50773 matches found
AgentTesla Builder Web Panel SQL Injection
Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/db9629508fda139f71f625d764c7eff7B.txt Contact: [email protected] Media: twitter.com/malvuln Threat: AgentTesla Builder Web Panel Vulnerability: SQL Injection Description: The AgentTeslaBuilder WebUI...
SB Admin Cross Site Request Forgery / SQL Injection
$$$$$$$\ $$ $$\ $$ | $$ |$$\ $$\ $$\ $$$$$$$\ $$$$$$\ $$$$$$$\ $$$$$$$ |$$ | $$ | $$ |$$ $$\ $$ $$\ $$ | $$ / $$ | $$ | $$ |$$ | $$ | $$$$$$$$ |$$ / $$ | $$ | $$ | $$ |$$ | $$ | $$ |$$ | $$ | $$$$$$$$$ |$$ | $$ |$$\$$$$$$$\ $$$$$$$\ | \/ | ||| | Offensive Security Community Ecuador...
AgentTesla Builder Web Panel Cross Site Scripting
Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/db9629508fda139f71f625d764c7eff7.txt Contact: [email protected] Media: twitter.com/malvuln Threat: AgentTesla Builder Web Panel Vulnerability: Cross Site Scripting XSS Description: AgentTeslaBuilder...
Win32.MarsStealer Web Panel Cross Site Scripting
Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/8abb41f6e7010d70c90f65fd9a740faaB.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Win32.MarsStealer Web Panel Vulnerability: Unauthenticated Remote Persistent XSS Description: The...
Cisco IP Phone Cleartext Password Storage
SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Cleartext Storage of Phone Password product: Cisco IP Phone Series 78x1, 88x5, 88x1, 7832, 8832, 8821 and 3905 vulnerable version: Firmware 14.1.1, Firmware 11.06SR2 devi...
Ab Stealer Web Panel Cross Site Scripting
Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/9e44c10307aa8194753896ecf8102167.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Ab Stealer Web Panel Vulnerability: Unauthenticated Remote Persistent XSS Description: The "Ab...
OpenBMCS 2.4 Secret Disclosure
OpenBMCS 2.4 Secrets Disclosure Vendor: OPEN BMCS Product web page: https://www.openbmcs.com Affected version: 2.4 Summary: Building Management & Controls System BMCS. No matter what the size of your business, the OpenBMCS software has the ability to expand to hundreds of controllers. Our product...
OpenBMCS 2.4 SQL Injection
OpenBMCS 2.4 Authenticated SQL Injection Vendor: OPEN BMCS Product web page: https://www.openbmcs.com Affected version: 2.4 Summary: Building Management & Controls System BMCS. No matter what the size of your business, the OpenBMCS software has the ability to expand to hundreds of controllers. Ou...
Worktime 10.20 Build 4967 DLL Hijacking
/ Description: A vulnerability exists in windows that allows other applications dynamic link libraries to execute malicious code without the users consent, in the privelage context of the targeted application. Exploit Title: Worktime 10.20 Build 4967 DLL Hijacking Exploit Date: 15/01/2022 Author:...
Worktime 10.20 Build 4967 Unquoted Service Path
Exploit Title: WorkTime 10.20 Build Build 4967 Unquoted Service Path Discovery by: Yehia Elghaly Date: 30-12-2021 Vendor Homepage: https://www.worktime.com/ Software Link: https://www.worktime.com/download/worktimecorporate.exe Tested Version: 10.20 Build Build 4967 Vulnerability Type: Unquoted...
SalonERP 3.0.1 SQL Injection
Exploit Title: SalonERP 3.0.1 - 'sql' SQL Injection Authenticated Exploit Author: Betul Denizler Vendor Homepage: https://salonerp.sourceforge.io/ Software Link: https://sourceforge.net/projects/salonerp/files/latest/download Version: SalonERP v3.0.1 Tested on: Ubuntu Mate 20.04 Vulnerable...
WordPress Core 5.8.2 SQL Injection
Exploit Title: WordPress Core 5.8.2 - 'WPQuery' SQL Injection Date: 11/01/2022 Exploit Author: Aryan Chehreghani Vendor Homepage: https://wordpress.org Software Link: https://wordpress.org/download/releases Version: 5.8.3 Tested on: Windows 10 CVE : CVE-2022-21661 VULNERABILITY DETAILS : This...
