50786 matches found
Selea CarPlateServer 4.0.1.6 Local Privilege Escalation
Selea CarPlateServer CPS v4.0.1.6 Local Privilege Escalation Vendor: Selea s.r.l. Product web page: https://www.selea.com Affected version: 4.0.1.6210120 4.013201105 3.100200225 3.005191206 3.005191112 Summary: Our CPS Car Plate Server software is an advanced solution that can be installed on...
Selea Targa IP OCR-ANPR Camera Remote Code Execution
!/bin/bash Selea Targa IP OCR-ANPR Camera Unauthenticated Remote Code Execution Vendor: Selea s.r.l. Product web page: https://www.selea.com Affected version: Model: iZero Targa 512 Targa 504 Targa Semplice Targa 704 TKM Targa 805 Targa 710 INOX Targa 750 Targa 704 ILB Firmware: BLD201113005214...
Selea CarPlateServer 4.0.1.6 Remote Program Execution
Selea CarPlateServer CPS v4.0.1.6 Remote Program Execution Vendor: Selea s.r.l. Product web page: https://www.selea.com Affected version: 4.0.1.6210120 4.013201105 3.100200225 3.005191206 3.005191112 Summary: Our CPS Car Plate Server software is an advanced solution that can be installed on...
Selea Targa IP OCR-ANPR Camera Server-Side Request Forgery
Selea Targa IP OCR-ANPR Camera Unauthenticated SSRF Vendor: Selea s.r.l. Product web page: https://www.selea.com Affected version: Model: iZero Targa 512 Targa 504 Targa Semplice Targa 704 TKM Targa 805 Targa 710 INOX Targa 750 Targa 704 ILB Firmware: BLD201113005214 BLD201106163745 BLD2003041709...
Selea Targa IP OCR-ANPR Camera Cross Site Request Forgery
Selea Targa IP OCR-ANPR Camera CSRF Add Admin Exploit Vendor: Selea s.r.l. Product web page: https://www.selea.com Affected version: Model: iZero Targa 512 Targa 504 Targa Semplice Targa 704 TKM Targa 805 Targa 710 INOX Targa 750 Targa 704 ILB Firmware: BLD201113005214 BLD201106163745...
ERPNext 12.14.0 SQL Injection
Exploit Title: ERPNext 12.14.0 - SQL Injection Authenticated Date: 21-01-21 Exploit Author: Hodorsec Vendor Homepage: http://erpnext.org Software Link: https://erpnext.org/download Version: 12.14.0 Tested on: Ubuntu 18.04 !/usr/bin/python3 AUTHENTICATED SQL INJECTION VULNERABILITY In short: Found...
CASAP Automated Enrollment System 1.0 Authentication Bypass
Exploit Title: CASAP Automated Enrollment System 1.0 - Authentication Bypass Exploit Author: Himanshu Shukla Date: 2021-01-21 Vendor Homepage: https://www.sourcecodester.com/php/12210/casap-automated-enrollment-system.html Software Link:...
Backdoor.Win32.Xel Remote Authentication Buffer Overflow
Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/3648c68bfe395fb9980ae547d881572c.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Xel Vulnerability: Remote Authentication Buffer Overflow Description: Xel listens on...
Backdoor.Win32.Verify.f Missing Authentication
Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/119cd00c48678d63ec07762a7ff08ac7.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Verify.f Vulnerability: Missing Authentication Description: Backdoor.Win32.Verify by...
Apartment Visitors Management System 1.0 SQL Injection
Exploit Title: Apartment Visitors Management System 1.0 - 'email' SQL Injection Date: 20.01.2021 Exploit Author: CANKAT ÇAKMAK Vendor Homepage: https://phpgurukul.com/apartment-visitors-management-system-using-php-and-mysql/ Software Link:...
Nagios XI 5.7.5 Cross Site Scripting
Exploit Title: Nagios XI 5.7.5 - Multiple Persistent Cross-Site Scripting Date: 1-20-2021 Exploit Author: Matthew Aberegg Vendor Homepage: https://www.nagios.com/products/nagios-xi/ Vendor Changelog: https://www.nagios.com/downloads/nagios-xi/change-log/ Software Link:...
