50738 matches found
Fortra GoAnywhere MFT Unauthenticated Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Fortra GoAnywhere MFT Unauthenticated Remote Code Execution', 'Description' = %q This module exploits a vulnerability in Fortra GoAnywhere MFT th...
WebCatalog 48.4 Arbitrary Protocol Execution / Code Execution
Exploit Title: WebCatalog 48.4 - Arbitrary Protocol Execution Date: 9/27/2023 Exploit Author: ItsSixtyN3in Vendor Homepage: https://webcatalog.io/en/ Software Link: https://cdn-2.webcatalog.io/webcatalog/WebCatalog%20Setup%2052.3.0.exe Version: 48.4.0 Tested on: Windows CVE : CVE-2023-42222...
TP-LINK TL-WR740N HTML Injection
Exploit Title: TP-LINK TL-WR740N - Multiple HTML Injection Vulnerabilities Date: 25/9/2023 Exploit Author: Shujaat Amin ZEROXINN Vendor Homepage: http://www.tp-link.com Version: TP-Link TL-WR740n 3.12.11 Build 110915 Rel.40896n Tested on: Windows 10...
Typora 1.7.4 Command Injection
Exploit Title: Typora v1.7.4 - OS Command Injection Discovered by: Ahmet Ümit BAYRAM Discovered Date: 13.09.2023 Vendor Homepage: http://www.typora.io Software Link: https://download.typora.io/windows/typora-setup-ia32.exe Tested Version: v1.7.4 latest Tested on: Windows 2019 Server 64bit Steps t...
PCMan FTP Server 2.0 Buffer Overflow
Exploit Title: PCMan FTP Server 2.0 - 'pwd' Remote Buffer Overflow Date: 09/25/2023 Exploit Author: Waqas Ahmed Faroouqi ZEROXINN Vendor Homepage: http://pcman.openfoundry.org/ Software Link: https://www.exploit-db.com/apps/9fceb6fefd0f3ca1a8c36e97b6cc925d-PCMan.7z Version: 2.0 Tested on: Windows...
Proxmox VE 7.4-1 TOTP Brute Force
Exploit Title: Proxmox VE TOTP Brute Force Date: 09/23/2023 Exploit Author: Cory Cline, Gabe Rust Vendor Homepage: https://www.proxmox.com/en/ Software Link: http://download.proxmox.com/iso/ Version: 5.4 - 7.4-1 Tested on: Debian CVE : CVE-2023-43320 import time import requests import urllib.pars...
Juniper SRX Firewall / EX Switch Remote Code Execution
Exploit Title: juniper-SRX-Firewalls&EX-switches PreAuth-RCE PoC Description: This code serves as both a vulnerability detector and a proof of concept for CVE-2023-36845. It executes the phpinfo function on the login page of the target device, allowing to inspect the PHP configuration. also this...
7 Sticky Notes 1.9 Command Injection
Exploit Title: 7 Sticky Notes v1.9 - OS Command Injection Discovered by: Ahmet Ümit BAYRAM Discovered Date: 12.09.2023 Vendor Homepage: http://www.7stickynotes.com Software Link: http://www.7stickynotes.com/download/Setup7StickyNotesv19.exe Tested Version: 1.9 latest Tested on: Windows 2019 Serve...
GoAhead Web Server 2.5 HTML Injection
Exploit Title: GoAhead Web Server 2.5 - 'goform/formTest' Multiple HTML Injection Vulnerabilities Date: 25/9/2023 Exploit Author: Syed Affan Ahmed ZEROXINN Vendor Homepage: https://www.embedthis.com/goahead/ Affected Version: 2.5 may be others. Tested On Version: 2.5 in ZTE AC3630...
Ricoh Printer Directory / File Exposure
Exploit Title: Ricoh Printer Directory and File Exposure Date: 9/15/2023 Exploit Author: Thomas Heverin Heverin Hacker Vendor Homepage: https://www.ricoh.com/products/printers-and-copiers Software Link: https://replit.com/@HeverinHacker/Ricoh-Printer-Directory-and-File-Findermain.py Version: Rico...
GlobalScape Secure FTP Server 3.0 Denial Of Service
!/usr/bin/perl use strict; use IO::Socket; print "GlobalScape Secure FTP Server 3.0 - Denial of Service \n"; my $payload = "\x41\x42\x0a\x00"x147; my $buffer = "\x41"x2043 . "\x41\x42\x43\x00" . "\x42"x36 . $payload; my $sock = IO::Socket::INET-newPeerAddr = '192.168.0.10', PeerPort = 21, Proto =...
