50621 matches found
Backdoor.Win32.Avstral.e Remote Command Execution
Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/35f0d754f161af35241cb081c73ea6dd.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Avstral.e Vulnerability: Unauthenticated Remote Command Execution Family: Avstral Typ...
Covid-19 Directory On Vaccination System 1.0 SQL Injection
Exploit Title: Covid-19 Directory on Vaccination System 1.0 - SQLi Authentication Bypass Date: 28/03/2022 Exploit Author: Saud Alenazi Vendor Homepage: https://www.sourcecodester.com/ Software Link:...
Backdoor.Win32.Chubo.c Remote Command Execution
Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/c16b04a9879896ef453a6deb13528087.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Chubo.c Vulnerability: Unauthenticated Remote Command Execution Family: Chubo Type:...
Royale Event Management System 1.0 Privilege Escalation
Exploit Title: Royale Event Management System 1.0 - Authentication Bypass Date: 25/03/2022 Exploit Author: Mr Empy Software Link: https://www.sourcecodester.com/php/15238/event-management-system-project-php-source-code.html Version: 1.0 Tested on: Linux Title: ================ Royale Event...
WordPress Admin Word Count Column 2.2 Local File Inclusion
Exploit Title: WordPress Plugin admin-word-count-column 2.2 - Local File Download Google Dork: inurl:/wp-content/plugins/admin-word-count-column/ Date: 27-03-2022 Exploit Author: Hassan Khan Yusufzai - Splint3r7 Vendor Homepage: https://wordpress.org/plugins/admin-word-count-column/ Version: 2.2...
Backdoor.Win32.Cafeini.b Hardcoded Credential
Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/b24c56abb4bde960c2d51d4e509d2c68B.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Cafeini.b Vulnerability: Weak Hardcoded Credentials Family: Cafeini Type: PE32 MD5:...
PDF Generator Web Application 1.0 SQL Injection
Exploit Title: PDF Generator Web Application - 'multiple' Blind SQL Injection Date: 26/03/2022 Exploit Author: Saud Alenazi Vendor Homepage: https://www.sourcecodester.com/ Software Link: https://www.sourcecodester.com/php/15243/pdf-generator-web-app-using-tcpdf-and-phpoop-free-source-code.html...
Microfinance Management System 1.0 Cross Site Scripting
Exploit Title: Microfinance Management System 1.0 - Cross-site scripting stored unauthenticated Date: 23/03/2022 Exploit Author: Mr Empy Software Link: https://www.sourcecodester.com/php/14822/microfinance-management-system.html Version: 1.0 Tested on: Linux Title: ================ Microfinance...
Backdoor.Win32.Chubo.c Cross Site Scripting
Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/c16b04a9879896ef453a6deb13528087B.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Chubo.c Vulnerability: Cross Site Scripting XSS Family: Chubo Type: Web Panel MD5:...
Razer Synapse 3.6.x DLL Hijacking
Advisory ID: SYSS-2021-058 Product: Razer Synapse Manufacturer: Razer Inc. Affected Versions: Versions prior to 3.7.0228.022817 Tested Versions: 3.6.0920.091710, 3.6.1010.101113, 3.6.1018.101823, 3.6.1130.111217, 3.6.1201.111814, 3.7.0131.011810 Vulnerability Type: Improper Privilege Management...
Covid-19 Directory On Vaccination System 1.0 SQL Injection
Title: Covid-19 Directory on Vaccination System 1.0 Blind boolean SQLi To Rce Author: Hejap Zairy Date: 28.07.2022 Vendor: https://www.sourcecodester.com/php/15244/design-and-implementation-covid-19-directory-vacination.html Software:...
Pay Slip PDF Generator System 1.0 Shell Upload
Title: Pay Slip PDF Generator System 1.0 Shell Upload Author: Hejap Zairy Date: 26.07.2022 Vendor: https://www.sourcecodester.com/php/15242/employees-pay-slip-pdf-generator-system-email-using-phpoop-free-source-code.html Software:...
Backdoor.Win32.Cyn.20 Insecure Permissions
Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/3dd1da64e306cae0409e154e15dd1b80.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Cyn.20 Vulnerability: Insecure Permissions Description: The malware writes a ".EXE"...
Pay Slip PDF Generator System 1.0 SQL Injection
Title: Pay Slip PDF Generator System 1.0 Blind time SQLi To Rce Author: Hejap Zairy Date: 26.07.2022 Vendor: https://www.sourcecodester.com/php/15242/employees-pay-slip-pdf-generator-system-email-using-phpoop-free-source-code.html Software:...
