 Vendor: https://slims.web.id/web/ Software: https://github.com/slims/slims9bulian/releases/download/v9.1.1/slims9bulian-9.1.1.zip Reference:...
Senayan Library Management System 9.2.0 SQL Injection
Title: Senayan Library Management System v9.2.0 a.k.a SLIMS 9 SQLi Author: nu11secur1ty Date: 12.19.2022 Vendor: https://slims.web.id/web/ Software: https://github.com/slims/slims9bulian/releases/tag/v9.2.0 Reference:...
Senayan Library Management System 9.2.0 Cross Site Scripting
Title: Senayan Library Management System v9.2.0 a.k.a SLIMS 9 XSS-Reflected - inserting gif - redirect to outside HTTPS server Author: nu11secur1ty Date: 12.19.2022 Vendor: https://slims.web.id/web/ Software: https://github.com/slims/slims9bulian/releases/tag/v9.2.0 Reference:...
Bangresta 1.0 SQL Injection
Title: Bangresto 1.0 SQLi Author: nu11secur1ty Date: 12.16.2022 Vendor: https://axcora.com/, https://www.hockeycomputindo.com/2021/05/restaurant-pos-source-code-free.html Demo: https://axcora.my.id/bangrestoapp/start.php Software: https://github.com/mesinkasir/bangresto Reference:...
SOUND4 IMPACT/FIRST/PULSE/Eco 2.x Radio Steam Disclosure
SOUND4 IMPACT/FIRST/PULSE/Eco =2.x Unauthenticated Radio Stream Disclosure Vendor: SOUND4 Ltd. Product web page: https://www.sound4.com | https://www.sound4.biz Affected version: FM/HD Radio Processing: Impact/Pulse/First Version 2: 1.1/2.15 Impact/Pulse/First Version 1: 2.1/1.69 Impact/Pulse Eco...
SOUND4 IMPACT/FIRST/PULSE/Eco 2.x Information Disclosure
SOUND4 IMPACT/FIRST/PULSE/Eco =2.x Index of /log Information Disclosure Vendor: SOUND4 Ltd. Product web page: https://www.sound4.com | https://www.sound4.biz Affected version: FM/HD Radio Processing: Impact/Pulse/First Version 2: 1.1/2.15 Impact/Pulse/First Version 1: 2.1/1.69 Impact/Pulse Eco 1....
SOUND4 IMPACT/FIRST/PULSE/Eco 2.x dns.php Command Injection
SOUND4 IMPACT/FIRST/PULSE/Eco =2.x dns.php Conditional Command Injection Vendor: SOUND4 Ltd. Product web page: https://www.sound4.com | https://www.sound4.biz Affected version: FM/HD Radio Processing: Impact/Pulse/First Version 2: 1.1/2.15 Impact/Pulse/First Version 1: 2.1/1.69 Impact/Pulse Eco...
SOUND4 IMPACT/FIRST/PULSE/Eco 2.x traceroute.php Conditional Command Injection
SOUND4 IMPACT/FIRST/PULSE/Eco =2.x traceroute.php Conditional Command Injection Vendor: SOUND4 Ltd. Product web page: https://www.sound4.com | https://www.sound4.biz Affected version: FM/HD Radio Processing: Impact/Pulse/First Version 2: 1.1/2.15 Impact/Pulse/First Version 1: 2.1/1.69 Impact/Puls...
SOUND4 IMPACT/FIRST/PULSE/Eco 2.x Directory Traversal / File Write
SOUND4 IMPACT/FIRST/PULSE/Eco =2.x Directory Traversal File Write Exploit Vendor: SOUND4 Ltd. Product web page: https://www.sound4.com | https://www.sound4.biz Affected version: FM/HD Radio Processing: Impact/Pulse/First Version 2: 1.1/2.15 Impact/Pulse/First Version 1: 2.1/1.69 Impact/Pulse Eco...
