39001 matches found
SugarCRM 12.2.0 SQL Injection Vulnerability
---------------------------------------------------- SugarCRM = 12.2.0 Two SQL Injection Vulnerabilities ---------------------------------------------------- - Software Link: https://www.sugarcrm.com - Affected Versions: Version 12.2.0 and prior versions. Version 12.0.2 and prior versions. Versio...
Orange Station 1.0 SQL injection Vulnerability
Title: Orange Station 1.0 SQLi Author: nu11secur1ty Vendor: https://www.mayurik.com/ Software: https://www.sourcecodester.com/php/15485/garage-management-system-using-phpmysql-source-code.html Reference:...
Windows/x86 - WinExec PopCalc PEB & Export Directory Table NullFree Dynamic Shellcode 178 bytes
; Windows/x86 - WinExec PopCalc PEB & Export Directory Table NullFree Dynamic Shellcode 178 bytes ; Description: ; This is a shellcode that pop a calc.exe. The shellcode iuses ; the PEB method to locate the baseAddress of the required module and the Export Directory Table ; to locate symbols. Als...
Microsoft OMI Management Interface Authentication Bypass Exploit
By removing the authentication header, an attacker can issue an HTTP request to the OMI management endpoint that will cause it to execute an operating system command as the root user. This vulnerability was patched in OMI version 1.6.8-1 released September 8th 2021. This module requires Metasploi...
Dnsmasq < 2.78 - Stack-Based Overflow Exploit
Exploit for multiple platform in category dos / poc ''' Sources: https://raw.githubusercontent.com/google/security-research-pocs/master/vulnerabilities/dnsmasq/CVE-2017-14493.py https://security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html 1 Build the docker and open two terminal...
Multilaser RE160V / RE160 URL Manipulation Access Bypass Vulnerability
Multilaser RE160V web management interface versions 12.03.01.08pt and 12.03.01.09pt along with RE160 versions 5.07.51ptMTL01 and 5.07.52ptMTL01 suffer from an access control bypass vulnerability through URL manipulation. =====Tempest Security Intelligence - Security Advisory - CVE-2023-38945=====...
Solaris 10 dtprintinfo / libXm / libXpm Security Issues Vulnerability
Multiple vulnerabilities have been discovered across Common Desktop Environment version 1.6, Motif version 2.1, and X.Org libXpm versions prior to 3.5.15 on Oracle Solaris 10 that can be chained together to achieve root. Title: Multiple vulnerabilities in Solaris dtprintinfo and libXm/libXpm...
Zimbra Privilege Escalation Exploit
This Metasploit module exploits a vulnerable sudo configuration that permits the Zimbra user to execute postfix as root. In turn, postfix can execute arbitrary shellscripts, which means it can execute a root shell. This module requires Metasploit: https://metasploit.com/download Current source:...
BlogEngine.NET 3.3.6/3.3.7 - (path) Directory Traversal Vulnerability
Exploit for asp platform in category web applications Exploit Title: Directory Traversal on BlogEngine.NET Date: 24 Jun 2019 Exploit Author: Aaron Bishop Vendor Homepage: https://blogengine.io/ Version: v3.3.7 Tested on: 3.3.7, 3.3.6 CVE : 2019-10717 1. Description ============== BlogEngine.NET i...
Shell In A Box 2.2.0 Denial Of Service Exploit
Exploit for linux platform in category dos / poc Product: Shell In A Box aka shellinabox, shellinaboxd "Shell In A Box implements a web server that can export arbitrary command line tools to a web based terminal emulator. This emulator is accessible to any JavaScript and CSS enabled web browser a...
WordPress 5.7 - (Media Library) XML External Entity Injection Authenticated Vulnerability
Exploit Title: WordPress 5.7 - 'Media Library' XML External Entity Injection XXE Authenticated Exploit Author: David Utón M3n0sD0n4ld Vendor Homepage: https://wordpress.com Affected Version: WordPress 5.6-5.7 & PHP8 Tested on: Linux Ubuntu 18.04.5 LTS CVE : CVE-2021-29447 !/bin/bash Author:...
Gas Agency Management 2022 SQL Injection / XSS / Shell Upload Vulnerabilities
Gas Agency Management 2022 suffers from cross site scripting, remote SQL injection, and remote shell upload vulnerabilities. Title: Gas Agency Management-2022 by Mayuri K - SQLi+FU-RCE+XSS Author: nu11secur1ty Vendor Homepage: https://www.mayurik.com/downloadsection Software Link-0:...
Wordpress Smart Product Review 1.0.4 Plugin - Shell Upload Exploit
Exploit Title: Wordpress Plugin Smart Product Review 1.0.4 - Arbitrary File Upload Google Dork: inurl: /wp-content/plugins/smart-product-review/ Exploit Author: Keyvan Hardani Vendor Homepage: https://demo.codeflist.com/wordpress-plugins/smart-product-review/ Version: = 1.0.4 Tested on: Kali Linu...
Wordpress 4.9.6 - Arbitrary File Deletion (Authenticated) Exploit
Exploit Title: Wordpress 4.9.6 - Arbitrary File Deletion Authenticated 2 Exploit Author: samguy Vulnerability Discovery By: Slavco Mihajloski & Karim El Ouerghemmi Vendor Homepage: https://wordpress.org Software Link: https://wordpress.org/wordpress-4.9.6.tar.gz Version: 4.9.6 Tested on: Linux -...
SonicWall SMA 10.2.1.0-17sv - Password Reset Vulnerability
Exploit Title: SonicWall SMA 10.2.1.0-17sv - Password Reset Description: Overwrite the persistent database, resulting in password reset on reboot. Shodan Dork: https://www.shodan.io/search?query=title%3A%22Virtual+Office%22+%22Server%3A+SonicWall%22 Exploit Author: Jacob Baines @JuniorBaines Root...
OpenSSH 7.2p1 - Authenticated xauth Command Injection
Exploit for multiple platform in category remote exploits ''' Author: Ref: https://github.com/tintinweb/pub/tree/master/pocs/cve-2016-3115 Version: 0.2 Date: Mar 3rd, 2016 Tag: openssh xauth command injection may lead to forced-command and /bin/false bypass Overview -------- Name: openssh Vendor:...
Docker cgroups Container Escape Exploit
This Metasploit exploit module takes advantage of a Docker image which has either the privileged flag, or SYSADMIN Linux capability. If the host kernel is vulnerable, its possible to escape the Docker image and achieve root on the host operating system. A vulnerability was found in the Linux...
blueimp jQuery Arbitrary File Upload Exploit
This Metasploit module exploits an arbitrary file upload in the sample PHP upload handler for blueimp's jQuery File Upload widget in versions 9.22.0 and below. Due to a default configuration in Apache 2.3.9+, the widget's .htaccess file may be disabled, enabling exploitation of this vulnerability...
Apache Solr Backup/Restore API Remote Code Execution Exploit
Apache Solr versions 6.0.0 through 8.11.2 and versions 9.0.0 up to 9.4.1 are affected by an unrestricted file upload vulnerability which can result in remote code execution in the context of the user running Apache Solr. When Apache Solr creates a Collection, it will use a specific directory as t...
FLIR AX8 1.46.16 Traversal / Access Control / Command Injection / XSS Vulnerabilities
FLIR AX8 versions 1.46.16 and below suffer from command injection, directory traversal, improper access control, and cross site scripting vulnerabilities. FLIR AX8 vulnerabilities. Product description: The FLIR AX8 is a thermal sensor with imaging capabilities, combining thermal and visual camera...
Surreal ToDo 0.6.1.2 - Local File Inclusion Vulnerability
Exploit for php platform in category web applications Exploit Title: Surreal ToDo 0.6.1.2 - Local File Inclusion Exploit Author: Ihsan Sencan Vendor Homepage: http://getsurreal.com/surrealtodo Software Link:...
ClipShare < 3.0.1 (tid) Remote SQL Injection Vulnerability
Exploit for unknown platform in category web applications ========================================================== ClipShare 3.0.1 tid Remote SQL Injection Vulnerability ========================================================== // / / / Clipshare / / / / Remote SQL Injection Vulnerability / / ...
Elasticsearch - StackOverflow DoS Exploit
Exploit Author: TOUHAMI KASBAOUI Vendor Homepage: https://elastic.co/ Version: 8.5.3 / OpenSearch Tested on: Ubuntu 20.04 LTS CVE : CVE-2023-31419 Ref: https://github.com/sqrtZeroKnowledge/Elasticsearch-Exploit-CVE-2023-31419 import requests import random import string esurl =...
Windows/x86 - Locate kernel32 base address / Memory Sieve method Shellcode (133 bytes)
; Shellcode Title: Windows/x86 - Locate kernel32 base address / Memory Sieve method Shellcode 133 bytes ; Description: ; This shellcode is a new method to find kernel32 base address by parsing .text section of memory to find a pointer to kernel32 API. ; Shellcode Author: Tarek Ahmed ; Tested on:...
