50738 matches found
📄 ABB Cylon Aspect 3.08.03 logYumLookup.php Path Traversal
The ABB Cylon Aspect BAS controller is vulnerable to an authenticated hybrid path traversal vulnerability in logYumLookup.php due to insufficient validation of the logFile parameter. The script checks for the presence of an expected path /var/log/yum.log using strpos, which can be bypassed by...
📄 ABB Cylon Aspect Studio 3.08.03 CylonLicence.dll Binary Planting
A DLL hijacking vulnerability exists in Aspect-Studio version 3.08.03, where the application attempts to load a library named CylonLicence via System.loadLibrary"CylonLicence" without a full path, falling back to the standard library search order. If an attacker can plant a malicious...
📄 ABB Cylon Aspect 3.08.03 Java/PHP Log Forging
Multiple PHP and Java components across the system fail to properly sanitize user-supplied input before including it in application logs. In PHP, files like supervisorProxy.php directly embed values such as $SERVER'REQUESTURI' and raw POST bodies into log messages without filtering, enabling...
📄 ABB Cylon Aspect 3.08.03 logMixDownload.php Remote Code Execution
The ABB BMS/BAS controller suffers from an authenticated blind OS command injection vulnerability. This can be exploited to inject and execute arbitrary shell commands through the 'instance' HTTP POST parameter called by the logMixDownload.php script and dependant on SELECTED=ALL case. Version...
📄 ABB Cylon BACnet MS/TP Kernel Module mstp.ko Out-Of-Bounds Write
A buffer overflow vulnerability exists in the mstp.ko kernel module, responsible for processing BACnet MS/TP frames over serial RS485. The SendFrame function writes directly into a statically sized kernel buffer allocentry0x1f5 without validating the length of attacker-controlled data param5. If ...
📄 ABB Cylon Aspect 3.08.03 File Deletion
ABB Cylon Aspect version 3.08.03 BMS/BAS is vulnerable to a critical flaw in the AuthenticatedHttpServlet within its application server, enabling remote attackers to bypass authentication by setting the Host: 127.0.0.1 header. This deceives the server into processing requests as if they originate...
📄 ABB Cylon Aspect 3.08.02 MIX Session Validation Bypass
ABB Cylon Aspect version 3.08.02 suffers from a broken session management issue. The backend implements inconsistent session validation by prioritizing the Authorization header over the PHPSESSID cookie, which is typically used to authenticate access to the controller system’s admin panel. While...
📄 ABB Cylon Aspect Studio 3.08.03 Insecure Permissions
ABB Cylon Aspect Studio version 3.08.03 suffers from an elevation of privileges vulnerability which can be used by a simple authenticated user that can change the executable file with a binary of choice. The vulnerability exist due to the improper permissions, with the 'M' flag Modify for...
📄 ABB Cylon Aspect 3.08.03 Authentication Bypass
ABB Cylon Aspect version 3.08.03 BMS/BAS is vulnerable to a critical flaw in the AuthenticatedHttpServlet within its application server, enabling remote attackers to bypass authentication by setting the Host: 127.0.0.1 header. This deceives the server into processing requests as if they originate...
📄 ABB Cylon Aspect 3.08.03 Time Manipulation
ABB Cylon Aspect MIX's NTPServlet allows NTP config changes via the Host: 127.0.0.1 bypass, writing attacker-controlled hosts to NTPTickers and syncing the system clock. A malicious NTP server can manipulate time, enabling DoS or time-based attacks. Version 3.08.03 is affected. ABB Cylon Aspect...
📄 ABB Cylon Aspect 3.08.03 Remote Code Execution
ABB Cylon Aspect version 3.08.03 BMS/BAS is vulnerable to a critical flaw in the AuthenticatedHttpServlet within its application server, enabling remote attackers to bypass authentication by setting the Host: 127.0.0.1 header. This deceives the server into processing requests as if they originate...
📄 ABB Cylon Aspect 3.08.03 Network Manipulation
ABB Cylon Aspect MIX's IPConfigServlet allows unauthenticated network config changes via the Host: 127.0.0.1 bypass, writing to /etc/hosts and config files. Attackers can redirect traffic e.g. localhost to 1.2.3.4 or disrupt connectivity, amplifying impact with network restarts. Version 3.08.03 i...
