50630 matches found
GitHub Missing Audit Logging
Original blog post here: https://wwws.nightwatchcybersecurity.com/2021/04/25/supply-chain-attacks-via-github-com-releases/ SUMMARY Release functionality on GitHub.com allows modification of assets within a release by any project collaborator. This can occur after the release is published, and...
Backdoor.Win32.Agent.afq Heap Corruption
Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/853754de6b8ffbe1321a8c91aab5c232C.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Agent.afq Vulnerability: Remote Heap Corruption Description: The malwares built-in...
PFSense 2.5.0 Cross Site Scripting
I. VULNERABILITY ------------------------- Store XSS Attacks vulnerabilities in PFSense Version 2.5.0 II. BACKGROUND ------------------------- The pfSense project is a free network firewall distribution, based on the FreeBSD operating system with a custom kernel and including third party free...
Backdoor.Win32.Agent.afq Missing Authentication
Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/853754de6b8ffbe1321a8c91aab5c232.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Agent.afq Vulnerability: Missing Authentication Description: The malwares built-in...
Kirby CMS 3.5.3.1 Cross Site Scripting
Exploit Title: Kirby CMS 3.5.3.1 - 'file' Cross-Site Scripting XSS Date: 21-04-2021 Exploit Author: Sreenath Raghunathan Vendor Homepage: https://getkirby.com/ Software Link: https://github.com/getkirby/kirby Version: 3.5.3.1REQUIRED CVE : CVE-2021-29460 POST /api/users//avatar HTTP/1.1 Host:...
Apache Druid 0.20.0 Remote Command Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Apache Druid 0.20.0 Remote Command Execution', 'Description' = %q Apache Druid includes the ability to execute user-provided JavaScript code...
Montiorr 1.7.6m Cross Site Scripting
Exploit Title: Montiorr 1.7.6m - File Upload to XSS Date: 25/4/2021 Exploit Author: Ahmad Shakla Software Link: https://github.com/Monitorr/Monitorr Tested on: Kali GNU/Linux 2020.2 Detailed Bug Description : https://arabcyberclub.blogspot.com/2021/04/monitor-176m-file-upload-to-xss.html An...
WordPress WPGraphQL 1.3.5 Denial Of Service
Exploit Title: WordPress Plugin WPGraphQL 1.3.5 - Denial of Service Author: Dolev Farhi Date: 2021-04-12 Vendor Homepage: https://www.wpgraphql.com/ Version: 1.3.5 Tested on: Ubuntu """ This attack uses duplication of fields amplified by GraphQL batched queries, resulting in server OOM and MySQL...
Kimai 1.14 CSV Injection
Exploit Title: Kimai 1.14 - CSV Injection Date: 26/04/2021 Exploit Author: Mohammed Aloraimi Vendor Homepage: https://www.kimai.org/ Software Link: https://github.com/kevinpapst/kimai2 Version: 1.14 Payload: @SUM1+9cmd|' /C calc'!A0 Tested on: Win10x64 Proof Of Concept: CSV Injection aka Excel...
VMware vRealize Operations Manager Server-Side Request Forgery / Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'VMware vRealize Operations vROps Manager SSRF RCE', 'Description' = %q This module exploits a pre-auth SSRF CVE-2021-21975 and post-auth file wri...
Hasura GraphQL 1.3.3 Remote Code Execution
Exploit Title: Hasura GraphQL 1.3.3 - Remote Code Execution Software: Hasura GraphQL Software Link: https://github.com/hasura/graphql-engine Version: 1.3.3 Exploit Author: Dolev Farhi Date: 4/23/2021 Tested on: Ubuntu import requests import sys HASURASCHEME = 'http' HASURAHOST = '192.34.57.144'...
SEO Panel 4.8.0 SQL Injection
Exploit Title: blind SQL injection on archive.php of SEO Panel 4.8.0 Author: nu11secur1ty Testing and Debugging: nu11secur1ty Date: 04.25.2021 Vendor: https://www.seopanel.org/ Link: https://www.seopanel.org/spdownload/4.8.0 CVE: CVE-2021-28419 + Exploit Source: !/usr/bin/python3 Author:...
OpenPLC 3 Remote Code Execution
Exploit Title: OpenPLC 3 - Remote Code Execution Authenticated Date: 25/04/2021 Exploit Author: Fellipe Oliveira Vendor Homepage: https://www.openplcproject.com/ Software Link: https://github.com/thiagoralves/OpenPLCv3 Version: OpenPLC v3 Tested on: Ubuntu 16.04,Debian 9,Debian 10 Buster...
