39001 matches found
Xerox DocuShare - SQL Injection Vulnerability
Exploit for hardware platform in category web applications The following request is vulnerable to a SQL injection in the last URI segment: GET /docushare/dsweb/ResultBackgroundJobMultiple/1 HTTP/1.1 Host: 172.31.16.194:8080 User-Agent: Mozilla/5.0 X11; Ubuntu; Linux x8664; rv:26.0 Gecko/20100101...
WiFi Mouse 1.8.3.4 - Remote Code Execution Exploit
Exploit Title: WiFiMouse 1.8.3.4 - Remote Code Execution RCE Author: Febin Vendor Homepage: http://necta.us/ Software Link: http://wifimouse.necta.us/download Version: 1.8.3.4 Tested on: Windows 10 !/bin/bash printf " WiFiMouse / MouseServer 1.8.3.4 Exploit by FEBIN " printf " Enter the Target IP...
Moodle 3.11.5 - SQL injection (Authenticated) Exploit
Exploit Title: Moodle 3.11.5 - SQLi Authenticated Date: 2/3/2022 Exploit Author: Chris Anastasio @mufinnnnnnn Vendor Homepage: https://moodle.com/ Software Link: https://github.com/moodle/moodle/archive/refs/tags/v3.11.5.zip Write Up: https://muffsec.com/blog/moodle-2nd-order-sqli/ Tested on:...
Android su Privilege Escalation Exploit
This Metasploit module uses the su binary present on rooted devices to run a payload as root. A rooted Android device will contain a su binary often linked with an application that allows the user to run commands as root. This module will use the su binary to execute a command stager as root. The...
SikaBoom Remote Buffer Overflow Exploit
Exploit for windows platform in category remote exploits !/usr/bin/python print "" print " name:SikaBoom Remote Buffer Overflow Exploit" print " Author:Angel Injection " print " EMail:email protected " print "\r\n" import socket,os,sys,time host = "IP Address" port = 4321 buffer="\x41" 268 crash...
JBOSS EAP/AS 6.x Remote Code Execution Exploit
An unauthenticated attacker with network access to the JBOSS EAP/AS versions 6.x and below Remoting Unified Invoker interface can send a serialized object to the interface to execute code on vulnerable hosts. This module requires Metasploit: https://metasploit.com/download Current source:...
Payroll Management System v1.0 SQL injection Vulnerability
Title: Payroll Management System v1.0 SQLi Author: nu11secur1ty Vendor: https://www.sourcecodester.com/user/257130/activity Software: https://www.sourcecodester.com/php/14475/payroll-management-system-using-phpmysql-source-code.html Reference:...
MySQL 5.5.45 - procedure analyse Function Denial of Service
Exploit for multiple platform in category dos / poc !/usr/bin/env python Title: MySQL Procedure Analyse DoS Exploit Author: Osanda Malith Jayathissa @OsandaMalith E-Mail: osandacatunseen.is Version: Vulnerable upto MySQL 5.5.45 Original Write-up:...
Cacti Import Packages Remote Code Execution Exploit
This exploit module leverages an arbitrary file write vulnerability in Cacti versions prior to 1.2.27 to achieve remote code execution. It abuses the Import Packages feature to upload a specially crafted package that embeds a PHP file. Cacti will extract this file to an accessible location. The...
Cisco ThousandEyes Enterprise Agent Virtual Appliance Privilege Escalation Vulnerability
Cisco ThousandEyes Enterprise Agent Virtual Appliance version thousandeyes-va-64-18.04 0.218 has an insecure sudo configuration which permits a low-privilege user to run arbitrary commands as root via the tcpdump command without a password. Title: Cisco ThousandEyes Enterprise Agent Virtual...
FusionPBX 4.5.29 - Remote Code Execution (Authenticated) Exploit
Exploit Title: FusionPBX 4.5.29 - Remote Code Execution RCE Authenticated Exploit Author: Luska Vendor Homepage: https://www.fusionpbx.com/ Software Link: https://github.com/fusionpbx/fusionpbx Version: 4.5.30 Tested on: Debian CVE : CVE-2021-43405 !/usr/bin/python3 import requests from...
Zend Framework 2.4.2 / 1.12.13 XXE Injection Vulnerability
Zend Framework versions 2.4.2 and below and 1.12.13 and below suffer from an XML external entity injection vulnerability. ============================================= - Release date: 12.08.2015 - Discovered by: Dawid Golunski - Severity: High - CVE-ID: CVE-2015-5161...
