50653 matches found
Seat Reservation System 1.0 Shell Upload
Seat Reservation System version 1.0 suffers from an Unauthenticated File Upload Vulnerability allowing Remote Attackers to gain Remote Code Execution RCE on the Hosting Webserver via uploading PHP files. Vendor Homepage: www.sourcecodester.com Software Link:...
B-swiss 3 Digital Signage System 3.6.5 Cross Site Request Forgery
!-- B-swiss 3 Digital Signage System 3.6.5 CSRF Add Maintenance Admin Vendor: B-Swiss SARL | b-tween Sarl Product web page: https://www.b-swiss.com Affected version: 3.6.5 3.6.2 3.6.1 3.6.0 3.5.80 3.5.40 3.5.20 3.5.00 3.2.00 3.1.00 Summary: Intelligent digital signage made easy. To go beyond the...
B-swiss 3 Digital Signage System 3.6.5 Database Disclosure
B-swiss 3 Digital Signage System 3.6.5 Database Disclosure Vendor: B-Swiss SARL | b-tween Sarl Product web page: https://www.b-swiss.com Affected version: 3.6.5 3.6.2 3.6.1 3.6.0 3.5.80 3.5.40 3.5.20 3.5.00 3.2.00 3.1.00 Summary: Intelligent digital signage made easy. To go beyond the possibiliti...
D-Link DGS-1210-28 Denial Of Service
Exploit Title: D-Link DGS-1210-28 Denial of Service Date: 18 Sep 2020 Exploit Author: Saeed Reza Zamanian Product : D-Link DGS-1210-28 Vendor Homepage: https://www.dlink.com/ Product Link: https://www.dlink.com/en/products/dgs-1210-28-28-port-gigabit-smart-managed-switch Version : DGS-1210-28...
Mantis Bug Tracker 2.3.0 Remote Code Execution
Exploit Title: Mantis Bug Tracker 2.3.0 - Remote Code Execution Unauthenticated Date: 2020-09-17 Vulnerability Discovery: hyp3rlinx, permanull Exploit Author: Nikolas Geiselman Vendor Homepage: https://mantisbt.org/ Software Link: https://mantisbt.org/download.php Version: 1.3.0/2.3.0 Tested on:...
SpamTitan 7.07 Remote Code Execution
Exploit Title: SpamTitan 7.07 - Remote Code Execution Authenticated Date: 2020-09-18 Exploit Author: Felipe Molina @felmoltor Vendor Homepage: https://www.titanhq.com/spamtitan/spamtitangateway/ Software Link: https://www.titanhq.com/signup/?producttype=spamtitangateway Version: 7.07 Tested on:...
Navy Federal Cross Site Scripting
Vendor ------------------------------------------------- Navy Federal - https://www.navyfederal.org/ Product ------------------------------------------------- Front pubic facing application Credit ------------------------------------------------- Arthrocyber http://arthrocyber.com/research/findin...
TP-Link Cloud Cameras NCXXX Bonjour Command Injection
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'TP-Link Cloud Cameras NCXXX Bonjour Command Injection', 'Description' = %q TP-Link cloud cameras NCXXX series NC200, NC210, NC220, NC230, NC250,...
Microsoft SQL Server Reporting Services 2016 Remote Code Execution
Exploit Title: Microsoft SQL Server Reporting Services 2016 - Remote Code Execution Google Dork: inurl:ReportViewer.aspx Date: 2020-09-17 Exploit Author: West Shepherd Vendor Homepage: https://www.microsoft.com Version: Microsoft SQL Server 2016 32-bit/x64 SP2 CU/GDR, Microsoft SQL Server 2014...
Microsoft Exchange Server DlpUtils AddTenantDlpPolicy Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Microsoft Exchange Server DlpUtils AddTenantDlpPolicy RCE', 'Description' = %q This vulnerability allows remote attackers to execute arbitrary co...
Microsoft Spooler Local Privilege Elevation
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Microsoft Spooler Local Privilege Elevation Vulnerability', 'Description' = %q This exploit leverages a file write vulnerability in the print...
