Knockpy 4.1.1 CSV Injection

Exploit Title: Knockpy 4.1.1 - CSV Injection Author: Dolev Farhi Date: 2020-12-29 Vendor Homepage: https://github.com/guelfoweb/knock Version : 4.1.1 Tested on: Debian 9.13 Knockpy, as part of its subdomain brute forcing flow of a remote domain, issues a HEAD request to the server to fetch detail...

BACKDOOR.WIN32.REMOTEMANIPULATOR Insecure Permissions

Discovery / credits: malvuln - Malvuln.com c 2021 Original source: http://malvuln.com/advisory/82183b3d85311a39fb80ae07357594e5.txt Contact: [email protected] Media: twitter.com/malvuln Threat: BACKDOOR.WIN32.REMOTEMANIPULATOR Vulnerability: Insecure Permissions Description: Creates a dir...

Backdoor.Win32.Zombam.j Remote Stack Buffer Overflow

Discovery / credits: malvuln - Malvuln.com c 2021 Original source: http://malvuln.com/advisory/a4212f23e1cc3bb34b0dfe15b2ad323e.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Zombam.j Vulnerability: Remote Stack Buffer Overflow Description: Listens on TCP port...

Resumes Management And Job Application Website 1.0 Shell Upload

Exploit Title: Resumes-management-and-job-application-website unauthenticated RCE Date: 3/1/2021 Exploit Author: Arnav Tripathy Vendor Homepage: https://egavilanmedia.com Software Link: https://egavilanmedia.com/resumes-management-and-job-application-website/ Version: 1.0 Tested on: linux/lamp...

Backdoor.Win32.Infexor.b Remote SEH Stack Buffer Overflow

Discovery / credits: malvuln - Malvuln.com c 2021 Original source: http://malvuln.com/advisory/34c09f7fd6668c89a59ebdc8f12d1e7b.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Infexor.b Vulnerability: Buffer Overflow Description: Remote SEH Stack Buffer Overflow...

Mantis Bug Tracker 2.24.3 SQL Injection

Exploit Title: Mantis Bug Tracker 2.24.3 - 'access' SQL Injection Date: 30/12/2020 Exploit Author: EthicalHCOP Vendor Homepage: https://www.mantisbt.org/ Version: 2.24.3 CVE: CVE-2020-28413 import requests, sys, time from lxml import etree proxies = "http": "http://127.0.0.1:8080", "https":...

BACKDOOR.WIN32.ADVERBOT Remote Stack Corruption

Discovery / credits: malvuln - Malvuln.com c 2021 Original source: http://malvuln.com/advisory/9919c1e86a750dd6d4f0d2a851af29ea.txt Contact: [email protected] Media: twitter.com/malvuln Threat: BACKDOOR.WIN32.ADVERBOT Vulnerability: Remote Stack Corruption Description: Null instruction pointer...

Rock RMS File Upload / Account Takeover / Information Disclosure

Title ========================= Multiple vulnerabilities found in Rock RMS including RCE and account takeover. A total of three CVEs were issued for the vulnerabilities CVE-2019-18641, CVE-2019-18642, CVE-2019-18643 Product Description ========================= Rock RMS is an open source CRM...

Email-Worm.Win32.Zhelatin.ago Remote Stack Buffer Overflow

Discovery / credits: malvuln - Malvuln.com c 2021 Original source: http://malvuln.com/advisory/0418e7f95a8b94c035e10749234f8378.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Email-Worm.Win32.Zhelatin.ago Vulnerability: Remote Stack Buffer Overflow Description: Buffer overflo...

Phorpiex Insecure Permissions / Privilege Escalation

Discovery / credits: malvuln - Malvuln.com c 2021 Original source: http://malvuln.com/advisory/f4d7d721f68bc9a80aaf53bc184a3c58.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Phorpiex Vulnerability: Insecure permissions EoP Description: Change permissions are granted to...

Trojan:Win32/Alyak.B Remote Stack Corruption

Discovery / credits: malvuln - Malvuln.com c 2021 Original source: http://malvuln.com/advisory/6547f34243104ba6e21154ad96b799a5.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Trojan:Win32/Alyak.B Vulnerability: Remote Stack Corruption Description: Read access violation result...

Curfew e-Pass Management 1.0 Cross Site Scripting

Exploit Title: Stored XSS in Curfew e-Pass Management Date: 2/1/2021 Exploit Author: Arnav Tripathy Vendor Homepage: https://phpgurukul.com Software Link: https://phpgurukul.com/curfew-e-pass-management-system-using-php-and-mysql/ Version: 1.0 Tested on: Windows 10/Wamp 1Log into the application...

