50637 matches found
WordPress Supsystic Data Tables Generator 1.9.96 XSS / SQL Injection
Exploit Title: WordPress Plugin Supsystic Data Tables Generator 1.9.96 - Multiple Vulnerabilities Date: 24/07/2020 Exploit Author: Erik David Martin Vendor Homepage: https://supsystic.com/ Software Link: https://downloads.wordpress.org/plugin/data-tables-generator-by-supsystic.1.9.96.zip Category...
Trojan-Spy.Win32.WinSpy.vwl Insecure Permissions
Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/0187e62ca40cb3d556a2c5825620bd8f.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Trojan-Spy.Win32.WinSpy.vwl Vulnerability: Insecure Permissions EoP Description: WinSpy.vwl create t...
Trojan.Win32.Gentee.b Insecure Permissions
Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/86e63bb63f3baf48ad3bf24c3f5b7e40.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Trojan.Win32.Gentee.b Vulnerability: Insecure Permissions EoP Description: Trojan creates a vuln dir...
Trojan-Spy.Win32.SpyEyes.auqj Insecure Permissions
Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/ea6ed38ab5264cd92f0d42eb020e87d8.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Trojan-Spy.Win32.SpyEyes.auqj Vulnerability: Insecure Permissions EoP Description: SpyEyes.auqj...
WordPress Welcart e-Commerce 2.0.0 SQL Injection
Exploit Title: WordPress Plugin Welcart e-Commerce 2.0.0 - 'searchordercolumn0' SQL injection Date: 04/08 2020 Exploit Author: Erik David Martin Vendor Homepage: https://www.welcart.com/ Software Link: https://downloads.wordpress.org/plugin/usc-e-shop.2.0.0.zip Category: Web Application Version:...
Trojan-Spy.Win32.SpyEyes.awow Insecure Permissions
Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/e61a6755db1c59eb1d219b761de925f4.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Trojan-Spy.Win32.SpyEyes.awow Vulnerability: Insecure Permissions EoP Description: SpyEyes.awow...
Trojan-Spy.Win32.SpyEyes.auwl Insecure Permissions
Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/0115ba22a0d009a13d0748027dd62e2a.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Trojan-Spy.Win32.SpyEyes.auwl Vulnerability: Insecure Permissions EoP Description: SpyEyes creates a...
Unibox 2.4 CSRF / Remote Code Execution
===================================================== Authenticated Remote Code Execution In Unibox 2.4 ===================================================== . contents:: Table Of Content Overview ======== Title:- Authenticated command execution in all UNIBOX WiFi Hotspot Controller. CVE ID:- Not...
SmartFoxServer 2X 2.17.0 Credential Disclosure
SmartFoxServer 2X 2.17.0 Credentials Disclosure Vendor: gotoAndPlay Product web page: https://www.smartfoxserver.com Affected version: Server: 2.17.0 Remote Admin: 3.2.6 SmartFoxServer 2X, Pro, Basic Summary: SmartFoxServer SFS is a comprehensive SDK for rapidly developing multiplayer games and...
WordPress Supsystic Ultimate Maps 1.1.12 SQL Injection
Exploit Title: WordPress Plugin Supsystic Ultimate Maps 1.1.12 - 'sidx' SQL injection Date: 24/07/2020 Exploit Author: Erik David Martin Vendor Homepage: https://supsystic.com/ Software Link: https://downloads.wordpress.org/plugin/ultimate-maps-by-supsystic.1.1.12.zip Category: Web Application...
Jenzabar 9.2.2 Cross Site Scripting
Exploit Title: Jenzabar 9.2.2 - 'query' Reflected XSS. Date: 2021–02–06 Exploit Author: y0ungdst Vendor Homepage: https://jenzabar.com Version: Jenzabar — v9.2.0-v9.2.1-v9.2.2 and maybe other versions Tested on: Windows 10 CVE : CVE-2021–26723 -Description: A Reflected Cross-site scripting XSS...
AMD Fuel Service Unquoted Service Path
Exploit Title: AMD Fuel Service - 'Fuel.service' Unquote Service Path Discovery by: Hector Gerbacio Discovery Date: 2021-02-05 Vendor Homepage: https://www.amd.com/ Tested Version: 1.0.0.0 Vulnerability Type: Unquoted Service Path Tested on OS: Windows 8.1 con Bing Step to discover Unquoted Servi...
