50738 matches found
Ray Agent Job Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Ray Agent Job RCE', 'Description' = %q RCE in Ray via the agent job submission endpoint. This is intended functionality as Ray's main purpose is...
DiCal-RED 4009 Missing Authentication
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2024-036 Product: DiCal-RED Manufacturer: Swissphone Wireless AG Affected Versions: Unknown Tested Versions: 4009 Vulnerability Type: Missing Authentication for Critical Function CWE-306 Risk Level: High Solution Status: Open...
Client Management System 1.0 SQL Injection
============================================================================================================================================= | Title : Client ms Project 1.0 Auth By Pass Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 129.0.1 64...
DiCal-RED 4009 Log Disclosure
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2024-040 Product: DiCal-RED Manufacturer: Swissphone Wireless AG Affected Versions: Unknown Tested Versions: 4009 Vulnerability Type: Improper Authentication CWE-287 Risk Level: High Solution Status: Open Manufacturer Notification:...
Company Visitor Management 1.0 SQL Injection
============================================================================================================================================= | Title : Company Visitor Management 1.0 Auth By Pass Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox...
DiCal-RED 4009 Path Traversal
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2024-039 Product: DiCal-RED Manufacturer: Swissphone Wireless AG Affected Versions: Unknown Tested Versions: 4009 Vulnerability Type: Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' CWE-22 Risk Level:...
PlantUML 1.2024.6 Cross Site Scripting
Exploit Title: PlantUML version 1.2024.6 Cross Site Scripting XSS Date: 23/08/2024 Exploit Author: Hosein Vita Vendor Homepage: https://plantuml.com/ Version: 1.2024.6 Tested on: Linux Description: This proof-of-concept demonstrates a Cross-Site Scripting XSS vulnerability in PlantUML. The...
Courier Management System 1.0 Cross Site Request Forgery
============================================================================================================================================= | Title : Courier Management System 1.0 CSRF add admin Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox...
Ray cpu_profile Command Injection
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Ray cpuprofile command injection', 'Description' = %q Ray RCE via cpuprofile command injection vulnerability. , 'Author' = 'sierrabearchell',...
DIAEnergie 1.10 SQL Injection
class MetasploitModule 'DIAEnergie SQL Injection CVE-2024-4548', 'Description' = %q SQL injection vulnerability in DIAEnergie MSFLICENSE, 'Author' = 'Michael Heinzl', MSF exploit 'Tenable' Discovery & PoC , 'References' = 'URL', 'https://www.tenable.com/security/research/tra-2024-13', 'CVE',...
Online Survey System 1.0 Cross Site Request Forgery
============================================================================================================================================= | Title : Online Survey System 1.0 CSRF Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 128.0.3 64 bits |...
Online Shopping System Master 1.0 Cross Site Request Forgery
============================================================================================================================================= | Title : online shopping system master v1.0 CSRF Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 128.0.3...
Online Banking System 1.0 Arbitrary File Upload
============================================================================================================================================= | Title : Online Banking System 1.0 Remote File Upload Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox...
Online ID Generator 1.0 Cross Site Request Forgery
============================================================================================================================================= | Title : Online ID Generator 1.0 CSRF Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 128.0.3 64 bits | ...
AVMS Project 1.0 SQL Injection
============================================================================================================================================= | Title : AVMS Project 1.0 Auth By Pass Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 129.0.1 64 bits |...
SPIP 4.2.12 Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'SPIP Unauthenticated RCE via porteplume Plugin', 'Description' = %q This module exploits a Remote Code Execution vulnerability in SPIP versions u...
Medical Center Portal 1.0 Cross Site Request Forgery
============================================================================================================================================= | Title : Medical Center Portal 1.0 CSRF Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 128.0.3 64 bits ...
Multi-Vendor Online Groceries Management System 1.0 Cross Site Request Forgery
============================================================================================================================================= | Title : Multi-Vendor Online Groceries Management System 1.0 CSRF Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozill...
Alphaware E-Commerce System 1.0 Code Injection
============================================================================================================================================= | Title : Alphaware E-CommerceSystem 1.0 php code injection Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firef...
Online Banking System 1.0 Cross Site Request Forgery
============================================================================================================================================= | Title : Online Banking System 1.0 CSRF Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 128.0.3 64 bits ...
Event Registration and Attendance System 1.0 Cross Site Request Forgery
============================================================================================================================================= | Title : Event Registration and Attendance System 1.0 CSRF Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firef...
Music Gallery Site 1.0 Cross Site Request Forgery
============================================================================================================================================= | Title : Music Gallery Site v1.0 CSRF Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 125.0.1 64 bits | ...
Cab Management System 1.0 Cross Site Request Forgery
============================================================================================================================================= | Title : cab management system 1.0 CSRF Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 128.0.3 64 bits ...
Online Diagnostic Lab Management System 1.0 Arbitrary File Upload
============================================================================================================================================= | Title : Online Diagnostic Lab Management System v1.0 Remote File Upload Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser :...
Biobook Social Networking Site 1.0 Arbitrary File Upload
============================================================================================================================================= | Title : biobook Social Networking Site 1.0 Remote File Upload Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla...
Akuvox Smart Intercom/Doorphone Unauthenticated Stream Disclosure
Akuvox Smart Intercom/Doorphone Unauthenticated Stream Disclosure Vendor: The Akuvox Company Product web page: https://www.akuvox.com Affected version: Doorphone: S539 S532 X916 X915 X912 R29 Intercom: R20K-2 R20A-2 C313W-2 NS-2 NC-2 NX-2 Firmware: 912.30.1.137 Summary: Vandal-resistant Door Phon...
Lost and Found Information System 1.0 Cross Site Request Forgery
============================================================================================================================================= | Title : Lost and Found Information System v1.0 v1.0 CSRF Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefo...
Accounting Journal Management System 1.0 Code Injection
============================================================================================================================================= | Title : Accounting Journal Management System 1.0 php code injection Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser :...
Event Registration and Attendance System 1.0 Code Injection
============================================================================================================================================= | Title : Event Registration and Attendance System 1.0 wysiwyg code injection Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / brows...
Loan Management System 1.0 Cross Site Request Forgery
============================================================================================================================================= | Title : Loan Management System 1.0 CSRF Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 128.0.3 64 bits...
ABIC Cardiology Management System 1.0 Cross Site Request Forgery
============================================================================================================================================= | Title : ABIC cardiology Management System 1.0 CSRF Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox...
Simple Machines Forum 2.1.4 Code Injection
Exploit Title: Authenticated Code Injection - smfv2.1.4 Date: 8/2024 Exploit Author: Andrey Stoykov Version: 2.1.4 Tested on: Ubuntu 22.04 Blog: https://msecureltd.blogspot.com/2024/06/friday-fun-pentest-series-7-smfv214.html Code Injection Authenticated: Steps to Reproduce: 1. Login as admin 2...
Linux Landlock Logic Bug
Linux: landlock can be disabled thanks to missing credtransfer hook; and Smack looks dodgy too I found a logic bug that makes it possible for a process to get rid of all Landlock restrictions applied to it: When a process' cred struct is replaced, this almost always invokes the credprepare LSM...
Hospital Management System 1.0 Code Injection
============================================================================================================================================= | Title : Hospital Management System 1.0WYSIWYG code injection Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla...
Ewon Cosy+ Hardcoded Key
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2024-032 Product: Ewon Cosy+ Manufacturer: HMS Industrial Networks AB Affected Versions: Firmware Versions: 21.2s10 and 22.1s3 Tested Versions: Firmware Version: 21.2s7 Vulnerability Type: Use of Hard-coded Cryptographic Key CWE-32...
Hotel Management System 1.0 Cross Site Request Forgery
============================================================================================================================================= | Title : Hotel Management System 1.0 CSRF Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 128.0.3 64 bit...
Ewon Cosy+ / Talk2M Remote Access Solution Improper Authentication
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2024-043 Product: Ewon Cosy+ / Talk2M Remote Access Solution Manufacturer: HMS Industrial Networks AB Affected Versions: N.A. Tested Versions: N.A. Vulnerability Type: Improper Authentication CWE-287 Risk Level: High Solution Statu...
JobSeeker CMS 1.5 Insecure Settings
==================================================================================================================================== | Title : JobSeeker CMS 1.5 Insecure Settings Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 128.0.3 64 bits | |...
Ewon Cosy+ Improper Neutralization / Cross Site Scripting
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2024-016 Product: Ewon Cosy+ Manufacturer: HMS Industrial Networks AB Affected Versions: Firmware Versions: 21.2s10 and 22.1s3 Tested Versions: Firmware Version: 21.2s7 Vulnerability Type: Improper Neutralization of Input During We...
Lawyer CMS 1.6 Insecure Settings
==================================================================================================================================== | Title : Lawyer CMS 1.6 Insecure Settings Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 128.0.3 64 bits | |...
Ewon Cosy+ Password Disclosure
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2024-017 Product: Ewon Cosy+ Manufacturer: HMS Industrial Networks AB Affected Versions: Firmware Versions: 21.2s10 and 22.1s3 Tested Versions: Firmware Version: 21.2s7 Vulnerability Type: Cleartext Storage of Sensitive Information...
Accounting Journal Management System 1.0 Cross Site Request Forgery
============================================================================================================================================= | Title : Accounting Journal Management System 1.0 CSRF Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox...
Bhojon Restaurant Management System 3.0 Insecure Settings
==================================================================================================================================== | Title : Bhojon restaurant management system v3.0 Insecure Settings Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firef...
Human Resource Management System 2024 1.0 Insecure Settings
============================================================================================================================================= | Title : Human Resource Management System 2024 v1.0 Insecure Settings Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser :...
Ewon Cosy+ Command Injection
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2024-018 Product: Ewon Cosy+ Manufacturer: HMS Industrial Networks AB Affected Versions: Firmware Versions: 21.2s10 and 22.1s3 Tested Versions: Firmware Version: 21.2s7 Vulnerability Type: Improper Neutralization of Special Element...
Karya Online Shopping Portal 2.0 SQL Injection
============================================================================================================================================= | Title : Karya Online Shopping Portal 2.0 auth by pass Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox...
Jobs Finder System 1.0 SQL Injection
============================================================================================================================================= | Title : jobs Finder System v1.0 SQL injection Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 128.0.3 6...
Dovecot IMAP Server 2.2 / 2.3 Missing Rate Limiting
Affected product: Dovecot IMAP Server Internal reference: DOV-6464 Vulnerability type: CWE-770 Allocation of Resources Without Limits or Throttling Vulnerable version: 2.2, 2.3 Vulnerable component: lib-mail Report confidence: Confirmed Solution status: Fixed in 2.3.21.1 Researcher credits: Vendo...
Dovecot IMAP Server 2.2 / 2.3 Denial Of Service
Affected product: Dovecot IMAP Server Internal reference: DOV-6601 Vulnerability type: CWE-770 Allocation of Resources Without Limits or Throttling Vulnerable version: 2.2, 2.3 Vulnerable component: lib-mail Report confidence: Confirmed Solution status: Fixed in 2.3.21.1 Researcher credits: Vendo...
Human Resource Management System 2024 1.0 SQL Injection
============================================================================================================================================= | Title : Human Resource Management System 2024 v1.0 auth by pass Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla...