39001 matches found
Microsoft Windows Contact File Remote Code Execution Vulnerability
Microsoft Windows Contact file / Remote Code Execution Resurrected 2022 / CVE-2022-44666 + John Page aka hyp3rlinx + twitter.com/hyp3rlinx + ISR: ApparitionSec Back in 2018 I discovered three related Windows remote code execution vulnerabilities affecting both VCF and Contact files. They were...
Rittal Products Bypass / Command Injection / Privilege Escalation Vulnerabilities
Multiple Rittal Products based on the same software suffer from CLI menu bypass, insecure configuration, hard-coded backdoor account, outdated component, command injection, and privilege escalation vulnerabilities. Products include but are not limited to CMC III PU Compact, CMC III PU 7030.000 PD...
WordPress Yith WooCommerce Gift Cards Premium 3.19.0 Shell Upload Vulnerability
Description: Unauthenticated Arbitrary File Upload Affected Plugin: Yith WooCommerce Gift Cards Premium Plugin Slug: yith-woocommerce-gift-cards-premium Affected Versions: = 3.19.0 CVE ID: CVE-2022-45359 CVSS Score: 9.8 Critical CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N...
ZKTeco ZEM500-510-560-760 / ZEM600-800 / ZEM720 / ZMM Missing Authentication Vulnerability
ZKTeco ZEM500-510-560-760, ZEM600-800, ZEM720, and ZMM suffer from a missing authentication vulnerability. Versions below 8.88 ZEM500-510-560-760, ZEM600-800, ZEM720 and 15.00 ZMM200-220-210 are potentially affected. The ZKTeco time attendance device does not require authentication to use the web...
Microsoft Exchange ProxyShell Remote Code Execution Exploit
This Metasploit module exploits a vulnerability on Microsoft Exchange Server that allows an attacker to bypass the authentication, impersonate an arbitrary user, and write an arbitrary file to achieve remote code execution. By taking advantage of this vulnerability, you can execute arbitrary...
UBICOD Medivision Digital Signage 1.5.1 Privilege Escalation Vulnerability
UBICOD Medivision Digital Signage version 1.5.1 suffers from a privilege escalation vulnerability that is leveraged via authorization bypass. UBICOD Medivision Digital Signage 1.5.1 Privilege Escalation Through Authorization Bypass Vendor: UBICOD Co., Ltd. | MEDIVISION INC. Product web page:...
PHPJabbers Availability Booking Calendar 5.0 CSV Injection Vulnerability
Exploit Title: PHPJabbers Availability Booking Calendar v5.0 - CSV Injection Exploit Author: BugsBD Security Researcher Rahad Chowdhury Vendor Homepage: https://www.phpjabbers.com/ Software Link: https://www.phpjabbers.com/availability-booking-calendar/sectionDemo Version: v5.0 Tested on: Windows...
Sonicwall SonicOS 7.0 - Host Header Injection Vulnerability
Exploit Title: Sonicwall SonicOS 7.0 - Host Header Injection Google Dork: inurl:"auth.html" intitle:"SonicWall" intitle:"SonicWall Analyzer Login" Exploit Author: Ramikan Vendor Homepage:sonicwall.com Affected Devices: All SonicWall Next Gen 6 Devices Tested On: SonicWall NAS 6.2.5 Affected...
VICIdial 2.14-917a Remote Code Execution Vulnerability
An attacker with authenticated access to VICIdial version 2.14-917a as an agent can execute arbitrary shell commands as the root user. This attack can be chained with CVE-2024-8503 to execute arbitrary shell commands starting from an unauthenticated perspective. Title: VICIdial Authenticated Remo...
XenForo 2.2.15 Cross Site Request Forgery Vulnerability
------------------------------------------------------------------------------- XenForo = 2.2.15 Widget::actionSave Cross-Site Request Forgery Vulnerability ------------------------------------------------------------------------------- - Software Link: https://xenforo.com - Affected Versions:...
