50786 matches found
Tasks 9.7.3 Insecure Permissions
Exploit Title: Tasks 9.7.3 - Insecure Permissions Date: 18th of July, 2020 Exploit Author: Lyhin's Lab Detailed Bug Description: https://lyhinslab.org/index.php/2020/07/18/how-the-white-box-hacking-works-ok-google-i-wanna-pwn-this-app/ Vendor Homepage: https://tasks.org/ Software Link:...
TestLink 1.9.20 Shell Upload
Exploit Title: TestLink 1.9.20 - Unrestricted File Upload Authenticated Date: 14th February 2021 Exploit Author: snovvcrash Original Research by: Ackcent AppSec Team Original Research: https://ackcent.com/testlink-1-9-20-unrestricted-file-upload-and-sql-injection/ Vendor Homepage:...
Backdoor.Win32.Backlash.101 Missing Authentication
Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/4ba3c08d8ad964328f2b6f618f714df2.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Backlash.101 Vulnerability: Missing Authentication Description: BackLash Server 1.0...
PDFCOMPLETE Corporate Edition 4.1.45 Unquoted Service Path
Exploit Title: PDFCOMPLETE Corporate Edition 4.1.45 - 'pdfcDispatcher' Unquoted Service Path Discovery by: Ismael Nava Discovery Date: 02-11-2020 Vendor Homepage: https://www.pdfcomplete.com/cms/dpl/tabid/111/Default.aspx?r=du2vH8r Software Links : https://pdf-complete.informer.com/download/ Test...
School File Management System 1.0 Cross Site Scripting
Exploit Title: School File Management System 1.0 - 'multiple' Stored Cross-Site Scripting Date: 2021-02-11 Exploit Author: Pintu Solanki Vendor Homepage: https://www.sourcecodester.com/ Software Link: https://www.sourcecodester.com/php/14155/school-file-management-system.html Software: : School...
SolarWinds Serv-U FTP Server 15.2.1 Path Traversal
Title: Path traversal Product: SolarWinds Serv-U FTP Server Vendor Homepage: https://www.solarwinds.com/ Vulnerable Version: 15.2.1 and lower Fixed Version: 15.2.2 CVE Number: CVE-2020-27994 Author: Jack Misiura from The Missing Link Website: https://www.themissinglink.com.au Timeline: 2020-10-28...
SolarWinds Serv-U FTP Server 15.2.1 Cross Site Scripting
Title: Stored XSS Product: SolarWinds Serv-U FTP Server Vendor Homepage: https://www.solarwinds.com/ Vulnerable Version: 15.2.1 and lower Fixed Version: 15.2.2 CVE Number: CVE-2020-28001 Author: Jack Misiura from The Missing Link Website: https://www.themissinglink.com.au Timeline: 2020-10-30...
School Event Attendance Monitoring System 1.0 Cross Site Scripting
Exploit Title: School Event Attendance Monitoring System 1.0 - 'Item Name' Stored Cross-Site Scripting Date: 2021-02-11 Exploit Author: Suresh Kumar Vendor Homepage: https://www.sourcecodester.com/ Software Link:...
Backdoor.Win32.Augudor.a Code Execution
Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/1b557d4f923b0de75e397686053a9022.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Augudor.a Vulnerability: Unauthenticated Remote File Write Code Execution Description...
PEEL Shopping 9.3.0 Cross Site Scripting
Exploit Title: PEEL Shopping 9.3.0 - 'address' Stored Cross-Site Scripting Date: 2021-02-11 Exploit Author: Anmol K Sachan Vendor Homepage: https://www.peel.fr/ Software Link: https://sourceforge.net/projects/peel-shopping/ Software: : PEEL SHOPPING 9.3.0 Vulnerability Type: Stored Cross-site...
Huawei MBAMainService Unquoted Service Path
Exploit Title: Huawei "MBAMainService" Unquoted Service Path Date: 2020-12-14 Exploit Author: Andrea Bocchetti Vendor Homepage: https://consumer.huawei.com/en/support/laptops/matebook-d/ Software Link: https://consumer.huawei.com/en/support/laptops/matebook-d/ Category:Local Tested on: Microsoft...
Backdoor.Win32.BackAttack.18 Missing Authentication
Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/c806d23f4343ab40cf897e9c38b5c1c3.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.BackAttack.18 Vulnerability: Multiple Vulnerabilities Description: BackAttack.18 v1.8...