HEUR.RISKTOOL.WIN32.BITMINER.GEN Remote Memory Corruption / Null Pointer

Discovery / credits: malvuln - Malvuln.com c 2021 Original source: http://malvuln.com/advisory/b85ae73dbbfff1d3b90cb7c78356f2a3.txt Contact: [email protected] Media: twitter.com/malvuln Threat: HEUR.RISKTOOL.WIN32.BITMINER.GEN Vulnerability: Remote Memory Corruption Description: Null pointer...

Trojan.Win32.Bayrob.cgau Insecure Permissions / Privilege Escalation

Discovery / credits: malvuln - Malvuln.com c 2021 Original source: http://malvuln.com/advisory/099a169f81089dc493ea300ef0309f70.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Trojan.Win32.Bayrob.cgau Vulnerability: Insecure Permissions EoP SYSTEM Description: Change permissio...

BACKDOOR.WIN32.BNLITE Remote Heap Corruption

Discovery / credits: malvuln - Malvuln.com c 2021 Original source: http://malvuln.com/advisory/f78cef7588f9c32609a4932d10c67f95.txt Contact: [email protected] Media: twitter.com/malvuln Threat: BACKDOOR.WIN32.BNLITE Vulnerability: Remote Heap Corruption Description: When sending a specially...

4images 1.7.11 Cross Site Scripting

Exploit Title: 4images v1.7.11 - 'Profile Image' Stored Cross-Site Scripting Date: 30-12-2020 Exploit Author: Ritesh Gohil Vendor Homepage: https://www.4homepages.de/ Software Link: https://www.4homepages.de/download-4images Version: 1.7.11 Tested on: Windows 10/Kali Linux Vulnerable Parameters:...

Easy CD And DVD Cover Creator 4.13 Denial Of Service

Exploit Title: Easy CD & DVD Cover Creator 4.13 - Denial of Service PoC Date: 22.12.2020 Software Link: http://www.tucows.com/download/windows/files/ezcdsetup.exe Exploit Author: Achilles Tested Version: 4.13 Tested on: Windows 7 x64 Sp1 1.- Run python code :Creator.py 2.- Open EVIL.txt and copy...

Hyland Enterprise Search 11.2.2 Cross Site Scripting

The admin console's event viewer displays logged event data inside of tags. An attack string like "alert'hi'" in any place across Enterprise Search that will cause an error, like instead of a number or for the username on the login page or through the new Federated Authentication, will then be...

WordPress Core 5.2.2 Cross Site Scripting

Exploit Title: Wordpress Core 5.2.2 - 'post previews' XSS Date: 31/12/2020 Exploit Author: gx1 Vulnerability Discovery: Simon Scannell Vendor Homepage: https://wordpress.com/ Software Link: https://github.com/WordPress/WordPress Version: = 5.2.2 Tested on: any CVE: CVE-2019-16223 References:...

MiniTool ShadowMaker 3.2 Unquoted Service Path

Exploit Title: MiniTool ShadowMaker 3.2 - 'MTAgentService' Unquoted Service Path Discovery by: Thalia Nieto Discovery Date: 02/01/21 Vendor Homepage: https://www.minitool.com Software Link: https://www.minitool.com/backup/thanks-download.html?v=sm-free&r=download-center/ Tested Version: 3.2...

qdPM 9.1 PHP Object Injection

-------------------------------------------------------------- qdPM getParameter'format'; 299. $filename = $request-getParameter'filename'; 300. 301. $export = unserialize$request-getParameter'export'; User input passed through the "export" request parameter is not properly sanitized before being...

Openpilot Default SSH Key Scanner

!/bin/bash openpilot-scan.sh Jeremy Brown jbrown3264/gmail Dec 2020 Checks for openpilot devices using the default SSH key Setup apt-get install -y masscan && setcap capnetraw=ep /usr/bin/masscan wget -q https://raw.githubusercontent.com/commaai/openpilot/master/tools/ssh/idrsa chmod 600 idrsa...

Zoom Meeting Connector Post-Auth Remote Root

!/usr/bin/python -- coding: UTF-8 -- zoomer.py Zoom Meeting Connector Post-auth Remote Root Exploit Jeremy Brown jbrown3264/gmail Dec 2020 The Meeting Connector Web Console listens on port 5480. On the dashboard under Network - Proxy, one can enable a proxy server. All of the fields are sanitized...

HPE Edgeline Infrastructure Manager Improper Authorization

!/usr/bin/python -- coding: UTF-8 -- billhader.py HPE Edgeline Infrastructure Manager Multiple Remote Vulnerabilities Jeremy Brown jbrown3264/gmail Dec 2020 In \opt\hpe\eim\containers\api\eim\api\urls.py, some private paths are defined which are intended to only be accessible via the local consol...

