50630 matches found
Fast Food Ordering System 1.0 Cross Site Scripting
Title: Fast Food Ordering System 1.0 Stored Cross-Site Scripting Author: Ashish Kumar Date: 05.31.2022 Vendor: https://www.sourcecodester.com/users/tips23 Software: https://www.sourcecodester.com/php/15366/fast-food-ordering-system-phpoop-free-source-code.html Reference:...
MyBB Admin Control Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'MyBB Admin Control Code Injection RCE', 'Description' = %q This exploit module leverages an improper input validation vulnerability in MyBB prior...
Microsoft Office MSDT Follina Proof Of Concept
POC CVE-2022-30190 : CVE 0-day MS Offic RCE aka msdt follina Info : New Microsoft Office zero-day used in attacks to execute PowerShell Summary On the 29th of May 2022, the NaoSec team, an independent Cyber Security Research Team, discovered a malicious Office document shared on Virustotal. This...
Schneider Electric C-Bus Automation Controller (5500SHAC) 1.10 Remote Root
!/usr/bin/env python3 -- coding: utf-8 -- Schneider Electric C-Bus Automation Controller 5500SHAC 1.10 Remote Root Exploit Vendor: Schneider Electric SE Product web page: https://www.se.com | https://www.clipsal.com Product details: -...
WordPress User Meta Lite / Pro 2.4.3 Path Traversal
RCE Security Advisory https://www.rcesecurity.com 1. ADVISORY INFORMATION ======================= Product: User Meta Vendor URL: https://wordpress.org/plugins/user-meta Type: Relative Path Traversal CWE-23 Date found: 2022-02-28 Date published: 2022-05-24 CVSSv3 Score: 4.3...
Ingredient Stock Management System 1.0 SQL Injection
Exploit Title: Ingredient Stock Management System v1.0 - 'id' Blind SQL Injection Date: 28/05/2022 Exploit Author: Saud Alenazi Vendor Homepage: https://www.sourcecodester.com/ Software Link: https://www.sourcecodester.com/php/15364/ingredients-stock-management-system-phpoop-free-source-code.html...
Ingredient Stock Management System 1.0 Account Takeover
Exploit Title: Ingredient Stock Management System v1.0 - Account Takeover Unauthenticated Date: 28/05/2022 Exploit Author: Saud Alenazi Vendor Homepage: https://www.sourcecodester.com/ Software Link:...
Fast Food Ordering System 1.0 SQL Injection
Title: Fast Food Ordering System 1.0 SQLi Author: nu11secur1ty Date: 05.30.2022 Vendor: https://www.sourcecodester.com/users/tips23 Software: https://www.sourcecodester.com/php/15366/fast-food-ordering-system-phpoop-free-source-code.html Reference:...
ChromeOS usbguard Bypass
ChromeOS' usage of usbguard is bypassable VULNERABILITY DETAILS ChromeOS uses https://usbguard.github.io/ when the screen is locked but not on the login screen, perhaps because it is expected that code execution is much less helpful when the disk is still encrypted?. When the screen is locked, a...
Tigase XMPP Server Stanza Smuggling
Tigase XMPP server: XMPP stanza smuggling via unescaped qutes Tigase XMPP server suffers from a security vulnerability due to not escaping double quote character when serializing parsed XML. This can be used to "smuggle" or, if you prefer, inject arbitrary attacker-controlled stanza in the XMPP...
qdPM 9.1 Remote Code Execution
Exploit Title: qdPM 9.1 - Remote Code Execution RCE Authenticated Google Dork: intitle:qdPM 9.1. Copyright © 2020 qdpm.net Date: 2021-08-03 Original Exploit Author: Rishal Dwivedi Loginsoft Original ExploitDB ID: 47954 https://www.exploit-db.com/exploits/47954 Exploit Author: Leon Trappett...
Print Spooler Remote DLL Injection
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'windowserror' require 'rubysmb' require 'rubysmb/error' class MetasploitModule 'Print Spooler Remote DLL Injection', 'Description' = %q The print spooler servic...
Online Fire Reporting System 1.0 SQL Injection
Title: Online Fire Reporting System 1.0 SQLi Author: nu11secur1ty Date: 05.24.2022 Vendor: https://www.sourcecodester.com/users/tips23 Software: https://www.sourcecodester.com/php/15346/online-fire-reporting-system-phpoop-free-source-code.html Reference:...
