50786 matches found
Backdoor.Win32.Zombam.j Remote Stack Buffer Overflow
Discovery / credits: malvuln - Malvuln.com c 2021 Original source: http://malvuln.com/advisory/a4212f23e1cc3bb34b0dfe15b2ad323e.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Zombam.j Vulnerability: Remote Stack Buffer Overflow Description: Listens on TCP port...
Rock RMS File Upload / Account Takeover / Information Disclosure
Title ========================= Multiple vulnerabilities found in Rock RMS including RCE and account takeover. A total of three CVEs were issued for the vulnerabilities CVE-2019-18641, CVE-2019-18642, CVE-2019-18643 Product Description ========================= Rock RMS is an open source CRM...
BACKDOOR.WIN32.ADVERBOT Remote Stack Corruption
Discovery / credits: malvuln - Malvuln.com c 2021 Original source: http://malvuln.com/advisory/9919c1e86a750dd6d4f0d2a851af29ea.txt Contact: [email protected] Media: twitter.com/malvuln Threat: BACKDOOR.WIN32.ADVERBOT Vulnerability: Remote Stack Corruption Description: Null instruction pointer...
Phorpiex Insecure Permissions / Privilege Escalation
Discovery / credits: malvuln - Malvuln.com c 2021 Original source: http://malvuln.com/advisory/f4d7d721f68bc9a80aaf53bc184a3c58.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Phorpiex Vulnerability: Insecure permissions EoP Description: Change permissions are granted to...
CRUD Operation Software 1.0 Cross Site Scripting
Exploit Title: Multiple Stored XSS in CRUD Operation software Date: 4/1/2021 Exploit Author: Arnav Tripathy Vendor Homepage: https://egavilanmedia.com Software Link: https://egavilanmedia.com/crud-operation-with-php-mysql-bootstrap-and-dompdf/ Version: 1.0 Tested on: linux / Lamp Click on add new...
Curfew e-Pass Management 1.0 Cross Site Scripting
Exploit Title: Stored XSS in Curfew e-Pass Management Date: 2/1/2021 Exploit Author: Arnav Tripathy Vendor Homepage: https://phpgurukul.com Software Link: https://phpgurukul.com/curfew-e-pass-management-system-using-php-and-mysql/ Version: 1.0 Tested on: Windows 10/Wamp 1Log into the application...
BACKDOOR.WIN32.BNLITE Remote Heap Corruption
Discovery / credits: malvuln - Malvuln.com c 2021 Original source: http://malvuln.com/advisory/f78cef7588f9c32609a4932d10c67f95.txt Contact: [email protected] Media: twitter.com/malvuln Threat: BACKDOOR.WIN32.BNLITE Vulnerability: Remote Heap Corruption Description: When sending a specially...
Backdoor.Win32.Infexor.b Remote SEH Stack Buffer Overflow
Discovery / credits: malvuln - Malvuln.com c 2021 Original source: http://malvuln.com/advisory/34c09f7fd6668c89a59ebdc8f12d1e7b.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Infexor.b Vulnerability: Buffer Overflow Description: Remote SEH Stack Buffer Overflow...
BACKDOOR.WIN32.REMOTEMANIPULATOR Insecure Permissions
Discovery / credits: malvuln - Malvuln.com c 2021 Original source: http://malvuln.com/advisory/82183b3d85311a39fb80ae07357594e5.txt Contact: [email protected] Media: twitter.com/malvuln Threat: BACKDOOR.WIN32.REMOTEMANIPULATOR Vulnerability: Insecure Permissions Description: Creates a dir...
Mantis Bug Tracker 2.24.3 SQL Injection
Exploit Title: Mantis Bug Tracker 2.24.3 - 'access' SQL Injection Date: 30/12/2020 Exploit Author: EthicalHCOP Vendor Homepage: https://www.mantisbt.org/ Version: 2.24.3 CVE: CVE-2020-28413 import requests, sys, time from lxml import etree proxies = "http": "http://127.0.0.1:8080", "https":...
Knockpy 4.1.1 CSV Injection
Exploit Title: Knockpy 4.1.1 - CSV Injection Author: Dolev Farhi Date: 2020-12-29 Vendor Homepage: https://github.com/guelfoweb/knock Version : 4.1.1 Tested on: Debian 9.13 Knockpy, as part of its subdomain brute forcing flow of a remote domain, issues a HEAD request to the server to fetch detail...
Win32 Backdoor 2019-02-ARTRADOWNLOADER SEH Buffer Overflow
Discovery / credits: malvuln - Malvuln.com c 2021 Original source: http://malvuln.com/advisory/8d42c01180be7588a2a68ad96dd0cf85.txt Contact: [email protected] Media: twitter.com/malvuln Threat: WIN32 BACKDOOR - 2019-02-ARTRADOWNLOADER Vulnerabilities: Remote SEH Buffer Overflow and Insecure...
