FLIX AX8 1.46.16 Remote Command Execution

-- coding: utf-8 -- Exploit Title: FLIR AX8 Unauthenticated OS Command Injection Date: 8/19/2022 Exploit Author: Samy Younsi Naqwada https://samy.link Vendor Homepage: https://www.flir.com/ Software Link: https://www.flir.com/products/ax8-automation/ PoC: https://www.youtube.com/watch?v=dh0rfAIWo...

FLIR AX8 1.46.16 Traversal / Access Control / Command Injection / XSS

FLIR AX8 vulnerabilities. Product description: The FLIR AX8 is a thermal sensor with imaging capabilities, combining thermal and visual cameras that provides continuous temperature monitoring and alarming for critical electrical and mechanical equipment. Affected products: All FLIR AX8 thermal...

Transposh WordPress Translation 1.0.8.1 Incorrect Authorization

RCE Security Advisory https://www.rcesecurity.com 1. ADVISORY INFORMATION ======================= Product: Transposh WordPress Translation Vendor URL: https://wordpress.org/plugins/transposh-translation-filter-for-wordpress/ Type: Incorrect Authorization CWE-863 Date found: 2022-07-23 Date...

Polar Flow Android 5.7.1 Secret Disclosure

Trovent Security Advisory 2110-01 Insecure data storage in Polar Flow Android application Overview Advisory ID: TRSA-2110-01 Advisory version: 1.0 Advisory status: Public Advisory URL: https://trovent.io/security-advisory-2110-01 Affected product: Polar Flow Android mobile application...

Advantech iView NetworkServlet Command Injection

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Advantech iView NetworkServlet Command Injection', 'Description' = %q Versions of Advantech iView software below 5.7.04.6469 are vulnerable to an...

TypeORM 0.3.7 Information Disclosure

I found what I think is a vulnerability in the latest typeorm 0.3.7. TypeORM v0.3 has a new findOneBy method instead of findOneById and it is the only way to get a record by id Sending undefined as a value in this method removes this parameter from the query. This leads to the data exposure. For...

Win32.Ransom.BlueSky MVID-2022-0632 Code Execution

Discovery / credits: Malvuln John Page aka hyp3rlinx c 2022 Original source: https://malvuln.com/advisory/961fa85207cdc4ef86a076bbff07a409.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Win32.Ransom.BlueSky Vulnerability: Arbitrary Code Execution Description: The BlueSky...

Inout SiteSearch 2.0.1 Cross Site Scripting

┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...

Gigaland NFT Marketplace 1.9 Shell Upload / Key Disclosure

Exploit Title: Gigaland NFT marketplace Shell upload and ETH private key leak Google Dork: N/A Date: 14/8/2022 Exploit Author: Sohel Yousef https://www.linkedin.com/in/sohel-yousef-50a905189/ Software Link: https://gigaland.io/ Version: 1.9 Category: webapps 1. Sell Upload after connectiong your...

Inout RealEstate 2.1.2 SQL Injection

┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...

Windows sxs!CNodeFactory::XMLParser_Element_doc_assembly_assemblyIdentity Heap Buffer Overflow

Windows: Heap buffer overflow in sxs!CNodeFactory::XMLParserElementdocassemblyassemblyIdentity SUMMARY A heap buffer overflow issue exists in Windows 11 and earlier versions. A malicious application may be able to execute arbitrary code with SYSTEM privileges. VULNERABILITY DETAILS In 2020, Proje...

Windows sxssrv!BaseSrvActivationContextCacheDuplicateUnicodeString Heap Buffer Overflow

Windows: heap buffer overflow in sxssrv!BaseSrvActivationContextCacheDuplicateUnicodeString SUMMARY A heap buffer overflow issue exists in Windows 11 and earlier versions. A malicious application may be able to execute arbitrary code with SYSTEM privileges. VULNERABILITY DETAILS int64 fastcall...

Readymade Job Portal Script SQL Injection

┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...

Gas Agency Management 2022 SQL Injection / XSS / Shell Upload

Title: Gas Agency Management-2022 by Mayuri K - SQLi+FU-RCE+XSS Author: nu11secur1ty Date: 08.12.2022 Vendor Homepage: https://www.mayurik.com/downloadsection Software Link-0: https://www.sourcecodester.com/php/15586/gas-agency-management-system-project-php-free-download-source-code.html Software...

Fiberhome AN5506-02-B Cross Site Scripting

Exploit Title: FiberHome - AN5506-02-B - RP2521 - Authenticated Stored XSS Date: 10/08/2022 Exploit Author: Leonardo Goncalves Version: Firmware RP2521 1 Log in the equipment via your web browser 2 Go to Network authsettings 3 In the "sncfgloid" inject the payload "alert" 4 Click Save 5 Exploit!...

Intelbras ATA 200 Cross Site Scripting

Exploit Title: Intelbras ATA 200 Authenticated Stored XSS Date: 17/01/2022 Exploit Author: Leonardo Goncalves Vendor Homepage: https://www.intelbras.com/pt-br/adaptador-ip-para-telefones-analogicos-ata-200 Version: Firmware 74.19.10.21 1 Log in the equipment via your web browser 2 Go to Managemen...

Zimbra zmslapd Privilege Escalation

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Zimbra zmslapd arbitrary module load', 'Description' = %q This module exploits CVE-2022-37393, which is a vulnerability in Zimbra's sudo...

Webmin Package Updates Command Injection

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Webmin Package Updates RCE', 'Description' = %q This module exploits an arbitrary command injection in Webmin versions prior to 1.997. Webmin use...

Sophos XG115w Firewall 17.0.10 MR-10 Authentication Bypass

Exploit Title: Sophos XG115w Firewall 17.0.10 MR-10 - Authentication Bypass Date: 2022-08-09 Exploit Author: Aryan Chehreghani Vendor Homepage: https://www.sophos.com Version: 17.0.10 MR-10 Tested on: Windows 11 CVE : CVE-2022-1040 VULNERABILITY DETAILS : This vulnerability allows an attacker to...

AirSpot 5410 0.3.4.1-4 Remote Command Injection

-- coding: utf-8 -- Exploit Title: AirSpot unauthenticated remote command injection Date: 7/26/2022 Exploit Author: Samy Younsi NSLABS https://samy.link Vendor Homepage: https://www.airspan.com/ Software Link: https://wdi.rfwel.com/cdn/techdocs/AirSpot5410.pdf Version: 0.3.4.1-4 and under. Tested...

Backdoor.Win32.Guptachar.20 MVID-2022-0631 Insecure Credential Storage

Discovery / credits: Malvuln John Page aka hyp3rlinx c 2022 Original source: https://malvuln.com/advisory/857999d2306f257b80d1b8f6a51ae8b0.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Guptachar.20 Vulnerability: Insecure Credential Storage Description: The...

Feehi CMS 2.1.1 Cross Site Scripting

Exploit Title: Feehi CMS 2.1.1 - Stored Cross-Site Scripting XSS Date: 02-08-2022 Exploit Author: Shivam Singh Vendor Homepage: https://feehi.com/ Software Link: https://github.com/liufee/cms Profile Link: https://www.linkedin.com/in/shivam-singh-3906b0203/ Version: 2.1.1 REQUIRED Tested on: Linu...

PAN-OS 10.0 Remote Code Execution

Exploit Title: PAN-OS 10.0 - Remote Code Execution RCE Authenticated Date: 2022-08-13 Exploit Author: UnD3sc0n0c1d0 Software Link: https://security.paloaltonetworks.com/CVE-2020-2038 Category: Web Application Version: 10.0.1, 9.1.4 and 9.0.10 Tested on: PAN-OS 10.0 - Parrot OS CVE : CVE-2020-2038...

Matrimonial PHP Script 1.0 SQL Injection

┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...

Prestashop Blockwishlist 2.1.0 SQL Injection

Exploit Title: Prestashop blockwishlist module 2.1.0 - SQLi Date: 29/07/22 Exploit Author: Karthik UJ @5up3r541y4n Vendor Homepage: https://www.prestashop.com/en Software Link blockwishlist: https://github.com/PrestaShop/blockwishlist/releases/tag/v2.1.0 Software Link prestashop:...

Nortek Linear eMerge E3-Series Account Takeover

Exploit Title: Nortek Linear eMerge E3-Series - Account Take Over Exploit Author: Omar Hashim Version: 0.32-07p Vendor home page: https://www.nortekcontrol.com/access-control/ Vendor home page: https://linear-solutions.com/ Authentication Required: No CVE: CVE-2022-31798 Description...

