C-MOR Video Surveillance 5.2401 Remote Shell Upload

Advisory ID: SYSS-2024-026 Product: C-MOR Video Surveillance Manufacturer: za-internet GmbH Affected Versions: 5.2401 Tested Versions: 5.2401 Vulnerability Type: Unrestricted Upload of File with Dangerous Type CWE-434 Risk Level: High Solution Status: Fixed Manufacturer Notification: 2024-04-05...

Travel 1.0 Shell Upload

============================================================================================================================================= | Title : Travel v1.0 Remote File Upload Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 125.0.1 64 bits ...

Online Shopping Portal Project 2.0 SQL Injection

============================================================================================================================================= | Title : Online Shopping Portal Project 2.0 auth by pass Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox...

C-MOR Video Surveillance 5.2401 Cross Site Scripting

Advisory ID: SYSS-2024-020 Product: C-MOR Video Surveillance Manufacturer: za-internet GmbH Affected Versions: 5.2401 Tested Versions: 5.2401 Vulnerability Type: Reflected Cross-Site Scripting CWE-79 Risk Level: Medium Solution Status: Fixed Manufacturer Notification: 2024-04-05 Solution Date:...

C-MOR Video Surveillance 5.2401 Improper Access Control

Advisory ID: SYSS-2024-024 Product: C-MOR Video Surveillance Manufacturer: za-internet GmbH Affected Versions: 5.2401 Tested Versions: 5.2401 Vulnerability Type: Improper Access Control CWE-284 Risk Level: High Solution Status: Fixed Manufacturer Notification: 2024-04-05 Solution Date: 2024-07-31...

C-MOR Video Surveillance 5.2401 / 6.00PL01 Command Injection

Advisory ID: SYSS-2024-030 Product: C-MOR Video Surveillance Manufacturer: za-internet GmbH Affected Versions: 5.2401, 6.00PL01 Tested Versions: 5.2401, 6.00PL01 Vulnerability Type: OS Command Injection CWE-78 Risk Level: High Solution Status: Open Manufacturer Notification: 2024-04-05 Solution...

C-MOR Video Surveillance 5.2401 / 6.00PL01 Cross Site Scripting

Advisory ID: SYSS-2024-021 Product: C-MOR Video Surveillance Manufacturer: za-internet GmbH Affected Versions: 5.2401, 6.00PL01 Tested Versions: 5.2401, 6.00PL01 Vulnerability Type: Persistent Cross-Site Scripting CWE-79 Risk Level: High Solution Status: Open Manufacturer Notification: 2024-04-05...

Online Sports Complex Booking System 1.0 Insecure Settings

==================================================================================================================================== | Title : Online Sports Complex Booking System v1.0 Insecure Settings Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla...

Blood Bank And Donor Management System 2.4 Insecure Settings

============================================================================================================================================= | Title : Blood Bank & Donor Management System v2.4 Insecure Settings Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser :...

C-MOR Video Surveillance 5.2401 / 6.00PL01 Information Disclosure / Cleartext Secret

Advisory ID: SYSS-2024-028 Product: C-MOR Video Surveillance Manufacturer: za-internet GmbH Affected Versions: 5.2401, 6.00PL01 Tested Versions: 5.2401, 6.00PL01 Vulnerability Type: Cleartext Storage of Sensitive Information CWE-312 Risk Level: Medium Solution Status: Open Manufacturer...

ASIS 3.2.0 SQL Injection

============================================================================================================================================ | Title : ASIS | Aplikasi Sistem Sekolah using CodeIgniter 3 - SQL Injection Authentication Bypass | | Author : checkgue | | Tested on : windows 10 Home /...

Supply Chain Management 1.0 SQL Injection

============================================================================================================================================= | Title : Supply Chain Management v1.0 Auth By Pass Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 128.0...

Tourism Management System 1.0 SQL Injection

============================================================================================================================================= | Title : Tourism Management System 1.0 Auth BY Pass Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox...