Trojan.Win32.Antavka.bz Insecure Permissions / Privilege Escalation
Discovery / credits: malvuln - Malvuln.com c 2021 Original source: http://malvuln.com/advisory/2e4573d8925be404a9a1ff49ee2f5bc3.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Trojan.Win32.Antavka.bz Vulnerability: Insecure Permissions EoP Description: Change permissions are...
Gotenberg 6.2.0 Traversal / Code Execution / Insecure Permissions
1 Multiple vulnerabilities in Gotenberg │ │ │ │ My PDF │ │ │ │ Path: │ .DirPath │ PASSWD: │ toHTML .DirPath "../../../../etc/passwd" │ IP: │ toHTML .DirPath "../../../...
Hyland Enterprise Search 11.2.2 Cross Site Scripting
The admin console's event viewer displays logged event data inside of tags. An attack string like "alert'hi'" in any place across Enterprise Search that will cause an error, like instead of a number or for the username on the login page or through the new Federated Authentication, will then be...
Easy CD And DVD Cover Creator 4.13 Denial Of Service
Exploit Title: Easy CD & DVD Cover Creator 4.13 - Denial of Service PoC Date: 22.12.2020 Software Link: http://www.tucows.com/download/windows/files/ezcdsetup.exe Exploit Author: Achilles Tested Version: 4.13 Tested on: Windows 7 x64 Sp1 1.- Run python code :Creator.py 2.- Open EVIL.txt and copy...
4images 1.7.11 Cross Site Scripting
Exploit Title: 4images v1.7.11 - 'Profile Image' Stored Cross-Site Scripting Date: 30-12-2020 Exploit Author: Ritesh Gohil Vendor Homepage: https://www.4homepages.de/ Software Link: https://www.4homepages.de/download-4images Version: 1.7.11 Tested on: Windows 10/Kali Linux Vulnerable Parameters:...
MiniTool ShadowMaker 3.2 Unquoted Service Path
Exploit Title: MiniTool ShadowMaker 3.2 - 'MTAgentService' Unquoted Service Path Discovery by: Thalia Nieto Discovery Date: 02/01/21 Vendor Homepage: https://www.minitool.com Software Link: https://www.minitool.com/backup/thanks-download.html?v=sm-free&r=download-center/ Tested Version: 3.2...
WordPress Core 5.2.2 Cross Site Scripting
Exploit Title: Wordpress Core 5.2.2 - 'post previews' XSS Date: 31/12/2020 Exploit Author: gx1 Vulnerability Discovery: Simon Scannell Vendor Homepage: https://wordpress.com/ Software Link: https://github.com/WordPress/WordPress Version: = 5.2.2 Tested on: any CVE: CVE-2019-16223 References:...
Openpilot Default SSH Key Scanner
!/bin/bash openpilot-scan.sh Jeremy Brown jbrown3264/gmail Dec 2020 Checks for openpilot devices using the default SSH key Setup apt-get install -y masscan && setcap capnetraw=ep /usr/bin/masscan wget -q https://raw.githubusercontent.com/commaai/openpilot/master/tools/ssh/idrsa chmod 600 idrsa...
qdPM 9.1 PHP Object Injection
-------------------------------------------------------------- qdPM getParameter'format'; 299. $filename = $request-getParameter'filename'; 300. 301. $export = unserialize$request-getParameter'export'; User input passed through the "export" request parameter is not properly sanitized before being...
Zoom Meeting Connector Post-Auth Remote Root
!/usr/bin/python -- coding: UTF-8 -- zoomer.py Zoom Meeting Connector Post-auth Remote Root Exploit Jeremy Brown jbrown3264/gmail Dec 2020 The Meeting Connector Web Console listens on port 5480. On the dashboard under Network - Proxy, one can enable a proxy server. All of the fields are sanitized...
Cassandra Web 0.5.0 Remote File Read
!/usr/bin/python -- coding: UTF-8 -- cassmoney.py Cassandra Web 0.5.0 Remote File Read Exploit Jeremy Brown jbrown3264/gmail Dec 2020 Cassandra Web is vulnerable to directory traversal due to the disabled Rack::Protection module. Apache Cassandra credentials are passed via the CLI in order for th...
HPE Edgeline Infrastructure Manager Improper Authorization
!/usr/bin/python -- coding: UTF-8 -- billhader.py HPE Edgeline Infrastructure Manager Multiple Remote Vulnerabilities Jeremy Brown jbrown3264/gmail Dec 2020 In \opt\hpe\eim\containers\api\eim\api\urls.py, some private paths are defined which are intended to only be accessible via the local consol...
