50637 matches found
WordPress WP-Automatic SQL Injection
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class SQLExecutionError 'WordPress wp-automatic Plugin SQLi Admin Creation', 'Description' = %q This module exploits an unauthenticated SQL injection vulnerability in th...
ABB Cylon Aspect 3.08.01 jsonProxy.php Unauthenticated Remote SSH Service Control
ABB Cylon Aspect 3.08.01 jsonProxy.php Unauthenticated Remote SSH Service Control Vendor: ABB Ltd. Product web page: https://www.global.abb Affected version: NEXUS Series, MATRIX-2 Series, ASPECT-Enterprise, ASPECT-Studio Firmware: =3.08.01 Summary: ASPECT is an award-winning scalable building...
ABB Cylon Aspect 3.08.01 jsonProxy.php Denial Of Service
ABB Cylon Aspect 3.08.01 jsonProxy.php Denial of Service Vendor: ABB Ltd. Product web page: https://www.global.abb Affected version: NEXUS Series, MATRIX-2 Series, ASPECT-Enterprise, ASPECT-Studio Firmware: =3.08.01 Summary: ASPECT is an award-winning scalable building energy management and contr...
ABB Cylon Aspect 3.08.01 jsonProxy.php Information Disclosure
ABB Cylon Aspect 3.08.01 jsonProxy.php Information Disclosure Vendor: ABB Ltd. Product web page: https://www.global.abb Affected version: NEXUS Series, MATRIX-2 Series, ASPECT-Enterprise, ASPECT-Studio Firmware: =3.08.01 Summary: ASPECT is an award-winning scalable building energy management and...
ABB Cylon Aspect 3.08.01 jsonProxy.php Unauthenticated Credential Disclosure
ABB Cylon Aspect 3.08.01 jsonProxy.php Unauthenticated Credentials Disclosure Vendor: ABB Ltd. Product web page: https://www.global.abb Affected version: NEXUS Series, MATRIX-2 Series, ASPECT-Enterprise, ASPECT-Studio Firmware: =3.08.01 Summary: ASPECT is an award-winning scalable building energy...
ABB Cylon Aspect 3.08.01 jsonProxy.php Username Enumeration
ABB Cylon Aspect 3.08.01 jsonProxy.php Username Enumeration Vendor: ABB Ltd. Product web page: https://www.global.abb Affected version: NEXUS Series, MATRIX-2 Series, ASPECT-Enterprise, ASPECT-Studio Firmware: =3.08.01 Summary: ASPECT is an award-winning scalable building energy management and...
UP-RESULT PRO 1.0 SQL Injection
Titles: UP-RESULTpro-1.0 Multiple-SQLi Author: nu11secur1ty Date: 10/28/2024 Vendor: https://mayurik.com/ Software: https://www.sourcecodester.com/php/15653/best-student-result-management-system-project-source-code-php-and-mysql-free-download Reference:...
Xerox Printers Authenticated Remote Code Execution
SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Authenticated Remote Code Execution product: Multiple Xerox printers EC80xx, AltaLink, VersaLink, WorkCentre vulnerable version: see vulnerable versions below fixed...
ABB Cylon Aspect 3.08.01 Active Debug Data Exposure
ABB Cylon Aspect 3.08.01 auth/ Active Debug Code Vulnerability Vendor: ABB Ltd. Product web page: https://www.global.abb Affected version: NEXUS Series, MATRIX-2 Series, ASPECT-Enterprise, ASPECT-Studio Firmware: 3.08.01 Summary: ASPECT is an award-winning scalable building energy management and...
Booked Scheduler 2.8.5 Cross Site Scripting / Open Redirection
Exploit Title: Open Redirect / Reflected XSS - booked-schedulerv2.8.5 Date: 10/2024 Exploit Author: Andrey Stoykov Version: 2.8.5 Tested on: Ubuntu 22.04 Blog: https://msecureltd.blogspot.com/2024/10/friday-fun-pentest-series-13-reflected.html...