Realtek SDK Miniigd UPnP SOAP Command Execution Exploit
Exploit for linux platform in category remote exploits This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'Realtek SDK Miniigd UPnP SOAP Command Execution', 'Description' = %q Differen...
Cisco IOX XE unauthenticated OS Command Execution Exploit
msf use auxiliary/admin/http/ciscoiosxeosexeccve202320273 msf auxiliaryciscoiosxeosexeccve202320273 show actions ...actions... msf auxiliaryciscoiosxeosexeccve202320273 set ACTION msf auxiliaryciscoiosxeosexeccve202320273 show options ...show and set options... msf...
Docsify 4.11.4 - Reflective Cross-Site Scripting Vulnerability
Exploit for multiple platform in category web applications Exploit Title: Docsify.js 4.11.4 - Reflective Cross-Site Scripting Exploit Author: Amin Sharifi Vendor Homepage: https://docsify.js.org Software Link: https://github.com/docsifyjs/docsify Version: 4.11.4 Tested on: Windows 10 CVE :...
IP phone AT6XX Cross Site Scripting Vulnerability
Exploit for php platform in category web applications ================================== IP phone AT6XX Cross Site Scripting ================================== ======================================================= Exploit Title: IP phone AT6XX Cross Site Scripting Date: 27/05/2012 Author: cheki...
Razer Synapse 3.7.0731.072516 Local Privilege Escalation Vulnerability
Product: Razer Synapse Manufacturer: Razer Inc. Affected Versions: Versions before 3.7.0830.081906 Tested Versions: 3.7.0731.072516 Vulnerability Type: Improper Certificate Validation CWE-295 Risk Level: High Solution Status: Open Manufacturer Notification: 2022-08-02 Solution Date: 2022-09-06...
AllMyGuests <= 0.4.1 (cfg_serverpath) Remote File Include Vulnerability
Exploit for unknown platform in category web applications ======================================================================= AllMyGuests ?AMGconfigcfgserverpath Remote File Inclusion Exploit ============================================================================ Scirpt Infected signin.p...
CentOS Web Panel 0.9.8.793 (Free) / 0.9.8.753 (Pro) - Cross-Site Scripting Vulnerability
Exploit for php platform in category web applications Exploit Title: CentOS Web Panel v0.9.8.793 Free and v0.9.8.753 Pro - Email Field Stored Cross-Site Scripting Vulnerability Google Dork: N/A Exploit Author: DKM Vendor Homepage: http://centos-webpanel.com Software Link: http://centos-webpanel.c...
Airtel Xstream Fiber WiFi Weak Authentication / Brute Force Vulnerability
Exploit Title: Airtel Xstream Fiber WiFi - Usage of Weak Initial WiFi password Exploit Author: Alok kumar email protected, Cyberpwn Technologies Pvt. Ltd. Vendor Homepage: https://www.airtel.in Product Link: https://www.airtel.in/wifi-plans Tested on: Airtel Xstream Fiber WiFi router with SSID...
Microsoft UPnP Local Privilege Elevation Exploit
This Metasploit module exploits two vulnerabilities to execute a command as an elevated user. The first CVE-2019-1405 uses the UPnP Device Host Service to elevate to NT AUTHORITY\LOCAL SERVICE. The second CVE-2019-1322 leverages the Update Orchestrator Service to elevate from NT AUTHORITY\LOCAL...
PHPJabbers Availability Booking Calendar 5.0 Cross Site Scripting Vulnerability
Exploit Title: Multiple Cross Site Scripting in PHPJabbers Availability Booking Calendar v5.0 Exploit Author: BugsBD Security Researcher Orpon Vendor Homepage: https://www.phpjabbers.com/ Software Link: https://www.phpjabbers.com/availability-booking-calendar/sectionDemo Version: v5.0 Tested on:...
WordPress Elementor Lite 5.7.1 Arbitrary Password Reset Vulnerability
On May 11 2023, Essential Addons for Elementor, a WordPress plugin with over one million active installations, released a patch for a critical vulnerability that made it possible for any unauthenticated user to reset arbitrary user passwords, including user accounts with administrative-level...
Advanced Comment System 1.0 - Remote Command Execution Exploit
Exploit Title: Advanced Comment System 1.0 - Remote Command Execution RCE Exploit Author: Nicole Daniella Murillo Mejias Version: Advanced Comment System 1.0 Tested on: Linux !/usr/bin/env python3 DESCRIPTION: Commands are Base64 encoded and sent via POST requests to the vulnerable application, t...
Gibbon School Platform Authenticated PHP Deserialization Exploit
A Remote Code Execution vulnerability in Gibbon online school platform version 26.0.00 and lower allows remote authenticated users to conduct PHP deserialization attacks via columnOrder in a POST request to the endpoint /modules/System%20Admin/importrun.php&type=externalAssessment&step=4. As it...
VMware Cloud Director - Bypass identity verification Exploit
CVE-2023-34060 vulnerability is a vulnerability that allows an attacker to bypass identity verification when entering port 22 ssh or port 5480 Device Management Console in VMware Cloud Director Appliance123. This vulnerability does not exist on port 443 VCD provider and tenant sign-in...
Employee Performance Evaluation System 1.0 - File Inclusion Vulnerabilities
Title: Employee Performance Evaluation System-1.0 - File Inclusion Vulnerabilities - RCE - User Interaction Author: nu11secur1ty Vendor: https://www.sourcecodester.com/user/257130/activity Software:...
Apache Commons Text 1.9 Remote Code Execution Exploit
This Metasploit module exploit takes advantage of the StringSubstitutor interpolator class, which is included in the Commons Text library. A default interpolator allows for string lookups that can lead to remote code execution. This is due to a logic flaw that makes the script, dns and url lookup...
LISTSERV 17 - Insecure Direct Object Reference (IDOR) Vulnerability
Exploit Title: LISTSERV 17 - Insecure Direct Object Reference IDOR Google Dork: inurl:/scripts/wa.exe Exploit Author: Shaunt Der-Grigorian Vendor Homepage: https://www.lsoft.com/ Software Link: https://www.lsoft.com/download/listserv.asp Version: 17 Tested on: Windows Server 2019 CVE :...
Liferay Portal Java Unmarshalling Remote Code Execution Exploit
This Metasploit module exploits a Java unmarshalling vulnerability via JSONWS in Liferay Portal versions prior to 6.2.5 GA6, 7.0.6 GA7, 7.1.3 GA4, and 7.2.1 GA2 to execute code as the Liferay user. Tested against 7.2.0 GA1. This module requires Metasploit: https://metasploit.com/download Current...
Zyxel zysh - Format string Exploit
Proof of concept format string exploit for Zyxel zysh. Multiple improper input validation flaws were identified in some CLI commands of Zyxel USG/ZyWALL series firmware versions 4.09 through 4.71, USG FLEX series firmware versions 4.50 through 5.21, ATP series firmware versions 4.32 through 5.21,...
PassFab RAR Password Recovery SEH Local Exploit
Exploit for windows platform in category local exploits Exploit Title: PassFab RAR Password Recovery SEH Local Exploit Vendor Homepage:https://www.passfab.com/products/rar-password-recovery.html Software Link: https://www.passfab.com/downloads/passfab-rar-password-recovery.exe Exploit Author:...
Apache CouchDB Remote Code Execution Vulnerability
Exploit for multiple platform in category remote exploits Description Due to differences in the Erlang-based JSON parser and JavaScript-based JSON parser, it is possible in Apache CouchDB before 1.7.0 and 2.x before 2.1.1 to submit users documents with duplicate keys for 'roles' used for access...
Wordpress 4.7.1 - Username Enumeration Exploit
Exploit for php platform in category web applications !usr/bin/php 0day.today 2018-04-06...
Loytec LINX Configurator 7.4.10 Insecure Transit / Cleartext Secrets Vulnerability
CVE : CVE-2023-46383, CVE-2023-46384, CVE-2023-46385 + Title : Multiple vulnerabilities in Loytec LINX Configurator + Vendor : LOYTEC electronics GmbH + Affected Products : LINX Configurator 7.4.10 + Affected Components : LINX Configurator + Discovery Date : 01-Sep-2021 + Publication date :...
MOVEit SQL Injection Exploit
This Metasploit module exploits an SQL injection vulnerability in the MOVEit Transfer web application that allows an unauthenticated attacker to gain access to MOVEit Transfer's database. Depending on the database engine being used MySQL, Microsoft SQL Server, or Azure SQL, an attacker can levera...
PAN-OS 10.0 - Remote Code Execution (Authenticated) Exploit
Exploit Title: PAN-OS 10.0 - Remote Code Execution RCE Authenticated Exploit Author: UnD3sc0n0c1d0 Software Link: https://security.paloaltonetworks.com/CVE-2020-2038 Category: Web Application Version: 10.0.1, 9.1.4 and 9.0.10 Tested on: PAN-OS 10.0 - Parrot OS CVE : CVE-2020-2038 Description: An ...
