50653 matches found
Apache 2.4.55 mod_proxy HTTP Request Smuggling
Some modproxy configurations on Apache HTTP Server versions 2.4.0 through 2.4.55 allow a HTTP Request Smuggling attack. Configurations are affected when modproxy is enabled along with some form of RewriteRule or ProxyPassMatch in which a non-specific pattern matches some portion of the...
Ultra Mini HTTPd 1.21 Denial Of Service
Exploit Title: Ultra Mini HTTPd 1.21 - Denial of Service DoS Discovery by: Fernando Mengali Discovery Date: 2024-01-01 Vendor Homepage: https://acme.com/ Software Link: https://acme.com/ Notification vendor: Yes reported Tested Version: Ultra Mini HTTPd 1.21 Tested on: Window XP Professional -...
Apache OFBiz 18.12.09 Remote Code Execution
From: Jacques Le Roux Date: Mon, 04 Dec 2023 21:04:50 +0000 Severity: moderate Affected versions: - Apache OFBiz before 18.12.10 Description: Pre-auth RCE in Apache Ofbiz 18.12.09. It's due to XML-RPC no longer maintained still present. This issue affects Apache OFBiz: before 18.12.10. Users are...
Lot Reservation Management System 1.0 File Disclosure
Exploit Title: Lot Reservation Management System Unauthenticated File Disclosure Vulnerability Google Dork: N/A Date: 10th December 2023 Exploit Author: Elijah Mandila Syoyi Vendor Homepage: https://www.sourcecodester.com/php/14530/lot-reservation-management-system-using-phpmysqli-source-code.htm...
Lot Reservation Management System 1.0 Shell Upload
Exploit Title: Lot Reservation Management System Unauthenticated File Upload and Remote Code Execution Google Dork: N/A Date: 10th December 2023 Exploit Author: Elijah Mandila Syoyi Vendor Homepage:...
Microsoft Windows PowerShell Code Execution / Event Log Bypass
Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/WINDOWSPOWERSHELLSINGLEQUOTECODEEXECEVENTLOGBYPASS.txt + twitter.com/hyp3rlinx + ISR: ApparitionSec Vendor www.microsoft.com Product Microsoft Windows PowerShell Built on the...
WhatACart 2.0.7 Cross Site Scripting
Exploit Title: WhatACart Version: 2.0.7 - Reflected XSS Date: 2023-12-27 Exploit Author: tmrswrr Category : Webapps Vendor Homepage: https://whatacart.com Version: 2.0.7 Tested on: https://whatacart.com/demo 1 Go to this page : https://demo.whatacart.com/ 2 Write search field this payload :...
FreeSWITCH 1.10.10 Denial Of Service
FreeSWITCH susceptible to Denial of Service via DTLS Hello packets during call initiation - Fixed versions: 1.10.11 - Enable Security Advisory: https://github.com/EnableSecurity/advisories/tree/master/ES2023-02-freeswitch-dtls-hello-race - Vendor Security Advisory:...
ShopSite 14.0 Cross Site Scripting
Exploit Title: ShopSite Version: 14.0 - Stored XSS Date: 2023-12-25 Exploit Author: tmrswrr Category : Webapps Vendor Homepage: https://www.shopsite.com/ Version: 14.0 Tested on: https://www.shopsite.com/demo.html 1 Upload poc.svg file here :...
Hospital Management System 4.0 XSS / Shell Upload / SQL Injection
Description: Mutiple vulnerabilties were discovered in Hospital Management System Affected CMS: Hospital Management System Affected Version: unread query - type something in admin remark e.g test and submit Step 3. Replace the POST body to below payload and server will respond after 5 second...
GilaCMS 1.15.4 SQL Injection
Description: GilaCMS widget and use wiget area filter to perform search Sample payload: http://targeturl/cm/listrows/widget?page=1&area=dashboard'%20UNION%20ALL%20SELECT%20NULL,NULL,NULL,NULL,@@version,NULL--%20 Attack Vector 2: After login into admin portal, go to edit...
Craft CMS 4.4.14 Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Craft CMS unauthenticated Remote Code Execution RCE', 'Description' = %q This module exploits Remote Code Execution vulnerability CVE-2023-41892 ...
Vinchin Backup And Recovery Command Injection
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Vinchin Backup and Recovery Command Injection', 'Description' = %q This module exploits a command injection vulnerability in Vinchin Backup &...
