50748 matches found
WordPress Weblizar 8.9 Code Execution
Exploit Title: WordPress Plugin Weblizar 8.9 - Backdoor Google Dork: 'wp-json/am-member/license' Exploit Author: Sobhan Mahmoodi Vendor Homepage: https://weblizar.com/plugins/school-management/ Version: 8.9 Tested on: windows/linux Vulnerable code: addaction 'restapiinit', function...
Library Management System With QR Code 1.0 Shell Upload
Title: Library Management System with QR code AttendanceFile Upload RCE Author: Ashish Kumar https://www.linkedin.com/in/ashish-kumar-0b65a3184 Date: 27.06.2022 Vendor: https://www.sourcecodester.com/users/kingbhob02 Software:...
Mailhog 1.0.1 Cross Site Scripting
Exploit Title: Mailhog 1.0.1 - Stored Cross-Site Scripting XSS Google Dork: https://www.shodan.io/search?query=mailhog 3500 Date: 06.18.2022 Exploit Author: Vulnz Vendor Homepage: https://github.com/mailhog/MailHog Software Link: https://github.com/mailhog/MailHog Version: 1.0.1 Tested on:...
WordPress Simple Page Transition 1.4.1 Cross Site Scripting
Exploit Title: WordPress Plugin ‘Simple Page Transition’ - Stored Cross Site Scripting Date: 27-06-2022 Exploit Author: Mariam Tariq - HunterSherlock Vendor Homepage: https://wordpress.org/plugins/simple-page-transition/ Version: 1.4.1 Tested on: Firefox Contact me: [email protected]...
Trojan-Mailfinder.Win32.VB.p MVID-2022-0616 Insecure Permissions
Discovery / credits: Malvuln John Page aka hyp3rlinx c 2022 Original source: https://malvuln.com/advisory/20e438d84aa2828826d52540d80bf7f.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Trojan-Mailfinder.Win32.VB.p Vulnerability: Insecure Permissions Description: The malware...
Yashma Ransomware Builder 1.2 MVID-2022-0613 Insecure Permissions
Discovery / credits: Malvuln John Page aka hyp3rlinx c 2022 Original source: https://malvuln.com/advisory/13e878ed7e547523cffc5728f6ba4190.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Yashma Ransomware Builder v1.2 Vulnerability: Insecure Permissions Description: The malwar...
Backdoor.Win32.Shark.btu MVID-2022-0615 Insecure Permissions
Discovery / credits: Malvuln John Page aka hyp3rlinx c 2022 Original source: https://malvuln.com/advisory/5a83f8b8c8a8b7a85b3ff632aa60e793.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Shark.btu Vulnerability: Insecure Permissions Description: The malware writ...
Backdoor.Win32.InfecDoor.17.c MVID-2022-0614 Insecure Permissions
Discovery / credits: Malvuln John Page aka hyp3rlinx c 2022 Original source: https://malvuln.com/advisory/1fd70e41918c3a75c634b1c234ec36fb.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.InfecDoor.17.c Vulnerability: Insecure Permissions Description: The malware...
Zoo Management System 1.0 Cross Site Scripting
Exploit Title: Zoo Management System 1.0 - Reflected Cross-Site-Scripting XSS Date: 06/22/2022 Exploit Author: Angelo Pio Amirante Vendor Homepage: https://www.sourcecodester.com/ Software Link: https://www.sourcecodester.com/php/15344/zoo-management-system-phpoop-free-source-code.html Version: 1...
WordPress Download Manager 3.2.43 Cross Site Scripting
Exploit Title: Download Manager Cross-Site Scripting Date: 2022-06-16 Exploit Author : Andrea Bocchetti Vendor Homepage : https://wordpress.org/plugins/download-manager/ Version : = 3.2.43 Tested on: windows CVE : CVE-2022-2101 Description 1- Login in the plugin page 2- add the xss payload in the...
SAP FRUN 2.00 / 3.00 Cross Site Scripting
Onapsis Security Advisory 2022-0003: Cross-Site Scripting XSS vulnerability in SAP Focused Run Real User Monitoring Impact on Business Impact depends on the victim's privileges. In most cases, a successful attack allows an attacker to hijack a session, or force the victim to perform undesired...
SAP Fiori Launchpad Cross Site Scripting
Onapsis Security Advisory 2022-0005: Cross-Site Scripting XSS vulnerability in SAP Fiori launchpad Impact on Business Impact depends on the victim's privileges. In most cases, a successful attack allows an attacker to hijack a session, or force the victim to perform undesired requests in the SAP...
