VICIdial Authenticated Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'VICIdial Authenticated Remote Code Execution', 'Description' = %q An attacker with authenticated access to VICIdial as an "agent" can execute...

Printing Business Records Management System 1.0 Arbitrary File Upload

============================================================================================================================================= | Title : Printing Business Records Management System v1.0 arbitrary File Upload Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro /...

Nitro PDF Pro Local Privilege Escalation

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Local Privilege Escalation via MSI Installer product: Nitro PDF Pro vulnerable version: 14.26.1.0 13.70.8.82 fixed version: 14.26.1.0 or higher 13.70.8.82 or higher CVE...

Online Eyewear Shop 1.0 Arbitrary File Upload

============================================================================================================================================= | Title : Online Eyewear Shop v1.0 arbitrary File Upload Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox...

Student Study Center Management System 1.0 Insecure Settings

==================================================================================================================================== | Title : Student Study Center Management System 1.0 Insecure Settings Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla...

Online Tourism Management System 1.0 Insecure Settings

======================================================================================================================================================== | Title : online tourism management system 1.0 Insecure Settings Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser...

Simple Music Management System 1.0 Add Administrator / Cross Site Request Forgery

============================================================================================================================================= | Title : Simple Music Management System v1.0 CSRF Add ADmin Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla...

Student Management System 1.0 Insecure Cookie Handling

==================================================================================================================================== | Title : Student Management System 1.0 Insecure Cookie Handling Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox...

Simple Responsive Tourism Website 1.0 Cross Site Request Forgery

============================================================================================================================================= | Title : Simple Responsive Tourism Website v1.0 CSRF Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox...

VegaBird Vooki 5.2.9 DLL Hijacking

==================================== CVE ID: CVE-2024-45874 Author: Iulian Florea Vendor: VegaBird Product: Vooki - Dynamic Web Application & REST API Vulnerability Scanner DAST Tool Vulnerability Type: DLL Hijacking ==================================== ==================================== Summar...

Sistem Penyewaan Baju atau Pakaian Berbasis Web 1.0 SQL Injection

============================================================================================================================================= | Title : Sistem Penyewaan Baju atau Pakaian Berbasis Web v1.0 Auth By Pass Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser...

Student Enrollment 1.0 Arbitrary File Upload

============================================================================================================================================= | Title : Student Enrollment v1.0 Remote File Upload Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox...

Simple Student Quarterly Result / Grade System 1.0 Insecure Settings

============================================================================================================================================= | Title : Simple Student Quarterly Result / Grade System v1.0 Insecure Settings Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro /...

Sample Blog Site 1.0 Cross Site Scripting / Remote File Inclusion

============================================================================================================================================= | Title : Sample Blog Site 1.0 XSS Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 128.0.3 64 bits | |...

VegaBird Yaazhini 2.0.2 DLL Hijacking

==================================== CVE ID: CVE-2024-45873 Author: Iulian Florea Vendor: VegaBird Product: Vooki - Free Android APK & API Vulnerability ScannerYaazhini Vulnerability Type: DLL Hijacking ==================================== ==================================== Summary...

BlackBerry CylanceOPTICS Uninstall Password Bypass

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Uninstall Password Bypass product: BlackBerry CylanceOPTICS Windows Installer Package vulnerable version: CylanceOPTICS 3.3 MR2 CylanceOPTICS 3.2 MR5 fixed version:...

Backdoor.Win32.Prorat.jz MVID-2024-0699 Buffer Overflow

Discovery / credits: Malvuln John Page aka hyp3rlinx c 2024 Original source: https://malvuln.com/advisory/277f9a4db328476300c4da5f680902ea.txt Contact: [email protected] Media: x.com/malvuln Threat: Backdoor.Win32.Prorat.jz Vulnerability: Remote Stack Buffer Overflow SEH Description: The RAT...

Aquatronica Control System 5.1.6 Hash Disclosure

============================================================================================================================================= | Title : Aquatronica Control System 5.1.6 Hash Disclosure Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefo...

Backdoor.Win32.Boiling MVID-2024-0696 Code Execution

Discovery / credits: Malvuln John Page aka hyp3rlinx c 2024 Original source: https://malvuln.com/advisory/80cb490e5d3c4205434850eff6ef5f8f.txt Contact: [email protected] Media: x.com/malvuln Threat: Backdoor.Win32.Boiling Vulnerability: Unauthenticated Remote Command Execution Description: The...

Backdoor.Win32.Agent.pw MVID-2024-0697 Buffer Overflow

Discovery / credits: Malvuln John Page aka hyp3rlinx c 2024 Original source: https://malvuln.com/advisory/68dd7df213674e096d6ee255a7b90088.txt Contact: [email protected] Media: x.com/malvuln Threat: Backdoor.Win32.Agent.pw Vulnerability: Remote Stack Buffer Overflow SEH Description: The malware...

Seo Panel 4.10.0 Remote File Inclusion

==================================================================================================================================== | Title : Seo Panel 4.10.0 File inclusion Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 125.0.1 64 bits | | Vend...

Sample Blog Site 1.0 Remote File Inclusion

============================================================================================================================================= | Title : Sample Blog Site 1.0 File inclusion Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 128.0.3 64...

Linux OverlayFS Local Privilege Escalation

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Local Privilege Escalation via CVE-2023-0386', 'Description' = %q This exploit targets the Linux kernel bug in OverlayFS. A flaw was found in the...

