50748 matches found
Online Market Place Site 1.0 SQL Injection
Exploit Title: Online Market Place Site v1.0 - Unauthenticated Blind Time-Based SQL Injection Exploit Author: Joe Pollock Date: September 03, 2022 Vendor Homepage: https://www.sourcecodester.com/php/15273/online-market-place-site-phpoop-free-source-code.html Software Link:...
Cisco ASA-X With FirePOWER Services Authenticated Command Injection
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Cisco ASA-X with FirePOWER Services Authenticated Command Injection', 'Description' = %q This module exploits an authenticated command injection...
Online Market Place Site 1.0 Cross Site Scripting
Exploit Title: Online Market Place Site v1.0 - Stored Cross-Site Scripting XSS Exploit Author: Joe Pollock Date: September 03, 2022 Vendor Homepage: https://www.sourcecodester.com/php/15273/online-market-place-site-phpoop-free-source-code.html Software Link:...
Apple macOS Remote Events Memory Corruption
!/usr/bin/env python -- coding: UTF-8 -- naval.py Apple macOS Remote Events Remote Memory Corruption Vulnerability Jeremy Brown jbrown3264/gmail ===== Intro ===== eppc Hello from AEServer Remote Apple Events is a core service and remote system administration and automation tool for Macs. It can b...
WordPress Netroics Blog Posts Grid 1.0 Cross Site Scripting
Exploit Title: Stored XSS in posttitle parameter in WordPress Plugin "Netroics Blog Posts Grid" v1.0 Date: 08/08/2022 Exploit Author: saitamang, syad, yunaranyancat Vendor Homepage: wordpress.org Software Link: https://downloads.wordpress.org/plugin/netroics-blog-posts-grid.zip Version: 1.0 Teste...
Doctor's Appointment System 1.0 SQL Injection
Exploit Title: SQLi - Doctor's Appointment System v1.0 Google Dork: N/A Date: 7/13/2022 Exploit Author: Abdullah Zaid - @aznull Vendor Homepage: https://www.sourcecodester.com/hashenudara/simple-doctors-appointment-project.html Software Link:...
Doctor's Appointment System 1.0 Cross Site Scripting
Exploit Title: Doctor's Appointment System v1.0 - Cross-Site Scripting XSS Google Dork: N/A Date: 7/13/2022 Exploit Author: Abdullah Zaid - @aznull Vendor Homepage: https://www.sourcecodester.com/hashenudara/simple-doctors-appointment-project.html Software Link:...
WordPress Core Cross Site Scripting / SQL Injection
Description: SQL Injection via Links LIMIT clause Affected Versions: WordPress Core 6.0.2 Researcher: FVD CVE ID: Pending CVSS Score: 8.0 High CVSS Vector:CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H Fully Patched Version: 6.0.2 The WordPress Link functionality, previously known as “Bookmarks”, i...
Zyxel Firewall SUID Binary Privilege Escalation
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Zyxel Firewall SUID Binary Privilege Escalation', 'Description' = %q This module exploits CVE-2022-30526, a local privilege escalation...
AeroCMS 0.0.1 SQL Injection
Title: AeroCMS-v0.0.1 SQLi Author: nu11secur1ty Date: 08.27.2022 Vendor: https://github.com/MegaTKC Software: https://github.com/MegaTKC/AeroCMS/releases/tag/v0.0.1 Reference: https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/MegaTKC/2021/AeroCMS-v0.0.1-SQLi Description: The auth...
PrestaShop Ap Pagebuilder 2.4.4 SQL Injection
Exploit Title: AP PAGEBUILDER Prestashop module = 2.4.4 'productalloneimg' , 'imageproduct' Blind SQL Injection Date: 24-08-2022 Exploit Author: Mohamed Ali Hammami Vendor Homepage: https://apollotheme.com/ Software Link : https://apollotheme.com/products/ap-pagebuilder-prestashop-module Version:...
Centreon 22.04.0 Cross Site Scripting
Exploit Title: Stored XSS in name parameter in Centreon version 22.04.0 Date: Exploit Author: syad, yunaranyancat, saitamang Vendor Homepage: Centreon Software Link: https://download.centreon.com/ Version: 22.04.0 CVE ID : CVE-2022-36194 Tested on: Centos 7 Centreon 22.04.0 is vulnerable to Cross...
