50748 matches found
MiniDVBLinux 5.4 Change Root Password
MiniDVBLinux 5.4 Change Root Password PoC Vendor: MiniDVBLinux Product web page: https://www.minidvblinux.de Affected version: =5.4 Summary: MiniDVBLinuxTM Distribution MLD. MLD offers a simple way to convert a standard PC into a Multi Media Centre based on the Video Disk Recorder VDR by Klaus...
Webile 1.0.1 Directory Traversal
Document Title: =============== Webile v1.0.1 - Directory Traversal Web Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2320 Release Date: ============= 2022-10-10 Vulnerability Laboratory ID VL-ID: ==================================== 232...
WordPress Photo Gallery 1.8.0 Cross Site Scripting
┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...
MiniDVBLinux 5.4 Arbitrary File Read
!/usr/bin/env python3 MiniDVBLinux 5.4 Arbitrary File Read Vulnerability Vendor: MiniDVBLinux Product web page: https://www.minidvblinux.de Affected version: =5.4 Summary: MiniDVBLinuxTM Distribution MLD. MLD offers a simple way to convert a standard PC into a Multi Media Centre based on the Vide...
WordPress ImageMagick-Engine 1.7.4 Remote Code Execution
Exploit Title: Wordpress Plugin ImageMagick-Engine 1.7.4 - Remote Code Execution RCE Authenticated Google Dork: inurl:"/wp-content/plugins/imagemagick-engine/" Date: Thursday, September 1, 2022 Exploit Author: ABDO10 Vendor Homepage: https://wordpress.org/plugins/imagemagick-engine/ Software Link...
MiniDVBLinux 5.4 Unauthenticated Stream Disclosure
MiniDVBLinux 5.4 Unauthenticated Stream Disclosure Vulnerability Vendor: MiniDVBLinux Product web page: https://www.minidvblinux.de Affected version: /dev/null -------------------------------------------------------------------- Tested on: MiniDVBLinux 5.4 BusyBox v1.25.1 Architecture: armhf,...
MapTool 1.11.5 Cross Site Scripting
Document Title: =============== MapTool v1.11.5 - Cross Site Scripting Vulnerabilities References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2319 Release Date: ============= 2022-10-11 Vulnerability Laboratory ID VL-ID: ==================================== 23...
pfSense pfBlockerNG 2.1.4_26 Shell Upload
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'pfSense plugin pfBlockerNG unauthenticated RCE as root', 'Description' = %q pfBlockerNG is a popular pfSense plugin that is not installed by...
Knap Advanced PHP Login 3.1.3 Cross Site Scripting
Document Title: =============== Knap APL v3.1.3 - Persistent Cross Site Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2307 Release Date: ============= 2022-10-10 Vulnerability Laboratory ID VL-ID: ==================================== 230...
Backdoor.Win32.Redkod.d MVID-2022-0649 Hardcoded Credential
Discovery / credits: Malvuln John Page aka hyp3rlinx c 2022 Original source: https://malvuln.com/advisory/bb309bdd071d5733efefe940a89fcbe8.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Redkod.d Vulnerability: Weak Hardcoded Credentials Description: The malware...
MiniDVBLinux 5.4 Remote Root Command Injection
!/usr/bin/env python3 MiniDVBLinux 5.4 Remote Root Command Injection Vulnerability Vendor: MiniDVBLinux Product web page: https://www.minidvblinux.de Affected version: =5.4 Summary: MiniDVBLinuxTM Distribution MLD. MLD offers a simple way to convert a standard PC into a Multi Media Centre based o...
Stripe Green Downloads 2.03 Cross Site Scripting
Document Title: =============== Stripe Green Downloads 2.03 - Cross Site Web Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2287 Release Date: ============= 2022-10-17 Vulnerability Laboratory ID VL-ID: ===================================...
MapTool 1.11.5 Denial Of Service
Document Title: =============== MapTool v1.11.5 - Denial of Service Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2318 Release Date: ============= 2022-10-10 Vulnerability Laboratory ID VL-ID: ==================================== 2318...
Joomla Vik Appointments 1.7.3 Cross Site Scripting
┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...