Asterisk AMI - Partial File Content & Path Disclosure (Authenticated) Exploit
Exploit Title: Asterisk AMI - Partial File Content & Path Disclosure Authenticated Date: 2023-03-26 Exploit Author: Sean Pesce Vendor Homepage: https://asterisk.org/ Software Link: https://downloads.asterisk.org/pub/telephony/asterisk/old-releases/ Version: 18.20.0 Tested on: Debian Linux CVE:...
Cisco IOX XE unauthenticated Command Line Interface Execution Exploit
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Cisco IOX XE unauthenticated Command Line Interface CLI execution', 'Description' = %q This module leverages CVE-2023-20198 against vulnerable...
Online Sports Complex Booking v1.0 SQL injection Vulnerability
Title: Online Sports Complex Booking v1.0 SQLi Author: nu11secur1ty Vendor: https://www.sourcecodester.com/users/tips23 Software: https://www.sourcecodester.com/php/15236/online-sports-complex-booking-system-phpmysql-free-source-code.html Reference:...
Auerswald COMfortel 2.8F - Authentication Bypass Vulnerability
Exploit Title: Auerswald COMfortel 2.8F - Authentication Bypass Exploit Author: RedTeam Pentesting GmbH Version: 1400/2600/3600 Advisory: Auerswald COMfortel 1400/2600/3600 IP Authentication Bypass RedTeam Pentesting discovered a vulnerability in the web-based configuration management interface o...
Online Shopping Alphaware 1.0 - Authentication Bypass Vulnerability
Exploit for php platform in category web applications Title: Online Shopping Alphaware 1.0 - Authentication Bypass Exploit Author: Ahmed Abbas Vendor Homepage: https://www.sourcecodester.com/php/14368/online-shopping-alphaware-phpmysql.html Software Link:...
Linux/x86 Encoder / Decoder Shellcode (117 bytes)
Title : Linux/x86 - Encoder - Random Bytes + XOR/SUB/NOT/ROR / Decoder - ROL/NOT/ADD/XOR execve/bin/sh Shellcode 117 bytes Author : Xenofon Vassilakopoulos Date : July, 2019 Tested on : Linux kali 5.3.0-kali2-686-pae 1 SMP Debian 5.3.9-3kali1 2019-11-20 i686 GNU/Linux Architecture : i686 GNU/Linu...
BigTree 4.3.4 CMS - Multiple SQL Injection Vulnerabilities
Exploit for php platform in category web applications =========================================================================================== Exploit Title: BigTree CMS - 'parent' SQL Inj. Exploit Author: Mehmet EMIROGLU Vendor Homepage: https://www.bigtreecms.org/ Software Link:...
MikroTik RouterOS < 6.38.5 Remote Command Execution Exploit
Exploit for hardware platform in category remote exploits !/usr/bin/env python2 Mikrotik Chimay Red Stack Clash Exploit by wsxarcher based on BigNerd95 POC tested on RouterOS 6.38.4 x86 ASLR enabled on libs only DEP enabled import socket, time, sys, struct from pwn import import ropgadget...
phpCOIN 1.2.3 (session_set.php) Remote Include Vulnerability
Exploit for unknown platform in category web applications ============================================================ phpCOIN 1.2.3 sessionset.php Remote Include Vulnerability ============================================================ phpCOIN 1.2.3 CCFGPKGPATHINCL Remote Include Vulnerability...
CHAOS RAT 5.0.1 Remote Command Execution Exploit
CHAOS RAT web panel version 5.0.1 is vulnerable to command injection, which can be triggered from a cross site scripting attack, allowing an attacker to takeover the RAT server. Exploit Title: CHAOS RAT v5.0.1 RCE Exploit Author: @chebuya Software Link: https://github.com/tiagorlampert/CHAOS...
