50653 matches found
DETS Project 1.0 SQL Injection
============================================================================================================================================= | Title : DETS Project 1.0 Auth By Pass Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 129.0.1 64 bits |...
Calibre Web 0.6.21 Cross Site Scripting
Exploit Title: Stored XSS in Calibre-web Date: 07/05/2024 Exploit Authors: Pentest-Tools.com Catalin Iovita & Alexandru Postolache Vendor Homepage: https://github.com/janeczku/calibre-web/ Version: 0.6.21 - Romesa Tested on: Linux 5.15.0-107, Python 3.10.12, lxml 4.9.4 CVE: CVE-2024-39123...
School Log Management System 1.0 SQL Injection / Code Execution
============================================================================================================================================= | Title : School Log Management System 1.0 WYSIWYG Settings Management Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser :...
Employee Record Management System 1.0 SQL Injection
============================================================================================================================================= | Title : ERMS Project 1.0 Auth By Pass Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 129.0.1 64 bits |...
Simple College Website 1.0 SQL Injection / Code Execution
============================================================================================================================================= | Title : Simple College Website 1.0 WYSIWYG Settings Management Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla...
Human Resource Management System 2024 1.0 Cross Site Scripting
============================================================================================================================================= | Title : Human Resource Management System 2024 v1.0 XSS Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox...
Client Management System 1.0 SQL Injection
============================================================================================================================================= | Title : Client ms Project 1.0 Auth By Pass Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 129.0.1 64...
DiCal-RED 4009 Information Disclosure
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2024-042 Product: DiCal-RED Manufacturer: Swissphone Wireless AG Affected Versions: Unknown Tested Versions: 4009 Vulnerability Type: Exposure of Sensitive Information to an Unauthorized Actor CWE-200 Risk Level: Medium Solution...
Company Visitor Management 1.0 SQL Injection
============================================================================================================================================= | Title : Company Visitor Management 1.0 Auth By Pass Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox...
DiCal-RED 4009 Cryptography Failure
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2024-038 Product: DiCal-RED Manufacturer: Swissphone Wireless AG Affected Versions: Unknown Tested Versions: 4009 Vulnerability Type: Use of Password Hash Instead of Password for Authentication CWE-836 Risk Level: Medium Solution...
CCMS Project 1.0 SQL Injection
============================================================================================================================================= | Title : CCMS Project 1.0 Auth By Pass Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 129.0.1 64 bits |...
Crime Complaints Reporting Management System 1.0 Shell Upload
============================================================================================================================================= | Title : Crime Complaints Reporting Management System 1.0 code injection Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser :...
DiCal-RED 4009 Missing Authentication
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2024-036 Product: DiCal-RED Manufacturer: Swissphone Wireless AG Affected Versions: Unknown Tested Versions: 4009 Vulnerability Type: Missing Authentication for Critical Function CWE-306 Risk Level: High Solution Status: Open...
Biobook Social Networking Site 1.0 SQL Injection
============================================================================================================================================= | Title : biobook Social Networking Site 1.0 Auth By Pass Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox...
CMS RIMI 1.3 Cross Site Request Forgery / File Upload
============================================================================================================================================= | Title : CMS RIMI v1.3 CSRF Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 128.0.3 64 bits | | Vendor :...
CMSsite 1.0 Shell Upload
============================================================================================================================================= | Title : CMSsite 1.0 php code injection Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 129.0.1 64 bits ...
PlantUML 1.2024.6 Cross Site Scripting
Exploit Title: PlantUML version 1.2024.6 Cross Site Scripting XSS Date: 23/08/2024 Exploit Author: Hosein Vita Vendor Homepage: https://plantuml.com/ Version: 1.2024.6 Tested on: Linux Description: This proof-of-concept demonstrates a Cross-Site Scripting XSS vulnerability in PlantUML. The...
Ray Agent Job Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Ray Agent Job RCE', 'Description' = %q RCE in Ray via the agent job submission endpoint. This is intended functionality as Ray's main purpose is...
DiCal-RED 4009 Missing Authentication
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2024-035 Product: DiCal-RED Manufacturer: Swissphone Wireless AG Affected Versions: Unknown Tested Versions: 4009 Vulnerability Type: Missing Authentication for Critical Function CWE-306 Risk Level: High Solution Status: Open...
Ray cpu_profile Command Injection
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Ray cpuprofile command injection', 'Description' = %q Ray RCE via cpuprofile command injection vulnerability. , 'Author' = 'sierrabearchell',...
DiCal-RED 4009 Log Disclosure
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2024-040 Product: DiCal-RED Manufacturer: Swissphone Wireless AG Affected Versions: Unknown Tested Versions: 4009 Vulnerability Type: Improper Authentication CWE-287 Risk Level: High Solution Status: Open Manufacturer Notification:...
DiCal-RED 4009 Path Traversal
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2024-039 Product: DiCal-RED Manufacturer: Swissphone Wireless AG Affected Versions: Unknown Tested Versions: 4009 Vulnerability Type: Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' CWE-22 Risk Level:...
Courier Management System 1.0 Cross Site Request Forgery
============================================================================================================================================= | Title : Courier Management System 1.0 CSRF add admin Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox...
DiCal-RED 4009 Weak Hashing
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2024-037 Product: DiCal-RED Manufacturer: Swissphone Wireless AG Affected Versions: Unknown Tested Versions: 4009 Vulnerability Type: Use of Password Hash With Insufficient Computational Effort CWE-916 Risk Level: Medium Solution...
Online Banking System 1.0 Arbitrary File Upload
============================================================================================================================================= | Title : Online Banking System 1.0 Remote File Upload Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox...
AVMS Project 1.0 SQL Injection
============================================================================================================================================= | Title : AVMS Project 1.0 Auth By Pass Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 129.0.1 64 bits |...
SPIP 4.2.12 Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'SPIP Unauthenticated RCE via porteplume Plugin', 'Description' = %q This module exploits a Remote Code Execution vulnerability in SPIP versions u...
Online Shopping System Master 1.0 Cross Site Request Forgery
============================================================================================================================================= | Title : online shopping system master v1.0 CSRF Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 128.0.3...
Online ID Generator 1.0 Cross Site Request Forgery
============================================================================================================================================= | Title : Online ID Generator 1.0 CSRF Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 128.0.3 64 bits | ...
Online Survey System 1.0 Cross Site Request Forgery
============================================================================================================================================= | Title : Online Survey System 1.0 CSRF Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 128.0.3 64 bits |...
DIAEnergie 1.10 SQL Injection
class MetasploitModule 'DIAEnergie SQL Injection CVE-2024-4548', 'Description' = %q SQL injection vulnerability in DIAEnergie MSFLICENSE, 'Author' = 'Michael Heinzl', MSF exploit 'Tenable' Discovery & PoC , 'References' = 'URL', 'https://www.tenable.com/security/research/tra-2024-13', 'CVE',...
Multi-Vendor Online Groceries Management System 1.0 Cross Site Request Forgery
============================================================================================================================================= | Title : Multi-Vendor Online Groceries Management System 1.0 CSRF Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozill...
Medical Center Portal 1.0 Cross Site Request Forgery
============================================================================================================================================= | Title : Medical Center Portal 1.0 CSRF Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 128.0.3 64 bits ...
Music Gallery Site 1.0 Cross Site Request Forgery
============================================================================================================================================= | Title : Music Gallery Site v1.0 CSRF Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 125.0.1 64 bits | ...
Cab Management System 1.0 Cross Site Request Forgery
============================================================================================================================================= | Title : cab management system 1.0 CSRF Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 128.0.3 64 bits ...
Online Banking System 1.0 Cross Site Request Forgery
============================================================================================================================================= | Title : Online Banking System 1.0 CSRF Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 128.0.3 64 bits ...
Event Registration and Attendance System 1.0 Cross Site Request Forgery
============================================================================================================================================= | Title : Event Registration and Attendance System 1.0 CSRF Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firef...
Online Diagnostic Lab Management System 1.0 Arbitrary File Upload
============================================================================================================================================= | Title : Online Diagnostic Lab Management System v1.0 Remote File Upload Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser :...
Alphaware E-Commerce System 1.0 Code Injection
============================================================================================================================================= | Title : Alphaware E-CommerceSystem 1.0 php code injection Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firef...
Akuvox Smart Intercom/Doorphone Unauthenticated Stream Disclosure
Akuvox Smart Intercom/Doorphone Unauthenticated Stream Disclosure Vendor: The Akuvox Company Product web page: https://www.akuvox.com Affected version: Doorphone: S539 S532 X916 X915 X912 R29 Intercom: R20K-2 R20A-2 C313W-2 NS-2 NC-2 NX-2 Firmware: 912.30.1.137 Summary: Vandal-resistant Door Phon...
Accounting Journal Management System 1.0 Code Injection
============================================================================================================================================= | Title : Accounting Journal Management System 1.0 php code injection Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser :...
Hospital Management System 1.0 Code Injection
============================================================================================================================================= | Title : Hospital Management System 1.0WYSIWYG code injection Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla...
Linux Landlock Logic Bug
Linux: landlock can be disabled thanks to missing credtransfer hook; and Smack looks dodgy too I found a logic bug that makes it possible for a process to get rid of all Landlock restrictions applied to it: When a process' cred struct is replaced, this almost always invokes the credprepare LSM...
Biobook Social Networking Site 1.0 Arbitrary File Upload
============================================================================================================================================= | Title : biobook Social Networking Site 1.0 Remote File Upload Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla...
Loan Management System 1.0 Cross Site Request Forgery
============================================================================================================================================= | Title : Loan Management System 1.0 CSRF Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 128.0.3 64 bits...
Simple Machines Forum 2.1.4 Code Injection
Exploit Title: Authenticated Code Injection - smfv2.1.4 Date: 8/2024 Exploit Author: Andrey Stoykov Version: 2.1.4 Tested on: Ubuntu 22.04 Blog: https://msecureltd.blogspot.com/2024/06/friday-fun-pentest-series-7-smfv214.html Code Injection Authenticated: Steps to Reproduce: 1. Login as admin 2...
ABIC Cardiology Management System 1.0 Cross Site Request Forgery
============================================================================================================================================= | Title : ABIC cardiology Management System 1.0 CSRF Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox...
Lost and Found Information System 1.0 Cross Site Request Forgery
============================================================================================================================================= | Title : Lost and Found Information System v1.0 v1.0 CSRF Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefo...
Event Registration and Attendance System 1.0 Code Injection
============================================================================================================================================= | Title : Event Registration and Attendance System 1.0 wysiwyg code injection Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / brows...
Ewon Cosy+ Hardcoded Key
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2024-032 Product: Ewon Cosy+ Manufacturer: HMS Industrial Networks AB Affected Versions: Firmware Versions: 21.2s10 and 22.1s3 Tested Versions: Firmware Version: 21.2s7 Vulnerability Type: Use of Hard-coded Cryptographic Key CWE-32...