Webedition CMS 2.9.8.8 Server-Side Request Forgery

Exploit Title: Webedition CMS v2.9.8.8 - Blind SSRF Application: Webedition CMS Version: v2.9.8.8 Bugs: Blind SSRF Technology: PHP Vendor URL: https://www.webedition.org/ Software Link: https://download.webedition.org/releases/OnlineInstaller.tgz?p=1 Date of found: 07.09.2023 Author: Mirabbas...

Microsoft Windows 11 apds.dll DLL Hijacking

--------------------------------------------------------- Title: Microsoft Windows 11 - 'apds.dll' DLL hijacking Forced Date: 2023-09-01 Author: Moein Shahabi Vendor: https://www.microsoft.com Version: Windows 11 Pro 10.0.22621 Tested on: Windows 11x64 eng...

Cacti 1.2.24 Command Injection

Exploit Title: Cacti 1.2.24 - Authenticated command injection when using SNMP options Date: 2023-07-03 Exploit Author: Antonio Francesco Sardella Vendor Homepage: https://www.cacti.net/ Software Link: https://www.cacti.net/info/downloads Version: Cacti 1.2.24 Tested on: Cacti 1.2.24 installed on...

Atcom 2.7.x.x Command Injection

Exploit Title: Atcom 2.7.x.x - Authenticated Command Injection Google Dork: N/A Date: 07/09/2023 Exploit Author: Mohammed Adel Vendor Homepage: https://www.atcom.cn/ Software Link: https://www.atcom.cn/html/yingwenban/Product/FastIPphone/2017/1023/135.html Version: All versions above 2.7.x.x Test...

eClass Junior 4.0 SQL Injection

==================================================================================================================================== | Title : eClass Junior 4.0 Sql injection Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 69.032-bit | |...

Kibana Prototype Pollution / Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Kibana Upgrade Assistant Telemetry Collector Prototype Pollution', 'Description' = %q Kibana before version 7.6.3 suffers from a prototype...

Aicte India LMS 3.0 Cross Site Scripting

==================================================================================================================================== | Title : Aicte india LMS 3.0 XSS Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 69.032-bit | | Vendor :...

Chicv Management System Login 4.5.6 Insecure Direct Object Reference

==================================================================================================================================== | Title : Chicv Management System Login v4.5.6 IDOR Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 63.0....

eClass IP 2.5 SQL Injection

==================================================================================================================================== | Title : eClass IP 2.5 Sql injection Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 69.032-bit | | Vend...

glibc ld.so Local Privilege Escalation

Qualys Security Advisory Looney Tunables: Local Privilege Escalation in the glibc's ld.so CVE-2023-4911 ======================================================================== Contents ======================================================================== Summary Analysis Proof of concept...

SAP Application Server ABAP Open Redirection

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Open Redirect in BSP Test Application it00 Bypass for CVE-2020-6215 Patch product: SAP® Application Server ABAP and ABAP® Platform SAPBASIS vulnerable version: see sectio...

Progress Software WS_FTP Unauthenticated Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Progress Software WSFTP Unauthenticated Remote Code Execution', 'Description' = %q This module exploits an unsafe .NET deserialization...

SAP Enable Now Manager 10.6.5 Build 2804 Cloud Edition CSRF / XSS / Redirect

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple Vulnerabilities product: SAP® Enable Now Manager vulnerable version: 10.6.5 Build 2804 Cloud Edition fixed version: May 2023 Release CVE number: N/A cloud impact...

openVIVA c2 20220101 Cross Site Scripting

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Stored Cross-Site Scripting product: mb Support broker management solution openVIVA c2 vulnerable version: 20220801 CVE number: CVE-2022-39172 impact: Medium homepage:...

WordPress Contact Form Generator 2.5.5 Cross Site Scripting

Exploit Title: WP Plugins Contact Form Generator 2.5.5 - Reflected Cross-Site Scripting Date: 03-10-2023 Exploit Author: Arvandy Software Link: https://wordpress.org/plugins/contact-form-generator/ Vendor Homepage: https://www.creative-solutions.net/ Version: 2.5.5 Tested on: Windows, Linux CVE:...

WordPress KiviCare 3.2.0 Cross Site Scripting

Exploit Title: WP Plugins KiviCare 3.2.0 - Reflected Cross-Site Scripting Date: 03-10-2023 Exploit Author: Arvandy Software Link: https://wordpress.org/plugins/kivicare-clinic-management-system/ Vendor Homepage: https://kivicare.io/ Version: 3.2.0 Tested on: Windows, Linux CVE: CVE-2023-2624...

Electrolink FM/DAB/TV Transmitter (login.htm/mail.htm) Credential Disclosure

Electrolink FM/DAB/TV Transmitter login.htm/mail.htm Credentials Disclosure Vendor: Electrolink s.r.l. Product web page: https://www.electrolink.com Affected version: 10W, 100W, 250W, Compact DAB Transmitter 500W, 1kW, 2kW Medium DAB Transmitter 2.5kW, 3kW, 4kW, 5kW High Power DAB Transmitter 100...