Nortek Linear eMerge E3-Series Credential Disclosure

Exploit Title: Nortek Linear eMerge E3-Series - Information Disclosure lead to access admin dashboard Exploit Author: Omar Hashim Version: 0.32-07p,0.32-07e,0.32-07p,0.32-08f,0.32-09c Vendor home page : https://www.nortekcontrol.com/access-control/ Vendor home page : https://linear-solutions.com/...

Thingsboard 3.3.1 Cross Site Scripting

Exploit Title: ThingsBoard 3.3.1 - Stored Cross-Site Scripting XSS within the description of a rule node Date: 03/08/2022 Exploit Author: Steffen Langenfeld & Sebastian Biehler Vendor Homepage: https://thingsboard.io/ Software Link: https://github.com/thingsboard/thingsboard/releases/tag/v3.3.1...

ManageEngine ADAudit Plus Path Traversal / XML Injection

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'ManageEngine ADAudit Plus CVE-2022-28219', 'Description' = %q This module exploits CVE-2022-28219, which is a pair of vulnerabilities in...

Nortek Linear eMerge E3-Series Command Injection

Exploit Title: Nortek Linear eMerge E3-Series - Blind OS Command Injection Exploit Author: Omar Hashim Version: 0.32-09c Vendor home page: https://www.nortekcontrol.com/access-control/ Vendor home page: https://linear-solutions.com/ Authentication Required: No CVE: CVE-2022-31499 POC:...

WordPress Duplicator 1.4.7.1 Backup Disclosure

Title: WordPress Plugin Duplicator 1.4.7.1 - Unauthenticated Backup Download Author: nu11secur1ty Date: 08.08.2022 Vendor: https://wordpress.org/ Software: https://wordpress.org/plugins/duplicator/ Reference:...

WordPress Testimonial Slider And Showcase 2.2.6 Cross Site Scripting

Exploit Title: Stored XSS in posttitle parameter in WordPress Plugin "Testimonial Slider and Showcase" 2.2.6 Date: 05/08/2022 Exploit Author: saitamang , yunaranyancat , amdsyad Vendor Homepage: wordpress Software Link: https://wordpress.org/plugins/testimonial-slider-and-showcase/ Version: 2.2.6...

Online Admission System 1.0 SQL Injection

Exploit Title: online-admission-system 1.0 - unauthenticated SQL Injection Date: 5-08-2022 Exploit Author: syad Vendor Homepage: https://www.sourcecodester.com Software Link: https://www.sourcecodester.com/php/15514/online-admission-system-php-and-mysql.html Version: 1.0 Tested on: Windows 10 +...

WordPress Ecwid Ecommerce Shopping Cart 6.10.23 Cross Site Request Forgery

Description: Cross-Site Request Forgery to Settings/Options Update Affected Plugin: Ecwid Ecommerce Shopping Cart Plugin Slug: ecwid-shopping-cart Affected Versions: = 6.10.23 CVE ID: CVE-2022-2432 CVSS Score: 8.8 High CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Researcher/s: Marco...

Backdoor.Win32.Bushtrommel.122 MVID-2022-0629 Authentication Bypass

Discovery / credits: Malvuln John Page aka hyp3rlinx c 2022 Original source: https://malvuln.com/advisory/76c09bc82984c7f7ef55eb13018e0d87.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Bushtrommel.122 Vulnerability: Authentication Bypass Description: The malwa...

Zimbra UnRAR Path Traversal

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'UnRAR Path Traversal in Zimbra CVE-2022-30333', 'Description' = %q This module creates a RAR file that can be emailed to a Zimbra server to explo...

Backdoor.Win32.Bushtrommel.122 MVID-2022-0630 Remote Command Execution

Discovery / credits: Malvuln John Page aka hyp3rlinx c 2022 Original source: https://malvuln.com/advisory/76c09bc82984c7f7ef55eb13018e0d87B.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Bushtrommel.122 Vulnerability: Unauthenticated Remote Command Execution...

