OpenBMCS 2.4 Remote File Inclusion / Server-Side Request Forgery

OpenBMCS 2.4 Unauthenticated SSRF / RFI Vendor: OPEN BMCS Product web page: https://www.openbmcs.com Affected version: 2.4 Summary: Building Management & Controls System BMCS. No matter what the size of your business, the OpenBMCS software has the ability to expand to hundreds of controllers. Our...

Cisco IP Phone Cleartext Password Storage

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Cleartext Storage of Phone Password product: Cisco IP Phone Series 78x1, 88x5, 88x1, 7832, 8832, 8821 and 3905 vulnerable version: Firmware 14.1.1, Firmware 11.06SR2 devi...

AgentTesla Builder Web Panel SQL Injection

Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/db9629508fda139f71f625d764c7eff7B.txt Contact: [email protected] Media: twitter.com/malvuln Threat: AgentTesla Builder Web Panel Vulnerability: SQL Injection Description: The AgentTeslaBuilder WebUI...

OpenBMCS 2.4 Cross Site Request Forgery

OpenBMCS 2.4 CSRF Send E-mail Vendor: OPEN BMCS Product web page: https://www.openbmcs.com Affected version: 2.4 Summary: Building Management & Controls System BMCS. No matter what the size of your business, the OpenBMCS software has the ability to expand to hundreds of controllers. Our product c...

Ab Stealer Web Panel Cross Site Scripting

Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/9e44c10307aa8194753896ecf8102167.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Ab Stealer Web Panel Vulnerability: Unauthenticated Remote Persistent XSS Description: The "Ab...

Win32.MarsStealer Web Panel Information Disclosure

Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/8abb41f6e7010d70c90f65fd9a740faa.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Win32.MarsStealer Web Panel Vulnerability: Unauthenticated Remote Information Disclosure Description...

Worktime 10.20 Build 4967 DLL Hijacking

/ Description: A vulnerability exists in windows that allows other applications dynamic link libraries to execute malicious code without the users consent, in the privelage context of the targeted application. Exploit Title: Worktime 10.20 Build 4967 DLL Hijacking Exploit Date: 15/01/2022 Author:...

Worktime 10.20 Build 4967 Unquoted Service Path

Exploit Title: WorkTime 10.20 Build Build 4967 Unquoted Service Path Discovery by: Yehia Elghaly Date: 30-12-2021 Vendor Homepage: https://www.worktime.com/ Software Link: https://www.worktime.com/download/worktimecorporate.exe Tested Version: 10.20 Build Build 4967 Vulnerability Type: Unquoted...

RLM 14.2 Cross Site Scripting

Product: RLM 14.2 Vendor: Reprise Software CVE ID: CVE-2021-45422 Vulnerability Title: Reflected Cross-Site Scripting Severity: Medium Authors: Giulia Melotti Garibaldi Date: 2022-01-11 Introduction: An issue was discovered in Reprise License Manager 14.2, Reprise License Manager 14.2 is affected...

SalonERP 3.0.1 SQL Injection

Exploit Title: SalonERP 3.0.1 - 'sql' SQL Injection Authenticated Exploit Author: Betul Denizler Vendor Homepage: https://salonerp.sourceforge.io/ Software Link: https://sourceforge.net/projects/salonerp/files/latest/download Version: SalonERP v3.0.1 Tested on: Ubuntu Mate 20.04 Vulnerable...

SonicWall SMA 100 Series Authenticated Command Injection

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'SonicWall SMA 100 Series Authenticated Command Injection', 'Description' = %q This module exploits an authenticated command injection vulnerabili...

WordPress Core 5.8.2 SQL Injection

Exploit Title: WordPress Core 5.8.2 - 'WPQuery' SQL Injection Date: 11/01/2022 Exploit Author: Aryan Chehreghani Vendor Homepage: https://wordpress.org Software Link: https://wordpress.org/download/releases Version: 5.8.3 Tested on: Windows 10 CVE : CVE-2022-21661 VULNERABILITY DETAILS : This...

Online Diagnostic Lab Management System 1.0 Cross Site Scripting

Exploit Title: Online Diagnostic Lab Management System 1.0 - Stored Cross Site Scripting XSS Date: 11/01/2022 Exploit Author: Himash Vendor Homepage: https://www.sourcecodester.com/php/15129/online-diagnostic-lab-management-system-php-free-source-code.html Software Link:...

