50738 matches found
Android GKI Kernels Use-After-Free
A central recurring theme in Linux MM development is that contention on the mmap lock can have a big negative performance impact on multithreaded workloads: If one thread is holding the mmap lock in exclusive mode for an extended amount of time, other threads will block as soon as they try to...
Palo Alto Networks GlobalProtect Local Privilege Escalation
SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Local Privilege Escalation via MSI installer product: Palo Alto Networks GlobalProtect vulnerable version: 5.1.x, 5.2.x, 6.0.x, 6.1.x, =6.2.5, all other versions are not...
PHP-Nuke Top Module SQL Injection
Exploit Title: PHP-Nuke SQL injection Top Module + protection Bypass Google Dork: intext: Powered by PHP-Nuke Date: 2024-10-07 Exploit Author: Emiliano Febbi Vendor Homepage: https://phpnuke.org/ Software Link: https://sourceforge.net/projects/phpnuke/files/phpnuke/ Version: 6.x New concept of...
ABB Cylon Aspect 3.08.01 calendarFileDelete.php Arbitrary File Deletion
ABB Cylon Aspect 3.08.01 calendarFileDelete.php Arbitrary File Deletion Vendor: ABB Ltd. Product web page: https://www.global.abb Affected version: NEXUS Series, MATRIX-2 Series, ASPECT-Enterprise, ASPECT-Studio Firmware: =3.08.01 Summary: ASPECT is an award-winning scalable building energy...
ABB Cylon Aspect 3.08.01 caldavUtil.php Remote Code Execution
ABB Cylon Aspect 3.08.01 caldavUtil.php Remote Code Execution Vendor: ABB Ltd. Product web page: https://www.global.abb Affected version: NEXUS Series, MATRIX-2 Series, ASPECT-Enterprise, ASPECT-Studio Firmware: =3.08.01 Summary: ASPECT is an award-winning scalable building energy management and...
OpenMediaVault 7.4.2-2 Code Injection
============================================================================================================================================= | Title : OpenMediaVault 7.4.2-2 Code Injection Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 130.0.2 6...
ABB Cylon Aspect 3.08.00 setTimeServer.php Remote Code Execution
ABB Cylon Aspect 3.08.00 setTimeServer.php Remote Code Execution Vendor: ABB Ltd. Product web page: https://www.global.abb Affected version: NEXUS Series, MATRIX-2 Series, ASPECT-Enterprise, ASPECT-Studio Firmware: =3.08.00 Summary: ASPECT is an award-winning scalable building energy management a...
Hikvision IP Camera Cross Site Request Forgery
============================================================================================================================================= | Title : Hikvision IP Camera CSRF Add ADmin Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 130.0.2 64...
ABB Cylon Aspect 3.08.01 logYumLookup.php Unauthenticated File Disclosure
ABB Cylon Aspect 3.08.01 logYumLookup.php Unauthenticated File Disclosure Vendor: ABB Ltd. Product web page: https://www.global.abb Affected version: NEXUS Series, MATRIX-2 Series, ASPECT-Enterprise, ASPECT-Studio Firmware: =3.08.01 Summary: ASPECT is an award-winning scalable building energy...
Book Recording App 2024-09-24 Cross Site Scripting
Exploit Title: Book Recording App - Cross Site Scripting Stored XSS Date: 05/10/2024 Exploit Author: Arif Ari Vendor Homepage: https://www.sourcecodester.com/javascript/17600/book-recording-app-using-htmlcss-vanillajs-source-code.html Software Link:...
ABB Cylon Aspect 3.08.00 syslogSwitch.php Remote Code Execution
ABB Cylon Aspect 3.08.00 syslogSwitch.php Remote Code Execution Vendor: ABB Ltd. Product web page: https://www.global.abb Affected version: NEXUS Series, MATRIX-2 Series, ASPECT-Enterprise, ASPECT-Studio Firmware: =3.08.00 Summary: ASPECT is an award-winning scalable building energy management an...
GeoServer 2.25.1 Code Injection
============================================================================================================================================= | Title : GeoServer 2.25.1 Code Injection Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 130.0.2 64 bits...
