50784 matches found
Trojan-Proxy.Win32.Raznew.gen Unauthenticated Open Proxy
Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/033ccd3a926441c49d3898dab97aefed.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Trojan-Proxy.Win32.Raznew.gen Vulnerability: Unauthenticated Open Proxy Description: The malware...
Strapi 3.0.0-beta.17.7 Remote Code Execution
Exploit Title: Strapi 3.0.0-beta.17.7 - Remote Code Execution RCE Authenticated Date: 29/08/2021 Exploit Author: David Utón M3n0sD0n4ld Vendor Homepage: https://strapi.io/ Affected Version: strapi-3.0.0-beta.17.7 and earlier Tested on: Linux Ubuntu 18.04.5 LTS CVE : CVE-2019-19609 !/usr/bin/pytho...
Backdoor.Win32.Antilam.11 Code Execution
Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/9adffcc98cd658a7f9c5419480013f72B.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Antilam.11 Vulnerability: Unauthenticated Remote Code Execution Description: The...
MySQL User-Defined (Linux) x32 / x86_64 sys_exec Local Privilege Escalation
Exploit Title: MySQL User-Defined Linux x32 / x8664 - 'sysexec' Local Privilege Escalation 2 Date: 29/08/2021 Exploit Author: ninpwn Vendor Homepage: https://www.mysql.com Software Link: www.mysql.com Version: MySQL 4.x/5.x Tested on: Debian GNU/Linux 9 / mysql Ver 14.14 Distrib 5.7.30, for Linux...
ZesleCP 3.1.9 Remote Code Execution
Title: ZesleCP 3.1.9 - Remote Code Execution RCE Authenticated Date: 27.08.2021 Author: Numan Türle Vendor Homepage: https://zeslecp.com/ Software Link: https://zeslecp.com/ Version: =3.1.9 https://www.youtube.com/watch?v=5lTDTEBVq-0 !/usr/bin/python3 -- coding: utf-8 -- ZesleCP - Remote Code...
CyberPanel 2.1 Remote Code Execution
Title: CyberPanel 2.1 - Remote Code Execution RCE Authenticated Date: 27.08.2021 Author: Numan Türle Vendor Homepage: https://cyberpanel.net/ Software Link: https://github.com/usmannasir/cyberpanel Version: =2.1 https://www.youtube.com/watch?v=J8iLELVgkE !/usr/bin/python3 -- coding: utf-8 --...
Usermin 1.820 Remote Code Execution
Title: Usermin 1.820 - Remote Code Execution RCE Authenticated Date: 27.08.2021 Author: Numan Türle Vendor Homepage: https://www.webmin.com/usermin.html Software Link: https://github.com/webmin/usermin Version: =1820 https://www.youtube.com/watch?v=wiRIWFAhz24 !/usr/bin/python3 -- coding: utf-8 -...
ProcessMaker 3.5.4 Local File Inclusion
Exploit Title: ProcessMaker 3.5.4 - Local File inclusion Exploit Author: Ai Ho @j3ssiejjj Date: 16-04-2021 Vendor Homepage: https://www.processmaker.com/ Version: ProcessMaker = 3.5.4 References: https://github.com/jaeles-project/jaeles-signatures/blob/master/common/process-maker-lfi.yaml PoC: Wi...
HP OfficeJet 4630/7110 MYM1FN2025AR 2117A Cross Site Scripting
Exploit Title: HP OfficeJet 4630/7110 MYM1FN2025AR 2117A – Stored Cross-Site Scripting XSS Date: 01/08/2021 Exploit Author: Tyler Butler Vendor Homepage: https://www8.hp.com/ Vendor Bulletin: https://support.hp.com/ie-en/document/ish4433829-4433857-16/hpsbpi03742 Researcher Bulletin:...
