50640 matches found
Microsoft Exchange Server msExchEcpCanary CSRF / Privilege Escalation
!/usr/bin/env python3 """ Microsoft Exchange Server msExchEcpCanary Cross Site Request Forgery Elevation of Privilege Vulnerability CVE: CVE-2021-24085 Summary This vulnerability allows remote attackers escalate privileges on affected installations of Microsoft Exchange Server. Authentication and...
Backdoor.Win32.Delf.adag Hardcoded Credentials / Traversal
Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/0e997ab441cd8c35010dd8db98aae2c2.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Delf.adag Vulnerability: Weak Hardcoded Credentials Description: The backdoor runs an...
VMware vCenter 6.5 / 7.0 Remote Code Execution Proof Of Concept
-- coding:utf-8 -- banner = """ 888888ba dP 88 8b 88 a88aaaa8P' .d8888b. d8888P .d8888b. dP dP 88 8b. 88' 88 88 Y8ooooo. 88 88 88 .88 88. .88 88 88 88. .88 88888888P 88888P8 dP 88888P' 88888P' ooooooooooooooooooooooooooooooooooooooooooooooooooooo @time:2021/02/24 CVE-2021-21972.py C0de by...
Softros LAN Messenger 9.6.4 Unquoted Service Path
Exploit Title: Softros LAN Messenger 9.6.4 - 'SoftrosSpellChecker' Unquoted Service Path Discovery by: Victor Mondragón Discovery Date: 23-02-2021 Vendor Homepage: https://www.softros.com/ Software Links : https://download.softros.com/SoftrosLANMessengerSetup.exe Tested Version: 9.6.4 Vulnerabili...
Backdoor.Win32.Agent.xw Denial Of Service / Null Pointer
Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/ed4242ad0274d3b311d8722f10b3abea.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Agent.xw Vulnerability: Remote Null Ptr Dereference - Denial of Service Description:...
Batflat CMS 1.3.6 Cross Site Scripting
Exploit Title: Batflat CMS 1.3.6 - 'multiple' Stored XSS Date: 22/02/2021 Exploit Author: Tadjmen Vendor Homepage: https://batflat.org/ Software Link: https://github.com/sruupl/batflat/archive/master.zip Version: 1.3.6 Tested on: Xammpp on Windows, Firefox Newest CVE : N/A Multiple Stored XSS...
LogonExpert 8.1 Unquoted Service Path
Exploit Title: LogonExpert 8.1 - 'LogonExpertSvc' Unquoted Service Path Discovery by: Victor Mondragón Discovery Date: 23-02-2021 Vendor Homepage: https://www.softros.com/ Software Links : https://download.logonexpert.com/LogonExpertSetup64.msi Tested Version: 8.1 Vulnerability Type: Unquoted...
Monica 2.19.1 Cross Site Scripting
Exploit Title: Monica 2.19.1 - 'lastname' Stored XSS Date: 22-02-2021 Exploit Author: BouSalman Vendor Homepage: https://www.monicahq.com/ Software Link: https://github.com/monicahq/monica/releases Version: Monica 2.19.1 Tested on: Ubuntu 18.04 CVE : CVE-2021-27370 POST /people HTTP/1.1 Host:...
Apache Flink JAR Upload Java Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Apache Flink JAR Upload Java Code Execution', 'Description' = %q This module uses job functionality in Apache Flink dashboard web interface to...
Backdoor.Win32.Agent.xs Insecure Permissions
Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/6c51a5ba17ffd317ad08541e20131ef3.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Agent.xs Vulnerability: Insecure Permissions Description: The malware creates a hidde...
eChat 1.0 SQL Injection
Exploit Title: eChat | Time-Based Blind SQL Injection Exploit Author: [email protected] Date: 2021-02-21 Vendor Homepage: https://www.sourcecodester.com/php/10498/echat-simple-chat-system-app-using-phpmysql.html Software Link:...
SpotAuditor 5.3.5 Denial Of Service
Exploit Title: SpotAuditor 5.3.5 - 'multiple' Denial Of Service PoC Exploit Author : Sinem Şahin Exploit Date: 2021-02-10 Vendor Homepage : http://www.nsauditor.com/ Link Software : http://spotauditor.nsauditor.com/downloads/spotauditorsetup.exe Tested on: Windows 7 x64 Version: 5.3.5 Steps: 1- R...
