50653 matches found
F5 BIG-IP TMUI Directory Traversal / File Upload / Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'F5 BIG-IP TMUI Directory Traversal and File Upload RCE', 'Description' = %q This module exploits a directory traversal in F5's BIG-IP Traffic...
MagnusBilling Remote Command Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'rex/stopwatch' class MetasploitModule 'MagnusBilling application unauthenticated Remote Command Execution.', 'Description' = %q A Command Injection vulnerabilit...
F5 BIG-IP TMUI AJP Smuggling Remote Command Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'rex/proto/apachejp' class MetasploitModule 'F5 BIG-IP TMUI AJP Smuggling RCE', 'Description' = %q This module exploits a flaw in F5's BIG-IP Traffic Management...
AjaxPro Deserialization Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'AjaxPro Deserialization Remote Code Execution', 'Description' = %q This module leverages an insecure deserialization of data to get remote code...
Cisco IOX XE Unauthenticated Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Cisco IOX XE Unauthenticated RCE Chain', 'Description' = %q This module leverages both CVE-2023-20198 and CVE-2023-20273 against vulnerable...
EnBw SENEC Legacy Storage Box Default Credentials
Advisory ID: Ph0s-2023-004 Product: EnBw - SENEC legacy storage box: V1-V3 Manufacturer: SENEC - a part of EnBw Affected Versions: Firmware: all as of 2023-06-19 Tested Versions: current Vulnerability Type: CWE-1392: Use of Default Credentials Risk Level: CVSS v3.1 Vector:...
Penglead 2.0 SQL Injection
Title: penglead-2.0 SQLi-Bypass Authentication Author: nu11secur1ty Date: 11/10/2023 Vendor: https://www.mayurik.com/ Software: https://www.mayurik.com/source-code/P2760/lead-management-system-in-php-free-download Reference: https://portswigger.net/web-security/sql-injection Description: The id...
Maxima Max Pro Power 1.0 486A BLE Traffic Replay
Exploit Title: Maxima Max Pro Power - BLE Traffic Replay Unauthenticated Date: 13-Nov-2023 Exploit Author: Alok kumar [email protected], Cyberpwn Technologies Pvt. Ltd. Vendor Homepage: https://www.maximawatches.com Product Link: https://www.maximawatches.com/products/max-pro-power Firmware...
WordPress Contact Form To Any API 1.1.2 SQL Injection
Exploit Title: WP Plugins Contact Form to Any API = 1.1.2 - SQL Injection Date: 12-11-2023 Exploit Author: Arvandy Software Link: https://wordpress.org/plugins/contact-form-to-any-api/ Vendor Homepage: https://www.itpathsolutions.com/ Version: 1.1.2 Tested on: Windows, Linux CVE: CVE-2023-32741...
Travel 1.0 SQL Injection
Title: travel-1.0-by-oretnom23 Multiple-SQLi Author: nu11secur1ty Date: 11/12/2023 Vendor: https://github.com/oretnom23 Software: https://github.com/oretnom23/php-travel-agency-system Reference: https://portswigger.net/web-security/sql-injection Description: The search parameter appears to be...
EnBw SENEC Legacy Storage Box Exposed Interface
Advisory ID: Ph0s-2023-005 Product: EnBw - SENEC legacy storage box: V1-V3 Manufacturer: SENEC - a part of EnBw Affected Versions: Firmware: all as of 2023-06-19 Tested Versions: current Vulnerability Type: CWE-923: Improper Restriction of Communication Channel to Intended Endpoints Risk Level:...
EnBw SENEC Legacy Storage Box Hardcoded Credentials
Advisory ID: Ph0s-2023-003 Product: EnBw - SENEC legacy storage box: V1-V3 Manufacturer: SENEC - a part of EnBw Affected Versions: Firmware: all as of 2023-06-19 Tested Versions: current Vulnerability Type: CWE-307: Improper Restriction of Excessive Authentication Attempts CWE-798: Use of...
LOYTEC Electronics Insecure Transit / Insecure Permissions / Unauthenticated Access
CVE : CVE-2023-46380, CVE-2023-46381, CVE-2023-46382 + Title : Multiple vulnerabilities in Loytec LWEB-802, L-INX Automation Servers, L-IOB I/O Controllers, L-VIS Touch Panels + Vendor : LOYTEC electronics GmbH + Affected Products : LINX-212 firmware 6.2.4, LVIS-3ME12-A1 firmware 6.2.2, LIOB-586...