LiteSpeed Web Server Enterprise 5.4.11 Command Injection
Exploit Title: LiteSpeed Web Server Enterprise 5.4.11 - Command Injection Authenticated Date: 05/20/2021 Exploit Author: cmOs - SunCSR Vendor Homepage: https://www.litespeedtech.com/ Software Link: https://www.litespeedtech.com/products Version: 5.4.11 Ubuntu/Kali Linux Step 1: Log in to the...
SEO Panel 4.6.0 Remote Code Execution
Exploit Title: SEO Panel 4.6.0 - Remote Code Execution 2 Date: 22 Jan 2021 Exploit Author: Kr0ff Vendor Homepage: https://www.seopanel.org/https://www.kentico.com/ Software Link: https://www.seopanel.org/spdownload/4.6.0 Version: 4.6.0 Tested on: Ubuntu 20.04 !/usr/bin/env python3 ''' DESCRIPTION...
Sudo 1.8.31p2 / 1.9.5p1 Buffer Overflow
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Sudo Heap-Based Buffer Overflow', 'Description' = %q A heap based buffer overflow exists in the sudo command line utility that can be exploited b...
PhreeBooks 5.2.3 Remote Code Execution
Exploit Title: PhreeBooks 5.2.3 - Remote Code Execution Date: 22 Jan 2021 Exploit Author: Kr0ff Vendor Homepage: https://www.phreesoft.com/ Software Link: https://sourceforge.net/projects/phreebooks/ Version: 5.2.3 Tested on: Windows Server 2016 !/usr/bin/env python3 ''' DESCRIPTION: - PhreeBooks...
Car Rental Project 2.0 Shell Upload
Exploit Title: Car Rental Project 2.0 - Arbitrary File Upload to Remote Code Execution Date: 3/2/2021 Exploit Author: Jannick Tiger Vendor Homepage: https://phpgurukul.com/ Software Link: https://phpgurukul.com/car-rental-project-php-mysql-free-download/ Version : V 2.0 Vulnerability Type:...
Pixelimity 1.0 Cross Site Request Forgery
Exploit Title: Pixelimity 1.0 - 'password' Cross-Site Request Forgery Date: 2020-06-03 Exploit Author: Noth Vendor Homepage: https://github.com/pixelimity/pixelimity Software Link: https://github.com/pixelimity/pixelimity Version: v1.0 CVE : 2020-23522 Pixelimity 1.0 has cross-site request forger...
Backdoor.Win32.RemoteManipulator.brr Insecure Permissions
Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/717f316391b6a7b97fa160b0a627a413.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.RemoteManipulator.brr Vulnerability: Insecure Permissions EoP Description: This malwa...
Backdoor.Win32.NetBull.11.b Remote Buffer Overflow
Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/0e0fc966862971c29edd4dcaa0ba8e86.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.NetBull.11.b Vulnerability: Remote Buffer Overflow Description: NetBull.11.b listens ...
Sudo 1.9.5p1 Buffer Overflow / Privilege Escalation
Exploit Title: Sudo 1.9.5p1 - 'Baron Samedit ' Heap-Based Buffer Overflow Privilege Escalation 1 Date: 2021-02-02 Exploit Author: West Shepherd Version: Sudo legacy versions from 1.8.2 to 1.8.31p2, stable versions from 1.9.0 to 1.9.5p1. Tested on: Ubuntu 20.04.1 LTS Sudo version 1.8.31 CVE :...
Student Record System 4.0 SQL Injection
Exploit Title: Student Record System 4.0 - 'sid' SQL Injection Google Dork: N/A Date: 2/2/2021 Exploit Author: Jannick Tiger Vendor Homepage: https://phpgurukul.com/ Software Link: https://phpgurukul.com/wp-content/uploads/2019/05/schoolmanagement.zip Version: V 4.0 Tested on: Windows、XAMPP...
Backdoor.Win32.Buterat.cxq Insecure Permissions
Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/8bfac1f52a94f36b711e20bce30161cc.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Buterat.cxq Vulnerability: Insecure Permissions EoP Description: This malware creates...
Backdoor.Win32.Xyligan.blp Insecure Permissions
Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/6b9afcad282516173c0ab8a6eb91e8b4.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Xyligan.blp Vulnerability: Insecure Permissions EoP Description: Xyligan.blp creates ...
Backdoor.Win32.Celine Missing Authentication
Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/3a634db497c417679d7a20587d689d1f.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Celine Vulnerability: Missing Authentication Description: MTX Celine Trojan 3.3.3 by...
Zoo Management System 1 SQL Injection
Exploit Title: Zoo Management System v1 unauthenticated time & boolean based Blind SQL Injection Google Dork: N/A Date: 29/1/2021 Exploit Author: Zeyad Azima Vendor Homepage: https://phpgurukul.com/ Software Link: https://phpgurukul.com/zoo-management-system-using-php-and-mysql/ Version: V1 Teste...
User Management System 1 SQL Injection
Exploit Title: user management system v1 authenticated Blind SQL Injection Google Dork: N/A Date: 29/1/2021 Exploit Author: Zeyad Azima Vendor Homepage: https://phpgurukul.com/ Software Link: https://phpgurukul.com/user-management-system-in-php-using-stored-procedure/ Version: V1 Tested on: Windo...
MyBB Thread Redirect 0.2.1 Cross Site Scripting
Exploit Title: MyBB Thread Redirect Plugin 0.2.1 - Cross-Site Scripting Date: 7/23/2018 Author: 0xB9 Software Link: https://github.com/jamiesage123/Thread-Redirect Version: 0.2.1 Tested on: Windows 10 1. Description: This plugin allows threads to redirect to a URL with optional custom text. The...
bloofoxCMS 0.5.2.1 Cross Site Request Forgery
Title: bloofoxCMS 0.5.2.1 - CSRF Add user Exploit Author: LiPeiYi Date: 2020-12-18 Vendor Homepage: https://www.bloofox.com/ Software Link: https://github.com/alexlang24/bloofoxCMS/releases/tag/0.5.2.1 Version: 0.5.1.0 -.5.2.1 Tested on: windows 10 Desc: The application interface allows users to...
Online Reviewer System 1.0 SQL Injection / Shell Upload
!/bin/bash Exploit Title: Online Reviewer System PHPPDO - RCE & ADMIN BYPASS Exploit Author: Richard Jones Date: 2021-01-31 Vendor Homepage: https://www.sourcecodester.com/php/12937/online-reviewer-system-using-phppdo.html Software Link:...
MyBB Delete Account 1.4 Cross Site Scripting
Exploit Title: MyBB Delete Account Plugin 1.4 - Cross-Site Scripting Date: 1/25/2021 Author: 0xB9 Twitter: @0xB9Sec Contact: 0xB9atpm.me Software Link: https://github.com/vintagedaddyo/MyBBPlugin-DeleteAccount/ Version: 1.4 Tested on: Windows 10 1. Description: This plugin allows users to delete...
WordPress 5.0.0 Remote Code Execution
Exploit Title: WordPress 5.0.0 - Image Remote Code Execution Date: 2020-02-01 Exploit Authors: OUSSAMA RAHALI aka V0lck3r Discovery Author : RIPSTECH Technology Version: WordPress 5.0.0 and :/ ' printusage url = sys.argv1 username = sys.argv2 password = sys.argv3 wptheme = sys.argv4 wpscan result...
H8 SSRMS Insecure Direct Object Reference
Exploit Title: H8 SSRMS - 'id' IDOR Date: 01/31/2021 Exploit Author: Mohammed Farhan Vendor Homepage: https://www.height8tech.com/ Version: H8 SSRMS Tested on: Windows 10 Vulnerability Details ====================== Login to the application Navigate to Payment Section and Click on Print button. I...
Klog Server 2.4.1 Command Injection
Exploit Title: Klog Server 2.4.1 - Command Injection Authenticated Date: 26.01.2021 Exploit Author: Metin Yunus Kandemir Vendor Homepage: https://www.klogserver.com/ Version: 2.4.1 Description: https://docs.unsafe-inline.com/0day/klog-server-authenticated-command-injection CVE: 2021-3317 """...
Vehicle Parking Tracker System 1.0 Cross Site Scripting
Exploit Title: Vehicle Parking Tracker System 1.0 - 'Owner Name' Stored Cross-Site Scripting Date: 2021-01-30 Exploit Author: Anmol K Sachan Vendor Homepage: https://phpgurukul.com/ Software Link: https://phpgurukul.com/vehicle-parking-management-system-using-php-and-mysql/ Software: : Vehicle...
Park Ticketing Management System 1 SQL Injection
Exploit Title: Park Ticketing Management System v1 authenticated Blind SQL Injection Google Dork: N/A Date: 29/1/2021 Exploit Author: Zeyad Azima Vendor Homepage: https://phpgurukul.com/ Software Link: https://phpgurukul.com/park-ticketing-management-system-using-php-and-mysql/ Version: V1 Tested...
Roundcube Webmail 1.2 File Disclosure
Exploit Title: Roundcube Webmail 1.2 - File Disclosure Date: 09-11-2017 Exploit Author: stonepresto Vendor Homepage: https://roundcube.net/ Software Link: https://sourceforge.net/projects/roundcubemail/files/roundcubemail-beta/1.2-beta/ Version: 1.1.0 - 1.1.9, 1.2.0 - 1.2.6, 1.3.0 - 1.3.2 Tested...
Backdoor.Win32.Anaptix.bd Insecure Permissions
Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/9f178de7f9918288d93ac0f065f0aa2f.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Anaptix.bd Vulnerability: Insecure Permissions Description: Anaptix.bd malware create...
MyBB Trending Widget 1.2 Cross Site Scripting
Exploit Title: MyBB Trending Widget Plugin 1.2 - Cross-Site Scripting Date: 11/28/2018 Author: 0xB9 Software Link: https://github.com/zainali99/trends-widget Version: 1.2 Tested on: Windows 10 1. Description: This plugin shows the most trending threads. Trending thread titles aren't sanitized to...
Online Reviewer System 1.0 SQL Injection
Exploit Title: Online Reviewer System PHPPDO - Admin Authentication Bypass Exploit Author: Richard Jones Date: 2021-01-31 Vendor Homepage: https://www.sourcecodester.com/php/12937/online-reviewer-system-using-phppdo.html Software Link:...
Sudo Buffer Overflow / Privilege Escalation
Exploit Title: Local Privilege Escalation - LPE Authors and Contributors: cts, help from r4j, debug by nu11secur1ty Date: 30.01.2021 Vendor: https://www.sudo.ws/ Link: https://www.sudo.ws/download.html CVE: CVE-2021-3156 + Credits: Ventsislav Varbanovski @ nu11secur1ty + Website:...
BloofoxCMS 0.5.2.1 Cross Site Scripting
Title: BloofoxCMS 0.5.2.1 - 'text' Stored Cross Site Scripting Exploit Author: LiPeiYi Date: 2020-12-18 Vendor Homepage: https://www.bloofox.com/ Software Link: https://github.com/alexlang24/bloofoxCMS/releases/tag/0.5.2.1 Version: 0.5.1.0 -.5.2.1 Tested on: windows 10 Vulnerable paper:...
Backdoor.Win32.Zhangpo Denial Of Service
Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/052d18e119f9a2910ed18a137231a041.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Zhangpo Vulnerability: Remote DoS Description: Zhangpo listens on TCP port 9689,...
Metasploit Framework 6.0.11 Command Injection
Exploit Title: Metasploit Framework 6.0.11 - msfvenom APK template command injection Exploit Author: Justin Steven Vendor Homepage: https://www.metasploit.com/ Software Link: https://www.metasploit.com/ Version: Metasploit Framework 6.0.11 and Metasploit Pro 4.18.0 CVE : CVE-2020-7384 !/usr/bin/e...
Backdoor.Win32.MiniBlackLash Denial Of Service
Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/57dee3430d4531a2699f6520819a2ece.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.MiniBlackLash Vulnerability: Remote DoS Description: MiniBlackLash listens on both TC...
Backdoor.Win32.Zetronic Denial Of Service
Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/caf26a74ca39662e2c3d37e55a242daf.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Zetronic Vulnerability: Remote DoS Description: Zetronic listens on UDP port 2090,...
Backdoor.Win32.Mhtserv.b Missing Authentication
Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/0ba104d752eb63194c356c309196c710.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Mhtserv.b Vulnerability: Missing Authentication Description: Mhtserv.b listens on TCP...
Online Grading System 1.0 SQL Injection
Exploit Title: Online Grading System 1.0 - 'uname' SQL Injection Date: 2021-01-28 Exploit Author: Ruchi Tiwari Vendor Homepage: https://www.sourcecodester.com/php/13711/online-grading-system-using-phpmysqli.html Software Link:...
Online Voting System 1.0 Authorization Bypass
Exploit Title:Online Voting System | Authentication Bypass Password Change Exploit Author: Richard Jones Date: 2021-01-29 Vendor Homepage: https://www.sourcecodester.com/php/14690/online-voting-system-phpmysqli-full-source-code.html Software...
Packed.Win32.Katusha.o Insecure Permissions
Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/e184abe44bec183a522d2c66bc3f90e0.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Packed.Win32.Katusha.o Ransomeware Vulnerability: Insecure Permissions EoP Description: The malware...