50738 matches found
C-MOR Video Surveillance 5.2401 / 6.00PL01 Cross Site Scripting
Advisory ID: SYSS-2024-021 Product: C-MOR Video Surveillance Manufacturer: za-internet GmbH Affected Versions: 5.2401, 6.00PL01 Tested Versions: 5.2401, 6.00PL01 Vulnerability Type: Persistent Cross-Site Scripting CWE-79 Risk Level: High Solution Status: Open Manufacturer Notification: 2024-04-05...
C-MOR Video Surveillance 5.2401 Improper Access Control
Advisory ID: SYSS-2024-024 Product: C-MOR Video Surveillance Manufacturer: za-internet GmbH Affected Versions: 5.2401 Tested Versions: 5.2401 Vulnerability Type: Improper Access Control CWE-284 Risk Level: High Solution Status: Fixed Manufacturer Notification: 2024-04-05 Solution Date: 2024-07-31...
Webpay E-Commerce 1.0 Insecure Settings
============================================================================================================================================= | Title : Webpay E-Commerce v1.0 Insecure Settings Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 125.0....
Travel 1.0 Shell Upload
============================================================================================================================================= | Title : Travel v1.0 Remote File Upload Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 125.0.1 64 bits ...
C-MOR Video Surveillance 5.2401 / 6.00PL01 SQL Injection
Advisory ID: SYSS-2024-023 Product: C-MOR Video Surveillance Manufacturer: za-internet GmbH Affected Versions: 5.2401, 6.00PL01 Tested Versions: 5.2401, 6.00PL01 Vulnerability Type: SQL Injection CWE-89 Risk Level: High Solution Status: Open Manufacturer Notification: 2024-04-05 Solution Date: -...
SPIP 4.2.12 Code Execution
============================================================================================================================================= | Title : SPIP 4.2.12 PHP Code execution Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 129.0.1 64 bits ...
C-MOR Video Surveillance 5.2401 Path Traversal
Advisory ID: SYSS-2024-025 Product: C-MOR Video Surveillance Manufacturer: za-internet GmbH Affected Versions: 5.2401 Tested Versions: 5.2401 Vulnerability Type: Relative Path Traversal CWE-23 Risk Level: High Solution Status: Fixed Manufacturer Notification: 2024-04-05 Solution Date: 2024-07-31...
Crime Complaints Reporting Management System 1.0 Arbitrary File Upload
============================================================================================================================================= | Title : Crime Complaints Reporting Management System 1.0 arbitrary file upload Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro /...
C-MOR Video Surveillance 5.2401 / 6.00PL01 Cross Site Request Forgery
Advisory ID: SYSS-2024-022 Product: C-MOR Video Surveillance Manufacturer: za-internet GmbH Affected Versions: 5.2401, 6.00PL01 Tested Versions: 5.2401, 6.00PL01 Vulnerability Type: Cross-Site Request Forgery CWE-352 Risk Level: Medium Solution Status: Open Manufacturer Notification: 2024-04-05...
C-MOR Video Surveillance 5.2401 Remote Shell Upload
Advisory ID: SYSS-2024-026 Product: C-MOR Video Surveillance Manufacturer: za-internet GmbH Affected Versions: 5.2401 Tested Versions: 5.2401 Vulnerability Type: Unrestricted Upload of File with Dangerous Type CWE-434 Risk Level: High Solution Status: Fixed Manufacturer Notification: 2024-04-05...
C-MOR Video Surveillance 5.2401 / 6.00PL01 Privilege Escalation
Advisory ID: SYSS-2024-027 Product: C-MOR Video Surveillance Manufacturer: za-internet GmbH Affected Versions: 5.2401, 6.00PL01 Tested Versions: 5.2401, 6.00PL01 Vulnerability Type: Improper Privilege Management CWE-269 Risk Level: High Solution Status: Open Manufacturer Notification: 2024-04-05...
ASIS 3.2.0 SQL Injection
============================================================================================================================================ | Title : ASIS | Aplikasi Sistem Sekolah using CodeIgniter 3 - SQL Injection Authentication Bypass | | Author : checkgue | | Tested on : windows 10 Home /...
Student Result Management System 2.0 Insecure Direct Object Reference
============================================================================================================================================= | Title : Student Result Management System v2.0 IDOR Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox...
Student Record System 1.0 SQL Injection
============================================================================================================================================= | Title : Student Record System v1.0 Auth By Pass Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 128.0.3...
Backdoor.Win32.Symmi.qua MVID-2024-0692 Buffer Overflow
Discovery / credits: Malvuln John Page aka hyp3rlinx c 2024 Original source: https://malvuln.com/advisory/6e81618678ddfee69342486f6b5ee780.txt Contact: [email protected] Media: x.com/malvuln Threat: Backdoor.Win32.Symmi.qua Vulnerability: Remote Stack Buffer Overflow SEH Description: The malwar...
Supply Chain Management 1.0 SQL Injection
============================================================================================================================================= | Title : Supply Chain Management v1.0 Auth By Pass Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 128.0...
HackTool.Win32.Freezer.br (WinSpy) MVID-2024-0691 Insecure Credential Storage
Discovery / credits: Malvuln John Page aka hyp3rlinx c 2024 Original source: https://malvuln.com/advisory/2992129c565e025ebcb0bb6f80c77812.txt Contact: [email protected] Media: x.com/malvuln Threat: HackTool.Win32.Freezer.br WinSpy Vulnerability: Insecure Credential Storage Description: The...
Backdoor.Win32.Optix.02.b MVID-2024-0690 Hardcoded Credential
Discovery / credits: Malvuln John Page aka hyp3rlinx c 2024 Original source: https://malvuln.com/advisory/706ddc06ebbdde43e4e97de4d5af3b19.txt Contact: [email protected] Media: x.com/malvuln Threat: Backdoor.Win32.Optix.02.b Vulnerability: Weak Hardcoded Credentials Description: Optix listens o...
Tourism Management System 1.0 SQL Injection
============================================================================================================================================= | Title : Tourism Management System 1.0 Auth BY Pass Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox...
Tenant courier management 1.0 Insecure Settings
============================================================================================================================================= | Title : Tenant courier management v1.0 Insecure Settings Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefo...
Backdoor.Win32.JustJoke.21 (BackDoor Pro - v2.0b4) MVID-2024-0689 Code Execution
Discovery / credits: Malvuln John Page aka hyp3rlinx c 2024 Original source: https://malvuln.com/advisory/4dc39c05bcc93e600dd8de16f2f7c599.txt Contact: [email protected] Media: x.com/malvuln Threat: Backdoor.Win32.JustJoke.21 BackDoor Pro - v2.0b4 Vulnerability: Unauthenticated Remote Command...
Backdoor.Win32.PoisonIvy.ymw MVID-2024-0688 Insecure Credential Storage
Discovery / credits: Malvuln John Page aka hyp3rlinx c 2024 Original source: https://malvuln.com/advisory/b0748f1c1a17bad44dc9bd750fc97547.txt Contact: [email protected] Media: x.com/malvuln Threat: Backdoor.Win32.PoisonIvy.ymw Vulnerability: Insecure Credential Storage Family: PoisonIvy Type:...
Student Attendance Management System 1.0 Arbitrary File Upload
============================================================================================================================================= | Title : Student Attendance Management System 1.0 Remote File Upload Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser :...
Online Course Registration 1.0 SQL Injection
============================================================================================================================================= | Title : Online course registartion 1.0 Blind SQl INjection Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla...
Online Travel Agency System 1.0 Shell Upload
============================================================================================================================================= | Title : Travel v1.0 Remote File Upload Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 125.0.1 64 bits ...
Taskhub 2.8.8 Insecure Settings
============================================================================================================================================= | Title : Taskhub v2.8.8 Insecure Settings Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 125.0.1 64 bit...
PPDB 2.4-update 6118-1 Cross Site Request Forgery
============================================================================================================================================= | Title : ppdb v2.4-update 6118-1 CSRF Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 125.0.1 64 bits | ...
Penglead 2.0 Cross Site Scripting
============================================================================================================================================= | Title : penglead v2.0 XSS Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 125.0.1 64 bits | | Vendor :...
Online Traffic Offense 1.0 Cross Site Request Forgery
============================================================================================================================================= | Title : Online Traffic Offense 1.0 CSRF Add Admin Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 128.0...
Webpay E-Commerce 1.0 SQL Injection
============================================================================================================================================= | Title : Webpay E-Commerce v1.0 SQL Injection Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 125.0.1 64...
Texas Instruments Fusion Digital Power Designer 7.10.1 Credential Disclosure
Insufficiently Protected Credentials in Texas Instruments Fusion Digital Power Designer v.7.10.1 Credit: Gionathan Armando Reale...
Online Travel Agency System 1.0 Arbitrary File Upload
============================================================================================================================================= | Title : Online Travel Agency System v1.0 Remote File Upload Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla...
SPIP 4.2.9 Code Execution
============================================================================================================================================= | Title : SPIP 4.2.9 PHP Code execution Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 129.0.1 64 bits |...
SPIP 4.2.7 Code Execution
============================================================================================================================================= | Title : SPIP 4.2.7 PHP Code execution Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 129.0.1 64 bits |...
Faculty Evaluation System 1.0 Cross Site Request Forgery
============================================================================================================================================= | Title : Faculty Evaluation System 1.0 CSRF Add Admin Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox...
eClass LMS 6.2.0 Shell Upload
==================================================================================================================================== | Title : eClass LMS v6.2.0 shell upload Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 125.0.1 64 bits | | Vendo...
Online Job Portal IN 1.0 SQL Injection
============================================================================================================================================= | Title : Online Job Portal IN v1.0 SQL injection Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 128.0.3...
Hostel Management System 1.0 Arbitrary File Upload
============================================================================================================================================= | Title : hostel management system 1.0 arbitrary file upload Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla...
IntelliNet 2.0 Remote Root
!/usr/local/bin/node const execSync = require'childprocess'; const readline = require'readline'; let TARGET = ''; let COMMAND = ''; let SESSION = ''; const ESCALATE = '/usr/aes/bin/execsuid'; console.log ⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⡀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀ ⠀⠀⠀⠀⠀⠀⠀⠀⠀⢠⣾⡄⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀ ⠀⠀⠀⠀⠀⠀⠀⠀⢀⣼⣿⣧⣶⣶⣶⣦⣤⣀⡀⠀⠀⠀⠀⠀⠀⠀⠀⠀...
Online Musical Instrument Shop IN 1.0 Cross Site Scripting
==================================================================================================================================================== | Title : Online Musical Instrument Shop IN v1.0 XSS Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firef...
Loan Management System 2024 1.0 Insecure Settings
============================================================================================================================================= | Title : Loan Management System 2024 v1.0 Insecure Settings Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla...
Free Hospital Management System For Small Practices 1.0 CSRF
============================================================================================================================================= | Title : Vaidya-Mitra v 1.0 CSRF Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 125.0.1 64 bits | |...
pgAdmin 8.4 Code Execution
============================================================================================================================================= | Title : pgAdmin 8.4 PHP Code Execution Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 129.0.1 64 bits ...
File Management System 1.0 Cross Site Request Forgery
============================================================================================================================================= | Title : File Management System 1.0 CSRF Add Admin Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 128.0...
HP Intelligent Management IctDownloadServlet Directory Traversal
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'HP Intelligent Management IctDownloadServlet Directory Traversal', 'Description' = %q This module exploits a lack of authentication and a directo...
Chef Web UI Brute Force Utility
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'metasploit/framework/loginscanner/chefwebui' require 'metasploit/framework/credentialcollection' class MetasploitModule 'Chef Web UI Brute Force Utility',...
Lotus Domino Password Hash Collector
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Lotus Domino Password Hash Collector', 'Description' = 'Get users passwords hashes from names.nsf page', 'Author' = 'Tiago Ferreira ', 'License' ...
WordPress Total Upkeep Unauthenticated Backup Downloader
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'WordPress Total Upkeep Unauthenticated Backup Downloader', 'Description' = %q This module exploits an unauthenticated database backup vulnerabili...
Wordpress Pingback Locator
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Wordpress Pingback Locator', 'Description' = %q This module will scan for wordpress sites with the Pingback API enabled. By interfacing with the...
Jupyter Login Utility
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'metasploit/framework/credentialcollection' require 'metasploit/framework/loginscanner/jupyter' class MetasploitModule 'Jupyter Login Utility', 'Description' = %...