Apache Tomcat 8.5.63 / 9.0.43 HTTP Response Smuggling
Exploit Title: CVE-2024-21733 Apache Tomcat HTTP Request Smuggling Date: 1/31/2024 Exploit Author: xer0dayz Vendor Homepage: https://tomcat.apache.org/ Software Link: https://tomcat.apache.org/ Version: 8.5.7 to 8.5.63 or 9.0.44 or later CVE : CVE-2024-21733 Description: Apache Tomcat from 8.5.7...
TELSAT marKoni FM Transmitter 1.9.5 Insecure Access Control
TELSAT marKoni FM Transmitter 1.9.5 Insecure Access Control Change Password Vendor: TELSAT Srl Product web page: https://www.markoni.it Affected version: Markoni-D Compact FM Transmitters Markoni-DH Exciter+Amplifiers FM Transmitters Markoni-A Analogue Modulator FM Transmitters Firmware: 1.9.5...
Mirth Connect 4.4.0 Remote Command Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Mirth Connect Deserialization RCE', 'Description' = %q A vulnerability exists within Mirth Connect due to its mishandling of deserialized data...
Solar FTP Server 2.1.1 Denial Of Service
!/usr/bin/python Exploit Title: Solar FTP Server 2.1.1 PASV Command - Denial of Service DoS Discovery by: Fernando Mengali Discovery Date: 31 january 2024 Vendor Homepage: N/A Download to demo: Notification vendor: No reported Tested Version: Solar FTP Server 2.1.1 Tested on: Window XP Profession...
XenForo 2.2.13 ArchiveImport.php Zip Slip
------------------------------------------------------------ XenForo zip; 201. $DS = \XF::$DS; 202. 203. if $this-extracted 204. 205. return; 206. 207. 208. for $i = 0; $i numFiles; $i++ 209. 210. $zipFileName = $zip-getNameIndex$i; 211. $fsFileName = $this-getFsFileNameFromZipName$zipFileName;...
TELSAT marKoni FM Transmitter 1.9.5 Client-Side Access Control Bypass
TELSAT marKoni FM Transmitter 1.9.5 Client-Side Access Control Bypass Vendor: TELSAT Srl Product web page: https://www.markoni.it Affected version: Markoni-D Compact FM Transmitters Markoni-DH Exciter+Amplifiers FM Transmitters Markoni-A Analogue Modulator FM Transmitters Firmware: 1.9.5 1.9.3...
TELSAT marKoni FM Transmitter 1.9.5 Backdoor Account
TELSAT marKoni FM Transmitter 1.9.5 Backdoor Account Vendor: TELSAT Srl Product web page: https://www.markoni.it Affected version: Markoni-D Compact FM Transmitters Markoni-DH Exciter+Amplifiers FM Transmitters Markoni-A Analogue Modulator FM Transmitters Firmware: 1.9.5 1.9.3 1.5.9 1.4.6 1.3.9...
TELSAT marKoni FM Transmitter 1.9.5 Root Command Injection
!/usr/bin/env python TELSAT marKoni FM Transmitter 1.9.5 Root Command Injection PoC Exploit Vendor: TELSAT Srl Product web page: https://www.markoni.it Affected version: Markoni-D Compact FM Transmitters Markoni-DH Exciter+Amplifiers FM Transmitters Markoni-A Analogue Modulator FM Transmitters...
glibc syslog() Heap-Based Buffer Overflow
Qualys Security Advisory CVE-2023-6246: Heap-based buffer overflow in the glibc's syslog ======================================================================== Contents ======================================================================== Summary Analysis Proof of concept Exploitation...
glibc qsort() Out-Of-Bounds Read / Write
Qualys Security Advisory For the algorithm lovers: Nontransitive comparison functions lead to out-of-bounds read & write in glibc's qsort ======================================================================== Contents ========================================================================...
Trojan.Win32 BankShot MVID-2024-0669 Buffer Overflow
Discovery / credits: Malvuln John Page aka hyp3rlinx c 2024 Original source: https://malvuln.com/advisory/f2fd6a7b400782bb43499e722fb62cf4.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Trojan.Win32 BankShot Vulnerability: Remote Stack Buffer Overflow SEH Description: The...
httpdx 1.5.1 Denial Of Service
!/usr/bin/perl use IO::Socket::INET; Exploit Title: httpdx 1.5.1 - Denial of Service DoS Discovery by: Fernando Mengali Discovery Date: 30 january 2024 Vendor Homepage: http://httpdx.sourceforge.net Download to demo: https://sourceforge.net/projects/httpdx/files/httpdx/httpdx%201.5.1/ Notificatio...
WS_FTP Server 5.0.5 Denial Of Service
!/usr/bin/perl use IO::Socket::INET; Exploit Title: WSFTP Server 5.0.5 - Denied of Service DoS Discovery by: Fernando Mengali Discovery Date: 30 january 2024 Vendor Homepage: N/A Notification vendor: No reported Tested Version: 5.0.5 Tested on: Window XP Professional - Service Pack 2 and 3 -...
