50786 matches found
Millewin 13.39.028 Unquoted Service Path / Insecure Permissions
Exploit Title: Millewin - Local Privilege Escalation Date: 2021-02-07 Author: Andrea Intilangelo Vendor Homepage: https://www.millewin.it Software Homepage: https://www.millewin.it/index.php/prodotti/millewin Software Link:...
WordPress Supsystic Pricing Table 1.8.7 SQL Injection / Cross Site Scripting
Exploit Title: WordPress Plugin Supsystic Pricing Table 1.8.7 - Multiple Vulnerabilities Date: 24/07/2020 Exploit Author: Erik David Martin Vendor Homepage: https://supsystic.com/ Software Link: https://downloads.wordpress.org/plugin/pricing-table-by-supsystic.1.8.7.zip Version: 1.8.7 and 1.8.6...
WordPress Supsystic Newsletter 1.5.5 SQL Injection
Exploit Title: WordPress Plugin Supsystic Newsletter 1.5.5 - 'sidx' SQL injection Date: 24/07 2020 Exploit Author: Erik David Martin Vendor Homepage: https://supsystic.com/ Software Link: https://downloads.wordpress.org/plugin/newsletter-by-supsystic.1.5.5.zip Category: Web Application Version:...
SmartFoxServer 2X 2.17.0 Remote Code Execution
SmartFoxServer 2X 2.17.0 God Mode Console Remote Code Execution Vendor: gotoAndPlay Product web page: https://www.smartfoxserver.com Affected version: Server: 2.17.0 Remote Admin: 3.2.6 SmartFoxServer 2X, Pro, Basic Summary: SmartFoxServer SFS is a comprehensive SDK for rapidly developing...
Microsoft Internet Explorer 11 Use-After-Free
Exploit Title: Microsoft Internet Explorer 11 32-bit - Use-After-Free Date: 2021-02-05 Exploit Author: deadlock Forrest Orr Vendor Homepage: https://www.microsoft.com/ Software Link: https://www.microsoft.com/en-gb/download/internet-explorer.aspx Version: IE 8, 9, 10, and 11 Tested on: Windows 7...
Unibox 2.4 CSRF / Remote Code Execution
===================================================== Authenticated Remote Code Execution In Unibox 2.4 ===================================================== . contents:: Table Of Content Overview ======== Title:- Authenticated command execution in all UNIBOX WiFi Hotspot Controller. CVE ID:- Not...
WordPress Supsystic Digital Publications 1.6.9 XSS / DoS / Traversal
Exploit Title: WordPress Plugin Supsystic Digital Publications 1.6.9 - Multiple Vulnerabilities Date: 24/07/2020 Exploit Author: Erik David Martin Vendor Homepage: https://supsystic.com/ Software Link: https://downloads.wordpress.org/plugin/digital-publications-by-supsystic.1.6.9.zip Version: 1.6...
WordPress Supsystic Data Tables Generator 1.9.96 XSS / SQL Injection
Exploit Title: WordPress Plugin Supsystic Data Tables Generator 1.9.96 - Multiple Vulnerabilities Date: 24/07/2020 Exploit Author: Erik David Martin Vendor Homepage: https://supsystic.com/ Software Link: https://downloads.wordpress.org/plugin/data-tables-generator-by-supsystic.1.9.96.zip Category...
WordPress Supsystic Ultimate Maps 1.1.12 SQL Injection
Exploit Title: WordPress Plugin Supsystic Ultimate Maps 1.1.12 - 'sidx' SQL injection Date: 24/07/2020 Exploit Author: Erik David Martin Vendor Homepage: https://supsystic.com/ Software Link: https://downloads.wordpress.org/plugin/ultimate-maps-by-supsystic.1.1.12.zip Category: Web Application...
Jenzabar 9.2.2 Cross Site Scripting
Exploit Title: Jenzabar 9.2.2 - 'query' Reflected XSS. Date: 2021–02–06 Exploit Author: y0ungdst Vendor Homepage: https://jenzabar.com Version: Jenzabar — v9.2.0-v9.2.1-v9.2.2 and maybe other versions Tested on: Windows 10 CVE : CVE-2021–26723 -Description: A Reflected Cross-site scripting XSS...
AMD Fuel Service Unquoted Service Path
Exploit Title: AMD Fuel Service - 'Fuel.service' Unquote Service Path Discovery by: Hector Gerbacio Discovery Date: 2021-02-05 Vendor Homepage: https://www.amd.com/ Tested Version: 1.0.0.0 Vulnerability Type: Unquoted Service Path Tested on OS: Windows 8.1 con Bing Step to discover Unquoted Servi...
PhreeBooks 5.2.3 Remote Code Execution
Exploit Title: PhreeBooks 5.2.3 - Remote Code Execution Date: 22 Jan 2021 Exploit Author: Kr0ff Vendor Homepage: https://www.phreesoft.com/ Software Link: https://sourceforge.net/projects/phreebooks/ Version: 5.2.3 Tested on: Windows Server 2016 !/usr/bin/env python3 ''' DESCRIPTION: - PhreeBooks...
LiteSpeed Web Server Enterprise 5.4.11 Command Injection
Exploit Title: LiteSpeed Web Server Enterprise 5.4.11 - Command Injection Authenticated Date: 05/20/2021 Exploit Author: cmOs - SunCSR Vendor Homepage: https://www.litespeedtech.com/ Software Link: https://www.litespeedtech.com/products Version: 5.4.11 Ubuntu/Kali Linux Step 1: Log in to the...
Sudo 1.8.31p2 / 1.9.5p1 Buffer Overflow
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Sudo Heap-Based Buffer Overflow', 'Description' = %q A heap based buffer overflow exists in the sudo command line utility that can be exploited b...
SEO Panel 4.6.0 Remote Code Execution
Exploit Title: SEO Panel 4.6.0 - Remote Code Execution 2 Date: 22 Jan 2021 Exploit Author: Kr0ff Vendor Homepage: https://www.seopanel.org/https://www.kentico.com/ Software Link: https://www.seopanel.org/spdownload/4.6.0 Version: 4.6.0 Tested on: Ubuntu 20.04 !/usr/bin/env python3 ''' DESCRIPTION...
Sudo 1.9.5p1 Buffer Overflow / Privilege Escalation
Exploit Title: Sudo 1.9.5p1 - 'Baron Samedit ' Heap-Based Buffer Overflow Privilege Escalation 1 Date: 2021-02-02 Exploit Author: West Shepherd Version: Sudo legacy versions from 1.8.2 to 1.8.31p2, stable versions from 1.9.0 to 1.9.5p1. Tested on: Ubuntu 20.04.1 LTS Sudo version 1.8.31 CVE :...
Backdoor.Win32.RemoteManipulator.brr Insecure Permissions
Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/717f316391b6a7b97fa160b0a627a413.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.RemoteManipulator.brr Vulnerability: Insecure Permissions EoP Description: This malwa...
Car Rental Project 2.0 Shell Upload
Exploit Title: Car Rental Project 2.0 - Arbitrary File Upload to Remote Code Execution Date: 3/2/2021 Exploit Author: Jannick Tiger Vendor Homepage: https://phpgurukul.com/ Software Link: https://phpgurukul.com/car-rental-project-php-mysql-free-download/ Version : V 2.0 Vulnerability Type:...
Pixelimity 1.0 Cross Site Request Forgery
Exploit Title: Pixelimity 1.0 - 'password' Cross-Site Request Forgery Date: 2020-06-03 Exploit Author: Noth Vendor Homepage: https://github.com/pixelimity/pixelimity Software Link: https://github.com/pixelimity/pixelimity Version: v1.0 CVE : 2020-23522 Pixelimity 1.0 has cross-site request forger...
Backdoor.Win32.NetBull.11.b Remote Buffer Overflow
Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/0e0fc966862971c29edd4dcaa0ba8e86.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.NetBull.11.b Vulnerability: Remote Buffer Overflow Description: NetBull.11.b listens ...
Backdoor.Win32.Celine Missing Authentication
Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/3a634db497c417679d7a20587d689d1f.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Celine Vulnerability: Missing Authentication Description: MTX Celine Trojan 3.3.3 by...
Student Record System 4.0 SQL Injection
Exploit Title: Student Record System 4.0 - 'sid' SQL Injection Google Dork: N/A Date: 2/2/2021 Exploit Author: Jannick Tiger Vendor Homepage: https://phpgurukul.com/ Software Link: https://phpgurukul.com/wp-content/uploads/2019/05/schoolmanagement.zip Version: V 4.0 Tested on: Windows、XAMPP...
Backdoor.Win32.Buterat.cxq Insecure Permissions
Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/8bfac1f52a94f36b711e20bce30161cc.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Buterat.cxq Vulnerability: Insecure Permissions EoP Description: This malware creates...
Backdoor.Win32.Xyligan.blp Insecure Permissions
Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/6b9afcad282516173c0ab8a6eb91e8b4.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Xyligan.blp Vulnerability: Insecure Permissions EoP Description: Xyligan.blp creates ...
Backdoor.Win32.Anaptix.bd Insecure Permissions
Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/9f178de7f9918288d93ac0f065f0aa2f.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Anaptix.bd Vulnerability: Insecure Permissions Description: Anaptix.bd malware create...