Product Key Explorer 4.2.7 Denial Of Service
Exploit Title: Product Key Explorer 4.2.7 - 'multiple' Denial of Service PoC Exploit Author : Sinem Şahin Exploit Date: 2021-02-23 Vendor Homepage : http://www.nsauditor.com/ Link Software : http://www.nsauditor.com/downloads/productkeyexplorersetup.exe Version: 4.2.7 Tested on: Windows 7 x64...
HFS (HTTP File Server) 2.3.x Remote Code Execution
Exploit Title: HFS HTTP File Server 2.3.x - Remote Command Execution 3 Google Dork: intext:"httpfileserver 2.3" Date: 20/02/2021 Exploit Author: Pergyz Vendor Homepage: http://www.rejetto.com/hfs/ Software Link: https://sourceforge.net/projects/hfs/ Version: 2.3.x Tested on: Microsoft Windows...
Trojan.Win32.Pluder.o Insecure Permissions
Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/ee22eea131c0e00162e4ba370f396a00.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Trojan.Win32.Pluder.o Vulnerability: Insecure Permissions Description: Creates an insecure dir named...
Backdoor.Win32.Inject.tyq Insecure Permissions
Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/833868d3092bea833839a6b8ec196046.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Inject.tyq Vulnerability: Insecure Permissions Description: The backdoor creates an d...
Backdoor.Win32.Ketch.h Buffer Overflow
Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/63c55ad21e0771c7f9ca71ec3bfcea0f.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Ketch.h Vulnerability: Remote Stack Buffer Overflow SEH Description: Ketch makes HTTP...
Backdoor.Win32.DarkKomet.irv Insecure Permissions
Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/a229acff4e0605ad24eaf3d9c44fdb1b.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.DarkKomet.irv Vulnerability: Insecure Permissions Description: DarkKomet.irv creates ...
Trojan.Win32.Pincav.cmfl Insecure Permissions
Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/9d296ebd6b4f79457fcc61e38dcce61e.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Trojan.Win32.Pincav.cmfl Vulnerability: Insecure Permissions Description: The trojan creates an...
Trojan-Proxy.Win32.Daemonize.i Denial Of Service
Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/61bec9f22a5955e076e0d5ddf6232f3f.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Trojan-Proxy.Win32.Daemonize.i Vulnerability: Remote Denial of Service Description: Daemonize.i...
Apache MyFaces 2.x Cross Site Request Forgery
Ceritude Securiy Advisory - CSA-2021-001 PRODUCT : Apache MyFaces VENDOR : The Apache Software Foundation SEVERITY : High AFFECTED VERSION : =2.2.13, =2.3.7, =2.3-next-M4, =2.1 branches IDENTIFIERS : CVE-2021-26296 PATCH VERSION : 2.2.14, 2.3.8, 2.3-next-M5, 3.0.0 FOUND BY : Wolfgang Ettlinger,...
Backdoor.Win32.DarkKomet.apcc Insecure Permissions
Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/8c82de32ab2b407451b9fc054c09f717.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.DarkKomet.apcc Vulnerability: Insecure Permissions Description: DarkKomet.apcc create...
Backdoor.Win32.DarkKomet.bhfh Insecure Permissions
Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/2e507b75c0df0fcb2f9a85f4a0c1bc04.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.DarkKomet.bhfh Vulnerability: Insecure Permissions Description: DarkKomet.bhfh create...
Online Exam System With Timer 1.0 SQL Injection
Exploit Title: Online Exam System With Timer 1.0 - 'email' SQL injection Auth Bypass Date: 2021-02-18 Exploit Author: Suresh Kumar Vendor Homepage: https://www.sourcecodester.com/ Software Link: https://www.sourcecodester.com/php/13877/online-exam-timer.html Tested On: Windows 10 Pro 10.0.18363 N...
Beauty Parlour Management System 1.0 SQL Injection
Exploit Title: Beauty Parlour Management System 1.0 - 'Service Name' SQL Injection Google Dork: N/A Date: 19/2/2021 Exploit Author: Thinkland Security Team Vendor Homepage: https://phpgurukul.com/beauty-parlour-management-system-using-php-and-mysql/ Software Link:...