Backdoor.Win32.DarkSky.23 MVID-2022-0648 Buffer Overflow
Discovery / credits: Malvuln John Page aka hyp3rlinx c 2022 Original source: https://malvuln.com/advisory/1164ef21ef2af97e0339359c0dce5e7d.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.DarkSky.23 Vulnerability: Remote Stack Buffer Overflow SEH Description: The...
Vicidial 2.14-783a Cross Site Scripting
Document Title: =============== Vicidial v2.14-783a - Multiple XSS Web Vulnerabilities References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2311 Release Date: ============= 2022-10-11 Vulnerability Laboratory ID VL-ID: ==================================== 23...
Spring Cloud Gateway 3.1.0 Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Spring Cloud Gateway Remote Code Execution', 'Description' = %q This module exploits an unauthenticated remote code execution vulnerability in...
Joomla OSG Courts Reservation 1.4.9 SQL Injection
┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...
Intelbras WiFiber 120AC inMesh 1.1-220216 Command Injection
CyberDanube Security Research 20221009-0 ------------------------------------------------------------------------------- title| Authenticated Command Injection product| Intelbras WiFiber 120AC inMesh vulnerable version| 1.1-220216 fixed version| 1-1-220826 CVE number| impact| High homepage|...
WordPress / Joomla JReviews 4.1.5 Cross Site Scripting
┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...
WordPress eCommerce Product Catalog 3.0.70 Cross Site Scripting
┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...
Web Based Student Clearance 1.0 Shell Upload
Exploit Title: Web Based Student Clearance 1.0 - Unrestricted File Upload leads to Remote Code Execution Authenticated Date: 08-10-2022 Exploit Author: Akash Pandey L3V1ATH0N Vendor Homepage: https://www.sourcecodester.com/php/15627/web-based-student-clearance-system.html Software Link:...
Online Shopping System Advanced 1.0 SQL Injection
The online-shopping-system-advanced-1.0 suffers from multiple SQLi The attacker can steal all information from the database of this system. Status: CRITICAL + Exploit: MYSQL Parameter: cid POST Type: boolean-based blind Title: OR boolean-based blind - WHERE or HAVING clause NOT Payload:...
Joomla Vik Rent Car 1.14 Cross Site Scripting
┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...
Zentao Project Management System 17.0 Remote Code Execution
Exploit Title: Zentao Project Management System 17.0 - Authenticated Remote Code Execution Exploit Author: mister0xf Date: 2022-10-8 Software Link: https://github.com/easysoft/zentaopms Version: tested on 17.0 probably works also on newer/older versions Tested On: Kali Linux 2022.2 Exploit Tested...
WordPress Zephyr Project Manager 3.2.42 SQL Injection
Exploit Title: Wordpress Plugin Zephyr Project Manager 3.2.42 - Multiple SQLi Date: 14-08-2022 Exploit Author: Rizacan Tufan Blog Post: https://rizax.blog/blog/wordpress-plugin-zephyr-project-manager-multiple-sqli-authenticated Software Link: https://wordpress.org/plugins/zephyr-project-manager/...
Joomla Vik Booking 1.15.0 Cross Site Scripting
┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...
Joomla KSAdvertiser 2.5.37 Cross Site Scripting
┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...
Joomla JoomBri Freelance 4.5.0 Cross Site Scripting
┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...
Joomla JoomBri Careers 3.3.0 Cross Site Scripting
┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...
Canteen Management 1.0-2022 Cross Site Scripting
Title: Canteen-Management-1.0-2022 suffers from XSS-Reflected Author: nu11secur1ty Date: 10.04.2022 Vendor: https://www.mayurik.com/ Software: https://github.com/nu11secur1ty/CVE-nu11secur1ty/blob/main/vendors/mayurik/2022/Canteen-Management/Docs/youthappam.zip?raw=true Reference:...
Remote Mouse 4.110 Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Remote Mouse RCE', 'Description' = %q This module utilizes the Remote Mouse Server by Emote Interactive protocol to deploy a payload and run it...
Ubuntu 22.04.1 X64 Desktop Enlightenment 0.25.3-1 Privilege Escalation
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Ubuntu Enlightenment Mount Priv Esc', 'Description' = %q This module exploits a command injection within Enlightenment's enlightenmentsys binary...