Sudo Buffer Overflow / Privilege Escalation
Exploit Title: Local Privilege Escalation - LPE Authors and Contributors: cts, help from r4j, debug by nu11secur1ty Date: 30.01.2021 Vendor: https://www.sudo.ws/ Link: https://www.sudo.ws/download.html CVE: CVE-2021-3156 + Credits: Ventsislav Varbanovski @ nu11secur1ty + Website:...
Klog Server 2.4.1 Command Injection
Exploit Title: Klog Server 2.4.1 - Command Injection Authenticated Date: 26.01.2021 Exploit Author: Metin Yunus Kandemir Vendor Homepage: https://www.klogserver.com/ Version: 2.4.1 Description: https://docs.unsafe-inline.com/0day/klog-server-authenticated-command-injection CVE: 2021-3317 """...
H8 SSRMS Insecure Direct Object Reference
Exploit Title: H8 SSRMS - 'id' IDOR Date: 01/31/2021 Exploit Author: Mohammed Farhan Vendor Homepage: https://www.height8tech.com/ Version: H8 SSRMS Tested on: Windows 10 Vulnerability Details ====================== Login to the application Navigate to Payment Section and Click on Print button. I...
Online Reviewer System 1.0 SQL Injection / Shell Upload
!/bin/bash Exploit Title: Online Reviewer System PHPPDO - RCE & ADMIN BYPASS Exploit Author: Richard Jones Date: 2021-01-31 Vendor Homepage: https://www.sourcecodester.com/php/12937/online-reviewer-system-using-phppdo.html Software Link:...
MyBB Trending Widget 1.2 Cross Site Scripting
Exploit Title: MyBB Trending Widget Plugin 1.2 - Cross-Site Scripting Date: 11/28/2018 Author: 0xB9 Software Link: https://github.com/zainali99/trends-widget Version: 1.2 Tested on: Windows 10 1. Description: This plugin shows the most trending threads. Trending thread titles aren't sanitized to...
Park Ticketing Management System 1 SQL Injection
Exploit Title: Park Ticketing Management System v1 authenticated Blind SQL Injection Google Dork: N/A Date: 29/1/2021 Exploit Author: Zeyad Azima Vendor Homepage: https://phpgurukul.com/ Software Link: https://phpgurukul.com/park-ticketing-management-system-using-php-and-mysql/ Version: V1 Tested...
WordPress 5.0.0 Remote Code Execution
Exploit Title: WordPress 5.0.0 - Image Remote Code Execution Date: 2020-02-01 Exploit Authors: OUSSAMA RAHALI aka V0lck3r Discovery Author : RIPSTECH Technology Version: WordPress 5.0.0 and :/ ' printusage url = sys.argv1 username = sys.argv2 password = sys.argv3 wptheme = sys.argv4 wpscan result...
Roundcube Webmail 1.2 File Disclosure
Exploit Title: Roundcube Webmail 1.2 - File Disclosure Date: 09-11-2017 Exploit Author: stonepresto Vendor Homepage: https://roundcube.net/ Software Link: https://sourceforge.net/projects/roundcubemail/files/roundcubemail-beta/1.2-beta/ Version: 1.1.0 - 1.1.9, 1.2.0 - 1.2.6, 1.3.0 - 1.3.2 Tested...
Online Reviewer System 1.0 SQL Injection
Exploit Title: Online Reviewer System PHPPDO - Admin Authentication Bypass Exploit Author: Richard Jones Date: 2021-01-31 Vendor Homepage: https://www.sourcecodester.com/php/12937/online-reviewer-system-using-phppdo.html Software Link:...
Zoo Management System 1 SQL Injection
Exploit Title: Zoo Management System v1 unauthenticated time & boolean based Blind SQL Injection Google Dork: N/A Date: 29/1/2021 Exploit Author: Zeyad Azima Vendor Homepage: https://phpgurukul.com/ Software Link: https://phpgurukul.com/zoo-management-system-using-php-and-mysql/ Version: V1 Teste...
MyBB Thread Redirect 0.2.1 Cross Site Scripting
Exploit Title: MyBB Thread Redirect Plugin 0.2.1 - Cross-Site Scripting Date: 7/23/2018 Author: 0xB9 Software Link: https://github.com/jamiesage123/Thread-Redirect Version: 0.2.1 Tested on: Windows 10 1. Description: This plugin allows threads to redirect to a URL with optional custom text. The...
bloofoxCMS 0.5.2.1 Cross Site Request Forgery
Title: bloofoxCMS 0.5.2.1 - CSRF Add user Exploit Author: LiPeiYi Date: 2020-12-18 Vendor Homepage: https://www.bloofox.com/ Software Link: https://github.com/alexlang24/bloofoxCMS/releases/tag/0.5.2.1 Version: 0.5.1.0 -.5.2.1 Tested on: windows 10 Desc: The application interface allows users to...