Hospitals Patient Records Management System 1.0 Cross Site Scripting

Exploit Title: Hospitals Patient Records Management System 1.0 - 'doctors' Stored Cross Site Scripting XSS Exploit Author: Sant268 Vendor Homepage: https://www.sourcecodester.com/ Software Link:...

Online Diagnostic Lab Management System 1.0 Missing Access Control

Exploit Title: Online Diagnostic Lab Management System 1.0 - Account Takeover Unauthenticated Date: 11/01/2022 Exploit Author: Himash Vendor Homepage: https://www.sourcecodester.com/php/15129/online-diagnostic-lab-management-system-php-free-source-code.html Software Link:...

Online Diagnostic Lab Management System 1.0 SQL Injection

Exploit Title: Online Diagnostic Lab Management System 1.0 - SQL Injection Unauthenticated Date: 11/01/2022 Exploit Author: Himash Vendor Homepage: https://www.sourcecodester.com/php/15129/online-diagnostic-lab-management-system-php-free-source-code.html Software Link:...

WordPress Frontend Uploader 1.3.2 Cross Site Scripting

Exploit Title: WordPress Plugin Frontend Uploader 1.3.2 - Stored Cross Site Scripting XSS Unauthenticated Date: 10/01/2022 Exploit Author: Veshraj Ghimire Vendor Homepage: https://wordpress.org/plugins/frontend-uploader/ Software Link: https://plugins.trac.wordpress.org/browser/frontend-uploader/...

Log4Shell HTTP Header Injection

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Log4Shell HTTP Header Injection', 'Description' = %q Versions of Apache Log4j2 impacted by CVE-2021-44228 which allow JNDI features used in...

Crestron HD-MD4X2-4K-E 1.0.0.2159 Credential Disclosure

Advisory: Credential Disclosure in Web Interface of Crestron Device When the administrative web interface of the Crestron HDMI switcher is accessed unauthenticated, user credentials are disclosed which are valid to authenticate to the web interface. Details ======= Product: Crestron HD-MD4X2-4K-E...

Microsoft Windows Defender / Detection Bypass

Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/MICROSOFTWINDOWSDEFENDERDETECTIONBYPASS.txt + twitter.com/hyp3rlinx + ISR: ApparitionSec Vendor www.microsoft.com Product Windows Defender Microsoft Defender Antivirus is a...

Microsoft Windows .Reg File Dialog Spoofing / Mitigation Bypass

Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/MICROSOFTWINDOWSREGFILEDIALOGSPOOFMITIGATIONBYPASS.txt + twitter.com/hyp3rlinx + ISR: ApparitionSec Vendor www.microsoft.com A file with the .reg file extension is a...

Backdoor.Win32.Controlit.10 Code Execution

Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/859aab793a42868343346163bd42f485.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Controlit.10 Vulnerability: Unauthenticated Remote Command Execution Description: The...

Online Railway Reservation System 1.0 Missing Access Control

Exploit Title: Online Railway Reservation System 1.0 - Admin Account Creation Unauthenticated Date: 07/01/2022 Exploit Author: Zachary Asher Vendor Homepage: https://www.sourcecodester.com/php/15121/online-railway-reservation-system-phpoop-project-free-source-code.html Software Link:...

Online Railway Reservation System 1.0 Cross Site Scripting

Exploit Title: Online Railway Reservation System 1.0 - 'Multiple' Stored Cross Site Scripting XSS Unauthenticated Date: 07/01/2022 Exploit Author: Zachary Asher Vendor Homepage: https://www.sourcecodester.com/php/15121/online-railway-reservation-system-phpoop-project-free-source-code.html Softwar...

Open-AudIT Community 4.2.0 Cross Site Scripting

Exploit Title: Open-AudIT Community 4.2.0 - Cross-Site Scripting XSS Authenticated Date: 01/11/2021 Exploit Author: Dominic Clark parzival Vendor Homepage: https://opmantek.com/ Software Link: https://www.open-audit.org/downloads.php Category: WebApps Version: = 4.2.0 Tested on: Windows 10 CVE:...

