Event Registration System With QR Code 1.0 Shell Upload

Exploit Title: Event Registration System with QR Code 1.0 - Authentication Bypass & RCE Exploit Author: Javier Olmedo Date: 27/07/2021 Vendor: Sourcecodester Software Link: https://www.sourcecodester.com/sites/default/files/download/oretnom23/event0.zip Affected Version: 1.0 Category: WebApps...

Denver Smart Wifi Camera SHC-150 Remote Code Execution

Exploit Title: Denver Smart Wifi Camera SHC-150 - 'Telnet' Remote Code Execution RCE Date: 27 July 2021 Exploit Author: Ivan Nikolsky enty8080 Vendor Homepage: https://denver.eu/products/smart-home-security/denver-shc-150/c-1024/c-1243/p-3824 Version: Denver SHC-150 all firmware versions Tested o...

eGain Chat 15.5.5 Cross Site Scripting

Exploit Title: eGain Chat 15.5.5 Cross-Site Scripting Vendor Homepage: https://www.egain.com/ Software Link: https://www.egain.com/chat-software/ Exploit Authors: Brandon Ming Yang Ho https://www.linkedin.com/in/minhobrandon/, Hassy Vinod Eshan https://www.linkedin.com/in/hassy-vinod/ CVE:...

TripSpark VEO Transportation SQL Injection

Exploit Title: TripSpark VEO Transportation - 'editOEN' Blind SQL Injection Google Dork: inhtml:"Student Busing Information" Date: 07/27/2021 Exploit Author: Sedric Louissaint @LKn0w Vendor Homepage: https://www.tripspark.com Software Document Link:...

Backdoor.Win32.WinShell.40 Code Execution

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/c98e23742807f3cb5a095f34e0eb0e52.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.WinShell.40 Vulnerability: Unauthenticated Remote Command Execution Description: The...

PHP 7.3.15-3 PHP_SESSION_UPLOAD_PROGRESS Session Data Injection

Exploit Title: PHP 7.3.15-3 - 'PHPSESSIONUPLOADPROGRESS' Session Data Injection Date: 26/7/2021 Exploit Author: SiLvER | Faisal Alhadlaq Tested on: PHP Version is 7.3.15-3 This poc will abusing PHPSESSIONUPLOADPROGRESS then will trigger race condition to get remote code execution, the script will...

WordPress Social Warfare 3.5.2 Remote Code Execution

Author = Raed Ahsan Creation Date = 24/07/2021 Vulnerability : SocialWarfare 3.5.2 plugin wordpress Remote Code Execution Linkedin = https://linkedin.com/in/raed-ahsan/ import socket import requests import subprocess import time import pyautogui print"Start your python SimpleHTTPServer on port 12...

WordPress SP Project And Document Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Wordpress Plugin SP Project and Document - Authenticated Remote Code Execution', 'Description' = %q This module allows an attacker with a...

Backdoor.Win32.Agent.cu Code Execution

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/ce1963d3fd6a8e1383aac40a1f1c4107C.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Agent.cu Vulnerability: Unauthenticated Remote Command Execution Description: The...

Backdoor.Win32.Nbdd.bgz Buffer Overflow

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/6fab73bf104c6a9211b94f9559faa134.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Nbdd.bgz Vulnerability: Remote Stack Buffer Overflow Description: NetBotAttacker VIP...

NoteBurner 2.35 Denial Of Service

Exploit Title: NoteBurner 2.35 - Denial Of Service DoS PoC Date: 25.07.2021 Vendor Homepage:https://www.noteburner.com/ Software Link: https://anonfiles.com/13h9Hb82ub/noteburnerexe Exploit Author: Achilles Tested Version: 2.35 Tested on: Windows 7 x64 1.- Run python code : 2.- Open EVIL.txt and...

Backdoor.Win32.Agent.cu Authentication Bypass

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/ce1963d3fd6a8e1383aac40a1f1c4107.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Agent.cu Vulnerability: Authentication Bypass RCE Description: The malware listens on...

Backdoor.Win32.PsyRat.b Denial Of Service

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/5817183894cb513239f6aef28895130cB.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.PsyRat.b Vulnerability: Remote Denial of Service Description: The PsyRAT 1.02 malwar...

