AHSS-PHP 1.0 Cross Site Scripting / SQL Injection

Exploit Title: AHSS-PHP by: oretnom23 v1.0 is vulnerable in the application /scheduler/classes/Login.php to remote SQL-Injection-Bypass-Authentication + XSS-Stored Hijacking PHPSESSID Author: nu11secur1ty Testing and Debugging: nu11secur1ty Date: 09.15.2021 Vendor:...

elFinder Archive Command Injection

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'elFinder Archive Command Injection', 'Description' = %q elFinder versions below 2.1.59 are vulnerable to a command injection vulnerability via it...

Purchase Order Management System 1.0 Shell Upload

Exploit Title: Purchase Order Management System 1.0 - Remote File Upload Date: 2021-09-14 Exploit Author: Aryan Chehreghani Vendor Homepage: https://www.sourcecodester.com Software Link: https://www.sourcecodester.com/php/14935/purchase-order-management-system-using-php-free-source-code.html...

Facebook ParlAI 1.0.0 Code Execution / Deserialization

Exploit Title: Facebook ParlAI 1.0.0 - Deserialization of Untrusted Data in parlai Date: 2021-09-11 Exploit Author: Abhiram V Vendor Homepage: https://parl.ai/ Software Link: https://github.com/facebookresearch/ParlAI Version: 1.1.0 Tested on: Linux CVE: CVE-2021-24040 References :...

Zenitel AlphaCom XE Audio Server 11.2.3.10 Shell Upload

I. VULNERABILITY ------------------------- AlphaWeb XE - Authenticated Insecure File Upload leading to RCE II. CVE REFERENCE ------------------------- CVE-2021-40845 III. VENDOR ------------------------- https://www.zenitel.com/ IV. DESCRIPTION ------------------------- The web part of Zenitel...

Ulfius Web Framework Remote Memory Corruption

!/usr/bin/python3 guul.py Ulfius Web Framework Remote Memory Corruption Vulnerability Jeremy Brown Sept 2021 Intro Ulfius Web Framework is used by a number of different projects to build web services. Some of the projects tested and confirmed vulnerable are Glewlwyd SSO Server, Taliesin Audio...

DMA Softlab Radius Manager 4.4.0 Session Management / Cross Site Scripting

package main import "github.com/gorilla/mux" "fmt" "net/http" "net/url" "flag" "strings" "io/ioutil" "log" / should be able to: 1. Inject javascript into vulnerable fields. This will capture session cookies ofusers with higher privileges. 2. Send the captured session cookie to a server we control...

Active WebCam 11.5 Unquoted Service Path

Exploit Title: Active WebCam 11.5 - Unquoted Service Path Exploit Author: Salman Asad @deathflash1411, [email protected] Date: 09.09.2021 Software Link: https://www.techspot.com/downloads/175-active-webcam.html Vendor Homepage: https://www.pysoft.com/ Version: 11.5 Tested on: Windows 10 Note: "Sta...

Apartment Visitor Management System 1.0 Shell Upload / SQL Injection

Exploit Title: Apartment Visitor Management System AVMS 1.0 - SQLi to RCE Date: 2021-08-13 Exploit Author: mari0x00 Vendor Homepage: https://phpgurukul.com/apartment-visitors-management-system-using-php-and-mysql/ Software Link: https://phpgurukul.com/?smdprocessdownload=1&downloadid=10395 Versio...

WordPress Download From Files 1.48 Shell Upload

Exploit Title: Wordpress Plugin Download From Files 1.48 - Arbitrary File Upload Google Dork: inurl:/wp-content/plugins/download-from-files Date: 10/09/2021 Exploit Author: spacehen Vendor Homepage: https://wordpress.org/plugins/download-from-files/ Version: spacehen www.github.com/spacehen" def...

Men Salon Management System 1.0 Cross Site Scripting / SQL Injection

Exploit Title: Men Salon Management System 1.0 - Multiple Vulnerabilities Date: 2021-09-09 Exploit Author: Aryan Chehreghani Vendor Homepage: https://phpgurukul.com Software Link: https://phpgurukul.com/men-salon-management-system-using-php-and-mysql Version: 1.0 Tested on: Windows 10 - XAMPP...

Backdoor.Win32.WinterLove.i Hardcoded Credential

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/c6c81e8ba0a7b9da6216a78dfeccec8d.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.WinterLove.i Vulnerability: Hardcoded Weak Password Description: The WinterLove malwa...

Backdoor.Win32.VB.awm Authentication Bypass / Information Disclosure

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/2271d942a23a89d7adea524d4ac3c13f.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.VB.awm Vulnerability: Authentication Bypass - Information Leakage Description: The...