ABB Cylon Aspect 3.08.01 getApplicationNamesJS.php Building/Project Name Exposure
ABB Cylon Aspect 3.08.01 getApplicationNamesJS.php Building/Project Name Exposure Vendor: ABB Ltd. Product web page: https://www.global.abb Affected version: NEXUS Series, MATRIX-2 Series, ASPECT-Enterprise, ASPECT-Studio Firmware: =3.08.01 Summary: ASPECT is an award-winning scalable building...
Lawo AG vsm LTC Time Sync Path Traversal
SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Unauthenticated Path Traversal Vulnerability product: Lawo AG - vsm LTC Time Sync vTimeSync vulnerable version: 4.5.6.0 fixed version: 4.5.6.0 CVE number: CVE-2024-6049...
ABB Cylon Aspect 3.08.02 logYumLookup.php Authenticated File Disclosure
ABB Cylon Aspect 3.08.02 logYumLookup.php Authenticated File Disclosure Vendor: ABB Ltd. Product web page: https://www.global.abb Affected version: NEXUS Series, MATRIX-2 Series, ASPECT-Enterprise, ASPECT-Studio Firmware: 3.08.02 Summary: ASPECT is an award-winning scalable building energy...
ABB Cylon Aspect 3.08.01 logCriticalLookup.php Unauthenticated Log Disclosure
ABB Cylon Aspect 3.08.01 logCriticalLookup.php Unauthenticated Log Disclosure Vendor: ABB Ltd. Product web page: https://www.global.abb Affected version: NEXUS Series, MATRIX-2 Series, ASPECT-Enterprise, ASPECT-Studio Firmware: =3.08.01 Summary: ASPECT is an award-winning scalable building energy...
ABB Cylon Aspect 3.08.01 throttledLog.php Unauthenticated Log Disclosure
ABB Cylon Aspect 3.08.01 throttledLog.php Unauthenticated Log Disclosure Vendor: ABB Ltd. Product web page: https://www.global.abb Affected version: NEXUS Series, MATRIX-2 Series, ASPECT-Enterprise, ASPECT-Studio Firmware: =3.08.01 Summary: ASPECT is an award-winning scalable building energy...
ABB Cylon Aspect 3.08.01 persistenceManagerAjax.php Command Injection
ABB Cylon Aspect 3.08.01 persistenceManagerAjax.php Remote Code Execution Vendor: ABB Ltd. Product web page: https://www.global.abb Affected version: NEXUS Series, MATRIX-2 Series, ASPECT-Enterprise, ASPECT-Studio Firmware: =3.08.01 Summary: ASPECT is an award-winning scalable building energy...
ABB Cylon Aspect 3.08.01 databaseFileDelete.php Command Injection
ABB Cylon Aspect 3.08.01 databaseFileDelete.php Remote Code Execution Vendor: ABB Ltd. Product web page: https://www.global.abb Affected version: NEXUS Series, MATRIX-2 Series, ASPECT-Enterprise, ASPECT-Studio Firmware: =3.08.01 Summary: ASPECT is an award-winning scalable building energy...
IBM Security Verify Access 10.0.8 Open Redirection
IBM Security Verify Access = 10.0.0 ================================================ 0. Overview 1. Detailed Description 2. Proof Of Concept 3. Solution 4. Disclosure Timeline 5. References 6. Credits 7. Legal Notices ======== ====================================================== Revision: 1.0...
Magento / Adobe Commerce Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'CosmicSting: Magento Arbitrary File Read CVE-2024-34102 + PHP Buffer Overflow in the iconv function of glibc CVE-2024-2961', 'Description' = %q...
SofaWiki 3.9.2 Shell Upload
Exploit Title: SofaWiki 3.9.2 - Remote Code Execution RCE via Open Ticket File Upload Date: 10/17/2024 Exploit Author: Chokri Hammedi Vendor Homepage: https://www.sofawiki.com Software Link: https://www.sofawiki.com/site/files/snapshot.zip Version: 3.9.2 Tested on: Windows XP Summary: A remote co...
ABB Cylon Aspect 3.08.01 networkDiagAjax.php Remote Network Utility Execution
ABB Cylon Aspect 3.08.01 networkDiagAjax.php Remote Network Utility Execution Vendor: ABB Ltd. Product web page: https://www.global.abb Affected version: NEXUS Series, MATRIX-2 Series, ASPECT-Enterprise, ASPECT-Studio Firmware: =3.08.01 Summary: ASPECT is an award-winning scalable building energy...