Zimbra Zip Path Traversal
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'rex/zip' class MetasploitModule 'Zip Path Traversal in Zimbra mboximport CVE-2022-27925', 'Description' = %q This module POSTs a ZIP file containing path...
WordPress Duplicator 1.4.7.2 Backup Disclosure
Title: WordPress Plugin Duplicator 1.4.7.2 - Unauthenticated Backup Download Author: nu11secur1ty Date: 08.23.2022 Vendor: https://wordpress.org/ Software: https://wordpress.org/plugins/duplicator/ Reference:...
Teleport 9.3.6 Command Injection
Description:Teleport 9.3.6 is vulnerable to Command injection leading to Remote Code Execution. An attacker can craft a malicious ssh agent installation link by URL encoding a bash escape with carriage return line feed. This url encoded payload can be used in place of a token and sent to a user i...
10-Strike Network Inventory Explorer 9.3 Buffer Overflow
I. VULNERABILITY ------------------------- 10-Strike Network Inventory Explorer Version 9.3 - Privilege Escalation through SEH based Buffer Overflow II. VENDOR ------------------------- 10-Strike Network https://www.10-strike.com/ III. DESCRIPTION ------------------------- 10-Strike Network...
Personnel Property Equipment 2015-2022 SQL Injection
Title: Personnel Property Equipment-2015-2022 SQLi, Unauthenticated-File-Upload Author: nu11secur1ty Date: 08.22.2022 Vendor Homepage: https://www.trickcode.in/ Video vendor: https://www.youtube.com/watch?v=ltSwom8sQAQ Software...
Microsoft Exchange Server ChainedSerializationBinder Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'nokogiri' class MetasploitModule 'Microsoft Exchange Server ChainedSerializationBinder RCE', 'Description' = %q This module exploits vulnerabilities within the...
FLIR AX8 1.46.16 Traversal / Access Control / Command Injection / XSS
FLIR AX8 vulnerabilities. Product description: The FLIR AX8 is a thermal sensor with imaging capabilities, combining thermal and visual cameras that provides continuous temperature monitoring and alarming for critical electrical and mechanical equipment. Affected products: All FLIR AX8 thermal...
Transposh WordPress Translation 1.0.8.1 Incorrect Authorization
RCE Security Advisory https://www.rcesecurity.com 1. ADVISORY INFORMATION ======================= Product: Transposh WordPress Translation Vendor URL: https://wordpress.org/plugins/transposh-translation-filter-for-wordpress/ Type: Incorrect Authorization CWE-863 Date found: 2022-07-23 Date...
FLIX AX8 1.46.16 Remote Command Execution
-- coding: utf-8 -- Exploit Title: FLIR AX8 Unauthenticated OS Command Injection Date: 8/19/2022 Exploit Author: Samy Younsi Naqwada https://samy.link Vendor Homepage: https://www.flir.com/ Software Link: https://www.flir.com/products/ax8-automation/ PoC: https://www.youtube.com/watch?v=dh0rfAIWo...
Polar Flow Android 5.7.1 Secret Disclosure
Trovent Security Advisory 2110-01 Insecure data storage in Polar Flow Android application Overview Advisory ID: TRSA-2110-01 Advisory version: 1.0 Advisory status: Public Advisory URL: https://trovent.io/security-advisory-2110-01 Affected product: Polar Flow Android mobile application...
Advantech iView NetworkServlet Command Injection
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Advantech iView NetworkServlet Command Injection', 'Description' = %q Versions of Advantech iView software below 5.7.04.6469 are vulnerable to an...
TypeORM 0.3.7 Information Disclosure
I found what I think is a vulnerability in the latest typeorm 0.3.7. TypeORM v0.3 has a new findOneBy method instead of findOneById and it is the only way to get a record by id Sending undefined as a value in this method removes this parameter from the query. This leads to the data exposure. For...
Gigaland NFT Marketplace 1.9 Shell Upload / Key Disclosure
Exploit Title: Gigaland NFT marketplace Shell upload and ETH private key leak Google Dork: N/A Date: 14/8/2022 Exploit Author: Sohel Yousef https://www.linkedin.com/in/sohel-yousef-50a905189/ Software Link: https://gigaland.io/ Version: 1.9 Category: webapps 1. Sell Upload after connectiong your...