PSOProxy 0.91 Denial Of Service
!/usr/bin/perl use IO::Socket::INET; Exploit Title: PSOProxy 0.91 - Denial of Service DoS Discovery by: Fernando Mengali Discovery Date: 28 january 2024 Vendor Homepage: https://sourceforge.net/projects/psoproxy/files/latest/download Download to demo:...
PHPJ Callback Widget 1.0 Cross Site Scripting
Title: PHPJ-Callback-Widget-1.0-XSS-Stored-admin-Hijacking Author: nu11secur1ty Date: 01/26/2024 Vendor: https://www.phpjabbers.com/ Software: https://www.phpjabbers.com/callback-widget/ Reference: https://portswigger.net/web-security/cross-site-scripting Description: The Callback Requests functi...
CSZCMS 1.3.0 SQL Injection
Title: CSZCMS v1.3.0 - SQL Injection Author: Abdulaziz Almetairy Date: 27/01/2024 Vendor: https://www.cszcms.com/ Software: https://sourceforge.net/projects/cszcms/files/install/CSZCMS-V1.3.0.zip/download Reference: https://github.com/oh-az Tested on: Windows 11, MySQL, Apache 1 - Log in to the...
Savant 3.0 Denial Of Service
!/usr/bin/perl use IO::Socket; Exploit Title: Savant 3.0 - Denied of Service DoS Discovery by: Fernando Mengali Discovery Date: 27 january 2024 https://sourceforge.net/projects/savant/files/Savant/3.0/Savant30.exe/download Download to demo:...
Reprise License Manager 15.1 Privilege Escalation / File Write
Multiple Vulnerabilities in Reprise License Manager 15.1 CVE-2023-43183, CVE-2023-44031 Credit: Mohaiman Rahim...
Interactive Floor Plan 1.0 Cross Site Scripting
Title: Interactive-Floor-Plan-1.0-XSS-Reflected-SESSION-Hijacking Author: nu11secur1ty Date: 01/28/2024 Vendor: https://www.phpjabbers.com/ Software: https://www.phpjabbers.com/interactive-floor-plan-software/sectionDemo Reference: https://portswigger.net/web-security/cross-site-scripting/reflect...
Chrome 121 Javascript Fork Malloc Bomb
Searching the web for javascript fork malloc bomb returns results, e.g. here1: and here2: We got a javascript fork malloc bomb which crashed Chrome 121 on linux with SIGILL and about one in five runs the virtual machine freezes. SIGILL almost always is a sign of memory corruption : On android it...
Seattle Lab Mail 5.5 Denial Of Service
use IO::Socket; sub intro print "\n"; print " Seattle Lab Mail SLmail 5.5 \n"; print " \n"; print " Coded By Fernando Mengali \n"; print " \n"; print " POP3 'PASS' Denied of Service - DoS \n"; print " \n"; print "\n"; intro; if !$ARGV0 && !$ARGV1 print "\nUsage: $0 \n"; exit0; my $host = $ARGV0; ...
Xitami 2.5b4 Denial Of Service
!/usr/bin/perl use IO::Socket::INET; Exploit Title: Xitami 2.5b4 - Denial of Service DoS Discovery by: Fernando Mengali Discovery Date: 29 january 2024 Vendor Homepage: https://imatix-legacy.github.io/xitami.com/ Download to demo:...
Jenkins 2.441 / LTS 2.426.3 Arbitrary File Read
python poc.py usage: python poc.py http://127.0.0.1:8888/ /etc/passwd import threading import http.client import time import uuid import urllib.parse import sys if lensys.argv != 3: print' usage: python poc.py http://127.0.0.1:8888/ /etc/passwd' exit databytes =...
Vinchin Backup And Recovery 7.2 Default Root Credentials
CVE ID: CVE-2024-22902 Title: Default Root Credentials Vulnerability in Vinchin Backup & Recovery v7.2 Suggested Description: Vinchin Backup & Recovery version 7.2 has been identified as being configured with default root credentials, posing a significant security vulnerability. Additional...
Vinchin Backup And Recovery 7.2 syncNtpTime Command Injection
CVE ID: CVE-2024-22899 Title: Command Injection Vulnerability in Vinchin Backup and Recovery's syncNtpTime Function in Versions 7.2 and Earlier Description: A critical security vulnerability, identified as CVE-2024-22899, has been discovered in the syncNtpTime function of Vinchin Backup and...
YahooPOPs 1.6 Denial Of Service
use IO::Socket; sub intro print q ,--, / /| ,;' , // // '--; ' \ | ^ ^ ^ + YahooPOPs 1.6 - SMTP - Denial of Service DoS Coded by Fernando Mengali @ e-mail: [email protected] intro; if !$ARGV0 print "\nUsage: $0 \n"; exit0; my $host = $ARGV0; my $username = $ARGV1; my $password = $ARGV2;...