Netis MW5360 Code Injection
============================================================================================================================================= | Title : Netis MW5360 Code Injection Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 130.0.2 64 bits | |...
Gambio Online Webshop 4.9.2.0 Code Injection
============================================================================================================================================= | Title : Gambio Online Webshop 4.9.2.0 Code Injection Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox...
Acronis Cyber Infrastructure 5.0.1-61 Cross Site Request Forgery
============================================================================================================================================= | Title : Acronis Cyber Infrastructure 5.0.1-61 CSRF Add ADmin Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla...
Vehicle Service Management System 1.0 Code Injection
============================================================================================================================================= | Title : Vehicle Service Management System 1.0 php code injection Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozill...
Computer Laboratory Management System 2024 1.0 Cross Site Scripting
Titles: LMS2024-1.0 XSS-Reflected Information Disclosure Author: nu11secur1ty Date: 00/04/2024 Vendor: https://github.com/oretnom23 Software: https://www.sourcecodester.com/php/17268/computer-laboratory-management-system-using-php-and-mysql.htmlgooglevignette Reference:...
Vehicle Service Management System 1.0 WYSIWYG Code Injection
============================================================================================================================================= | Title : Vehicle Service Management System 1.0 WYSIWYG code injection vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser :...
ABB Cylon Aspect 3.07.02 Authenticated File Disclosure
ABB Cylon Aspect 3.07.02 downloadDb.php Authenticated File Disclosure Vendor: ABB Ltd. Product web page: https://www.global.abb Affected version: NEXUS Series, MATRIX-2 Series, ASPECT-Enterprise, ASPECT-Studio Firmware: =3.07.02 Summary: ASPECT is an award-winning scalable building energy...
Transport Management System 1.0 Code Injection
============================================================================================================================================= | Title : Transport Management System 1.0 php code injection Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla...
MD-Pro 1.0.76 Shell Upload / SQL Injection
Exploit Title: MD-Pro 1.0.76. SQL injection + shell upload Google Dork: intext: Powered by MD-Pro Date: 2024-08-30 Exploit Author: Emiliano Febbi Vendor Homepage: https://www.opensourcecms.com/wp-content/uploads/MDPro-website-description.png Software Link: https://www.opensourcecms.com/mdpro/...
ManageEngine ADManager 7183 Password Hash Disclosure
============================================================================================================================================= | Title : ManageEngine ADManager 7183 Password Hash Disclosure Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla...
Transport Management System 1.0 Arbitrary File Upload
============================================================================================================================================= | Title : Transport Management System 1.0 Remote File Upload Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla...
WordPress Hash Form 1.1.0 Code Injection
============================================================================================================================================= | Title : WordPress Hash Form 1.1.0 php code injection Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox...
Acronis Cyber Infrastructure Default Password Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'sshkey' class MetasploitModule 'Acronis Cyber Infrastructure default password remote code execution', 'Description' = %q Acronis Cyber Infrastructure ACI is an ...
Vehicle Service Management System 1.0 Cross Site Request Forgery
============================================================================================================================================= | Title : Vehicle Service Management System 1.0 CSRF Add Admin Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla...
Online Eyewear Shop 1.0 Insecure Settings
============================================================================================================================================= | Title : Online Eyewear Shop v1.0 Insecure Settings Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox...
dizqueTV 1.5.3 Remote Code Execution
Exploit Title: dizqueTV 1.5.3 - Remote Code Execution RCE Date: 9/21/2024 Exploit Author: Ahmed Said Saud Al-Busaidi Vendor Homepage: https://github.com/vexorian/dizquetv Version: 1.5.3 Tested on: linux POC: Vulnerability Description dizqueTV 1.5.3 is vulnerable to unauthorized remote code...
AVideo 12.4 Code Injection
============================================================================================================================================= | Title : AVideo 12.4 php code injection Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 130.0.0 64 bits ...
Transport Management System 1.0 Insecure Direct Object Reference
==================================================================================================================================== | Title : Transport Management System 1.0 idor Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 130.0.0 64 bits | |...