Online Marriage Registration System 1.0 Remote Code Execution
Exploit Title: Online Marriage Registration System OMRS 1.0 - Remote code execution 3 Date: 10/02/2021 Exploit Author: Ricardo Ruiz @ricardojoserf Vendor Homepage: https://phpgurukul.com/ Software Link: https://phpgurukul.com/online-marriage-registration-system-using-php-and-mysql/ Version: 1.0...
Openlitespeed WebServer 1.7.8 Command Injection
Exploit Title: Openlitespeed WebServer 1.7.8 - Command Injection Authenticated 2 Date: 26/1/2021 Exploit Author: Metin Yunus Kandemir Discovered by: cmOs - SunCSR Vendor Homepage: https://openlitespeed.org/ Software Link: https://openlitespeed.org/kb/install-from-binary/ Version: 1.7.8 import...
b2evolution CMS 6.11.6 Open Redirection
Exploit Title: Open redirect in b2evolution CMS 6.11.6 redirectto parameter in emailpassthrough.php Google Dork: N/A Date: 10/02/2021 Exploit Author: Soham Bakore, Nakul Ratti Vendor Homepage: https://b2evolution.net/ Software Link: https://b2evolution.net/downloads/6-11-6-stable?download=12405...
Node.JS Remote Code Execution
Exploit Title: Node.JS - 'node-serialize' Remote Code Execution 2 Exploit Author: UndeadLarva Software Link: https://www.npmjs.com/package/node-serialize Version: 0.0.4 CVE: CVE-2017-5941 import requests import re import base64 import sys url = 'http://192.168.100.133:8000/' change this payload =...
Micro Focus Operations Bridge Manager Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Micro Focus Operations Bridge Manager Authenticated Remote Code Execution', 'Description' = %q This module exploits an authenticated Java...
Adobe Magento Commerce Cross Site Scripting
SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Reflected Cross-Site Scripting XSS product: Adobe Magento Commerce vulnerable version: 2.4.2 fixed version: 2.4.2 CVE number: CVE-2021-21029 impact: Medium homepage:...
b2evolution CMS 6.11.6 Cross Site Scripting
Exploit Title: Reflected XSS in b2evolution CMS 6.11.6 via tab3 parameter in evoadm.php CVE : CVE-2020-22839 Date: 10/02/2021 Exploit Author: Nakul Ratti, Soham Bakore Vendor Homepage: https://b2evolution.net/ Software Link: https://b2evolution.net/downloads/6-11-6-stable?download=12405 Version:...
Online Car Rental 1.0 Shell Upload
Exploit Title: Online Car Rental 1.0 | Arbitrary file upload Exploit Author: Richard Jones Date: 2021/09/02 Vendor Homepage: https://www.sourcecodester.com/cc/14145/online-car-rental-system-using-phpmysql.html Software Link:...
Backdoor.Win32.Aphexdoor.LiteSock Buffer Overflow
Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/a8bb1744bedf43849ed808b7dfa32da4.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Aphexdoor.LiteSock Vulnerability: Remote Stack Buffer Overflow Description:...
AnyTXT Searcher 1.2.394 Unquoted Service Path
Exploit Title: AnyTXT Searcher 1.2.394 - 'ATService' Unquoted Service Path Date: 2020-12-11 Exploit Author: Mohammed Alshehri Vendor Homepage: Anytxt.net Software Link: https://sourceforge.net/projects/anytxt/files/AnyTXT.Searcher.1.2.394.exe Version: Version 1.2.394 Tested on: Microsoft Windows ...
Epson USB Display 1.6.0.0 Unquoted Service Path
Exploit Title: Epson USB Display 1.6.0.0 - 'EMPUDSA' Unquote Service Path Discovery by: Hector Gerbacio Discovery Date: 2021-02-05 Vendor Homepage: https://epson.com.mx/ Tested Version: 1.6.0.0 Vulnerability Type: Unquoted Service Path Tested on OS: Windows 8.1 con Bing Step to discover Unquoted...
Discord Probot Arbitrary File Upload
Exploit Title: Discord Probot - Unrestricted File Upload Google Dork: N/A Date: 2021-02-08 Exploit Author: ThelastVvV Vendor Homepage:probot.io Version:Version 2021 Tested on: Debian 5.7.10-1parrot2 CVE:CVE-2021-26918 About: Probot is a discord very customizable multipurpose bot for welcome image...