Glibc Tunables Privilege Escalation
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 561, '3602eac894717d56555552c84fc6b0e4d6a4af72' = 561, 'a99db3715218b641780b04323e4ae5953d68a927' = 561, 'a8daca28288575ffc8c7641d40901b0148958fb1...
MajorDoMo Remote Code Execution
Introduction MajorDoMo, a beacon in Russian home automation and particularly favored by Raspberry Pi aficionados, has been a trusted name for over a decade. With over 380 stars on its official GitHub repository at the time of writing https://github.com/sergejey/majordomo, its popularity is eviden...
MOKOSmart MKGW1 Gateway Improper Session Management
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 MOKOSmart MKGW1 Gateway Improper Session Management Link: https://github.com/sbaresearch/advisories/tree/public/2022/SBA-ADV-20220120-01MOKOSmartMKGW1GatewayImproperSessionManagement Vulnerability Overview MOKOSmart MKGW1 Gateway devices with firmwa...
TYPO3 11.5.24 Path Traversal
Exploit Title: TYPO3 11.5.24 Path Traversal Vulnerability Authenticated Date: Apr 9, 2023 Exploit Author: Saeed reza Zamanian Software Link: https://get.typo3.org/release-notes/11.5.24 Version: 11.5.24 Tested on: Kali 2022.3 CVE : CVE-2023-30451 In TYPO3 11.5.24, the filelist component allows...
Atlassian Confluence Improper Authorization / Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Atlassian Confluence Unauth JSON setup-restore Improper Authorization leading to RCE CVE-2023-22518', 'Description' = %q This Improper...
RTPEngine mr11.5.1.6 Denial Of Service
RTPEngine susceptible to Denial of Service via DTLS Hello packets during call initiation - Fixed versions: mr12.1.1.2, mr12.0.1.3, mr11.5.1.16, mr10.5.6.3, mr10.5.6.2 - Enable Security Advisory: https://github.com/EnableSecurity/advisories/tree/master/ES2023-03-rtpengine-dtls-hello-race - Vendor...
osCommerce 4.13-60075 Shell Upload
Title: osCommerce 4.13-60075 File-Upload-RCE Author: nu11secur1ty Date: 12/14/2023 Vendor: https://www.oscommerce.com/ Software: https://www.oscommerce.com/download-file Reference: https://portswigger.net/web-security/file-upload Description: The parameter "icon-pencil" in the upload-file...
Asterisk 20.1.0 Denial Of Service
Asterisk susceptible to Denial of Service via DTLS Hello packets during call initiation - Fixed versions: 18.20.1, 20.5.1, 21.0.1,18.9-cert6 - Enable Security Advisory: https://github.com/EnableSecurity/advisories/tree/master/ES2023-01-asterisk-dtls-hello-race - Vendor Security Advisory:...
PKP-WAL 3.4.0-3 Remote Code Execution
--------------------------------------------------------------------------------- PKP-WAL getDeployment; 103. 104. $context = $deployment-getContext; 105. 106. $locale = $node-getAttribute'locale'; 107. if empty$locale 108. $locale = $context-getPrimaryLocale; 109. 110. 111. $coverImagelocale = ;...
One Identity Password Manager Kiosk Escape Privilege Escalation
SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Kiosk Escape Privilege Escalation product: One Identity Password Manager Secure Password Extension vulnerable version: 5.13.1 fixed version: 5.13.1 CVE number:...
Atos Unify OpenScape Authentication Bypass / Remote Code Execution
SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Argument injection leading to unauthenticated RCE and authentication bypass product: Atos Unify OpenScape Session Border Controller SBC Atos Unify OpenScape Branch Atos...
Anveo Mobile User Enumeration / Missing Certificate Validation
SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Missing Certificate Validation & User Enumeration product: Anveo Mobile App and Server vulnerable version: Mobile App: 10.0.0.359 / 2016-07-13; Server: 11.0.0.5 fixed...
PDF24 Creator 11.15.1 Local Privilege Escalation
SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Local Privilege Escalation via MSI installer product: PDF24 Creator geek Software GmbH vulnerable version: =11.15.1 fixed version: 11.15.2 CVE number: CVE-2023-49147...
Splunk XSLT Upload Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Splunk Authenticated XSLT Upload RCE', 'Description' = %q This Metasploit module exploits a Remote Code Execution RCE vulnerability in Splunk...