ECOA Building Automation System Cookie Poisoning / Authentication Bypass

ECOA Building Automation System Cookie Poisoning Authentication Bypass Vendor: ECOA Technologies Corp. Product web page: http://www.ecoa.com.tw Affected version: ECOA ECS Router Controller - ECS FLASH ECOA RiskBuster Terminator - E6L45 ECOA RiskBuster System - RB 3.0.0 ECOA RiskBuster System -...

ECOA Building Automation System Arbitrary File Deletion

ECOA Building Automation System Arbitrary File Deletion Vendor: ECOA Technologies Corp. Product web page: http://www.ecoa.com.tw Affected version: ECOA ECS Router Controller - ECS FLASH ECOA RiskBuster Terminator - E6L45 ECOA RiskBuster System - RB 3.0.0 ECOA RiskBuster System - TRANE 1.0 ECOA...

ECOA Building Automation System Weak Default Credentials

ECOA Building Automation System Weak Default Credentials Vendor: ECOA Technologies Corp. Product web page: http://www.ecoa.com.tw Affected version: ECOA ECS Router Controller - ECS FLASH ECOA RiskBuster Terminator - E6L45 ECOA RiskBuster System - RB 3.0.0 ECOA RiskBuster System - TRANE 1.0 ECOA...

HEUR.Trojan.Win32.Generic Insecure Permissions

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/a6916fb9b824e3d2edfe46be69ca2501.txt Contact: [email protected] Media: twitter.com/malvuln Threat: HEUR.Trojan.Win32.Generic Vulnerability: Insecure Permissions Description: The malware creates an di...

ECOA Building Automation System Hardcoded SSH Credentials

ECOA Building Automation System Hard-coded Credentials SSH Access Vendor: ECOA Technologies Corp. Product web page: http://www.ecoa.com.tw Affected version: ECOA ECS Router Controller - ECS FLASH ECOA RiskBuster Terminator - E6L45 ECOA RiskBuster System - RB 3.0.0 ECOA RiskBuster System - TRANE 1...

ECOA Building Automation System Local File Disclosure

ECOA Building Automation System Local File Disclosure Vulnerability Vendor: ECOA Technologies Corp. Product web page: http://www.ecoa.com.tw Affected version: ECOA ECS Router Controller - ECS FLASH ECOA RiskBuster Terminator - E6L45 ECOA RiskBuster System - RB 3.0.0 ECOA RiskBuster System - TRANE...

Atlassian Confluence WebWork OGNL Injection

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Atlassian Confluence WebWork OGNL Injection', 'Description' = %q This module exploits an OGNL injection in Atlassian Confluence's WebWork compone...

ECOA Building Automation System Authorization Bypass / Insecure Direct Object Reference

ECOA Building Automation System Authorization Bypass / IDOR Vendor: ECOA Technologies Corp. Product web page: http://www.ecoa.com.tw Affected version: ECOA ECS Router Controller - ECS FLASH ECOA RiskBuster Terminator - E6L45 ECOA RiskBuster System - RB 3.0.0 ECOA RiskBuster System - TRANE 1.0 ECO...

Backdoor.Win32.Wollf.h Code Execution

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/d0fd60516d53b2ad602c460351dbaa85.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Wollf.h Vulnerability: Unauthenticated Remote Command Execution Description: The...

ECOA Building Automation System Remote Privilege Escalation

ECOA Building Automation System Remote Privilege Escalation Vendor: ECOA Technologies Corp. Product web page: http://www.ecoa.com.tw Affected version: ECOA ECS Router Controller - ECS FLASH ECOA RiskBuster Terminator - E6L45 ECOA RiskBuster System - RB 3.0.0 ECOA RiskBuster System - TRANE 1.0 ECO...

ECOA Building Automation System Missing Encryption

ECOA Building Automation System Missing Encryption Of Sensitive Information Vendor: ECOA Technologies Corp. Product web page: http://www.ecoa.com.tw Affected version: ECOA ECS Router Controller - ECS FLASH ECOA RiskBuster Terminator - E6L45 ECOA RiskBuster System - RB 3.0.0 ECOA RiskBuster System...

ECOA Building Automation System Configuration Download Information Disclosure

ECOA Building Automation System Configuration Download Information Disclosure Vendor: ECOA Technologies Corp. Product web page: http://www.ecoa.com.tw Affected version: ECOA ECS Router Controller - ECS FLASH ECOA RiskBuster Terminator - E6L45 ECOA RiskBuster System - RB 3.0.0 ECOA RiskBuster Syst...