Leawo Prof. Media 11.0.0.1 Denial Of Service

Exploit Title: Leawo Prof. Media 11.0.0.1 - Denial of Service DoS PoC Date: 25.07.2021 Vendor Homepage:https://www.leawo.org Software Link: https://www.leawo.org/downloads/total-media-converter-ultimate.html Exploit Author: Achilles Tested Version: 11.0.0.1 Tested on: Windows 7 x64 1.- Run python...

WordPress Modern Events Calendar Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Wordpress Plugin Modern Events Calendar - Authenticated Remote Code Execution', 'Description' = %q This module allows an attacker with a privileg...

Backdoor.Win32.Mazben.me Unauthenticated Open Proxy

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/6681d5e4b68abd21a14c704edf9e2ff5.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Mazben.me Vulnerability: Unauthenticated Open Proxy Description: The malware listens ...

XOS Shop 1.0.9 Arbitrary File Deletion

Exploit Title: XOS Shop 1.0.9 - 'Multiple' Arbitrary File Deletion Authenticated Date: 2021-07-25 Exploit Author: faisalfs10x https://github.com/faisalfs10x Vendor Homepage: https://xos-shop.com Software Link: https://github.com/XOS-Shop/xosshopsystem/releases/tag/v1.0.9 Version: 1.0.9 Tested on:...

Backdoor.Win32.Hupigon.aaur Unauthenticated Open Proxy

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/16d598c01f7b391986c8c19eded005b1.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Hupigon.aaur Vulnerability: Unauthenticated Open Proxy Description: The malware liste...

Elasticsearch ECE 7.13.3 Database Disclosure

Exploit Title: Elasticsearch ECE 7.13.3 - Anonymous Database Dump Date: 2021-07-21 Exploit Author: Joan Martinez @magichk Vendor Homepage: https://www.elastic.co/ Software Link: https://www.elastic.co/ Version: = 7.10.0 to = 7.13.3 Tested on: Elastic ECE Cloud CVE : CVE-2021-22146 Reference:...

Backdoor.Win32.PsyRat.b Code Execution

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/5817183894cb513239f6aef28895130c.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.PsyRat.b Vulnerability: Unauthenticated Remote Command Execution Description: The...

Backdoor.Win32.Agent.cu Man-In-The-Middle

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/ce1963d3fd6a8e1383aac40a1f1c4107B.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Agent.cu Vulnerability: Port Bounce Scan MITM Description: The malware listens on TC...

Backdoor.Win32.Bifrose.acci Buffer Overflow

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/611dbff0d68df777c6d6881e00440143.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Bifrose.acci Vulnerability: Local Stack Buffer Overflow Description: Bifrost doesn't...

Zabbix 5.x SQL Injection / Cross Site Scripting

Exploit Title: Zabbix all version / Multiple Vulnerabilities Exploit Author: TaurusOmar Twitter:@TaurusOmar HomePage:taurusomar.com Date: Jul 23th, 2021 CVSS: 3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:L Version: Zabbix 1.x, 2.x, 3.x, 4,x 5.x Risk: High 9.0 Vendor Homepage: https://www.zabbix.com/...

Microsoft SharePoint Server 2019 Remote Code Execution

Exploit Title: Microsoft SharePoint Server 2019 - Remote Code Execution 2 Google Dork: inurl:quicklinks.aspx Date: 2020-08-14 Exploit Author: West Shepherd Vendor Homepage: https://www.microsoft.com Version: SharePoint Enterprise Server 2013 Service Pack 1, SharePoint Enterprise Server 2016 ,...

WordPress Simple Post 1.1 Cross Site Scripting

Exploit Title: WordPress Plugin Simple Post 1.1 - 'Text field' Stored Cross-Site Scripting XSS Date: 23/07/2021 Exploit Author: Vikas Srivastava Software Link: https://wordpress.org/plugins/simple-post/ Version: 1.1 Category: Web Application Tested on Mac How to Reproduce this Vulnerability: 1...

ElasticSearch 7.13.3 Memory Disclosure

Exploit Title: ElasticSearch 7.13.3 - Memory disclosure Date: 21/07/2021 Exploit Author: r0ny Vendor Homepage: https://www.elastic.co/ Software Link: https://github.com/elastic/elasticsearch Version: 7.10.0 to 7.13.3 Tested on: Kali Linux CVE : CVE-2021-22145 /usr/bin/python3 from argparse import...