WordPress Mail Masta 1.0 Local File Inclusion
Exploit Title: WordPress Plugin Mail Masta 1.0 - Local File Inclusion 2 Date: 2021-08-24 Exploit Author: Matheus Alexandre Xcatolin Software Link: https://downloads.wordpress.org/plugin/mail-masta.zip Version: 1.0 WordPress Plugin Mail Masta is prone to a local file inclusion vulnerability becaus...
Online Leave Management System 1.0 Shell Upload
Exploit Title: Online Leave Management System 1.0 - Arbitrary File Upload to Shell Unauthenticated Date: 24-08-2021 Exploit Author: Justin White Vendor Homepage: https://www.sourcecodester.com Software Link:...
RaspAP 2.6.6 Remote Code Execution
Exploit Title: RaspAP 2.6.6 - Remote Code Execution RCE Authenticated Date: 23.08.2021 Exploit Author: Moritz Gruber Vendor Homepage: https://raspap.com/ Software Link: https://github.com/RaspAP/raspap-webgui Version: 2.6.6 Tested on: Linux raspberrypi 5.10.52-v7+ import requests from requests.ap...
Shoutcast Server 2.6.0.753 Crash
Shoutcast Server Remote Authenticated Crash ===== Intro ===== Shoutcast Server crashes after failing to handle a non-existent option recieved from a client in an ADMINCGI request. Requires auth to reproduce, so not super exciting but Shoutcast is an old favorite and the minimization of the repro ...
Online Traffic Offense Management System 1.0 Remote Code Execution
Exploit Title: Online Traffic Offense Management System 1.0 - Remote Code Execution RCE Unauthenticated Date: 20-08-2021 Exploit Author: Halit AKAYDIN hLtAkydn Vendor Homepage: https://www.sourcecodester.com Software Link:...
Simple Phone Book/Directory 1.0 SQL Injection
Exploit Title: Simple Phone book/directory 1.0 - 'Username' SQL Injection Unauthenticated Date: 21/08/2021 Exploit Author: Justin White Vendor Homepage: https://www.sourcecodester.com Software Link: https://www.sourcecodester.com/php/13011/phone-bookphone-directory.html Version: 1.0 Testeted on:...
Microsoft Exchange ProxyShell Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'winrm' class MetasploitModule 'Microsoft Exchange ProxyShell RCE', 'Description' = %q This module exploit a vulnerability on Microsoft Exchange Server that allo...
Laundry Booking Management System 1.0 Cross Site Scripting
Exploit Title: Laundry Booking Management System 1.0 - 'Multiple' Stored Cross-Site Scripting XSS Date: 2021-08-19 Exploit Author: Azumah Foresight Xorlali Vendor Homepage: https://www.sourcecodester.com/php/14400/laundry-booking-management-system-php-source-code.html Software Link:...
Online Traffic Offense Management System 1.0 SQL Injection
Exploit Title: Online Traffic Offense Management System 1.0 - 'id' SQL Injection Authenticated Date: 19/08/2021 Exploit Author: Justin White Vendor Homepage: https://www.sourcecodester.com Software Link:...
Laundry Booking Management System 1.0 SQL Injection
Exploit Title: Laundry Booking Management System 1.0 - 'Multiple' SQL Injection Date: 2021-08-19 Exploit Author: Azumah Foresight Xorlali Vendor Homepage: https://www.sourcecodester.com/php/14400/laundry-booking-management-system-php-source-code.html Software Link:...
NetModule Router Software Password Handling / Session Fixation
SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple Vulnerabilities in NetModule Router Software product: NetModule Router Software NRSW vulnerable version: Before 4.3.0.113, 4.4.0.111, 4.5.0.105 fixed version:...
Charity Management System CMS 1.0 Code Execution / XSS / SQL Injection
Exploit Title: Charity Management System CMS 1.0 - Multiple Vulnerabilities Date: 18/08/2021 Exploit Author: Davide 't0rt3ll1n0' Taraschi Vendor Homepage: https://www.sourcecodester.com/users/tips23 Software Link:...