WordPress Elementor 3.6.2 Shell Upload
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Wordpress Plugin Elementor Authenticated Upload Remote Code Execution', 'Description' = %q The WordPress plugin Elementor versions 3.6.0 - 3.6.2,...
WordPress WPvivid Backup Path Traversal
===== Tempest Security Intelligence - ADV-15/2022 ========================== Wordpress plugin - WPvivid Backup - Version 0.9.76 Author: Rodolfo Tavares Tempest Security Intelligence - Recife, Pernambuco - Brazil ===== Table of Contents================================================== Overview...
Joomla RAXO All-Mode PRO 2.01 Cross Site Scripting
┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...
Joomla Solidres 2.12.9 Cross Site Scripting
┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...
Canteen Management 1.0-2022 SQL Injection
Title: Canteen-Management1.0-2022 SQLi Author: nu11secur1ty Date: 10.04.2022 Vendor: https://www.mayurik.com/ Software: https://github.com/nu11secur1ty/CVE-nu11secur1ty/blob/main/vendors/mayurik/2022/Canteen-Management/Docs/youthappam.zip?raw=true Reference:...
Google Chrome 103.0.5060.53 Autofill Assistant Universal Cross Site Scripting
Chrome: Universal XSS in Autofill Assistant VULNERABILITY DETAILS From the Autofill Assistant README file1: Autofill Assistant is an execution engine to run user journeys on websites given a set of actions. These actions include clicking on buttons or scrolling to an element. They also provide a...
Joomla Easy Shop 1.4.1 Cross Site Scripting
┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...
Joomla MarvikShop ShoppingCart 3.4 Cross Site Scripting
┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...
Joomla JUX Charity Hub 1.0.4 SQL Injection
┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...
Backdoor.Win32.NTRC MVID-2022-0646 Hardcoded Credential
Discovery / credits: Malvuln John Page aka hyp3rlinx c 2022 Original source: https://malvuln.com/advisory/273fd3f33279cc9c0378a49cf63d7a06.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.NTRC Vulnerability: Weak Hardcoded Credentials Family: NTRC Type: PE32 MD5:...
Backdoor.Win32.Delf.eg MVID-2022-0647 Remote Command Execution
Discovery / credits: Malvuln John Page aka hyp3rlinx c 2022 Original source: https://malvuln.com/advisory/de6220a8e8fcbbee9763fb10e0ca23d7.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Delf.eg Vulnerability: Unauthenticated Remote Command Execution Description...
Password Manager For IIS 2.0 Cross Site Scripting
Exploit Title: XSS Exploit Author: VP4TR10T Vendor Homepage:http://passwordmanager.adiscon.com/en/manual/ Software Link:http://passwordmanager.adiscon.com/ Version: Version 2.0 Tested on: WINDOWS CVE : CVE-2022-36664 Affected URI when trying to change user password: POST /isapi/PasswordManager.dl...
Joomla Rentalot Plus 19.05 Cross Site Scripting
┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...
Joomla MarvikShop ShoppingCart 3.4 SQL Injection
┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...
Joomla JKassa ShoppingCart 2.0.0 SQL Injection
┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...
GuppY CMS 6.00.10 Shell Upload
Exploit Title: GuppY 6.00.10 CMS Remote Code Execution Date: Sep 30, 2022 Exploit Author: Chokri Hammedi Vendor Homepage: https://www.freeguppy.org/ Software Link: https://www.freeguppy.org/fgy6dn.php?lng=en&pg=279927&tconfig=0z2 Version: 6.00.10 Tested on: Linux !/usr/bin/php ?php $username =...
ZKSecurity BIO 4.1.2 SQL Injection / Code Execution
ADVISORY INFORMATION Product: ZKSecurity BIO Vendor: ZKTeco https://www.zkteco.com/en/ZKBiosecurity/ZKBioSecurityV50004.1.2 Version Affected: 4.1.2 CVE: CVE-2022-36635 Vulnerability: SQL Injection with a plus: RCE CREDIT This vulnerability was discovered and researched by Caio Burgardt and Silton...