F5 Big-IP 13.1.3 Build 0.0.6 - Local File Inclusion Vulnerability
Exploit for hardware platform in category web applications Exploit Title: F5 Big-IP 13.1.3 Build 0.0.6 - Local File Inclusion Exploit Author: Carlos E. Vieira Vendor Homepage: https://www.f5.com/products/big-ip-services Version: 0: return True else: return False else: return False def leakPasswd:...
BlogEngine.NET 3.3.6/3.3.7 - theme Cookie Directory Traversal / Remote Code Execution Exploit
Exploit for asp platform in category web applications Exploit Title: Directory Traversal + RCE on BlogEngine.NET Date: 17 Jun 2019 Exploit Author: Aaron Bishop Vendor Homepage: https://blogengine.io/ Version: v3.3.7 Tested on: 3.3.7, 3.3.6 CVE : 2019-10720 1. Description ==============...
GitLens Git Local Configuration Execution Exploit
GitKraken GitLens versions prior to 14.0.0 allow an untrusted workspace to execute git commands. A repo may include its own .git folder including a malicious config file to execute arbitrary code. Tested against VSCode 1.87.2 with GitLens 13.6.0 on Ubuntu 22.04 and Windows 10. This module require...
Git git-lfs Remote Code Execution Exploit
This Metasploit modules exploits a critical vulnerability in Git Large File Storage Git LFS, an open source Git extension for versioning large files, which allows attackers to achieve remote code execution if the Windows-using victim is tricked into cloning the attacker’s malicious repository usi...
Laundry Booking Management System 1.0 - Remote Code Execution Exploit
Exploit Title: Laundry Booking Management System 1.0 - Remote Code Execution RCE Exploit Author: Pablo Santiago Vendor Homepage: https://www.sourcecodester.com/php/14400/laundry-booking-management-system-php-source-code.html Software Link:...
Cisco Firepower Management Center < 6.6.7.1 - Authenticated Remote Code Execute Exploit
Exploit Title: Cisco Firepower Management Center Exploit Author: Abdualhadi khalifa Version: 6.2.3.18", "6.4.0.16", "6.6.7.1 CVE : CVE-2023-20048 import requests import json set the variables for the URL, username, and password for the FMC web services interface fmcurl = "https://fmc.example.com"...
Linux Kernel 5.8 < 5.16.11 - Local Privilege Escalation (DirtyPipe) Exploit
// Exploit Title: Linux Kernel 5.8 Proof-of-concept exploit for the Dirty Pipe vulnerability CVE-2022-0847 caused by an uninitialized "pipebuffer.flags" variable. It demonstrates how to overwrite any file contents in the page cache, even if the file is not permitted to be written, immutable or on...
SPIP 4.2.12 Remote Code Execution Exploit
This Metasploit module exploits a remote code execution vulnerability in SPIP versions up to and including 4.2.12. The vulnerability occurs in SPIP's templating system where it incorrectly handles user-supplied input, allowing an attacker to inject and execute arbitrary PHP code. This can be...
Windows Defender Detection Mitigation Bypass Vulnerability
This is additional research regarding a mitigation bypass in Windows Defender. Back in 2022, the researcher disclosed how it could be easily bypassed by passing an extra path traversal when referencing mshtml but that issue has since been mitigated. However, the researcher discovered using multip...
Apache CouchDB Erlang Remote Code Execution Exploit
In Apache CouchDB versions prior to 3.2.2, an attacker can access an improperly secured default installation without authenticating and gain admin privileges. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class...
Microsoft Exchange Mailbox Assistants 15.0.847.40 - Unquoted Service Path Vulnerability
Exploit Title: Microsoft Exchange Mailbox Assistants 15.0.847.40 - 'Service MSExchangeMailboxAssistants' Unquoted Service Path Exploit Author: Antonio Cuomo arkantolo Vendor : Microsoft Version : 15.0.847.40 Tested on OS: Microsoft Exchange Server 2013 SP1 PoC : ============== C:\sc qc...
Eibiz i-Media Server Digital Signage 3.8.0 Remote Privilege Escalation / Account Takeover Exploit
Eibiz i-Media Server Digital Signage version 3.8.0 suffers from an unauthenticated remote privilege escalation and account takeover vulnerability that can be triggered by directly calling the updateUser object part of ActionScript object graphs, effectively elevating to an administrative role or...
Liferay CE Portal < 7.1.2 ga3 - Remote Command Execution Exploit #RCE
Exploit for multiple platform in category web applications This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule 'Liferay CE Portal Tomcat %q This module uses the Liferay CE Portal...