CLink Office 2.0 SQL Injection
Exploit Title: Multiple blind SQL injection vulnerabilities in in CLink Office 2.0 Anti-Spam management console Date: 30 Mar 2022 Exploit Author: Erwin Chan, Stephen Tsoi Vendor Homepage: https://www.communilink.net/ Softwar: CLink Office Version: 2.0 Tested on: CLink Office 2.0 Anti-Spam...
Blockchain FiatExchanger 2.2.1 SQL Injection
Information Vulnerability Name : Remote Blind SQL Injections in Inout Blockchain FiatExchanger Product : Inout Blockchain FiatExchanger version : 2.2.1 Date : 2022-05-21 Vendor Site : https://www.inoutscripts.com/products/inout-blockchain-fiatexchanger/ Exploit Detail :...
Blockchain AltExchanger 1.2.1 SQL Injection
Information Vulnerability Name : Multiple Remote SQL Injections in Inout Blockchain AltExchanger Product : Inout Blockchain AltExchanger version : 1.2.1 Date : 2022-05-21 Vendor Site : https://www.inoutscripts.com/products/inout-blockchain-altexchanger/ Exploit Detail :...
iTop Remote Command Execution
!/usr/bin/env ruby Exploit Title: iTop 2.7.6 - Authenticated Remote command execution Exploit author: noraj Alexandre ZANNI for ACCEIS https://www.acceis.fr Author website: https://pwn.by/noraj/ Exploit source: https://github.com/Acceis/exploit-CVE-2022-24780 Date: 2022-05-20 Vendor Homepage:...
OpenCart Newsletter 3.0.2.0 SQL Injection
Exploit Title: OpenCart v3.x Newsletter Module - Blind SQLi Date: 19/05/2022 Exploit Author: Saud Alenazi Vendor Homepage: https://www.opencart.com/ Software Link: https://www.opencart.com/index.php?route=marketplace/extension/info&extensionid=32750&filtermember=Zemez Version: v.3.0.2.0 Tested on...
m1k1o's Blog 1.3 Remote Code Execution
Exploit Title: m1k1o's Blog v.10 - Remote Code Execution RCE Authenticated Date: 2022-01-06 Exploit Author: Malte V Vendor Homepage: https://github.com/m1k1o/blog Software Link: https://github.com/m1k1o/blog/archive/refs/tags/v1.3.zip Version: 1.3 and below Tested on: Linux CVE : CVE-2022-23626...
PHPIPAM 1.4.4 Cross Site Request Forgery / Cross Site Scripting
===== Tempest Security Intelligence - ADV-03/2022 ========================== PHPIPAM - Version 1.4.4 Author: Rodolfo Tavares Tempest Security Intelligence - Recife, Pernambuco - Brazil ===== Table of Contents ================================================== Overview Detailed description Timelin...
LiquidFiles 3.4.15 Cross Site Scripting
===== Tempest Security Intelligence - ADV-12/2021 ========================== LiquidFiles - 3.4.15 Author: Rodolfo Tavares Tempest Security Intelligence - Recife, Pernambuco - Brazil ===== Table of Contents================================================== Overview Detailed description Timeline of...
SAP Application Server ABAP / ABAP Platform Code Injection / SQL Injection / Missing Authorization
SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple Critical Vulnerabilities product: SAP® Application Server ABAP and ABAP® Platform Different Software Components vulnerable version: see section "Vulnerable /...
Emby Media Server 4.7.0.60 Cross Site Scripting
Exploit Title: Emby Media Server 4.7.0.60 Cross Site Scripting Google Dork: NA Date: 18/05/2022 Exploit Author: Yehia Elghaly Vendor Homepage: https://emby.media/ Software Link: https://emby.media/windows-server.html Version: 4.7.0.60 Tested on: Windows 7 / 10 Summary: Emby formerly Media Browser...
Online Discussion Forum Site 1.0 SQL Injection
Exploit Title: Online Discussion Forum Site 1.0 - 'id' Blind SQL Injection Date: 15/05/2022 Exploit Author: Saud Alenazi Vendor Homepage: https://www.sourcecodester.com/ Software Link: https://www.sourcecodester.com/php/15337/online-discussion-forum-site-phpoop-free-source-code.html Version: 1.0...
Survey Sparrow Enterprise Survey Software 2022 Cross Site Scripting
Exploit Title: Survey Sparrow Enterprise Survey Software 2022 - Stored Cross-Site Scripting XSS Date: May 11 2022 Exploit Author: Pankaj Kumar Thakur Vendor Homepage: https://surveysparrow.com/ Software Link: https://surveysparrow.com/enterprise-survey-software/ Version: 2022 Tested on: Windows C...