Magento 2.4.6 XSLT Server Side Injection Vulnerability
Exploit Title: Magento ver. 2.4.6 - XSLT Server Side Injection Exploit Author: tmrswrr Vendor Homepage: https://magento2demo.firebearstudio.com/ Software Link: Magento 2.4.6-p3 Version: 2.4.6 Tested on: 2.4.6 POC 1. Enter with admin credentials to this URL: https://magento2demo.firebearstudio.com...
FireBear Improved Import And Export 3.8.6 XSLT Server Side Injection Exploit
FireBear Improved Import and Export version 3.8.6 for Magento 2.4.6 suffers from an XSLT server-side injection vulnerability that allows for command execution. Exploit Title: FireBear Improved Import & Export ver. 3.8.6 for Magento 2.4.6 - XSLT Server Side Injection Command Execution Exploit...
JetBrains TeamCity Unauthenticated Remote Code Execution Exploit
This Metasploit module exploits an authentication bypass vulnerability to achieve unauthenticated remote code execution against a vulnerable JetBrains TeamCity server. All versions of TeamCity prior to version 2023.05.4 are vulnerable to this issue. The vulnerability was originally discovered by...
Linux/x86 /dev/sda Partition Wiping Shellcode (35 bytes)
Exploit Title: Linux/x86 - Shred /dev/sda wipe partition Shellcode 35 bytes Google Dork: None Exploit Author: cybersaki Vendor Homepage: None Software Link: None Version: None Tested on: Kali linux 2020.2a i386 x86 CVE : none Shellcode-length : 35 SLAE-id : Purchased | email protected ; Descripti...
pfSense 2.5.2 Shell Upload Exploit
This Metasploit module exploits an arbitrary file creation vulnerability in the pfSense HTTP interface CVE-2021-41282. The vulnerability affects versions 2.5.2 and below and can be exploited by an authenticated user if they have the "WebCfg - Diagnostics: Routing tables" privilege. This module us...
OX App Suite 7.10.5 Cross Site Scripting / Information Disclosure Vulnerability
OX App Suite versions 7.10.5 and below suffer from cross site scripting and information disclosure vulnerabilities. Product: OX App Suite Vendor: OX Software GmbH Internal reference: OXUIB-872 Vulnerability type: Cross-Site Scripting CWE-80 Vulnerable version: 7.10.5 and earlier Vulnerable...
WordPress NAB Transact WooCommerce 2.1.0 Payment Bypass Vulnerability
Exploit for php platform in category web applications Title: Payment bypass Product: WordPress NAB Transact WooCommerce Plugin Vendor Homepage: https://woocommerce.com/products/nab-transact-direct-post/ Vulnerable Version: 2.1.0 Fixed Version: 2.1.2 CVE Number: CVE-2020-11497 Author: Jack Misiura...
CMSUno 1.6 - Cross-Site Request Forgery (Change Admin Password) Vulnerability
Exploit for php platform in category web applications Exploit Title: CMSUno 1.6 - Cross-Site Request Forgery Change Admin Password Exploit Author: Noth Vendor Homepage: https://github.com/boiteasite/cmsuno Software Link: https://github.com/boiteasite/cmsuno Version: v1.6 CVE : 2020-15600 An issue...
RaspberryMatic 3.73.9.20240130 Remote Code Execution Exploit
RaspberryMatic / OCCU contains a unauthenticated remote code execution vulnerability, caused by multiple issues within the Java based HMIPServer.jar component. The webui allows for Firmware uploads which can be reached through the URL /pages/jpages/system/DeviceFirmware/addFirmware. This allows a...
Ivanti Connect Secure Unauthenticated Remote Code Execution Exploit
This Metasploit module chains an authentication bypass vulnerability and a command injection vulnerability to exploit vulnerable instances of either Ivanti Connect Secure or Ivanti Policy Secure, to achieve unauthenticated remote code execution. All currently supported versions 9.x and 22.x prior...