Elementor Website Builder SQL Injection
EXPLOIT Elementor Website Builder Replace URL page. On the Replace URL page, enter any random string as the "New URL" and the following malicious payload as the "Old URL": code : http://localhost:8080/?test',metakey='key4'where+metaid=SLEEP2; Press "Replace URL" on the Replace URL page. Burp Suit...
EnBw SENEC Legacy Storage Box Information Disclosure
Advisory ID: Ph0s-2023-002 Product: EnBw - SENEC legacy storage box: V1-V3 Manufacturer: SENEC - a part of EnBw Affected Versions: Firmware: all as of 2023-06-19 Tested Versions: current Vulnerability Type: CWE-200: Exposure of Sensitive Information to an Unauthorized Actor Risk Level: CVSS v3.1...
XAMPP 3.3.0 Buffer Overflow
Exploit Title: XAMPP v3.3.0 — '.ini' Buffer Overflow Unicode + SEH Date: 2023-10-26 Author: Talson @Ripp3rdoc Software Link: https://sourceforge.net/projects/xampp/files/XAMPP%20Windows/8.0.28/xampp-windows-x64-8.0.28-0-VS16-installer.exe Version: 3.3.0 Tested on: Windows 11 CVE-2023-46517 \ / \ ...
Splunk edit_user Capability Privilege Escalation
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Splunk "edituser" Capability Privilege Escalation', 'Description' = %q A low-privileged user who holds a role that has the "edituser" capability...
SugarCRM 13.0.1 Shell Upload
------------------------------------------------------------------------------- SugarCRM = 13.0.1 setnoteattachment Unrestricted File Upload Vulnerability ------------------------------------------------------------------------------- - Software Link: https://www.sugarcrm.com - Affected Versions:...
phpFox 4.8.13 PHP Object Injection
-------------------------------------------------------------- phpFox = 4.8.13 redirect PHP Object Injection Vulnerability -------------------------------------------------------------- - Software Link: https://www.phpfox.com - Affected Versions: Version 4.8.13 and prior versions. - Vulnerability...
SugarCRM 13.0.1 Server-Side Template Injection
---------------------------------------------------------------------------- SugarCRM = 13.0.1 GetControl Server-Side Template Injection Vulnerability ---------------------------------------------------------------------------- - Software Link: https://www.sugarcrm.com - Affected Versions: Versio...
Oracle 19c / 21c Sharding Component Password Hash Exposure
Title: CVE-2023-22074 – Oracle database password hash exposure in sharding component Product: Database Manufacturer: Oracle Affected Versions: 19c,21c 19.3-19.20 and 21.3-21.11 Tested Versions: 19c Risk Level: Low Solution Status: Fixed CVE Reference: CVE-2023-22074 Base Score: 2.4 Author of...
WordPress AI ChatBot 4.8.9 SQL Injection / Traversal / File Deletion
Vulnerability Details and Technical Analysis The AI ChatBot plugin provides website owners with a plug and play chat solution that can be expanded upon with customizable FAQs and custom text responses. It provides website users with an interface that allows them to look up order information, leav...
TEM Opera Plus FM Family Transmitter 35.45 Remote Code Execution
TEM Opera Plus FM Family Transmitter 35.45 Remote Code Execution Vendor: Telecomunicazioni Elettro Milano TEM S.r.l. Product web page: https://www.tem-italy.it Affected version: Software version: 35.45 Webserver version: 1.7 Summary: This new line of Opera plus FM Transmitters combines very high...
TEM Opera Plus FM Family Transmitter 35.45 Cross Site Request Forgery
CSRF Change Forward Power: -------------------------...
VMWare Aria Operations For Networks SSH Private Key Exposure
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'net/ssh' require 'net/ssh/commandstream' class MetasploitModule 'VMWare Aria Operations for Networks vRealize Network Insight SSH Private Key Exposure',...
WordPress LiteSpeed Cache 5.6 Cross Site Scripting
Vulnerability Summary from Wordfence Intelligence Description: LiteSpeed Cache = 5.6 – Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode Affected Plugin: LiteSpeed Cache Plugin Slug: litespeed-cache Affected Versions: = 5.6 CVE ID: CVE-2023-4372 CVSS Score: 6.4 Medium CVSS...
