50630 matches found
Veyon 4.4.1 Unquoted Service Path
Exploit Title: Veyon 4.4.1 - 'VeyonService' Unquoted Service Path Discovery by: Víctor García Discovery Date: 2020-03-23 Vendor Homepage: https://veyon.io/ Software Link: https://github.com/veyon/veyon/releases/download/v4.4.1/veyon-4.4.1.0-win64-setup.exe Tested Version: 4.4.1 Vulnerability Type...
Atlassian Jira 8.15.0 Username Enumeration
Exploit Title: Atlassian Jira 8.15.0 - Information Disclosure Username Enumeration Date: 31/05/2021 Exploit Author: Mohammed Aloraimi Vendor Homepage: https://www.atlassian.com/ Software Link: https://www.atlassian.com/software/jira Vulnerable versions: version 8.11.x to 8.15.0 Tested on: Kali...
CHIYU TCP/IP Converter CRLF Injection
Exploit Title: CHIYU TCP/IP Converter devices - CRLF injection Date: May 31 2021 Exploit Author: sirpedrotavares Vendor Homepage: https://www.chiyu-tech.com/msg/msg88.html Software Link: https://www.chiyu-tech.com/category-hardware.html Version: BF-430, BF-431, and BF-450M TCP/IP Converter device...
Ubee EVW327 Cross Site Request Forgery
Exploit Title: Ubee EVW327 - 'Enable Remote Access' Cross-Site Request Forgery CSRF Date: 2021-05-30 Exploit Author: lated Vendor Homepage: https://www.ubeeinteractive.com Version: EVW327 document.forms0.submit;...
WordPress WP Prayer 1.6.1 Cross Site Scripting
Exploit Title: WordPress Plugin WP Prayer version 1.6.1 - 'prayermessages' Stored Cross-Site Scripting XSS Authenticated Date: 2021-05-31 Exploit Author: Bastijn Ouwendijk Vendor Homepage: http://goprayer.com/ Software Link: https://wordpress.org/plugins/wp-prayer/ Version: 1.6.1 and earlier Test...
Backdoor.Win32.NetSpy.10 Heap Corruption
Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/e677149c35cbba118655d9b133da8827.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.NetSpy.10 Vulnerability: Heap Corruption Description: The malware listens on TCP port...
DupTerminator 1.4.5639.37199 Denial Of Service
Exploit Title: DupTerminator 1.4.5639.37199 - Denial of Service PoC Date: 2021-05-28 Author: Brian Rodríguez Software Site: https://sourceforge.net/projects/dupterminator/ Version: 1.4.5639.37199 Category: DoS Windows Vulnerability DupTerminator is vulnerable to a DoS condition when a long list o...
CHIYU IoT Cross Site Scripting
Exploit Title: CHIYU IoT devices - 'Multiple' Cross-Site Scripting XSS Date: May 31 2021 Exploit Author: sirpedrotavares Vendor Homepage: https://www.chiyu-tech.com/msg/msg88.html Software Link: https://www.chiyu-tech.com/category-hardware.html Version: BF-430, BF-431, BF-450M, BF-630, BF631-W,...
Backdoor.Win32.Whirlpool.a Buffer Overflow
Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/90171763d1cc62102b08482bac54ea8b.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Whirlpool.a Vulnerability: Remote Buffer Overflow - UDP Datagram Description: The...
PHP 8.1.0-dev Backdoor Remote Command Execution
!/usr/bin/env python3 Exploit Title: PHP 8.1.0-dev WebShell RCE Unauthenticated Date: 2021-05-31 Exploit Author: Mayank Deshmukh Vendor Homepage: https://www.php.net/ Software Link: https://github.com/vulhub/vulhub/tree/master/php/8.1-backdoor Version: PHP 8.1.0-dev Tested on: Kali GNU/Linux 2020...
Backdoor.Win32.WinShell.a Code Execution
Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/911a97737bd26e2a478f52e74b4fa01d.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.WinShell.a Vulnerability: Unauthenticated Remote Command Execution Description:...
IPS Community Suite 4.5.4.2 PHP Code Injection
------------------------------------------------------------------------------ IPS Community Suite = 4.5.4.2 previewBlock PHP Code Injection Vulnerability ------------------------------------------------------------------------------ - Software Link: https://invisioncommunity.com - Affected...
Backdoor.Win32.Netbus.12 Information Disclosure
Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/d9822984ed546cbf3ccffd149d1d2af5.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Netbus.12 Vulnerability: Unauthenticated Information Disclosure Description: The...
Backdoor.Win32.NetControl2.293 Code Execution
Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/15ca804e4634d9586f85b1d15ebe91a0.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.NetControl2.293 Vulnerability: Unauthenticated Remote Command Execution Description:...