SonicWall SMA 100 Series Authenticated Command Injection
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'SonicWall SMA 100 Series Authenticated Command Injection', 'Description' = %q This module exploits an authenticated command injection vulnerabili...
Online Diagnostic Lab Management System 1.0 SQL Injection
Exploit Title: Online Diagnostic Lab Management System 1.0 - SQL Injection Unauthenticated Date: 11/01/2022 Exploit Author: Himash Vendor Homepage: https://www.sourcecodester.com/php/15129/online-diagnostic-lab-management-system-php-free-source-code.html Software Link:...
Online Diagnostic Lab Management System 1.0 Cross Site Scripting
Exploit Title: Online Diagnostic Lab Management System 1.0 - Stored Cross Site Scripting XSS Date: 11/01/2022 Exploit Author: Himash Vendor Homepage: https://www.sourcecodester.com/php/15129/online-diagnostic-lab-management-system-php-free-source-code.html Software Link:...
RLM 14.2 Cross Site Scripting
Product: RLM 14.2 Vendor: Reprise Software CVE ID: CVE-2021-45422 Vulnerability Title: Reflected Cross-Site Scripting Severity: Medium Authors: Giulia Melotti Garibaldi Date: 2022-01-11 Introduction: An issue was discovered in Reprise License Manager 14.2, Reprise License Manager 14.2 is affected...
Hospitals Patient Records Management System 1.0 Cross Site Scripting
Exploit Title: Hospitals Patient Records Management System 1.0 - 'doctors' Stored Cross Site Scripting XSS Exploit Author: Sant268 Vendor Homepage: https://www.sourcecodester.com/ Software Link:...
Online Diagnostic Lab Management System 1.0 Missing Access Control
Exploit Title: Online Diagnostic Lab Management System 1.0 - Account Takeover Unauthenticated Date: 11/01/2022 Exploit Author: Himash Vendor Homepage: https://www.sourcecodester.com/php/15129/online-diagnostic-lab-management-system-php-free-source-code.html Software Link:...
WordPress Frontend Uploader 1.3.2 Cross Site Scripting
Exploit Title: WordPress Plugin Frontend Uploader 1.3.2 - Stored Cross Site Scripting XSS Unauthenticated Date: 10/01/2022 Exploit Author: Veshraj Ghimire Vendor Homepage: https://wordpress.org/plugins/frontend-uploader/ Software Link: https://plugins.trac.wordpress.org/browser/frontend-uploader/...
Crestron HD-MD4X2-4K-E 1.0.0.2159 Credential Disclosure
Advisory: Credential Disclosure in Web Interface of Crestron Device When the administrative web interface of the Crestron HDMI switcher is accessed unauthenticated, user credentials are disclosed which are valid to authenticate to the web interface. Details ======= Product: Crestron HD-MD4X2-4K-E...
Log4Shell HTTP Header Injection
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Log4Shell HTTP Header Injection', 'Description' = %q Versions of Apache Log4j2 impacted by CVE-2021-44228 which allow JNDI features used in...
Backdoor.Win32.Controlit.10 Code Execution
Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/859aab793a42868343346163bd42f485.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Controlit.10 Vulnerability: Unauthenticated Remote Command Execution Description: The...
Microsoft Windows Defender / Detection Bypass
Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/MICROSOFTWINDOWSDEFENDERDETECTIONBYPASS.txt + twitter.com/hyp3rlinx + ISR: ApparitionSec Vendor www.microsoft.com Product Windows Defender Microsoft Defender Antivirus is a...
Microsoft Windows .Reg File Dialog Spoofing / Mitigation Bypass
Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/MICROSOFTWINDOWSREGFILEDIALOGSPOOFMITIGATIONBYPASS.txt + twitter.com/hyp3rlinx + ISR: ApparitionSec Vendor www.microsoft.com A file with the .reg file extension is a...
Online Resort Management System 1.0 SQL Injection
Title: Online Resort Management System 1.0 SQL - Injections Author: nu11secur1ty Date: 01.09.2022 Vendor: https://www.sourcecodester.com/users/tips23 Software: https://www.sourcecodester.com/php/15126/online-resort-management-system-using-phpoop-free-source-code.html Description: The id parameter...