PDF Generator Web App Using TCPDF 1.0 Local File Inclusion
Title: PDF Generator Web App using TCPDF 1.0 LFI To RCE Author: Hejap Zairy Date: 26.07.2022 Vendor: https://www.sourcecodester.com/php/15243/pdf-generator-web-app-using-tcpdf-and-phpoop-free-source-code.html...
Backdoor.Win32.Cafeini.b Denial Of Service
Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/b24c56abb4bde960c2d51d4e509d2c68.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Cafeini.b Vulnerability: Denial of Service Family: Cafeini Type: PE32 MD5:...
ALLMediaServer 1.6 Remote Buffer Overflow
Exploit Title: ALLMediaServer 1.6 Remote Buffer Overflow Discovered by: Yehia Elghaly Discovered Date: 2022-03-25 Vendor Homepage: https://www.allmediaserver.org/ Software Link : https://www.allmediaserver.org/LiveUpdate/ALLMediaServer.exe Tested Version: 1.6 Vulnerability Type: Buffer Overflow D...
One Church Management System 1.0 SQL Injection
Exploit Title: One Church Management System 1.0 - attendancy.php search2 SQL Injection Date: 18/03/2022 Exploit Author: Mr Empy Software Link: https://www.sourcecodester.com/php/15225/church-management-software-free-download-full-version.html Version: 1.0 Tested on: Linux Title: ================...
Microfinance Management System 1.0 SQL Injection
Exploit Title: Microfinance Management System 1.0 - Authentication Bypass SQL Injection Date: 23/03/2022 Exploit Author: Mr Empy Software Link: https://www.sourcecodester.com/php/14822/microfinance-management-system.html Version: 1.0 Tested on: Linux Title: ================ Microfinance Managemen...
FruityWifi Remote Code Execution
!/usr/bin/python3 -- coding: utf-8 -- usage: ./akhlutprowlingterror.py http://phishingsiteurl text=''' -o==============o- ████ ██████ ██████ ██ ██ ██████ ▓▓ ██ ██████ ██ ██████ ██▓▓ ██ ██████ ▓▓ ██ ▒▒ ██ ████ ▓▓ ██ ██████ ██▓▓ ████ ██████ ▓▓████ ██ ▓▓ ██████ ████████ ████▓▓ ██████ ██████ ████████...
One Church Management System 1.0 Cross Site Scripting
Exploit Title: One Church Management System 1.0 - Multiple Cross-site Scripting Date: 17/03/2022 Exploit Author: Mr Empy Software Link: https://www.sourcecodester.com/php/15225/church-management-software-free-download-full-version.html Version: 1.0 Tested on: Linux Title: ================ One...
RTLO Injection URI Spoofing
Exploit Title: WordPress Plugin Jetpack 9.1 - Cross Site Scripting XSS Date: 2022-02-07 Author: Milad karimi Software Link: https://wordpress.org/plugins/jetpack Version: 9.1 Tested on: Windows 11 CVE: N/A 1. Description: This plugin creates a Jetpack from any post types. The slider import search...
Sports Complex Booking System 1.0 SQL Injection
Title: Sports Complex Booking System 1.0 Blind SQLi To Rce Author: Hejap Zairy Date: 24.07.2022 Vendor: https://www.sourcecodester.com/php/15236/online-sports-complex-booking-system-phpmysql-free-source-code.html Software:...
Online Sports Complex Booking System 1.0 Account Takeover
Exploit Title: Online Sports Complex Booking System - Account Takeover Unauthenticated Date: 24/03/2022 Exploit Author: Saud Alenazi Vendor Homepage: https://www.sourcecodester.com/ Software Link:...
Event Management System 1.0 Shell Upload
Title: Event Management System 1.0 Shell Upload Author: Hejap Zairy Date: 24.07.2022 Vendor: https://www.sourcecodester.com/php/15238/event-management-system-project-php-source-code.html Software: https://www.sourcecodester.com/sites/default/files/download/oretnom23/Royal%20Event.zip Reference:...
Sports Complex Booking System 1.0 Shell Upload
Title: Sports Complex Booking System 1.0 Shell Upload Author: Hejap Zairy Date: 24.07.2022 Vendor: https://www.sourcecodester.com/php/15236/online-sports-complex-booking-system-phpmysql-free-source-code.html Software: https://www.sourcecodester.com/sites/default/files/download/oretnom23/scbs1.zip...
containerd Image Volume Insecure Handling
containerd: Insecure handling of image volumes containerd's cri plugin handles image volumes containing path traversals insecurely. This can be used to copy arbitrary host directories to a container-mounted path. OCI images contain a JSON config file described in...