SAP FRUN Simple Diagnostics Agent 1.0 Directory Traversal
Onapsis Security Advisory 2022-0007: Directory Traversal vulnerability in SAP Focused Run Simple Diagnostics Agent 1.0 Impact on Business Exposing the contents of a directory can lead to a disclosure of useful information for the attacker to devise exploits, such as creation times of files or any...
SAP FRUN Simple Diagnostics Agent 1.0 Missing Authentication
Onapsis Security Advisory 2022-0004: Missing Authentication check in SAP Focused Run Simple Diagnostics Agent 1.0 Impact on Business Because the Simple Diagnostic Agent SDA handles several important configuration and critical credential information, a successful attack could lead to the control o...
Mitel 6800/6900 Series SIP Phones Backdoor Access
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2022-021 Product: Mitel 6800/6900 Series SIP Phones excluding 6970 Mitel 6900 Series IP MiNet Phones Manufacturer: Mitel Networks Corporation Affected Versions: Rel 5.1 SP8 5.1.0.8016 and earlier Rel 6.0 6.0.0.368 to 6.1 HF4...
phpIPAM 1.4.5 Remote Code Execution
Exploit Title: phpIPAM 1.4.5 - Remote Code Execution RCE Authenticated Date: 2022-04-10 Exploit Author: Guilherme '@behiNdyk1' Alves Vendor Homepage: https://phpipam.net/ Software Link: https://github.com/phpipam/phpipam/releases/tag/v1.4.5 Version: 1.4.5 Tested on: Linux Ubuntu 20.04.3 LTS...
Pandora FMS 7.0NG.742 Remote Code Execution
Exploit Title: Pandora FMS v7.0NG.742 - Remote Code Execution RCE Authenticated Date: 05/20/2022 Exploit Author: UNICORD NicPWNs & Dev-Yeoj Vendor Homepage: https://pandorafms.com/ Software Link:...
SIEMENS-SINEMA Remote Connect 3.0.1.0-01.01.00.02 Cross Site Scripting
SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Reflected Cross Site Scripting product: SIEMENS-SINEMA Remote Connect vulnerable version: =V3.0.1.0-01.01.00.02 fixed version: V3.1.0 CVE number: CVE-2022-29034 impact:...
Chrome CVE-2022-1096 Incomplete Fix
Chrome: Incomplete fix for CVE-2022-1096 VULNERABILITY DETAILS The fix for https://crbug.com/1309225 has modified SetPropertyInternal to fall back to SetSuperProperty whenever a property access interceptor is encountered because SetSuperProperty is robust against possible side effects caused by...
Gentics CMS 5.36.29 Cross Site Scripting / Deserialization
SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Stored Cross-Site Scripting & Unsafe Java Deserializiation product: Gentics CMS vulnerable version: 5.36.29, see section below fixed version: 5.40.27, 5.41.15, 5.42.7,...
SolarView Compact 6.00 Cross Site Scripting
Exploit Title: SolarView Compact 6.00 - 'timebegin' Cross-Site Scripting XSS Date: 2022-05-15 Exploit Author: Ahmed Alroky Author Company : AIactive Version: ver.6.00 Vendor home page : https://www.contec.com/ Authentication Required: No CVE : CVE-2022-29299 Tested on: Windows Proof Of Concept:...
Sourcegraph Gitserver 3.36.3 Remote Code Execution
Exploit Title: Sourcegraph Gitserver 3.36.3 - Remote Code Execution RCE Date: 2022-06-10 Exploit Author: Altelus Vendor Homepage: https://about.sourcegraph.com/ Version: 3.63.3 Tested on: Linux CVE : CVE-2022-23642 Docker Container: sourcegraph/server:3.36.3 Sourcegraph prior to 3.37.0 has a remo...
SoftGuard SNMP Network Management Extension HTML Injection / File Download
SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple vulnerabilities product: SoftGuard SNMP Network Management Extension vulnerable version: SoftGuard Web SGW 5.1.5 fixed version: SoftGuard version 5.1.5 from...
Algo 8028 Control Panel Remote Code Execution
Exploit Title: Algo 8028 Control Panel - Remote Code Execution RCE Authenticated Google Dork: intitle:"Algo 8028 Control Panel" Shodan: title:"Algo 8028 Control Panel" Date: 2022-06-07 Exploit Author: Filip Carlsson Vendor Homepage: https://www.algosolutions.com/ Software Link:...
Multi Language Pharmacy Management System 1.0 Shell Upload
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework Vendor: https://www.mayurik.com/source-code/P0349/best-pharmacy-billing-software-free-download Source:...