WebKit WebCore::FrameLoader::PolicyChecker::checkNavigationPolicy Heap Use-After-Free
WebKit: heap-use-after-free in WebCore::FrameLoader::PolicyChecker::checkNavigationPolicy VULNERABILITY DETAILS PolicyChecker.cpp: define ISALLOWED mframe.page ? mframe.page-sessionID.isAlwaysOnLoggingAllowed : false define PAGEID mframe.loader.pageID.valueOrPageIdentifier.toUInt64 define FRAMEID...
Altus Sistemas de Automacao Products CSRF / Command Injection / Hardcoded Credentials
SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple Critical Vulnerabilities product: Multiple Altus Sistemas de Automacao products: Nexto NX30xx Series Nexto NX5xxx Series Nexto Xpress XP3xx Series Hadron Xtorm...
COVID-19 Testing Management System 1.0 SQL Injection
Exploit Title: COVID19 Testing Management System 1.0 - 'Multiple' SQL Injections Date: 17-08-2021 Exploit Author: Halit AKAYDIN hLtAkydn Vendor Homepage: https://phpgurukul.com Software Link: https://phpgurukul.com/covid19-testing-management-system-using-php-and-mysql/ Version: V1 Category: Webap...
Hospital Management System Cross Site Scripting
Exploit Title: XSS-Stored PHPSESSID user PWNED on Hospital Management System Vulnerable parameter "txtMsg" on contact Author: nu11secur1ty Testing and Debugging: nu11secur1ty Date: 08.17.2021 Vendor: https://github.com/kishan0725/Hospital-Management-System Link:...
Simple Image Gallery 1.0 Shell Upload
Exploit Title: Simple Image Gallery 1.0 - Remote Code Execution RCE Unauthenticated Date: 17.08.2021 Exploit Author: Tagoletta Tağmaç Software Link: https://www.sourcecodester.com/php/14903/simple-image-gallery-web-app-using-php-free-source-code.html Version: V 1.0 Tested on: Ubuntu import reques...
Crime Records Management System 1.0 SQL Injection
Exploit Title: Crime records Management System 1.0 - 'Multiple' SQL Injection Authenticated Date: 17/08/2021 Exploit Author: Davide 't0rt3ll1n0' Taraschi Vendor Homepage: https://www.sourcecodester.com/users/osman-yahaya Software Link:...
Crossfire Server 1.0 Buffer Overflow
Exploit Title: crossfire-server 1.9.0 - 'SetUp' Remote Buffer Overflow Exploit Author: Khaled Salem @Khaled0x07 Software Link: https://www.exploit-db.com/apps/43240af83a4414d2dcc19fff3af31a63-crossfire-1.9.0.tar.gz Version: 1.9.0 Tested on: Kali Linux 2020.4 CVE : CVE-2006-1236 !/bin/python impor...
Lucee Administrator imgProcess.cfm Arbitrary File Write
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Lucee Administrator imgProcess.cfm Arbitrary File Write', 'Description' = %q This module exploits an arbitrary file write in Lucee Administrator'...
Cyberoam NetGenie Cross Site Scripting
Title: Cyberoam NetGenie C0101B1-20141120-NG11VO - Reflected Cross Site Scripting XSS Date: 14.08.2021 Credit: Gionathan "John" Reale Firmware Version: C0101B1-20141120-NG11VO CVE-2021-38702 DESCRIPTION: Cyberoam NetGenie C0101B1-20141120-NG11VO devices through 2021-08-14 allow tweb/ft.php?u=XSS...
GeoVision Geowebserver 5.3.3 LFI / XSS / CSRF / Code Execution
Exploit Title: GeoVision Geowebserver 5.3.3 - LFI / XSS / HHI / RCE DynamicDNS Network to find: DIPMAP.COM / GVDIP.COM Date: 6-16-21 Vendor Notified Exploit Author: Ken 's1ngular1ty' Pyle Vendor Homepage: https://www.geovision.com.tw/cybersecurity.php Version: test HTTP/1.1 Absolute exploitation ...