M-Files Web Denial Of Service Vulnerability
M-Files Web versions prior to 20.10.9524.1 and M-Files Web versions prior to 20.10.9445.0 contain an improper range header processing vulnerability. A remote unauthenticated attacker may send crafted requests with overlapping ranges via HTTP requests with a specially-crafted Range or Request-Rang...
Altus Sistemas de Automacao Products CSRF / Command Injection / Hardcoded Credentials Vulnerability
======================================================================= title: Multiple Critical Vulnerabilities product: Multiple Altus Sistemas de Automacao products: Nexto NX30xx Series Nexto NX5xxx Series Nexto Xpress XP3xx Series Hadron Xtorm HX3040 Series vulnerable version: See "Vulnerable...
phpKF 1.10 XSS / CSRF / SQL Injection Vulnerabilities
phpKF version 1.10 suffers from cross site request forgery, cross site scripting, and remote SQL injection vulnerabilities. Exploit Title: phpKF - Multi Vulnerabilities XSS , SQLi , CSRF Google Dork: Yazılım: phpKF © 2007-2019 Exploit Author: Ahmethan GULTEKIN @inject0r16 b4 Vendor Homepage:...
Apple Smart Card Services Memory Corruption Vulnerability
Attackers with local access can exploit security issues in the smartcard driver. These result in memory corruptions, which might lead to code execution. Since smartcards can be used for authentication, the vulnerabilities may allow an attacker to login to the system without valid credentials as a...
Themebleed Windows 11 Themes Arbitrary Code Execution Exploit
When an unpatched Windows 11 host loads a theme file referencing an msstyles file, Windows loads the msstyles file, and if that file's PACKMEVERSION is 999, it then attempts to load an accompanying dll file ending in vrf.dll. Before loading that file, it verifies that the file is signed. It does...
Advantech iView NetworkServlet Command Injection Exploit
Advantech iView software versions prior to 5.7.04.6469 are vulnerable to an unauthenticated command injection vulnerability via the NetworkServlet endpoint. The database backup functionality passes a user-controlled parameter, backupfile to the mysqldump command. The sanitization functionality on...
Engineers Online Portal 1.0 - (multiple) Stored Cross-Site Scripting Vulnerability
Exploit Title: Engineers Online Portal 1.0 - 'multiple' Stored Cross-Site Scripting XSS Exploit Author: Alon Leviev Category: Web application Vendor Homepage: https://www.sourcecodester.com/php/13115/engineers-online-portal-php.html Software Link:...
Aviatrix Controller 6.x Path Traversal / Code Execution Exploit
!/usr/bin/env python3 import requests from requests.structures import CaseInsensitiveDict from colorama import Fore, Style import argparse from requests.packages.urllib3.exceptions import InsecureRequestWarning requests.packages.urllib3.disablewarningsInsecureRequestWarning printf""" ░█▀▀█ ░█──░█...
Jiofi 4 (JMR 1140 Amtel_JMR1140_R12.07) - CSRF (Admin Token Disclosure) Vulnerability
Exploit for hardware platform in category web applications Exploit Title: Jiofi 4 JMR 1140 CSRF To Leak Admin Tokens to change wifi Password or Factory Reset Router Exploit Author: Ronnie T Baby Contact:https://www.linkedin.com/in/ronnietbaby Vendor Homepage: www.jio.com Hardware Link:...
ManageEngine ADAudit Plus Path Traversal / XML Injection Exploit
This Metasploit module exploits CVE-2022-28219, which is a pair of vulnerabilities in ManageEngine ADAudit Plus versions before build 7060. They include a path traversal in the /cewolf endpoint along with a blind XML external entity injection vulnerability to upload and execute a file. This modul...
Mitel 6800/6900 Series SIP Phones Backdoor Access Vulnerability
Mitel 6800/6900 Series SIP Phones excluding 6970 and Mitel 6900 Series IP MiNet Phones have a flow to spawn a telnet backdoor on the device with a static root password enabled. Affected versions include Rel 5.1 SP8 5.1.0.8016 and earlier, Rel 6.0 6.0.0.368 to 6.1 HF4 6.1.0.165, and MiNet 1.8.0.12...
Reolink E1 Zoom Camera 3.0.0.716 Configuration Disclosure Vulnerability
ADVISORY INFORMATION ======================= Product: Reolink E1 Zoom Camera Vendor URL: https://reolink.com/product/e1-zoom/ Type: Exposure of Sensitive Information to an Unauthorized Actor CWE-200 Date found: 2021-08-26 Date published: 2022-06-01 CVSSv3 Score: 5.3...