Lepin EP-KP001 KP001_V19 Authentication Bypass
Advisory ID: SYSS-2022-024 Product: EP-KP001 Manufacturer: Lepin Affected Versions: KP001V19 Tested Versions: KP001V19 Vulnerability Type: Violation of Secure Design Principles CWE-657 Risk Level: High Solution Status: Open Manufacturer Notification: 2022-04-12 Solution Date: - Public Disclosure:...
Nexans FTTO GigaSwitch Outdated Components / Hardcoded Backdoor
SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Hardcoded Backdoor User and Outdated Software Components product: Nexans FTTO GigaSwitch industrial/office switches HW version 5 vulnerable version: See "Vulnerable /...
Old Age Home Management System 1.0 SQL Injection
Exploit Title: Old Age Home Management System 1.0 - SQLi Authentication Bypass Date: 12/06/2022 Exploit Author: twseptian Vendor Homepage: https://phpgurukul.com/old-age-home-management-system-using-php-and-mysql/ Software Link: https://phpgurukul.com/projects/Old-Age-Home-MS-using-PHP.zip Versio...
TP-Link AX50 Remote Code Execution
Exploit Title: TP-Link Router AX50 firmware 210730 - Remote Code Execution RCE Authenticated Exploit Author: Tomas Melicher Technical Details: https://github.com/aaronsvk/CVE-2022-30075 Date: 2022-06-08 Vendor Homepage: https://www.tp-link.com/ Tested On: Tp-Link Archer AX50 Vulnerability...
HP LaserJet Professional M1210 MFP Series Receive Fax Service Unquoted Service Path
Exploit Title: HP LaserJet Professional M1210 MFP Series Receive Fax Service - Unquoted Service Path Date: 2022-06-06 Exploit Author: Ali Alipour Vendor Homepage: https://support.hp.com/us-en/document/c01998934 Software Link:...
Marval MSM 14.19.0.12476 Cross Site Request Forgery
Exploit Title: Marval MSM v14.19.0.12476 - Cross-Site Request Forgery CSRF Date: 27/5/2022 Exploit Author: Momen Eldawakhly Cyber Guy Vendor Homepage: https://www.marvalnorthamerica.com/ Software Link: https://www.marvalnorthamerica.com/ Version: v14.19.0.12476 Tested on: Windows PoCs:...
Zyxel Buffer Overflow / Format String / Command Injection
-- HNS-2022-02 - HN Security Advisory - https://security.humanativaspa.it/ Title: Multiple vulnerabilities in Zyxel zysh Products: Zyxel firewalls, AP controllers, and APs Author: Marco Ivaldi Date: 2022-06-07 CVE Names and Vendor CVSS Scores: CVE-2022-26531:...
Virtua Software Cobranca 12S SQL Injection
Exploit Title: Virtua Software Cobranca 12S - SQLi Shodan Query: http.favicon.hash:876876147 Date: 13/08/2021 Exploit Author: Luca Regne Vendor Homepage: https://www.virtuasoftware.com.br/ Software Link: https://www.virtuasoftware.com.br/downloads/Cobranca12S1308.exe Version: 12S Tested on: Windo...
Warehouse Management System 2022 SQL Injection
Title: Warehouse Management System 2022 ML-SQLi Author: nu11secur1ty Date: 06.13.2022 Vendor: https://www.sourcecodester.com/users/tips23 Software: https://www.sourcecodester.com/php-codeigniter-warehouse-management-system-free-source-code Reference:...
Marval MSM 14.19.0.12476 Remote Code Execution
Exploit Title: Marval MSM v14.19.0.12476 - Remote Code Execution RCE Authenticated Date: 27/5/2022 Exploit Author: Momen Eldawakhly Cyber Guy Vendor Homepage: https://www.marvalnorthamerica.com/ Software Link: https://www.marvalnorthamerica.com/ Version: v14.19.0.12476 Tested on: Windows Detailed...
JM-DATA ONU JF511-TV 1.0.67 / 1.0.62 / 1.0.55 XSS / CSRF / Open Redirect
JM-DATA ONU JF511-TV Multiple Remote Vulnerabilities Vendor: JM-DATA GmbH Product web page: https://www.jm-data.at Affected version: 1.0.67 1.0.62 1.0.55 Summary: This ONU is the perfect GEPON home and business gateway. It is an all-rounder in perfection. It can BRIDGE/NAT/RIP ROUTEND and COMBINE...
Infiray IRAY-A8Z3 1.0.957 Code Execution / Overflow / Hardcoded Credentials
SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple Vulnerabilities product: Infiray IRAY-A8Z3 thermal camera vulnerable version: V1.0.957 fixed version: None CVE number: CVE-2022-31208, CVE-2022-31209,...