Online Railway Reservation System 1.0 Remote Code Execution

Exploit Title: Online Railway Reservation System 1.0 - Remote Code Execution RCE Unauthenticated Date: 07/01/2022 Exploit Author: Zachary Asher Vendor Homepage: https://www.sourcecodester.com/php/15121/online-railway-reservation-system-phpoop-project-free-source-code.html Software Link:...

CoreFTP Server Build 725 Directory Traversal

Exploit Title: CoreFTP Server build 725 - Directory Traversal Authenticated Date: 08/01/2022 Exploit Author: LiamInfosec Vendor Homepage: http://coreftp.com/ Version: build 725 and below Tested on: Windows 10 CVE : CVE-2022-22836 Description: CoreFTP Server before 727 allows directory traversal f...

WordPress Contact Form Entries Cross Site Scripting

Exploit Title: Contact Form Entries Vulnerability Discovery: Gaetano Perrone aka gx1 Vendor Homepage: https://www.crmperks.com/ Software Link: https://wordpress.org/plugins/contact-form-entries/ Version: tag. formid parameter is not sanitized, so it is possible to inject arbitrary values. The...

HTTP Commander 3.1.9 Cross Site Scripting

Exploit Title: HTTP Commander 3.1.9 - Stored Cross Site Scripting XSS Date: 07/01/2022 Exploit Author: Oscar Sandén Vendor Homepage: https://www.element-it.com Software Link: https://www.element-it.com/downloads.aspx Version: 3.1.9 Tested on: Windows Server 2016 Description There is a stored XSS ...

Online Examination System Project 1.0 SQL Injection

Title: Online Examination System Project 1.0 SQL - Injections Author: nu11secur1ty Date: 01.10.2022 Vendor: https://projectworlds.in/free-projects/php-projects/ Software: https://projectworlds.in/free-projects/php-projects/online-examination/ Description: The eid parameter in account.php from...

Online Railway Reservation System 1.0 SQL Injection

Exploit Title: Online Railway Reservation System 1.0 - 'id' SQL Injection Unauthenticated Date: 07/01/2022 Exploit Author: twseptian Vendor Homepage: https://www.sourcecodester.com/php/15121/online-railway-reservation-system-phpoop-project-free-source-code.html Software Link:...

Online Resort Management System 1.0 SQL Injection

Title: Online Resort Management System 1.0 SQL - Injections Author: nu11secur1ty Date: 01.09.2022 Vendor: https://www.sourcecodester.com/users/tips23 Software: https://www.sourcecodester.com/php/15126/online-resort-management-system-using-phpoop-free-source-code.html Description: The id parameter...

VUPlayer 2.49 Buffer Overflow

Exploit Title: VUPlayer 2.49 - '.wax' Local Buffer Overflow DEP Bypass Date: 26/06/2021 Exploit Author: Bryan Leong Vendor Homepage: http://www.vuplayer.com/ Software Link: Null Version: VUPlayer 2.49 Tested on: Windows 7 x64 CVE : CVE-2009-0182 VUPlayer 2.49 Local Buffer Overflow to Arbitrary Co...

Microsoft Windows SMB Direct Session Takeover

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Microsoft Windows SMB Direct Session Takeover', 'Description' = %q This module will intercept direct SMB authentication requests to another host,...

Online Veterinary Appointment System 1.0 SQL Injection

Exploit Title: Online Veterinary Appointment System 1.0 - 'Multiple' SQL Injection Date: 05/01/20222 Exploit Author: twseptian Vendor Homepage: https://www.sourcecodester.com/php/15119/online-veterinary-appointment-system-using-phpoop-free-source-code.html Software Link:...

XNU inm_merge Heap Use-After-Free

XNU: heap-use-after-free in inmmerge VULNERABILITY DETAILS bsd/netinet/inmcast.c: int inpjoingroupstruct inpcb inp, struct sockopt sopt ... if isnew if imo-imonummemberships == imo-imomaxmemberships error = imogrowimo, 0; // 1 if error goto outimolocked; / Allocate the new slot upfront so we can...

Backdoor.Win32.SubSeven.c Buffer Overflow

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/bc7f4c4689f1b8ad395404d1e75c776f.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.SubSeven.c Vulnerability: Remote Stack Buffer Overflow Description: The malware liste...