Textpattern CMS 4.8.3 Remote Code Execution Exploit
Exploit Title: Textpattern = 4.8.3 Remote code execution Authenticated Exploit Author: Ricardo Ruiz @ricardojoserf Vendor Homepage: https://textpattern.com/ Software Link: https://textpattern.com/start Version: Previous to 4.8.3 Tested on: CentOS, textpattern 4.5.7 and 4.6.0 Install dependencies:...
Xorg X11 Server SUID Privilege Escalation Exploit
This Metasploit module attempts to gain root privileges with SUID Xorg X11 server versions 1.19.0 up to 1.20.3. A permission check flaw exists for -modulepath and -logfile options when starting Xorg. This allows unprivileged users that can start the server the ability to elevate privileges and ru...
Adobe ColdFusion Unauthenticated Remote Code Execution Exploit
This Metasploit module exploits a remote unauthenticated deserialization of untrusted data vulnerability in Adobe ColdFusion 2021 Update 5 and earlier as well as ColdFusion 2018 Update 15 and earlier, in order to gain remote code execution. This module requires Metasploit:...
Intel Data Center Manager 5.1 Local Privilege Escalation Vulnerability
The latest version 5.1 and all prior versions of Intel's Data Center Manager are vulnerable to a local privileges escalation vulnerability using the application user "dcm" used to run the web application and the rest interface. An attacker who gained remote code execution using this dcm user i.e....
SeedDMS < 5.1.11 - (out.UsrMgr.php) Cross-Site Scripting Vulnerability
Exploit for php platform in category web applications Exploit Title: Persistent Cross-Site Scripting or Stored XSS in out/out.UsrMgr.php in SeedDMS before 5.1.11 Exploit Author: Nimit Jainhttps://secfolks.blogspot.com Vendor Homepage: https://www.seeddms.org Software Link:...
Apache Axis 1.4 - Remote Code Execution Exploit
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Apache Axis 1.4 Remote Code Execution CVE-2019-0227 https://rhinosecuritylabs.com/Application-Security/CVE-2019-0227-Expired-Domain-to-RCE-in-Apache-Axis Author: David Yesland @daveysec, Rhino...
Kemp LoadMaster Unauthenticated Command Injection Exploit
This Metasploit module exploits an unauthenticated command injection vulnerability in Progress Kemp LoadMaster in the authorization header after version 7.2.48.1. The following versions are patched: 7.2.59.2 GA, 7.2.54.8 LTSF, and 7.2.48.10 LTS. This module requires Metasploit:...
ownCloud Phpinfo Reader Exploit
Docker containers of ownCloud compiled after February 2023, which have version 0.2.0 before 0.2.1 or 0.3.0 before 0.3.1 of the app graph installed contain a test file which prints phpinfo to an unauthenticated user. A post file name must be appended to the URL to bypass the login filter. Docker m...
MyBB (prior 1.8.30) Admin Control Remote Code Execution Exploit
This Metasploit module exploits an improper input validation vulnerability in MyBB versions prior to 1.8.30 to execute arbitrary code in the context of the user running the application. The MyBB Admin Control setting page calls the PHP eval function with unsanitized user input. The exploit adds a...
Remote Control Collection Remote Code Execution Exploit
This Metasploit module utilizes the Remote Control Server's protocol to deploy a payload and run it from the server. Remote Control Collection by Steppschuh version 3.1.1.12 was tested and affected at the time of the module writing. This module requires Metasploit: https://metasploit.com/download...
Automated Tank Gauge (ATG) Remote Configuration Disclosure Exploit
In 2015, HD Moore, the creator of Metasploit, published an article disclosing over 5,800 gas station Automated Tank Gauges ATGs which were publicly accessible. Besides monitoring for leakage, these systems are also instrumental in gauging fluid levels, tank temperature, and can alert operators wh...
Oracle Weblogic Server - Deserialization Remote Command Execution (Patch Bypass) Exploit
Oracle Weblogic Server - Deserialization Remote Command Execution Patch Bypass Exploit // All greets goes to RIPS Tech // Run this JS on Attachment Settings ACP page var pluploadsalt = ''; var formtoken = ''; var creationtime = ''; var filepath =...
Linux Kernel ptrace/sysret - Local Privilege Escalation Exploit
The Linux kernel before 3.15.4 on Intel processors does not properly restrict use of a non-canonical value for the saved RIP address in the case of a system call that does not use IRET, which allows local users to leverage a race condition and gain privileges, or cause a denial of service double...
Geoserver Unauthenticated Remote Code Execution Exploit
GeoServer is an open-source software server written in Java that provides the ability to view, edit, and share geospatial data. It is designed to be a flexible, efficient solution for distributing geospatial data from a variety of sources such as Geographic Information System GIS databases,...