ECOA Building Automation System Path Traversal / Arbitrary File Upload

ECOA Building Automation System Path Traversal Arbitrary File Upload Vendor: ECOA Technologies Corp. Product web page: http://www.ecoa.com.tw Affected version: ECOA ECS Router Controller - ECS FLASH ECOA RiskBuster Terminator - E6L45 ECOA RiskBuster System - RB 3.0.0 ECOA RiskBuster System - TRAN...

ECOA Building Automation System Cross Site Request Forgery

ECOA Building Automation System Cross-Site Request Forgery Vendor: ECOA Technologies Corp. Product web page: http://www.ecoa.com.tw Affected version: ECOA ECS Router Controller - ECS FLASH ECOA RiskBuster Terminator - E6L45 ECOA RiskBuster System - RB 3.0.0 ECOA RiskBuster System - TRANE 1.0 ECOA...

ECOA Building Automation System Directory Traversal

ECOA Building Automation System Directory Traversal Content Disclosure Vendor: ECOA Technologies Corp. Product web page: http://www.ecoa.com.tw Affected version: ECOA ECS Router Controller - ECS FLASH ECOA RiskBuster Terminator - E6L45 ECOA RiskBuster System - RB 3.0.0 ECOA RiskBuster System -...

ECOA Building Automation System Hidden Backdoor Accounts

ECOA Building Automation System Hidden Backdoor Accounts and backdoor Function Vendor: ECOA Technologies Corp. Product web page: http://www.ecoa.com.tw Affected version: ECOA ECS Router Controller - ECS FLASH ECOA RiskBuster Terminator - E6L45 ECOA RiskBuster System - RB 3.0.0 ECOA RiskBuster...

POMS-PHP 1.0 SQL Injection

Exploit Title: POMS-PHP by: oretnom23 v1.0 is vulnerable to remote SQL-Injection-Bypass-Authentication. Author: nu11secur1ty Testing and Debugging: nu11secur1ty Date: 09.09.2021 Vendor: https://www.sourcecodester.com/user/257130/activity Link:...

Rencode Denial Of Service

1 About Rencode Rencode is a "Python module for fast basic object serialization similar to bencode". https://github.com/aresch/rencode This library is used as a faster and more efficient data encoder than bencode. There are implementations in other languages: Golang, Javascript, Java, Ruby, dart,...

WordPress TablePress 1.14 CSV Injection

Exploit Title: WordPress Plugin TablePress 1.14 - CSV Injection Date: 07/09/2021 Exploit Author: Nikhil Kapoor Vendor Homepage: Software Link: https://wordpress.org/plugins/tablepress/ Version: 1.14 Category: Web Application Tested on Windows How to Reproduce this Vulnerability: 1. Install...

Bus Pass Management System 1.0 Cross Site Scripting

Exploit Title: Bus Pass Management System 1.0 - 'adminname' Stored Cross-Site Scripting XSS Date: 2021-09-08 Exploit Author: Emre Aslan Vendor Homepage: https://phpgurukul.com/ Software Link: https://phpgurukul.com/wp-content/uploads/2021/07/Bus-Pass-Management-System-Using-PHP-MySQL.zip Version:...

Ionic Identity Vault 4.7 Android Biometric Authentication Bypass

COMPASS SECURITY ADVISORY https://www.compass-security.com/research/advisories/ Product: Identity Vault Vendor: Ionic CSNC ID: CSNC-2021-001 CVE ID: CVE-2021-3145 Subject: Biometric Authentication Bypass on Android Severity: Medium Effect: Authentication Bypass Author: Emanuel Duss Date: 2021-09-...

Backdoor.Win32.Small.gs Code Execution

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/551674fec6add7117c4be7f6b357e7cb.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Small.gs Vulnerability: Unauthenticated Remote Command Execution Description: The...

SmartFTP Client 10.0.2909.0 Denial Of Service

Exploit Title: SmartFTP Client 10.0.2909.0 - 'Multiple' Denial of Service Date: 9/5/2021 Exploit Author: Eric Salario Vendor Homepage: https://www.smartftp.com/en-us/ Software Link: https://www.smartftp.com/en-us/download Version: 10.0.2909.0 32 and 64 bit Tested on: Microsoft Windows 10 32 bit a...

WordPress Survey And Poll 1.5.7.3 SQL Injection

Exploit Title: WordPress Plugin Survey & Poll 1.5.7.3 - 'sssparams' SQL Injection 2 Date: 2021-09-07 Exploit Author: Mohin Paramasivam Shad0wQu35t Vendor Homepage: http://modalsurvey.pantherius.com/ Software Link: https://downloads.wordpress.org/plugin/wp-survey-and-poll.zip Version: 1.5.7.3 Test...