Piwigo 2.10.1 Cross Site Scripting
Exploit Title: Piwigo 2.10.1 - Cross Site Scripting POC by: Iridium Software Homepage: http://www.piwigo.org Version : 2.10.1 Tested on: Linux & Windows Category: webapps Google Dork: intext: "Powered by Piwigo" CVE : CVE-2020-9467 Description Piwigo 2.10.1 has stored XSS via the file parameter i...
Mida Solutions eFramework ajaxreq.php Command Injection
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Mida Solutions eFramework ajaxreq.php Command Injection', 'Description' = %q This module exploits a command injection vulnerability in Mida...
Acronis Cyber Backup 12.5 Build 16341 Server-Side Request Forgery
RCE Security Advisory https://www.rcesecurity.com 1. ADVISORY INFORMATION ======================= Product: Acronis Cyber Backup Vendor URL: https://www.acronis.com Type: Server-Side Request Forgery CWE-918 Date found: 2020-07-30 Date published: 2020-09-14 CVSSv3 Score: 8.3...
1CRM 8.6.7 Insecure Direct Object Reference
Security Advisory ARA-2020-005: Insecure Direct Object Reference CVE-2020-15958 Affected Products and Environments Product: 1CRM =8.6.7, confirmed for CRBM System ENT-8.6.5, CRBM System ENT-8.6.6 and Startup+ Edition 8.5.15 Environments: All host environments Security Risk Severity: High CVSS v3:...
Tailor MS 1.0 Cross Site Scripting
Exploit Title: Tailor MS 1.0 - Reflected Cross-Site Scripting Exploit Author: Bobby Cooke boku & Adeeb Shah @hyd3sec Date: 2020-09-14 CVE ID: CVE-2020-23835 Vendor Homepage: https://www.sourcecodester.com Software Link:...
ThinkAdmin 6 Arbitrary File Read
Exploit Title: ThinkAdmin 6 - Arbitrarily File Read Google Dork: N/A Date: 2020-09-14 Exploit Author: Hzllaga Vendor Homepage: https://github.com/zoujingli/ThinkAdmin/ Software Link: Before https://github.com/zoujingli/ThinkAdmin/commit/ff2ab47cfabd4784effbf72a2a386c5d25c43a9a Version: v6 =...
RAD SecFlow-1v SF_0290_2.3.01.26 Cross Site Request Forgery
Exploit Title: RAD SecFlow-1v SF02902.3.01.26 - Cross-Site Request Forgery Reboot Date: 2020-08-31 Exploit Author: Uriel Yochpaz and Jonatan Schor Vendor Homepage: https://www.rad.com/products/secflow-1v-IIoT-Gateway Version: SecFlow-1v os-image SF02902.3.01.26 Tested on: RAD SecFlow-1v CVE : N/A...
RAD SecFlow-1v SF_0290_2.3.01.26 Cross Site Scripting
Exploit Title: RAD SecFlow-1v SF02902.3.01.26 - Persistent Cross-Site Scripting Date: 2020-08-31 Exploit Author: Jonatan Schor and Uriel Yochpaz Vendor Homepage: https://www.rad.com/products/secflow-1v-IIoT-Gateway Version: SecFlow-1v os-image SF02902.3.01.26 Tested on: RAD SecFlow-1v CVE : N/A A...
Microsoft Windows Finger Security Bypass / C2 Channel
Title: Windows TCPIP Finger Command - C2 Channel and Bypassing Security Software + Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/WindowsTCPIPFingerCommandC2ChannelandBypassingSecuritySoftware.txt + twitter.com/hyp3rlinx +...
Pearson Vue VTS 2.3.1911 Unquoted Service Path
Exploit Title: Pearson Vue VTS 2.3.1911 Installer - 'VUEApplicationWrapper' Unquoted Service Path Discovery by: Jok3r Discovery Date: 2020-09-14 Vendor Homepage: https://home.pearsonvue.com/ Software Link: https://vss.pearsonvue.com/VSSFiles/Documents/ENUTCInstallGuide/DownloadVTSInstaller.htm...