📄 ABB Cylon Aspect 3.08.03 login.php Obscure Authentication Bypass
The ABB Cylon Aspect BAS controller allows login using guest:guest, which initiates a web session but restricts access to administrative features by returning an 'Invalid Admin Username and/or Password' message. However, the session is still active and valid within the HMI environment. Despite...
📄 ABB Cylon Aspect 3.08.03 Remote Code Execution
ABB Cylon Aspect version 3.08.03 BMS/BAS is vulnerable to a critical flaw in the AuthenticatedHttpServlet within its application server, enabling remote attackers to bypass authentication by setting the Host: 127.0.0.1 header. This deceives the server into processing requests as if they originate...
📄 Clinic's Patient Management System 1.0 SQL Injection / Remote Code Execution
This Metasploit module exploits an SQL injection vulnerability in the login portal, allowing an attacker to log in as an admin. Next, it allows the attacker to upload malicious files through user modification to achieve remote code execution. This module requires Metasploit:...
📄 Invision Community 5.0.6 CustomCss Remote Code Execution
Invision Community versions 5.0.6 and below contain a remote code execution vulnerability in the theme editors customCss endpoint. By crafting a specially formatted content parameter with a expression="…" construct, arbitrary PHP can be evaluated. This Metasploit module leverages that flaw to...
📄 Remote for Windows 2024.15 Desktop Stream Disclosure
Remote for Windows version 2024.15 has a vulnerability that allows any unauthenticated attacker to access a real-time H.264 stream of the victim’s Windows/Mac desktop. This is achieved by querying the /api/getVersion endpoint to retrieve the liveview.port, and then opening a TCP connection to tha...
📄 WordPress Motors 5.6.67 Privilege Escalation
WordPress Motors theme versions 5.6.67 and below suffer from a privilege escalation vulnerability that allows for account takeover. 🔐 CVE-2025-4322 – Motors = 5.6.67 - Unauthenticated Privilege Escalation via Password Update/Account Takeover 📌 Plugin Information - Plugin: Motors = 5.6.67 -...
📄 Remote for Windows 2024.15 Unauthenticated Desktop Screenshot Capture
Remote for Windows version 2024.15 suffers from a missing authentication vulnerability that allows for the disclosure of desktop screenshots. Exploit Title: Remote for Windows 2024.15 - Unauthenticated Desktop Screenshot Capture Date: 2025-05-19 Exploit Author: Chokri Hammedi Vendor Homepage:...
📄 Remote for Windows 2024.15 Local Privilege Escalation
Remote for Windows version 2024.15 suffers from a local privilege escalation vulnerability. Exploit Title: Remote for Windows 2024.15 - Local Privilege Escalation Date: 2025-05-19 Exploit Author: Chokri Hammedi Vendor Homepage: https://rs.ltd Software Link: https://rs.ltd/latest.php?os=win Versio...
📄 Remote for Windows 2024.15 Remote Code Execution
Remote for Windows version 2024.15 suffers from multiple remote code execution vulnerabilities. Exploit Title: Remote for Windows 2024.15 - RCE Date: 2025-05-19 Exploit Author: Chokri Hammedi Vendor Homepage: https://rs.ltd Software Link: https://rs.ltd/latest.php?os=win Version: 2024.15 Tested o...
📄 ABB Cylon FLXeon 9.3.5 variant.js Information Disclosure
The ABB Cylon FLXeon BACnet controller's /api/variant endpoint exposes sensitive system information, including the internal IP address, MAC address, device model, and build type, without requiring authentication. The get function gathers network interface data using the os.networkInterfaces API a...
📄 Cubecart 6.5.9 Cross Site Scripting
Cubecart version 6.5.9 suffers from a persistent cross site scripting vulnerability. Exploit Title: Stored XSS in "Description" Functionality - cubecartv6.5.9 Date: 05/2025 Exploit Author: Andrey Stoykov Version: 6.5.9 Tested on: Debian 12 Blog: https://msecureltd.blogspot.com/ Stored XSS 1: Step...
📄 Ibn Al Haithm 1.0 Insecure Direct Object Reference
Ibn Al Haithm version 1.0 suffers from an insecure direct object reference vulnerability. Exploit Title: Ibn Al Haithm intlaqcit.com - Multiple Vulnerabilities Date: May 19, 2025 Exploit Author: wa03 Telegram: @wa03 Vendor Homepage: intlaqcit.com Version: 1.0 CVE: N/A Google Dork: intxt: Ibn Al...