SonicWall NetExtender 10.2.0.300 Unquoted Service Path
Exploit Title: SonicWall NetExtender 10.2.0.300 - Unquoted Service Path Exploit Author: shinnai Software Link: https://www.sonicwall.com/products/remote-access/vpn-clients/ Version: 10.2.0.300 Tested On: Windows CVE: CVE-2020-5147...
COMMAX Biometric Access Control System 1.0.0 Cross Site Scripting
COMMAX Biometric Access Control System 1.0.0 Cookie Reflected XSS Vendor: COMMAX Co., Ltd. Prodcut web page: https://www.commax.com Affected version: 1.0.0 Summary: Biometric access control system. Desc: The application is vulnerable to an unauthenticated reflected cross-site scripting XSS...
CentOS Web Panel 0.9.8.1081 Cross Site Scripting
Exploit Title: CentOS Web Panel 0.9.8.1081 - Stored Cross-Site Scripting XSS Date: 13/08/2021 Exploit Author: Dinesh Mohanty Vendor Homepage: http://centos-webpanel.com Software Link: http://centos-webpanel.com Version: v0.9.8.1081 Tested on: CentOS 7 and 8 Description: Multiple Stored Cross Site...
NetGear D1500 1.0.0.21_1.0.1PE Cross Site Scripting
Exploit Title: NetGear D1500 V1.0.0.211.0.1PE - 'Wireless Repeater' Stored Cross-Site Scripting XSS Date: 21 Dec 2018 Exploit Author: Securityium Vendor Homepage: https://www.netgear.com/ Version: V1.0.0.211.0.1PE Tested on: NetGear D1500 Home Router Contact: [email protected] Version :...
Simple Water Refilling Station Management System 1.0 Shell Upload
Exploit Title: Simple Water Refilling Station Management System 1.0 - Remote Code Execution RCE through File Upload Exploit Author: Matt Sorrell Date: 2021-08-14 Vendor Homepage: https://www.sourcecodester.com Software Link:...
Chrome JS WasmJs::InstallConditionalFeatures Object Corruption
Chrome: JS object corruption in WasmJs::InstallConditionalFeatures VULNERABILITY DETAILS void WasmJs::InstallConditionalFeaturesIsolate isolate, Handle context // Exception handling may have been enabled by an origin trial. If so, make // sure that the WebAssembly.Exception constructor is set up...
COMMAX UMS Client ActiveX Control 1.7.0.2 Buffer Overflow
COMMAX UMS Client ActiveX Control 1.7.0.2 CNCCtrl.dll Heap Buffer Overflow Vendor: COMMAX Co., Ltd. Prodcut web page: https://www.commax.com Affected version: 1.7.0.2 Summary: COMMAX activex web viewer UMS client 32bit for COMMAX DVR/NVR. Desc: The vulnerability is caused due to a boundary error ...
COMMAX WebViewer ActiveX Control 2.1.4.5 Buffer Overflow
COMMAX WebViewer ActiveX Control 2.1.4.5 CommaxWebViewer.ocx Buffer Overflow Vendor: COMMAX Co., Ltd. Prodcut web page: https://www.commax.com Affected version: 2.1.4.5 Summary: COMMAX activex web viewer client 32bit for COMMAX DVR/NVR. Desc: The vulnerability is caused due to a boundary error in...
COMMAX Biometric Access Control System 1.0.0 Authentication Bypass
COMMAX Biometric Access Control System 1.0.0 Authentication Bypass Vendor: COMMAX Co., Ltd. Prodcut web page: https://www.commax.com Affected version: 1.0.0 Summary: Biometric access control system. Desc: The application suffers from an authentication bypass vulnerability. An unauthenticated...