Trend Micro Virtual Mobile Infrastructure 6.0.1278 Denial Of Service
Exploit Title: Trend Micro Virtual Mobile Infrastructure TMVMI version 6 - Denial of Service PoC Date: 24/03/2022 Exploit Author: Saud Alenazi Vendor Homepage: https://www.trendmicro.com/ Software Link: App Store for iOS devices Version: 6.0.1278 Tested: iPhone 6 iOS 12.4.7 Vulnerability Type:...
Online Sports Complex Booking System 1.0 SQL Injection
Exploit Title: Online Sports Complex Booking System - 'id' Blind SQL Injection Date: 24/03/2022 Exploit Author: Saud Alenazi Vendor Homepage: https://www.sourcecodester.com/ Software Link: https://www.sourcecodester.com/php/15236/online-sports-complex-booking-system-phpmysql-free-source-code.html...
Microfinance Management System 1.0 SQL Injection
Title: Microfinance Management System 1.0 SQLi To Rce Author: Hejap Zairy Date: 24.07.2022 Vendor: https://www.sourcecodester.com/php/14822/microfinance-management-system.html Software: https://www.sourcecodester.com/sites/default/files/download/oretnom23/mims0.zip Reference:...
Foxit PDF Editor (iOS) 11.3.1 Arbitrary File Upload
Exploit Title: Foxit PDF Editor iOS - Arbitrary File Upload Unauthenticated Date: 24/03/2022 Exploit Author: Saud Alenazi Vendor Homepage: https://www.foxit.com Software Link: https://apps.apple.com/us/app/foxit-pdf-editor/id507040546 Version: 11.3.1 Tested: iPhone 6 iOS 12.4.7 Contact:...
WordPress Amministrazione Aperta 3.7.3 Arbitrary File Read
Exploit Title: WordPress Plugin amministrazione-aperta 3.7.3 - Local File Read - Unauthenticated Google Dork: inurl:/wp-content/plugins/amministrazione-aperta/ Date: 23-03-2022 Exploit Author: Hassan Khan Yusufzai - Splint3r7 Vendor Homepage: https://wordpress.org/plugins/amministrazione-aperta/...
ImpressCMS 1.4.2 Remote Code Execution
?php / ---------------------------------------------------------- ImpressCMS = 1.4.2 SQL Injection to Remote Code Execution ---------------------------------------------------------- author..............: Egidio Romano aka EgiX mail................: n0b0d13satgmaildotcom software link.......:...
Drupal Avatar Upload 7.x-1.0-beta8 Cross Site Scripting
Exploit Title: Drupal avataruploader v7.x-1.0-beta8 - Cross Site Scripting XSS Date: 2022-03-22 Author: Milad karimi Software Link: https://www.drupal.org/project/avataruploader Version: v7.x-1.0-beta8 Tested on: Windows 10 CVE: N/A 1. Description: This plugin creates a avataruploader from any po...
WordPress Akismet Spam Protection 4.2.2 Cross Site Scripting
Exploit Title: WordPress Plugin Akismet Spam Protection v4.2.2 - Cross Site Scripting XSS Date: 2022-03-22 Author: Milad karimi Software Link: https://wordpress.org/plugins/akismet Version: 4.2.2 Tested on: Windows 11 CVE: N/A 1. Description: This plugin creates a Akismet Spam Protection from any...
WordPress Contact Form 7 5.5.6 Cross Site Scripting
Exploit Title: WordPress Plugin Contact Form 7 v5.5.6 - Cross Site Scripting XSS Date: 2022-03-22 Author: Milad karimi Software Link: https://wordpress.org/plugins/contact-form-7 Version: 5.5.6 Tested on: Windows 11 CVE: N/A 1. Description: This plugin creates a Contact Form 7 from any post types...
ProtonVPN 1.26.0 Unquoted Service Path
Exploit Title: ProtonVPN 1.26.0 - Unquoted Service Path Date: 22/03/2022 Exploit Author: gemreda @gemredax Vendor Homepage: https://protonvpn.com/ Software Link: https://protonvpn.com/ Version: 1.26.0 Tested: Windows 10 x64 Contact: [email protected] PS C:\Users\Emre sc.exe qc "ProtonVPN Wireguard" ...
ICEHRM 31.0.0.0S Cross Site Request Forgery
Exploit Title: ICEHRM 31.0.0.0S - Cross-site Request Forgery CSRF to Account Takeover Date: 18/03/2022 Exploit Author: Devansh Bordia Vendor Homepage: https://icehrm.com/ Software Link: https://github.com/gamonoid/icehrm/releases/tag/v31.0.0.OS Version: 31.0.0.OS Tested on: Windows 10 1. About -...
