50748 matches found
Revenue Collection System 1.0 SQL Injection / Remote Code Execution
Exploit Title: Revenue Collection System v1.0 - RCE via Unauthenticated SQL Injection Exploit Author: Joe Pollock Date: November 16, 2022 Vendor Homepage: https://www.sourcecodester.com/php/14904/rates-system.html Software Link:...
Revenue Collection System 1.0 Cross Site Scripting / Authentication Bypass
Exploit Title: Revenue Collection System v1.0 - Authentication Bypass via Stored XSS Exploit Author: Joe Pollock Date: November 16, 2022 Vendor Homepage: https://www.sourcecodester.com/php/14904/rates-system.html Software Link:...
Simmeth System GmbH Supplier Manager LFI / SQL Injection / Bypass
SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple Critical Vulnerabilities product: Simmeth System GmbH Supplier manager Lieferantenmanager vulnerable version: 5.6 fixed version: 5.6 CVE number: CVE-2022-44012,...
BMC Remedy ITSM-Suite 9.1.10 / 20.02 HTML Injection
SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: HTML Injection product: BMC Remedy ITSM-Suite vulnerable version: 9.1.10 = 20.02 in new versioning scheme fixed version: 22.1 CVE number: CVE-2022-26088 impact: Low...
Cisco Secure Email Gateway Malware Detection Evasion
This report is being published within a coordinated disclosure procedure. The researcher has been in contact with the vendor but not received a satisfactory response within a given time frame. As the attack complexity is low and exploits have already been published by a third party there must be ...
Payara Platform Path Traversal
SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Path Traversal Vulnerability product: Payara Platform vulnerable version: Enterprise: 5.45.0 Community: 6.2022.1, 5.2022.4, 4.1.2.191.38 fixed version: Enterprise: 5.45.0...
VMware NSX Manager XStream Unauthenticated Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'VMware NSX Manager XStream unauthenticated RCE', 'Description' = %q VMware Cloud Foundation NSX-V contains a remote code execution vulnerability...
WordPress BeTheme BeCustom 1.0.5.2 Cross Site Request Forgery
RCE Security Advisory https://www.rcesecurity.com 1. ADVISORY INFORMATION ======================= Product: BeCustom Wordpress Plugin Vendor URL: https://muffingroup.com/betheme/features/be-custom/ Type: Cross-Site Request Forgery CWE-253 Date found: 2021-10-28 Date published: 2022-11-10 CVSSv3...
Backdoor.Win32.RemServ.d MVID-2022-0655 Remote Command Execution
Discovery / credits: Malvuln John Page aka hyp3rlinx c 2022 Original source: https://malvuln.com/advisory/05a082d441d9cf365749c0e1eb904c85.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.RemServ.d Vulnerability: Unauthenticated Remote Command Execution Family:...
libxml2 xmlParseNameComplex Integer Overflow
libxml2: Integer overflow in xmlParseNameComplex libxml2 is vulnerable to an integer overflow in xmlParseNameComplex when an attribute list has a very long name name is = 232 characters. static const xmlChar xmlParseNameComplexxmlParserCtxtPtr ctxt int len = 0, l; ... return xmlDictLookupctxt-dic...
MSNSwitch Firmware MNT.2408 Remote Code Execution
Exploit Title: MSNSwitch Firmware MNT.2408 - Remote Code Exectuion RCE Google Dork: n/a Date:9/1/2022 Exploit Author: Eli Fulkerson Vendor Homepage: https://www.msnswitch.com/ Version: MNT.2408 Tested on: MNT.2408 firmware CVE: CVE-2022-32429 !/usr/bin/python3 """ POC for unauthenticated...
Open Web Analytics 1.7.3 Remote Code Execution
Exploit Title: Open Web Analytics 1.7.3 - Remote Code Execution RCE Date: 2022-08-30 Exploit Author: Jacob Ebben Vendor Homepage: https://www.openwebanalytics.com/ Software Link: https://github.com/Open-Web-Analytics Version: 1.7.4 Tested on: Linux CVE : CVE-2022-24637 import argparse import...
IOTransfer 4 Unquoted Service Path
Exploit Title: IOTransfer V4 - Unquoted Service Path Exploit Author: BLAY ABU SAFIAN Inveteck Global Discovery Date: 2022-28-07 Vendor Homepage: http://www.iobit.com/en/index.php Software Link: https://iotransfer.itopvpn.com/download/ Tested Version: V4 Vulnerability Type: Unquoted Service Path...
CVAT 2.0 Server-Side Request Forgery
Exploit Title: CVAT 2.0 - SSRF Server Side Request Forgery Exploit Author: Emir Polat Vendor Homepage: https://github.com/opencv/cvat Version: 2.0.0 Tested On: Version 1.7.0 - Ubuntu 20.04.4 LTS GNU/Linux 5.4.0-122-generic x8664 CVE: CVE-2022-31188 Description: CVAT is an opensource interactive...
SmartRG Router SR510n 2.6.13 Remote Code Execution
Exploit Title: SmartRG Router SR510n 2.6.13 - RCE Remote Code Execution Date: 13/06/2022 Exploit Author: Yerodin Richards Vendor Homepage: https://adtran.com Version: 2.5.15 / 2.6.13 confirmed Tested on: SR506n 2.5.15 & SR510n 2.6.13 CVE : CVE-2022-37661 import requests from subprocess import...
AVEVA InTouch Access Anywhere Secure Gateway 2020 R2 Path Traversal
Exploit Title: AVEVA InTouch Access Anywhere Secure Gateway 2020 R2 - Path Traversal Exploit Author: Jens Regel CRISEC IT-Security Date: 11/11/2022 CVE: CVE-2022-23854 Version: Access Anywhere Secure Gateway versions 2020 R2 and older Proof of Concept: GET...
Backdoor.Win32.Aphexdoor.LiteSock MVID-2022-0653 Buffer Overflow
Discovery / credits: Malvuln John Page aka hyp3rlinx c 2022 Original source: https://malvuln.com/advisory/2047ac6183da4dfb61d2562721ba0720.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Aphexdoor.LiteSock Vulnerability: Remote Stack Buffer Overflow SEH...
HEUR:Trojan.MSIL.Agent.gen MVID-2022-0654 Information Disclosure
Discovery / credits: Malvuln John Page aka hyp3rlinx c 2022 Original source: https://malvuln.com/advisory/bc2ccf92bea475f828dcdcb1c8f6cc92.txt Contact: [email protected] Media: twitter.com/malvuln Threat: HEUR:Trojan.MSIL.Agent.gen Vulnerability: Information Disclosure Description: the malware...
WordPress Blog2Social 6.9.11 Missing Authorization
Description: Missing Authorization to Authenticated Subscriber+ Settings Update Affected Plugin: Blog2Social Plugin Slug: blog2social Affected Versions: = 6.9.11 CVE ID: CVE-2022-3622 CVSS Score: 4.7 Medium CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N Researcher/s: Marco Wotschka Ful...
Forma SPOT-LMS 3.2.1 Cross Site Scripting
Title: Forma SPOT-LMS-3.2.1 Cross-site scripting reflected RCE - reset mail vulnerability Author: nu11secur1ty Date: 11.07.2022 Vendor: https://www.spotlms.us/indexmulti.php The software is applied in the demo account: https://www.spotlms-anca-001.ovh/ Reference:...
WebKit HTMLSelectElement Use-After-Free
WebKit use-after-free in HTMLSelectElement There is a use-after-free in HTMLSelectElement. If the length of the HTMLSelectElement is set to a value greater than the existing options length then dummy HTMLOptionElements elements are created. These HTMLOptionsElements are stored as raw pointers in...
Senayan Library Management System 9.5.0 SQL Injection
Title: Senayan Library Management System v9.5.0 a.k.a SLIMS 9 BULIAN SQLi Author: nu11secur1ty Date: 11.03.2022 Vendor: https://slims.web.id/web/ Software: https://github.com/slims/slims9bulian/releases Reference:...
Automated Tank Gauge (ATG) Remote Configuration Disclosure
!/usr/bin/env python3 import time import socket with open"/tmp/ATGSCAN.txt",'r' as atgfile: for line in atgfile.read.splitlines: try: atgsocket = socket.socketsocket.AFINET, socket.SOCKSTREAM port = 10001 searchstr = 'IN-TANK INVENTORY' msg = str'\x01' + 'I20100' + '\n'.encode'ascii'...
Apache CouchDB Erlang Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Apache Couchdb Erlang RCE', 'Description' = %q In Apache CouchDB prior to 3.2.2, an attacker can access an improperly secured default installatio...