Cassandra Web 0.5.0 Remote File Read

!/usr/bin/python -- coding: UTF-8 -- cassmoney.py Cassandra Web 0.5.0 Remote File Read Exploit Jeremy Brown jbrown3264/gmail Dec 2020 Cassandra Web is vulnerable to directory traversal due to the disabled Rack::Protection module. Apache Cassandra credentials are passed via the CLI in order for th...

SEOPanel 4.6.0 Cross Site Scripting

Hello, We are informing you about Cross-Site Scripting Vulnerabilities in SEOPanel 4.6.0. Information -------------------- Advisory by Netsparker Name: Cross-Site Scripting Vulnerabilities in SEOPanel Affected Software: SEOPanel Affected Versions: 4.6.0 Vendor Homepage: https://www.seopanel.org/...

CHMSC Elearning System 1.0 SQL Injection

Exploit Title: CHMSC Elearning System 1.0 - SQL Injection Exploit Author: Ferhat Çil Date: 2020-12-25 Vendor Homepage: https://www.sourcecodester.com/php/5172/responsive-e-learning-system.html Software Link:...

URVE Software Build 24.03.2020 Information Disclosure

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2020-042 Product: URVE Software Manufacturer: Eveo Sp. z o.o. Affected Versions: Build "24.03.2020" Tested Versions: Build "24.03.2020" Vulnerability Type: Cleartext Storage of Sensitive Information CWE-312 Exposure of Sensitive...

Philips Hue Denial Of Service

Credits: Ilia Shnaidman + @0x496c on Twitter + https://www.iliashn.com Vendor: ============= Philips Lighting Holding B.V Product: ============= Philips Hue Hub - all Vulnerability Type: ====================== Denial of Service Security Issue: =============== Philips Hue is vulnerable to Denial...

URVE Software Build 24.03.2020 Missing Authorization

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2020-041 Product: URVE Software Manufacturer: Eveo Sp. z o.o. Affected Versions: Build "24.03.2020" Tested Versions: Build "24.03.2020" Vulnerability Type: Missing Authorization CWE-862 Risk Level: High Solution Status: Open...

URVE Software Build 24.03.2020 Authentication Bypass / Remote Code Execution

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2020-040 Product: URVE Software Manufacturer: Eveo Sp. z o.o. Affected Versions: Build "24.03.2020" Tested Versions: Build "24.03.2020" Vulnerability Type: Missing Authentication for Critical Function CWE-306 Risk Level: High...

WordPress WP-PostRatings 1.86 Cross Site Scripting

Exploit Title: WordPress Plugin WP-PostRatings 1.86 - 'postratingsimage' Cross-Site Scripting Date: 20-12-2018 Software Link: https://wordpress.org/plugins/wp-postratings/ Exploit Author: Park Won Seok Version: wp-postratings.1.86 Tested on: Windows 10 x64 description: A Stored Cross-site scripti...

Arteco Web Client DVR/NVR Session Hijacking

!/usr/bin/env python3 Arteco Web Client DVR/NVR 'SessionId' Cookie Brute Force Session Hijacking Exploit Vendor: Arteco S.U.R.L. Product web page: https://www.arteco-global.com Affected version: n/a Summary: Arteco DVR/NVR is a mountable industrial surveillance server ideal for those who need to...

GitLab 11.4.7 Remote Code Execution

Exploit Title: GitLab 11.4.7 - RCE Authenticated Date: 24th December 2020 Exploit Author: Sam Redmond Software Link: https://gitlab.com/ Environment: GitLab 11.4.7, community edition CVE: CVE-2018-19571 + CVE-2018-19585 Version: 11.4.7 !/usr/bin/python3 import requests from bs4 import BeautifulSo...

Apache Struts 2 Forced Multi OGNL Evaluation

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Apache Struts 2 Forced Multi OGNL Evaluation', 'Description' = %q The Apache Struts framework, when forced, performs double evaluation of...

WordPress Adning Advertising 1.5.5 Shell Upload

Exploit Title: WordPress Plugin Adning Advertising 1.5.5 - Arbitrary File Upload Google Dork: inurl:/wp-content/plugins/angwp Date: 23/12/2020 Exploit Author: spacehen Vendor Homepage: http://adning.com/ Version: spacehen www.lunar.sh" def printusage: print"Usage: python3 exploit.py target url ph...

Class Scheduling System 1.0 Cross Site Scripting

Exploit Title: Class Scheduling System 1.0 - Multiple Stored XSS Exploit Author: Aakash Madaan Godsky Date: 2020-12-22 Vendor Homepage: https://www.sourcecodester.com/php/5175/class-scheduling-system.html Software Link:...

