Backdoor.Win32.Delf.abb Insecure Transit

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/2910c3bea6732d5ed81a7c44d4354136.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Delf.abb Vulnerability: Insecure Transit Description: The malware listens on TCP port...

Customer Relationship Management System 1.0 Cross Site Scripting

Exploit Title: Customer Relationship Management CRM System 1.0 - 'Category' Persistent Cross site Scripting Date: 14-05-2021 Exploit Author: Vani K G Vendor Homepage: https://www.sourcecodester.com/ Software Link:...

Chamilo LMS 1.11.14 Remote Code Execution

Exploit Title: Chamilo LMS 1.11.14 - Remote Code Execution Authenticated Date: 13/05/2021 Exploit Author: M. Cory Billington @th3y Vendor Homepage: https://chamilo.org Software Link: https://github.com/chamilo/chamilo-lms Version: 1.11.14 Tested on: Ubuntu 20.04.2 LTS CVE: CVE-2021-31933 Writeup:...

Student Management System 1.0 Cross Site Scripting

Exploit Title: Student Management System 1.0 - 'message' Persistent Cross-Site Scripting Authenticated Date: 2021-05-13 Exploit Author: mohsen khashei kh4sh3i or [email protected] Vendor Homepage: https://github.com/amirhamza05/Student-Management-System Software Link:...

Podcast Generator 3.1 Cross Site Scripting

Exploit Title: Podcast Generator 3.1 - 'Long Description' Persistent Cross-Site Scripting XSS Date: 13/05/2021 Exploit Author: Ayşenur KARAASLAN Vendor Homepage: https://podcastgenerator.net/demoV2/ Software Link: https://podcastgenerator.net/download and...

ScadaBR 1.0 / 1.1CE Linux Shell Upload

!/usr/bin/python Exploit Title: Authenticated Arbitrary File Upload Remote Code Execution Google Dork: N/A Date: 04/21 Exploit Author: Fellipe Oliveira Vendor Homepage: https://www.scadabr.com.br/ Software Link: Version: ScadaBR 1.0, ScadaBR 1.1CE and ScadaBR 1.0 for Linux Tested on:...

Internet Explorer jscript9.dll Memory Corruption

Internet Explorer: Memory corruption in jscript9.dll related to scope of the arguments object There is a vulnerability in jscript9 that could be potentially used by an attacker to execute arbitrary code when viewing attacker-controlled website in Internet Explorer. The vulnerability has been...

ScadaBR 1.0 / 1.1CE Windows Shell Upload

!/usr/bin/python Exploit Title: Authenticated Arbitrary File Upload Remote Code Execution Google Dork: N/A Date: 03/2021 Exploit Author: Fellipe Oliveira Vendor Homepage: https://www.scadabr.com.br/ Software Link: https://www.scadabr.com.br/ Version: ScadaBR 1.0, ScadaBR 1.1CE and ScadaBR 1.0 for...

Dental Clinic Appointment Reservation System 1.0 SQL Injection

Exploit Title: Dental Clinic Appointment Reservation System 1.0 - Authentication Bypass SQLi Date: 12.05.2021 Exploit Author: Mesut Cetin Vendor Homepage: https://www.sourcecodester.com/php/6848/appointment-reservation-system.html Software Link:...

OpenPLC WebServer 3 Remote Code Execution

Exploit Title: OpenPLC WebServer v3 - Authenticated Remote Code Execution Google Dork: N/A Date: 25/04/2021 Exploit Author: Fellipe Oliveira Vendor Homepage: https://www.openplcproject.com/ Software Link: https://github.com/thiagoralves/OpenPLCv3 Version: OpenPLC v3 Tested on: Ubuntu 16.04,Debian...

ZeroShell 3.9.0 Remote Command Execution

Exploit Title: ZeroShell 3.9.0 - Remote Command Execution Google Dork: N/A Date: 10/05/2021 Exploit Author: Fellipe Oliveira Vendor Homepage: https://zeroshell.org/ Software Link: https://zeroshell.org/download/ Version: 3.9.0 Tested on: ZeroShell 3.9.0 CVE : CVE-2019-12725 !/usr/bin/python3 impo...

Firefox 72 IonMonkey JIT Type Confusion

Exploit Title: Firefox 72 IonMonkey - JIT Type Confusion Date: 2021-05-10 Exploit Author: deadlock Forrest Orr Vendor Homepage: https://www.mozilla.org/en-US/ Software Link: https://www.mozilla.org/en-US/firefox/new/ Versions: Firefox | | /| \ | |\ / / \ | | / | | / / / / |/ | /|/ \ / / || /||...