FLIR AX8 1.46.16 Remote Command Injection
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'rex/stopwatch' class MetasploitModule 'FLIR AX8 unauthenticated RCE', 'Description' = %q All FLIR AX8 thermal sensor cameras versions up to and including 1.46.1...
Webmin 1.984 File Manager Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Webmin File Manager RCE', 'Description' = %q In Webmin version 1.984, any authenticated low privilege user without access rights to the File...
Leeloo Multipath Authorization Bypass / Symlink Attack
Qualys Security Advisory Leeloo Multipath: Authorization bypass and symlink attack in multipathd CVE-2022-41974 and CVE-2022-41973 ======================================================================== Contents ======================================================================== Summary...
wolfSSL Buffer Overflow
wolfssl before 5.5.1: CVE-2022-39173 Buffer overflow when refining cipher suites ================================================================================== INFO ======= The CVE project has assigned the id CVE-2022-39173 to this issue. Severity: high 7.5 Affected version: before 5.5.1 End ...
Simple Cold Storage Management System 1.0 SQL Injection
Simple Cold Storage Management System v1.0 by oretnom23 has SQL injection BUGAuthor: QiaoRui feng Login account: admin/admin123 Super Admin account vendors: https://www.sourcecodester.com/php/15088/simple-cold-storage-management-system-using-phpoop-source-code.html The program is built using the...
Ecommerce CodeIgniter Bootstrap 1.0 Cross Site Scripting
Title: Ecommerce-CodeIgniter-Bootstrap-1.0 Cross-site scripting reflected RCE Author: nu11secur1ty Date: 10.29.2022 Vendor: https://github.com/kirilkirkov/Ecommerce-CodeIgniter-Bootstrap Software: https://github.com/kirilkirkov/Ecommerce-CodeIgniter-Bootstrap/archive/refs/heads/master.zip...
Train Scheduler App 1.0 Insecure Direct Object Reference
Exploit Title: Train Scheduler App v1.0 - Insecure Direct Object Reference IDOR to "delete user id " Exploit Author: Rohit Sharma Vendor Name: oretnom23 Vendor Homepage: https://www.sourcecodester.com/php/15720/train-scheduler-app-using-php-oop-and-mysql-database-free-download.html Software Link:...
Siemens APOGEE PXC / TALON TC Authentication Bypass
!/usr/bin/env python3 -- coding: utf-8 -- 2022-05-23 Standard Modules from metasploit import module Extra Dependencies dependenciesmissing = False try: import logging import requests import requests import xmltodict import xml.etree.ElementTree as ET import socket import struct import requests...
Vagrant Synced Folder Vagrantfile Breakout
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Vagrant Synced Folder Vagrantfile Breakout', 'Description' = %q This module exploits a default Vagrant synced folder shared folder to append a Ru...
Dinstar FXO Analog VoIP Gateway DAG2000-16O Cross Site Scripting
Exploit Title: Dinstar FXO Analog VoIP Gateway DAG2000-16O Stored Cross Site Scripting Google Dork: NA Date: 25/10/2022 Exploit Author: Yehia Elghaly Vendor Homepage: https://www.dinstar.com/ Software Link: https://www.dinstar.com/analog-voip-gateway/16-fxo/ Version: DAG2000-16O CVE: N/A Summary:...
ERP Sankhya 4.13.x Cross Site Scripting
Exploit Title: ERP Sankhya - XSS to Account Takeover Google Dork: N/A Date: 19/10/2022 Exploit Author: Lucas Alves Da Cunha - 0xLucas Vendor Homepage: https://www.sankhya.com.br Version: Sankhya Om Payload utilizado para capturar os dados da sessão do usuário: Passos para reprodução: 1 -...
ZKTeco ZEM500-510-560-760 / ZEM600-800 / ZEM720 / ZMM Missing Authentication
Advisory: Missing Authentication in ZKTeco ZEM/ZMM Web Interface The ZKTeco time attendance device does not require authentication to use the web interface, exposing the database of employees and their credentials. Details ======= Product: ZKTeco ZEM500-510-560-760, ZEM600-800, ZEM720, ZMM Affect...
GLPI 10.0.2 Command Injection
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'GLPI htmLawed php command injection', 'Description' = %q This exploit takes advantage of a unauthenticated php command injection available from...