Purchase Order Management 1.0 Cross Site Scripting Vulnerability
Purchase Order Management version 1.0 appears to suffer from a cross site scripting vulnerability due to printing errors with a malicious password payload. Title: Purchase Order Management-1.0 - XSS-Reflected - Information-gathering Author: nu11secur1ty Vendor:...
Apache < 2.0.64 / < 2.2.21 mod_setenvif - Integer Overflow Vulnerability
Exploit for linux platform in category dos / poc Source: http://www.halfdog.net/Security/2011/ApacheModSetEnvIfIntegerOverflow/ Background The Apache HTTP Server is an open-source HTTP server for modern operating systems including UNIX, Microsoft Windows, Mac OS/X and Netware. The goal of this...
Zope 5.9 Command Injection Vulnerability
Vulnerability Report Title: Command Argument Injection Vulnerability in Zope WSGI Instance Creation Script Leading to RCE Description: A command Argument injection vulnerability has been identified in the Zope WSGI instance creation script used by the Zope web application server framework, which ...
Netis MW5360 Remote Command Execution Exploit
The Netis MW5360 router has a command injection vulnerability via the password parameter on the login page. The vulnerability stems from improper handling of the "password" parameter within the router's web interface. The router's login page authorization can be bypassed by simply deleting the...
Dirty Pipe SUID Binary Hijack Privilege Escalation Exploit
Variant proof of concept exploit for the Dirty Pipe file overwrite vulnerability. This version hijacks a SUID binary to spawn a root shell. // // dirtypipez.c // // hacked up Dirty Pipe CVE-2022-0847 PoC that hijacks a SUID binary to spawn // a root shell. and attempts to restore the damaged bina...
LOYTEC Electronics Insecure Transit / Insecure Permissions / Unauthenticated Access Vulnerabilities
Products from LOYTEC electronics such as Loytec LWEB-802, L-INX Automation Servers, L-IOB I/O Controllers, and L-VIS Touch Panels suffer from improper access control and insecure transit vulnerabilities. + CVE : CVE-2023-46380, CVE-2023-46381, CVE-2023-46382 + Title : Multiple vulnerabilities in...
Checkpoint Gaia Portal R81.10 Remote Command Execution Vulnerability
========================= Exploit Title: Hostname injection leads to Remote Code Execution RCE Authenticated Product: Gaia Portal Vendor: Checkpoint Vulnerable Versions: R81.20 Take 14, R81.10 Take 95, R81 Take 82 and R80.40 Take 198 Tested Version: R81.10 take 335 Advisory Publication: July 27,...
Piwigo 2.4.6 Arbitrary File Read / Delete Vulnerabilities
Piwigo version 2.4.6 suffers from a remote arbitrary file read and deletion vulnerability user a directory traversal attack in install.php. Piwigo 2.4.6 install.php Remote Arbitrary File Read/Delete Vulnerability Vendor: Piwigo project Product web page: http://www.piwigo.org Affected version: 2.4...
RouterOS 6.40.5 - 6.44 and 6.48.1 - 6.49.10 - Denial of Service Exploit
Exploit Title: CVE-2024-27686: RouterOS-SMB-DOS Exploit Author: ice-wzl, Solstice Cyber Solutions Vendor Homepage: https://mikrotik.com/ Software Link: https://mikrotik.com/download/archive Version: RouterOS devices ranging from 6.40.5 - 6.44 and 6.48.1 - 6.49.10 Tested on: RouterOS 6.40.5 - 6.44...
SugarCRM 12.2.0 Shell Upload Vulnerability
----------------------------------------------------------------- SugarCRM = 12.2.0 Notes Unrestricted File Upload Vulnerability ----------------------------------------------------------------- - Software Link: https://www.sugarcrm.com - Affected Versions: Version 12.2.0 and prior versions...