WordPress Bricks Builder Theme 1.9.6 Code Injection
============================================================================================================================================= | Title : WordPress Bricks Builder Theme 1.9.6 php code injection Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla...
reNgine 2.2.0 Command Injection
Exploit Title: reNgine 2.2.0 - Command Injection Authenticated Date: 2024-09-29 Exploit Author: Caner Tercan Vendor Homepage: https://rengine.wiki/ Software Link: https://github.com/yogeshojha/rengine Version: v2.2.0 Tested on: macOS POC : 1. Login the Rengine Platform 2. Click the Scan Engine 3...
ViciDial 2.0.5 Cross Site Request Forgery
============================================================================================================================================= | Title : ViciDial Call Center - astguiclient - thirtieth public release 2.0.5 CSRF Add ADmin Vulnerability | | Author : indoushka | | Tested on : windows ...
openSIS 9.1 SQL Injection
Exploit Title: openSIS 9.1 - SQLi Authenticated Google Dork: intext:"openSIS is a product" Date: 09.09.2024 Exploit Author: Devrim Dıragumandan d0ub1edd Vendor Homepage: https://www.os4ed.com/ Software Link: https://github.com/OS4ED/openSIS-Classic/releases/tag/V9.1 Version: 9.1 Tested on: Linux ...
WordPress GiveWP Donation Fundraising Platform 3.14.1 Code Injection
============================================================================================================================================= | Title : WordPress GiveWP Donation Fundraising Platform 3.14.1 php code injection Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro /...
Printing Business Records Management System 1.0 Insecure Settings
============================================================================================================================================= | Title : Printing Business Records Management System v1.0 Insecure Settings Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browse...
SeedDMS 6.0.28 Cross Site Scripting
CVE-ID:CVE-2024-46409 --------------------------------------------------------------------- Suggested descriptionA stored cross-site scripting XSS vulnerability in SeedDMS v6.0.28 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Name parameter in...
Teacher Subject Allocation Management System 1.0 Insecure Settings
==================================================================================================================================== | Title : Teacher Subject Allocation Management System 1.0 Insecure Settings Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozil...
Event Management System 1.0 Insecure Direct Object Reference
============================================================================================================================================= | Title : Event Management System v1.0 IDOR Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 130.0.0 64 bi...
Online Eyewear Shop 1.0 Cross Site Request Forgery
============================================================================================================================================= | Title : Online Eyewear Shop v1.0 CSRF Add ADmin Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 130.0.0...
Microsoft Office NTLMv2 Disclosure
Exploit Title: Microsoft Office NTLMv2 Disclosure Vulnerability Exploit Author: Metin Yunus Kandemir Vendor Homepage: https://www.office.com/ Software Link: https://www.office.com/ Details: https://github.com/passtheticket/CVE-2024-38200 Version: Microsoft Office 2019 MSO Build 1808...
Printing Business Records Management System 1.0 Cross Site Request Forgery
============================================================================================================================================= | Title : Printing Business Records Management System v1.0 CSRF Add ADmin Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser :...
Supply Chain Management 1.0 Backup Disclosure
============================================================================================================================================= | Title : Supply Chain Management v1.0 Backup Disclosure Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox...
Student Attendance Management System 1.0 Insecure Settings
============================================================================================================================================= | Title : Student Attendance Management System v1.0 Insecure Settings Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser :...
Tourism Management System 1.0 Cross Site Scripting
============================================================================================================================================= | Title : Tourism Management System 1.0 XSS Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 128.0.3 64 bi...
Task Management System 1.0 Code Injection
============================================================================================================================================= | Title : Task Management System 1.0 php code injection Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox...
TitanNit Web Control 2.01 / Atemio 7600 Code Injection
============================================================================================================================================= | Title : TitanNit Web Control 2.01 / Atemio 7600 php code injection Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser :...
Online Tourism Management System 1.0 Insecure Settings
======================================================================================================================================================== | Title : online tourism management system 1.0 Insecure Settings Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser...
Student Study Center Management System 1.0 Insecure Settings
==================================================================================================================================== | Title : Student Study Center Management System 1.0 Insecure Settings Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla...
Simple Music Management System 1.0 Arbitrary File Upload
============================================================================================================================================= | Title : Simple Music Management System v1.0 Remote File Upload Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla...