50621 matches found
Engineers Online Portal 1.0 SQL Injection
Exploit Title: Engineers Online Portal 1.0 is vulnerable to three types of SQL injection attacks. Author: nu11secur1ty Testing and Debugging: nu11secur1ty Date: 10.13.2021 Vendor: https://www.sourcecodester.com/users/janobe Link:...
Trojan-Proxy.Win32.Ranky.z Unauthenticated Open Proxy
Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/e312385f64e6b8fd667b4f9b5ea1ff70.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Trojan-Proxy.Win32.Ranky.z Vulnerability: Unauthenticated Open Proxy Description: The malware listen...
Trojan-Proxy.Win32.Ranky.dh Unauthenticated Open Proxy
Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/dcc58648868f1d5c0d7c53250f1bd5c9.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Trojan-Proxy.Win32.Ranky.dh Vulnerability: Unauthenticated Open Proxy Description: The malware liste...
Mitsubishi Electric / INEA SmartRTU Source Code Disclosure
Exploit Title: Mitsubishi Electric & INEA SmartRTU - Source Code Disclosure Date: 2021-17-10 Exploit Author: Hamit CİBO Vendor Homepage: https://www.inea.si Software Link: https://www.inea.si/telemetrija-in-m2m-produkti/mertu/ Version: ME RTU Tested on: Windows CVE : CVE-2018-16060 PoC Request GE...
Plastic SCM 10.0.16.5622 Insecure Direct Object Reference
Exploit Title: Plastic SCM 10.0.16.5622 - WebAdmin Server Access Shodan Dork: title:"Plastic SCM" Date: 18.10.2021 Exploit Author: Basavaraj Banakar Vendor Homepage: https://www.plasticscm.com/ Software Link: https://www.plasticscm.com/download/releasenotes/10.0.16.5622 Version: Plastic SCM...
Company's Recruitment Management System 1.0 Cross Site Scripting
Exploit Title: Company's Recruitment Management System 1.0. - 'title' Stored Cross-Site Scripting XSS Date: 17-10-2021 Exploit Author: Aniket Deshmane Vendor Homepage: https://www.sourcecodester.com/php/14959/companys-recruitment-management-system-php-and-sqlite-free-source-code.html Software Lin...
Backdoor.Win32.LanFiltrator.11.b Code Execution
Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/9f87546e667e5af59a8580ddf7fd43c7.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.LanFiltrator.11.b Vulnerability: Unauthenticated Remote Command Execution Description...
Backdoor.Win32.LanaFTP.k Heap Corruption
Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/e2660742a80433e027ee9bdedc40e190.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.LanaFTP.k Vulnerability: Heap Corruption Description: The malware listens on TCP port...
Mitsubishi Electric / INEA SmartRTU Cross Site Scripting
Exploit Title: Mitsubishi Electric & INEA SmartRTU - Reflected Cross-Site Scripting XSS Date: 2021-17-10 Exploit Author: Hamit CİBO Vendor Homepage: https://www.inea.si Software Link: https://www.inea.si/telemetrija-in-m2m-produkti/mertu/ Version: ME RTU Tested on: Windows CVE : CVE-2018-16061 Po...
Virus.Win32.Ipamor.c Unauthenticated Remote System Reboot
Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/bbf032a3aa288f02403295f0472d1f05.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Virus.Win32.Ipamor.c Vulnerability: Unauthenticated Remote System Reboot Description: The malware...
Worm.Win32.Fasong.c Unquoted Service Path
Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/bc6f4a283b6b8308c60bb70cc81edfd8.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Worm.Win32.Fasong.c Vulnerability: Insecure Service Path Description: The malware creates a service...
Trojan-Spy.Win32.Ardamax.ocx Insecure Permissions
Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/78a39875a0adb110cf3c7de3a0d1384c.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Trojan-Spy.Win32.Ardamax.ocx Vulnerability: Insecure Permissions Description: The malware creates an...
Support Board 3.3.4 Cross Site Scripting
Exploit Title: Support Board 3.3.4 - 'Message' Stored Cross-Site Scripting XSS Date: 16/10/2021 Exploit Author: John Jefferson Li Vendor Homepage: https://board.support/ Software Link: https://codecanyon.net/item/support-board-help-desk-and-chat/20359943 Version: 3.3.4 Tested on: Ubuntu 20.04.2...
i-Panel Administration System 2.0 Cross Site Scripting
Exploit Title: i-Panel Administration System 2.0 - Reflected Cross-site Scripting XSS Date: 04.10.2021 Exploit Author: Forster Chiu Vendor Homepage: https://www.hkurl.com Version: 2.0 Tested on: Chrome, Edge and Firefox CVE: CVE-2021-41878 Reference:...
