Visual Tools DVR VX16 4.2.28.0 Command Injection

Exploit Title: Visual Tools DVR VX16 4.2.28.0 - OS Command Injection Unauthenticated Date: 2021-07-05 Exploit Author: Andrea D'Ubaldo Vendor Homepage: https://visual-tools.com/ Version: Visual Tools VX16 v4.2.28.0 Tested on: VX16 Embedded Linux 2.6.35.4. An unauthenticated remote attacker can...

Netgear DGN2200v1 Remote Command Execution

Exploit Title: Netgear DGN2200v1 - Remote Command Execution RCE Unauthenticated Date: 02.07.2021 Exploit Author: SivertPL Vendor Homepage: https://www.netgear.com/ Version: All prior to v1.0.0.60 !/usr/bin/python """ NETGEAR DGN2200v1 Unauthenticated Remote Command Execution Author: SivertPL...

Black Box Kvm Extender 3.4.31307 Local File Inclusion

Exploit Title: Black Box Kvm Extender 3.4.31307 - Local File Inclusion Date: 05.07.2021 Exploit Author: Ferhat Çil Vendor Homepage: http://www.blackbox.com/ Software Link: https://www.blackbox.com/en-us/products/black-box-brand-products/kvm Version: 3.4.31307 Category: Webapps Tested on: Linux...

Visual Tools DVR VX16 4.2.28 Privilege Escalation

Exploit Title: Visual Tools DVR VX16 4.2.28 - Local Privilege Escalation Date: 2021-07-05 Exploit Author: Andrea D'Ubaldo Vendor Homepage: https://visual-tools.com/ Version: Visual Tools VX16 v4.2.28.0 Tested on: VX16 Embedded Linux 2.6.35.4. An attacker can perform a system-level root local...

Phone Shop Sales Managements System 1.0 Shell Upload

Exploit Title: Phone Shop Sales Managements System 1.0 - 'Multiple' Arbitrary File Upload to Remote Code Execution Date: 2021-07-06 Exploit Author: faisalfs10x https://github.com/faisalfs10x Vendor Homepage: https://www.sourcecodester.com/ Software Link:...

Exam Hall Management System 1.0 Shell Upload

Exploit Title: Exam Hall Management System 1.0 - Unrestricted File Upload Unauthenticated Date: 06/07/2021 Exploit Author: Thamer Almohammadi @Thamerz88 Vendor Homepage: https://www.sourcecodester.com Software Link:...

Backdoor.Win32.NerTe.781 Authentication Bypass / Code Execution

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/776e8bb41adf8bd95865c0b03637d8d7.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.NerTe.781 Vulnerability: Authentication Bypass RCE Description: The malware listens o...

WordPress Anti-Malware Security And Bruteforce Firewall 4.20.59 Directory Traversal

Exploit Title: WordPress Plugin Anti-Malware Security and Bruteforce Firewall 4.20.59 - Directory Traversal Date: 05.07.2021 Exploit Author: TheSmuggler Vendor Homepage: https://gotmls.net/ Software Link: https://gotmls.net/downloads/ Version: = 4.20.72 Tested on: Windows import requests...

perfexcrm 1.10 Cross Site Scripting

Exploit Title: perfexcrm 1.10 - 'State' Stored Cross-site scripting XSS Date: 05/07/2021 Exploit Author: Alhasan Abbas exploit.msf Vendor Homepage: https://www.perfexcrm.com/ Version: 1.10 Tested on: windows 10 Vunlerable page: /clients/profile POC: ---- POST /clients/profile HTTP/1.1 Host:...

NSClient++ 0.5.2.35 Privilege Escalation

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'NSClient++ 0.5.2.35 - Privilege escalation', 'Description' = %q This module allows an attacker with an unprivileged windows account to gain admin...

Billing System Project 1.0 Shell Upload

Exploit Title: Billing System Project 1.0 - Remote Code Execution RCE Unauthenticated Date: 06.07.2021 Exploit Author: Talha DEMİRSOY Software Link: https://www.sourcecodester.com/php/14831/billing-system-project-php-source-code-free-download.html Version: V 1.0 Tested on: Linux & Windows import...

