39001 matches found
Magic News Plus <= 1.0.3 Admin Pass Change Exploit
Exploit for unknown platform in category web applications ================================================== Magic News Plus All rights reserved. An input validation flaw exists within 'settings.php' of Magic News Plus which can lead to the changing of the administrative password. Here is where t...
Shopify Cross Site Scripting Vulnerability
Correspondence from Shopify declined to comment regarding new discovered vulnerabilities within their website. Although 'frontend' vulnerabilities are considered out of scope, person/tester foundhimself a beefy bugbounty from the same page that has been listed below, including similar functionali...
Joomla Component com_foxcontact Arbitrary File Upload Vulnerability
Exploit for php platform in category web applications 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /' \ /\ //\ Exploit database separated by exploit 0 0 // type local, remote, DoS, etc. 1 1 1 0 +...
FLIR AX8 1.46.16 Remote Command Execution Exploit
-- coding: utf-8 -- Exploit Title: FLIR AX8 Unauthenticated OS Command Injection Exploit Author: Samy Younsi Naqwada https://samy.link Vendor Homepage: https://www.flir.com/ Software Link: https://www.flir.com/products/ax8-automation/ PoC: https://www.youtube.com/watch?v=dh0rfAIWok Version: 1.46....
vBulletin 5.1.2 < 5.1.9 - Unserialize Code Execution Exploit
Exploit for php platform in category web applications This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'vBulletin 5.1.2 Unserialize Code Execution', 'Description' = %q This module exploits a PHP...
Moxa Command Injection / Cross Site Scripting Vulnerabilities
======================================================================= title: Multiple vulnerabilities product: see "Vulnerable / tested versions" vulnerable version: see "Vulnerable / tested versions" fixed version: see "Solution" CVE number: CVE-2021-39278, CVE-2021-39279 impact: High homepage...
Namirial SIGNificant SignAnyWhere 6.10.x Cross Site Scripting Vulnerability
Exploit for php platform in category web applications ======================================================================= title: Stored Cross-Site Scripting XSS Vulnerability product: Namirial SIGNificant SignAnyWhere vulnerable version: v6.10.60.25434 SSP v4.22.60.25434 v6.10.100.25817 SSP...
Cisco Adaptive Security Appliance Software 9.7 - Unauthenticated Arbitrary File Deletion Exploit
Exploit for hardware platform in category web applications Exploit Title: Cisco Adaptive Security Appliance Software 9.7 - Unauthenticated Arbitrary File Deletion Google Dork: inurl:/+CSCOE+/ Exploit Author: 0xmmnbassel Vendor Homepage:...
Microsoft Windows Explorer Preview Pane Security Bypass Vulnerability
Previewing a WMA/WMV media format on Windows Explorer through its Preview Pane causes embedded URLs to be automatically opened in the default browser without displaying any prompt. Exploit Title: Windows Explorer Preview Pane WMV/WMA media Automatic URI Opening Vulnerability Exploit Author: Eduar...
Simple Startup Manager 1.17 - (File) Local Buffer Overflow Exploit
Exploit Title: Simple Startup Manager 1.17 - 'File' Local Buffer Overflow PoC Exploit Author: PovlTekstTV Vulnerable Software: Simple Startup Manager Software Link Download: http://www.ashkon.com/download/startup-manager.exe Version: 1.17 Vulnerability Type: Local Buffer Overflow Tested on: Windo...
Exim ESMTP GHOST Denial Of Service Exploit
Exim ESTMP denial of service exploit that leverages the GHOST glibc gethostbyname buffer overflow. The below script is a PoC exploit for the GHOST vulnerability affecting Exim SMTP servers resulting in a service crash. !/usr/bin/python Exim ESMTP DoS Exploit by 1N3 v20150128 CVE-2015-0235 GHOST...
DotNetNuke Cookie Deserialization Remote Code Execution Exploit
This Metasploit module exploits a deserialization vulnerability in DotNetNuke DNN versions 5.0.0 through 9.3.0-RC. Vulnerable versions store profile information for users in the DNNPersonalization cookie as XML. The expected structure includes a "type" attribute to instruct the server which type ...