Online Car Rental System 1.0 Cross Site Scripting
Exploit Title: Online Car Rental System 1.0 - Stored Cross Site Scripting Date: 9/2/2021 Exploit Author: Naved Shaikh Vendor Homepage: https://www.sourcecodester.com/ Software Link: https://www.sourcecodester.com/cc/14145/online-car-rental-system-using-phpmysql.html Version: V 1.0 Tested on Windo...
Doctor Appointment System 1.0 SQL Injection
Exploit Title: Doctor Appointment System 1.0 - Authenticated SQL Injection Date: 2021-02-09 Exploit Author: Soham Bakore, Nakul Ratti Vendor Homepage: https://www.sourcecodester.com/php/14182/doctor-appointment-system.html Software Link:...
Trojan.Win32.Cafelom.bu Heap Corruption
Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/146ce177ab03b8f62a9fc6e7bbf40dc1.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Trojan.Win32.Cafelom.bu Vulnerability: Heap Corruption Description: This malware drops two executabl...
Adobe Connect 10 Username Disclosure
Title: adobe connect 10 Local Route Disclosure Author: h4shur date:2021-02-07 Vendor Homepage: https://www.adobe.com Software Link: https://www.adobe.com/products/adobeconnect.html Version: 10 and earlier Tested on: Windows 10 & Google Chrome Category : Web Application Bugs Description : There ar...
Backdoor.Win32.NetTerrorist Authentication Bypass / Code Execution
Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/5131a9b441c9f9b20228f171c327a4f5.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.NetTerrorist Vulnerability: Unauthorized Remote Command Execution Description:...
WordPress Welcart e-Commerce 2.0.0 SQL Injection
Exploit Title: WordPress Plugin Welcart e-Commerce 2.0.0 - 'searchordercolumn0' SQL injection Date: 04/08 2020 Exploit Author: Erik David Martin Vendor Homepage: https://www.welcart.com/ Software Link: https://downloads.wordpress.org/plugin/usc-e-shop.2.0.0.zip Category: Web Application Version:...
Trojan.Win32.Gentee.b Insecure Permissions
Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/86e63bb63f3baf48ad3bf24c3f5b7e40.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Trojan.Win32.Gentee.b Vulnerability: Insecure Permissions EoP Description: Trojan creates a vuln dir...
Trojan-Spy.Win32.WinSpy.vwl Insecure Permissions
Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/0187e62ca40cb3d556a2c5825620bd8f.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Trojan-Spy.Win32.WinSpy.vwl Vulnerability: Insecure Permissions EoP Description: WinSpy.vwl create t...
Trojan.Win32.Comei.pgo Insecure Permissions
Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/7cb253cf47b6de8adfea559e51950c17.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Trojan.Win32.Comei.pgo Vulnerability: Insecure Permissions EoP Description: Trojan malware creates a...
WordPress Supsystic Membership 1.4.7 SQL Injection
Exploit Title: WordPress Plugin Supsystic Membership 1.4.7 - 'sidx' SQL injection Date: 09/08/2020 Exploit Author: Erik David Martin Vendor Homepage: https://supsystic.com/ Software Link: https://downloads.wordpress.org/plugin/membership-by-supsystic.1.4.7.zip Version: 1.4.7 Tested on: Ubuntu...
Unibox Cross Site Request Forgery
===================================================== Authenticated XSRF leads to complete Account Takeover ===================================================== . contents:: Table Of Content Overview ======== Title:- Authenticated XSRF leads to complete account takeover in all UNIBOX WiFi Hotspo...
SmartFoxServer 2X 2.17.0 Credential Disclosure
SmartFoxServer 2X 2.17.0 Credentials Disclosure Vendor: gotoAndPlay Product web page: https://www.smartfoxserver.com Affected version: Server: 2.17.0 Remote Admin: 3.2.6 SmartFoxServer 2X, Pro, Basic Summary: SmartFoxServer SFS is a comprehensive SDK for rapidly developing multiplayer games and...
Trojan-Spy.Win32.SpyEyes.awow Insecure Permissions
Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/e61a6755db1c59eb1d219b761de925f4.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Trojan-Spy.Win32.SpyEyes.awow Vulnerability: Insecure Permissions EoP Description: SpyEyes.awow...