Rapid7 Nexpose Installer 6.6.39 Unquoted Service Path
Exploit Title: Rapid7 Nexpose Installer 6.6.39 - 'nexposeengine' Unquoted Service Path Date: 2020-08-31 Exploit Author: Angelo D'Amato Vendor Homepage: https://www.rapid7.com Version: sc qc nexposeengine SC QueryServiceConfig SUCCESS SERVICENAME: nexposeengine TYPE : 10 WIN32OWNPROCESS STARTTYPE ...
Joomla! paGO Commerce 2.5.9.0 SQL Injection
Exploit Title: Joomla! paGO Commerce 2.5.9.0 - SQL Injection Authenticated Date: 2020-08-21 Exploit Author: Mehmet Kelepçe / Gais Cyber Security Author ID: 8763 Vendor Homepage: https://www.corephp.com/ Software Link: https://www.corephp.com/joomla-products/pago-commerce Version: 2.5.9.0 Tested o...
Linux expand_downwards() / munmap() Race Condition
Linux =4.20: expanddownwards can race with munmap page table freeing Since 4.20, domunmap downgrades the mmapsem from write-locked to read-locked after detaching the VMAs from the mmstruct, but before dropping references to pages and freeing page tables. This ought to be safe because VMA tree...
Microsoft Internet Explorer 11 Use-After-Free
Exploit Title: Internet Explorer 11 - Use-After-Free Google Dork: if applicable Date: 2020-09-06 Exploit Author: Tgroup Vendor Homepage: Microsoft.com Version: IE 11 REQUIRED Tested on: Windows 7 x64 CVE : CVE-2020-0674 //...
Gnome Fonts Viewer 3.34.0 Heap Corruption
!/usr/bin/env python3 Exploit Title: Gnome Fonts Viewer 3.34.0 Heap Corruption Date: 2020-09-10 Exploit Author: Cody Winkler Vendor Homepage: gnome.org Software Link: https://help.gnome.org/misc/release-notes/3.6/users-font-viewer.html Version: 3.34.0 Tested On: Ubuntu 20.04.1 LTS Note: May take ...
VTENEXT 19 CE Remote Code Execution
!/usr/bin/python3 Exploit Title: VTENEXT 19 CE - Remote Code Execution Google Dork: n/a Date: 2020/09/09 Exploit Author: Marco Ruela Vendor Homepage: https://www.vtenext.com/en/ Software Link: Vendor removed vulnerable version from sourceforge.net Version: 19 CE Tested on: Ubuntu 16.04 CVE : N/A...
DnsAdmin ServerLevelPluginDll Feature Abuse Privilege Escalation
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'metasploit/framework/compiler/windows' class MetasploitModule 'DnsAdmin ServerLevelPluginDll Feature Abuse Privilege Escalation', 'Description' = %q This module...
Tea LaTex 1.0 Remote Code Execution
Exploit Title: Tea LaTex 1.0 - Remote Code Execution Unauthenticated Google Dork: N/A Date: 2020-09-01 Exploit Author: nepska Vendor Homepage: https://github.com/ammarfaizi2/latex.teainside.org Software Link: https://github.com/ammarfaizi2/latex.teainside.org Version: v1.0 Tested on: Kali linux /...
CuteNews 2.1.2 Remote Code Execution
Exploit Title: CuteNews 2.1.2 - Remote Code Execution Google Dork: N/A Date: 2020-09-10 Exploit Author: Musyoka Ian Vendor Homepage: https://cutephp.com/cutenews/downloading.php Software Link: https://cutephp.com/cutenews/downloading.php Version: CuteNews 2.1.2 Tested on: Ubuntu 20.04, CuteNews...
Mobile Shop System 1.0 SQL Injection
Title: Mobile Shop System v1.0 - SQLi lead to authentication bypass Exploit Author: Moaaz Taha 0xStorm Date: 2020-09-08 Vendor Homepage: https://www.sourcecodester.com/php/14412/mobile-shop-system-php-mysql.html Software Link:...