Kitty 0.76.0.8 Stack Buffer Overflow
Exploit Title: Kitty 0.76.0.8 Stack Buffer Overflow Discovered by: Yehia Elghaly Discovered Date: 2022-06-08 Vendor Homepage: http://www.9bis.net/kitty/index.html!index.md Software Link : https://www.fosshub.com/KiTTY.html?dwl=kittyportable-0.76.0.8.exe Tested Version: 0.76.0.8 Vulnerability Type...
ChurchCRM 4.4.5 SQL Injection
Title: ChurchCRM 4.4.5 SQLi session hijacking L2 Author: nu11secur1ty Date: 05.11.2022 Vendor: https://churchcrm.io/ Software: https://github.com/ChurchCRM/CRM Reference: https://github.com/nu11secur1ty/CVE-mitre/tree/main/2022/CVE-2022-31325 Description: There is a SQL Injection PWN cookie...
WordPress Motopress Hotel Booking Lite 4.2.4 Cross Site Scripting
Exploit Title: WordPress Plugin Motopress Hotel Booking Lite 4.2.4 - Stored Cross-Site Scripting XSS Date: 2022-06-05 Exploit Author: Sanjay Singh Vendor Homepage: https://motopress.com/ Software Link: https://downloads.wordpress.org/plugin/motopress-hotel-booking-lite.4.2.4.zip Version: 4.2.4...
WordPress Download Manager 3.2.42 Cross Site Scripting
Description: Reflected Cross-Site Scripting Affected Plugin: Download Manager Plugin Slug: download-manager Plugin Developer: codename065 Affected Versions: = 3.2.42 CVE ID: CVE-2022-1985 CVSS Score: 6.1 Medium CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Researcher/s: Rafie Muhammad...
Atlassian Confluence Namespace OGNL Injection
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Atlassian Confluence Namespace OGNL Injection', 'Description' = %q This module exploits an OGNL injection in Atlassian Confluence servers. A...
Ransom.Haron MVID-2022-0609 Code Execution
Discovery / credits: Malvuln John Page aka hyp3rlinx c 2022 Original source: https://malvuln.com/advisory/dedad693898bba0e4964e6c9a749d380.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Ransom.Haron Vulnerability: Code Execution Description: Haron looks for and executes DLLs ...
Confluence OGNL Injection Remote Code Execution
!/usr/bin/python3 Exploit Title: Confluence Pre-Auth Remote Code Execution via OGNL Injection Google Dork: N/A Date: 06/006/2022 Exploit Author: h3v0x Vendor Homepage: https://www.atlassian.com/ Software Link: https://www.atlassian.com/software/confluence/download-archives Version: All 7.4.17...
Backdoor.Win32.Cabrotor.10.d MVID-2022-0612 Remote Command Execution
Discovery / credits: Malvuln John Page aka hyp3rlinx c 2022 Original source: https://malvuln.com/advisory/40acf109fa9621eae6930ef18f804909.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Cabrotor.10.d Vulnerability: Unauthenticated Remote Command Execution...
Trojan-Proxy.Win32.Symbab.o MVID-2022-0610 Heap Corruption
Discovery / credits: Malvuln John Page aka hyp3rlinx c 2022 Original source: https://malvuln.com/advisory/bffc519fbaf2d119bd307cd22368cdc7.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Trojan-Proxy.Win32.Symbab.o Vulnerability: Heap Corruption Description: The malware listen...
Trojan-Banker.Win32.Banbra.cyt MVID-2022-0611 Insecure Permissions
Discovery / credits: Malvuln John Page aka hyp3rlinx c 2022 Original source: https://malvuln.com/advisory/e0f2bee25dd103d92e91e895e313ec34.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Trojan-Banker.Win32.Banbra.cyt Vulnerability: Insecure Permissions Description: The malwar...
Trojan-Banker.Win32.Banker.agzg MVID-2022-0608 Insecure Permissions
Discovery / credits: Malvuln John Page aka hyp3rlinx c 2022 Original source: https://malvuln.com/advisory/ef1e59148c9a902ae5454760aaab73fe.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Trojan-Banker.Win32.Banker.agzg Vulnerability: Insecure Permissions Description: The malwa...
Microsoft Office Word MSDTJS Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Microsoft Office Word MSDTJS', 'Description' = %q This module generates a malicious Microsoft Word document that when loaded, will leverage the...
Korenix JetPort 5601V3 Backdoor Account
SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Backdoor account product: Korenix JetPort 5601V3 vulnerable version: Firmware version 1.0 fixed version: None CVE number: CVE-2020-12501 impact: High homepage:...