Backdoor.Win32.Jokerdoor MVID-2022-0628 Buffer Overflow

Discovery / credits: Malvuln John Page aka hyp3rlinx c 2022 Original source: https://malvuln.com/advisory/783a191e7944e1af84ec0fa96d933f30.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Jokerdoor Vulnerability: Remote Stack Buffer Overflow Description: The...

VMware Workspace ONE Access Privilege Escalation

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'VMware Workspace ONE Access CVE-2022-31660', 'Description' = %q VMware Workspace ONE Access contains a vulnerability whereby the horizon user can...

WordPress Download Manager 3.2.50 Arbitrary File Deletion

Description: Authenticated Contributor+ Arbitrary File Deletion Affected Plugin: Download Manager Plugin Slug: download-manager Plugin Developer: W3 Eden, Inc. Affected Versions: = 3.2.50 CVE ID: CVE-2022-2431 CVSS Score: 8.8 High CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H...

WordPress Duplicator 1.4.7 Unauthenticated Backup Download

Title: WordPress Plugin Duplicator 1.4.7 - Unauthenticated Backup Download Author: nu11secur1ty Date: 08.03.2022 Vendor: https://wordpress.org/ Software: https://wordpress.org/plugins/duplicator/ Reference:...

IObit Malware Fighter 9.2 Tampering / Privilege Escalation

Credits: Yehia Elghaly aka Mrvar0x + Website: https://mrvar0x.com/ + Source: "https://mrvar0x.com/2022/08/02/multiple-endpoints-security-tampering-exploit/" Vendor: ============= www.iobit.com Product: =========== IObit Malware Fighter 9.2 IObit Malware Fighter is an advanced malware & spyware...

Multi-Language Hotel Management 2022 1.0 SQL Injection

Title: Multi-Language-Hotel-Management-2022 1.0 SQLi Author: nu11secur1ty Date: 08.03.2022 Vendor: https://www.nikhilbhalerao.com/ Software: https://github.com/nu11secur1ty/CVE-nu11secur1ty/blob/main/vendors/Nikhil%20Bhalerao/2022/Multi-Language-Hotel-Management-2022/Docs/sparkz.zip Reference:...

MobileIron Log4Shell Remote Command Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'MobileIron Core Unauthenticated JNDI Injection RCE via Log4Shell', 'Description' = %q MobileIron Core is affected by the Log4Shell vulnerability...

Zoho Password Manager Pro XML-RPC Java Deserialization

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Zoho Password Manager Pro XML-RPC Java Deserialization', 'Description' = %q This module exploits a Java deserialization vulnerability in Zoho...

uftpd 2.10 Directory Traversal

Exploit Title: uftpd 2.10 - Directory Traversal Authenticated Google Dork: N/A Exploit Author: Aaron Esau arinerron Vendor Homepage: https://github.com/troglobit/uftpd Software Link: https://github.com/troglobit/uftpd Version: 2.7 to 2.10 Tested on: Linux CVE : CVE-2020-20277 Reference:...

Crime Reporting System 1.0 SQL Injection

Exploit Title: Crime Reporting System - Blind SQL Injection on Login email parameter Date: 31/07/2022 Exploit Author: saitamang Vendor Homepage: code-projects.org Software Link:...

mPDF 7.0 Local File Inclusion

Exploit Title: mPDF 7.0 - Local File Inclusion Google Dork: N/A Date: 2022-07-23 Exploit Author: Musyoka Ian Vendor Homepage: https://mpdf.github.io/ Software Link: https://mpdf.github.io/ Version: CuteNews Tested on: Ubuntu 20.04, mPDF 7.0.x CVE: N/A !/usr/bin/env python3 from urllib.parse impor...

Wavlink WN533A8 Cross Site Scripting

Exploit Title: Wavlink WN533A8 - Cross-Site Scripting XSS Exploit Author: Ahmed Alroky Author Company : AIactive Version: M33A8.V5030.190716 Vendor home page : wavlink.com Authentication Required: No CVE : CVE-2022-34048 Tested on: Windows Poc code history.pushState'', '', '/'...

Backdoor.Win32.Destrukor.20 MVID-2022-0627 Remote Command Execution

Discovery / credits: Malvuln John Page aka hyp3rlinx c 2022 Original source: https://malvuln.com/advisory/c790749f851d48e66e7d59cc2e451956B.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Destrukor.20 Vulnerability: Unauthenticated Remote Command Execution...