Moodle 4.3 Cross Site Scripting
Exploit Title: Moodle 4.3 Reflected XSS Date: 21/10/2023 Exploit Author: tmrswrr Vendor Homepage: https://moodle.org/ Software Demo: https://school.moodledemo.net/ Version: 4.3 Tested on: Linux Vulnerability Details ====================== Steps : 1. Log in to the application with the given...
VIMESA VHF/FM Transmitter Blue Plus 9.7.1 Denial Of Service
VIMESA VHF/FM Transmitter Blue Plus 9.7.1 doreboot Remote Denial Of Service Vendor: Video Medios, S.A. VIMESA Product web page: https://www.vimesa.es Affected version: img:v9.7.1 Html:v2.4 RS485:v2.5 Summary: The transmitter Blue Plus is designed with all the latest technologies, such as high...
Atlassian Confluence Unauthenticated Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Atlassian Confluence Unauthenticated Remote Code Execution', 'Description' = %q This module exploits an improper input validation issue in...
Zoo Management System 1.0 Shell Upload
Exploit Title: Zoo Management System 1.0 - Unauthenticated RCE Date: 16.10.2023 Exploit Author: Çağatay Ceyhan Vendor Homepage: https://www.sourcecodester.com/php/15347/zoo-management-system-source-code-php-mysql-database.htmlgooglevignette Software Link:...
ChurchCRM 4.5.4 SQL Injection
Exploit Title: ChurchCRM 4.5.4 - Authenticated Blind SQL Injection via the ENtyid Date: 03-05-2023 Exploit Author: Arvandy Blog Post: https://github.com/arvandy/CVE/blob/main/CVE-2023-29842/CVE-2023-29842.md Software Link: https://github.com/ChurchCRM/CRM/releases Vendor Homepage:...
WordPress Royal Elementor 1.3.78 Shell Upload
Today, on October 13, 2023, the Wordfence Threat Intelligence Team became aware of a vulnerability that was recently patched in Royal Elementor Addons and Templates, a WordPress plugin installed on over 200,000 sites, that makes it possible for unauthenticated attackers to upload arbitrary files ...
NLB mKlik Makedonija 3.3.12 SQL Injection
NLB mKlik Makedonija 3.3.12 SQL Injection Vendor: NLB Banka AD Skopje Product web page: https://www.nlb.mk Google Play: https://play.google.com/store/apps/details?id=hr.asseco.android.jimba.tutunskamk.production Affected version: 3.3.12 Summary: NLB mKlik е мобилна апликација наменета за физички...
WordPress WP ERP 1.12.2 SQL Injection
Exploit Title: WP Plugins WP ERP = 1.12.2 - SQL Injection Date: 15-10-2023 Exploit Author: Arvandy Software Link: https://wordpress.org/plugins/erp/ Vendor Homepage: https://wperp.com/ Version: 1.12.2 Tested on: Windows, Linux CVE: CVE-2023-2744 Product Description WP ERP is the first full-fledge...
2023 Mount Carmel School 6.4.1 Cross Site Scripting
Title: 2023-Mount-Carmel-School-6.4.1 XSS-Reflected - User Interaction Author: nu11secur1ty Date: 10/14/2023 Vendor: https://smart-school.in/ Software: https://demo.smart-school.in/site/userlogin Reference: https://portswigger.net/kb/issues/00200300cross-site-scripting-reflected Description: The...
Apache Superset 2.0.0 Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Apache Superset Signed Cookie RCE', 'Description' = %q Apache Superset versions MSFLICENSE, 'Author' = 'h00die', MSF module 'paradoxis', original...
PyTorch Model Server Registration / Deserialization Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'rex/zip' class MetasploitModule 'PyTorch Model Server Registration and Deserialization RCE', 'Description' = %q The PyTorch model server contains multiple...
WordPress Core 6.3.1 XSS / DoS / Arbitrary Shortcode Execution
The newest WordPress patch includes fixes for 8 Medium-Severity security issues, several of which are trivial to exploit. WordPress Core 6.3.2 was released today, on October 12, 2023. It includes a number of security fixes and additional hardening against commonly exploited vulnerabilities. While...
Dawa Pharma 1.0-2022 SQL Injection
Title: dawa-pharma-1.0-2022 Multiple-SQLi Author: nu11secur1ty Date: 10/12/2023 Vendor: https://www.mayurik.com/ Software: https://www.mayurik.com/source-code/P0349/best-pharmacy-billing-software-free-download Reference: https://portswigger.net/web-security/sql-injection Description: The email...