Juniper SRX Firewall / EX Switch Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'unixcrypt' require 'net/ssh' require 'net/ssh/commandstream' class MetasploitModule 'Junos OS PHPRC Environment Variable Manipulation RCE', 'Description' = %q...

Electrolink FM/DAB/TV Transmitter (controlloLogin.js) Credential Disclosure

Electrolink FM/DAB/TV Transmitter controlloLogin.js Credentials Disclosure Vendor: Electrolink s.r.l. Product web page: https://www.electrolink.com Affected version: 10W, 100W, 250W, Compact DAB Transmitter 500W, 1kW, 2kW Medium DAB Transmitter 2.5kW, 3kW, 4kW, 5kW High Power DAB Transmitter 100W...

Electrolink FM/DAB/TV Transmitter Pre-Auth MPFS Image Remote Code Execution

Electrolink FM/DAB/TV Transmitter Pre-Auth MPFS Image Remote Code Execution Vendor: Electrolink s.r.l. Product web page: https://www.electrolink.com Affected version: 10W, 100W, 250W, Compact DAB Transmitter 500W, 1kW, 2kW Medium DAB Transmitter 2.5kW, 3kW, 4kW, 5kW High Power DAB Transmitter 100...

Electrolink FM/DAB/TV Transmitter Vertical Privilege Escalation

Electrolink FM/DAB/TV Transmitter Vertical Privilege Escalation Vendor: Electrolink s.r.l. Product web page: https://www.electrolink.com Affected version: 10W, 100W, 250W, Compact DAB Transmitter 500W, 1kW, 2kW Medium DAB Transmitter 2.5kW, 3kW, 4kW, 5kW High Power DAB Transmitter 100W, 500W, 1kW...

Electrolink FM/DAB/TV Transmitter (Login Cookie) Authentication Bypass

Electrolink FM/DAB/TV Transmitter Login Cookie Authentication Bypass Vendor: Electrolink s.r.l. Product web page: https://www.electrolink.com Affected version: 10W, 100W, 250W, Compact DAB Transmitter 500W, 1kW, 2kW Medium DAB Transmitter 2.5kW, 3kW, 4kW, 5kW High Power DAB Transmitter 100W, 500W...

Electrolink FM/DAB/TV Transmitter Unauthenticated Remote Denial Of Service

Electrolink FM/DAB/TV Transmitter Unauthenticated Remote DoS Vendor: Electrolink s.r.l. Product web page: https://www.electrolink.com Affected version: 10W, 100W, 250W, Compact DAB Transmitter 500W, 1kW, 2kW Medium DAB Transmitter 2.5kW, 3kW, 4kW, 5kW High Power DAB Transmitter 100W, 500W, 1kW, 2...

Electrolink FM/DAB/TV Transmitter Remote Authentication Removal

!/usr/bin/env python Electrolink FM/DAB/TV Transmitter Remote Authentication Removal Vendor: Electrolink s.r.l. Product web page: https://www.electrolink.com Affected version: 10W, 100W, 250W, Compact DAB Transmitter 500W, 1kW, 2kW Medium DAB Transmitter 2.5kW, 3kW, 4kW, 5kW High Power DAB...

Electrolink FM/DAB/TV Transmitter SuperAdmin Hidden Functionality

Electrolink FM/DAB/TV Transmitter SuperAdmin Hidden Functionality Vendor: Electrolink s.r.l. Product web page: https://www.electrolink.com Affected version: 10W, 100W, 250W, Compact DAB Transmitter 500W, 1kW, 2kW Medium DAB Transmitter 2.5kW, 3kW, 4kW, 5kW High Power DAB Transmitter 100W, 500W,...

JetBrains TeamCity Unauthenticated Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'JetBrains TeamCity Unauthenticated Remote Code Execution', 'Description' = %q This module exploits an authentication bypass vulnerability to...

Microsoft Error Reporting Local Privilege Elevation

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Microsoft Error Reporting Local Privilege Elevation Vulnerability', 'Description' = %q This module takes advantage of a bug in the way Windows...

OPNsense 23.1.11_1 / 23.7.3 / 23.7.4 Cross Site Scripting / Privilege Escalation

Advisory X41-2023-001: Two Vulnerabilities in OPNsense =========================================================== Highest Severity Rating: High Confirmed Affected Versions: 23.1.111, 23.7.3, 23.7.4 Confirmed Patched Versions: Commit 484753b2abe3fd0fcdb73d8bf00c3fc3709eb8b7 Vendor: Deciso B.V. /...

Lamano LMS 0.1 Insecure Settings

==================================================================================================================================== | Title : Lamano LMS v0.1 Insecure Settings Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 69.032-bit | ...

LogoBee CMS 0.2 Cross Site Scripting

==================================================================================================================================== | Title : LogoBee CMS v0.2 XSS Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 63.0.3 32-bit | | Vendor :...

Elasticsearch 8.5.3 Stack Overflow

Exploit Author: TOUHAMI KASBAOUI Vendor Homepage: https://elastic.co/ Version: 8.5.3 / OpenSearch Tested on: Ubuntu 20.04 LTS CVE : CVE-2023-31419 Ref: https://github.com/sqrtZeroKnowledge/Elasticsearch-Exploit-CVE-2023-31419 import requests import random import string esurl =...

