50773 matches found
Telegram Android 8.4.4 Denial Of Service
Document Title: =============== Telegram Android v8.4.4 - Denial of Service PoC References Source: ==================== https://twitter.com/h4shur Release Date: ============= 2022-01-30 Common Vulnerability Scoring System: ==================================== 7.8 Product & Service Introduction:...
Backdoor.Win32.Zombam.b Information Disclosure
Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/1e3665a67201209609ae493a2a590beeB.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Zombam.b Vulnerability: Unauthenticated Information Disclosure Description: z0mbie's...
Trojan-Spy.Win32.Zbot.aawo.Zeus-Builder Insecure Permissions
Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/fe0dacbc953d4301232b386fcb3afc23.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Trojan-Spy.Win32.Zbot.aawo.Zeus-Builder Vulnerability: Insecure Permissions Description: ZeuS Builde...
Backdoor.Win32.Prosti.b Insecure Permissions
Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/8201ba6b542fc91c004110b2fc5395aa.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Prosti.b Vulnerability: Insecure Permissions Description: The malware writes a ".dll"...
Backdoor.Win32.Zombam.b Cross Site Scripting
Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/1e3665a67201209609ae493a2a590beeC.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Zombam.b Vulnerability: Cross Site Scripting XSS Description: z0mbie's HTTP RAT v0.1...
Vicidial 2.14-783a SQL Injection
Document Title: =============== Vicidial v2.14-783a - DB SQL Injection Web Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2312 Release Date: ============= 2022-02-17 Vulnerability Laboratory ID VL-ID: ====================================...
Zyxel Buffer Overflow / File Disclosure / CSRF / XSS / Broken Access Control
SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple Critical Vulnerabilities product: Multiple Zyxel devices vulnerable version: For affected products see "Solution" section fixed version: see "Solution" section C...
Emerson PAC Machine Edition 9.80 Build 8695 Unquoted Service Path
Exploit Title: Emerson PAC Machine Edition 9.80 Build 8695 - 'TrapiServer' Unquoted Service Path Discovery by: Luis Martinez Discovery Date: 2022-02-13 Vendor Homepage: https://www.emerson.com/en-us Software Link : https://www.opertek.com/descargar-software/?prc=326 Tested Version: 9.80 Build 869...
Medical Store Management System 1.0 SQL Injection
Title: Medical Store Management System v1.0 remote SQL-Injections Author: nu11secur1ty Date: 02.16.2022 Vendor: https://github.com/abhisheks008 Software: https://github.com/abhisheks008/Medical-Store-Management-System CVE-Medical Store Management System v1.0 Description: The cid parameter fom...
Tiny File Manager 2.4.3 Shell Upload
Tiny File Manager Example: ./exploit.sh http://files.ubuntu.local/index.php admin "admin@123" https://github.com/febinrev/tinyfilemanager-2.4.3-exploit !/bin/bash check which curl if $? = 0 then printf "✔ Curl found! \n" else printf "❌ Curl not found! \n" exit fi which jq if $? = 0 then printf "✔...
WordPress Error Log Viewer 1.1.1 Arbitrary File Deletion
Exploit Title: WordPress Plugin Error Log Viewer 1.1.1 - Arbitrary File Clearing Authenticated Date: 09-11-2021 Exploit Author: Ceylan Bozogullarindan Exploit Website: https://bozogullarindan.com Vendor Homepage: https://bestwebsoft.com/ Software Link:...
Multi-Vendor Online Groceries Management System 1.0 SQL Injection
Exploit Title: Multi-Vendor Online Groceries Management System 1.0 - 'id' Blind SQL Injection Date: 11/02/2022 Exploit Author: Saud Alenazi Vendor Homepage: https://www.sourcecodester.com/ Software Link:...
ServiceNow Orlando Username Enumeration
Exploit Title: ServiceNow - Username Enumeration Google Dork: NA Date: 12 February 2022 Exploit Author: Victor Hanna Trustwave SpiderLabs Author Github Page: https://9lyph.github.io/CVE-2021-45901/ Vendor Homepage: https://www.servicenow.com/ Software Link:...