MyBB Delete Account 1.4 Cross Site Scripting
Exploit Title: MyBB Delete Account Plugin 1.4 - Cross-Site Scripting Date: 1/25/2021 Author: 0xB9 Twitter: @0xB9Sec Contact: 0xB9atpm.me Software Link: https://github.com/vintagedaddyo/MyBBPlugin-DeleteAccount/ Version: 1.4 Tested on: Windows 10 1. Description: This plugin allows users to delete...
User Management System 1 SQL Injection
Exploit Title: user management system v1 authenticated Blind SQL Injection Google Dork: N/A Date: 29/1/2021 Exploit Author: Zeyad Azima Vendor Homepage: https://phpgurukul.com/ Software Link: https://phpgurukul.com/user-management-system-in-php-using-stored-procedure/ Version: V1 Tested on: Windo...
Vehicle Parking Tracker System 1.0 Cross Site Scripting
Exploit Title: Vehicle Parking Tracker System 1.0 - 'Owner Name' Stored Cross-Site Scripting Date: 2021-01-30 Exploit Author: Anmol K Sachan Vendor Homepage: https://phpgurukul.com/ Software Link: https://phpgurukul.com/vehicle-parking-management-system-using-php-and-mysql/ Software: : Vehicle...
Metasploit Framework 6.0.11 Command Injection
Exploit Title: Metasploit Framework 6.0.11 - msfvenom APK template command injection Exploit Author: Justin Steven Vendor Homepage: https://www.metasploit.com/ Software Link: https://www.metasploit.com/ Version: Metasploit Framework 6.0.11 and Metasploit Pro 4.18.0 CVE : CVE-2020-7384 !/usr/bin/e...
Backdoor.Win32.Zetronic Denial Of Service
Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/caf26a74ca39662e2c3d37e55a242daf.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Zetronic Vulnerability: Remote DoS Description: Zetronic listens on UDP port 2090,...
Home Assistant Community Store 1.10.0 Path Traversal
Exploit Title: Home Assistant Community Store HACS 1.10.0 - Path Traversal to Account Takeover Date: 2021-01-28 Exploit Author: Lyghtnox Vendor Homepage: https://www.home-assistant.io/ Software Link: https://github.com/hacs/integration Version: 1.10.0 Tested on: Raspbian + Home Assistant 2021.1.0...
Online Voting System 1.0 Authorization Bypass
Exploit Title:Online Voting System | Authentication Bypass Password Change Exploit Author: Richard Jones Date: 2021-01-29 Vendor Homepage: https://www.sourcecodester.com/php/14690/online-voting-system-phpmysqli-full-source-code.html Software...
Backdoor.Win32.MiniBlackLash Denial Of Service
Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/57dee3430d4531a2699f6520819a2ece.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.MiniBlackLash Vulnerability: Remote DoS Description: MiniBlackLash listens on both TC...
Quick.CMS 6.7 Remote Code Execution
Exploit Title: Quick.CMS 6.7 - Remote Code Execution Authenticated Date: 2020-12-28 Exploit Author: mari0x00 Vendor Homepage: https://opensolution.org/ Software Link: https://opensolution.org/download/?sFile=Quick.Cmsv6.7-pl.zip Description:...
Backdoor.Win32.Mhtserv.b Missing Authentication
Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/0ba104d752eb63194c356c309196c710.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Mhtserv.b Vulnerability: Missing Authentication Description: Mhtserv.b listens on TCP...
Packed.Win32.Katusha.o Insecure Permissions
Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/e184abe44bec183a522d2c66bc3f90e0.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Packed.Win32.Katusha.o Ransomeware Vulnerability: Insecure Permissions EoP Description: The malware...
Online Grading System 1.0 SQL Injection
Exploit Title: Online Grading System 1.0 - 'uname' SQL Injection Date: 2021-01-28 Exploit Author: Ruchi Tiwari Vendor Homepage: https://www.sourcecodester.com/php/13711/online-grading-system-using-phpmysqli.html Software Link:...
MyBB Hide Thread Content 1.0 Information Disclosure
Exploit Title: MyBB Hide Thread Content Plugin 1.0 - Information Disclosure Date: 1/27/2021 Author: 0xB9 Twitter: @0xB9Sec Contact: 0xB9atpm.me Software Link: https://community.mybb.com/mods.php?action=view&pid=1430 Version: 1.0 Tested on: Windows 10 CVE: CVE-2021-3337 1. Description: This plugin...