Sysax FTP Automation 6.9.0 Privilege Escalation
Exploit Author: bzyo @bzyo Exploit Title: Sysax FTP Automation 6.9.0 - Privilege Escalation Date: 03-20-2022 Vulnerable Software: Sysax FTP Automation 6.9.0 Vendor Homepage: https://www.sysax.com/ Version: 6.9.0 Software Link: https://www.sysax.com/download/sysaxautosetup.msi Tested on: Windows 1...
ImpressCMS 1.4.2 Authentication Bypass
----------------------------------------------------------------------- ImpressCMS stripSlashesGPC$autologinName; 46. $pass = $myts-stripSlashesGPC$autologinPass; 47. if empty$uname || isnumeric$pass 48. $user = false ; 49. else 50. // V3 51. $uname4sql = addslashes$uname; 52. $criteria = new...
iRZ Mobile Router Cross Site Request Forgery / Remote Code Execution
Exploit Title: iRZ Mobile Router - CSRF to RCE Google Dork: intitle:"iRZ Mobile Router" Date: 2022-03-18 Exploit Author: Stephen Chavez & Robert Willis Vendor Homepage: https://en.irz.ru/ Software Link: https://github.com/SakuraSamuraii/ez-iRZ Version: Routers through 2022-03-16 Tested on: RU21,...
Backdoor.Win32.Agent.bxxn Open Proxy
Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/dcbc237f21839a6514c8321d5fa631a4.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Agent.bxxn Vulnerability: Open Proxy Description: The malware listens on TCP port 108...
Backdoor.Win32.BirdSpy.b Hardcoded Credential
Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/eba3dd81723ddf33621fd85ded577920.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.BirdSpy.b Vulnerability: Weak Hardcoded Credentials Family: BirdSpy Type: PE32 MD5:...
ImpressCMS 1.4.2 Incorrect Access Control
-------------------------------------------------------------------------- ImpressCMS validateToken$REQUEST'token', false 22. $denied = false; 23. 24. elseif isobjecticms::$user && icms::$user-isAdmin 25. $denied = false; 26. 27. if $denied 28. icmscoreMessage::errorNOPERM; 29. exit; 30. This...
ImpressCMS 1.4.2 SQL Injection
--------------------------------------------------------------- ImpressCMS getUserCountByGroupLink@$POST"groups", $criteria; 282. 283. $validsort = array"uname", "email", "lastlogin", "userregdate", "posts"; 284. $sort = !inarray$POST'usersort', $validsort ? "uname" : $POST'usersort'; 285. $order...
ImpressCMS 1.4.2 Path Traversal
----------------------------------------------------------------- ImpressCMS getVar 'imagename' 162. if @unlink ICMSIMANAGERFOLDERPATH . '/temp/' . $simagetemp 163. $msg = MDAMDBUPDATED; ... 190. else 191. if copy ICMSIMANAGERFOLDERPATH . '/temp/' . $simagetemp, $categpath . $imgname 192. @unlink...
Ivanti Endpoint Manager CSA 4.5 / 4.6 Remote Code Execution
Exploit Title: Ivanti Endpoint Manager - Cloud Service Appliance Unauthenticated Remote Code Execution Date: 20/03/2022 Exploit Author: d7x Vendor Homepage: https://www.ivanti.com/ Software Link: https://forums.ivanti.com/s/article/Customer-Update-Cloud-Service-Appliance-4-6 Version: CSA 4.6 4.5 ...
Home Owners Collection Management System 1.0 SQL Injection
Exploit Title: Home Owners Collection Management System 1.0 - Remote Code Execution Blind SQLi to RCE Date: 9/03/2022 Exploit Author: Hejap Zairy Vendor Homepage: https://www.sourcecodester.com/ Software Link:...
Inventory Management System 1.0 SQL Injection
Title: Inventory Management System 1.0 Blind SQLi To Rce Author: Hejap Zairy Date: 12.07.2022 Vendor: https://www.vetbossel.in/inventory-management-system-php/ Software: https://cutt.ly/lOZ8lrr Reference: https://github.com/Matrix07ksa Tested on: Windows, MySQL, Apache vulnerability Code php php...
ICT Protege GX/WX 2.08 Cross Site Scripting
ICT Protege GX/WX 2.08 Authenticated Stored XSS Vulnerability Vendor: Integrated Control Technology Ltd. Product web page: https://www.ict.co Affected version: GX: Ver: 2.08.1002 K1B3 Lib: 04.00.217 Int: 2.3.235.J013 OS: 2.0.20 WX: Ver: 4.00 284 H062 App: 02.08.766 Lib: 04.00.169 Int: 02.2.208...