TeamSpeak 3.5.6 Insecure File Permissions
Exploit Title: TeamSpeak 3.5.6 - Insecure File Permissions Date: 2022-02-15 Exploit Author: Aryan Chehreghani Contact: [email protected] Vendor Homepage: https://www.teamspeak.com Software Link: https://www.teamspeak.com/en/downloads Version: 3.5.6 Tested on: Windows 10 x64 About -...
Network Video Recorder NVR304-16EP Cross Site Scripting
Exploit Title: Network Video Recorder NVR304-16EP - Reflected Cross-Site Scripting XSS Unauthenticated Author: Luis Martinez Discovery Date: 2022-02-13 Vendor Homepage: https://www.uniview.com/Products/NVR/Easy/NVR304-S-P/Product%20features Datasheet of NVR304-S-P:...
Google Play Protect 22.4.25 Detection Bypass
Exploit Title: Google Play Protect 22.4.25 - Detection Bypass Date: 2022-02-14 Exploit Author: Aryan Chehreghani Contact: [email protected] Vendor Homepage: https://play.google.com Version: 22.4.25 Possibly all versions Tested on: Android 5.1.1 About - Google Play Protect : Google Play...
Simple Student Quarterly Result / Grade System 1.0 SQL Injection
Exploit Title: Simple Student Quarterly Result/Grade System 1.0 - SQLi Authentication Bypass Date: 11/02/2022 Exploit Author: Saud Alenazi Vendor Homepage: https://www.sourcecodester.com/ Software Link:...
Ignition Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Unauthenticated remote code execution in Ignition', 'Description' = %q Ignition before 2.5.2, as used in Laravel and other products, allows...
Simple Bakery Shop Management System 1.0 SQL Injection
Title: Simple Bakery Shop Management System v1.0 remote SQL-Injections Author: nu11secur1ty Date: 02.14.2022 Vendor: https://www.sourcecodester.com/users/tips23 Software: https://www.sourcecodester.com/php/15174/simple-bakery-shop-management-system-phpoop-free-source-code.html Description: The...
Nagios XI Autodiscovery Shell Upload
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Nagios XI Autodiscovery Webshell Upload', 'Description' = %q This module exploits a path traversal issue in Nagios XI before version 5.8.5...
H3C SSL VPN Username Enumeration
H3C SSL VPN Username Enumeration Vendor: Hangzhou H3C Technologies Co. | New H3C Technologies Co., Ltd. Product web page: https://www.h3c.com Affected version: n/a Summary: H3C SSL VPN is a secure VPN system based on SSL connections. It allows mobile employees to access corporate networks remotel...
Slurp 1.10.2 Format String
Exploit Title: Slurp 1.10.2 - Remote Format String Date: 2022-02-12 Author: Milad Karimi slurp is a freely available, open source NNTP client. It is designed for use on most Unix and Linux operating systems. It may be possible for a remote server to execute code on a vulnerable client. slurp offe...
WordPress International SMS For Contact Form 7 Integration 1.2 CSRF
Exploit Title: WordPress Plugin International Sms For Contact Form 7 Integration V1.2 - Cross-Site Request Forgery CSRF Date: 2022-02-09 Author: Milad Karimi Software Link: https://wordpress.org/plugins/cf7-international-sms-integration/ Version: 1.2 Tested on: Windows 11 CVE: CVE-2022-24272 1...
Kyocera Command Center RX ECOSYS M2035dn Directory Traversal
Exploit Title: Kyocera Command Center RX ECOSYS M2035dn - Directory Traversal File Disclosure Unauthenticated Author: Luis Martinez Discovery Date: 2022-02-10 Vendor Homepage: https://www.kyoceradocumentsolutions.com/asia/en/products/business-application/command-center-rx.html Tested Version:...
Subrion CMS 4.2.1 Cross Site Request Forgery
Exploit Title: Subrion CMS 4.2.1 - Cross Site Request Forgery CSRF Add Amin Date: 2022-02-09 Exploit Author: Aryan Chehreghani Vendor Homepage: https://subrion.org Software Link: https://subrion.org/download Version: 4.2.1 Tested on: Windows 10 About - Subrion CMS : Subrion is a PHP/MySQL based C...