📄 ABB Cylon FLXeon 9.3.5 uukl.js Predictable Salt / Weak Hashing Algorithm
The ABB Cylon FLXeon BACnet controller's /api/uukl.js module implements password verification and update mechanisms using the insecure MD5 hash function alongside weak salt generation via Math.random. This constitutes a cryptographic vulnerability where password hashes are susceptible to collisio...
📄 Magnolia DX Core 6.3.8 Command Injection
Magnolia DX Core version 6.3.8 suffers from a remote command injection vulnerability. Exploit Title: Magnolia DX Core 6.3.8 - Command Injection Date: 05/16/2025 Exploit Author: tmrswrr Version: 6.3.8 Vendor home page: https://docs.magnolia-cms.com/home/ Product:...
📄 ABB Cylon FLXeon 9.3.5 siteGuide.js Authenticated Directory Traversal
The ABB Cylon FLXeon BACnet controller is vulnerable to authenticated file traversal via the /api/siteGuide endpoint. An attacker with valid credentials can manipulate the filename parameter to move and access or overwrite arbitrary files. The issue arises due to improper input validation in...
📄 Automic Automation Agent Unix Privilege Escalation
An agent configured to run in privileged mode using the SetUID-Bit can be used to escalate privileges, by supplying an ini file with the "authentication" option set to "PAM" and the "libName" option set to a shared object file controlled by the attacker. The shared object will be loaded in an...
📄 Remote Keyboard Desktop 1.0.1 Remote Code Execution
Remote Keyboard Desktop version 1.0.1 suffers from a remote code execution vulnerability. Exploit Title: Remote Keyboard Desktop 1.0.1 Remote Code Execution Date: 05/17/2025 Exploit Author: Chokri Hammedi Vendor Homepage: https://remotecontrolio.web.app/ Software Link:...
📄 HP Sure Access Enterprise / Sure Click Enterprise Missing Authentication
SEC Consult conducted penetration tests on Sure Access in 2022 and on Sure Click in 2023 and established a contact with HP afterwards. After several rounds of emails and meetings with the product development team, the scope and limitations of Sure Access and Sure Click were made clear. This...
📄 Samsung MagicINFO 9 Server Remote Code Execution
This Metasploit module exploits a remote code execution vulnerability in Samsung MagicINFO 9 Server versions less than or equal to 21.1050.0. Remote code execution can be obtained by exploiting the path traversal vulnerability CVE-2024-7399 in the SWUpdateFileUploader servlet, which can be querie...
📄 CrushFTP 11.3.1 Authentication Bypass / Race Condition
CrushFTP versions prior to 10.8.4 and 11.3.1 suffer from an authentication bypass vulnerability via a race condition and header parsing logic flaw in the AWS4-HMAC authorization mechanism. Exploit Title: CrushFTP 11.3.1 - Authentication Bypass Date: 2025-05-15 Exploit Author: @İbrahimsql Exploit...
📄 ABB Cylon FLXeon 9.3.5 bbmdList.js Authenticated Configuration Poisoning
The ABB Cylon FLXeon BACnet controller suffers from a configuration poisoning vulnerability in the put function of bbmdList.js, where the writeFile function is invoked to persist user-controlled data req.body.bipList and req.body.natList directly into sensitive configuration files /etc/bdt.txt an...
📄 Ivanti Endpoint Manager DLL Hijacking / Privilege Escalation
The EPM Security Scan Vulscan Self Update is vulnerable to DLL hijacking. When it is installed on a client machine, by default, it creates a scheduled task as SYSTEM that when run, tries to load non-existent ZIP files from ProgramData. A malicious DLL can be inserted into one of the ZIP files whi...
📄 RSI Queue Management System 3.0 SQL Injection
An unauthenticated blind SQL injection vulnerability exists in RSI Queue Management System version 3.0 within the TaskID parameter of the get request handler. Attackers can remotely inject time-delayed SQL payloads to induce server response delays, enabling time-based inference and iterative...
📄 ABB Cylon FLXeon 9.3.5 siteGuide.js Authenticated Root Remote Code Execution
The ABB Cylon FLXeon BACnet controller is vulnerable to authenticated remote root code execution via the /api/siteGuide endpoint. An attacker with valid credentials can inject arbitrary system commands by manipulating the filename and/or originalname parameters. The issue arises due to improper...
📄 Economizzer 0.9-beta1 Session Invalidation
Economizzer version 0.9-beta1 fails to properly invalidate user sessions. A session management vulnerability exists in gugoan's Economizzer v.0.9-beta1. The application fails to properly invalidate user sessions upon logout or other session termination events. As a result, a valid session remains...