SofaWiki 3.9.2 Cross Site Scripting
Exploit Title: SofaWiki 3.9.2 - Reflected XSS Authenticated via Regex Replace Preview Date: 10/17/2024 Exploit Author: Chokri Hammedi Vendor Homepage: https://www.sofawiki.com Software Link: https://www.sofawiki.com/site/files/snapshot.zip Version: 3.9.2 Tested on: Windows XP Summary: A reflected...
SofaWiki 3.9.2 Cross Site Scripting
Exploit Title: SofaWiki 3.9.2 - Stored XSS Authenticated Date: 10/17/2024 Exploit Author: Chokri Hammedi Vendor Homepage: https://www.sofawiki.com Software Link: https://www.sofawiki.com/site/files/snapshot.zip Version: 3.9.2 Tested on: Windows XP Summary: A stored XSS exists in SofaWiki's Open...
BYOB Unauthenticated Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'sqlite3' class MetasploitModule 'BYOB Unauthenticated RCE via Arbitrary File Write and Command Injection CVE-2024-45256, CVE-2024-45257', 'Description' = %q Thi...
ABB Cylon Aspect 3.08.01 mapConfigurationDownload.php Configuration Download
ABB Cylon Aspect 3.08.01 mapConfigurationDownload.php Config Download Vendor: ABB Ltd. Product web page: https://www.global.abb Affected version: NEXUS Series, MATRIX-2 Series, ASPECT-Enterprise, ASPECT-Studio Firmware: =3.08.01 Summary: ASPECT is an award-winning scalable building energy...
WatchGuard XTM Firebox 12.5.x Buffer Overflow
============================================================================================================================================= | Title : WatchGuard XTM Firebox 12.5.x Code Injection Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox...
Dolibarr 20.0.1 SQL Injection
Titles: dolibarr 20.0.1 Multiple security token SQLi Author: nu11secur1ty Date: 10/15/2024 Vendor: https://www.dolibarr.org/ Software: https://www.dolibarr.org/downloads.php Reference: https://portswigger.net/web-security/sql-injection Description: The socid parameter appears to be vulnerable to...
ABB Cylon Aspect 3.08.00 sslCertAjax.php Remote Command Execution
ABB Cylon Aspect 3.08.00 sslCertAjax.php Remote Code Execution Vendor: ABB Ltd. Product web page: https://www.global.abb Affected version: NEXUS Series, MATRIX-2 Series, ASPECT-Enterprise, ASPECT-Studio Firmware: =3.08.00 Summary: ASPECT is an award-winning scalable building energy management and...
ABB Cylon Aspect 3.08.00 yumSettings.php Command Injection
ABB Cylon Aspect 3.08.00 yumSettings.php Remote Code Execution Vendor: ABB Ltd. Product web page: https://www.global.abb Affected version: NEXUS Series, MATRIX-2 Series, ASPECT-Enterprise, ASPECT-Studio Firmware: =3.08.00 Summary: ASPECT is an award-winning scalable building energy management and...
MagnusBilling 7.x Command Injection
============================================================================================================================================= | Title : MagnusBilling 7.x Code Injection Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 130.0.2 64 bit...
Peel Shopping 2.x Cross Site Scripting / SQL Injection
Exploit Title: Peel Shopping "catid=" SQL injection Google Dork: inurl:/lire/index.php?rubid= Date: 2024-10-02 Exploit Author: Emiliano Febbi Vendor Homepage: https://www.peel-shopping.com/ Software Link: https://github.com/advisto/peel-shopping Version: 2.x Peel Shopping 2.x Peel Shopping 2.x 3....
Bookstore Management System 1.0 SQL Injection
============================================================================================================================================= | Title : Bookstore Management System v1.0 SQL injection Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox...
TOTOLINK 9.x Command Injection
============================================================================================================================================= | Title : TOTOLINK 9.x Code Injection Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 130.0.2 64 bits | |...