Phone Shop Sales Managements System 1.0 SQL Injection

Exploit Title: Phone Shop Sales Managements System 1.0 - Authentication Bypass SQLi Date: 2021-07-06 Exploit Author: faisalfs10x https://github.com/faisalfs10x Vendor Homepage: https://www.sourcecodester.com/ Software Link:...

Pallets Werkzeug 0.15.4 Path Traversal

!/usr/bin/env python3 PoC code by @faisalfs10x https://github.com/faisalfs10x """ $ pip3 install colorama==0.3.3, argparse, requests, urllib3 $ python3 CVE-2019-14322.py -l listtarget.txt" """ import argparse import urllib3 urllib3.disablewarningsurllib3.exceptions.InsecureRequestWarning import...

Trojan-Dropper.Win32.Agent.wxl Insecure Permissions

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/8b17a68d7b2291f217b63e0377ee2b3a.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Trojan-Dropper.Win32.Agent.wxl Vulnerability: Insecure Permissions Description: The malware creates ...

Backdoor.Win32.WinShell.40 Authentication Bypass / Command Execution

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/83fe2cc7aedc452d71c751053a2112c4.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.WinShell.40 Vulnerability: Authentication Bypass Command Execution Description: Malwa...

WordPress WP Learn Manager 1.1.2 Cross Site Scripting

Exploit Title: WordPress Plugin WP Learn Manager 1.1.2 - Stored Cross-Site Scripting XSS Date: July 2, 2021 Exploit Author: Mohammed Adam Vendor Homepage: https://wplearnmanager.com/ Software Link: https://wordpress.org/plugins/learn-manager/ Version: 1.1.2 References link:...

Church Management System 1.0 Cross Site Scripting

Exploit Title: Church Management System 1.0 - 'Multiple' Stored Cross-Site Scripting XSS Date: 07/03/2021 Exploit Author: Murat DEMIRCI @butterflyhunt3r Vendor Homepage: https://www.sourcecodester.com Software Link: https://www.sourcecodester.com/php/11206/church-management-system.html Version: 1...

Virus.Win32.Shodi.e Insecure Transit

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/37d4a5ba123dd32f1e2c4ba0be14e77c.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Virus.Win32.Shodi.e Vulnerability: Insecure Transit Description: The virus listens on TCP port 7352...

OpenEMR 5.0.1.7 Path Traversal

Title: OpenEMR 5.0.1.7 - 'fileName' Path Traversal Authenticated 2 Exploit author: noraj Alexandre ZANNI for SEC-IT http://secit.fr Exploit source: https://github.com/sec-it/exploit-CVE-2019-14530 Date: 2021-06-24 Vendor Homepage: https://www.open-emr.org/ Software Link:...

Backdoor.Win32.Hupigon.aiss Unauthenticated Open Proxy

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/79affcb4051d36dde3d1543a4fd88368.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Hupigon.aiss Vulnerability: Unauthenticated Open Proxy Description: The malware liste...

Backdoor.Win32.NerTe.781 Code Execution

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/776e8bb41adf8bd95865c0b03637d8d7B.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.NerTe.781 Vulnerability: Unauthenticated Remote Command Execution Description:...

Virus.Win32.Shodi.e Heap Corruption

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/37d4a5ba123dd32f1e2c4ba0be14e77cC.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Virus.Win32.Shodi.e Vulnerability: Heap Corruption Description: The virus listens on TCP port 7352...

Ricon Industrial Cellular Router S9922XL Remote Command Execution

!/usr/bin/env python3 -- coding: utf-8 -- Ricon Industrial Cellular Router S9922XL Remote Command Execution Vendor: Ricon Mobile Inc. Product web page: https://www.riconmobile.com Affected version: Model: S9922XL and S9922L Firmware: 16.10.3 Summary: S9922L series LTE router is designed and...

Trojan-Proxy.Win32.Ranky.ag Unauthenticated Open Proxy

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/af4868303124ee4f765a16328e8993a6.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Trojan-Proxy.Win32.Ranky.ag Vulnerability: Unauthenticated Open Proxy Description: The malware liste...

Online Birth Certificate System 1.1 Cross Site Scripting

Exploit Title: Online Birth Certificate System 1.1 - 'Multiple' Stored Cross-Site Scripting XSS Date: 03 July 2021 Exploit Author: Subhadip Nag Author Linkedin: www.linkedin.com/in/subhadip-nag-09/ Vendor Homepage: https://phpgurukul.com Software Link:...

