Backdoor.Win32.Coredoor.10.a Man-In-The-Middle

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/4d10cd3fa86239ade05d2b741892b1e5B.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Coredoor.10.a Vulnerability: Port Bounce Scan Description: The malware listens on TC...

Email-Worm.Win32.Deltad Insecure Permissions

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/33f1dc8cf5987751ac0f063601f1c324.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Email-Worm.Win32.Deltad Vulnerability: Insecure Permissions Description: The malware writes an .EXE...

D-Link DSL-3782 Pre-Authentication Remote Root

!/usr/bin/python2 preauth rece for dlink dsl-3782 found: 06.11.2021 pwned: 18.112021 @ 19:26 import sys import urllib2 requests import urllib import struct target = 'http://192.168.0.50/index.php' cgi-bin/ChgLang.asp' nopsled = "" NOP sled XOR $t0, $t0, $t0; as NOP is only null bytes for i in...

ManageEngine ADSelfService Plus Authentication Bypass / Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'ManageEngine ADSelfService Plus CVE-2021-40539', 'Description' = %q This module exploits CVE-2021-40539, a REST API authentication bypass...

Backdoor.Win32.Coredoor.10.a Authentication Bypass / Code Execution

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/4d10cd3fa86239ade05d2b741892b1e5.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Coredoor.10.a Vulnerability: Authentication Bypass RCE Description: The malware liste...

Gerdab.ir SQL Injection

This site belongs to the Revolutionary Guards Intelligence Organization of the Islamic Republic of Iran IRGC, which has a security problem with the SQL INJECTION Vulnerability "CWE-89". We have repeatedly reported to this site that it has a security problem and has ignored our report. We want to...

Bagisto 1.3.3 Client-Side Template Injection

Exploit Title: Bagisto 1.3.3 - Client-Side Template Injection Date: 11-25-2021 Exploit Author: Mohamed Abdellatif Jaber Vendor Homepage: https://bagisto.com/en/ Software Link: https://github.com/bagisto/bagisto Version: v1.3.3 Tested on: windows | chrome | firefox Exploit :. 1- register an accoun...

CMSimple 5.4 Local File Inclusion / Remote Code Execution

Exploit Title: CMSimple 5.4 - Local file inclusion LFI to Remote code execution RCE Authenticated Date: 11/15/2021 Exploit Author: S1lv3r Vendor Homepage: https://www.cmsimple.org/en/ Software Link: https://www.cmsimple.org/en/ Version: CMSimple 5.4 Tested on: CMSimple 5.4 writeup:...

Serva 4.4.0 TFTP Remote Buffer Overflow

Exploit Title: Serva 4.4.0 TFTP Server Remote Buffer Overflow Metasploit Date: 2021-11-23 Exploit Author: Yehia Elghaly Vendor Homepage: https://www.vercot.com/ Software Link : https://www.vercot.com/serva/download/ServaCommunityv4.4.0-21081411.zip Tested Version: 4.4.0 Tested on: Windows XP SP3 ...

HTTPDebuggerPro 9.11 Unquoted Service Path

Exploit Title: HTTPDebuggerPro 9.11 - Unquoted Service Path Exploit Author: Aryan Chehreghani Date: 23/11/2021 Vendor Homepage: https://www.httpdebugger.com Software Link: https://www.httpdebugger.com/download.html Version: 9.11 Tested on: Windows 10 x64 SERVICENAME: HTTPDebuggerPro TYPE : 10...

FLEX 1085 Web 1.6.0 HTML Injection

Exploit Title: FLEX 1085 Web 1.6.0 - HTML Injection Date: 2021-11-21 Exploit Author: Mr Empy Vendor Homepage: https://www.tem.ind.br/ Software Link: https://www.tem.ind.br/?page=prod-detalhe&id=94 Version: 1.6.0 Tested on: Android Title: ================ FLEX 1085 Web - HTML Injection Summary:...

Linux Kernel 5.1.x PTRACE_TRACEME pkexec Local Privilege Escalation

Exploit Title: Linux Kernel 5.1.x - 'PTRACETRACEME' pkexec Local Privilege Escalation 2 Date: 11/22/21 Exploit Author: Ujas Dhami Version: 4.19 - 5.2.1 Platform: Linux Tested on: Ubuntu 19.04 kernel 5.0.0-15-generic Parrot OS 4.5.1 kernel 4.19.0-parrot1-13t-amd64 Kali Linux kernel...