TextPattern CMS 4.8.7 Shell Upload
Exploit Title: TextPattern CMS 4.8.7 - Remote Command Execution RCE Authenticated Date: 2021/09/06 Exploit Author: Mert Daş [email protected] Software Link: https://textpattern.com/filedownload/113/textpattern-4.8.7.zip Software web: https://textpattern.com/ Tested on: Server: Xampp First of...
SolarWinds Kiwi CatTools 3.11.8 Unquoted Service Path
Exploit Title: SolarWinds Kiwi CatTools 3.11.8 - Unquoted Service Path Exploit Author: Mert DAŞ Version: 3.11.8 Date: 14.10.2021 Vendor Homepage: https://www.solarwinds.com/ Tested on: Windows 10 Step to discover Unquoted Service Path : -------------------------------------- C:\Users\Mertsc qc...
IFSC Code Finder Project 1.0 SQL Injection
Hello, dear friends. KR CVE-2021-42224 Vendor Description: - vulnerability: all or nothing SQL Injection vulnerability exists in IFSC Code Finder Project 1.0 via the searchifsccode POST parameter in /search.php. The searchifsccode parameter appears to be vulnerable to SQL injection attacks. The...
Yellowfin Cross Site Scripting / Insecure Direct Object Reference
YELLOWFIN 9.6.1 MULTIPLE VULNERABILITIES ---------------------------------------------------- Vulnerability: ============== Stored Cross-Site Scripting Affected Products and Versions: =============================== Yellowfin 9.6.1 CVEID: ====== CVE-2021-36387 CVSSv3.1 Score: =============== 5.4...
Lifestyle Store 1.0 Cross Site Scripting
Lifestyle Store 1.0 Cross Site Scripting Exploit Title: Lifestyle Store Online Shop Store 1.0 - Reflected Cross-Site Scripting XSS Date: 2021-10-12 Author: Thamer https://twitter.com/thamer9900 Software Link: https://download-media.code-projects.org/2021/07/OnlineShopStoreInPHPWithSourceCode.zip...
Alchemy CMS 6.0.0 Arbitrary File Upload
Exploit Title: AlchemyCMS 2.x to 6.0.0 - Unrestricted File Upload authenticated Date: 01/10/2021 Exploit Author: Abdulrahman https://twitter.com/infosec90 Vendor Homepage: https://alchemy-cms.com Software Link: https://github.com/AlchemyCMS/alchemycms Version: from 2.0 to 6.0.0 Tested on: Linux...
Simple Issue Tracker System 1.0 SQL Injection
Exploit Title: Simple Issue Tracker System 1.0 - SQLi Authentication Bypass Date: 11.10.2021 Exploit Author: Bekir Bugra TURKOGLU Vendor Homepage: https://www.sourcecodester.com/php/14938/simple-issue-tracker-system-project-using-php-and-sqlite-free-download.html Software Link:...
Apache HTTP Server 2.4.50 Path Traversal / Code Execution
Exploit: Apache HTTP Server 2.4.50 - Path Traversal & Remote Code Execution RCE Date: 10/05/2021 Exploit Author: Lucas Souza https://lsass.io Vendor Homepage: https://apache.org/ Version: 2.4.50 Tested on: 2.4.50 CVE : CVE-2021-42013 Credits: Ash Daulton and the cPanel Security Team !/bin/bash if...
Keycloak 12.0.1 Server-Side Request Forgery
Exploit Title: Keycloak 12.0.1 - 'requesturi ' Blind Server-Side Request Forgery SSRF Unauthenticated Date: 2021-10-13 Exploit Author: Mayank Deshmukh Author Twitter: ColdFusionX Vendor Homepage: https://www.keycloak.org/ Software Link: https://www.keycloak.org/archive/downloads-12.0.1.html...
Logitech Media Server 8.2.0 Cross Site Scripting
Exploit Title: Logitech Media Server 8.2.0 - 'Title' Cross-Site Scripting XSS Shodan Dork: Search Logitech Media Server Date: 12.10.2021 Exploit Author: Mert Das Vendor Homepage: www.logitech.com Version: 8.2.0 Tested on: Windows 10, Linux POC: 1. Go to Settings / Interface tab 2. Add payload to...
Simple Payroll System 1.0 SQL Injection
Exploit Title: Simple Payroll System 1.0 - SQLi Authentication Bypass Date: 2021-10-09 Exploit Author: Yash Mahajan Vendor Homepage: https://www.sourcecodester.com/php/14974/simple-payroll-system-dynamic-tax-bracket-php-using-sqlite-free-source-code.html Software Link:...
myfactory.FMS 7.1-911 Cross Site Scripting
Advisory: Cross-Site Scripting in myfactory.FMS During a penetration test, a reflected cross-site scripting vulnerability XSS was found in the myfactory.FMS login form. If a user opens an attacker-prepared link to the application, attackers can run arbitrary JavaScript code in the user's browser...