Windows 10 Wi-Fi Drivers For Intel Wireless Adapters 22.30.0 Privilege Escalation
Hi @ll, the executable installers version 22.30.0 Latest, published 2/23/2021, for the "Windows® 10 Wi-Fi Drivers for Intel® Wireless Adapters", and , available from are SURPRISE! vulnerable: they allow arbitrary code execution WITH local escalation of privilege. CVSS 3.0 score: 8.2 High CVSS 3.0...
Worm.Win32.Busan.k Insecure Transit
Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/bcad7aa6cb6cb9d94377cd88acbca1c9.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Worm.Win32.Busan.k Vulnerability: Insecure Communication Protocol Description: Busan.k launches a...
Sipwise C5 NGCP CSC Cross Site Request Forgery
Sipwise C5 NGCP CSC CSRF Click2Dial Exploit Vendor: Sipwise GmbH Product web page: https://www.sipwise.com Affected version: =CEm39.3.1 NGCP wwwadmin version 3.6.7 Summary: Sipwise C5 also known as NGCP - the Next Generation Communication Platform is a SIP-based Open Source Class 5 VoIP soft-swit...
DzzOffice 2.02.1 Cross Site Scripting
Exploit Title: XSS attack app/setting in DzzOffice-2.02.1 Author: @nu11secur1ty Testing and Debugging: @nu11secur1ty, g3ck0dr1v3r Date: 04.23.2021 Vendor: http://www.dzzoffice.com/ Link: https://github.com/zyx0814/dzzoffice CVE: CVE-2021-3318 + Exploit Source: !/usr/bin/python3 Author:...
GetSimple CMS My SMTP Contact 1.1.1 CSRF/ XSS / Code Execution
Exploit Title: GetSimple CMS My SMTP Contact Plugin = v1.1.1 - CSRF to Stored XSS to RCE Exploit Author: Bobby Cooke boku Date: April 22nd, 2021 Vendor Homepage: http://get-simple.info & Software Link: http://get-simple.info/download/ Version: Exploit = v1.1.1 | Stored XSS = v1.1.2 Tested against...
Moodle 3.10.3 Cross Site Scripting
Exploit Title: Moodle 3.10.3 - 'url' Persistent Cross Site Scripting Date: 22/04/2021 Exploit Author: UVision Vendor Homepage: https://moodle.org/ Software Link: https://download.moodle.org Version: 3.10.3 Tested on: Debian/Windows 10 By having the role of a teacher or an administrator or a manag...
Document Management System 1.0 SQL Injection / Remote Code Execution
Exploit Title: Document Management System - SQL Injection to RCE webshell Date: 23/04/21 Exploit Author: Richard Jones Vendor Homepage: https://www.sourcecodester.com/php/7652/document-management-system.html Version: 1.0 Tested on: Windows 10 build 19041 + xampp 3.2.4 !/usr/bin/python3 import...
Sipwise C5 NGCP CSC Cross Site Scripting
Sipwise C5 NGCP CSC Multiple Stored/Reflected XSS Vulnerabilities Vendor: Sipwise GmbH Product web page: https://www.sipwise.com Affected version: =CEm39.3.1 NGCP wwwadmin version 3.6.7 Summary: Sipwise C5 also known as NGCP - the Next Generation Communication Platform is a SIP-based Open Source...
CMS Made Simple 2.2.15 Cross Site Scripting
Exploit Title: CMS Made Simple 2.2.15 - 'title' Cross-Site Scripting XSS Date: 2021/03/19 Exploit Author: bt0 Vendor Homepage: http://www.cmsmadesimple.org/ Software Link: https://s3.amazonaws.com/cmsms/downloads/14832/cmsms-2.2.15-install.zip Version: 2.2.15 CVE: CVE-2021-28935...
RemoteClinic 2.0 Cross Site Scripting
Exploit Title: RemoteClinic 2.0 - 'Multiple' Stored Cross-Site Scripting XSS Date: 13/04/2021 Exploit Author: Saud Ahmad Vendor Homepage: https://remoteclinic.io/ Software Link: https://github.com/remoteclinic/RemoteClinic Version: 2.0 Tested on: Windows 10 CVE : CVE-2021-30030, CVE-2021-30034,...
BMD BMDWeb 2.0 Cross Site Scripting
SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Stored Cross Site Scripting Outdated software library product: BMD BMDWeb 2.0 vulnerable version: BMD versions prior to 24.01.21 fixed version: 24.01.21 and 24.02.11 or...
Trojan-Dropper.Win32.Agent.xtp Insecure Permissions
Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/360bbc9e0926488f085029948ff6c759.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Trojan-Dropper.Win32.Agent.xtp Vulnerability: Insecure Permissions Description: The malware creates ...