SEOPanel 4.6.0 Cross Site Scripting
Hello, We are informing you about Cross-Site Scripting Vulnerabilities in SEOPanel 4.6.0. Information -------------------- Advisory by Netsparker Name: Cross-Site Scripting Vulnerabilities in SEOPanel Affected Software: SEOPanel Affected Versions: 4.6.0 Vendor Homepage: https://www.seopanel.org/...
CHMSC Elearning System 1.0 SQL Injection
Exploit Title: CHMSC Elearning System 1.0 - SQL Injection Exploit Author: Ferhat Çil Date: 2020-12-25 Vendor Homepage: https://www.sourcecodester.com/php/5172/responsive-e-learning-system.html Software Link:...
URVE Software Build 24.03.2020 Information Disclosure
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2020-042 Product: URVE Software Manufacturer: Eveo Sp. z o.o. Affected Versions: Build "24.03.2020" Tested Versions: Build "24.03.2020" Vulnerability Type: Cleartext Storage of Sensitive Information CWE-312 Exposure of Sensitive...
URVE Software Build 24.03.2020 Missing Authorization
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2020-041 Product: URVE Software Manufacturer: Eveo Sp. z o.o. Affected Versions: Build "24.03.2020" Tested Versions: Build "24.03.2020" Vulnerability Type: Missing Authorization CWE-862 Risk Level: High Solution Status: Open...
Philips Hue Denial Of Service
Credits: Ilia Shnaidman + @0x496c on Twitter + https://www.iliashn.com Vendor: ============= Philips Lighting Holding B.V Product: ============= Philips Hue Hub - all Vulnerability Type: ====================== Denial of Service Security Issue: =============== Philips Hue is vulnerable to Denial...
URVE Software Build 24.03.2020 Authentication Bypass / Remote Code Execution
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2020-040 Product: URVE Software Manufacturer: Eveo Sp. z o.o. Affected Versions: Build "24.03.2020" Tested Versions: Build "24.03.2020" Vulnerability Type: Missing Authentication for Critical Function CWE-306 Risk Level: High...
GitLab 11.4.7 Remote Code Execution
Exploit Title: GitLab 11.4.7 - RCE Authenticated Date: 24th December 2020 Exploit Author: Sam Redmond Software Link: https://gitlab.com/ Environment: GitLab 11.4.7, community edition CVE: CVE-2018-19571 + CVE-2018-19585 Version: 11.4.7 !/usr/bin/python3 import requests from bs4 import BeautifulSo...
Apache Struts 2 Forced Multi OGNL Evaluation
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Apache Struts 2 Forced Multi OGNL Evaluation', 'Description' = %q The Apache Struts framework, when forced, performs double evaluation of...
WordPress WP-PostRatings 1.86 Cross Site Scripting
Exploit Title: WordPress Plugin WP-PostRatings 1.86 - 'postratingsimage' Cross-Site Scripting Date: 20-12-2018 Software Link: https://wordpress.org/plugins/wp-postratings/ Exploit Author: Park Won Seok Version: wp-postratings.1.86 Tested on: Windows 10 x64 description: A Stored Cross-site scripti...
WordPress Adning Advertising 1.5.5 Shell Upload
Exploit Title: WordPress Plugin Adning Advertising 1.5.5 - Arbitrary File Upload Google Dork: inurl:/wp-content/plugins/angwp Date: 23/12/2020 Exploit Author: spacehen Vendor Homepage: http://adning.com/ Version: spacehen www.lunar.sh" def printusage: print"Usage: python3 exploit.py target url ph...
Arteco Web Client DVR/NVR Session Hijacking
!/usr/bin/env python3 Arteco Web Client DVR/NVR 'SessionId' Cookie Brute Force Session Hijacking Exploit Vendor: Arteco S.U.R.L. Product web page: https://www.arteco-global.com Affected version: n/a Summary: Arteco DVR/NVR is a mountable industrial surveillance server ideal for those who need to...
10-Strike Network Inventory Explorer Pro 9.05 Buffer Overflow
Exploit Title: 10-Strike Network Inventory Explorer Pro 9.05 - Buffer Overflow SEH Date: 2020-12-22 Exploit Author: Florian Gassner Vendor Homepage: https://www.10-strike.com/ Software Link: https://www.10-strike.com/networkinventoryexplorer/network-inventory-pro-setup.exe Version: 9.05 Tested on...