Vivo Fibra Askey RTF8225VW Command Execution
--- Exploit 1 Documentation on the Vivo Fibra Modem Exploit I discovered an exploit that allows access to the sh shell on the Vivo Fibra modem. This method essentially involves terminating the aspsh shell and invoking sh using the output of cat /dev/null. Using the pipe | is crucial for this...
WordPress File Manager Advanced Shortcode 2.3.2 Code Injectin / Shell Upload
============================================================================================================================================= | Title : WordPress File Manager Advanced Shortcode 2.3.2 Code Injection Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser :...
GL.iNet 4.4.3 Code Injection
============================================================================================================================================= | Title : GL.iNet network 4.4.3 Code Injection Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 130.0.2 64...
Openfire 4.8.0 Code Injection
============================================================================================================================================= | Title : Openfire release 4.8.0 Code Injection Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 130.0.2 6...
Gibbon School Platform 26.0.00 Code Injection
============================================================================================================================================= | Title : Gibbon School Platform 26.0.00 Code Injection Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox...
ABB Cylon Aspect 3.08.00 dialupSwitch.php Remote Code Execution
ABB Cylon Aspect 3.08.00 dialupSwitch.php Remote Code Execution Vendor: ABB Ltd. Product web page: https://www.global.abb Affected version: NEXUS Series, MATRIX-2 Series, ASPECT-Enterprise, ASPECT-Studio Firmware: =3.08.00 Summary: ASPECT is an award-winning scalable building energy management an...
Kafka UI 0.7.1 Code Injection
============================================================================================================================================= | Title : Kafka UI 0.7.1 Code Injection Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 130.0.2 64 bits |...
ABB Cylon Aspect 3.07.02 user.properties Default Credentials
ABB Cylon Aspect 3.07.02 user.properties Default Credentials Vendor: ABB Ltd. Product web page: https://www.global.abb Affected version: NEXUS Series, MATRIX-2 Series, ASPECT-Enterprise, ASPECT-Studio Firmware: =3.07.02 Summary: ASPECT is an award-winning scalable building energy management and...
Artica Proxy 4.40 Code Injection
============================================================================================================================================= | Title : Artica Proxy appliance 4.40 Code Injection Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox...
SolarView Compact 6.00 Code Injection
============================================================================================================================================= | Title : SolarView Compact 6.00 Code Injection Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 130.0.2 6...
TerraMaster TOS 4.2.29 Code Injection / Local File Inclusion
============================================================================================================================================= | Title : TerraMaster TOS 4.2.29 Code Injection Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 130.0.2 6...
MagnusBilling 6.x Code Injection
============================================================================================================================================= | Title : MagnusBilling 6.x Code Injection Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 130.0.2 64 bit...
Chamilo 1.11.18 Code Injection
============================================================================================================================================= | Title : Chamilo 1.11.18 Code Injection Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 130.0.2 64 bits ...
ABB Cylon Aspect 3.07.02 sshUpdate.php Unauthenticated Remote SSH Service Control
ABB Cylon Aspect 3.07.02 sshUpdate.php Unauthenticated Remote SSH Service Control Vendor: ABB Ltd. Product web page: https://www.global.abb Affected version: NEXUS Series, MATRIX-2 Series, ASPECT-Enterprise, ASPECT-Studio Firmware: =3.07.02 Summary: ASPECT is an award-winning scalable building...
Craft CMS 4.4.14 Code Injection
============================================================================================================================================= | Title : Craft CMS 4.4.14 Code Injection Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 130.0.2 64 bits...
ABB Cylon Aspect 3.08.01 persistenceManagerAjax.php Directory Traversal
ABB Cylon Aspect 3.08.01 persistenceManagerAjax.php Directory Traversal Vendor: ABB Ltd. Product web page: https://www.global.abb Affected version: NEXUS Series, MATRIX-2 Series, ASPECT-Enterprise, ASPECT-Studio Firmware: =3.08.01 Summary: ASPECT is an award-winning scalable building energy...
Palo Alto Networks GlobalProtect Local Privilege Escalation
SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Local Privilege Escalation via MSI installer product: Palo Alto Networks GlobalProtect vulnerable version: 5.1.x, 5.2.x, 6.0.x, 6.1.x, =6.2.5, all other versions are not...