Backdoor.Win32.Hupigon.gsy Unauthenticated Open Proxy

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/7e99aa748b61fd0802fa19cf9e4cf1f8.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Hupigon.gsy Vulnerability: Unauthenticated Open Proxy Description: The malware listen...

Simple Client Management System 1.0 SQL Injection / Shell Upload

Exploit Title: Simple Client Management System 1.0 - Remote Code Execution RCE Date: July 4, 2021 Exploit Author: Ishan Saha Vendor Homepage: https://www.sourcecodester.com/ Software Link: https://www.sourcecodester.com/sites/default/files/download/oretnom23/client-details.zip Version: 1.0 Tested...

Trojan-Spy.Win32.Xspyout.a Unauthenticated Open Proxy

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/d1791ca15c5df6f8f5d007518efd65b6.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Trojan-Spy.Win32.Xspyout.a Vulnerability: Unauthenticated Open Proxy Description: The malware listen...

WordPress Backup Guard 1.5.8 Shell Upload

Exploit Title: Wordpress Plugin Backup Guard 1.5.8 - Remote Code Execution Authenticated Date 02.07.2021 Exploit Author: Ron Jost Hacker5preme Vendor Homepage: https://backup-guard.com/products/backup-wordpress Software Link: https://downloads.wordpress.org/plugin/backup.1.5.8.zip Version: Before...

Backdoor.Win32.Zombam.l Code Execution

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/9729e9fc004ea49d3c2ddee28736dae3B.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Zombam.l Vulnerability: Unauthenticated URL Command Injection Description: Zombam...

HEUR.Trojan.Win32.Generic Insecure Permissions

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/fe3fb2e929f95ed03233e7a4d622a28d.txt Contact: [email protected] Media: twitter.com/malvuln Threat: HEUR.Trojan.Win32.Generic Vulnerability: Insecure Permissions Description: The malware creates a dir...

Trojan.Win32.VB.bcng Insecure Permissions

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/10550ca42c32c22bdd0515020cff38dd.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Trojan.Win32.VB.bcng Vulnerability: Insecure Permissions Description: The malware creates a dir with...

Church Management System 1.0 SQL Injection

Exploit Title: Church Management System 1.0 - 'password' SQL Injection Authentication Bypass Date: 07/03/2021 Exploit Author: Murat DEMIRCI @butterflyhunt3r Vendor Homepage: https://www.sourcecodester.com Software Link: https://www.sourcecodester.com/php/11206/church-management-system.html Versio...

Online Voting System 1.0 SQL Injection / Remote Code Execution

Exploit Title: Online Voting System 1.0 - SQLi Authentication Bypass + Remote Code Execution RCE Exploit Author: Geiseric Original Exploit Author: deathflash1411 - https://www.exploit-db.com/exploits/50076 - https://www.exploit-db.com/exploits/50075 Date 02.07.2021 Vendor Homepage:...

Backdoor.Win32.Zombam.l Buffer Overflow

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/9729e9fc004ea49d3c2ddee28736dae3.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Zombam.l Vulnerability: Remote Stack Buffer Overflow Description: Zombam malware...

Virus.Win32.Shodi.e Remote Command Execution

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/37d4a5ba123dd32f1e2c4ba0be14e77cB.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Virus.Win32.Shodi.e Vulnerability: Unauthenticated Remote Command Execution Description: The virus...

Church Management System 1.0 Shell Upload

Exploit Title: Church Management System 1.0 - Unrestricted File Upload to Remote Code Execution Authenticated Date: 07/03/2021 Exploit Author: Murat DEMIRCI @butterflyhunt3r Vendor Homepage: https://www.sourcecodester.com Software Link:...

Trojan.Win32.Inject.adwas Insecure Permissions

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/acfce60da9031e00c22818f2616d6424.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Trojan.Win32.Inject.adwas Vulnerability: Insecure Permissions Description: The malware creates a dir...

Trojan-Dropper.Win32.SVB.cz Man-In-The-Middle

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/d57536189430fd75e45f53845e9b3f94B.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Trojan-Dropper.Win32.SVB.cz Vulnerability: Port Bounce Scan MITM Description: The malware listens o...