WordPress Backup Migration 1.3.7 Remote Code Execution
Vulnerability Summary from Wordfence Intelligence Description: Backup Migration = 1.3.7 backup-backup Unauthenticated Remote Code Execution Affected Plugin: Backup Migration Plugin Slug: backup-backup Affected Versions: = 1.3.7 CVE ID:CVE-2023-6553 Pending CVSS Score: 9.8 Critical CVSS Vector:...
WordPress Contact Form To Any API 1.1.6 Cross Site Request Forgery
Exploit Title: WP Plugins Contact Form to Any API history.pushState'', '', '/'; document.forms0.submit; Recommendation Upgrade to version 1.1.7...
WordPress Bravo Translate 1.2 SQL Injection
Exploit Title: WP Plugins Bravo Translate = 1.2 - SQL Injection Date: 09-12-2023 Exploit Author: Arvandy Software Link: https://wordpress.org/plugins/bravo-translate/ Version: 1.2 Tested on: Windows, Linux CVE: CVE-2023-49161 Product Description This plugin allow you to translate your monolingual...
WordPress TextMe SMS 1.9.0 Cross Site Request Forgery
Exploit Title: WP Plugins TextMe SMS history.pushState'', '', '/'; document.forms0.submit; Recommendation Upgrade to version 1.9.1...
ISPConfig 3.2.11 PHP Code Injection
------------------------------------------------------------------------ ISPConfig = 3.2.11 languageedit.php PHP Code Injection Vulnerability ------------------------------------------------------------------------ - Software Link: https://www.ispconfig.org - Affected Versions: Version 3.2.11 and...
Kopage Website Builder 4.4.15 Shell Upload
Title: Kopage-Website-Builder-4.4.15-File-Upload-RCE Author: nu11secur1ty Date: 12/08/2023 Vendor: https://www.kopage.com/ Software: https://demo.kopage.com/index.php Reference: https://portswigger.net/web-security/file-upload,...
osCommerce 4 SQL Injection
Exploit Title: osCommerce 4 - SQL Injection Exploit Author: CraCkEr Date: 22/11/2023 Vendor: osCommerce ltd. Vendor Homepage: https://www.oscommerce.com/ Software Link: https://demo.oscommerce.com/ Demo Link: https://demo.oscommerce.com/b2b-supermarket/ Tested on: Windows 11 Home Impact: Database...
Microsoft Defender Anti-Malware PowerShell API Arbitrary Code Execution
Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/MICROSOFTDEFENDERANTIMALWAREPOWERSHELLAPIUNINTENDEDCODEEXECUTION.txt + twitter.com/hyp3rlinx + x.com/hyp3rlinx + ISR: ApparitionSec Vendor www.microsoft.com Product Windows...
ConQuest Dicom Server 1.5.0d Remote Command Execution
!/usr/bin/env python3 --------------------------------------------------------- preauth rce poc for ConQuest Dicom Server 1.5.0d --------------------------------------------------------- 04.08.2023 @ 22:07 code610 blogspot com import socket target = '192.168.56.106' rport = 5678 pkt1 =...
Docker cgroups Container Escape
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Docker cgroups Container Escape', 'Description' = %q This exploit module takes advantage of a Docker image which has either the privileged flag, ...
WinterCMS 1.2.3 Cross Site Scripting
Exploit Title: Stored XSS in WinterCMS 1.2.3 Plugin Components Date: 12/7/2023 Exploit Author: tmrswrr Vendor Homepage: https://wintercms.com/ Software Link: https://github.com/wintercms/winter Version: 1.2.3 Tested on: debian 9 PoC 1. Access the WinterCMS backend at http://localhost/backend/cms...
Winter CMS 1.2.2 Server-Side Template Injection
Exploit Title: Winter CMS 1.2.2 / 1.2.3 - Server-Side Template Injection SSTI Authenticated Exploit Author: tmrswrr Date: 12/05/2023 Vendor: https://wintercms.com/ Software Link: https://github.com/wintercms/winter/releases/v1.2.2 Vulnerable Versions: 1.2.2 / 1.2.3 Tested :...
CE Phoenixcart 1.0.8.20 Shell Upload
Title: PhoenixCart-1.0.8.20-File-Upload-Bypass-override-htaccess-security-RCE Author: nu11secur1ty Date: 12/06/2023 Vendor: https://phoenixcart.org/index.php Software: https://github.com/CE-PhoenixCart/PhoenixCart/archive/master.zip Reference: https://portswigger.net/web-security/file-upload,...