Trojan-Ransom.Thanos MVID-2022-0607 Code Execution
Discovery / credits: Malvuln John Page aka hyp3rlinx c 2022 Original source: https://malvuln.com/advisory/be60e389a0108b2871dff12dfbb542ac.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Trojan-Ransom.Thanos Vulnerability: Code Execution Description: Thanos looks for and...
SolarView Compact 6.0 Command Injection
Exploit Title: SolarView Compact 6.0 - OS Command Injection Date: 2022-05-15 Exploit Author: Ahmed Alroky Author Company : AIactive Version: ver.6.00 Vendor home page : https://www.contec.com/ Authentication Required: No CVE : CVE-2022-29303 Tested on: Windows Exploit HTTP Request : POST...
Showdoc 2.10.3 Cross Site Scripting
Exploit Title: Showdoc 2.10.3 - Stored Cross-Site Scripting XSS Exploit Author: Akshay Ravi Vendor Homepage: https://github.com/star7th/showdoc Software Link: https://github.com/star7th/showdoc/releases/tag/v2.10.3 Version: alert1" 2. Login to showdoc v2.10.2 and go to file library Endpoint =...
T-Soft E-Commerce 4 Cross Site Scripting
Exploit Title: T-Soft E-Commerce 4 - 'UrunAdi' Stored Cross-Site Scripting XSS Exploit Author: Alperen Ergel alpernae IG/TW Web Site: https://alperenae.gitbook.io/ Software Homepage: https://www.tsoft.com.tr/ Version : v4 Tested on: Kali Linux Category: WebApp Google Dork: N/A Date: 2022-05-10 CV...
SDT-CW3B1 1.1.0 Command Injection
Exploit Title: SDT-CW3B1 1.1.0 - OS command injection Date: 2022-05-12 Exploit Author: Ahmed Alroky Author Company : AIactive Version: 1.0.0 Vendor home page : http://telesquare.co.kr/ Authentication Required: No CVE : CVE-2021-46422 Tested on: Windows HTTP Request GET...
OpenCart So Listing Tabs 2.2.0 Unsafe Deserialization
Affected Versions: Version 2.2.0 is affected, and prior versions are likely affected too. - Vulnerabilities Description: Vulnerable component is switching to another tab. To exploit vulnerability, an attacker may send a POST request with application/x-www-form-urlencoded content-type to AJAX...
T-Soft E-Commerce 4 SQL Injection
Exploit Title: T-Soft E-Commerce 4 - SQLi Authenticated Exploit Author: Alperen Ergel Contact: @alpernae IG/TW Software Homepage: https://www.tsoft.com.tr/ Version : v4 Tested on: Kali Linux Category: WebApp Google Dork: N/A CVE: 2022-28132 Date: 18.02.2022 Description Step-1: Login as Admin or...
Ransom.Conti MVID-2022-0605 Code Execution
Discovery / credits: Malvuln John Page aka hyp3rlinx c 2022 Original source: https://malvuln.com/advisory/146ec3f6c262d0f287e67ddb3cc69892.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Ransom.Conti Vulnerability: Code Execution Description: Conti looks for and executes DLLs ...
HighCMS/HighPortal 12.x SQL Injection
Exploit Title: HighCMS/HighPortal v12.x SQL Inj Type : WEBAPPS "HighCMS/HighPortal" Platform : ASP.NET Date : 4/23/2022 Exploit Author : E1.Coders Software Link : https://aryanic.com/page/portal Version : v12.x Category : Webapps Tested on: Linux/Windows Google Dork:...
Ransom.Conti MVID-2022-0604 Code Execution
Discovery / credits: Malvuln John Page aka hyp3rlinx c 2022 Original source: https://malvuln.com/advisory/0c4502d6655264a9aa420274a0ddeaeb.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Ransom.Conti Vulnerability: Code Execution Description: Conti looks for and executes DLLs ...
Ransom.Conti MVID-2022-0602 Code Execution
Discovery / credits: Malvuln John Page aka hyp3rlinx c 2022 Original source: https://malvuln.com/advisory/7ba20fce7ac259f6062f73290c2e28cf.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Ransom.Conti Vulnerability: Code Execution Description: Conti looks for and executes DLLs ...
Zyxel Firewall ZTP Unauthenticated Command Injection
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Zyxel Firewall ZTP Unauthenticated Command Injection', 'Description' = %q This module exploits CVE-2022-30525, an unauthenticated remote command...