SIEMENS-SINEMA Remote Connect 1.0 SP3 HF1 Open Redirection
SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Open Redirect in Login Page product: SIEMENS-SINEMA Remote Connect vulnerable version: V1.0 SP3 HF1 fixed version: V2.0 has been out since April, 2019 CVE number:...
Nokia Transport Module Authentication Bypass
title: Nokia Transport Module Authentication Bypass case id: CM-2020-02 product: BTS TRS web console FTMW20FP22019.08.160010 vulnerability type: Authentication Bypass severity: Critical found: 2020-09-28 CVE: CVE-2021-31932 by: Cristiano Maruti @cmaruti EXECUTIVE SUMMARY The TRS web console allow...
Accounting Journal Management System 1.0 SQL Injection
Exploit Title: Accounting Journal Management System 1.0 - 'id' SQLi Authenticated Exploit Author: Alperen Ergel Contact: @alpernae IG/TW Software Homepage: https://www.sourcecodester.com/php/15155/accounting-journal-management-system-trial-balance-php-free-source-code.html Version : 1.0 Tested on...
Home Owners Collection Management System 1.0 Shell Upload
Exploit Title: Home Owners Collection Management System 1.0 - Remote Code Execution RCE Authenticated Date: 9/02/2022 Exploit Author: Saud Alenazi Vendor Homepage: https://www.sourcecodester.com/ Software Link:...
Home Owners Collection Management System 1.0 Account Takeover
Exploit Title: Home Owners Collection Management System 1.0 - Account Takeover Unauthenticated Date: 9/02/2022 Exploit Author: Saud Alenazi Vendor Homepage: https://www.sourcecodester.com/ Software Link:...
Home Owners Collection Management System 1.0 SQL Injection
Exploit Title: Home Owners Collection Management System 1.0 - 'id' Blind SQL Injection Date: 9/02/2022 Exploit Author: Saud Alenazi Vendor Homepage: https://www.sourcecodester.com/ Software Link:...
WordPress Jetpack 9.1 Cross Site Scripting
Exploit Title: WordPress Plugin Jetpack 9.1 - Cross Site Scripting XSS Date: 2022-02-07 Author: Milad karimi Software Link: https://wordpress.org/plugins/jetpack Version: 9.1 Tested on: Windows 11 CVE: N/A 1. Description: This plugin creates a Jetpack from any post types. The slider import search...
WordPress 5.9 Cross Site Scripting
Document Title: =============== Wordpress = 5.9 Cross-Site Scripting Reflected Authenticated Credits & Authors: ================== Taurus Omar [email protected] Disclosure Type: ================ Independent Security Research Release Date: ============= 2022-31-01 Vulnerability Disclosure...
Tokheim Profleet DiaLOG Fuel Management System 11.005.02 SQL Injection / Code Execution
Exploit Title: Tokheim Profleet DiaLOG Fuel Management System 11.005.02 - SQLi Unauthenticated Date: 02/9/2022 Exploit Author: golem445 Vendor Homepage: https://www.tsg-solutions.com Tested on: Kali Linux CVE: CVE-2021-34235 Description: FieldUserLogin parameter is vulnerable to crafted MySQL...
WordPress Secure Copy Content Protection And Content Locking 2.8.1 SQL Injection
Exploit Title: WordPress Plugin Secure Copy Content Protection and Content Locking 2.8.1 - SQL-Injection Unauthenticated Date 08.02.2022 Exploit Author: Ron Jost Hacker5preme Vendor Homepage: https://ays-pro.com/ Software Link:...
Cain And Abel 4.9.56 Unquoted Service Path
Exploit Title: Cain & Abel 4.9.56 - Unquoted Service Path Exploit Author: Aryan Chehreghani Date: 2022-02-08 Software Link: https://www.malavida.com/en/soft/cain-and-abel Version: 4.9.56 Tested on: Windows 10 x64 PoC SERVICENAME: Abel TYPE : 110 WIN32OWNPROCESS interactive STARTTYPE : 2 AUTOSTART...