Sales And Inventory System For Grocery Store 1.0 Cross Site Scripting
Exploit Title: Sales and Inventory System for Grocery Store 1.0 - Multiple Stored XSS Exploit Author: Vijay Sachdeva pwnshell Date: 2020-12-23 Vendor Homepage: https://www.sourcecodester.com/php/11238/sales-and-inventory-system-grocery-store.html Software Link:...
Online Learning Management System 1.0 Cross Site Scripting
Exploit Title: Online Learning Management System 1.0 - Multiple Stored XSS Exploit Author: Aakash Madaan Godsky Date: 2020-12-22 Vendor Homepage: https://www.sourcecodester.com/php/7339/learning-management-system.html Software Link:...
TerraMaster TOS 4.2.06 Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "TerraMaster TOS 4.2.06 - Unauthenticated Remote Code Execution", 'Description' = %q This module exploits a unauthenticated command execution...
Online Learning Management System 1.0 SQL Injection
Exploit Title: Online Learning Management System 1.0 - Authentication Bypass Exploit Author: Aakash Madaan Godsky Date: 2020-12-22 Google Dork: N/A Vendor Homepage: https://www.sourcecodester.com/php/7339/learning-management-system.html Software Link:...
WordPress Epsilon Framework SSRF / Denial of Service
Exploit Title: Wordpress Epsilon Framework Multiple Themes - Unauthenticated Function Injection Date: 22/12/2020 Exploit Authors: gx1 lotar Vendor Homepage: https://wordpress.com/ Software Link: https://github.com/WordPress/WordPress Affected Themes: shapely - Fixed in version 1.2.9 newsmag - Fix...
Class Scheduling System 1.0 Cross Site Scripting
Exploit Title: Class Scheduling System 1.0 - Multiple Stored XSS Exploit Author: Aakash Madaan Godsky Date: 2020-12-22 Vendor Homepage: https://www.sourcecodester.com/php/5175/class-scheduling-system.html Software Link:...
TerraMaster TOS 4.2.06 Remote Code Execution
Exploit Title: TerraMaster TOS 4.2.06 - RCE Unauthenticated Date: 12/12/2020 Exploit Author: IHTeam Full Write-up: https://www.ihteam.net/advisory/terramaster-tos-multiple-vulnerabilities/ Vendor Homepage: https://www.terra-master.com/ Version: " /usr/w...
Baby Care System 1.0 SQL Injection
Exploit Title: Baby Care System 1.0 - 'roleid' SQL Injection Exploit Author: Vijay Sachdeva Date: 2020-12-23 Vendor Homepage: https://www.sourcecodester.com/php/14622/baby-care-system-phpmysqli-full-source-code.html Software Link:...
Faculty Evaluation System 1.0 Cross Site Scripting
Exploit Title: Faculty Evaluation System 1.0 - Stored XSS Exploit Author: Vijay Sachdeva pwnshell Date: 2020-12-22 Vendor Homepage: https://www.sourcecodester.com/php/14635/faculty-evaluation-system-using-phpmysqli-source-code.html Software Link:...
Multi Branch School Management System 3.5 Cross Site Scripting
Exploit Title: Multi Branch School Management System 3.5 - "Create Branch" Stored XSS Exploit Author: Kislay Kumar Date: 2020-12-21 Google Dork: N/A Vendor Homepage: https://www.ramomcoder.com/ Software Link: https://codecanyon.net/item/ramom-multi-branch-school-management-system/25182324 Affecte...
Pandora FMS 7.0 NG 750 SQL Injection
Exploit Title: Pandora FMS 7.0 NG 750 - 'Network Scan' SQL Injection Authenticated Date: 12-21-2020 Exploit Author: Matthew Aberegg, Alex Prieto Vendor Homepage: https://pandorafms.com/ Patch Link: https://github.com/pandorafms/pandorafms/commit/d08e60f13a858fbd22ce6b83fa8ca391c608ec5c Software...
Artworks Gallery Management System 1.0 SQL Injection
Exploit Title: Artworks Gallery Management System 1.0 - 'id' SQL Injection Exploit Author: Vijay Sachdeva Date: 2020-12-22 Vendor Homepage: https://www.sourcecodester.com/php/14634/artworks-gallery-management-system-php-full-source-code.html Software Link:...
Webmin 1.962 Remote Command Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Webmin 1.962 - Package Update Escape Bypass RCE Metasploit', 'Description' = %q This module exploits an arbitrary command execution vulnerability...
CSE Bookstore 1.0 SQL Injection
Exploit Title : CSE Bookstore 1.0 - Multiple SQL Injection Date : 2020-12-21 Author : Musyoka Ian Version : CSE Bookstore 1.0 Vendor Homepage: https://projectworlds.in/ Platform : PHP Tested on : Debian CSE Bookstore version 1.0 is vulnerable to time-based blind, boolean-based blind and OR...