TextPattern CMS 4.9.0-dev Remote Command Execution

Exploit Title: TextPattern CMS 4.9.0-dev - Remote Command Execution RCE Authenticated Date: 07/04/2021 Exploit Author: Mevlüt Akçam Software Link: https://github.com/textpattern/textpattern Vendor Homepage: https://textpattern.com/ Version: 4.9.0-dev Tested on: 20.04.1-Ubuntu !/usr/bin/python3...

Trojan-Dropper.Win32.SVB.cz Authentication Bypass / Code Execution

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/d57536189430fd75e45f53845e9b3f94.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Trojan-Dropper.Win32.SVB.cz Vulnerability: Authentication Bypass RCE Description: The malware listen...

b2evolution 7.2.2 Cross Site Request Forgery

Exploit Title: b2evolution 7.2.2 - 'edit account details' Cross-Site Request Forgery CSRF Exploit Author: Alperen Ergel @alpernae Vendor Homepage: https://b2evolution.net/ Software Link: https://b2evolution.net/downloads/7-2-2 Version : 7.2.2 Tested on: Kali Linux Category: WebApp Description...

Scratch Desktop 3.17 Code Execution / Cross Site Scripting

Exploit Title: Scratch Desktop 3.17 - Cross-Site Scripting/Remote Code Execution XSS/RCE Google Dork: 'inurl:"/projects/editor/?tutorial=getStarted" -mit.edu' not foolproof on versioning Date: 2021-06-18 Exploit Author: Stig Magnus Baugstø Vendor Homepage: https://scratch.mit.edu/ Software Link:...

AKCP sensorProbe SPX476 Cross Site Scripting

Exploit Title: AKCP sensorProbe SPX476 - 'Multiple' Cross-Site Scripting XSS Date: 07-01-2021 Exploit Author: Tyler Butler Vendor Homepage: https://www.akcp.com/ Software Link: https://www.akcp.com/support-center/customer-login/sensorprobe-series-firmware-download/ Advisory:...

WordPress Modern Events Calendar 5.16.2 Information Disclosure

Exploit Title: Wordpress Plugin Modern Events Calendar 5.16.2 - Event export Unauthenticated Date 01.07.2021 Exploit Author: Ron Jost Hacker5preme Vendor Homepage: https://webnus.net/modern-events-calendar/ Software Link: https://downloads.wordpress.org/plugin/modern-events-calendar-lite.5.16.2.z...

Garbage Collection Management System 1.0 SQL Injection

Exploit Title: Garbage Collection Management System 1.0 - SQL Injection Unauthenticated Exploit Author: ircashem Date 02.07.2021 Vendor Homepage: https://www.sourcecodester.com/ Software Link: https://www.sourcecodester.com/php/14854/garbage-collection-management-system-php.html Version 1.0 Teste...

WordPress Modern Events Calendar 5.16.2 Shell Upload

Exploit Title: Wordpress Plugin Modern Events Calendar 5.16.2 - Remote Code Execution Authenticated Date 01.07.2021 Exploit Author: Ron Jost Hacker5preme Vendor Homepage: https://webnus.net/modern-events-calendar/ Software Link:...

WordPress XCloner 4.2.12 Remote Code Execution

Exploit Title: Wordpress Plugin XCloner 4.2.12 - Remote Code Execution Authenticated Date 30.06.2021 Exploit Author: Ron Jost Hacker5preme Vendor Homepage: https://www.xcloner.com/ Software Link: https://downloads.wordpress.org/plugin/xcloner-backup-and-restore.4.2.12.zip Version: 4.2.1 - 4.2.12...

Online Voting System 1.0 SQL Injection

Exploit Title: Online Voting System 1.0 - Authentication Bypass SQLi Exploit Author: deathflash1411 Date 30.06.2021 Vendor Homepage: https://www.sourcecodester.com/ Software Link: https://www.sourcecodester.com/php/4808/voting-system-php.html Version 1.0 Tested on: Ubuntu 20.04 Proof of Concept...

Online Voting System 1.0 Remote Code Execution

Exploit Title: Online Voting System 1.0 - Remote Code Execution Authenticated Exploit Author: deathflash1411 Date 30.06.2021 Vendor Homepage: https://www.sourcecodester.com/ Software Link: https://www.sourcecodester.com/php/4808/voting-system-php.html Version 1.0 Tested on: Ubuntu 20.04 Proof of...