Hospital Management Startup 1.0 SQL Injection
Title: Hospital Management Startup v1.0 remote SQL-Injections Author: nu11secur1ty Date: 02.10.2022 Vendor: https://github.com/kabirkhyrul Software: https://github.com/kabirkhyrul/HMS CVE-2022-23366 Description: The loginid and password parameters from Hospital Management Startup 1.0 appear to be...
WordPress VeronaLabs WP Statistics 13.1.4 SQL Injection
On February 7, 2022, Security Researcher Cyku Hong from DEVCORE reported a vulnerability to us that they discovered in WP Statistics, a WordPress plugin installed on over 600,000 sites. This vulnerability made it possible for unauthenticated attackers to execute arbitrary SQL queries by appending...
Backdoor.Win32.XRat.k Remote Command Execution
Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/3d4350282ae043177063de2ad4827b97.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.XRat.k Vulnerability: Unauthenticated Remote Command Execution Description: XRat...
Exam Reviewer Management System 1.0 SQL Injection
Exploit Title: Exam Reviewer Management System 1.0 - ‘id’ SQL Injection Date: 2022-02-18 Exploit Author: Juli Agarwal@agarwaljuli Vendor Homepage: https://www.sourcecodester.com/php/15160/simple-exam-reviewer-management-system-phpoop-free-source-code.html Software Link:...
Backdoor.Win32.Frauder.jt Insecure Permissions
Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/16fab35b51f9e6447f2a8c04db4ebe93.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Frauder.jt Vulnerability: Insecure Permissions Description: The malware writes an...
Backdoor.Win32.Wdoor.11 Remote Command Execution
Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/55822613e0d0f437f3ebe5c7f4155452.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Wdoor.11 Vulnerability: Unauthenticated Remote Command Execution Description: Wdoor b...
Grandstream GXV31XX settimezone Unauthenticated Command Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "Grandstream GXV31XX 'settimezone' Unauthenticated Command Execution", 'Description' = %q This module exploits a command injection vulnerability i...
Atom CMS 2.0 SQL Injection
Exploit Title: AtomCMS v2.0 - SQLi Date: 08/02/2022 Exploit Author: Luca Cuzzolin aka czz78 Vendor Homepage: https://github.com/thedigicraft/Atom.CMS Version: v2.0 Category: Webapps Tested on: Debian linux CVE : CVE-2022-24223 ==================================================== PoC : SQLi :...
Backdoor.Win32.Prexot.a Man-In-The-Middle
Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/29bc048d58ab8038c7001ef0d5e69c9bB.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Prexot.a Vulnerability: Port Bounce Scan MITM Description: The malware listens on...
Backdoor.Win32.Freddy.2001 Authentication Bypass / Command Execution
Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/434923afc32a7bc7355ed9a5224b9273.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Freddy.2001 Vulnerability: Authentication Bypass Command Execution Description: The...
Backdoor.Win32.Prexot.a Authentication Bypass
Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/29bc048d58ab8038c7001ef0d5e69c9b.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Prexot.a Vulnerability: Authentication Bypass Description: The malware listens on...
Exam Reviewer Management System 1.0 Shell Upload
Exploit Title: Exam Reviewer Management System 1.0 - Remote Code Execution RCE Authenticated Date: 2022-02-08 Exploit Author: Juli Agarwal@agarwaljuli Vendor Homepage: https://www.sourcecodester.com/php/15160/simple-exam-reviewer-management-system-phpoop-free-source-code.html Software Link:...
WordPress Contact Form Builder 1.6.1 Cross Site Scripting
Exploit Title: Wordpress Plugin Contact Form Builder 1.6.1 - Cross-Site Scripting XSS Date: 2022-02-07 Author: Milad karimi Software Link: https://wordpress.org/plugins/contact-forms-builder/ Version: 1.6.1 Tested on: Windows 11 CVE: N/A 1. Description: This plugin creates a Contact Form Builder...
Hotel Reservation System 1.0 SQL Injection
Exploit Title: Hotel Reservation System 1.0 - SQLi Unauthenticated Google Dork: None Date: 01/29/2022 Exploit Author: Nefrit ID Author Website: https://manadocoder.com Vendor Homepage: https://github.com/dhruvmullick Software Link: https://github.com/dhruvmullick/hotel-reservation-system Tested o...