Microsoft Internet Explorer 8/11 Use-After-Free

Exploit Title: Microsoft Internet Explorer 8/11 and WPAD service 'Jscript.dll' - Use-After-Free Date: 2021-05-04 Exploit Author: deadlock Forrest Orr Vendor Homepage: https://www.microsoft.com/ Software Link: https://www.microsoft.com/en-gb/download/internet-explorer.aspx Versions: IE 8-11 64-bit...

Backdoor.Win32.Delf.zho Authentication Bypass / Code Execution

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/6b9f5a0512af3ab33c26eaa4bdf94f1f.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Delf.zho Vulnerability: Authentication Bypass RCE Description: The malware listens on...

Chevereto 3.17.1 Cross Site Scripting

Exploit Title: Chevereto 3.17.1 - Cross Site Scripting Stored Google Dork: "powered by chevereto" Date: 19.04.2021 Exploit Author: Akıner Kısa Vendor Homepage: https://chevereto.com/ Software Link: https://chevereto.com/releases Version: 3.17.1 Tested on: Windows 10 / Xampp Proof of Concept: 1...

Odoo 12.0.20190101 Unquoted Service Path

Exploit Title: Odoo 12.0.20190101 - 'nssm.exe' Unquoted Service Path Exploit Author: 1F98D Vendor Homepage: https://www.odoo.com/ Software Link: https://nightly.odoo.com/12.0/nightly/windows/odoo12.0.20190101.exe Tested Version: 12.0.20190101 Tested on OS: Windows Step to discover Unquoted Servic...

ExifTool DjVu ANT Perl Injection

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'ExifTool DjVu ANT Perl injection', 'Description' = %q This module exploits a Perl injection vulnerability in the DjVu ANT parsing code of ExifToo...

Splinterware System Scheduler Professional 5.30 Unquoted Service Path

Exploit Title: Splinterware System Scheduler Professional 5.30 - Unquoted Service Path Date: 2021-05-11 Exploit Author: Andrea Intilangelo Vendor Homepage: https://www.splinterware.com Software Link: https://www.splinterware.com/download/ssproeval.exe Version: 5.30 Professional Tested on: Windows...

Customer Relationship Management (CRM) System 1.0 Shell Upload

Exploit Title: Customer Relationship Management CRM Unrestricted File Upload unauthenticated Date: 11/05/2021 Exploit Author: Richard Jones Vendor Homepage: https://www.sourcecodester.com/php/14794/customer-relationship-management-crm-system-php-source-code.html Software Link:...

Hexagon G!nius Auskunftsportal SQL Injection

CVE-2021-32051 Hexagon G!nius Auskunftsportal before 5.0.0.0 allows SQL injection via the GiPWorkflow/Service/DownloadPublicFile id parameter. Additional Information PoC Payload: id=test' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CHR113||...

SIS-REWE GO 7.5.0/12C Cross Site Scripting

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Reflected Cross-site Scripting Vulnerabilities product: SIS Informatik - REWE GO vulnerable version: 7.5.0/12C fixed version: 7.7 SP17 CVE number: CVE-2021-31537 impact:...

Customer Relationship Management (CRM) System 1.0 SQL Injection

Exploit Title: Customer Relationship Management CRM System 1.0 - Admin Bypass SQLi Date: 11/05/2021 Exploit Author: Richard Jones Vendor Homepage: https://www.sourcecodester.com/php/14794/customer-relationship-management-crm-system-php-source-code.html Software Link:...

ERPNext 12.18.0 / 13.0.0 SQL Injection

Trovent Security Advisory 2103-01 Authenticated SQL injection in ERPNext 13.0.0/12.18.0 Overview Advisory ID: TRSA-2103-01 Advisory version: 1.0 Advisory status: Public Advisory URL: https://trovent.io/security-advisory-2103-01 Affected product: ERPNext Tested versions: 12.18.0 and 13.0.0 beta...

Customer Relationship Management (CRM) System 1.0 Cross Site Scripting

Exploit Title: Customer Relationship Management CRM System 1.0 - Stored XSS Date: 11/05/2021 Exploit Author: Richard Jones Vendor Homepage: https://www.sourcecodester.com/php/14794/customer-relationship-management-crm-system-php-source-code.html Software Link:...

ERPNext 12.18.0 / 13.0.0 Cross Site Scripting

Trovent Security Advisory 2103-02 Multiple XSS vulnerabilities in ERPNext 13.0.0/12.18.0 Overview Advisory ID: TRSA-2103-02 Advisory version: 1.0 Advisory status: Public Advisory URL: https://trovent.io/security-advisory-2103-02 Affected product: ERPNext Tested versions: 12.18.0 and 13.0.0 beta...