Backdoor.Win32.NerTe.772 Code Execution
Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/464d7073f884b586b17950eef2908a6eB.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.NerTe.772 Vulnerability: Unauthenticated Remote Command Execution Description: The...
Trojan.Win32.Scar.dulk Insecure Permissions
Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/317cd84b5c0d11a9c3aacdfe2bb6031c.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Trojan.Win32.Scar.dulk Vulnerability: Insecure Permissions Description: The malware creates an...
Backdoor.Win32.NerTe.772 Authentication Bypass / Code Execution
Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/464d7073f884b586b17950eef2908a6e.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.NerTe.772 Vulnerability: Authentication Bypass RCE Description: The malware listens o...
Trixbox 2.8.0.4 Path Traversal
Exploit Title: Trixbox 2.8.0.4 - 'lang' Path Traversal Date: 27.05.2021 Exploit Author: Ron Jost Hacker5preme Credits to: https://secur1tyadvisory.wordpress.com/2018/02/13/trixbox-multiple-path-traversal-vulnerabilities-cve-2017-14537/ Credits to: Sachin Wagh Vendor Homepage:...
Selenium 3.141.59 Remote Code Execution
Exploit Title: Selenium 3.141.59 - Remote Code Execution Firefox/geckodriver Date: 2021-05-27 Exploit Author: Jon Stratton Vendor Homepage: https://www.selenium.dev/ Software Link: https://selenium-release.storage.googleapis.com/3.141/selenium-server-standalone-3.141.59.jar Version: 3.141.59 Test...
PHPFusion 9.03.50 Remote Code Execution
Exploit Title: PHPFusion 9.03.50 - Remote Code Execution Date: 20/05/2021 Exploit Author: g0ldm45k Vendor Homepage: https://www.php-fusion.co.uk/home.php Software Link: https://www.php-fusion.co.uk/infusions/downloads/downloads.php?catid=30&downloadid=606 Version: 9.03.50 Tested on: Docker + Debi...
Trixbox 2.8.0.4 Remote Code Execution
Exploit Title: Trixbox 2.8.0.4 - 'lang' Remote Code Execution Unauthenticated Date: 27.05.2021 Exploit Author: Ron Jost Hacker5preme Credits to: https://secur1tyadvisory.wordpress.com/2018/02/11/trixbox-os-command-injection-vulnerability-cve-2017-14535/ Credits to: Sachin Wagh Vendor Homepage:...
WordPress LifterLMS 4.21.0 Cross Site Scripting
Exploit Title: WordPress Plugin LifterLMS 4.21.0 - Stored Cross-Site Scripting XSS Date: 2021-05-10 Exploit Author: Captainhook Vendor Homepage: https://lifterlms.com/ Software Link: https://github.com/gocodebox/lifterlms/releases/tag/4.21.0 Version: LifterLMS alert/XSS/ 3- The XSS will be stored...
CommScope Ruckus IoT Controller 1.7.1.0 Hard-Coded Web Application Administrator Password
KL-001-2021-004: CommScope Ruckus IoT Controller Hard-coded Web Application Administrator Password Title: CommScope Ruckus IoT Controller Hard-coded Web Application Administrator Password Advisory ID: KL-001-2021-004 Publication Date: 2021.05.26 Publication URL:...
CommScope Ruckus IoT Controller 1.7.1.0 Hard-Coded API Keys Exposed
KL-001-2021-002: CommScope Ruckus IoT Controller Hard-coded API Keys Exposed Title: CommScope Ruckus IoT Controller Hard-coded API Keys Exposed Advisory ID: KL-001-2021-002 Publication Date: 2021.05.26 Publication URL: https://korelogic.com/Resources/Advisories/KL-001-2021-002.txt 1. Vulnerabilit...
CommScope Ruckus IoT Controller 1.7.1.0 Web Application Directory Traversal
KL-001-2021-005: CommScope Ruckus IoT Controller Web Application Directory Traversal Title: CommScope Ruckus IoT Controller Web Application Directory Traversal Advisory ID: KL-001-2021-005 Publication Date: 2021.05.26 Publication URL: https://korelogic.com/Resources/Advisories/KL-001-2021-005.txt...
CommScope Ruckus IoT Controller 1.7.1.0 Hard-Coded System Passwords
KL-001-2021-003: CommScope Ruckus IoT Controller Hard-coded System Passwords Title: CommScope Ruckus IoT Controller Hard-coded System Passwords Advisory ID: KL-001-2021-003 Publication Date: 2021.05.26 Publication URL: https://korelogic.com/Resources/Advisories/KL-001-2021-003.txt 1. Vulnerabilit...