Sonicwall SonicOS 7.0 Host Header Injection
Exploit Title: Sonicwall SonicOS 7.0 - Host Header Injection Google Dork: inurl:"auth.html" intitle:"SonicWall" intitle:"SonicWall Analyzer Login" Discovered Date: 03/09/2020 Reported Date: 07/09/2020 Exploit Author: Ramikan Vendor Homepage:sonicwall.com Affected Devices: All SonicWall Next Gen 6...
Pharmacy Point Of Sale System 1.0 Cross Site Request Forgery
Exploit Title: Pharmacy Point of Sale System 1.0 - 'Add New User' Cross-Site Request Forgery CSRF Date: 10/11/2021 Exploit Author: Murat DEMIRCI @butterflyhunt3r Vendor Homepage: https://www.sourcecodester.com/ Software Link:...
Student Quarterly Grading System 1.0 Cross Site Scripting
Exploit Title: Student Quarterly Grading System 1.0 - 'grade' Stored Cross-Site Scripting XSS Date: 11.10.2021 Exploit Author: Hüseyin Serkan Balkanli Vendor Homepage: https://www.sourcecodester.com/php/14953/student-quarterly-grading-system-using-php-and-sqlite-free-source-code.html Software Lin...
Moodle Teacher Enrollment Privilege Escalation / Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Moodle Teacher Enrollment Privilege Escalation to RCE', 'Description' = %q Moodle version 3.9, 3.8 to 3.8.3, 3.7 to 3.7.6, 3.5 to 3.5.12 and...
Moodle Admin Shell Upload
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Moodle Admin Shell Upload', 'Description' = %q This module will generate a plugin which can receive a malicious payload request and upload it to ...
Moodle Authenticated Spelling Binary Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'rexml/document' class MetasploitModule 'Moodle Authenticated Spelling Binary RCE', 'Description' = %q Moodle allows an authenticated user to define spellcheck...
Moodle SpellChecker Path Authenticated Remote Command Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Moodle SpellChecker Path Authenticated Remote Command Execution', 'Description' = %q Moodle allows an authenticated administrator to define...
Aviatrix Controller 6.x Path Traversal / Code Execution
!/usr/bin/env python3 import requests from requests.structures import CaseInsensitiveDict from colorama import Fore, Style import argparse from requests.packages.urllib3.exceptions import InsecureRequestWarning requests.packages.urllib3.disablewarningsInsecureRequestWarning printf""" ░█▀▀█ ░█──░█...
Cypress Solutions CTM-200/CTM-ONE Hard-Coded Credentials Remote Root
!/usr/bin/env python3 Cypress Solutions CTM-200/CTM-ONE Hard-coded Credentials Remote Root Telnet/SSH Vendor: Cypress Solutions Inc. Product web page: https://www.cypress.bc.ca Affected version: CTM-ONE 1.3.6-latest CTM-ONE 1.3.1 CTM-ONE 1.1.9 CTM200 2.7.1.5659-latest CTM200 2.0.5.3356-184 Summar...
Cypress Solutions CTM-200 2.7.1 Root Remote OS Command Injection
Cypress Solutions CTM-200 2.7.1 Root Remote OS Command Injection Vendor: Cypress Solutions Inc. Product web page: https://www.cypress.bc.ca Affected version: 2.7.1.5659 2.0.5.3356-184 Summary: CTM-200 is the industrial cellular wireless gateway for fixed and mobile applications. The CTM-200 is a...
IFSC Code Finder Project 1.0 SQL Injection
Title: IFSC Code Finder Project 1.0 - SQL injection Unauthenticated Exploit Author: Yash Mahajan Date: 2021-10-07 Vendor Homepage: https://phpgurukul.com/ifsc-code-finder-project-using-php/ Version: 1 Software Link: https://phpgurukul.com/?smdprocessdownload=1&downloadid=14478 Tested On: Windows...
Simple Online College Entrance Exam System 1.0 SQL Injection
Exploit Title: Simple Online College Entrance Exam System 1.0 - 'Multiple' SQL injection Date: 07.10.2021 Exploit Author: Amine ismail @aminei Vendor Homepage: https://www.sourcecodester.com/php/14976/simple-online-college-entrance-exam-system-php-and-sqlite-free-source-code.html Software Link:...