WordPress WP Guppy 1.1 Information Disclosure

Exploit Title: Wordpress Plugin WP Guppy 1.1 - WP-JSON API Sensitive Information Disclosure Exploit Author: Keyvan Hardani Date: 22/11/2021 Vendor Homepage: https://wp-guppy.com/ Version: up to 1.1 Tested on: Kali Linux - Windows 10 - Wordpress 5.8.x and apache2 Usage ./exploit.sh -h !/bin/bash...

GNU gdbserver 9.2 Remote Command Execution

Exploit Title: GNU gdbserver 9.2 - Remote Command Execution RCE Date: 2021-11-21 Exploit Author: Roberto Gesteira Miñarro 7Rocky Vendor Homepage: https://www.gnu.org/software/gdb/ Software Link: https://www.gnu.org/software/gdb/download/ Version: GNU gdbserver Ubuntu 9.2-0ubuntu120.04 9.2 Tested...

Webrun 3.6.0.42 SQL Injection

Exploit Title: Webrun 3.6.0.42 - 'P0' SQL Injection Google Dork: intitle:"Webrun 3.6.0.42" Date: 23/11/2021 Exploit Author: Vinicius Alves Vendor Homepage: https://softwell.com.br/ Version: 3.6.0.42 Tested on: Kali Linux 2021.3 =-=-=-= Description =-=-=-= Webrun version 3.6.0.42 is vulnerable to...

Ionic Identity Vault 5.0.4 PIN Unlock Lockout Bypass

COMPASS SECURITY ADVISORY https://www.compass-security.com/research/advisories/ Product: Identity Vault Vendor: Ionic CSNC ID: CSNC-2021-020 CVE ID: CVE-2021-44033 Subject: PIN Unlock Lockout Bypass Android & iOS Severity: Medium Effect: Authentication Bypass Author: Emanuel Duss Date: 2021-11-19...

Backdoor.Win32.Curioso.zp Insecure Permissions

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/1ae08493913b2a0c8cbcb0541da5a8bc.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Curioso.zp Vulnerability: Insecure Permissions Description: The malware creates a dir...

Wipro Holmes Orchestrator 20.4.1 File Disclosure

Exploit Title: Wipro Holmes Orchestrator 20.4.1 Unauthenticated Log File Disclosure Date: 09/08/2021 Exploit Author: Rizal Muhammed @ub3rsick Vendor Homepage: https://www.wipro.com/holmes/ Version: 20.4.1 Tested on: Windows 10 x64 CVE : CVE-2021-38283 import requests as rq import argparse import...

Modbus Slave 7.3.1 Buffer Overflow

Vendor has been notified and fixed https://www.modbustools.com/ModSlaveChangeLog.txt tested on: Windows XP SP3 - Windows 7 Professional x86 SP1 - Windows 10 x64 Steps to reproduce: 1. - Download and install Modbus Slave 2. - Run the python script and it will create modbus.txt file. 3. - Modbus...

Backdoor.Win32.Acropolis.10 Insecure Permissions

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/e865fc7225c84165d7aa0c7d8a1bcb77.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Acropolis.10 Vulnerability: Insecure Permissions Description: The malware writes an...

OX App Suite 7.10.5 Cross Site Scripting / Information Disclosure

Product: OX App Suite Vendor: OX Software GmbH Internal reference: OXUIB-872 Vulnerability type: Cross-Site Scripting CWE-80 Vulnerable version: 7.10.5 and earlier Vulnerable component: frontend Report confidence: Confirmed Solution status: Fixed by Vendor Fixed version: 7.10.3-rev30, 7.10.4-rev2...

Wipro Holmes Orchestrator 20.4.1 Report Disclosure

Exploit Title: Wipro Holmes Orchestrator 20.4.1 Unauthenticated Excel Report Download Date: 09/08/2021 Exploit Author: Rizal Muhammed @ub3rsick Vendor Homepage: https://www.wipro.com/holmes/ Version: 20.4.1 Tested on: Windows 10 x64 CVE : CVE-2021-38147 In the Wipro Holmes Orchestrator 20.4.1...

Backdoor.Win32.Wollf.a Hardcoded Password

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/52d1341f73c34ba2638581469120b68a.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Wollf.a Vulnerability: Weak Hardcoded Password Description: The malware listens on TC...

OX App Suite / Ox Documents 7.10.x XSS / Code Injection / Traversal

Product: OX App Suite, OX Documents Vendor: OX Software GmbH Internal reference: MWB-993 Vulnerability type: Cross-Site Scripting CWE-80 Vulnerable version: 7.10.5 and earlier Vulnerable component: backend Report confidence: Confirmed Solution status: Fixed by Vendor Fixed version: 7.10.3-rev35,...

Pinkie 2.15 Remote Buffer Overflow

Exploit Title: Pinkie 2.15 - TFTP Remote Buffer Overflow PoC Discovered by: Yehia Elghaly Discovered Date: 2021-11-19 Vendor Homepage: http://www.ipuptime.net/ Software Link : http://ipuptime.net/PinkieSetup.zip Tested Version: 2.15 Vulnerability Type: Buffer Overflow DoS Remote Tested on OS:...

Backdoor.Win32.BlueAdept.02.a Buffer Overflow

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/694d21679cc212c59515584d1b65dc84.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.BlueAdept.02.a Vulnerability: Remote Buffer Overflow Description: The malware listens...

Backdoor.Win32.Agent.ad Insecure Credential Storage

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/d2b933ebadd5c808ca4c68ae173e2d62.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Agent.ad Vulnerability: Insecure Credential Storage Description: The malware listens ...

Aimeos Laravel Ecommerce Platform 2021.10 LTS SQL Injection

Exploit Title: Aimeos Laravel ecommerce platform 2021.10 LTS - 'sort' SQL injection Date: 20/11/2021 Exploit Author: Ilker Burak ADIYAMAN Vendor Homepage: https://aimeos.org Software Link: https://aimeos.org/laravel-ecommerce-package Version: Aimeos 2021.10 LTS Tested on: MacOSX Description: The...

Backdoor.Win32.Antilam.11 Code Execution

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/290477c9707f64a316888493ae67b1ef.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Antilam.11 Vulnerability: Unauthenticated Remote Command Execution Description: The...

Backdoor.Win32.BNLite Buffer Overflow

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/a8818da39c7d36d9b5497d1a875798b8.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.BNLite Vulnerability: Remote Heap Based Buffer Overflow Description: The malware...

Backdoor.Win32.Wollf.h Hardcoded Password

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/5494b78dcfaf16aa43b5dbd563dc5582.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Wollf.h Vulnerability: Hardcoded Cleartext Password Description: The malware listens ...

PuneethReddyHC Online Shopping System Advanced 1.0 SQL Injection

CVE-2021-41648 CVE-2021-41648 SQL Injection in online-shopping-system The online-shopping-system is vulnerable to un-authenticated error/boolean-based blind & error based SQL Injection attacks. The proId parameter on the /action.php page does not sanitize the user input, an attacker can extract...

Apache Storm Nimbus 2.2.0 Command Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'rex/proto/thrift' require 'rex/stopwatch' class MetasploitModule 'Apache Storm Nimbus getTopologyHistory Unauthenticated Command Execution', 'Description' = %q...

Linux SO_PEERCRED / SO_PEERGROUPS Race Condition / Use-After-Free

Linux: UAF read: SOPEERCRED and SOPEERGROUPS race with listen and connect bug description In sockgetsockopt in net/core/sock.c, the handlers for the socket options SOPEERCRED has probably had a data race since forever that got turned into a UAF read in v2.6.36, commit "afunix: Allow SOPEERCRED to...

GitLab 13.10.2 Remote Code Execution

Exploit Title: GitLab 13.10.2 - Remote Code Execution RCE Unauthenticated Shodan Dork: https://www.shodan.io/search?query=title%3A%22GitLab%22+%2B%22Server%3A+nginx%22 Date: 11/01/2021 Exploit Author: Jacob Baines Vendor Homepage: https://about.gitlab.com/ Software Link:...

Bludit 3.13.1 Cross Site Scripting

Exploit Title: Bludit 3.13.1 - 'username' Cross Site Scripting XSS Date: 19/10/2021 Exploit Author: Vasu tamilanmkv Vendor Homepage: https://www.bludit.com Software Link: https://www.bludit.com/releases/bludit-3-13-1.zip Version: bludit-3-13-1 Tested on: kali linux CVE : CVE-2021-35323 Steps to...

LiquidFiles 3.5.13 Privilege Escalation

=============================================================================== title: LiquidFiles Privilege Escalation product: LiquidFiles v3.5.13 vulnerability type: Privilege Escalation severity: Medium CVSSv3 score: 6.7 CVSSv3 vector: AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L found: 2021-10-29 by:...

Quick.CMS 6.7 Cross Site Request Forgery / Cross Site Scripting

Exploit Title: Quick.CMS 6.7 - Cross-site request forgery CSRF to Cross-site Scripting XSS Authenticated Date: 2021-04-21 Exploit Author: Rahad Chowdhury Vendor Homepage: https://opensolution.org/ Software Link: https://opensolution.org/download/home.html?sFile=Quick.Cmsv6.7-en.zip Version: 6.7...

SuiteCRM 7.11.18 Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'SuiteCRM Log File Remote Code Execution', 'Description' = %q This module exploits an input validation error on the log file extension parameter. ...

WordPress Smart Product Review 1.0.4 Shell Upload

Exploit Title: Wordpress Plugin Smart Product Review 1.0.4 - Arbitrary File Upload Google Dork: inurl: /wp-content/plugins/smart-product-review/ Date: 16/11/2021 Exploit Author: Keyvan Hardani Vendor Homepage: https://demo.codeflist.com/wordpress-plugins/smart-product-review/ Version: = 1.0.4...

Online Reviewer System 2.4.0 SQL Injection

Sourcecodester-Online-Reviewer-System-2.4.0 SQL - 4 types of injection vulnerability Vendor Description: The password parameter appears of the Online Reviewer System 1.0 to be vulnerable to SQL injection attacks - 4 types of injection vulnerability. A single quote was submitted in the password...

CMDBuild 3.3.2 Cross Site Scripting

Exploit Title: CMDBuild 3.3.2 - 'Multiple' Cross Site Scripting XSS Date: 15/11/2021 Exploit Author: Hosein Vita Vendor Homepage: https://www.cmdbuild.org Software Link: https://www.cmdbuild.org/en/download/latest-version Version: CMDBuild 3.3.2 Tested on: Linux Summary: Multiple stored cross-sit...

Sitecore Experience Platform (XP) Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Sitecore Experience Platform XP PreAuth Deserialization RCE', 'Description' = %q This module exploits a deserialization vulnerability in the...

Online Learning System 2.0 Remote Code Execution

Exploit Title: Online Learning System 2.0 - Remote Code Execution RCE Date: 15/11/2021 Exploit Author: djebbaranon Vendor Homepage: https://github.com/oretnom23 Software Link: https://www.sourcecodester.com/sites/default/files/download/oretnom23/elearningv20.zip Version: 2.0 Tested on: Kali linux...

PHP Laravel 8.70.1 Cross Site Request Forgery / Cross Site Scripting

Exploit Title: PHP Laravel 8.70.1 - Cross Site Scripting XSS to Cross Site Request Forgery CSRF Date: 14/11/2021 Exploit Author: Hosein Vita Vendor Homepage: https://laravel.com/ Software Link: https://laravel.com/docs/4.2 Version: Laravel Framework 8.70.1 Tested on: Windows/Linux Description: We...

Wipro Holmes Orchestrator 20.4.1 Arbitrary File Download

Exploit Title: Wipro Holmes Orchestrator 20.4.1 Unauthenticated Arbitrary File Read PoC Date: 05/08/2021 Exploit Author: Rizal Muhammed @ub3rsick Vendor Homepage: https://www.wipro.com/holmes/ Version: 20.4.1 Tested on: Windows 10 x64 CVE : CVE-2021-38146 import requests as rq import argparse por...

WordPress Contact Form To Email 1.3.24 Cross Site Scripting

Exploit Title: WordPress Plugin Contact Form to Email 1.3.24 - Stored Cross Site Scripting XSS Authenticated Date: 11/11/2021 Exploit Author: Mohammed Aadhil Ashfaq Vendor Homepage: https://form2email.dwbooster.com/ Version: 1.3.24 Tested on: wordpress POC 1. Click Contact form to Email...

Fuel CMS 1.4.13 SQL Injection

Exploit Title: Fuel CMS 1.4.13 - 'col' Parameter Blind SQL Injection Authenticated Date: 2021-04-11 Exploit Author: Rahad Chowdhury Vendor Homepage: https://www.getfuelcms.com/ Software Link: https://github.com/daylightstudio/FUEL-CMS/archive/1.4.13.zip Version: 1.4.13 Tested on: Kali Linux, PHP...

Talariax sendQuick Alertplus Server Admin 4.3 SQL Injection

Dear Full Disclosure Team, We are writing to submit a full disclosure for the following vulnerability discovered for product Talariax sendQuick Alertplus server admin version 4.3. This is an updated reference for https://seclists.org/fulldisclosure/2021/Oct/1...

Simple Subscription Website 1.0 SQL Injection

Exploit Title: Simple Subscription Website 1.0 - SQLi Authentication Bypass Exploit Author: Daniel Haro Dirox Vendor Homepage: https://www.sourcecodester.com/php/15013/simple-subscription-website-admin-panel-php-and-sqlite-source-code.html Software Link:...