Backdoor.Win32.Wollf.15 Missing Authentication
Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/ffa917e74406b8b77252be2c4f71f6d3.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Wollf.15 Vulnerability: Missing Authentication Description: Wollf backdoor creates a...
SmartFoxServer 2X 2.17.0 God Mode Console WebSocket Cross Site Scripting
SmartFoxServer 2X 2.17.0 God Mode Console WebSocket XSS Vendor: gotoAndPlay Product web page: https://www.smartfoxserver.com Affected version: Server: 2.17.0 Remote Admin: 3.2.6 SmartFoxServer 2X, Pro, Basic Summary: SmartFoxServer SFS is a comprehensive SDK for rapidly developing multiplayer gam...
Trojan-Spy.Win32.SpyEyes.auqj Insecure Permissions
Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/ea6ed38ab5264cd92f0d42eb020e87d8.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Trojan-Spy.Win32.SpyEyes.auqj Vulnerability: Insecure Permissions EoP Description: SpyEyes.auqj...
Trojan-Spy.Win32.SpyEyes.auwl Insecure Permissions
Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/0115ba22a0d009a13d0748027dd62e2a.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Trojan-Spy.Win32.SpyEyes.auwl Vulnerability: Insecure Permissions EoP Description: SpyEyes creates a...
YetiShare File Hosting Script 5.1.0 Server-Side Request Forgery
Title: YetiShare File Hosting Script 5.1.0 - 'url' Server-Side Request Forgery Date: 09.01.2021 Author: Numan Türle Vendor Homepage: https://mfscripts.com Software Link: https://yetishare.com Version: v5.1.0 Tested on: YetiShare - File Hosting Script v5.1.0, Php Version : 7.4 Summary ---------...
Alt-N MDaemon Webmail 20.0.0 Cross Site Scripting
Exploit Title: Alt-N MDaemon webmail 20.0.0 - 'Contact name' Stored Cross Site Scripting XSS Date: 2020-08-25 Exploit Author: Kailash Bohara Vendor Homepage: https://www.altn.com/ Version: Mdaemon webmail 3. We can see execution code and after saving it, each time we visits the distribution list...
Trojan-Spy.Win32.WebCenter.a Information Disclosure
Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/e3cf225a94c6be5a26fc21a1ec83f418.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Trojan-Spy.Win32.WebCenter.a Vulnerability: Information Disclosure Description: The trojan creates a...
Email-Worm.Win32.Sircam.eb Insecure Permissions
Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/cd88a9b686acd9ccf23dba8d248129b4.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Email-Worm.Win32.Sircam.eb Vulnerability: Insecure Permissions EoP Description: Sircam.eb creates a...
Trojan.Win32.Delf.uq Insecure Permissions
Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/a4ea99b54e171274795f14a4ac7f17ba.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Trojan.Win32.Delf.uq Vulnerability: Insecure Permissions EoP Description: Malware creates an...
WordPress Supsystic Contact Form 1.7.5 XSS / SQL Injection
Exploit Title: WordPress Plugin Supsystic Contact Form 1.7.5 - Multiple Vulnerabilities Date: 24/07/2020 Exploit Author: Erik David Martin Vendor Homepage: https://supsystic.com/ Software Link: https://downloads.wordpress.org/plugin/contact-form-by-supsystic.1.7.5.zip Version: 1.7.5 Tested on:...
Trojan.Win32.Gentee.h Insecure Permissions
Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/2bd5672432a545db03db0e09c120d42e.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Trojan.Win32.Gentee.h Vulnerability: Insecure Permissions EoP Description: Trojan Gentee.h creates a...
Trojan.Win32.Cospet.abg Insecure Permissions
Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/5f5b308853b9aa9243390c135ff6ba1b.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Trojan.Win32.Cospet.abg Vulnerability: Insecure Permissions EoP Description: Cospet.abg, creates an...
WordPress Supsystic Backup 2.3.9 Local File Inclusion
Exploit Title: WordPress Plugin Supsystic Backup 2.3.9 - Local File Inclusion Date: 24/07/2020 Exploit Author: Erik David Martin Vendor Homepage: https://supsystic.com/ Software Link: https://downloads.wordpress.org/plugin/backup-by-supsystic.zip Version: 2.3.9 Tested on: Ubuntu 16.04.6 LTS /...