Vinchin Backup And Recovery 7.2 SystemHandler.class.php Command Injection
CVE ID: CVE-2024-22903 Title: Command Injection Vulnerability in SystemHandler.class.php of Vinchin Backup & Recovery Versions 7.2 and Earlier Description: A significant security vulnerability, CVE-2024-22903, has been identified in the deleteUpdateAPK function within the SystemHandler.class.php...
CloudLinux CageFS 7.0.8-2 Insufficiently Restricted Proxy Command
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 CloudLinux CageFS Insufficiently Restricted Proxy Command Link: https://github.com/sbaresearch/advisories/tree/public/2020/SBA-ADV-20200707-02CloudLinuxCageFSInsufficientlyRestrictedProxyCommands Vulnerability Overview CloudLinux CageFS 7.0.8-2 or...
CloudLinux CageFS 7.1.1-1 Token Disclosure
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 CloudLinux CageFS Token Disclosure Link: https://github.com/sbaresearch/advisories/tree/public/2020/SBA-ADV-20200707-01CloudLinuxCageFSTokenDisclosure Vulnerability Overview CloudLinux CageFS 7.1.1-1 or below passes the authentication token as a...
Vinchin Backup And Recovery 7.2 Default MySQL Credentials
CVE ID: CVE-2024-22901 Title: Default MYSQL Credentials Vulnerability in Vinchin Backup & Recovery v7.2 Description: A critical security issue, identified as CVE-2024-22901, has been discovered in Vinchin Backup & Recovery version 7.2. The software has been found to use default MYSQL credentials,...
Atlassian Confluence SSTI Injection
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Atlassian Confluence SSTI Injection', 'Description' = %q This module exploits an SSTI injection in Atlassian Confluence servers. A specially...
Vinchin Backup And Recovery 7.2 setNetworkCardInfo Command Injection
CVE ID: CVE-2024-22900 Title: Command Injection Vulnerability in Vinchin Backup and Recovery Versions 7.2 and Earlier Description: A critical security vulnerability, identified as CVE-2024-22900, has been discovered in Vinchin Backup and Recovery software, affecting versions 7.2 and earlier. The...
Gabriels FTP Server 1.2 Denial Of Service
!/usr/bin/perl use IO::Socket::INET; Exploit Title: Gabriels FTP Server 1.2 - Denial of Service DoS Discovery by: Fernando Mengali Discovery Date: 25 january 2024 Vendor Homepage: N/A Download to demo: https://drive.google.com/file/d/1k8QxfP6x908E-1QpRAVulKoAM9OEo1a8/view?usp=sharing Notification...
Saltstack Minion Payload Deployer
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Saltstack Minion Payload Deployer', 'Description' = %q This exploit module uses saltstack salt to deploy a payload and run it on all targets whic...
GL.iNet Unauthenticated Remote Command Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'digest/md5' class MetasploitModule 'GL.iNet Unauthenticated Remote Command Execution via the logread module.', 'Description' = %q A command injection...
MiniWeb HTTP Server 0.8.19 Denial Of Service
!/usr/bin/perl use IO::Socket; Exploit Title: MiniWeb HTTP Server 0.8.19 - Denied of Service DoS Discovery by: Fernando Mengali Discovery Date: 24 january 2024 Vendor Homepage: N/A Download to demo: https://drive.google.com/file/d/1935vpOZJPFJqnwTMPdkXTvoblA1SzBEK/view?usp=sharing Notification...
Employee Management System 1.0 SQL Injection
Exploit Title: Employee Management System - SQLi Date: 23/03/2024 Exploit Author: Özlem Balcı Vendor Homepage: https://www.sourcecodester.com Software Link: https://www.sourcecodester.com/php/16999/employee-management-system.html Software Download:...
Solar FTP Server 2.1.2 Denial Of Service
!/usr/bin/perl use IO::Socket::INET; Exploit Title: Solar FTP Server 2.1.2 - PASV - Denial of Service DoS Discovery by: Fernando Mengali Discovery Date: 23 january 2024 Vendor Homepage: N/A Download to demo: https://drive.google.com/file/d/1o4xTt67bUJYAAKm0pqNIG99ly--xRQBp/view?usp=sharing...
PRTG Authenticated Remote Code Execution
class MetasploitModule 'PRTG CVE-2023-32781 Authenticated RCE', 'Description' = %q Authenticated RCE in Paessler PRTG , 'License' = MSFLICENSE, 'Author' = 'Kevin Joensen ', 'References' = 'URL', 'https://baldur.dk/blog/prtg-rce.html', 'CVE', '2023-32781' , 'DisclosureDate' = '2023-08-09',...