Microsoft Word - .RTF Remote Code Execution Exploit
Exploit for windows platform in category remote exploits ''' Exploit Title: Exploit CVE-2017-0199 Word RTF RCE vulnerability to gain meterpreter shell Date: 17/04/2017 Exploit Author: Bhadresh Patel Version: Microsoft Office 2007 SP3, Microsoft Office 2010 SP2, Microsoft Office 2013 SP1, Microsof...
Zoho Password Manager Pro XML-RPC Java Deserialization Exploit
This Metasploit module exploits a Java deserialization vulnerability in Zoho ManageEngine Pro before 12101 and PAM360 before 5510. Unauthenticated attackers can send a crafted XML-RPC request containing malicious serialized data to /xmlrpc to gain remote command execution as the SYSTEM user. This...
Sophos UTM WebAdmin SID Command Injection Exploit
This Metasploit module exploits an SID-based command injection in Sophos UTM's WebAdmin interface to execute shell commands as the root user. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule...
WordPress Theme Jupiter Arbitrary File Download Vulnerability
WordPress Theme Jupiter suffers from Arbitrary File Download Vulnerability Exploit : http://127.0.0.1/wp-admin/admin-ajax.php?action=revslidershowimage&img=LFD Google Dork : inurl:wp-content/themes/jupiter Demo sites:...
Mailhog 1.0.1 - Stored Cross-Site Scripting Vulnerability
Exploit Title: Mailhog 1.0.1 - Stored Cross-Site Scripting XSS Google Dork: https://www.shodan.io/search?query=mailhog 3500 Exploit Author: Vulnz Vendor Homepage: https://github.com/mailhog/MailHog Software Link: https://github.com/mailhog/MailHog Version: 1.0.1 Tested on: Windows,Linux,Docker CV...
FreeSWITCH 1.10.6 SIP Digest Leak Vulnerability
FreeSWITCH versions 1.10.6 and below suffer from a SIP digest leak vulnerability. An attacker can perform a SIP digest leak attack against FreeSWITCH and receive the challenge response of a gateway configured on the FreeSWITCH server. This is done by challenging FreeSWITCH's SIP requests with the...
Siemens Energy Omnivise T3000 8.2 SP3 Privilege Escalation / File Download Vulnerabilities
Siemens Energy Omnivise T3000 version 8.2 SP3 suffers from local privilege escalation, cleartext storage of passwords in configuration and log files, file system access allowing for arbitrary file download, and IP whitelist bypass...
Apache ActiveMQ Unauthenticated Remote Code Execution Exploit
This module exploits a deserialization vulnerability in the OpenWire transport unmarshaller in Apache ActiveMQ. Affected versions include 5.18.0 through to 5.18.2, 5.17.0 through to 5.17.5, 5.16.0 through to 5.16.6, and all versions before 5.15.16. This module requires Metasploit:...
Magento 2.3.0 SQL Injection Exploit
Magento versions 2.2.0 through 2.3.0 unauthenticated remote SQL injection exploit. !/usr/bin/env python3 Magento 2.2.0 = 2.3.0 Unauthenticated SQLi Charles Fol SOURCE & SINK The sink from-to SQL condition has been present from Magento 1.x onwards. The source...
Maltrail 0.53 Unauthenticated Command Injection Exploit
Maltrail is a malicious traffic detection system, utilizing publicly available blacklists containing malicious and/or generally suspicious trails. Maltrail versions below 0.54 suffer from a command injection vulnerability. The subprocess.checkoutput function in mailtrail/core/http.py contains a...
OpenText Extended ECM 22.3 cs.exe Remote Code Execution Vulnerability
======================================================================= title: Pre-authenticated Remote Code Execution in cs.exe product: OpenText™ Content Server component of OpenText™ Extended ECM vulnerable version: 20.4 - 22.3 fixed version: 22.4 CVE number: CVE-2022-45923 impact: Critical...
PHP Melody 3.0 - Persistent Cross-Site Scripting Vulnerability
Exploit Title: PHP Melody 3.0 - Persistent Cross-Site Scripting XSS Vendor Homepage: https://www.phpsugar.com/phpmelody.html Document Title: =============== PHP Melody v3.0 - Editor Persistent XSS Vulnerability References Source: ====================...
eGroupWare 1.14 - (spellchecker.php) Remote Command Execution Exploit
Exploit for php platform in category web applications Exploit Title: eGroupWare 1.14 - 'spellchecker.php' Remote Command Execution Exploit Author: Berk KIRAS Vendor Homepage: https://www.egroupware.org/en/ Version: 1.14 Tested on: Apache Berk KIRAS PwC - Cyber Security Specialist !/usr/bin/python...