Backdoor.Win32.Jtram.a Man-In-The-Middle

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/596882dfba543b23ad3225d24ee5e800B.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Jtram.a Vulnerability: Port Bounce Scan Description: The malware listens on TCP port...

Backdoor.Win32.SVC Directory Traversal

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/011961a42700e7385a106d362eb661c7B.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.SVC Vulnerability: Directory Traversal Description: The malware listens on TCP port...

Simple Music Cloud Community System 1.0 SQL Injection

Title: Simple Music Cloud Community System 1.0 SQL - Injections Author: nu11secur1ty Date: 01.05.2022 Vendor: https://www.sourcecodester.com/users/tips23 Software: https://www.sourcecodester.com/php/14605/simple-music-cloud-community-system-using-phpmysqli-source-code.html Description: The email...

Backdoor.Win32.Jtram.a Insecure Credential Storage

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/596882dfba543b23ad3225d24ee5e800.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Jtram.a Vulnerability: Insecure Credential Storage Description: The malware listens o...

Backdoor.Win32.Dsklite.a Denial Of Service

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/6c9665de78ae60a8e057d2c9cdb91596.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Dsklite.a Vulnerability: Remote Denial of Service Description: The malware listens on...

Backdoor.Win32.SVC Buffer Overflow

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/011961a42700e7385a106d362eb661c7.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.SVC Vulnerability: Remote Stack Buffer Overflow Description: The malware listens on T...

Backdoor.Win32.Dsklite.a Insecure Transit

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/6c9665de78ae60a8e057d2c9cdb91596B.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Dsklite.a Vulnerability: Insecure Transit Description: The malware listens on TCP...

Vodafone H-500-s 3.5.10 WiFi Password Disclosure

Exploit Title: Vodafone H-500-s 3.5.10 - WiFi Password Disclosure Date: 01/01/2022 Exploit Author: Daniel Monzón stark0de Vendor Homepage: https://www.vodafone.es/ Software Link: N/A Version: Firmware version Vodafone-H-500-s-v3.5.10 Hardware model: Sercomm VFH500 The WiFi access point password...

RiteCMS 3.1.0 Arbitrary File Overwrite

Exploit Title: RiteCMS 3.1.0 - Arbitrary File Overwrite Authenticated Date: 25/07/2021 Exploit Author: faisalfs10x https://github.com/faisalfs10x Vendor Homepage: https://ritecms.com/ Software Link: https://github.com/handylulu/RiteCMS/releases/download/V3.1.0/ritecms.v3.1.0.zip Version: Browse...

RiteCMS 3.1.0 Arbitrary File Deletion

Exploit Title: RiteCMS 3.1.0 - Arbitrary File Deletion Authenticated Date: 25/07/2021 Exploit Author: faisalfs10x https://github.com/faisalfs10x Vendor Homepage: https://ritecms.com/ Software Link: https://github.com/handylulu/RiteCMS/releases/download/V3.1.0/ritecms.v3.1.0.zip Version: = 3.1.0...

Virtual Airline Manager 2.6.2 SQL Injection

Exploit Title: Virtual Airlines Manager 2.6.2 - 'multiple' SQL Injection Google Dork: Powered by Virtual Airlines Manager v2.6.2 Date: 2021-12-30 Exploit Author: Milad Karimi Vendor Homepage: http://virtualairlinesmanager.net Software Link: https://virtualairlinesmanager.net/index.php/vam-release...

WordPress WP Visitor Statistics 4.7 SQL Injection

Exploit Title: WordPress Plugin WP Visitor Statistics 4.7 - SQL Injection Date 22/12/2021 Exploit Author: Ron Jost Hacker5preme Vendor Homepage: https://www.plugins-market.com/ Software Link: https://downloads.wordpress.org/plugin/wp-stats-manager.4.7.zip Version: = 4.7 Tested on: Ubuntu 18.04 CV...

Affiliate Pro 1.7 Cross Site Scripting

Document Title: =============== Affiliate Pro v1.7 - Multiple Cross Site Vulnerabilities References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2281 Release Date: ============= 2022-01-05 Vulnerability Laboratory ID VL-ID: ====================================...