Tiandy IPC / NVR 9.12.7 Credential Disclosure
Exploit Title: Tiandy IPC and NVR 9.12.7 - Credential Disclosure Date: 2020-09-10 Exploit Author: zb3 Vendor Homepage: http://en.tiandy.com Product Link: http://en.tiandy.com/index.php?s=/home/product/index/category/products.html Software Link:...
ZTE F602W CAPTCHA Bypass
Exploit Title: ZTE Router F602W - Captcha Bypass Exploit Author: Hritik Vijay @MrHritik Vendor Homepage: https://zte.com.cn Reported: 2019-06-14 Version: F6x2W V6.0.10P2T2 Version: F6x2W V6.0.10P2T5 Tested on: F602W CVE: CVE-2020-6862 Background ----------- Captcha is used to make sure the form i...
IlchCMS 2.1.37 Cross Site Scripting
Information -------------------- Advisory by Netsparker Name: Cross-Site Scripting in IlchCMS Affected Software: IlchCMS Affected Versions: 2.1.37 Vendor Homepage: https://www.ilch.de/ Vulnerability Type: Cross-Site Scripting Severity: Important Status: Fixed CVSS Score 3.0: 7.4 High Netsparker...
Input Director 1.4.3 Unquoted Service Path
Exploit Title: Input Director 1.4.3 - 'Input Director' Unquoted Service Path Discovery Date: 2020-09-08 Response from Input Director Support: 09/09/2020 Exploit Author: TOUHAMI Kasbaoui Vendor Homepage: https://www.inputdirector.com/ Version: 1.4.3 Tested on: Windows Server 2012, Windows 10 Find...
Audio Playback Recorder 3.2.2 Local Buffer Overflow
Exploit Title: Audio Playback Recorder 3.2.2 - Local Buffer Overflow SEH Date: 2020-09-08 Author: Felipe Winsnes Software Link: https://archive.org/download/tucows288670AudioPlaybackRecorder/AudioRec.exe Version: 3.2.2 Tested on: Windows 7 x86 Blog: https://whitecr0wz.github.io/ Proof of the...
Scopia XT Desktop 8.3.915.4 Cross Site Request Forgery
Exploit Title: Scopia XT Desktop 8.3.915.4 - Cross-Site Request Forgery change admin password Google Dork: inurl:scopia+index.jsp Date: 2020-09-09 Exploit Author: v1n1v131r4 Vendor Homepage: https://avaya.com Software Link:...
ShareMouse 5.0.43 Unquoted Service Path
Exploit Title: ShareMouse 5.0.43 - 'ShareMouse Service' Unquoted Service Path Discovery Date: 2020-09-08 Discovery by: Alan Lacerda alacerda Vendor Homepage: https://www.sharemouse.com/ Software Link: https://www.sharemouse.com/ShareMouseSetup.exe Version: 5.0.43 Tested on OS: Microsoft Windows 1...
Yaws 2.0.7 XML Injection / Command Injection
Exploit Title: Multiple vulnerabilities in Yaws web server Date: 2020-08-10 Exploit Author: Alexey Pronin (vulnbe) Vendor Homepage: http://yaws.hyber.org/ Software Link: https://github.com/erlyaws/yaws Versions affected: 1.81 - 2.0.7 CVE: CVE-2020-24379, CVE-2020-24916 1. Description:...
Rapid7 Nexpose Installer 6.6.39 Local Privilege Escalation
Rapid7 Nexpose Installer 6.6.39 Local Privilege Escalation Vendor: Rapid7 Product web page: https://www.rapid7.com Affected version: sc qc nexposeengine SC QueryServiceConfig SUCCESS SERVICENAME: nexposeengine TYPE : 10 WIN32OWNPROCESS STARTTYPE : 2 AUTOSTART ERRORCONTROL : 0 IGNORE BINARYPATHNAM...