TastyIgniter 3.0.7 Cross Site Scripting
Exploit Title: XSS-Stored on TastyIgniter 3.0.7 Vulnerable parameter Customerfirstname on /customers/create Author: nu11secur1ty Testing and Debugging: nu11secur1ty Date: 08.13.2021 Vendor: https://tastyigniter.com/ Link:https://tastyigniter.com/download CVE: CVE-2021-38699 + Exploit Source:...
COMMAX Smart Home Ruvie CCTV Bridge DVR Service RTSP Credential Disclosure
COMMAX Smart Home Ruvie CCTV Bridge DVR Service RTSP Credentials Disclosure Vendor: COMMAX Co., Ltd. Prodcut web page: https://www.commax.com Affected version: n/a Summary: COMMAX Smart Home System is a smart IoT home solution for a large apartment complex that provides advanced life values and...
COMMAX CVD-Axx DVR 5.1.4 Weak Default Credentials Stream Disclosure
COMMAX CVD-Axx DVR 5.1.4 Weak Default Credentials Stream Disclosure Vendor: COMMAX Co., Ltd. Prodcut web page: https://www.commax.com Affected version: CVD-AH04 DVR 4.4.1 CVD-AF04 DVR 4.4.1 CVD-AH16 DVR 5.1.4 CVD-AF16 DVR 4.4.1 CVD-AF08 DVR 5.1.2 CVD-AH08 DVR 5.1.2 Summary: COMMAX offers a wide...
COMMAX Smart Home IoT Control System CDP-1020n SQL Injection
COMMAX Smart Home IoT Control System CDP-1020n SQL Injection Authentication Bypass Vendor: COMMAX Co., Ltd. Prodcut web page: https://www.commax.com Affected version: CDP-1020n 481 System Summary: COMMAX Smart Home System is a smart IoT home solution for a large apartment complex that provides...
Simple Water Refilling Station Management System 1.0 SQL Injection
Exploit Title: Simple Water Refilling Station Management System 1.0 - Authentication Bypass Exploit Author: Matt Sorrell Date: 2021-08-14 Vendor Homepage: https://www.sourcecodester.com Software Link:...
COMMAX Smart Home Ruvie CCTV Bridge DVR Service Unauthenticated Config Write / DoS
COMMAX Smart Home Ruvie CCTV Bridge DVR Service Unauthenticated Config Write / DoS Vendor: COMMAX Co., Ltd. Prodcut web page: https://www.commax.com Affected version: n/a Summary: COMMAX Smart Home System is a smart IoT home solution for a large apartment complex that provides advanced life value...
Tiny Java Web Server 1.115 Cross Site Scripting
Advisory ID: SYSS-2021-042 Product: Tiny Java Web Server and Servlet Container TJWS Manufacturer: D. Rogatkin Affected Versions: = 1.115 Tested Versions: 1.107, 1.114 Vulnerability Type: Cross-Site Scripting CWE-79 Risk Level: Medium Solution Status: Fixed Manufacturer Notification: 2021-07-21...
RATES SYSTEM 1.0 SQL Injection
Exploit Title: RATES SYSTEM 1.0 - Authentication Bypass Date: 2020-08-13 Exploit Author: Azumah Foresight Xorlali M4sk0ff Vendor Homepage: https://www.sourcecodester.com/php/14904/rates-system.html Software Link:...
HackTool.Win32.HKit Remote Command Execution
Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/6209db6e8cfd7c7a315ca858129bd226.txt Contact: [email protected] Media: twitter.com/malvuln Threat: HackTool.Win32.HKit Vulnerability: Unauthenticated Remote Command Execution Description: HaX0R'Z KiT...
PluXML 5.8.7 Cross Site Scripting
Exploit Title: XSS-Stored on PluXML 5.8.7 - latest parameter "idcontent" Author: nu11secur1ty Testing and Debugging: nu11secur1ty Date: 08.13.2021 Vendor: https://pluxml.org/ Link: https://sourceforge.net/projects/chikitsa/ CVE: CVE-2021-38603 + Exploit Source: !/usr/bin/python3 Author:...