📄 WordPress PSW Front-end Login Registration 1.12 Privilege Escalation
WordPress PSW Front-end Login Registration plugin versions 1.12 and below suffer from a privilege escalation vulnerability. 🔐 CVE-2025-47646 – PSW Front-end Login & Registration = 1.12 📌 Plugin Information - Plugin: PSW Front-end Login & Registration - Vulnerable Version: = 1.12 - CVE:...
📄 ABB Cylon FLXeon 9.3.5 capture.js Authenticated File Disclosure / Deletion
The ABB Cylon FLXeon BACnet controller is vulnerable to a path traversal flaw in its capture.js endpoint due to unsanitized user input being directly concatenated into a filesystem path. An attacker can exploit this by supplying crafted file names to access arbitrary files outside the intended va...
📄 Economizzer 0.9-beta1 Cross Site Scripting
Economizzer version 0.9-beta1 suffers from multiple persistent cross site scripting vulnerabilities. A persistent cross-site scripting XSS vulnerability exists in gugoan's Economizzer v.0.9-beta1 The application fails to properly sanitize user-supplied input when creating a new cash book entry vi...
📄 Honeywell MB-Secure Command Injection
Honeywell MB-Secure versions 11.04 and up to 12.53 and PRO versions from 01.06 to 03.09 suffer from an authenticated command injection vulnerability. SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Authenticated Comman...
📄 Tiiwee X1 Alarm System Replay Attack
The Tiiwee X1 Alarm System suffers from a replay attack using a Flipper Zero. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2025-006 Product: Tiiwee X1 Alarm System Manufacturer: Tiiwee B.V. Affected Versions: TWX1HAKV2 Tested Versions: TWX1HAKV2 Vulnerability Type:...
📄 Ivanti Connect Secure 22.7R2.5 Remote Code Execution
This Metasploit module exploits a stack-based buffer overflow vulnerability in Ivanti Connect Secure to achieve remote code execution CVE-2025-22457. Versions 22.7R2.5 and earlier are vulnerable. Note that Ivanti Pulse Connect Secure, Ivanti Policy Secure and ZTA gateways are also vulnerable but...
📄 Nextcloud Workflows Remote Code Execution
This Metasploit module adds workflows as an authenticated user which can only be created by administrators by design. If the app "Nextcloud Workflow Script" is installed it is possible to generate a workflow that executes commands. This module requires Metasploit: https://metasploit.com/download...
📄 Car Rental System 1.0 Shell Upload
This Metasploit module exploits an authenticated remote code execution vulnerability in the Online Car Rental System 1.0 via the changeimage1.php endpoint. An authenticated attacker can upload malicious PHP scripts without proper validation, enabling arbitrary code execution on the server. This...
📄 WordPress User Registration and Membership Privilege Escalation
WordPress User Registration and Membership plugin versions prior to 4.1.2 remote privilege escalation exploit that executes a PHP payload. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'WP Use...
📄 WordPress SureTriggers 1.0.78 Authentication Bypass / Remote Code Execution
This Metasploit module exploits an authorization bypass in the WordPress SureTriggers plugin versions 1.0.78 and below to create an administrator account and then uploads and executes a PHP payload. This module requires Metasploit: https://metasploit.com/download Current source:...
📄 Invision Community 5.0.6 Remote Code Execution
Invision Community versions 5.0.0 through 5.0.6 suffer from a customCss related remote code execution vulnerability. --------------------------------------------------------------------------- Invision Community = 5.0.6 customCss Remote Code Execution Vulnerability...
📄 LINQPad Insecure Deserialization
This Metasploit module exploits a bug in LINQPad up to version 5.48.00. The bug is only exploitable in paid version of software. The core of a bug is cache file containing deserialized data, which attacker can overwrite with malicious payload. The data gets deserialized every time the app restart...
📄 TP-Link VN020-F3v(T) DHCP Stack Buffer Overflow
TP-Link VN020-F3vT suffers from a DHCP stack buffer overflow vulnerability. / Exploit Title: TP-Link VN020 F3vT TTV6.2.1021 - DHCP Stack Buffer Overflow Date: 10/20/2024 Exploit Author: Mohamed Maatallah Vendor Homepage: https://www.tp-link.com Version: TTV6.2.1021 VN020-F3vT Tested on: VN020-F3v...