Beauty Parlour Management System 1.0 Cross Site Scripting
Exploit Title: Beauty Parlour Management System 1.0 - 'Add Services' Cross-Site Scripting Date: 19/2/2021 Exploit Author: Thinkland Security Team Vendor Homepage: https://phpgurukul.com/beauty-parlour-management-system-using-php-and-mysql/ Software Link:...
dataSIMS Avionics ARINC 664-1 4.5.3 Buffer Overflow
Exploit Title: dataSIMS Avionics ARINC 664-1 - Local Buffer Overflow PoC Exploit Author: Kagan Capar Date: 2020-02-17 Vendor Homepage: https://www.ddc-web.com/ Software Link: https://www.ddc-web.com/en/connectivity/databus/milstd1553-1/software-1/bu-69414?partNumber=BU-69414 Version: 4.5.3 Tested...
Backdoor.Win32.Bionet.10 Anonymous Login
Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/be559307f5cd055f123a637b1135c8d3.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Bionet.10 Vulnerability: Anonymous Logon Description: The backdoor listens on TCP por...
OpenText Content Server 20.3 Cross Site Scripting
Exploit Title: OpenText Content Server 20.3 - 'multiple' Stored Cross-Site Scripting Date: 19/02/2021 Exploit Author: Kamil Breński Vendor Homepage: https://www.opentext.com/ Software Link: https://www.opentext.com/products-and-solutions/products/enterprise-content-management/content-management...
Comment System 1.0 Cross Site Scripting
Exploit Title: Comment System 1.0 - 'multiple' Stored Cross-Site Scripting Date: 2021-02-18 Exploit Author: Pintu Solanki Vendor Homepage: https://www.sourcecodester.com/ Software Link: https://www.sourcecodester.com/php/14713/comment-system-phpmysqli-full-source-code.html Software: : Comment...
Backdoor.Win32.Agent.aak Buffer Overflow
Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/64f2fd4dbd9039e5bc054f475eaa582aC.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Agent.aak Vulnerability: Remote Buffer Overflow Description: The HTTP backdoor serve...
Gitea 1.12.5 Remote Code Execution
Exploit Title: Gitea 1.12.5 - Remote Code Execution Authenticated Date: 17 Feb 2020 Exploit Author: Podalirius PoC demonstration article: https://podalirius.net/articles/exploiting-cve-2020-14144-gitea-authenticated-remote-code-execution/ Vendor Homepage: https://gitea.io/ Software Link:...
Batflat CMS 1.3.6 Remote Code Execution
Exploit Title: Batflat CMS 1.3.6 - Remote Code Execution Authenticated Date: 2020-12-27 Exploit Author: mari0x00 Vendor Homepage: https://batflat.org/ Software Link: https://github.com/sruupl/batflat/archive/master.zip Description:...
Backdoor.Win32.Agent.aak Code Execution / Cross Site Request Forgery
Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/64f2fd4dbd9039e5bc054f475eaa582aB.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Agent.aak Vulnerability: Cross Site Request Forgery CSRF - Code Execution Descriptio...
Apport 2.20 Privilege Escalation
Exploit Title: Apport 2.20 - Local Privilege Escalation Date: 18/02/21 Exploit Author: Gr33nh4t Vendor Homepage: https://ubuntu.com/ Version: Apport: Ubuntu 20.10 - Before 2.20.11-0ubuntu50.5 Apport: Ubuntu 20.04 - Before 2.20.11-0ubuntu27.16 Apport: Ubuntu 18.04 - Before 2.20.9-0ubuntu7.23 Appor...
Backdoor.Win32.Agent.aak Hardcoded Credentials
Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/64f2fd4dbd9039e5bc054f475eaa582a.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Agent.aak Vulnerability: Weak Hardcoded Credentials Description: The HTTP backdoor...
Faulty Evaluation System 1.0 Cross Site Scripting
Exploit Title: Faulty Evaluation System 1.0 - 'multiple' Stored Cross-Site Scripting Date: 2021-02-16 Exploit Author: Suresh Kumar Vendor Homepage: https://www.sourcecodester.com/ Software Link: https://www.sourcecodester.com/php/14710/faulty-evaluation-system-using-phpcodeigniter-source-code.htm...
