50738 matches found
MSMS-PHP 1.0 Shell Upload
Title: MSMS-PHP by: oretnom23 v1.0 File Upload - RCE browser using Author: nu11secur1ty Date: 03/13/2024 Vendor: https://github.com/oretnom23 Software: https://www.sourcecodester.com/php/14924/online-mobile-store-management-system-using-php-free-source-code.html Reference:...
OSGi 3.18 Remote Code Execution
!/usr/bin/python Exploit Title: OSGi v3.8-3.18 Console RCE Date: 2023-07-28 Exploit Author: Andrzej Olchawa, Milenko Starcik, VisionSpace Technologies GmbH Exploit Repository: https://github.com/visionspacetec/offsec-osgi-exploits.git Vendor Homepage: https://eclipse.dev/equinox Software Link:...
Client Details System 1.0 SQL Injection
Exploit Title: CVE-2023-7137ClientDetailsSystem-SQLInjection1 + Date: 2023-26-12 + Exploit Author: Hamdi Sevben + Vendor Homepage: https://code-projects.org/client-details-system-in-php-with-source-code/ + Software Link:...
MSMS-PHP 1.0 SQL Injection
Title: MSMS-PHP by: oretnom23 v1.0 Multiple-SQLi Author: nu11secur1ty Date: 03/13/2024 Vendor: https://github.com/oretnom23 Software: https://www.sourcecodester.com/php/14924/online-mobile-store-management-system-using-php-free-source-code.html Reference:...
OSGi 3.7.2 Remote Code Execution
!/usr/bin/python Exploit Title: OSGi v3.7.2 Console RCE Date: 2023-07-28 Exploit Author: Andrzej Olchawa, Milenko Starcik, VisionSpace Technologies GmbH Exploit Repository: https://github.com/visionspacetec/offsec-osgi-exploits.git Vendor Homepage: https://eclipse.dev/equinox Software Link:...
MetaFox 5.1.8 Shell Upload
!/usr/bin/env python3 Exploit Title: MetaFox Remote Shell Upload Google Dork: "Social network for niche communities" Exploit Author: The Joker Vendor Homepage: https://www.phpfox.com Version: = 5.1.8import jsonimport requestsimport sysif lensys.argv != 4: sys.exit"Usage: %s " % sys.argv0...
Cisco Firepower Management Center Remote Command Execution
Exploit Title: Cisco Firepower Management Center Google Dork: non Date: 12/06/2023 Exploit Author: Abdualhadi khalifa Version: 6.2.3.18", "6.4.0.16", "6.6.7.1 CVE : CVE-2023-20048 import requests import json set the variables for the URL, username, and password for the FMC web services interface...
NorthStar C2 Agent 1.0 Cross Site Scripting / Remote Command Execution
Exploit Title: NorthStar C2 agent RCE via stored XSS Date: 2024-03-11 Exploit Author: @chebuya Software Link: https://github.com/EnginDemirbilek/NorthStarC2 Version: v1.0 Tested on: Ubuntu 20.04 LTS CVE: CVE-2024-28741 Description: NorthStar C2 applies insufficient sanitization on agent...
Human Resource Management System 1.0 SQL Injection
Exploit Title: Human Resource Management System - SQL Injection Date: 13-01-2024 Exploit Author: Srikar Exp1o1t9r Vendor Homepage: https://www.sourcecodester.com/php/15740/human-resource-management-system-project-php-and-mysql-free-source-code.html Software Link:...
RUPPEINVOICE 1.0 SQL Injection
Title: RUPPEINVOICE-1.0 Multiple-SQLi Author: nu11secur1ty Date: 03/09/2024 Vendor: https://www.mayurik.com/ Software: https://www.sourcecodester.com/php/14831/billing-system-project-php-source-code-free-download.html Reference: https://portswigger.net/web-security/sql-injection Description: The...
TP-Link TL-WR740N Buffer Overflow / Denial Of Service
Exploit Title: TP-Link TL-WR740N - Buffer Overflow 'DOS' Date: 8/12/2023 Exploit Author: Anish Feroz ZEROXINN Vendor Homepage: http://www.tp-link.com Version: TP-Link TL-WR740n 3.12.11 Build 110915 Rel.40896n Tested on: TP-Link TL-WR740N Description: There exist a buffer overflow vulnerability in...
WordPress Hide My WP SQL Injection
Exploit Title: Wordpress Plugin Hide My WP 6.2.9 - Unauthenticated SQLi Publication Date: 2023-01-11 Original Researcher: Xenofon Vassilakopoulos Exploit Author: Xenofon Vassilakopoulos Submitter: Xenofon Vassilakopoulos Vendor Homepage: https://wpwave.com/ Version: Hide My WP v6.2.8 and prior...
Backdoor.Win32.Beastdoor.oq MVID-2024-0674 Remote Command Execution
Discovery / credits: Malvuln John Page aka hyp3rlinx c 2024 Original source: https://malvuln.com/advisory/6268df4c9c805c90725dde4fe5ef6fea.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Beastdoor.oq Vulnerability: Unauthenticated Remote Command Execution...
Numbas Remote Code Execution
Exploit Title: Numbas v7.3 - Remote Code Execution Google Dork: N/A Date: March 7th, 2024 Exploit Author: Matheus Boschetti Vendor Homepage: https://www.numbas.org.uk/ Software Link: https://github.com/numbas/Numbas Version: 7.2 and below Tested on: Linux CVE: CVE-2024-27612 import sys, requests,...
Akaunting 3.1.3 Remote Command Execution
Exploit Title: Akaunting 3.1.3 - RCE Date: 08/02/2024 Exploit Author: [email protected] Vendor Homepage: https://akaunting.com Software Link: https://github.com/akaunting/akaunting Version: = 3.1.3 Tested on: Ubuntu 22.04 CVE : CVE-2024-22836 !/usr/bin/python3 import sys import re import requests...
Hitachi NAS SMU Backup And Restore Insecure Direct Object Reference
!/usr/bin/python3 Title: Hitachi NAS HNAS System Management Unit SMU Backup & Restore IDOR Vulnerability CVE: CVE-2023-5808 Date: 2023-12-13 Exploit Author: Arslan Masood @arszilla Vendor: https://www.hitachivantara.com/ Version: --id --sso " Create --host argument: parser.addargument "--host",...
DataCube3 1.0 Shell Upload
Exploit Title: DataCube3 v1.0 - Unrestricted file upload 'RCE' Date: 7/28/2022 Exploit Author: Samy Younsi - NS Labs https://neroteam.com Vendor Homepage: https://www.f-logic.jp Software Link: https://www.f-logic.jp/pdf/support/manualproduct/manualproductdatacube3ver1.0sc.pdf Version: Ver1.0 Test...
WordPress Duplicator Data Exposure / Account Takeover
Exploit Title: WordPress Plugin Duplicator 1.5.7.1 - Unauthenticated Sensitive Data Exposure to Account Takeover Google Dork: inurl:"plugins/duplicator/" Date: 2023-12-04 Exploit Author: Dmitrii Ignatyev Vendor Homepage:...
Sitecore 8.2 Remote Code Execution
!/usr/bin/env python3 Exploit Title: Sitecore - Remote Code Execution v8.2 Exploit Author: abhishek morla Google Dork: N/A Date: 2024-01-08 Vendor Homepage: https://www.sitecore.com/ Software Link: https://dev.sitecore.net/ Version: 10.3 Tested on: windows64bit / mozila firefox CVE : CVE-2023-358...
Adobe ColdFusion 2018,15 / 2021,5 Arbitrary File Read
Exploit Title: File Read Arbitrary Exploit for CVE-2023-26360 Google Dork: not Date: 12/28/2023 Exploit Author: Youssef Muhammad Vendor Homepage: https://helpx.adobe.com/coldfusion/kb/coldfusion-downloads.html Software Link: https://drive.google.com/drive/folders/17ryBnFhswxiE1sHrNByxMVPKfUnwqmp0...
MongoDB 2.0.1 / 2.1.1 / 2.1.4 / 2.1.5 Local Password Disclosure
Title: MongoDB MONGOSH Password Exposure Vulnerability Product: MongoDB database Tool: mongosh Affected Versions: 2.0.1 , 2.1.1,2.1.4,2.1.5 Tested Versions: 2.0.1 , 2.1.1,2.1.4,2.1.5 Risk Level: Low Author of Advisory: Emad Al-Mousa Vulnerability Details: Vulnerability in MongoDB database system...
Ladder 0.0.21 Server-Side Request Forgery
Exploit Title: Ladder v0.0.21 Server-side request forgery SSRF Date: 2024-01-20 Exploit Author: @chebuya Software Link: https://github.com/everywall/ladder Version: v0.0.1 - v0.0.21 Tested on: Ubuntu 20.04.6 LTS on AWS EC2 ami-0fd63e471b04e22d0 CVE: CVE-2024-27620 Description: Ladder fails to app...
FullCourt Enterprise 8.2 Cross Site Scripting
Exploit Title: FullCourt enterprise XSS Date: 2023-28-12 Exploit Author: Omar Sabagh Author Linkedin: https://www.linkedin.com/in/omar-s-b937791a2/ Vendor Homepage: https://www.justicesystems.com Software Link: https://www.justicesystems.com/products/fullcourt-enterprise/ Version: FullCourt...
GliNet 4.x Authentication Bypass
DZONERZY Security Research GLiNet: Router Authentication Bypass ======================================================================== Contents ======================================================================== 1. Overview 2. Detailed Description 3. Exploit 4. Timeline...
NDtaskmatic 1.0 SQL Injection
Title: NDtaskmatic-1.0-by-Mayuri.K Multiple-SQLi Author: nu11secur1ty Date: 03/07/2024 Vendor: https://www.mayurik.com/ Software: https://www.sourcecodester.com/php/17217/employee-management-system-php-and-mysql-free-download.html Reference: https://portswigger.net/web-security/sql-injection...
Artica Proxy 4.50 Loopback Service Disclosure
KL-001-2024-004: Artica Proxy Loopback Services Remotely Accessible Unauthenticated Title: Artica Proxy Loopback Services Remotely Accessible Unauthenticated Advisory ID: KL-001-2024-004 Publication Date: 2024.03.05 Publication URL: https://korelogic.com/Resources/Advisories/KL-001-2024-004.txt 1...
Customer Support System 1.0 SQL Injection
Exploit Title: Customer Support System 1.0 - Multiple SQL injection vulnerabilities Date: 15/12/2023 Exploit Author: Geraldo Alcantara Vendor Homepage: https://www.sourcecodester.com/php/14587/customer-support-system-using-phpmysqli-source-code.html Software Link:...
Artica Proxy 4.40 / 4.50 Local File Inclusion / Traversal
KL-001-2024-001: Artica Proxy Unauthenticated LFI Protection Bypass Vulnerability Title: Artica Proxy Unauthenticated LFI Protection Bypass Vulnerability Advisory ID: KL-001-2024-001 Publication Date: 2024.03.05 Publication URL: https://korelogic.com/Resources/Advisories/KL-001-2024-001.txt 1...
Artica Proxy 4.40 / 4.50 Authentication Bypass / Privilege Escalation
KL-001-2024-003: Artica Proxy Unauthenticated File Manager Vulnerability Title: Artica Proxy Unauthenticated File Manager Vulnerability Advisory ID: KL-001-2024-003 Publication Date: 2024.03.05 Publication URL: https://korelogic.com/Resources/Advisories/KL-001-2024-003.txt 1. Vulnerability Detail...
Artica Proxy 4.50 Unauthenticated PHP Deserialization
KL-001-2024-002: Artica Proxy Unauthenticated PHP Deserialization Vulnerability Title: Artica Proxy Unauthenticated PHP Deserialization Vulnerability Advisory ID: KL-001-2024-002 Publication Date: 2024.03.05 Publication URL: https://korelogic.com/Resources/Advisories/KL-001-2024-002.txt 1...
KK Star Ratings Race Condition
Exploit Title: kk Star Ratings Extensions Turbo Intruder Send to turbo intruder. 5- Drop the initial request and turn Intercept off. 6- In the Turbo Intruder window, add "%s" to the end of the connection header e.g. "Connection: close %s". 7- Use the code examples/race.py. 8- Click "Attack" at th...
RAD SecFlow-2 Path Traversal
Exploit Title: Path traversal in RAD SecFlow-2 devices with Firmware 4.1.01.63 Date: 3/2024 CVE: CVE-2019-6268 Exploit Author: Branko Milicevic RAD SecFlow-2 devices with Hardware 0202, Firmware 4.1.01.63, and U-Boot 2010.12 allow URIs beginning with /.. for Directory Traversal, as demonstrated b...
Solar-Log 200 PM+ 3.6.0 Cross Site Scripting
Exploit Title: Stored XSS in Solar-Log 200 3.6.0 web panel Date: 10-30-23 Exploit Author: Vincent McRae, Mesut Cetin - Redteamer IT Security Vendor Homepage: https://www.solar-log.com/en/ Version: Solar-Log 200 PM+ 3.6.0 Build 99 - 15.10.2019 Tested on: Proprietary devices:...
WordPress Neon Text 1.1 Cross Site Scripting
Exploit Title: Wordpress Plugin Neon Text = 1.1 - Stored Cross Site Scripting XSS Date: 2023-11-15 Exploit Author: Eren Car Vendor Homepage: https://www.eralion.com/ Software Link: https://downloads.wordpress.org/plugin/neon-text.zip Category: Web Application Version: 1.0 Tested on: Debian /...
Multilaser RE160V / RE160 URL Manipulation Access Bypass
=====Tempest Security Intelligence - Security Advisory - CVE-2023-38945======= Access Control Bypass in Multilaser routers' Web Management Interface Author: Vinicius Moraes =====Table of Contents======================================================== 1. Overview 2. Detailed description 3. Other...
Petrol Pump Management System 1.0 Shell Upload
Exploit Title: File Upload Remote Code Execution RCE in Petrol Pump Management Software v.1.0 Date: 01-03-2024 Exploit Author: Shubham Pandey Vendor Homepage: https://www.sourcecodester.com Software Link: https://www.sourcecodester.com/php/17180/petrol-pump-management-software-free-download.html...
SumatraPDF 3.5.2 DLL Hijacking
SumatraPDF 3.5.2 DLL Hijack Exploit Title: Sumatra PDF 3.5.2 DLL Hijack Date: 03.03.2024 Exploit Author: Krishna Vamshi Katta Rokkaiah Vendor Homepage: https://www.sumatrapdfreader.org/free-pdf-reader Software Link: https://www.sumatrapdfreader.org/download-free-pdf-viewer Version: 3.5.2 Tested o...
Multilaser RE160 Cookie Manipulation Access Bypass
=====Tempest Security Intelligence - Security Advisory - CVE-2023-38946======= Access Control Bypass in Multilaser router's Web Management Interface Author: Vinicius Moraes =====Table of Contents======================================================== 1. Overview 2. Detailed description 3. Other...
XAMPP 5.6.40 SQL Injection
Exploit Title: XAMPP - Error Based SQL Injection Date: 02/2024 Exploit Author: Andrey Stoykov Version: 5.6.40 Tested on: Ubuntu 22.04 Blog: http://msecureltd.blogspot.com Steps to Reproduce: 1. Login to phpmyadmin 2. Visit Export New Template test Create 3. Navigate to "Existing Templates" 4...