Inout SiteSearch 2.0.1 Cross Site Scripting
┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...
Inout RealEstate 2.1.2 SQL Injection
┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...
Win32.Ransom.BlueSky MVID-2022-0632 Code Execution
Discovery / credits: Malvuln John Page aka hyp3rlinx c 2022 Original source: https://malvuln.com/advisory/961fa85207cdc4ef86a076bbff07a409.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Win32.Ransom.BlueSky Vulnerability: Arbitrary Code Execution Description: The BlueSky...
Gas Agency Management 2022 SQL Injection / XSS / Shell Upload
Title: Gas Agency Management-2022 by Mayuri K - SQLi+FU-RCE+XSS Author: nu11secur1ty Date: 08.12.2022 Vendor Homepage: https://www.mayurik.com/downloadsection Software Link-0: https://www.sourcecodester.com/php/15586/gas-agency-management-system-project-php-free-download-source-code.html Software...
Readymade Job Portal Script SQL Injection
┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...
Windows sxs!CNodeFactory::XMLParser_Element_doc_assembly_assemblyIdentity Heap Buffer Overflow
Windows: Heap buffer overflow in sxs!CNodeFactory::XMLParserElementdocassemblyassemblyIdentity SUMMARY A heap buffer overflow issue exists in Windows 11 and earlier versions. A malicious application may be able to execute arbitrary code with SYSTEM privileges. VULNERABILITY DETAILS In 2020, Proje...
Windows sxssrv!BaseSrvActivationContextCacheDuplicateUnicodeString Heap Buffer Overflow
Windows: heap buffer overflow in sxssrv!BaseSrvActivationContextCacheDuplicateUnicodeString SUMMARY A heap buffer overflow issue exists in Windows 11 and earlier versions. A malicious application may be able to execute arbitrary code with SYSTEM privileges. VULNERABILITY DETAILS int64 fastcall...
Intelbras ATA 200 Cross Site Scripting
Exploit Title: Intelbras ATA 200 Authenticated Stored XSS Date: 17/01/2022 Exploit Author: Leonardo Goncalves Vendor Homepage: https://www.intelbras.com/pt-br/adaptador-ip-para-telefones-analogicos-ata-200 Version: Firmware 74.19.10.21 1 Log in the equipment via your web browser 2 Go to Managemen...
Fiberhome AN5506-02-B Cross Site Scripting
Exploit Title: FiberHome - AN5506-02-B - RP2521 - Authenticated Stored XSS Date: 10/08/2022 Exploit Author: Leonardo Goncalves Version: Firmware RP2521 1 Log in the equipment via your web browser 2 Go to Network authsettings 3 In the "sncfgloid" inject the payload "alert" 4 Click Save 5 Exploit!...
AirSpot 5410 0.3.4.1-4 Remote Command Injection
-- coding: utf-8 -- Exploit Title: AirSpot unauthenticated remote command injection Date: 7/26/2022 Exploit Author: Samy Younsi NSLABS https://samy.link Vendor Homepage: https://www.airspan.com/ Software Link: https://wdi.rfwel.com/cdn/techdocs/AirSpot5410.pdf Version: 0.3.4.1-4 and under. Tested...
Sophos XG115w Firewall 17.0.10 MR-10 Authentication Bypass
Exploit Title: Sophos XG115w Firewall 17.0.10 MR-10 - Authentication Bypass Date: 2022-08-09 Exploit Author: Aryan Chehreghani Vendor Homepage: https://www.sophos.com Version: 17.0.10 MR-10 Tested on: Windows 11 CVE : CVE-2022-1040 VULNERABILITY DETAILS : This vulnerability allows an attacker to...
Zimbra zmslapd Privilege Escalation
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Zimbra zmslapd arbitrary module load', 'Description' = %q This module exploits CVE-2022-37393, which is a vulnerability in Zimbra's sudo...
Webmin Package Updates Command Injection
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Webmin Package Updates RCE', 'Description' = %q This module exploits an arbitrary command injection in Webmin versions prior to 1.997. Webmin use...
Backdoor.Win32.Guptachar.20 MVID-2022-0631 Insecure Credential Storage
Discovery / credits: Malvuln John Page aka hyp3rlinx c 2022 Original source: https://malvuln.com/advisory/857999d2306f257b80d1b8f6a51ae8b0.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Guptachar.20 Vulnerability: Insecure Credential Storage Description: The...
PAN-OS 10.0 Remote Code Execution
Exploit Title: PAN-OS 10.0 - Remote Code Execution RCE Authenticated Date: 2022-08-13 Exploit Author: UnD3sc0n0c1d0 Software Link: https://security.paloaltonetworks.com/CVE-2020-2038 Category: Web Application Version: 10.0.1, 9.1.4 and 9.0.10 Tested on: PAN-OS 10.0 - Parrot OS CVE : CVE-2020-2038...
Matrimonial PHP Script 1.0 SQL Injection
┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...
Prestashop Blockwishlist 2.1.0 SQL Injection
Exploit Title: Prestashop blockwishlist module 2.1.0 - SQLi Date: 29/07/22 Exploit Author: Karthik UJ @5up3r541y4n Vendor Homepage: https://www.prestashop.com/en Software Link blockwishlist: https://github.com/PrestaShop/blockwishlist/releases/tag/v2.1.0 Software Link prestashop:...
Feehi CMS 2.1.1 Cross Site Scripting
Exploit Title: Feehi CMS 2.1.1 - Stored Cross-Site Scripting XSS Date: 02-08-2022 Exploit Author: Shivam Singh Vendor Homepage: https://feehi.com/ Software Link: https://github.com/liufee/cms Profile Link: https://www.linkedin.com/in/shivam-singh-3906b0203/ Version: 2.1.1 REQUIRED Tested on: Linu...
Thingsboard 3.3.1 Cross Site Scripting
Exploit Title: ThingsBoard 3.3.1 - Stored Cross-Site Scripting XSS within the description of a rule node Date: 03/08/2022 Exploit Author: Steffen Langenfeld & Sebastian Biehler Vendor Homepage: https://thingsboard.io/ Software Link: https://github.com/thingsboard/thingsboard/releases/tag/v3.3.1...
Nortek Linear eMerge E3-Series Account Takeover
Exploit Title: Nortek Linear eMerge E3-Series - Account Take Over Exploit Author: Omar Hashim Version: 0.32-07p Vendor home page: https://www.nortekcontrol.com/access-control/ Vendor home page: https://linear-solutions.com/ Authentication Required: No CVE: CVE-2022-31798 Description...
WordPress Duplicator 1.4.7.1 Backup Disclosure
Title: WordPress Plugin Duplicator 1.4.7.1 - Unauthenticated Backup Download Author: nu11secur1ty Date: 08.08.2022 Vendor: https://wordpress.org/ Software: https://wordpress.org/plugins/duplicator/ Reference:...
Nortek Linear eMerge E3-Series Credential Disclosure
Exploit Title: Nortek Linear eMerge E3-Series - Information Disclosure lead to access admin dashboard Exploit Author: Omar Hashim Version: 0.32-07p,0.32-07e,0.32-07p,0.32-08f,0.32-09c Vendor home page : https://www.nortekcontrol.com/access-control/ Vendor home page : https://linear-solutions.com/...
Nortek Linear eMerge E3-Series Command Injection
Exploit Title: Nortek Linear eMerge E3-Series - Blind OS Command Injection Exploit Author: Omar Hashim Version: 0.32-09c Vendor home page: https://www.nortekcontrol.com/access-control/ Vendor home page: https://linear-solutions.com/ Authentication Required: No CVE: CVE-2022-31499 POC:...
ManageEngine ADAudit Plus Path Traversal / XML Injection
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'ManageEngine ADAudit Plus CVE-2022-28219', 'Description' = %q This module exploits CVE-2022-28219, which is a pair of vulnerabilities in...
Backdoor.Win32.Bushtrommel.122 MVID-2022-0629 Authentication Bypass
Discovery / credits: Malvuln John Page aka hyp3rlinx c 2022 Original source: https://malvuln.com/advisory/76c09bc82984c7f7ef55eb13018e0d87.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Bushtrommel.122 Vulnerability: Authentication Bypass Description: The malwa...