Email-Worm.Win32.Kipis.c MVID-2022-0652 File Write / Code Execution
Discovery / credits: Malvuln John Page aka hyp3rlinx c 2022 Original source: https://malvuln.com/advisory/8d0df60c96e4011c312d61ed3e6dc70e.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Email-Worm.Win32.Kipis.c Vulnerability: Remote File Write Code Execution Description: The...
Backdoor.Win32.Psychward.10 MVID-2022-0651 Remote Command Execution
Discovery / credits: Malvuln John Page aka hyp3rlinx c 2022 Original source: https://malvuln.com/advisory/70c5f8d61f6ac67091c0c5860e456427.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Psychward.10 Vulnerability: Unauthenticated Remote Command Execution...
Pega Platform 8.7.3 Remote Code Execution
Exploit Title: Pega Platform 8.1.0 and higher Remote Code Execution Google Dork: N/A Date: 20 Oct 2022 Exploit Author: Marcin Wolak using MOGWAI LABS JMX Exploitation Toolkit Vendor Homepage: www.pega.com Software Link: Not Available Version: 8.1.0 on-premise and higher, up to 8.7.3 Tested on: Re...
Backdoor.Win32.Delf.arh MVID-2022-0650 Authentication Bypass
Discovery / credits: Malvuln John Page aka hyp3rlinx c 2022 Original source: https://malvuln.com/advisory/b3b19524967d22d6eb7517b03b660b00.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Delf.arh Vulnerability: Authentication Bypass Description: The malware runs...
Zimbra Collaboration Suite TAR Path Traversal
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'TAR Path Traversal in Zimbra CVE-2022-41352', 'Description' = %q This module creates a .tar file that can be emailed to a Zimbra server to exploi...
Fortinet FortiOS / FortiProxy / FortiSwitchManager Authentication Bypass
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Fortinet FortiOS, FortiProxy, and FortiSwitchManager authentication bypass.', 'Description' = %q This module exploits an authentication bypass...
Zimbra Privilege Escalation
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Zimbra sudo + postfix privilege escalation', 'Description' = %q This module exploits a vulnerable sudo configuration that permits the zimbra user...
AVS Audio Converter 10.3 Stack Overflow
Exploit Title: AVS Audio Converter 10.3 - Stack Overflow SEH Discovered by: Yehia Elghaly - Mrvar0x Discovered Date: 2022-10-16 Tested Version: 10.3.1.633 Tested on OS: Windows 7 Professional x86 pop+ret Address=005154E6 Message= 0x005154e6 : pop ecx pop ebp ret 0x04 | startnull PAGEEXECUTEREAD...
MiniDVBLinux 5.4 SVDRP Control
MiniDVBLinux 5.4 Simple VideoDiskRecorder Protocol SVDRP svdrpsend.sh Exploit Vendor: MiniDVBLinux Product web page: https://www.minidvblinux.de Affected version: =5.4 Summary: MiniDVBLinuxTM Distribution MLD. MLD offers a simple way to convert a standard PC into a Multi Media Centre based on the...
Garage Management System 1.0 Cross Site Scripting
Exploit Title: Garage Management System 1.0 - 'categoriesName' - Stored XSS Date: 18-09-2022 Exploit Author: Sam Wallace Software Link: https://www.sourcecodester.com/php/15485/garage-management-system-using-phpmysql-source-code.html Version: 1.0 Tested on: Debian CVE : CVE-2022-41358 Summary:...
MiniDVBLinux 5.4 Configuration Download
MiniDVBLinux 5.4 Config Download Exploit Vendor: MiniDVBLinux Product web page: https://www.minidvblinux.de Affected version: =5.4 Summary: MiniDVBLinuxTM Distribution MLD. MLD offers a simple way to convert a standard PC into a Multi Media Centre based on the Video Disk Recorder VDR by Klaus...
MiniDVBLinux 5.4 Remote Root Command Execution
!/usr/bin/env python3 MiniDVBLinux 5.4 Remote Root Command Execution Vulnerability Vendor: MiniDVBLinux Product web page: https://www.minidvblinux.de Affected version: =5.4 Summary: MiniDVBLinuxTM Distribution MLD. MLD offers a simple way to convert a standard PC into a Multi Media Centre based o...
WiFi File Transfer 1.0.8 Cross Site Scripting
Document Title: =============== WiFi File Transfer v1.0.8 - Cross Site Scripting Vulnerabilities References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2322 Release Date: ============= 2022-10-17 Vulnerability Laboratory ID VL-ID:...