Winter CMS 1.2.2 Server-Side Template Injection
Exploit Title: Winter CMS 1.2.2 - Server-Side Template Injection SSTI Authenticated Exploit Author: tmrswrr Date: 12/05/2023 Vendor: https://wintercms.com/ Software Link: https://github.com/wintercms/winter/releases/v1.2.2 Vulnerable Versions: 1.2.2 Tested :...
FortiWeb VM 7.4.0 build577 CLI Crash
;; ;; FortiWeb VM v7.4.0 build577 Post-auth CLI Crash ;; ;; ... ;; ;; code610 / some debug notes fyi ;; ;; 17.11.2023 @ 23:33 ;; FortiWeb diagnose debug crashlog show 2023-11-16 05:07:00 application cli 2023-11-16 05:07:00 signal Segmentation fault received 2023-11-16 05:07:00 RIP 00007fdd1febf44...
TinyDir 1.2.5 Buffer Overflow
-- HNS-2023-04 - HN Security Advisory - https://security.humanativaspa.it/ Title: Buffer overflow vulnerabilities with long path names in TinyDir Product: TinyDir Date: 2023-12-04 CVE ID: CVE-2023-49287 Severity: High - 7.7 - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H Vendor URL:...
PHPJabbers Car Rental 3.0 HTML Injection
Exploit Title: PHPJabbers Car Rental v3.0 - HTML Injection Date: 19/11/2023 Exploit Author: BugsBD Limited Discover by: Rahad Chowdhury Vendor Homepage: https://www.phpjabbers.com/ Software Link: https://www.phpjabbers.com/car-rental-script/ Version: v3.0 Tested on: Windows 10, Windows 11, Linux...
PHPJabbers Time Slots Booking Calendar 4.0 Missing Rate Limiting
Exploit Title: PHPJabbers Time Slots Booking Calendar v4.0 - No Rate Limit in Email Date: 19/11/2023 Exploit Author: BugsBD Limited Discover by: Rahad Chowdhury Vendor Homepage: https://www.phpjabbers.com/ Software Link: https://www.phpjabbers.com/time-slots-booking-calendar/ Version: v4.0 Tested...
October CMS 3.4.0 Category Cross Site Scripting
OctoberCMS v3.4.0 Category Stored Cross-Site Scripting Vulnerability Vendor: October CMS Product web page: https://www.octobercms.com Affected version: 3.4.0 Summary: OctoberCMS is a self-hosted content management system CMS based on the PHP programming language and Laravel web application...
PHPJabbers Time Slots Booking Calendar 4.0 CSV Injection
Exploit Title: PHPJabbers Time Slots Booking Calendar v4.0 - CSV Injection Date: 13/11/2023 Exploit Author: BugsBD Limited Discover by: Rahad Chowdhury Vendor Homepage: https://www.phpjabbers.com/ Software Link: https://www.phpjabbers.com/time-slots-booking-calendar/ Version: v4.0 Tested on:...
R Radio Network FM Transmitter 1.07 system.cgi Password Disclosure
R Radio Network FM Transmitter 1.07 system.cgi Password Disclosure Vendor: R Radio Network Product web page: http://www.pktc.ac.th Affected version: 1.07 Summary: R Radio FM Transmitter that includes FM Exciter and FM Amplifier parameter setup. Desc: The transmitter suffers from an improper acces...
BoidCMS 2.0.1 Cross Site Scripting
Exploit Title: BoidCMS v2.0.1 - Multiple Stored XSS Date: 13/11/2023 Exploit Author: BugsBD Limited Discover by: Rahad Chowdhury Vendor Homepage: https://boidcms.github.io// Software Link: https://github.com/BoidCMS/BoidCMS/archive/refs/tags/v2.0.1.zip Version: v2.0.1 Tested on: Windows 10, PHP...
October CMS 3.4.0 Blog Cross Site Scripting
OctoberCMS v3.4.0 Blog Stored Cross-Site Scripting Vulnerabilities Vendor: October CMS Product web page: https://www.octobercms.com Affected version: 3.4.0 Summary: OctoberCMS is a self-hosted content management system CMS based on the PHP programming language and Laravel web application framewor...