Easywall 0.3.1 Remote Command Execution
Exploit Title: Easywall 0.3.1 - Authenticated Remote Command Execution Date: 30-11-2023 Exploit Author: Melvin Mejia Vendor Homepage: https://jpylypiw.github.io/easywall/ Software Link: https://github.com/jpylypiw/easywall Version: 0.3.1 Tested on: Ubuntu 22.04 import requests, json, urllib3...
GL.iNet AR300M 4.3.7 Remote Code Execution
!/usr/bin/env python3 Exploit Title: GL.iNet = 4.3.7 Remote Code Execution via OpenVPN Client Google Dork: intitle:"GL.iNet Admin Panel" Date: XX/11/2023 Exploit Author: Michele 'cyberaz0r' Di Bonaventura Vendor Homepage: https://www.gli-net.com Software Link:...
A-PDF All To MP3 Converter 2.0.0 Overflow
!/usr/bin/python Exploit Title: A-PDF All to MP3 Converter 2.0.0 - DEP Bypass with HeapCreate + HeapAlloc + somememorycopyfunction ROP chain Date: 16 November 2023 Exploit Author: George Washington Vendor Homepage: http://www.a-pdf.com/all-to-mp3/download.htm Software Link:...
GL.iNet AR300M 3.216 Remote Code Execution
!/usr/bin/env python3 Exploit Title: GL.iNet = 3.216 Remote Code Execution via OpenVPN Client Google Dork: intitle:"GL.iNet Admin Panel" Date: XX/11/2023 Exploit Author: Michele 'cyberaz0r' Di Bonaventura Vendor Homepage: https://www.gli-net.com Software Link:...
TPC-110W Missing Authentication
include include include include include include int mainint argc, char argv int sock; struct sockaddrin servaddr; char command512; sock = socketAFINET, SOCKSTREAM, 0; if sock 0 perror"socket"; exit1; memset&servaddr, '0', sizeofservaddr; servaddr.sinfamily = AFINET; servaddr.sinport = htons8888; ...
Simple Student Attendance System 1.0 SQL Injection
Exploit Title: Simple Student Attendance System v1.0 - 'classid' Time Based Blind & Union Based SQL Injection Date: 26 December 2023 Exploit Author: Gnanaraj Mauviel @0xm3m Vendor: oretnom23 Vendor Homepage:...
Petrol Pump Management Software 1.0 Cross Site Scripting
Exploit Title: Cross Site Scripting vulnerability in Petrol Pump Management Software v.1.0 Date: 01-03-2024 Exploit Author: Shubham Pandey Vendor Homepage: https://www.sourcecodester.com Software Link: https://www.sourcecodester.com/php/17180/petrol-pump-management-software-free-download.html...
GL.iNet AR300M 4.3.7 Arbitrary File Write
!/usr/bin/env python3 Exploit Title: GL.iNet = 4.3.7 Arbitrary File Write Google Dork: intitle:"GL.iNet Admin Panel" Date: XX/11/2023 Exploit Author: Michele 'cyberaz0r' Di Bonaventura Vendor Homepage: https://www.gli-net.com Software Link:...
Boss Mini 1.4.0 Local File Inclusion
Exploit Title: Boss Mini 1.4.0 - local file inclusion Date: 07/12/2023 Exploit Author: nltt0 https://github.com/nltt-br CVE: CVE-2023-3643 ''' / \ | | / | | / / | | \ --. | | / | |/ | ' \ / |/ / | --. \ | /\ | | | | | | | | | | \ // / /,||,|| ||, |/|// / | |/ ''' from requests import...
Employee Management System 1.0-2024 SQL Injection
Title: employeeakpoly-management-system-1.0-2024 Multiple-SQLi Author: nu11secur1ty Date: 03/01/2024 Vendor: https://www.sourcecodester.com/users/walterjnr1 Software: https://www.sourcecodester.com/php/16999/employee-management-system.html Reference:...
Qognify VMS Client Viewer 7.1 DLL Hijacking
SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Local Privilege Escalation via DLL Hijacking product: Qognify VMS Client Viewer vulnerable version: =7.1 fixed version: see solution CVE number: CVE-2023-49114 impact:...