Billing Management System 2.0 SQL Injection
Exploit Title: Billing Management System 2.0 - 'email' SQL injection Auth Bypass Date: 2021-02-16 Exploit Author: Pintu Solanki Vendor Homepage: https://www.sourcecodester.com/ Software Link: https://www.sourcecodester.com/php/14380/billing-management-system-php-mysql-updated.html Software: Billi...
Backdoor.Win32.Azbreg.aant Insecure Permissions
Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/dcc1855744f2d740745f096e4f031143.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Azbreg.aant Vulnerability: Insecure Permissions Description: Azbreg.aant backdoor...
Backdoor.Win32.Indexer.a Hardcoded Credentials
Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/2b576e7551afe1c7575dc680396f1b5b.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Indexer.a Vulnerability: Hardcoded Weak Credentials Description: Indexer.a backdoor...
AgataSoft PingMaster Pro 2.1 Denial Of Service
Exploit Title: AgataSoft PingMaster Pro 2.1 - Denial of Service PoC Date: 2021-02-15 Exploit Author: Ismael Nava Vendor Homepage: http://agatasoft.com/ Software Link: http://agatasoft.com/PingMasterPro.exe Version: 2.1 Tested on: Windows 10 Home x64 STEPS Open the program AgataSoft PingMaster Pro...
Online Internship Management System 1.0 SQL Injection
Exploit Title: Online Internship Management System 1.0 - 'email' SQL injection Auth Bypass Date: 16-02-2021 Exploit Author: Christian Vierschilling Vendor Homepage: https://www.sourcecodester.com Software Link:...
BlackCat CMS 1.3.6 Cross Site Scripting
Exploit Title: BlackCat CMS 1.3.6 - 'Display name' Cross Site Scripting XSS Date: 16-02-2021 Exploit Author: Kamaljeet Kumar - TATA Advanced Systems Limited Vendor Homepage: https://blackcat-cms.org/ Software Link: https://blackcat-cms.org/page/download.php Version: BlackCat CMS - 1.3.6 Tested on...
CASAP Automated Enrollment System 1.0 Cross Site Scripting
Exploit Title: CASAP Automated Enrollment System 1.0 - 'First Name' Stored XSS Author: nu11secur1ty Date: 02.15.2021 Vendor: https://www.sourcecodester.com/php/12210/casap-automated-enrollment-system.html Software Athor: https://www.sourcecodester.com/users/yna-ecole Link:...
Nsauditor 3.2.2.0 Denial Of Service
Exploit Title: Nsauditor 3.2.2.0 - 'Event Description' Denial of Service PoC Date: 2021-02-15 Exploit Author: Ismael Nava Vendor Homepage: https://www.nsauditor.com/ Software Link: http://www.nsauditor.com/downloads/nsauditorsetup.exe Version: 3.2.2.0 Tested on: Windows 10 Home x64 STEPS Open the...
Trojan-Spy.Win32.WinSpy.wlt Insecure Permissions
Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/00e1c4a654756dd6c9c81437c01ee3dd.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Trojan-Spy.Win32.WinSpy.wlt Vulnerability: Insecure Permissions Description: WinSpy.wlt trojan drops...
Backdoor.Win32.Bifrose.ahvb Insecure Permissions
Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/39e22b8b19f6aed59d2def00c4228d56.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Bifrose.ahvb Vulnerability: Insecure Permissions Description: The backdoor creates an...
Backdoor.Win32.Indexer.a Denial Of Service
Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/2b576e7551afe1c7575dc680396f1b5bB.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Indexer.a Vulnerability: Remote Denial Of Service Description: Indexer.a runs an FTP...
Backdoor.Win32.Burbul.b Anonymous Login
Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/3ee4cb2e06eb1f7fe54c89db903f3e7a.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Burbul.b Vulnerability: Anonymous Logon Description: Backdoor Burbul.b listens on TCP...
Backdoor.Win32.Cabrotor.21 Insecure Permissions
Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/af7001c2d6284a1295638576bc138cb2.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Cabrotor.21 Vulnerability: Insecure Permissions Description: Cabrotor.21 backdoor...