WordPress WP Sitemap Page 1.6.4 Cross Site Scripting

Exploit Title: WordPress Plugin WP Sitemap Page 1.6.4 - Stored Cross-Site Scripting XSS Date: 07/09/2021 Exploit Author: Nikhil Kapoor Software Link: https://wordpress.org/plugins/wp-sitemap-page/ Version: 1.6.4 Category: Web Application Tested on Windows How to Reproduce this Vulnerability: 1...

Backdoor.Win32.Small.vjt Code Execution

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/92ea873a2bbdaf0799d572bc4f30dc79.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Small.vjt Vulnerability: Unauthenticated Remote Command Execution Description: The...

Patient Appointment Scheduler System 1.0 Shell Upload

Exploit Title: Patient Appointment Scheduler System 1.0 - Unauthenticated File Upload & Remote Code Execution RCE Date: 03/09/2021 Exploit Author: a-rey Vendor Homepage: https://www.sourcecodester.com/php/14928/patient-appointment-scheduler-system-using-php-free-source-code.html Software Link:...

Backdoor.Win32.Nyara.aq Insecure Permissions

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/dec17541412bbc744b9f458862349e34.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Nyara.aq Vulnerability: Insecure Permissions Description: The malware creates a dir...

Patient Appointment Scheduler System 1.0 Cross Site Scripting

Exploit Title: Patient Appointment Scheduler System 1.0 - Persistent/Stored XSS Date: 03/09/2021 Exploit Author: a-rey Vendor Homepage: https://www.sourcecodester.com/php/14928/patient-appointment-scheduler-system-using-php-free-source-code.html Software Link:...

Online Learning System 2 SQL Injection

Exploit Title0: eLearning V2by: oretnom23 is vulnerable from remote SQL-Injection-Bypass-Authentication in three accounts. Author: nu11secur1ty Testing and Debugging: nu11secur1ty Date: 09.06.2021 Vendor: https://www.sourcecodester.com/user/257130/activity Link:...

Antminer Monitor 0.5.0 Authentication Bypass

Exploit Title: Antminer Monitor 0.5.0 - Authentication Bypass Date: 09/06/2021 Dork:https://www.zoomeye.org/searchResult?q=%22antminer%20monitor%22 Exploit Author: CQR.company / Vulnz. Vendor Homepage: https://github.com/anselal/antminer-monitor,...

Bus Pass Management System 1.0 Insecure Direct Object Reference

Exploit Title: Bus Pass Management System 1.0 - 'viewid' Insecure direct object references IDOR Date: 2021-09-05 Exploit Author: sudoninja Vendor Homepage: https://phpgurukul.com/bus-pass-management-system-using-php-and-mysql Software Link:...

FlatCore CMS 2.0.7 Remote Code Execution

Exploit Title: FlatCore CMS 2.0.7 - Remote Code Execution RCE Authenticated Date: 04/10/2021 Exploit Author: Mason Soroka-Gill @sgizoid Vendor Homepage: https://flatcore.org/ Software Link: https://github.com/flatCore/flatCore-CMS/archive/refs/tags/v2.0.7.tar.gz Version: 2.0.7 Tested on: Ubuntu...

Argus Surveillance DVR 4.0 Unquoted Service Path

Exploit Title: Argus Surveillance DVR 4.0 - Unquoted Service Path Exploit Author: Salman Asad @deathflash1411, [email protected] Date: 03.09.2021 Version: Argus Surveillance DVR 4.0 Tested on: Windows 10 Note: "Start as service on Windows Startup" must be enabled in Program Options Proof of Concep...

Windows Defender Application Guard Denial Of Service

Windows Defender Application Guard also known as "WDAG", Microsoft Defender Application Guard, and "MDAG" can be closed by any script or website loaded in WDAG by redirecting the browser to a URL with a long hostname e.g, 10,000 characters long. This can cause a denial-of-service condition. Impac...

OpenSIS 8.0 Directory Traversal

Exploit Title: OpenSIS 8.0 'modname' - Directory/Path Traversal Date: 09-02-2021 Exploit Author: Eric Salario Vendor Homepage: http://www.os4ed.com/ Software Link: https://opensis.com/download Version: 8.0 Tested on: Windows, Linux The 'modname' parameter in the 'Modules.php' is vulnerable to loc...

Artica Proxy VMWare Appliance 4.30.000000 SP273 Path Traversal

Advisory ID: RCS20210707-0 Product: Artica Proxy VMWare Appliance Vendor/Manufacturer: ArticaTech https://www.articatech.com Affected Versions: 4.30.000000 =SP273 Tested Versions: 4.30.000000 SP273 Vulnerability Type: Relative path traversal CWE-23, Improper Limitation of a Pathname to a restrict...