SOUND4 IMPACT/FIRST/PULSE/Eco 2.x Insufficient Session Expiration
SOUND4 IMPACT/FIRST/PULSE/Eco =2.x Insufficient Session Expiration Vendor: SOUND4 Ltd. Product web page: https://www.sound4.com | https://www.sound4.biz Affected version: 4.1.102 Summary: The SOUND4 IMPACT introduces an innovative process - mono and stereo parts of the signal are processed...
SOUND4 IMPACT/FIRST/PULSE/Eco 2.x username Command Injection
SOUND4 IMPACT/FIRST/PULSE/Eco =2.x username Unauthenticated Command Injection Vendor: SOUND4 Ltd. Product web page: https://www.sound4.com | https://www.sound4.biz Affected version: FM/HD Radio Processing: Impact/Pulse/First Version 2: 1.1/2.15 Impact/Pulse/First Version 1: 2.1/1.69 Impact/Pulse...
SOUND4 IMPACT/FIRST/PULSE/Eco 2.x Unauthenticated File Disclosure
SOUND4 IMPACT/FIRST/PULSE/Eco =2.x PHPTail Unauthenticated File Disclosure Vendor: SOUND4 Ltd. Product web page: https://www.sound4.com | https://www.sound4.biz Affected version: FM/HD Radio Processing: Impact/Pulse/First Version 2: 1.1/2.15 Impact/Pulse/First Version 1: 2.1/1.69 Impact/Pulse Eco...
SOUND4 IMPACT/FIRST/PULSE/Eco 2.x Authorization Bypass
SOUND4 IMPACT/FIRST/PULSE/Eco =2.x Authorization Bypass IDOR Vendor: SOUND4 Ltd. Product web page: https://www.sound4.com | https://www.sound4.biz Affected version: FM/HD Radio Processing: Impact/Pulse/First Version 2: 1.1/2.15 Impact/Pulse/First Version 1: 2.1/1.69 Impact/Pulse Eco 1.16 Voice...
SOUND4 IMPACT/FIRST/PULSE/Eco 2.x ping.php Command Injection
SOUND4 IMPACT/FIRST/PULSE/Eco =2.x ping.php Conditional Command Injection Vendor: SOUND4 Ltd. Product web page: https://www.sound4.com | https://www.sound4.biz Affected version: FM/HD Radio Processing: Impact/Pulse/First Version 2: 1.1/2.15 Impact/Pulse/First Version 1: 2.1/1.69 Impact/Pulse Eco...
SOUND4 IMPACT/FIRST/PULSE/Eco 2.x Cross Site Request Forgery
SOUND4 IMPACT/FIRST/PULSE/Eco =2.x Cross-Site Request Forgery Vendor: SOUND4 Ltd. Product web page: https://www.sound4.com | https://www.sound4.biz Affected version: FM/HD Radio Processing: Impact/Pulse/First Version 2: 1.1/2.15 Impact/Pulse/First Version 1: 2.1/1.69 Impact/Pulse Eco 1.16 Voice...
SOUND4 IMPACT/FIRST/PULSE/Eco 2.x Disconnect Webmonitor User Denial Of Service
SOUND4 IMPACT/FIRST/PULSE/Eco =2.x Disconnect Webmonitor User DoS Vendor: SOUND4 Ltd. Product web page: https://www.sound4.com | https://www.sound4.biz Affected version: FM/HD Radio Processing: Impact/Pulse/First Version 2: 1.1/2.15 Impact/Pulse/First Version 1: 2.1/1.69 Impact/Pulse Eco 1.16 Voi...
SOUND4 IMPACT/FIRST/PULSE/Eco 2.x services Command Injection
SOUND4 IMPACT/FIRST/PULSE/Eco =2.x services Authenticated Command Injection Vendor: SOUND4 Ltd. Product web page: https://www.sound4.com | https://www.sound4.biz Affected version: FM/HD Radio Processing: Impact/Pulse/First Version 2: 1.1/2.15 Impact/Pulse/First Version 1: 2.1/1.69 Impact/Pulse Ec...