Vehicle Parking Management System 1.0 SQL Injection

Exploit Title: Vehicle Parking Management System - Multiple time-based SQL Injection Date: 2021-07-09 Exploit Author: faisalfs10x https://github.com/faisalfs10x Vendor Homepage: https://phpgurukul.com Software Link: https://phpgurukul.com/vehicle-parking-management-system-using-php-and-mysql/...

Online Shopping Portal 3.1 SQL Injection

Exploit Title: Online Shopping Portal - time-based blind SQL Injection Date: 2021-07-09 Exploit Author: faisalfs10x https://github.com/faisalfs10x Vendor Homepage: https://phpgurukul.com Software Link: https://phpgurukul.com/shopping-portal-free-download/ Version: 3.1 Tested on: Windows 10, XAMPP...

Sequoia: A Deep Root In Linux's Filesystem Layer

Qualys Security Advisory Sequoia: A deep root in Linux's filesystem layer CVE-2021-33909 ======================================================================== Contents ======================================================================== Summary Analysis Exploitation overview Exploitation...

Vehicle Parking Management System 1.0 Cross Site Scripting

Exploit Title: Vehicle Parking Management System - Stored Cross-Site-Scripting XSS Date: 2021-07-09 Exploit Author: faisalfs10x https://github.com/faisalfs10x Vendor Homepage: https://phpgurukul.com Software Link: https://phpgurukul.com/vehicle-parking-management-system-using-php-and-mysql/...

CSZ CMS 1.2.9 Arbitrary File Deletion

Exploit Title: CSZ CMS 1.2.9 - 'Multiple' Arbitrary File Deletion Date: 2021-07-20 Exploit Author: faisalfs10x https://github.com/faisalfs10x Vendor Homepage: https://www.cszcms.com Software Link: https://sourceforge.net/projects/cszcms/files/latest/download Version: 1.2.9 Tested on: Windows 10,...

Sage X3 Administration Service Authentication Bypass / Command Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Sage X3 Administration Service Authentication Bypass Command Execution', 'Description' = %q This module leverages an authentication bypass exploi...

Ampache 4.4.2 Cross Site Scripting

Information -------------------- Advisory by Netsparker Name: Cross-site Scripting vulnerability in Ampache 4.4.2 Affected Software: Ampache Affected Versions: 4.4.2 Homepage: http://ampache.org/ Vulnerability: Cross-Site Scripting Severity: High Status: Fixed CVSS Score 3.0: 7.4 High Netsparker...

WordPress Backup Guard Authenticated Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Wordpress Plugin Backup Guard - Authenticated Remote Code Execution', 'Description' = %q This module allows an attacker with a privileged Wordpre...

News Portal Project 3.1 SQL Injection

Exploit Title: News Portal Project - Multiple time-based SQL Injection Date: 2021-07-10 Exploit Author: faisalfs10x https://github.com/faisalfs10x Vendor Homepage: https://phpgurukul.com Software Link: https://phpgurukul.com/news-portal-project-in-php-and-mysql/ Version: 3.1 Tested on: Windows 10...

KevinLAB BEMS 1.0 Authenticated File Path Traversal / Information Disclosure

KevinLAB BEMS 1.0 Authenticated File Path Traversal Information Disclosure Vendor: KevinLAB Inc. Product web page: http://www.kevinlab.com Affected version: 4ST L-BEMS 1.0.0 Building Energy Management System Summary: KevinLab is a venture company specialized in IoT, Big Data, A.I based energy...

Webmin 1.973 Cross Site Request Forgery

Exploit Title: Webmin 1.973 - 'run.cgi' Cross-Site Request Forgery CSRF Date: 24/04/2021 Exploit Author: Mesh3l911 & Z0ldyck Vendor Homepage: https://www.webmin.com Repo Link: https://github.com/Mesh3l911/CVE-2021-31761 Version: Webmin 1.973 Tested on: All versions POC By \0331;m...

KevinLAB BEMS 1.0 Unauthenticated SQL Injection / Authentication Bypass

KevinLAB BEMS 1.0 Unauthenticated SQL Injection / Authentication Bypass Vendor: KevinLAB Inc. Product web page: http://www.kevinlab.com Affected version: 4ST L-BEMS 1.0.0 Building Energy Management System Summary: KevinLab is a venture company specialized in IoT, Big Data, A.I based energy...

WordPress KN Fix Your Title 1.0.1 Cross Site Scripting

Exploit Title: WordPress Plugin KN Fix Your Title 1.0.1 - 'Separator' Stored Cross-Site Scripting XSS Date: 19/07/2021 Exploit Author: Aakash Choudhary Software Link: https://wordpress.org/plugins/kn-fix-your/ Version: 1.0.1 Category: Web Application Tested on Mac How to Reproduce this...

Dell OpenManage Enterprise Hardcoded Credentails / Privilege Escalation / Deserialization

Hello, Please find a text-only version below sent to security mailing lists. The complete version on "Multiple vulnerabilities in Dell OpenManage Enterprise" is posted here: https://pierrekim.github.io/blog/2021-07-19-dell-openmanage-enterprise-0day-vulnerabilities.html === text-version of the...

KevinLAB BEMS 1.0 Undocumented Backdoor Account

KevinLAB BEMS 1.0 Undocumented Backdoor Account Vendor: KevinLAB Inc. Product web page: http://www.kevinlab.com Affected version: 4ST L-BEMS 1.0.0 Building Energy Management System Summary: KevinLab is a venture company specialized in IoT, Big Data, A.I based energy management platform. KevinLAB'...

HEUR.Backdoor.Win32.Winnti.gen Insecure Permissions

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/eb272fe923ccf3e66fde1bf309cbc464.txt Contact: [email protected] Media: twitter.com/malvuln Threat: HEUR.Backdoor.Win32.Winnti.gen Vulnerability: Insecure Permissions Description: The malware creates ...

Trojan-Spy.Win32.SpyEyes.abdb Insecure Permissions

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/9185538b01ad700603f38fb0eb8b6e3b.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Trojan-Spy.Win32.SpyEyes.abdb Vulnerability: Insecure Permissions Description: The malware creates a...

WordPress LearnPress Privilege Escalation

Exploit Title: WordPress Plugin LearnPress /wp-admin/?action=accept-to-be-teacher&userid= Done!...

Backdoor.Win32.IRCBot.gen Remote Command Execution

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/96f5cdfa5b3416c819d76060f11dc88d.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.IRCBot.gen Vulnerability: Unauthenticated Remote Command Execution Description: The...

WordPress Mimetic Books 0.2.13 Cross Site Scripting

Exploit Title: WordPress Plugin Mimetic Books 0.2.13 - 'Default Publisher ID field' Stored Cross-Site Scripting XSS Date: 18/07/2021 Exploit Author: Vikas Srivastava Vendor Homepage: Software Link: https://wordpress.org/plugins/mimetic-books/ Version: 0.2.13 Category: Web Application Tested on Ma...

WordPress LearnPress SQL Injection

Exploit Title: WordPress Plugin LearnPress /wp-admin 2. Login with a cred 3. Execute the payload POST /wordpress/wp-admin/post-new.php?posttype=lporder HTTP/1.1 Host: localhost User-Agent: Mozilla/5.0 Windows NT 10.0; Win64; x64; rv:89.0 Gecko/20100101 Firefox/89.0 Accept: application/json,...

Backdoor.Win32.Agent.bjev Insecure Permissions

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/ca40998b5d62ee7f936537ff3de7993d.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Agent.bjev Vulnerability: Insecure Permissions Description: The malware creates a dir...

Trojan-Spy.Win32.SpyEyes.hqd Insecure Permissions

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/6f484fea8f6bb3974185fc856f37541b.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Trojan-Spy.Win32.SpyEyes.hqd Vulnerability: Insecure Permissions Description: The malware creates a...

HEUR.Backdoor.Win32.Winnti.gen Insecure Permissions

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/eb272fe923ccf3e66fde1bf309cbc464.txt Contact: [email protected] Media: twitter.com/malvuln Threat: HEUR.Backdoor.Win32.Winnti.gen Vulnerability: Insecure Permissions Description: The malware creates ...