Simple JobBoard Authenticated File Read
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Simple JobBoard Authenticated File Read Vulnerability', 'Description' = %q This module exploits an authenticated directory traversal vulnerabilit...
Backdoor.Win32.WinShell.30 Remote Stack Buffer Overflow / Missing Authentication
Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/56a2b135c8d35561ea5b04694155eb77.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.WinShell.30 Vulnerability: Remote Stack Buffer Overflow / Missing Authentication...
Anchor CMS 0.12.7 Cross Site Request Forgery
Exploit Title: Anchor CMS 0.12.7 - CSRF Delete user Exploit Author: Ninad Mishra Vendor Homepage: https://anchorcms.com/ Software Link: https://anchorcms.com/download Version: 0.12.7 CVE : CVE-2020-23342 PoC the cms uses get method to perform sensitive actions hence users can be deleted via...
Online Documents Sharing Platform 1.0 SQL Injection
Exploit Title: Online Documents Sharing Platform 1.0 - 'user' SQL Injection Date: 21.01.2021 Exploit Author: CANKAT ÇAKMAK Vendor Homepage: https://www.sourcecodester.com/php/14653/online-documents-sharing-platform-php-full-source-code.html Software Link:...
Backdoor.Win32.Zombam.geq Remote Buffer Overflow
Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/fd14cc7f025f49a3e08b4169d44a774e.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Zombam.geq Vulnerability: Remote Buffer Overflow Description: Zombam.geq listens for...
Church Rota 2.6.4 Shell Upload
import requests from pwn import listen CVE-2021-3164 Church Rota version 2.6.4 is vulnerable to authenticated remote code execution. The user does not need to have file upload permission in order to upload and execute an arbitrary file. The application is written primarily with PHP so we use PHP ...
Voting System 1.0 Shell Upload
Exploit Title: Voting System 1.0 - File Upload RCE Authenticated Remote Code Execution Date: 19/01/2021 Exploit Author: Richard Jones Vendor Homepage:https://www.sourcecodester.com/php/12306/voting-system-using-php.html Software Link:...
Backdoor.Win32.Onalf Missing Authentication
Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/ba815d409cd714c0eac010b5970f6408.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Onalf Vulnerability: Missing Authentication Description: WinRemoteShell Onalf listens...
Backdoor.Win32.Whirlpool.10 Remote Stack Buffer Overflow
Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/bf0682b674ef23cf8ba0deeaf546f422.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Whirlpool.10 Vulnerability: Remote Stack Buffer Overflow Description: Whirlpool liste...
Backdoor.Win32.Whisper.b Remote Stack Corruption
Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/a0edb91f62c8c083ec35b32a922168d1.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Whisper.b Vulnerability: Remote Stack Corruption Description: Whisper.b listens on TC...
Oracle Business Intelligence Enterprise Edition 11.1.1.7.140715 XSS
Exploit Title: Oracle Business Intelligence Enterprise Edition 11.1.1.7.140715 - Stored XSS Exploit Author: omurugur Vendor Homepage: https://www.oracle.com/security-alerts/cpujan2021.html Version: 11.1.1.7.140715 Author Web: https://www.justsecnow.com Author Social: @omurugurrr Stored XSS:...
Backdoor.Win32.Zxman Missing Authentication
Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/6b2a9304d1c7a63365db0f9fd12d39b0.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Zxman Vulnerability: Missing Authentication Description: Backdoor.Win32.Zxman by Zx-m...
Newfuture Trojan V.1.0 BETA 1 Insecure Permissions
Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/4f9376824718ff23a6238c877f73ff73.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Newfuture Trojan V.1.0 BETA 1 Vulnerability: Insecure Permissions Description: Newfuture by Wider is...
osTicket 1.14.2 Server-Side Request Forgery
Exploit Title: osTicket 1.14.2 - SSRF Date: 18-01-2021 Exploit Author: Talat Mehmood Vendor Homepage: https://osticket.com/ Software Link: https://osticket.com/download/ Version: 4. After submitting this comment, print this ticket. 5. You'll receive a hit on your malicious website from the intern...