Cabot 0.11.12 Cross Site Scripting
Exploit Title: Cabot 0.11.12 - Persistent Cross-Site Scripting Date: 2020-09-06 Exploit Author: Abhiram V Vendor Homepage: https://cabotapp.com/ Software Link: https://github.com/arachnys/cabot Version: 0.11.12 Tested on: Ubuntu Linux Introduction Cabot is a free, open-source, self-hosted...
macOS cfprefsd Arbitrary File Write / Local Privilege Escalation
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'macOS cfprefsd Arbitrary File Write Local Privilege Escalation', 'Description' = %q This module exploits an arbitrary file write in cfprefsd on...
Joomla GMapFP J3.5 / J3.5F Arbitrary File Upload
Exploit Title: Joomla! Component GMapFP J3.5/J3.5F - Unauthenticated Arbitrary File Upload Google Dork: inurl:''comgmapfp'' Date: 2020-03-27 Exploit Author: ThelastVvV Vendor Homepage:https://gmapfp.org/ Version:Version J3.5 /J3.5free Tested on: Ubuntu CVE:CVE-2020-23972 Description: An attacker...
Grocy 2.7.1 Cross Site Scripting
Exploit Title: grocy 2.7.1 - Persistent Cross-Site Scripting Date: 2020-09-06 Exploit Author: Mufaddal Masalawala Vendor Homepage: https://berrnd.de/ Software Link: https://github.com/grocy/grocy Version: 2.7.1 Tested on: Kali Linux 2020.3 Proof Of Concept: grocy household management solution...
Noise-Java AESGCMOnCtrCipherState.encryptWithAd() Insufficient Boundary Checks
Vulnerability title: Noise-Java AESGCMOnCtrCipherState.encryptWithAd insufficient boundary checks Author: Pietro Oliva CVE: CVE-2020-25023 Vendor: Rhys Weatherley Creator of Noise Framework's reference implementation in Java Product: Noise-Java Affected version: No version information is currentl...
ManageEngine Applications Manager Authenticated Remote Code Execution
!/usr/bin/python3 Exploit Title: ManageEngine Applications Manager - Authenticated RCE via Java class reflection in Weblogic server test credential API Google Dork: None Date: 04-09-2020 Exploit Author: Hodorsec Vendor Homepage: https://manageengine.co.uk Vendor Vulnerability Description:...
Noise-Java AESGCMFallbackCipherState.encryptWithAd() Insufficient Boundary Checks
Vulnerability title: Noise-Java AESGCMFallbackCipherState.encryptWithAd insufficient boundary checks Author: Pietro Oliva CVE: CVE-2020-25022 Vendor: Rhys Weatherley Creator of Noise Framework's reference implementation in Java Product: Noise-Java Affected version: No version information is...
Nord VPN 6.31.13.0 Unquoted Service Path
Exploit Title: Nord VPN-6.31.13.0 - 'nordvpn-service' Unquoted Service Path Discovery Date: 2020-09-03 Discovery by: chipo Vendor Homepage: https://nordvpn.com Software Link : https://downloads.nordcdn.com/apps/windows/10/NordVPN/latest/NordVPNSetup.exe Tested Version: 6.31.13.0 Tested on OS:...
Red Lion N-Tron 702-W / 702M12-W 2.0.26 XSS / CSRF / Shell
SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple Vulnerabilities product: Red Lion N-Tron 702-W, Red Lion N-Tron 702M12-W vulnerable version: =2.0.26 fixed version: CVE number: CVE-2020-16210, CVE-2020-16206,...
SiteMagic CMS 4.4.2 Shell Upload
Exploit Title: SiteMagic CMS 4.4.2 - Arbitrary File Upload Authenticated Date: 2020-09-02 Exploit Author: v1n1v131r4 Vendor Homepage: https://sitemagic.org/ Software Link: https://sitemagic.org/Download.html Version: 4.4.2 Tested on: Ubuntu 18.04 CVE : N/A PoC:...