TFTP Broadband 4.3.0.1465 Unquoted Service Path

Exploit Title: TFTP Broadband 4.3.0.1465 - 'tftpt.exe' Unquoted Service Path Discovery by: Erick Galindo Discovery Date: 2020-05-07 Vendor Homepage: https://www.weird-solutions.com Software : https://www.weird-solutions.com/download/products/tftpbbv4retailx64.exe Tested Version: 4.3.0.1465...

Microweber CMS 1.1.20 Remote Code Execution

Exploit Title: Microweber CMS 1.1.20 - Remote Code Execution Authenticated Date: 2020-10-31 Exploit Author: sl1nki Vendor Homepage: https://microweber.org/ Software Link: https://github.com/microweber/microweber/tree/1.1.20 Version: " . shellexec$REQUEST"fexec" . ""; ?' Notes: SSL verification is...

Backdoor.Win32.Antilam.13.a Code Execution

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/1ef711b34cc278449f1997e4ed06334a.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Antilam.13.a Vulnerability: Unauthenticated Remote Command Execution Description: The...

Backdoor.Win32.MotivFTP.12 Authentication Bypass / Code Execution

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/88785a093b8fa00893214dd220ac255d.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.MotivFTP.12 Vulnerability: Authentication Bypass RCE Description: The malware listens...

Human Resource Information System 0.1 Cross Site Scripting

Exploit Title: Human Resource Information System 0.1 - 'First Name' Persistent Cross-Site Scripting Authenticated Date: 04-05-2021 Exploit Author: Reza Afsahi Vendor Homepage: https://www.sourcecodester.com Software Link:...

AWS CloudShell Terminal Escape Injection / Remote Code Execution

Terminal escape injection in AWS CloudShell The javascript terminal emulator used by AWS CloudShell handles certain terminal escape codes incorrectly. This can lead to remote code execution if attacker controlled data is displayed in a CloudShell instance. The bug is in the handling of DCS escape...

OpenNetAdmin 18.1.1 Remote Command Execution

!/usr/bin/env ruby Exploit Title: OpenNetAdmin 8.5.14 --debug FILE version --debug FILE -h | --help exploit: Exploit the RCE vuln version: Try to fetch OpenNetAdmin version Options: Root URL base path including HTTP scheme, port and root folder Command to execute on the target --debug Display...

BOOTP Turbo 2.0.0.1253 Unquoted Service Path

Exploit Title: BOOTP Turbo 2.0.0.1253 - 'bootpt.exe' Unquoted Service Path Discovery by: Erick Galindo Discovery Date: 2020-05-07 Vendor Homepage: https://www.weird-solutions.com Software : https://www.weird-solutions.com/download/products/bootptdemox64.exe Tested Version: 2.0.0.1253 Vulnerabilit...

DHCP Broadband 4.1.0.1503 Unquoted Service Path

Exploit Title: DHCP Broadband 4.1.0.1503 - 'dhcpt.exe' Unquoted Service Path Discovery by: Erick Galindo Discovery Date: 2020-05-07 Vendor Homepage: https://www.weird-solutions.com Software : https://www.weird-solutions.com/download/products/dhcpbbv4retailx64.exe Tested Version: 4.1.0.1503...

PHP Timeclock 1.04 SQL Injection

Exploit Title: PHP Timeclock 1.04 - Time and Boolean Based Blind SQL Injection Date: 03.05.2021 Exploit Author: Tyler Butler Vendor Homepage: http://timeclock.sourceforge.net Software Link: https://sourceforge.net/projects/timeclock/files/PHP%20Timeclock/PHP%20Timeclock%201.04/ Version: 1.04 Test...

PHP Timeclock 1.04 Cross Site Scripting

Exploit Title: PHP Timeclock 1.04 - 'Multiple' Cross Site Scripting XSS Date: May 3rd 2021 Exploit Author: Tyler Butler Vendor Homepage: http://timeclock.sourceforge.net Software Link: https://sourceforge.net/projects/timeclock/files/PHP%20Timeclock/PHP%20Timeclock%201.04/ Version: 1.04 Tested on...

Sandboxie 5.49.7 Denial Of Service

Exploit Title: Sandboxie 5.49.7 - Denial of Service PoC Date: 06/05/2021 Author: Erick Galindo Vendor Homepage: https://sandboxie-plus.com/ Software https://github.com/sandboxie-plus/Sandboxie/releases/download/0.7.4/Sandboxie-Classic-x64-v5.49.7.exe Version: 5.49.7 Tested on: Windows 10 Pro x64 ...