IM-Worm.Win32.Bropia.aa Insecure Permissions
Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/ea6dfec6c3900ab422875119972d9c62.txt Contact: [email protected] Media: twitter.com/malvuln Threat: IM-Worm.Win32.Bropia.aa Vulnerability: Insecure Permissions Description: The malware creates an hidd...
Backdoor.Win32.DarkKomet.artr Insecure Permissions
Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/d2ee6046fd47de321d1310dccacca92b.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.DarkKomet.artr Vulnerability: Insecure Permissions Description: The malware creates a...
Packed.Win32.Black.d Unauthenticated Open Proxy
Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/17e3836682ffb0913459ece7c3f0786d.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Packed.Win32.Black.d Vulnerability: Unauthenticated Open Proxy Description: The malware listens on T...
OTRS 6.0.1 Remote Command Execution
Exploit Title: OTRS 6.0.1 - Remote Command Execution 2 Date: 21-04-2021 Exploit Author: Hex26 Vendor Homepage: https://www.otrs.com/ Software Link: http://ftp.otrs.org/pub/otrs/ Version: 4.0.1 - 4.0.26, 5.0.0 - 5.0.24, 6.0.0 - 6.0.1 Tested on: OTRS 5.0.2/CentOS 7.2.1511 CVE : CVE-2017-16921...
HEUR.Trojan.Win32.Generic Insecure Permissions
Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/1a98a0a769e7351ba16e1b91e9f26692.txt Contact: [email protected] Media: twitter.com/malvuln Threat: HEUR.Trojan.Win32.Generic Vulnerability: Insecure Permissions Description: The malware creates an...
Fast PHP Chat 1.3 SQL Injection
Exploit Title: Fast PHP Chat 1.3 - 'myitemsearch' SQL Injection Date: 15/04/2021 Exploit Author: Fatih Coskun Vendor Homepage: https://codecanyon.net/item/fast-php-chat-responsive-live-ajax-chat/10721076 Version: 1.3 Category: Webapps Tested on: Kali linux Description : The vulnerability allows a...
Adtran Personal Phone Manager 10.8.1 DNS Exfiltration
Exploit Title: Adtran Personal Phone Manager 10.8.1 - DNS Exfiltration Date: 1/21/2021 Exploit Author: 3ndG4me Vendor Homepage: https://adtran.com/web/page/portal/Adtran/wphome Version: v10.8.1 Tested on: NetVanta 7060 and NetVanta 7100 CVE : CVE-2021-25681 CVE-2021-25681 - AdTran Personal Phone...
Nagios XI 5.7.3 Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Nagios XI 5.5.0-5.7.3 - Snmptrap Authenticated Remote Code Exection', 'Description' = %q This module exploits an OS command injection vulnerabili...
Multilaser Router RE018 AC1200 Cross Site Request Forgery
Exploit Title: Multilaser Router RE018 AC1200 - Cross-Site Request Forgery Enable Remote Access Date: 14/04/2021 Exploit Author: Rodolfo Mariano Version: Firmware V02.03.01.45pt CVE: CVE-2021-31152 Exploit code: document.forms0.submit;...
WordPress RSS For Yandex Turbo 1.29 Cross Site Scripting
Exploit Title: WordPress Plugin RSS for Yandex Turbo 1.29 - Stored Cross-Site Scripting XSS Date: 17/04/2021 Exploit Author: Himamshu Dilip Kulkarni Software Link: https://wordpress.org/plugins/rss-for-yandex-turbo/ Version: 1.29 Tested on: Windows Steps to reproduce vulnerability: 1. Install...
GravCMS 1.10.7 Remote Command Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'GravCMS Remote Command Execution', 'Description' = %q This module exploits arbitrary config write/update vulnerability to achieve remote code...
Hasura GraphQL 1.3.3 Arbitrary File Read
Exploit Title: Hasura GraphQL 1.3.3 - Local File Read Software: Hasura GraphQL Software Link: https://github.com/hasura/graphql-engine Version: 1.3.3 Exploit Author: Dolev Farhi Date: 4/19./2021 Tested on: Ubuntu import requests import sys HASURASCHEME = 'http' HASURAHOST = '192.168.1.1' HASURAPO...
OpenEMR 5.0.2.1 Remote Code Execution
Exploit Title: OpenEMR 5.0.2.1 - Remote Code Execution Exploit Author: Hato0, BvThTrd Date: 2020-08-07 Vendor Homepage: https://www.open-emr.org/ Software Link: https://sourceforge.net/projects/openemr/files/OpenEMR%20Current/5.0.2.1/openemr-5.0.2.tar.gz/download Version: 5.0.2.1 without patches...
rconfig 3.9.6 Shell Upload
Exploit Title: rconfig 3.9.6 - Arbitrary File Upload to Remote Code Execution Authenticated 2 Exploit Author: Vishwaraj Bhattrai Date: 18/04/2021 Vendor Homepage: https://www.rconfig.com/ Software Link: https://www.rconfig.com/ Vendor: rConfig Version: = v3.9.6 Tested against Server Host:...
Tenda D151 / D301 Configuration Download
Exploit Title: Tenda D151 & D301 - Configuration Download Unauthenticated Date: 19-04-2021 Exploit Author: BenChaliah Author link: https://github.com/BenChaliah Vendor Homepage: https://www.tendacn.com Software Link: https://www.tendacn.com/us/download/detail-3331.html Versions: - D301 1.2.11.2EN...
Discourse 2.7.0 2FA Bypass
Exploit Title: Discourse 2.7.0 - Rate Limit Bypass leads to 2FA Bypass Date: 14/01/2021 Exploit Author: Mesh3l911 Vendor Homepage: https://www.discourse.org/ Software Link:https://github.com/discourse/discourse Version: Discourse 2.7.0 CVE: CVE-2021-3138 import requests username = input"\n input ...
Adtran Personal Phone Manager 10.8.1 Persistent Cross Site Scripting
Exploit Title: Adtran Personal Phone Manager 10.8.1 - 'emailAddress' Stored Cross-Site Scripting XSS Date: 1/21/2021 Exploit Author: 3ndG4me Vendor Homepage: https://adtran.com/web/page/portal/Adtran/wphome Version: v10.8.1 Tested on: NetVanta 7060 and NetVanta 7100 CVE : CVE-2021-25679...
Hasura GraphQL 1.3.3 Server-Side Request Forgery
Exploit Title: Hasura GraphQL 1.3.3 - Service Side Request Forgery SSRF Software: Hasura GraphQL Software Link: https://github.com/hasura/graphql-engine Version: 1.3.3 Exploit Author: Dolev Farhi Date: 4/19/2021 Tested on: Ubuntu import requests HASURASCHEME = 'http' HASURAHOST = '192.168.1.1'...
Adtran Personal Phone Manager 10.8.1 Cross Site Scripting
Exploit Title: Adtran Personal Phone Manager 10.8.1 - 'Multiple' Reflected Cross-Site Scripting XSS Date: 1/21/2021 Exploit Author: 3ndG4me Vendor Homepage: https://adtran.com/web/page/portal/Adtran/wphome Version: v10.8.1 Tested on: NetVanta 7060 and NetVanta 7100 CVE : CVE-2021-25680...
Hasura GraphQL 1.3.3 Denial Of Service
Exploit Title: Hasura GraphQL 1.3.3 - Denial of Service Software: Hasura GraphQL Software Link: https://github.com/hasura/graphql-engine Version: 1.3.3 Author: Dolev Farhi Date: 4/19/2021 Tested on: Ubuntu import sys import requests import threading HASURASCHEME = 'http' HASURAHOST = '192.168.1.1...
Cockpit CMS 0.11.1 NoSQL Injection / Remote Command Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'metasploit/framework/hashes/identify' class MetasploitModule 'Cockpit CMS NoSQLi to RCE', 'Description' = %q This module exploits two NoSQLi vulnerabilities to...
RemoteClinic 2 Cross Site Scripting
Exploit Title: Cross Site Scripting XSS RemoteClinic on register.php Author: nu11secur1ty Debug: g3ck0dr1v3r Date: 04.21.2021 Vendor: RemoteClinic Link: https://github.com/remoteclinic/RemoteClinic CVE: CVE-2021-30044 + Exploit Source:...
Phone Shop Sales Management System 1.0 Shell Upload
Exploit Title: Phone Shop Sales Management System - Arbitrary File Upload Unauthenticated Date: 20/04/21 Exploit Author: Richard Jones Vendor Homepage: https://www.sourcecodester.com/php/10882/phone-shop-sales-managements-system.html Version: 1.0 Tested on: Windows 10 build 19041 + xampp 3.2.4...
Fibaro Home Center MITM / Missing Authentication / Code Execution
IoT Inspector Research Lab Advisory IOT-20210408-0 title: Multiple vulnerabilities vendor/product: Fibaro Home Center Light / Fibaro Home Center 2 https://www.fibaro.com/ vulnerable version: 4.600 and older fixed version: 4.610 CVE number: CVE-2021-20989, CVE-2021-20990, CVE-2021-20991,...
Cisco RV Authentication Bypass / Code Execution
IoT Inspector Research Lab Security Advisory IOT-20210414-0 title: Cisco RV series Authentication Bypass and Remote Command Execution vendor/product: Cisco https://www.cisco.com/ vulnerable version: RV16X/RV26X: 1.0.01.02 & below. RV34X: 1.0.03.20 & below. fixed version: RV16X/RV26X: 1.0.01.03...