Backdoor.Win32.Optix.02.b MVID-2024-0690 Hardcoded Credential

Discovery / credits: Malvuln John Page aka hyp3rlinx c 2024 Original source: https://malvuln.com/advisory/706ddc06ebbdde43e4e97de4d5af3b19.txt Contact: [email protected] Media: x.com/malvuln Threat: Backdoor.Win32.Optix.02.b Vulnerability: Weak Hardcoded Credentials Description: Optix listens o...

Student Result Management System 2.0 Insecure Direct Object Reference

============================================================================================================================================= | Title : Student Result Management System v2.0 IDOR Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox...

Tenant courier management 1.0 Insecure Settings

============================================================================================================================================= | Title : Tenant courier management v1.0 Insecure Settings Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefo...

Student Attendance Management System 1.0 Arbitrary File Upload

============================================================================================================================================= | Title : Student Attendance Management System 1.0 Remote File Upload Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser :...

HackTool.Win32.Freezer.br (WinSpy) MVID-2024-0691 Insecure Credential Storage

Discovery / credits: Malvuln John Page aka hyp3rlinx c 2024 Original source: https://malvuln.com/advisory/2992129c565e025ebcb0bb6f80c77812.txt Contact: [email protected] Media: x.com/malvuln Threat: HackTool.Win32.Freezer.br WinSpy Vulnerability: Insecure Credential Storage Description: The...

Backdoor.Win32.PoisonIvy.ymw MVID-2024-0688 Insecure Credential Storage

Discovery / credits: Malvuln John Page aka hyp3rlinx c 2024 Original source: https://malvuln.com/advisory/b0748f1c1a17bad44dc9bd750fc97547.txt Contact: [email protected] Media: x.com/malvuln Threat: Backdoor.Win32.PoisonIvy.ymw Vulnerability: Insecure Credential Storage Family: PoisonIvy Type:...

Online Course Registration 1.0 SQL Injection

============================================================================================================================================= | Title : Online course registartion 1.0 Blind SQl INjection Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla...

Student Record System 1.0 SQL Injection

============================================================================================================================================= | Title : Student Record System v1.0 Auth By Pass Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 128.0.3...

Online Travel Agency System 1.0 Shell Upload

============================================================================================================================================= | Title : Travel v1.0 Remote File Upload Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 125.0.1 64 bits ...

Backdoor.Win32.Symmi.qua MVID-2024-0692 Buffer Overflow

Discovery / credits: Malvuln John Page aka hyp3rlinx c 2024 Original source: https://malvuln.com/advisory/6e81618678ddfee69342486f6b5ee780.txt Contact: [email protected] Media: x.com/malvuln Threat: Backdoor.Win32.Symmi.qua Vulnerability: Remote Stack Buffer Overflow SEH Description: The malwar...

Backdoor.Win32.JustJoke.21 (BackDoor Pro - v2.0b4) MVID-2024-0689 Code Execution

Discovery / credits: Malvuln John Page aka hyp3rlinx c 2024 Original source: https://malvuln.com/advisory/4dc39c05bcc93e600dd8de16f2f7c599.txt Contact: [email protected] Media: x.com/malvuln Threat: Backdoor.Win32.JustJoke.21 BackDoor Pro - v2.0b4 Vulnerability: Unauthenticated Remote Command...

Texas Instruments Fusion Digital Power Designer 7.10.1 Credential Disclosure

Insufficiently Protected Credentials in Texas Instruments Fusion Digital Power Designer v.7.10.1 Credit: Gionathan Armando Reale...

Taskhub 2.8.8 Insecure Settings

============================================================================================================================================= | Title : Taskhub v2.8.8 Insecure Settings Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 125.0.1 64 bit...

PPDB 2.4-update 6118-1 Cross Site Request Forgery

============================================================================================================================================= | Title : ppdb v2.4-update 6118-1 CSRF Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 125.0.1 64 bits | ...

SPIP 4.2.9 Code Execution

============================================================================================================================================= | Title : SPIP 4.2.9 PHP Code execution Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 129.0.1 64 bits |...

Online Travel Agency System 1.0 Arbitrary File Upload

============================================================================================================================================= | Title : Online Travel Agency System v1.0 Remote File Upload Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla...

Online Traffic Offense 1.0 Cross Site Request Forgery

============================================================================================================================================= | Title : Online Traffic Offense 1.0 CSRF Add Admin Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 128.0...

Webpay E-Commerce 1.0 SQL Injection

============================================================================================================================================= | Title : Webpay E-Commerce v1.0 SQL Injection Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 125.0.1 64...

Penglead 2.0 Cross Site Scripting

============================================================================================================================================= | Title : penglead v2.0 XSS Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 125.0.1 64 bits | | Vendor :...

Online Musical Instrument Shop IN 1.0 Cross Site Scripting

==================================================================================================================================================== | Title : Online Musical Instrument Shop IN v1.0 XSS Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firef...

Hostel Management System 1.0 Arbitrary File Upload

============================================================================================================================================= | Title : hostel management system 1.0 arbitrary file upload Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla...

SPIP 4.2.7 Code Execution

============================================================================================================================================= | Title : SPIP 4.2.7 PHP Code execution Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 129.0.1 64 bits |...

Faculty Evaluation System 1.0 Cross Site Request Forgery

============================================================================================================================================= | Title : Faculty Evaluation System 1.0 CSRF Add Admin Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox...

IntelliNet 2.0 Remote Root

!/usr/local/bin/node const execSync = require'childprocess'; const readline = require'readline'; let TARGET = ''; let COMMAND = ''; let SESSION = ''; const ESCALATE = '/usr/aes/bin/execsuid'; console.log ⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⡀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀ ⠀⠀⠀⠀⠀⠀⠀⠀⠀⢠⣾⡄⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀ ⠀⠀⠀⠀⠀⠀⠀⠀⢀⣼⣿⣧⣶⣶⣶⣦⣤⣀⡀⠀⠀⠀⠀⠀⠀⠀⠀⠀...

pgAdmin 8.4 Code Execution

============================================================================================================================================= | Title : pgAdmin 8.4 PHP Code Execution Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 129.0.1 64 bits ...

Free Hospital Management System For Small Practices 1.0 CSRF

============================================================================================================================================= | Title : Vaidya-Mitra v 1.0 CSRF Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 125.0.1 64 bits | |...

File Management System 1.0 Cross Site Request Forgery

============================================================================================================================================= | Title : File Management System 1.0 CSRF Add Admin Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 128.0...

Online Job Portal IN 1.0 SQL Injection

============================================================================================================================================= | Title : Online Job Portal IN v1.0 SQL injection Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 128.0.3...

Loan Management System 2024 1.0 Insecure Settings

============================================================================================================================================= | Title : Loan Management System 2024 v1.0 Insecure Settings Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla...

eClass LMS 6.2.0 Shell Upload

==================================================================================================================================== | Title : eClass LMS v6.2.0 shell upload Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 125.0.1 64 bits | | Vendo...

Typo3 Login Bruteforcer

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Typo3 Login Bruteforcer', 'Description' = 'This module attempts to bruteforce Typo3 logins.', 'Author' = 'Christian Mehlmauer' , 'License' =...

GlassFish Brute Force Utility

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'metasploit/framework/loginscanner/glassfish' require 'metasploit/framework/credentialcollection' class MetasploitModule 'GlassFish Brute Force Utility',...

EtherPAD Duo Login Bruteforce Utility

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'EtherPAD Duo Login Bruteforce Utility', 'Description' = % This module scans for EtherPAD Duo login portal, and performs a login bruteforce attack...

WebPageTest Directory Traversal

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'WebPageTest Directory Traversal', 'Description' = %q This module exploits a directory traversal vulnerability found in WebPageTest. Due to the wa...

Rosewill RXS-3211 IP Camera Password Retriever

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Rosewill RXS-3211 IP Camera Password Retriever', 'Description' = %q This module takes advantage of a protocol design issue with the Rosewill admi...

Radware AppDirector Bruteforce Login Utility

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Radware AppDirector Bruteforce Login Utility', 'Description' = % This module scans for Radware AppDirector's web login portal, and performs login...

SAP SOAP RFC PFL_CHECK_OS_FILE_EXISTENCE File Existence Check

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework This module is based on, inspired by, or is a port of a plugin available in the Onapsis Bizploit Opensource ERP Penetration Testing framework -...