WifiHotSpot 1.0.0.0 Unquoted Service Path

Exploit Title: WifiHotSpot 1.0.0.0 - 'WifiHotSpotService.exe' Unquoted Service Path Discovery by: Erick Galindo Discovery Date: 2020-05-06 Vendor Homepage: https://www.gearboxcomputers.com/downloads/wifihotspot.exe Tested Version: 1.0.0.0 Vulnerability Type: Unquoted Service Path Tested on OS:...

macOS Gatekeeper Check Bypass

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'macOS Gatekeeper check bypass', 'Description' = %q This module serves an OSX app as a zip that contains no Info.plist, which bypasses gatekeeper ...

Sandboxie Plus 0.7.4 Unquoted Service Path

Exploit Title: Sandboxie Plus 0.7.4 - 'SbieSvc' Unquoted Service Path Discovery by: Erick Galindo Discovery Date: 2020-05-06 Vendor Homepage: https://github.com/sandboxie-plus/Sandboxie/releases/download/0.7.4/Sandboxie-Plus-x64-v0.7.4.exe Tested Version: 0.7.4 Vulnerability Type: Unquoted Servic...

Voting System 1.0 SQL Injection

Exploit Title: Voting System 1.0 - Authentication Bypass SQLI Date: 06/05/2021 Exploit Author: secure77 Vendor Homepage: https://www.sourcecodester.com/php/12306/voting-system-using-php.html Software Link:...

Human Resource Information System 0.1 Remote Code Execution

Exploit Title: Human Resource Information System 0.1 - Remote Code Execution Unauthenticated Date: 04-05-2021 Exploit Author: Reza Afsahi Vendor Homepage: https://www.sourcecodester.com Software Link:...

Epic Games Easy Anti-Cheat 4.0 Local Privilege Escalation

Epic Games Easy Anti-Cheat 4.0 Local Privilege Escalation Vendor: Epic Games, Inc. Product web page: https://www.epicgames.com https://www.easy.ac Affected version: 4.0.0.0 Summary: Easy Anti-Cheat is the industry-leading anti–cheat service, countering hacking and cheating in multiplayer PC games...

Voting System 1.0 Shell Upload

Exploit Title: Voting System 1.0 - Remote Code Execution Unauthenticated Date: 07/05/2021 Exploit Author: secure77 Vendor Homepage: https://www.sourcecodester.com/php/12306/voting-system-using-php.html Software Link:...

Anote 1.0 Cross Site Scripting / Code Execution

Exploit Title: Anote 1.0 XSS to RCE Exploit Author: TaurusOmar Twitter:@TaurusOmar HomePage:taurusomar.com Date: May 4th, 2021 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Risk: High 8.8 Vendor Homepage: https://github.com/AnotherNote/anote Version: 1.0 Tested on: Linux, MacOs Software Descriptio...

Markright 1.0 Cross Site Scripting / Code Execution

Exploit Title: Markright 1.0 XSS to RCE Exploit Author: TaurusOmar Twitter:@TaurusOmar HomePage:taurusomar.com Date: May 4th, 2021 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Risk: High 8.8 Vendor Homepage: https://github.com/dvcrn/markright Version: 1.0 Tested on: Linux, MacOs,Windows Software...

Tagstoo 2.0.1 Cross Site Scripting / Code Execution

Exploit Title: Tagstoo v2.0.1 - Stored XSS to RCE Exploit Author: TaurusOmar Twitter:@TaurusOmar HomePage:taurusomar.com Date: May 4th, 2021 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Risk: High 8.8 Vendor Homepage: https://tagstoo.sourceforge.io/ Version: v2.0.1 Tested on: Windows, Linux, MacO...

Marky 0.0.1 Cross Site Scripting / Code Execution

Exploit Title: Marky 0.0.1 XSS to RCE Exploit Author: TaurusOmar Twitter:@TaurusOmar HomePage:taurusomar.com Date: May 4th, 2021 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Risk: High 8.8 Vendor Homepage: https://github.com/vesparny/marky Version: 0.0.1 Tested on: Linux, MacOs, Windows Software...

Moeditor 0.2.0 Cross Site Scripting / Code Execution

Exploit Title: Moeditor 0.2.0 XSS to RCE Exploit Author: TaurusOmar Twitter:@TaurusOmar HomePage:taurusomar.com Date: May 4th, 2021 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Risk: High 8.8 Vendor Homepage: https://moeditor.js.org/ Version: 0.2.0 Tested on: Windows, Linux, MacOs Software...

Xmind 2020 Cross Site Scripting / Code Execution

Exploit Title: Xmind 2020 XSS to RCE Exploit Author: TaurusOmar Twitter:@TaurusOmar HomePage:taurusomar.com Date: May 4th, 2021 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Risk: High 8.8 Vendor Homepage: https://www.xmind.net/ Version: 2020 Tested on: Windows, Linux, MacOs Software Description:...