CommScope Ruckus IoT Controller 1.7.1.0 Web Application Arbitrary Read/Write
KL-001-2021-006: CommScope Ruckus IoT Controller Web Application Arbitrary Read/Write Title: CommScope Ruckus IoT Controller Web Application Arbitrary Read/Write Advisory ID: KL-001-2021-006 Publication Date: 2021.05.26 Publication URL: https://korelogic.com/Resources/Advisories/KL-001-2021-006.t...
Postbird 0.8.4 Cross Site Scripting / Local File Inclusion
Exploit Title: Postbird 0.8.4 - Javascript Injection Date: 26 May 2021 Exploit Author: Debshubra Chakraborty Vendor Homepage: https://github.com/paxa/postbird Software Link: https://www.electronjs.org/apps/postbird Version: 0.8.4 Tested on: Linux CVE : CVE-2021-33570 """ XSS Payload LFI Payload...
Pandora FMS 6.0SP3 Cross Site Scripting
Exploit Title: XSS vulnerability for keywords searching parameter in pandorafms-6.0SP3/pandoraconsole Author: @nu11secur1ty Testing and Debugging: @nu11secur1ty Date: 05.27.2021 Vendor: https://pandorafms.com/ Link: https://github.com/pandorafms/pandorafms/releases CVE: 2021-0527-nu11secur1ty...
CommScope Ruckus IoT Controller 1.7.1.0 Unauthenticated API Endpoints
KL-001-2021-001: CommScope Ruckus IoT Controller Unauthenticated API Endpoints Title: CommScope Ruckus IoT Controller Unauthenticated API Endpoints Advisory ID: KL-001-2021-001 Publication Date: 2021.05.26 Publication URL: https://korelogic.com/Resources/Advisories/KL-001-2021-001.txt 1...
CommScope Ruckus IoT Controller 1.7.1.0 Undocumented Account
KL-001-2021-007: CommScope Ruckus IoT Controller Undocumented Account Title: CommScope Ruckus IoT Controller Undocumented Account Advisory ID: KL-001-2021-007 Publication Date: 2021.05.26 Publication URL: https://korelogic.com/Resources/Advisories/KL-001-2021-007.txt 1. Vulnerability Details...
RarmaRadio 2.72.8 Denial Of Service
Exploit Title: RarmaRadio 2.72.8 - Denial of Service PoC Date: 2021-05-25 Exploit Author: Ismael Nava Vendor Homepage: http://www.raimersoft.com/ Software Link: http://raimersoft.com/downloads/rarmaradiosetup.exe Version: 2.75.8 Tested on: Windows 10 Home x64 STEPS Open the program RarmaRadio Cli...
nginx 1.20.0 DNS Resolver Off-By-One Heap Write
Advisory X41-2021-002: nginx DNS Resolver Off-by-One Heap Write Vulnerability ============================================================================= Severity Rating: High Confirmed Affected Versions: 0.6.18 - 1.20.0 Confirmed Patched Versions: 1.21.0, 1.20.1 Vendor: F5, Inc. Vendor URL:...
ProFTPd 1.3.5 Remote Command Execution
Exploit Title: ProFTPd 1.3.5 - 'modcopy' Remote Command Execution 2 Date: 25/05/2021 Exploit Author: Shellbr3ak Version: 1.3.5 Tested on: Ubuntu 16.04.6 LTS CVE : CVE-2015-3306 !/usr/bin/env python3 import sys import socket import requests def exploitclient, target: client.connecttarget,21...
Pluck CMS 4.7.13 Remote Shell Upload
Exploit Title: Pluck CMS 4.7.13 - File Upload Remote Code Execution Authenticated Date: 25.05.2021 Exploit Author: Ron Jost Hacker5preme Vendor Homepage: https://github.com/pluck-cms/pluck Software Link: https://github.com/pluck-cms/pluck/releases/tag/4.7.13 Version: 4.7.13 Tested on Xubuntu 20.0...
Codiad 2.8.4 Shell Upload
Exploit Title: Codiad 2.8.4 - Remote Code Execution Authenticated 3 Date: 24.05.2021 Exploit Author: Ron Jost Hacker5preme Vendor Homepage: http://codiad.com/ Software Link: https://github.com/Codiad/Codiad/releases/tag/v.2.8.4 Version: 2.8.4 Tested on Xubuntu 20.04 CVE: CVE-2018-19423 '''...
i-doit 1.15.2 Cross Site Scripting
Exploit Title: SXX for i-doit 1.15.2 in parameret viewMode from Infrastructure Author: @nu11secur1ty Testing and Debugging: @nu11secur1ty Date: 05.25.2021 Vendor: https://www.i-doit.org/news/ Link: https://www.i-doit.org/new-minor-release-i-doit-open-1-15-2/ From Github:...
WordPress Cookie Law Bar 1.2.1 Cross Site Scripting
Exploit Title: WordPress Plugin Cookie Law Bar 1.2.1 - 'clbbarmsg' Stored Cross-Site Scripting XSS Date: 2021-05-24 Exploit Author: Mesut Cetin Vendor Homepage: https://www.cookielawinfo.com/wordpress-plugin/ Software Link: https://wordpress.org/plugins/cookie-law-bar/ Version: 1.2.1 Tested on:...
Gadget Works Online Ordering System 1.0 Cross Site Scripting
Exploit Title: Gadget Works Online Ordering System 1.0 - 'Category' Persistent Cross-Site Scripting XSS Date: 24-05-2021 Exploit Author: Vinay H C Vendor Homepage: https://www.sourcecodester.com/ Software Link:...
Backdoor.Win32.Upload.a Denial Of Service
Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/70711c4f594fe97ff6ab17039c133458.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Upload.a Vulnerability: Remote Denial of Service Description: The malware listens on...
Backdoor.Win32.Tonerok.d Code Execution
Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/b297c565899ace88f40e5da833f41561.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Tonerok.d Vulnerability: Unauthenticated Remote Command Execution Description: The...
Codiad 2.8.4 Remote Code Execution
Exploit Title: Codiad 2.8.4 - Remote Code Execution Authenticated 2 Date: 21.05.2021 Exploit Author: Ron Jost Hacker5preme Credits to: https://herolab.usd.de/security-advisories/usd-2019-0049/ Tobias Neitzel Vendor Homepage: http://codiad.com/ Software Link:...
Backdoor.Win32.Spion4 Insecure Transit
Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/cb02d2f323db18d7415dca47bceab9db.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Spion4 Vulnerability: Insecure Transit Description: SPION 4 Server terminal listens o...
WordPress ReDi Restaurant Reservation 21.0307 Cross Site Scripting
Exploit Title: WordPress Plugin ReDi Restaurant Reservation 21.0307 - 'Comment' Stored Cross-Site Scripting XSS Date: 2021-05-10 Exploit Author: Bastijn Ouwendijk Vendor Homepage: https://reservationdiary.eu/ Software Link: https://wordpress.org/plugins/redi-restaurant-reservation/ Version: 21.03...
iDailyDiary 4.30 Denial Of Service
Exploit Title: iDailyDiary 4.30 - Denial of Service PoC Date: 2021-05-21 Exploit Author: Ismael Nava Vendor Homepage: https://www.splinterware.com/index.html Software Link: https://www.splinterware.com/download/iddfree.exe Version: 4.30 Tested on: Windows 10 Home x64 STEPS Open the program...
PHP 8.1.0-dev Backdoor Remote Command Injection
Exploit Title: PHP 8.1.0-dev backdoor | Remote Command Injection Unauthenticated Date: 23/05/2021 Exploit Author: Richard Jones Vendor Homepage: https://www.php.net/ Software Link: https://github.com/vulhub/vulhub/tree/master/php/8.1-backdoor Version: PHP 8.1.0-dev Tested on: Linux Ubuntu 20.04.2...
Schlix CMS 2.2.6-6 Shell Upload / Directory Traversal
Exploit Title: Schlix CMS 2.2.6-6 - Arbitary File Upload And Directory Traversal Leads To RCE Authenticated Date: 21.05.2021 Exploit Author: Emir Polat Vendor Homepage: https://www.schlix.com/ Software Link: https://www.schlix.com/html/schlix-cms-downloads.html Version: 2.2.6-6 Tested On: Ubuntu...
Shopizer 2.16.0 Cross Site Scripting
Exploit Title: Shopizer alert1 and save it 4. Open "Customers" - XSS payload will trigger Reflected XSS - 'ref' parameter Description: A reflected cross-site scripting XSS vulnerability in Shopizer before version 2.17.0 allows remote attackers to inject arbitrary web script or HTML via the 'ref'...
Backdoor.Win32.Spirit.12.b Insecure Permissions
Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/2bcd471d9dd0a8d6194f4112c2ee520f.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Spirit.12.b Vulnerability: Insecure Permissions Description: Trojan Spirit 2001a 1.2...
ePowerSvc 6.0.3008.0 Unquoted Service Path
Exploit Title: ePowerSvc 6.0.3008.0 - 'ePowerSvc.exe' Unquoted Service Path Discovery by: Emmanuel Lujan Discovery Date: 2021-05-22 Vendor Homepage: https://www.acer.com Tested Version: 6.0.3008.0 Vulnerability Type: Unquoted Service Path Tested on OS: Windows 7 Home Premium x64 Step to discover...