Simple College Website 1.0 Shell Upload

============================================================================================================================================= | Title : Simple College Website 1.0 code injection Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 129.0...

Simbarashe Financial Services 2.9.0 Insecure Direct Object Reference

==================================================================================================================================== | Title : Simbarashe Financial Services v2.9.0 IDOR Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 125.0.1 64 bit...

Backdoor.Win32.Benju.a MVID-2024-0700 Remote Command Execution

Discovery / credits: Malvuln John Page aka hyp3rlinx c 2024 Original source: https://malvuln.com/advisory/88922242e8805bfbc5981e55fdfadd71.txt Contact: [email protected] Media: x.com/malvuln Threat: Backdoor.Win32.Benju.a Vulnerability: Unauthenticated Remote Command Execution Family: Benju Typ...

Simple Chatbot Application 1.0 Insecure Settings

============================================================================================================================================= | Title : Simple Chatbot Application v1.0 Insecure Settings Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firef...

Positron Broadcast Signal Processor TRA7005 1.20 5.1.6 CSRF

============================================================================================================================================= | Title : Positron Broadcast Signal Processor TRA7005 v1.20 5.1.6 CSRF Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser :...

Backdoor.Win32.Amatu.a MVID-2024-0698 Arbitrary File Write

Discovery / credits: Malvuln John Page aka hyp3rlinx c 2024 Original source: https://malvuln.com/advisory/1e2d0b90ffc23e00b743c41064bdcc6b.txt Contact: [email protected] Media: x.com/malvuln Threat: Backdoor.Win32.Amatu.a Vulnerability: Remote Arbitrary File Write RCE Family: Amatu Type: PE32...

Simple Music Management System 1.0 SQL Injection

============================================================================================================================================= | Title : Simple Music Management System v1.0 Auth By PAss Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefo...

Simple Online Banking System 1.0 Insecure Settings

============================================================================================================================================= | Title : Simple Online Banking System v1.0 Insecure Settings Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla...

SchoolPlus 1.0 Insecure Direct Object Reference

============================================================================================================================================= | Title : SchoolPlus v1.0 IDOR Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 125.0.1 64 bits | | Vendor...

School Dormitory Management System 1.0 Insecure Settings

==================================================================================================================================== | Title : School Dormitory Management System v1.0 Insecure Settings Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefo...

SchoolPlus 1.0 SQL Injection

============================================================================================================================================= | Title : SchoolPlus v1.0 Auth By Pass Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 125.0.1 64 bits | ...

PHP SPM 1.0 WYSIWYG Code Injection

============================================================================================================================================= | Title : php spm 1.0 WYSIWYG code injection vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 130.0.0 64...

Restaurant POS 1.0 SQL Injection

============================================================================================================================================= | Title : Restaurant POS v1.0 SQL injection Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 128.0.3 64 bi...

Responsive Binary mlm 3.2.0 SQL Injection

==================================================================================================================================== | Title : Responsive Binary mlm 3.2.0 Auth By PAss Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 130.0.0 64 bits...

PHP ACRSS 1.0 WYSIWYG Code Injection

============================================================================================================================================= | Title : php acrss 1.0 WYSIWYG code injection vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 130.0.0 64...

Sample Blog Site 1.0 SQL Injection

============================================================================================================================================= | Title : Sample Blog Site 1.0 auth by pass Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 128.0.3 64 bi...

Responsive Billing sw System 3.2.0 SQL Injection

============================================================================================================================================= | Title : Responsive Billing sw System 3.2.0 auth by pass Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox...

ABB Cylon Aspect 3.07.01 Hard-Coded Credentials

ABB Cylon Aspect 3.07.01 config.inc.php Hard-coded Credentials in phpMyAdmin Vendor: ABB Ltd. Product web page: https://www.global.abb Affected version: NEXUS Series, MATRIX-2 Series, ASPECT-Enterprise, ASPECT-Studio Firmware: =3.07.01 Summary: ASPECT is an award-winning scalable building energy...

School Log Management System 1.0 Code Injection

============================================================================================================================================= | Title : School Log Management System 1.0 code injection Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox...

Rupee Invoice System 1.0 Arbitrary File Upload

============================================================================================================================================= | Title : Rupee Invoice System v1.0 Remote File Upload Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox...

Traccar 5.1 Code Injection

============================================================================================================================================= | Title : Traccar 5.1 php code injection Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 130.0.0 64 bits ...

Multi Branch School Management System 3.5 Backup Disclosure

============================================================================================================================================= | Title : Multi Branch School Management System 3.5 Backup Disclosure Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser :...

Online Flight Booking System 1.0 Arbitrary File Upload

============================================================================================================================================================================= | Title : Online Flight Booking System 1.0 Remot File Upload vulnerability | | Author : indoushka | | Tested on : windows 1...

Complete Multi Hospital Management System 1.0 Backup Disclosure

============================================================================================================================================= | Title : Complete Multi Hospital Management System 1.0 Backup Disclosure Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser :...

PHP ACRSS 1.0 Code Injection

============================================================================================================================================= | Title : php acrss 1.0 php code injection Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 130.0.0 64 bit...

Online Job Search System 1.0 Arbitrary File Upload

============================================================================================================================================= | Title : Online Job Search System 1.0 Remote File Upload Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox...

PHP SPM 1.0 Code Injection

============================================================================================================================================= | Title : php spm 1.0 php code injection Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 130.0.0 64 bits ...