WordPress Epsilon Framework SSRF / Denial of Service

Exploit Title: Wordpress Epsilon Framework Multiple Themes - Unauthenticated Function Injection Date: 22/12/2020 Exploit Authors: gx1 lotar Vendor Homepage: https://wordpress.com/ Software Link: https://github.com/WordPress/WordPress Affected Themes: shapely - Fixed in version 1.2.9 newsmag - Fix...

Sales And Inventory System For Grocery Store 1.0 Cross Site Scripting

Exploit Title: Sales and Inventory System for Grocery Store 1.0 - Multiple Stored XSS Exploit Author: Vijay Sachdeva pwnshell Date: 2020-12-23 Vendor Homepage: https://www.sourcecodester.com/php/11238/sales-and-inventory-system-grocery-store.html Software Link:...

Online Learning Management System 1.0 Cross Site Scripting

Exploit Title: Online Learning Management System 1.0 - Multiple Stored XSS Exploit Author: Aakash Madaan Godsky Date: 2020-12-22 Vendor Homepage: https://www.sourcecodester.com/php/7339/learning-management-system.html Software Link:...

Baby Care System 1.0 SQL Injection

Exploit Title: Baby Care System 1.0 - 'roleid' SQL Injection Exploit Author: Vijay Sachdeva Date: 2020-12-23 Vendor Homepage: https://www.sourcecodester.com/php/14622/baby-care-system-phpmysqli-full-source-code.html Software Link:...

TerraMaster TOS 4.2.06 Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "TerraMaster TOS 4.2.06 - Unauthenticated Remote Code Execution", 'Description' = %q This module exploits a unauthenticated command execution...

10-Strike Network Inventory Explorer Pro 9.05 Buffer Overflow

Exploit Title: 10-Strike Network Inventory Explorer Pro 9.05 - Buffer Overflow SEH Date: 2020-12-22 Exploit Author: Florian Gassner Vendor Homepage: https://www.10-strike.com/ Software Link: https://www.10-strike.com/networkinventoryexplorer/network-inventory-pro-setup.exe Version: 9.05 Tested on...

TerraMaster TOS 4.2.06 Remote Code Execution

Exploit Title: TerraMaster TOS 4.2.06 - RCE Unauthenticated Date: 12/12/2020 Exploit Author: IHTeam Full Write-up: https://www.ihteam.net/advisory/terramaster-tos-multiple-vulnerabilities/ Vendor Homepage: https://www.terra-master.com/ Version: " /usr/w...

Online Learning Management System 1.0 SQL Injection

Exploit Title: Online Learning Management System 1.0 - Authentication Bypass Exploit Author: Aakash Madaan Godsky Date: 2020-12-22 Google Dork: N/A Vendor Homepage: https://www.sourcecodester.com/php/7339/learning-management-system.html Software Link:...

Pandora FMS 7.0 NG 750 SQL Injection

Exploit Title: Pandora FMS 7.0 NG 750 - 'Network Scan' SQL Injection Authenticated Date: 12-21-2020 Exploit Author: Matthew Aberegg, Alex Prieto Vendor Homepage: https://pandorafms.com/ Patch Link: https://github.com/pandorafms/pandorafms/commit/d08e60f13a858fbd22ce6b83fa8ca391c608ec5c Software...

SUPREMO 4.1.3.2348 Privilege Escalation

Details ======= Subject: Local Privilege Escalation Product: SUPREMO by Nanosystems S.r.l. Vendor Homepage: https://www.supremocontrol.com/ Vendor Status: fixed version released Vulnerable Version: 4.1.3.2348 No other version was tested, but it is believed for the older versions to be also...

Webmin 1.962 Remote Command Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Webmin 1.962 - Package Update Escape Bypass RCE Metasploit', 'Description' = %q This module exploits an arbitrary command execution vulnerability...

Victor CMS 1.0 Shell Upload

Exploit Title: Victor CMS 1.0 - File Upload To RCE Date: 20.12.2020 Exploit Author: Mosaaed Vendor Homepage: https://github.com/VictorAlagwu/CMSsite Software Link: https://github.com/VictorAlagwu/CMSsite/archive/master.zip Version: 1.0 Tested on: Apache2/Linux Step1: register...

Library Management System 3.0 Cross Site Scripting

Exploit Title: Library Management System 3.0 - "Add Category" Stored XSS Exploit Author: Kislay Kumar Date: 2020-12-22 Google Dork: N/A Vendor Homepage: https://otsglobal.org/ Software Link: https://codecanyon.net/item/library-management-system-22/16965307 Affected Version: 3.0 Patched Version:...