Constructor.Win32.SMWG.a Insecure Permissions
Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/07cd532823d6ab05d6e5e3a56f7afbfd.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Constructor.Win32.SMWG.a Vulnerability: Insecure Permissions Description: Win32.SMWG VBS.sucke.gen...
Email-Worm.Win32.Agent.gi Remote Stack Buffer Overflow
Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/74e65773735f977185f6a09f1472ea46.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Email-Worm.Win32.Agent.gi Vulnerability: Remote Stack Buffer Overflow - UDP Datagram Description:...
Constructor.Win32.SMWG.c Insecure Permissions
Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/47e819a6ce3d5e93819f4842cfbe23d6.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Constructor.Win32.SMWG.c Vulnerability: Insecure Permissions Description: Description: SMWG - P2P...
Backdoor.Win32.NetBull.11.a Remote Buffer Overflow
Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/80e98fdf726a3e727f3414bdbf2e86bb.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.NetBull.11.a Vulnerability: Remote Buffer Overflow Description: Netbull listens on bo...
Backdoor.Win32.Nucleroot.t MaskPE 1.6 Local Buffer Overflow
Discovery / credits: Malvuln - malvuln.com c 20211 Original source: https://malvuln.com/advisory/170d3ccf9f036c552aef6690bf419b2e.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Nucleroot.t - MaskPE 1.6 Vulnerability: File Based Buffer Overflow Description:...
Backdoor.Win32.Mnets Remote Stack Buffer Overflow
Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/1e42493dcef54a62bc28e0a1338c1142.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Mnets Vulnerability: Remote Stack Buffer Overflow - UDP Datagram Proto Description: T...
Backdoor.Win32.Latinus.b Remote Buffer Overflow
Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/9adffcc98cd658a7f9c5419480013f72.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Latinus.b Vulnerability: Remote Buffer Overflow Description: Malware listens on both...
Life Insurance Management System 1.0 SQL Injection
Exploit Title: Life Insurance Management System 1.0 - 'clientid' SQL Injection Date: 15/1/2021 Exploit Author: Aitor Herrero Vendor Homepage: https://www.sourcecodester.com Software Link: https://www.sourcecodester.com/php/14665/life-insurance-management-system-php-full-source-code.html Version:...
Inteno IOPSYS 3.16.4 Root Filesystem Access
Exploit Title: Inteno IOPSYS 3.16.4 - root filesystem access via sambashare Authenticated Date: 2020-03-29 Exploit Author: Henrik Pedersen Vendor Homepage: https://intenogroup.com/ Version: Iopsys -p -k Requires: impacket websocket-client On Windows: pyreadline """ def ubusAuthhost, username,...
Backdoor.Win32.Whgrx Remote Stack Buffer Overflow
Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/eb6fd418cd3b52132ffb029b52839edf.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Whgrx Vulnerability: Remote Host Header Stack Buffer Overflow Description: The specim...
Life Insurance Management System 1.0 Shell Upload
Exploit Title: Life Insurance Management System 1.0 - File Upload RCE Authenticated Date: 15/1/2021 Exploit Author: Aitor Herrero Vendor Homepage: https://www.sourcecodester.com Software Link: https://www.sourcecodester.com/php/14665/life-insurance-management-system-php-full-source-code.html...
Microsoft Spooler Local Privilege Elevation
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core/post/windows/powershell' class MetasploitModule 'Microsoft Spooler Local Privilege Elevation Vulnerability', 'Description' = %q This exploit leverages ...
Cisco UCS Manager 2.2(1d) Remote Command Execution
import sys, ssl, os, time import requests from requests.packages.urllib3.exceptions import InsecureRequestWarning requests.packages.urllib3.disablewarningsInsecureRequestWarning Exploit Title : Cisco UCS Manager - 2.21d - Remote Command Execution Description : An unspecified CGI script in Cisco...
Xwiki CMS 12.10.2 Cross Site Scripting
Exploit Title: Xwiki CMS 12.10.2 - Cross Site Scripting XSS Date: 17-01-2021 Exploit Author: Karan Keswani Vendor Homepage: https://www.xwiki.org/xwiki/bin/view/Main/WebHome Software Link: https://www.xwiki.org/xwiki/bin/view/Download/ Version: Xwiki CMS- 12.10.2 Tested on: Windows 10 Description...