Acronis TrueImage XPC Privilege Escalation
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Acronis TrueImage XPC Privilege Escalation', 'Description' = %q Acronis TrueImage versions 2019 update 1 through 2021 update 1 are vulnerable to...
SOUND4 IMPACT/FIRST/PULSE/Eco 2.x Hardcoded Credentials
SOUND4 IMPACT/FIRST/PULSE/Eco =2.x sound4server Hardcoded Credentials Vendor: SOUND4 Ltd. Product web page: https://www.sound4.com | https://www.sound4.biz Affected version: FM/HD Radio Processing: Impact/Pulse/First Version 2: 1.1/2.15 Impact/Pulse/First Version 1: 2.1/1.69 Impact/Pulse Eco 1.16...
SOUND4 IMPACT/FIRST/PULSE/Eco 2.x username SQL Injection
SOUND4 IMPACT/FIRST/PULSE/Eco =2.x username Authentication Bypass Vendor: SOUND4 Ltd. Product web page: https://www.sound4.com | https://www.sound4.biz Affected version: FM/HD Radio Processing: Impact/Pulse/First Version 2: 1.1/2.15 Impact/Pulse/First Version 1: 2.1/1.69 Impact/Pulse Eco 1.16 Voi...
SOUND4 Server Service 4.1.102 Local Privilege Escalation
SOUND4 Server Service 4.1.102 Local Privilege Escalation Vendor: SOUND4 Ltd. Product web page: https://www.sound4.com | https://www.sound4.biz Affected version: 4.1.102 Summary: SOUND4 Windows Server Service. Desc: The application suffers from an unquoted search path issue impacting the service...
SOUND4 IMPACT/FIRST/PULSE/Eco 2.x Unauthenticated Factory Reset
SOUND4 IMPACT/FIRST/PULSE/Eco =2.x restorefactory.cgi Unauthenticated Factory Reset Vendor: SOUND4 Ltd. Product web page: https://www.sound4.com | https://www.sound4.biz Affected version: FM/HD Radio Processing: Impact/Pulse/First Version 2: 1.1/2.15 Impact/Pulse/First Version 1: 2.1/1.69...
SOUND4 IMPACT/FIRST/PULSE/Eco 2.x ICMP Flood Attack
SOUND4 IMPACT/FIRST/PULSE/Eco =2.x ping/traceroute ICMP Flood Attack Vendor: SOUND4 Ltd. Product web page: https://www.sound4.com | https://www.sound4.biz Affected version: FM/HD Radio Processing: Impact/Pulse/First Version 2: 1.1/2.15 Impact/Pulse/First Version 1: 2.1/1.69 Impact/Pulse Eco 1.16...
SOUND4 IMPACT/FIRST/PULSE/Eco 2.x Persistent Cross Site Scripting
SOUND4 IMPACT/FIRST/PULSE/Eco =2.x username Stored Cross-Site Scripting Vendor: SOUND4 Ltd. Product web page: https://www.sound4.com | https://www.sound4.biz Affected version: FM/HD Radio Processing: Impact/Pulse/First Version 2: 1.1/2.15 Impact/Pulse/First Version 1: 2.1/1.69 Impact/Pulse Eco 1....
SOUND4 IMPACT/FIRST/PULSE/Eco 2.x upload.cgi Code Execution
!/usr/bin/env python SOUND4 IMPACT/FIRST/PULSE/Eco =2.x upload.cgi Unauthenticated Remote Code Execution Vendor: SOUND4 Ltd. Product web page: https://www.sound4.com | https://www.sound4.biz Affected version: FM/HD Radio Processing: Impact/Pulse/First Version 2: 1.1/2.15 Impact/Pulse/First Versio...