Cmder Console Emulator 1.3.18 Denial Of Service
Exploit Title: Cmder Console Emulator 1.3.18 - 'Cmder.exe' Denial-of-Service PoC Date: 2021-10-07 Exploit Author: Aryan Chehreghani Vendor Homepage: https://cmder.net Software Link: https://github.com/cmderdev/cmder/releases/download/v1.3.18/cmder.zip Version: v1.3.18 Tested on: Windows 10 About ...
WordPress Pie Register 3.7.1.4 Privilege Escalation
Exploit Title: WordPress Plugin Pie Register 3.7.1.4 - Admin Privilege Escalation Unauthenticated Google Dork: inurl:/plugins/pie-register/ Date: 08.10.2021 Exploit Author: Lotfi13-DZ Vendor Homepage: https://wordpress.org/plugins/pie-register/ Software Link:...
Online Employees Work From Home Attendance System 1.0 SQL Injection
Exploit Title: Online Employees Work From Home Attendance System 1.0 - SQLi Authentication Bypass Date: 08.10.2021 Exploit Author: Merve Oral Vendor Homepage: https://www.sourcecodester.com/php/14981/online-employees-work-home-attendance-system-php-and-sqlite-free-source-code.html Software Link:...
Online Enrollment Management System 1.0 SQL Injection
Exploit Title: Online Enrollment Management System 1.0 - Authentication Bypass Date: 07.10.2021 Exploit Author: Amine ismail @aminei Vendor Homepage: https://www.sourcecodester.com/php/12914/online-enrollment-management-system-paypal-payments-phpmysqli.html Software Link:...
Simple Online College Entrance Exam System 1.0 Account Takeover
Exploit Title: Simple Online College Entrance Exam System 1.0 - Account Takeover Date: 07.10.2021 Exploit Author: Amine ismail @aminei Vendor Homepage: https://www.sourcecodester.com/php/14976/simple-online-college-entrance-exam-system-php-and-sqlite-free-source-code.html Software Link:...
Maian-Cart 3.8 Remote Code Execution
Exploit title: Maian-Cart 3.8 - Remote Code Execution RCE Unauthenticated Date: 27.11.2020 19:35 Tested on: Ubuntu 20.04 LTS Exploit Authors: DreyAnd, purpl3 Software Link: https://www.maiancart.com/download.html Vendor homepage: https://www.maianscriptworld.co.uk/ Version: Maian Cart 3.8 CVE:...
django-unicorn 0.35.3 Cross Site Scripting
Exploit Title: django-unicorn 0.35.3 - Stored Cross-Site Scripting XSS Date: 10/7/21 Exploit Author: Raven Security Associates, Inc. ravensecurity.net Software Link: https://pypi.org/project/django-unicorn/ Version: = 0.35.3 CVE: CVE-2021-42053 django-unicorn = 0.35.3 suffers from a stored XSS...
Simple Online College Entrance Exam System 1.0 Unauthenticated Admin Creation
Exploit Title: Simple Online College Entrance Exam System 1.0 - Unauthenticated Admin Creation Date: 07.10.2021 Exploit Author: Amine ismail @aminei Vendor Homepage: https://www.sourcecodester.com/php/14976/simple-online-college-entrance-exam-system-php-and-sqlite-free-source-code.html Software...
Online Traffic Offense Management System 1.0 Privilege Escalation
Exploit Title: Online Traffic Offense Management System 1.0 - Privilage escalation Unauthenticated Date: 07/10/2021 Exploit Author: Hubert Wojciechowski Contact Author: [email protected] Vendor Homepage: https://www.sourcecodester.com Software Link:...
Dolibarr ERP / CRM 14.0.2 Cross Site Scripting / Privilege Escalation
Exploit Title: Dolibarr ERP & CRM v14.0.2 Stored XSS / Privilege Escalation Exploit Author: Oscar Gutierrez m4xp0w3r Date: October 9, 2021 Vendor Homepage: https://www.dolibarr.org/ Software Link: https://github.com/Dolibarr Tested on: Ubuntu, LAAMP Vendor: Dolibarr Version: v14.0.2 Exploit...
Loan Management System 1.0 SQL Injection
Exploit Title: Loan Management System 1.0 - SQLi Authentication Bypass Date: 08.10.2021 Exploit Author: Merve Oral Vendor Homepage: https://www.sourcecodester.com/php/14471/loan-management-system-using-phpmysql-source-code.html Software Link:...
Online Traffic Offense Management System 1.0 SQL Injection
Exploit Title: Online Traffic Offense Management System 1.0 - Multiple SQL Injection Unauthenticated Date: 07/10/2021 Exploit Author: Hubert Wojciechowski Contact Author: [email protected] Vendor Homepage: https://www.sourcecodester.com Software Link:...