Backdoor.Win32.Nucleroot.bi MaskPE 2.0 Local Buffer Overflow
Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/25e0570cc803cd77abc2268b41237937.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Nucleroot.bi - MaskPE 2.0 Vulnerability: File Based Buffer Overflow Description: Mask...
ZynOS rom-0 Flaw Scanner
!/usr/bin/perl ZynOS rom-0 Flaw Scanner Copyright 2021 c Todor Donev https://donev.eu/ $ perl zynosscanner ZynOS rom-0 Flaw Scanner zynosscanner --targets= --threads=10 --redirects=7 --help --targets | Specify the list with addresses that you want to scan. --dump | Dump rom-0 file for each target...
Online Hotel Reservation System 1.0 SQL Injection
Exploit Title: Online Hotel Reservation System 1.0 - 'id' Time-based SQL Injection Exploit Author: Mesut Cetin Date: 2021-01-14 Vendor Homepage: https://www.sourcecodester.com/php/13492/online-hotel-reservation-system-phpmysqli.html Software Link:...
EyesOfNetwork 5.3 Remote Code Execution
Exploit Title: EyesOfNetwork 5.3 - File Upload Remote Code Execution Date: 10/01/2021 Exploit Author: Ariane.Blow Vendor Homepage: https://www.eyesofnetwork.com/en Software Link: http://download.eyesofnetwork.com/EyesOfNetwork-5.3-x8664-bin.iso Version: 5.3-10 12/9/2020-lastest !/bin/bash /!\ You...
Netsia SEBA+ 0.16.1 Authentcation Bypass / Add Root User
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Netsia SEBA+ %q This module exploits an authentication bypass in Netsia SEBA+, triggered by add new root/admin user. HTTP requests made to the...
Backdoor.Win32.Ncx.bt Remote Stack Buffer Overflow
Discovery / credits: malvuln - Malvuln.com c 2021 Original source: https://malvuln.com/advisory/ad5c01b3e6d0254adfe0898c6d16f927.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Ncx.bt Vulnerability: Remote Stack Buffer Overflow Description: The malware listens o...
WordPress Easy Contact Form 1.1.7 Cross Site Scripting
Exploit Title: WordPress Plugin Easy Contact Form 1.1.7 - 'Name' Stored Cross-Site Scripting XSS Date: 14/01/2021 Exploit Author: Rahul Ramakant Singh Vendor Homepage: https://ghozylab.com/plugins/ Software Link: https://demo.ghozylab.com/plugins/easy-contact-form-plugin/ Version: 1.1.7 Tested on...
Online Hotel Reservation System 1.0 Cross Site Scripting
Exploit Title: Online Hotel Reservation System 1.0 - Stored Cross-site Scripting Exploit Author: Mesut Cetin Date: 2021-01-14 Vendor Homepage: https://www.sourcecodester.com/php/13492/online-hotel-reservation-system-phpmysqli.html Software Link:...
Online Hotel Reservation System 1.0 Cross Site Request Forgery
Exploit Title: Online Hotel Reservation System 1.0 - Cross-site request forgery CSRF Exploit Author: Mesut Cetin Date: 2021-01-14 Vendor Homepage: https://www.sourcecodester.com/php/13492/online-hotel-reservation-system-phpmysqli.html Software Link:...
E-Learning System 1.0 SQL Injection / Shell Upload
Exploit Title: E-Learning System 1.0 - Authentication Bypass & RCE Exploit Author: Himanshu Shukla & Saurav Shukla Date: 2021-01-15 Vendor Homepage: https://www.sourcecodester.com/php/12808/e-learning-system-using-phpmysqli.html Software Link:...
PHP-Fusion 9.03.90 Cross Site Request Forgery
Exploit Title: PHP-Fusion CMS 9.03.90 - Cross-Site Request Forgery Delete admin shoutbox message Date: 2020-12-21 Exploit Author: Mohamed Oosman B S Vendor Homepage: https://www.php-fusion.co.uk/ Software Link: https://www.php-fusion.co.uk/phpfusion9downloads.php Version: 9.03.90 and below Tested...