Eibiz i-Media Server Digital Signage 3.8.0 Configuration Disclosure Vulnerability
Eibiz i-Media Server Digital Signage version 3.8.0 suffers from an unauthenticated configuration disclosure vulnerability. Eibiz i-Media Server Digital Signage 3.8.0 Configuration Disclosure Vendor: EIBIZ Co.,Ltd. Product web page: http://www.eibiz.co.th Affected version: =3.8.0 Summary: EIBIZ...
Company Visitor Management System (CVMS) 1.0 SQL Injection Vulnerability
Company Visitor Management System CVMS version 1.0 suffers from multiple remote SQL Injection vulnerabilities, one of which allows for authentication bypass. Exploit Title: Company Visitor Management System CVMS 1.0 - Authentication Bypass Exploit Author: gh1mau Team Members: Capt'N,muzzo,chaos68...
Wowonder CMS - Privilege Escalation Vulnerability
Exploit for php platform in category web applications Today I will explain an exploit of Privilege Escalation in Wowonder CMS. First we need firefox v56.0.2 or earlier and then download hackbar: https://addons.mozilla.org/es/firefox/addon/hackbar/ Note: If the bar does not appear, press F9 to mak...
jPORTAL 2 (humor.php id) Remote SQL Injection Vulnerability
Exploit for unknown platform in category web applications =========================================================== jPORTAL 2 humor.php id Remote SQL Injection Vulnerability =========================================================== Title: jPORTAL 2 humor.php SQL Injection VEndor:...
Click Stocks 1.3 - File Upload Remote Code Execution Vulnerability
Title: Click Stocks-1.3 - File Upload - RCE Author: nu11secur1ty Vendor: https://codecanyon.net/user/media-city Software: https://codecanyon.net/item/click-stocks-free-stock-photos-laravel-script/23356416 Reference: https://portswigger.net/web-security/file-upload,...
SugarCRM 12.2.0 SQL Injection Vulnerability
---------------------------------------------------- SugarCRM = 12.2.0 Two SQL Injection Vulnerabilities ---------------------------------------------------- - Software Link: https://www.sugarcrm.com - Affected Versions: Version 12.2.0 and prior versions. Version 12.0.2 and prior versions. Versio...
Crestron HD-MD4X2-4K-E 1.0.0.2159 Credential Disclosure Vulnerability
Crestron HD-MD4X2-4K-E version 1.0.0.2159 suffers from a credential disclosure vulnerability. When the administrative web interface of the Crestron HDMI switcher is accessed unauthenticated, user credentials are disclosed which are valid to authenticate to the web interface. Credential Disclosure...
Reprise License Manager 14.2 Unauthenticated Password Change Vulnerability
Product: Reprise License Manager 14.2 Vendor: Reprise Software CVE ID: CVE-2021-44152 Vulnerability Title: Unauthenticated Password Change Severity: High Authors: Mark Staal Steenberg, Bilal El Ghoul, Gionathan Armando Reale, Andreas Fyhn Andersen, Oliver Lind Nordestgaard Introduction: Because...
Serva 4.4.0 TFTP Remote Buffer Overflow Exploit
Exploit Title: Serva 4.4.0 TFTP Server Remote Buffer Overflow Metasploit Exploit Author: Yehia Elghaly Vendor Homepage: https://www.vercot.com/ Software Link : https://www.vercot.com/serva/download/ServaCommunityv4.4.0-21081411.zip Tested Version: 4.4.0 Tested on: Windows XP SP3 - Windows 7...
Quick.CMS 6.7 - Cross Site Request Forgery to Cross Site Scripting Vulnerability
Exploit Title: Quick.CMS 6.7 - Cross Site request forgery CSRF to Cross-site Scripting XSS Authenticated Exploit Author: Rahad Chowdhury Vendor Homepage: https://opensolution.org/ Software Link: https://opensolution.org/download/home.html?sFile=Quick.Cmsv6.7-en.zip Version: 6.7 Tested on: Windows...