SOUND4 IMPACT/FIRST/PULSE/Eco 2.x password SQL Injection
SOUND4 IMPACT/FIRST/PULSE/Eco =2.x password Authentication Bypass Vendor: SOUND4 Ltd. Product web page: https://www.sound4.com | https://www.sound4.biz Affected version: FM/HD Radio Processing: Impact/Pulse/First Version 2: 1.1/2.15 Impact/Pulse/First Version 1: 2.1/1.69 Impact/Pulse Eco 1.16 Voi...
Syncovery For Linux Web-GUI Authenticated Remote Command Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'json' class MetasploitModule 'Syncovery For Linux Web-GUI Authenticated Remote Command Execution', 'Description' = %q This module exploits an authenticated...
SOUND4 IMPACT/FIRST/PULSE/Eco 2.x password Command Injection
SOUND4 IMPACT/FIRST/PULSE/Eco =2.x password Unauthenticated Command Injection Vendor: SOUND4 Ltd. Product web page: https://www.sound4.com | https://www.sound4.biz Affected version: FM/HD Radio Processing: Impact/Pulse/First Version 2: 1.1/2.15 Impact/Pulse/First Version 1: 2.1/1.69 Impact/Pulse...
Ransom.Win64.AtomSilo MVID-2022-0666 Cryptography Logic Flaw
Discovery / credits: Malvuln John Page aka hyp3rlinx c 2022 Original source: https://malvuln.com/advisory/5559e9f5e1645f8554ea020a29a5a3ee.txt Contact: [email protected] Media: twitter.com/malvuln Backup media: infosec.exchange/@malvuln Threat: Ransom.Win64.AtomSilo Vulnerability: Crypto Logic...
Intelbras WiFiber 120AC inMesh 1.1-220216 Command Injection
CyberDanube Security Research 20221009-0 ------------------------------------------------------------------------------- title| Authenticated Command Injection product| Intelbras WiFiber 120AC inMesh vulnerable version| 1.1-220216 fixed version| 1-1-220826 CVE number| CVE-2022-40005 impact| High...
Backdoor.Win32.InCommander.17.b MVID-2022-0665 Hardcoded Credentials
Discovery / credits: Malvuln John Page aka hyp3rlinx c 2022 Original source: https://malvuln.com/advisory/dd76d8a5874bf8bf05279e35c68449ca.txt Contact: [email protected] Media: twitter.com/malvuln Backup media: infosec.exchange/@malvuln Threat: Backdoor.Win32.InCommander.17.b Vulnerability:...
Shoplazza 1.1 Cross Site Scripting
Exploit Title: Shoplazza 1.1 - Stored Cross Site Scripting Exploit Author: Andrey Stoykov Software Link: https://github.com/Shoplazza/LifeStyle Version: 1.1 Tested on: Ubuntu 20.04 Stored XSS 1: To reproduce do the following: 1. Login as normal user account 2. Browse "Blog Posts" - "Manage Blogs"...
SAP@ Host Agent Privilege Escalation
SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Privilege Escalation Vulnerabilities UNIX Insecure File Handling product: SAP® Host Agent saposcol vulnerable version: see section "Vulnerable / tested versions" fixed...
Judging Management System 1.0 Shell Upload
Exploit Title: Judging Management System v1.0 - Remote Code Execution RCE Date: 12/11/2022 Exploit Author: Angelo Pio Amirante Vendor Homepage: https://www.sourcecodester.com/ Software Link: https://www.sourcecodester.com/php/15910/judging-management-system-using-php-and-mysql-free-source-code.ht...
Judging Management System 1.0 SQL Injection
Exploit Title: Judging Management System v1.0 - Authentication Bypass Date: 12/11/2022 Exploit Author: Angelo Pio Amirante Vendor Homepage: https://www.sourcecodester.com/ Software Link: https://www.sourcecodester.com/php/15910/judging-management-system-using-php-and-mysql-free-source-code.html...