50748 matches found
Backdoor.Win32.FTP.Lana.01.d Hardcoded Credential
Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/ea9ab5983a6fa71e31907e74d4ddbab6.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.FTP.Lana.01.d Vulnerability: Weak Hardcoded Credentials Family: Lana Type: PE32 MD5:...
qdPM 9.2 Cross Site Request Forgery
Exploit Title: qdPM 9.2 - Cross-site Request Forgery CSRF Google Dork: NA Date: 03/27/2022 Exploit Author: Chetanya Sharma @AggressiveUser Vendor Homepage: https://qdpm.net/ Software Link: https://sourceforge.net/projects/qdpm/files/latest/download Version: 9.2 Tested on: KALI OS CVE :...
Backdoor.Win32.Bifrose.uw Insecure Permissions
Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/9e4f942c60044feef0fb48538ffac383.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Bifrose.uw Vulnerability: Insecure Permissions Description: The malware writes a ".EX...
WordPress UpdraftPlus Cross Site Scripting
Tittle: WordPress Plugin UpdraftPlus confirm1 Classification Type XSS OWASP top 10 A7: Cross-Site Scripting XSS CWE-79 wpScan: https://wpscan.com/vulnerability/7337543f-4c2c-4365-aebf-3423e9d2f872...
binutils 2.37 Objdump Segmentation Fault
Exploit Title: binutils 2.37 - Objdump Segmentation Fault Date: 2021-11-03 Exploit Author: p3tryx Vendor Homepage: https://www.gnu.org/software/binutils/ Version: binutils 2.37 Tested on: Ubuntu 18.04 CVE : CVE-2021-43149 Payload file %223"\972\00\0083=Q333A11111111411111333333A $$$\FF$\80 1114...
WordPress Ad Inserter Cross Site Scripting
Tittle: WordPress Plugin Ad Inserter Classification Type XSS OWASP top 10 A7: Cross-Site Scripting XSS CWE-79 wpScan: https://wpscan.com/vulnerability/85582b4f-a40a-4394-9834-0c88c5dc57ba...
Backdoor.Win32.Wisell Remote Command Execution
Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/837ec70bfb305b5c862ff9b04e70a318.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Wisell Vulnerability: Unauthenticated Remote Command Execution Description: The malwa...
Backdoor.Win32.Wisell Buffer Overflow
Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/837ec70bfb305b5c862ff9b04e70a318B.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Wisell Vulnerability: Stack Buffer Overflow SEH Description: The malware listens on...
KLiK Social Media Website 1.0 SQL Injection
Exploit Title: KLiK Social Media Website 1.0 - 'Multiple' SQLi Date: April 1st, 2022 Exploit Author: corpse Vendor Homepage: https://github.com/msaad1999/KLiK-SocialMediaWebsite Software Link: https://github.com/msaad1999/KLiK-SocialMediaWebsite Version: 1.0 Tested on: Debian 11 Parameter: poll G...
ICEHRM 31.0.0.0S Cross Site Request Forgery
Exploit Title: ICEHRM 31.0.0.0S - Cross-site Request Forgery CSRF to Account Deletion Date: 29/03/2022 Exploit Author: Devansh Bordia Vendor Homepage: https://icehrm.com/ Software Link: https://github.com/gamonoid/icehrm/releases/tag/v31.0.0.OS Version: 31.0.0.OS Tested on: Windows 10 CVE:...
WordPress WP Downgrade Cross Site Scripting
Tittle: WordPress Plugin WP Downgrade alert/XSS/ Classification Type XSS OWASP top 10 A7: Cross-Site Scripting XSS CWE-79 wpScan: https://wpscan.com/vulnerability/85582b4f-a40a-4394-9834-0c88c5dc57ba TracWordpress: https://plugins.trac.wordpress.org/changeset/2696091...
Backdoor.Win32.Ptakks.XP.a Insecure Credential Storage
Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/e087725b01dded75d85a20db58335fa8.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Ptakks.XP.a Vulnerability: Insecure Credential Storage Description: The default...
WordPress Loco Translate Cross Site Scripting
Tittle: WordPress Plugin Loco Translate ' 7. Save 8. Replicated POC2 via example.po 1. Got to Plugin Loco Translate 2. Enter Plugins Options Any Plugin 3. Upload PO options 3. Load example.po Example.po msgid "" msgstr "" "Project-Id-Version: xss-tester\n" "Report-Msgid-Bugs-To: \n"...
Backdoor.Win32.FTP.Lana.01.d Man-In-The-Middle
Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/ea9ab5983a6fa71e31907e74d4ddbab6B.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.FTP.Lana.01.d Vulnerability: Port Bounce Scan Description: The malware listens on TC...
SAP Information System 1.0.0 Missing Authorization
Exploit Title: SAP Information System 1.0.0 - Improper Authentication Date: 06/04/2022 CVE: CVE-2022-1248 Exploit Author: Mr Empy Software Link: https://www.sourcecodester.com/php/15262/sap-information-system-using-phppdo-oop.html Version: 1.0.0 Tested on: Linux Title: ================ SAP...
Backdoor.Win32.Easyserv.11.c Insecure Transit
Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/3b5564e88a0b8a41e4fd730891e635cc.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Easyserv.11.c Vulnerability: Insecure Transit Description: The malware makes outbound...
Small HTTP Server 3.06 Remote Buffer Overflow
Exploit Title: Small HTTP Server Remote Buffer Overflow Discovered by: Yehia Elghaly Discovered Date: 2022-04-07 Vendor Homepage: http://smallsrv.com/ Software Link : http://smallsrv.com/shttpsmgi.exe Tested Version: 3.06 Vulnerability Type: Buffer Overflow Remote Tested on OS: Windows XP SP3 -...
Backdoor.Win32.Tiny.a Remote Command Execution
Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/9fa664bc52e1aa46a09ac51aaa6c7384.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Tiny.a Vulnerability: Unauthenticated Remote Command Execution Description: The malwa...
CSZCMS 1.3.0 SSRF / LFI / Remote Code Execution
Title: CSZCMS V1.3.0 - SSRF To LFI To Rce Author: Hejap Zairy Date: 07.04.2022 Vendor: https://sourceforge.net/projects/cszcms/files/install/ Software: https://liquidtelecom.dl.sourceforge.net/project/cszcms/install/CSZCMS-V1.3.0.zip Reference: https://github.com/Matrix07ksa Tested on: Windows,...
Opmon 9.11 Cross Site Scripting
Exploit Title: Opmon 9.11 - Cross-site Scripting Date: 2021-06-01 Exploit Author: p3tryx Vendor Homepage: https://www.opservices.com.br/monitoramento-real-time Version: 9.11 Tested on: Chrome, IE and Firefox CVE : CVE-2021-43009 URL POC: alertdocument.cookie; var i=new Image;...
FFS Colibri Controller Module 1.8.19.8580 Directory Traversal
============== Author ============== = Name: Momen Eldawakhly Cyber Guy = Company: Cypro.se ====================================== ============== Product ============== = Vendor: Franklin Fueling Systems = Product: FFS Colibri Controller Module = Version: 1.8.19.8580...
Backdoor.Win32.XLog.21 Authentication Bypass / Race Condition
Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/2906b5dc5132dd1319827415e837168f.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.XLog.21 Vulnerability: Authentication Bypass Race Condition Description: The malware...
School Club Application System 1.0 SQL Injection
Title: School Club Application System v1.0 SQLi Author: nu11secur1ty Date: 04.07.2022 Vendor: https://www.sourcecodester.com/users/tips23 Software: https://www.sourcecodester.com/php/15266/school-club-application-system-phpoop-free-source-code.html Reference:...
WordPress Hummingbird Cross Site Scripting
Tittle: WordPress Plugin Hummingbird Configs edit the "Name and Description" and put the following payload in the Name field: Save and Click 'Apply' to trigger the XSS Go to Hummingbird's Settings Configs and Upload the following config "id": 1, "name": "", "description": "Xss", "config":...
Backdoor.Win32.Verify.h Remote Command Execution
Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/82641dabbb1f73dd775e200466a07ec1.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Verify.h Vulnerability: Unauthenticated Remote Command Execution Description: The...
Backdoor.Win32.Xingdoor Denial Of Service
Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/89000e259ffbd107b7cc9bac66dcdcf5.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Xingdoor Vulnerability: Denial of Service Description: The malware "SystemXingCheng"...
Zenario CMS 9.0.54156 Remote Code Execution
Exploit Title: Zenario CMS 9.0.54156 - Remote Code Execution RCE Authenticated Date: 04/02/2022 Exploit Author: minhnq22 Vendor Homepage: https://zenar.io/ Software Link: https://zenar.io/download-page Version: 9.0.54156 Tested on: Ubuntu 21.04 CVE : CVE-2021–42171 Python3 import os import sys...
Online Sports Complex Booking System 1.0 SQL Injection
Title: Online Sports Complex Booking System 1.0 SQL Injection Author: Zllggggg Vendor: https://www.sourcecodester.com/php/15236/online-sports-complex-booking-system-phpmysql-free-source-code.html Software: https://www.sourcecodester.com/sites/default/files/download/oretnom23/scbs1.zip Reference:...
Bakery Shop Management System 1.0 Local File Inclusion
Title: Bakery Shop Management System 1.0 LFI To RCE Author: Hejap Zairy Date: 06.04.2022 Vendor: https://www.campcodes.com/projects/php/simple-bakery-shop-management-system/ Software: https://www.campcodes.com/wp-content/uploads/2022/02/bsms0.zip Reference: https://github.com/Matrix07ksa Tested o...
SAP Information System 1.0 Shell Upload
Title: SAP Information System 1.0 Shell Upload Author: Hejap Zairy Date: 05.04.2022 Vendor: https://www.sourcecodester.com/php/15262/sap-information-system-using-phppdo-oop.html Software: https://www.sourcecodester.com/sites/default/files/download/oretnom23/SAPInformationSystem.zip Reference:...
Bakery Shop Management System 1.0 SQL Injection
Title: Bakery Shop Management System 1.0 - Blind Time SQLi To Rce Author: Hejap Zairy Date: 06.04.2022 Vendor: https://www.campcodes.com/projects/php/simple-bakery-shop-management-system/ Software: https://www.campcodes.com/wp-content/uploads/2022/02/bsms0.zip Reference:...
cmark-gfm Integer overflow
cmark-gfm: Integer overflow in table extension cmark-gfm Github's markdown parsing library is vulnerable to an out-of-bounds write when parsing markdown tables with a high number of columns due to an overflow of the 16bit columns count. Support for parsing tables in a github flavored markdown fil...
Multi Store Inventory Management System 1.0 Account Takeover
Exploit Title: Multi Store Inventory Management System - Account Takeover Unauthenticated Date: 04/04/2022 Exploit Author: Saud Alenazi Vendor Homepage: https://www.bdtask.com/ Software Link: https://www.campcodes.com/projects/php/complete-multi-store-inventory-management-system-in-php-mysql/...
Multi Store Inventory Management System 1.0 Information Disclosure
Exploit Title: Multi Store Inventory Management System - Information Disclosure Date: 04/04/2022 Exploit Author: Saud Alenazi Vendor Homepage: https://www.bdtask.com/ Software Link: https://www.campcodes.com/projects/php/complete-multi-store-inventory-management-system-in-php-mysql/ Version: 1.0...
Online Banquet Booking System 1.0 Cross Site Request Forgery
Exploit Title: Online Banquet Booking System - 'change admin credentials' Cross-Site Request Forgery CSRF Date: 04/04/2022 Exploit Author: Saud Alenazi Vendor Homepage: https://phpgurukul.com Software Link: https://phpgurukul.com/online-banquet-booking-system-using-php-and-mysql/ Version: 1.0...
Gadget Store Management System 1.0 Shell Upload
Exploit Title: Gadget Store Management System 1.0 - Remote Code Execution RCE Unauthenticated Date: 04/04/2022 Exploit Author: Saud Alenazi Vendor Homepage: https://www.campcodes.com/ Software Link: https://www.campcodes.com/projects/php/gadget-store-management-system/ Version: 1.0 Tested on:...
Roxy File Manager 1.4.5 PHP File Upload Restriction Bypass
Exploit Title: Roxy File Manager 1.4.5 PHP File Upload Restriction Bypass Exploit Author: Adam Shebani NULLHE4D Date: 07/03/2022 Software: Roxy File Manager Version: 1.4.5 CVE: CVE-2018-20525 Vendor Homepage: http://www.roxyfileman.com/ Software Link:...
Payroll Management System 1.0 SQL Injection
Title: Payroll Management System v1.0 SQLi Author: nu11secur1ty Date: 04.03.2022 Vendor: https://www.sourcecodester.com/user/257130/activity Software: https://www.sourcecodester.com/php/14475/payroll-management-system-using-phpmysql-source-code.html Reference:...
Sherpa Connector Service 2020.2.20328.2050 Unquoted Service Path
Exploit Title: Sherpa Connector Service v2020.2.20328.2050 - Unquoted Service Path Exploit Author: Manthan Chhabra netsectuna, Harshit fumenoid Version: 2020.2.20328.2050 Date: 02/04/2022 Vendor Homepage: http://gimmal.com/ Vulnerability Type: Unquoted Service Path Tested on: Windows 10 CVE:...
Backdoor.Win32.Wollf.h Remote Command Execution
Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/867c6b432ccd4aa51adc5e2722a4b144.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Wollf.h Vulnerability: Unauthenticated Remote Command Execution Description: The...
ALLMediaServer 1.6 Buffer Overflow
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework Author: Hejap Zairy Date: 1.08.2022 Exploit Prof Proof and Exploit: image:https://i.imgur.com/yLrRR2t.png video:https://streamable.com/x4i50c require 'msf/core' class...
Backdoor.Win32.Delf.ps Information Disclosure
Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/cf3c08afa6c2d49ba36ed0f895893d71.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Delf.ps Vulnerability: Information Disclosure Description: The malware listens on TCP...
Backdoor.Win32.Jokerdoor Hardcoded Credential
Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/a6437375fff871dff97dc91c8fd6259f.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Jokerdoor Vulnerability: Weak Hardcoded Credentials Family: Jokerdoor Type: PE32 MD5:...
Barco Control Room Management Suite Directory Traversal
I. SUMMARY Title: CVE-2022-2623 Barco Control Room Management Suite File Path Traversal Vulnerability Product: Barco Control Room Management Suite before 2.9 build 0275 and all prior versions Vulnerability Type: File Path Traversal Credit by/Researcher: Murat Aydemir from Accenture Cyber Security...
WordPress Uleak Security Dashboard 1.2.3 Cross Site Scripting
Exploit Title: WordPress Plugin uleak-security-dashboard 1.2.3 - Stored Cross-Site Scripting Authenticated Date: 31-03-2022 Exploit Author: Hassan Khan Yusufzai - Splint3r7 Vendor Homepage: https://wordpress.org/plugins/uleak-security-dashboard/ Version: 1.2.3 Tested on: Firefox Contact me: h at...
Message System 1.0 SQL Injection
Title: Message System 1.0 1.0 Blind Time SQLi To Rce Author: Hejap Zairy Date: 30.07.2022 Vendor: https://www.sourcecodester.com/php/15249/message-system-phpoop-free-source-code.html Software:https://www.sourcecodester.com/sites/default/files/download/oretnom23/pmms1.zip Reference:...
IdeaRE RefTree Shell Upload
=============================================================================== title: IdeaRE RefTree Remote Code Execution product: IdeaRE RefTree 2021.09.17 vulnerability type: Unrestricted File Upload CVE ID: CVE-2022-27249 severity: High CVSSv3 score: 8.8 CVSSv3 vector:...
EG Free AntiVirus 2020 Privilege Escalation / Unquoted Service Path
Exploit Title: EG Free AntiVirus v2020 - Unquoted Service Path Local Privilege Escalation Date: 24/01/2022 Exploit Author: Shahrukh Iqbal Mirza @shahrukhiqbal24 Vendor Homepage: http://www.egsoftweb.in/index.aspx Software Link: http://www.egsoftweb.in/OurProductReadmore.aspx?id=6 Version: 2020...
IdeaRE RefTree Path Traversal
=============================================================================== title: IdeaRE RefTree Download Path Traversal product: IdeaRE RefTree =============================================================================== EXECUTIVE SUMMARY RefTree is a web application made for managing...
Spoofer 1.4.6 Privilege Escalation / Unquoted Service Path
Exploit Title: Spoofer 1.4.6 – Local Privilege Escalation via Unquoted Service Path Date: 24/01/2022 Exploit Author: Asim Sattar @MAsim1 Vendor Homepage: https://www.caida.org/projects/spoofer/ Software Link: https://www.caida.org/projects/spoofer/downloads/Spoofer-1.4.6-win32.exe Version: 1.4.6...