ABB Cylon Aspect 3.08.02 bbmdUpdate.php Remote Code Execution Vulnerability
ABB Cylon Aspect version 3.08.02 suffers from an authenticated blind command injection vulnerability. Input passed to several POST parameters is not properly sanitized when writing files, allowing attackers to execute arbitrary shell commands on the system. There is also an off-by-one error in...
Wordpress Duplicator 1.3.26 Plugin - Unauthenticated Arbitrary File Read Exploit
Exploit Title: Wordpress Plugin Duplicator 1.3.26 - Unauthenticated Arbitrary File Read Exploit Author: nam3lum Vendor Homepage: https://wordpress.org/plugins/duplicator/ Software Link: https://downloads.wordpress.org/plugin/duplicator.1.3.26.zip Version: 1.3.26 Tested on: Ubuntu 16.04 CVE :...
ZenTao Pro 8.8.2 Remote Code Execution Exploit
This Metasploit module exploits a command injection vulnerability in ZenTao Pro 8.8.2 and earlier versions in order to execute arbitrary commands with SYSTEM privileges. Valid credentials for a ZenTao admin account are required. This module has been successfully tested against ZenTao 8.8.1 and...
Xenforo Version 2.2.13 - Authenticated Stored XSS Vulnerability
Exploit Title: Xenforo Version 2.2.13 - Authenticated Stored XSS Exploit Author: Furkan Karaarslan Category : Webapps Vendor Homepage: https://x.com/admin.php?smilies Version: 2.2.12 REQUIRED Tested on: Windows/Linux CVE :...
GLPI 10.0.2 Command Injection Exploit
This Metasploit module exploits an unauthenticated PHP command injection vulnerability in GLPI versions 10.0.2 and below to execute a command. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'GL...
Gitea 1.16.6 - Remote Code Execution Exploit
Exploit Title: Gitea Git Fetch Remote Code Execution Exploit Author: samguy Vendor Homepage: https://gitea.io Software Link: https://dl.gitea.io/gitea/1.16.6 Version: 'Gitea Git Fetch Remote Code Execution', 'Description' = %q This module exploits Git fetch command in Gitea repository migration...
orangescrum 1.8.0 - (Multiple) Cross-Site Scripting Vulnerability
Exploit Title: orangescrum 1.8.0 - 'Multiple' Cross-Site Scripting XSS Authenticated Exploit Author: Hubert Wojciechowski Contact Author: email protected Company: https://redteam.pl Vendor Homepage: https://www.orangescrum.org/ Software Link: https://www.orangescrum.org/ Version: 1.8.0 Testeted o...
BYOB Unauthenticated Remote Code Execution Exploit
This Metasploit module exploits two vulnerabilities in the BYOB Build Your Own Botnet web GUI. It leverages an unauthenticated arbitrary file write that allows modification of the SQLite database, adding a new admin user. It also uses an authenticated command injection in the payload generation...
Atlassian Confluence Unauthenticated Remote Code Execution Exploit
This Metasploit module exploits an improper input validation issue in Atlassian Confluence, allowing arbitrary HTTP parameters to be translated into getter/setter sequences via the XWorks2 middleware and in turn allows for Java objects to be modified at run time. The exploit will create a new...
Gerdab.ir SQL Injection Vulnerability
This site belongs to the Revolutionary Guards Intelligence Organization of the Islamic Republic of Iran IRGC, which has a security problem with the SQL INJECTION Vulnerability "CWE-89". We have repeatedly reported to this site that it has a security problem and has ignored our report. We want to...
YeaLink SIP-TXXXP 53.84.0.15 - (cmd) Command Injection Vulnerability
Exploit Title: YeaLink SIP-TXXXP 53.84.0.15 - 'cmd' Command Injection Authenticated Exploit Author: tahaafarooq Vendor Homepage: https://www.yealink.com/ Version: 53.84.0.15 Tested on: YeaLink IP Phone SIP-T19P Hadrware VOIP Phone Description: Using Diagnostic tool from the Networking Tab to...
dotProject 2.1.9 - SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: dotProject 2.1.9 - Multiple Sql Injection Poc Exploit Author: Metin Yunus Kandemir kandemir Vendor Homepage: https://dotproject.net Software Link: https://github.com/dotproject/dotProject/archive/v2.1.9.zip Version: 2.1.9...
OpenText Extended ECM 22.3 File Deletion / LFI / Privilege Escsalation Vulnerabilities
======================================================================= title: Multiple post-authentication vulnerabilities including RCE product: OpenText™ Content Server component of OpenText™ Extended ECM vulnerable version: 16.2.2 - 22.3 fixed version: 22.4 CVE number: CVE-2022-45924,...
Aerohive NetConfig 10.0r8a Local File Inclusion / Remote Code Execution Exploit
This Metasploit module exploits local file inclusion and log poisoning vulnerabilities CVE-2020-16152 in Aerohive NetConfig, version 10.0r8a build-242466 and older in order to achieve unauthenticated remote code execution as the root user. NetConfig is the Aerohive/Extreme Networks HiveOS...
Citrix ADC (NetScaler) Remote Code Execution Exploit
A vulnerability exists within Citrix ADC that allows an unauthenticated attacker to trigger a stack buffer overflow of the nsppe process by making a specially crafted HTTP GET request. Successful exploitation results in remote code execution as root. This module requires Metasploit:...
WordPress Wr Age Verification 2.0.0 SQL Injection Vulnerability
CVE-2024-55980 Wr Age Verification = 5.0.12 time-based blind - Parameter replace P...
F5 BIG-IP TMUI AJP Smuggling Remote Code Execution Exploit
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'rex/proto/apachejp' class MetasploitModule 'F5 BIG-IP TMUI AJP Smuggling RCE', 'Description' = %q This module exploits a flaw in F5's BIG-IP Traffic Management...
FreeSWITCH 1.10.5 SIP SUBSCRIBE Missing Authentication Exploit
FreeSWITCH does not authenticate SIP SUBSCRIBE requests by default - Fixed versions: v1.10.7 - Enable Security Advisory: https://github.com/EnableSecurity/advisories/tree/master/ES2021-08-freeswitch-SIP-SUBSCRIBE-without-auth - Vendor Security Advisory:...
FortiOS 5.6.3 - 5.6.7 / FortiOS 6.0.0 - 6.0.4 - Credentials Disclosure Exploit (2)
Exploit for hardware platform in category web applications Exploit Title: FortiOS Leak file - Reading login/passwords in clear text. Google Dork: intext:"Please Login" inurl:"/remote/login" Exploit Author: Carlos E. Vieira Vendor Homepage: https://www.fortinet.com/ Software Link:...
Metabase Remote Code Execution Exploit
Metabase versions before 0.46.6.1 contain a flaw where the secret setup-token is accessible even after the setup process has been completed. With this token a user is able to submit the setup functionality to create a new database. When creating a new database, an H2 database string is created wi...
Active eCommerce CMS 6.3.0 Arbitrary File Download Vulnerability
Exploit Title: Active eCommerce CMS Arbitrary File Download Exploit Author: th3d1gger Vendor Homepage: https://codecanyon.net Software Link: https://codecanyon.net/item/active-ecommerce-cms/23471405 Version: Version 6.3.0 Tested on Ubuntu 18.04 without authentication with for loop user can downlo...
Apache Tomcat On Ubuntu Log Init Privilege Escalation Exploit
This Metasploit module targets a vulnerability in Tomcat versions 6, 7, and 8 on Debian-based distributions where these older versions provide a vulnerable tomcat init script that allows local attackers who have already gained access to the tomcat account to escalate their privileges from the...
TP-Link ER605 Unauthent LAN-side Remote Code Execution Exploit
TP-Link ER605 command injection lead to unauthent LAN-side RCE...
Steam Community turn up the level Exploit
You can infinitely raise your level 2 levels per second, our profile in https://steamcommunity.com/id/St4ck/ Recommended to run the exploit once a day for 3 hours in order not to get banned. After purchase, you will receive instructions and a guarantee for the material...
Multi Language-Pharmacy Management System v1.0 SQL injection Vulnerability
Title: Multi Language-Pharmacy Management System v1.0 SQLi Author: nu11secur1ty Vendor: https://www.sourcecodester.com/users/mayurik Software: https://www.sourcecodester.com/php/15281/multi-language-pharmacy-management-system-project-source-code.html Reference:...