Clinic's Patient Management System 1.0 Shell Upload
Exploit Title: Clinic's Patient Management System 1.0 - Unauthenticated RCE Date: 07.10.2023 Exploit Author: Oğulcan Hami Gül Vendor Homepage: https://www.sourcecodester.com/php-clinics-patient-management-system-source-code Software Link:...
Lost And Found Information System 1.0 Insecure Direct Object Reference
Exploit Title: Lost and Found Information System v1.0 - idor leads to Account Take over Date: 2023-12-03 Exploit Author: OR4NG.M4N Category : webapps CVE : CVE-2023-38965 Python p0c : import argparse import requests import time parser = argparse.ArgumentParserdescription='Send a POST request to t...
Smart School 6.4.1 SQL Injection
Exploit Title: Smart School 6.4.1 - SQL Injection Exploit Author: CraCkEr Date: 28/09/2023 Vendor: QDocs - qdocs.net Vendor Homepage: https://smart-school.in/ Software Link: https://demo.smart-school.in/ Tested on: Windows 10 Pro Impact: Database Access CVE: CVE-2023-5495 CWE: CWE-89 - CWE-74 -...
Gaatitrack 1.0-2023 SQL Injection
Title: gaatitrack-1.0-2023 Multiple-SQLi Author: nu11secur1ty Date: 08/31/2023 Vendor: https://www.mayurik.com/ Software: https://www.mayurik.com/source-code/P0998/best-courier-management-system-project-in-php Reference: https://portswigger.net/web-security/sql-injection Description: The email...
BoidCMS 2.0.0 Shell Upload
!/usr/bin/python3 Exploit Title: BoidCMS v2.0.0 - authenticated file upload vulnerability Date: 08/21/2023 Exploit Author: 1337kid Vendor Homepage: https://boidcms.github.io// Software Link: https://boidcms.github.io/BoidCMS.zip Version: ' with open'shell.php','w' as f: f.writelinesphpcode ====...
GLPI GZIP(Py3) 9.4.5 Remote Code Execution
!/usr/bin/env python3 Exploit Title: GLPI GZIPPy3 9.4.5 - RCE Date: 08-30-2021 Exploit Authors: Brian Peters & n3rada Vendor Homepage: https://glpi-project.org/ Software Link: https://github.com/glpi-project/glpi/releases Version: 0.8.5-9.4.5 Tested on: Exploit ran on Kali 2021. GLPI Ran on Windo...
WordPress Masterstudy LMS 3.0.17 Account Creation
Exploit Title: Wordpress Plugin Masterstudy LMS - 3.0.17 - Unauthenticated Instructor Account Creation Google Dork: inurl:/user-public-account Date: 2023-09-04 Exploit Author: Revan Arifio Vendor Homepage: https:/.org/plugins/masterstudy-lms-learning-management-system/ Version: | | \ / | | / /| |...
Minio 2022-07-29T19-40-48Z Path Traversal
Exploit Title: Minio 2022-07-29T19-40-48Z - Path traversal Date: 2023-09-02 Exploit Author: Jenson Zhao Vendor Homepage: https://min.io/ Software Link: https://github.com/minio/minio/ Version: Up to excluding 2022-07-29T19-40-48Z Tested on: Windows 10 CVE : CVE-2022-35919 Required before executio...
OpenPLC WebServer 3 Denial Of Service
Exploit Title: OpenPLC WebServer 3 - Denial of Service Date: 10.09.2023 Exploit Author: Kai Feng Vendor Homepage: https://autonomylogic.com/ Software Link: https://github.com/thiagoralves/OpenPLCv3.git Version: Version 3 and 2 Tested on: Ubuntu 20.04 import requests import sys import time import...
WordPress Sonaar Music 4.7 Cross Site Scripting
Exploit Title: Wordpress Sonaar Music Plugin 4.7 - Stored XSS Date: 2023-09-05 Exploit Author: Furkan Karaarslan Category : Webapps Vendor Homepage: http://127.0.0.1/wp/wordpress/wp-comments-post.php Version: 4.7 REQUIRED Tested on: Windows/Linux...
Coppermine Gallery 1.6.25 Remote Code Execution
Exploit Title: coppermine-gallery 1.6.25 RCE Application: coppermine-gallery Version: v1.6.25 Bugs: RCE Technology: PHP Vendor URL: https://coppermine-gallery.net/ Software Link: https://github.com/coppermine-gallery/cpg1.6.x/archive/refs/tags/v1.6.25.zip Date of found: 05.09.2023 Author: Mirabba...