Ransom.Conti MVID-2022-0601 Code Execution
Discovery / credits: Malvuln John Page aka hyp3rlinx c 2022 Original source: https://malvuln.com/advisory/b485c36f28c5c967a50001c9e8d2c29c.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Ransom.Conti Vulnerability: Code Execution Description: Conti looks for and executes DLLs ...
Ransom.Conti MVID-2022-0603 Code Execution
Discovery / credits: Malvuln John Page aka hyp3rlinx c 2022 Original source: https://malvuln.com/advisory/6748dfe8e64dea2fc4c14691f7e766c6.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Ransom.Conti Vulnerability: Code Execution Description: Conti looks for and executes DLLs ...
Ransom.Conti MVID-2022-0606 Code Execution
Discovery / credits: Malvuln John Page aka hyp3rlinx c 2022 Original source: https://malvuln.com/advisory/eedd1cfc7acd012bbec464aebc679ee4.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Ransom.Conti Vulnerability: Code Execution Description: Conti looks for and executes DLLs ...
WordPress WP Event Manager 3.1.27 Cross Site Scripting
Exploit Title: WordPress Plugin WP Event Manager - Stored Cross Site Scripting Date: 15-05-2022 Exploit Author: Mariam Tariq - HunterSherlock Vendor Homepage: https://wordpress.org/plugins/wp-event-manager/ Version: 3.1.27 Tested on: Firefox Contact me: [email protected] Steps To Reproduce...
IpMatcher 1.0.4.1 Server-Side Request Forgery
Exploit Title: SSRF in .NET C IpMatcher v1.0.4.1 and below NuGet package: CVE-2021-33318 IpMatcher v1.0.4.1 and below for .NET Core 2.0 and .NET Framework 4.5.2. incorrectly validates octal & hexadecimal input data, leading to indeterminate SSRF, LFI, RFI, and DoS vectors. Date: 22/09/2022 Exploi...
Ransom.REvil MVID-2022-0597 Code Execution
Discovery / credits: Malvuln John Page aka hyp3rlinx c 2022 Original source: https://malvuln.com/advisory/7ff073cc9e4e6750ba52135ba02ee531.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Ransom.REvil Vulnerability: Code Execution Description: REvil looks for and executes DLLs ...
Ransom.REvil MVID-2022-0596 Code Execution
Discovery / credits: Malvuln John Page aka hyp3rlinx c 2022 Original source: https://malvuln.com/advisory/8ca35b7867e23a1bbb0fea6d51fc1b61.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Ransom.REvil Vulnerability: Code Execution Description: REvil looks for and executes DLLs ...
Ransom.REvil MVID-2022-0599 Code Execution
Discovery / credits: Malvuln John Page aka hyp3rlinx c 2022 Original source: https://malvuln.com/advisory/ab1aaa8f96c61684736da00ece5a9c83.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Ransom.REvil Vulnerability: Code Execution Description: REvil looks for and executes DLLs ...
Royal Event Management System 1.0 SQL Injection
Exploit Title: Royal Event Management System 1.0 - 'todate' SQL Injection Authenticated Date: 2022-26-03 Exploit Author: Eren Gozaydin Vendor Homepage: https://www.sourcecodester.com/php/15238/event-management-system-project-php-source-code.html Software Link:...
TLR-2005KSH Arbitrary File Delete
Exploit Title: TLR-2005KSH - Arbitrary File Delete Date: 2022-05-11 Exploit Author: Ahmed Alroky Author Company : AIactive Version: 1.0.0 Vendor home page : http://telesquare.co.kr/ Authentication Required: No Tested on: Windows CVE: CVE-2021-46424 Proof-of-Concept Request DELETE /cgi-bin/test2.t...
Ransom.REvil MVID-2022-0595 Code Execution
Discovery / credits: Malvuln John Page aka hyp3rlinx c 2022 Original source: https://malvuln.com/advisory/7a96d7a1f28bfb6ae36a15263a8a7135.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Ransom.REvil Vulnerability: Code Execution Description: REvil looks for and executes DLLs ...
Ransom.REvil MVID-2022-0598 Code Execution
Discovery / credits: Malvuln John Page aka hyp3rlinx c 2022 Original source: https://malvuln.com/advisory/c9bf7216cdc2673bf4ee2af8b19bcfc8.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Ransom.REvil Vulnerability: Code Execution Description: REvil looks for and executes DLLs ...
F5 BIG-IP iControl Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'F5 BIG-IP iControl RCE via REST Authentication Bypass', 'Description' = %q This module exploits an authentication bypass vulnerability in the F5...