Online Railway Reservation System 1.0 Missing Access Control
Exploit Title: Online Railway Reservation System 1.0 - Admin Account Creation Unauthenticated Date: 07/01/2022 Exploit Author: Zachary Asher Vendor Homepage: https://www.sourcecodester.com/php/15121/online-railway-reservation-system-phpoop-project-free-source-code.html Software Link:...
CoreFTP Server Build 725 Directory Traversal
Exploit Title: CoreFTP Server build 725 - Directory Traversal Authenticated Date: 08/01/2022 Exploit Author: LiamInfosec Vendor Homepage: http://coreftp.com/ Version: build 725 and below Tested on: Windows 10 CVE : CVE-2022-22836 Description: CoreFTP Server before 727 allows directory traversal f...
VUPlayer 2.49 Buffer Overflow
Exploit Title: VUPlayer 2.49 - '.wax' Local Buffer Overflow DEP Bypass Date: 26/06/2021 Exploit Author: Bryan Leong Vendor Homepage: http://www.vuplayer.com/ Software Link: Null Version: VUPlayer 2.49 Tested on: Windows 7 x64 CVE : CVE-2009-0182 VUPlayer 2.49 Local Buffer Overflow to Arbitrary Co...
Online Railway Reservation System 1.0 SQL Injection
Exploit Title: Online Railway Reservation System 1.0 - 'id' SQL Injection Unauthenticated Date: 07/01/2022 Exploit Author: twseptian Vendor Homepage: https://www.sourcecodester.com/php/15121/online-railway-reservation-system-phpoop-project-free-source-code.html Software Link:...
HTTP Commander 3.1.9 Cross Site Scripting
Exploit Title: HTTP Commander 3.1.9 - Stored Cross Site Scripting XSS Date: 07/01/2022 Exploit Author: Oscar Sandén Vendor Homepage: https://www.element-it.com Software Link: https://www.element-it.com/downloads.aspx Version: 3.1.9 Tested on: Windows Server 2016 Description There is a stored XSS ...
Open-AudIT Community 4.2.0 Cross Site Scripting
Exploit Title: Open-AudIT Community 4.2.0 - Cross-Site Scripting XSS Authenticated Date: 01/11/2021 Exploit Author: Dominic Clark parzival Vendor Homepage: https://opmantek.com/ Software Link: https://www.open-audit.org/downloads.php Category: WebApps Version: = 4.2.0 Tested on: Windows 10 CVE:...
Online Railway Reservation System 1.0 Cross Site Scripting
Exploit Title: Online Railway Reservation System 1.0 - 'Multiple' Stored Cross Site Scripting XSS Unauthenticated Date: 07/01/2022 Exploit Author: Zachary Asher Vendor Homepage: https://www.sourcecodester.com/php/15121/online-railway-reservation-system-phpoop-project-free-source-code.html Softwar...
Online Examination System Project 1.0 SQL Injection
Title: Online Examination System Project 1.0 SQL - Injections Author: nu11secur1ty Date: 01.10.2022 Vendor: https://projectworlds.in/free-projects/php-projects/ Software: https://projectworlds.in/free-projects/php-projects/online-examination/ Description: The eid parameter in account.php from...
Online Railway Reservation System 1.0 Remote Code Execution
Exploit Title: Online Railway Reservation System 1.0 - Remote Code Execution RCE Unauthenticated Date: 07/01/2022 Exploit Author: Zachary Asher Vendor Homepage: https://www.sourcecodester.com/php/15121/online-railway-reservation-system-phpoop-project-free-source-code.html Software Link:...
WordPress Contact Form Entries Cross Site Scripting
Exploit Title: Contact Form Entries Vulnerability Discovery: Gaetano Perrone aka gx1 Vendor Homepage: https://www.crmperks.com/ Software Link: https://wordpress.org/plugins/contact-form-entries/ Version: tag. formid parameter is not sanitized, so it is possible to inject arbitrary values. The...
Microsoft Windows SMB Direct Session Takeover
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Microsoft Windows SMB Direct Session Takeover', 'Description' = %q This module will intercept direct SMB authentication requests to another host,...
Online Veterinary Appointment System 1.0 SQL Injection
Exploit Title: Online Veterinary Appointment System 1.0 - 'Multiple' SQL Injection Date: 05/01/20222 Exploit Author: twseptian Vendor Homepage: https://www.sourcecodester.com/php/15119/online-veterinary-appointment-system-using-phpoop-free-source-code.html Software Link:...
XNU inm_merge Heap Use-After-Free
XNU: heap-use-after-free in inmmerge VULNERABILITY DETAILS bsd/netinet/inmcast.c: int inpjoingroupstruct inpcb inp, struct sockopt sopt ... if isnew if imo-imonummemberships == imo-imomaxmemberships error = imogrowimo, 0; // 1 if error goto outimolocked; / Allocate the new slot upfront so we can...
Backdoor.Win32.SubSeven.c Buffer Overflow
Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/bc7f4c4689f1b8ad395404d1e75c776f.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.SubSeven.c Vulnerability: Remote Stack Buffer Overflow Description: The malware liste...
Backdoor.Win32.Jtram.a Insecure Credential Storage
Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/596882dfba543b23ad3225d24ee5e800.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Jtram.a Vulnerability: Insecure Credential Storage Description: The malware listens o...
Backdoor.Win32.SVC Directory Traversal
Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/011961a42700e7385a106d362eb661c7B.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.SVC Vulnerability: Directory Traversal Description: The malware listens on TCP port...
Backdoor.Win32.SVC Buffer Overflow
Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/011961a42700e7385a106d362eb661c7.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.SVC Vulnerability: Remote Stack Buffer Overflow Description: The malware listens on T...
Backdoor.Win32.Jtram.a Man-In-The-Middle
Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/596882dfba543b23ad3225d24ee5e800B.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Jtram.a Vulnerability: Port Bounce Scan Description: The malware listens on TCP port...
Backdoor.Win32.Dsklite.a Insecure Transit
Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/6c9665de78ae60a8e057d2c9cdb91596B.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Dsklite.a Vulnerability: Insecure Transit Description: The malware listens on TCP...
Backdoor.Win32.Dsklite.a Denial Of Service
Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/6c9665de78ae60a8e057d2c9cdb91596.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Dsklite.a Vulnerability: Remote Denial of Service Description: The malware listens on...
Simple Music Cloud Community System 1.0 SQL Injection
Title: Simple Music Cloud Community System 1.0 SQL - Injections Author: nu11secur1ty Date: 01.05.2022 Vendor: https://www.sourcecodester.com/users/tips23 Software: https://www.sourcecodester.com/php/14605/simple-music-cloud-community-system-using-phpmysqli-source-code.html Description: The email...
Hostel Management System 2.1 Cross Site Scripting
Exploit Title: Hostel Management System 2.1 - Cross Site Scripting XSS Date: 26/12/2021 Exploit Author: Chinmay Vishwas Divekar Vendor Homepage: https://phpgurukul.com/hostel-management-system/ Software Link: https://phpgurukul.com/hostel-management-system/ Version: V 2.1 Tested on: PopOS20.10...
Nettmp NNT 5.1 SQL Injection
Exploit Title: Nettmp NNT 5.1 - SQLi Authentication Bypass Date: 23/12/2021 Exploit Author: Momen Eldawakhly Cyber Guy Vendor Homepage: https://wiki.nettemp.tk Software Link: https://wiki.nettemp.tk Version: nettmp NNT Tested on: Linux Ubuntu 20.04 Payload: username: 1' or 1=1;-- password: \ Proo...
Virtual Airline Manager 2.6.2 SQL Injection
Exploit Title: Virtual Airlines Manager 2.6.2 - 'multiple' SQL Injection Google Dork: Powered by Virtual Airlines Manager v2.6.2 Date: 2021-12-30 Exploit Author: Milad Karimi Vendor Homepage: http://virtualairlinesmanager.net Software Link: https://virtualairlinesmanager.net/index.php/vam-release...
WordPress WP Visitor Statistics 4.7 SQL Injection
Exploit Title: WordPress Plugin WP Visitor Statistics 4.7 - SQL Injection Date 22/12/2021 Exploit Author: Ron Jost Hacker5preme Vendor Homepage: https://www.plugins-market.com/ Software Link: https://downloads.wordpress.org/plugin/wp-stats-manager.4.7.zip Version: = 4.7 Tested on: Ubuntu 18.04 CV...