Taskhub 2.8.8 Cross Site Scripting

Title: TASKHUB-2.8.8-XSS-Reflected Author: nu11secur1ty Date: 09/22/2023 Vendor: https://codecanyon.net/user/infinitietech Software: https://codecanyon.net/item/taskhub-project-management-finance-crm-tool/25685874 Reference: https://portswigger.net/web-security/cross-site-scripting Description: T...

TOTOLINK Wireless Routers Remote Command Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'rex/stopwatch' class MetasploitModule 'TOTOLINK Wireless Routers unauthenticated remote command execution vulnerability.', 'Description' = %q Multiple TOTOLINK...

Luxcal Event Calendar 3.2.3 Cross Site Request Forgery

==================================================================================================================================== | Title : Luxcal Event Calendar v3.2.3 CSRF Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 63.0.3 32-bit...

WordPress Theme My Login 2FA Brute Force

The theme my login plugin before 1.2 does not check how often a 2FA code was wrongly entered, allowing a bruteforce of codes to bypass 2FA effectively. A working python exploit: from typing import KeysView from selenium.webdriver.common.by import By from selenium import webdriver from...

Lamano CMS 2.0 Cross Site Request Forgery

==================================================================================================================================== | Title : Lamano CMS v2.0 CSRF Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 69.032-bit | | Vendor :...

Lexmark Device Embedded Web Server Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Lexmark Device Embedded Web Server RCE', 'Description' = %q A unauthenticated Remote Code Execution vulnerability exists in the embedded webserve...

Super Store Finder 3.7 Remote Command Execution

Vulnerability : Authenticated Arbitrary PHP Code Injection lead to Remote Code Execution Researcher : Etharus Vendor : Joe Iz, https://www.superstorefinder.net/ Demo Url : https://superstorefinder.net/products/superstorefinder/ Version Affected : 3.7 and below Date : 18 September 2023 FOFA Dork :...

Lacabane 1.0 SQL Injection

==================================================================================================================================== | Title : lacabane v1.0 Auth by pass Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 63.0.3 32-bit | |...

Taskhub 2.8.7 SQL Injection

Exploit Title: taskhub 2.8.7 - SQL Injection Exploit Author: CraCkEr Date: 05/09/2023 Vendor: Infinitie Technologies Vendor Homepage: https://www.infinitietech.com/ Software Link: https://codecanyon.net/item/taskhub-project-management-finance-crm-tool/25685874 Demo: https://taskhub.company/auth...

Lamano CMS 2.0 SQL Injection

==================================================================================================================================== | Title : Lamano CMS v2.0 Auth By Pass Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 69.032-bit | |...

WordPress Essential Blocks 4.2.0 / Essential Blocks Pro 1.1.0 PHP Object Injection

Vulnerability Summary from Wordfence Intelligence Description: Insecure Deserialization/PHP Object Injection via queries Affected Plugin: Essential Blocks, Essential Blocks Pro Plugin slug: essential-blocks, essential-blocks-pro Vendor: WPDeveloper Affected versions: = 4.2.0 Free and = 1.1.0 Pro...

Free And Open Source Inventory Management System 1.0 SQL Injection

Exploit Title: Free and Open Source Inventory Management System 1.0 - Unauthenticated SQL Injection Exploit Author: Sefa Ozan Date: 16/09/2023 Vendor: MAYURIK Vendor Homepage: https://mayurik.com/ Software Link:...

Apache Airflow 1.10.10 Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Apache Airflow 1.10.10 - Example DAG Remote Code Execution', 'Description' = %q This module exploits an unauthenticated command injection...

KPK CMS 1.0 SQL Injection

==================================================================================================================================== | Title : KPK CMS v1.0 Auth by pass Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 74.032-bit | | Vendor...

Atos Unify OpenScape Code Execution / Missing Authentication

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Authenticated Remote Code Execution and Missing Authentication product: Atos Unify OpenScape Session Border Controller Atos Unify OpenScape Branch Atos Unify OpenScape BC...

Razer Synapse Race Condition / DLL Hijacking

Advisory ID: SYSS-2023-002 Product: Razer Synapse Manufacturer: Razer Inc. Affected Versions: Versions before 3.8.0428.042117 20230601 Tested Versions: 3.8.0228.022313 20230315 under Windows 10 Pro 10.0.19044 under Windows 11 Home 10.0.22621 Vulnerability Type: Improper Privilege Management CWE-2...

Karenderia MRS 5.3 Directory Traversal

==================================================================================================================================== | Title : Karenderia MRS v5.3 Directory Traversal Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox...

PTC - Codebeamer Cross Site Scripting

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Reflected Cross-Site Scripting XSS product: PTC - Codebeamer ALM Solution vulnerable version: =22.10-SP8, =22.04-SP6, =21.09-SP14 CVE number: CVE-2023-4296 impact: high...

KPOT Stealer CMS 2.0 Directory Traversal

==================================================================================================================================== | Title : KPOT Stealer CMS v2.0 Directory Traversal Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 63.0....