39001 matches found
ASUS ASMB8 iKVM 1.14.51 SNMP Remote Root Vulnerability
ASUS ASMB8 iKVM firmware versions 1.14.51 and below suffers from a flaw where SNMPv2 can be used with write access to introduce arbitrary extensions to achieve remote code execution as root. The researchers also discovered a hardcoded administrative account...
Music Gallery Site 1.0 SQL Injection Vulnerability
Music Gallery Site - SQL Injection on page musiclist.php and parameter cid is vulnerable, application url is ?page=musiclist&cid=?. Any remote attacker can access this page to exploit the vulnerbility. CVE Assigned: CVE-2023-0938 mitre.org nvd.nist.org Author Name: Muhammad Navaid Zafar Ansari...
Sanitization Management System 1.0 SQL Injection Vulnerability
Title: SMS - PHP by: oretnom23 v1.0 SQLi Author: nu11secur1ty Vendor: https://github.com/oretnom23, https://www.sourcecodester.com/users/tips23 Software: https://www.sourcecodester.com/download-code?nid=15770&title=Sanitization+Management+System+Project+in+PHP+and+MySQL+Free+Source+Code Reference...
HC10 HC.Server Service 10.14 - Remote Invalid Pointer Write Vulnerability
Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/HC10-HC.SERVER-10.14-REMOTE-INVALID-POINTER-WRITE.txt + ISR: ApparitionSec Vendor www.hostingcontroller.com Product HC10 HC.Server Service 10.14 HC10 is a unified hosting...
Simple Online Mens Salon Management System 1.0 SQL Injection Vulnerability
Simple Online Mens Salon Management System 1.0 SQL Injection Vulnerability MSMS Vendor Description The password parameter on MSMS 1.0 appears to be vulnerable to SQL injection attacks. The predictive tests of this application interacted with that domain, indicating that the injected SQL query was...
Sharepoint Dynamic Proxy Generator Remote Command Execution Exploit
This Metasploit module exploits two vulnerabilities in Sharepoint 2019 - an authentication bypass as noted in CVE-2023-29357 which was patched in June of 2023 and CVE-2023-24955 which was a remote command execution vulnerability patched in May of 2023. The authentication bypass allows attackers t...
CMSMS 2.2.19 Arbitrary File Upload Vulnerability
The parameter "fileupload" in type ID is vulnerable to File Upload and RCE attacks, it is not sanitized correctly. The attacker can upload a virus directly on the server by using this web vulnerability, and then he can execute it, this can be the end of this server depending on the scenario! In...
Wondershare Dr.Fone 12.9.6 Weak Permissions / Privilege Escalation Vulnerability
Executive Summary: Product Name: Wondershare Dr. Fone Vendor Home Page: https://drfone.wondershare.com Affected Versions: Dr Fone version 12.9.6 Vulnerability Type: Execution with Unnecessary Privileges CWE-250 CVE Reference: CVE-2023-27010. Credit: Thurein Soe Vendor Description: Wondershare Dr...
Schneider Electric SpaceLogic C-Bus Home Controller (5200WHC2) Remote Root Exploit
Schneider Electric SpaceLogic C-Bus Home Controller 5200WHC2 versions 1.31.460 and below suffer from an authenticated OS command injection vulnerability. This can be exploited to inject and execute arbitrary shell commands as the root user via the name GET parameter in delsnap.pl Perl/CGI script...
ManageEngine ADSelfService Plus Custom Script Execution Exploit
This Metasploit module exploits the "custom script" feature of ADSelfService Plus. The feature was removed in build 6122 as part of the patch for CVE-2022-28810. For purposes of this module, a "custom script" is arbitrary operating system command execution. This module uses an attacker provided...
Cisco Small Business RV Series Authentication Bypass / Command Injection Exploit
This Metasploit module exploits an authentication bypass CVE-2021-1472 and command injection CVE-2021-1473 in the Cisco Small Business RV series of VPN/routers. The device does not adequately verify the credentials in the HTTP Authorization field when requests are made to the /upload endpoint. Th...
Aver EVC300 Firmware 00.10.16.36 Hardcoded Secrets Vulnerability
Aver EVC300 firmware version 00.10.16.36 suffers from having multiple hard-coded secrets that can allow for access bypass. Firmware for Aver EVC300 multipoint video conferencing system v00.10.16.36 and others as well as firmware for several other devices manufactured by Aver, potentially all...
Windows/x86 - Bind TCP shellcode / Dynamic PEB & EDT method null-free Shellcode (415 bytes)
; Name: Windows/x86 - Bind TCP shellcode / Dynamic PEB & EDT method null-free Shellcode 415 bytes ; Author: h4pp1n3ss ; Tested on: Microsoft Windows Version 10.0.19042.1237 ; Description: ; This a bind tcp shellcode that open a listen socket on 0.0.0.0 and port 1337. In order to accomplish this...
Adaware Web Companion version 4.8.2078.3950 - (WCAssistantService) Unquoted Service Path
Exploit Title: Adaware Web Companion version 4.8.2078.3950 - 'WCAssistantService' Unquoted Service Path Exploit Author: Mariela L Martínez Hdez Vendor Homepage: https://webcompanion.com/en/ Software Link: https://webcompanion.com/en/ Version: Adaware Web Companion version 4.8.2078.3950 Tested on:...
Roxy WI v6.1.0.0 - Unauthenticated Remote Code Execution Vulnerability
Exploit Title: Roxy WI v6.1.0.0 - Unauthenticated Remote Code Execution RCE via subprocessexecute Exploit Author: Iyaad Luqman K Application: Roxy WI = v6.1.0.0 Vendor Homepage: https://roxy-wi.org Software Link: https://github.com/hap-wi/roxy-wi.git Tested on: Ubuntu 22.04 CVE : CVE-2022-31137 P...
opencart 3.0.3.8 - Sessjion Injection Vulnerability
Exploit Title: opencart 3.0.3.8 - Sessjion Injection Exploit Author: Hubert Wojciechowski Contact Author: email protected Company: https://redteam.pl Vendor Homepage: https://www.opencart.com/ Software Link: https://www.opencart.com/ Version: 3.0.3.8 Testeted on: Windows 10 using XAMPP,...
WebRTC usrsctp Incorrect Call Vulnerability
WebRTC: usrsctp is called with pointer as network address When usrsctp is used with a custom transport, an address must be provided to usrsctpconninput be used as the source and destination address of the incoming packet. WebRTC uses the address of the SctpTransport instance for this value...
Employee Record Management System 1.1 SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: Employee Record Management SystemERMS 1.1 - Authentication Bypass Exploit Author: gh1mau Team Members: Capt'N,muzzo,chaos689 | https://h0fclanmalaysia.wordpress.com/ Vendor Homepage:...
Microsoft Windows - NetAPI32.dll Code Execution (Python) (MS08-067) Exploit
Exploit for windows platform in category remote exploits EDB-Note: Source https://raw.githubusercontent.com/ohnozzy/Exploit/master/MS08067.py import struct import time import sys from threading import Thread Thread is imported incase you would like to modify try: from impacket import smb from...
UBICOD Medivision Digital Signage 1.5.1 - Authorization Bypass Vulnerability
Exploit for hardware platform in category web applications Title: UBICOD Medivision Digital Signage 1.5.1 - Authorization Bypass Author: LiquidWorm Product web page: http://www.medivision.co.kr CVE: N/A Vendor: UBICOD Co., Ltd. | MEDIVISION INC. Product web page: http://www.medivision.co.kr...
Microsoft Windows - (WizardOpium) Local Privilege Escalation Exploit
include include extern "C" NTSTATUS NtUserMessageCallHWND hWnd, UINT msg, WPARAM wParam, LPARAM lParam, ULONGPTR ResultInfo, DWORD dwType, BOOL bAscii; int main HINSTANCE hInstance = GetModuleHandleNULL; WNDCLASSEX wcx; ZeroMemory&wcx, sizeofwcx; wcx.hInstance = hInstance; wcx.cbSize = sizeofwcx;...
Linux Kernel libfutex Local Root for RHEL/CentOS 7.0.1406 Exploit
Exploit for linux platform in category local exploits / CVE-2014-3153 exploit for RHEL/CentOS 7.0.1406 By Kaiqu Chen email protected Based on libfutex and the expoilt for Android by GeoHot. Usage: $gcc exploit.c -o exploit -lpthread $./exploit / include include include include include include...
WordPress Hash Form Plugin Remote Code Execution Exploit
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'WordPress Hash Form Plugin RCE', 'Description' = %q The Hash Form – Drag & Drop Form Builder plugin for WordPress suffers from a critical...
Glibc Tunables Privilege Escalation Exploit
A buffer overflow exists in the GNU C Library's dynamic loader ld.so while processing the GLIBCTUNABLES environment variable. It has been dubbed Looney Tunables. This issue allows an local attacker to use maliciously crafted GLIBCTUNABLES when launching binaries with SUID permission to execute co...
Kiddoware Kids Place Parental Control Android App 3.8.49 XSS / CSRF / File Upload Vulnerabilities
======================================================================= title: Multiple Vulnerabilities product: Kiddoware Kids Place Parental Control Android App vulnerable version: =3.8.49 fixed version: 3.8.50 or higher CVE number: CVE-2023-28153, CVE-2023-29078, CVE-2023-29079 impact: High...
Oracle Database 19c Access Bypass Vulnerability
Oracle Database Vault had a flaw that would allow unauthorized privileged users to extract data from a protected table. Oracle 19c versions 19.18 and below are affected. Fixed in the Oracle Critical Patch Update October 2022. Title: Oracle Database Vault Protected Table With Realm Data Extraction...
Instagram Auto Follow - Authentication #Bypass Vulnerability
Exploit for php platform in category web applications Exploit Title: Instagram Auto Follow - Autobot Instagram - Authentication Bypass Exploit Author: Veyselxan Vendor Homepage: https://codecanyon.net/item/instagram-auto-follow-autobot-instagram/23720743?srank=4 Tested on: Linux...
Adobe Coldfusion 11 CKEditor Arbitrary File Upload Exploit
A file upload vulnerability exists in the CKEditor of Adobe ColdFusion 11 Update 14 and earlier. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Adobe ColdFusion CKEditor unrestricted file...
Cisco IOS - Remote Code Execution Exploit
Exploit for hardware platform in category remote exploits !/usr/bin/env python if False: ''' CVE-2017-6736 / cisco-sa-20170629-snmp Cisco IOS remote code execution =================== This repository contains Proof-Of-Concept code for exploiting remote code execution vulnerability in SNMP service...
ABB Cylon Aspect 3.08.02 webServerUpdate.php Configuration Poisoning Vulnerability
ABB Cylon Aspect version 3.08.02 suffers from improper input validation on the port POST parameter in the webServerUpdate.php script. This input is not validated on the server side and relies on bypassable client-side checks using the inString.js script to verify that the port parameter contains...
Hitachi NAS SMU 14.8.7825 Information Disclosure Vulnerability
Exploit Title: Hitachi NAS HNAS System Management Unit SMU 14.8.7825 - Information Disclosure CVE: CVE-2023-6538 Exploit Author: Arslan Masood @arszilla Vendor: https://www.hitachivantara.com/ Version: --id --sso " Create --host argument: parser.addargument "--host", required=True, type=str,...
KiTTY 0.76.1.13 - Command Injection Exploit
Exploit Title: KiTTY 0.76.1.13 - Command Injection Exploit Author: DEFCESCO Austin A. DeFrancesco Vendor Homepage: https://github.com/cyd01/KiTTY/= Software Link: https://github.com/cyd01/KiTTY/releases/download/v0.76.1.13/kitty-bin-0.76.1.13.zip Version: ≤ 0.76.1.13 Tested on: Microsoft Windows...
GL.iNet - Router Authentication Bypass Exploit
DZONERZY Security Research GLiNet: Router Authentication Bypass ======================================================================== Contents ======================================================================== 1. Overview 2. Detailed Description 3. Exploit 4. Timeline...
Textpattern 4.8.8 - Remote Code Execution (Authenticated) Exploit
Exploit Title: Textpattern 4.8.8 - Remote Code Execution RCE Authenticated Exploit Author: Alperen Ergel Contact: @alpernae IG/TW Software Homepage: https://textpattern.com/ Version : 4.8.8 Tested on: windows 11 xammp | Kali linux Category: WebApp Google Dork: intext:"Published with Textpattern...
WordPress Delightful Downloads Jquery File Tree 1.6.6 Plugin - Path Traversal Exploit
Exploit Title: WordPress Plugin Delightful Downloads Jquery File Tree 1.6.6 - Path Traversal Exploit Author: Nicholas Ferreira Vendor Homepage: https://github.com/A5hleyRich/delightful-downloads Version: =1.6.6 Tested on: Debian 11 CVE : CVE-2017-1000170 PHP version exploit: 7.3.27 POC: curl --da...
Eibiz i-Media Server Digital Signage 3.8.0 Authentication Bypass Exploit
Eibiz i-Media Server Digital Signage version 3.8.0 suffers from unauthenticated privilege escalation and arbitrary user creation vulnerability that allows authentication bypass. Once serialized, an AMF encoded object graph may be used to persist and retrieve application state or allow two endpoin...
Phoenix Contact TC Router / TC Cloud Client Command Injection Vulnerability
Phoenix Contact TC Router and TC Cloud Client versions 2.05.3 and below, 2.03.17 and below, and 1.03.17 and below suffer from authenticated command injection and various other vulnerabilities. ======================================================================= title: Authenticated Command...
WinPower 4.9.0.4 - Privilege Escalation Exploit
Exploit for windows platform in category local exploits Exploit Title: WinPower V4.9.0.4 Privilege Escalation Date: 29-11-2016 Software Link: http://www.ups-software-download.com/ Exploit Author: Kacper Szurek Contact: http://twitter.com/KacperSzurek Website: http://security.szurek.pl/ Category:...
ManageEngine ADAudit Plus Remote Code Execution Exploit
This Metasploit module exploits security issues in ManageEngine ADAudit Plus versions prior to 7006 that allow authenticated users to execute arbitrary code by creating a custom alert profile and leveraging its custom alert script component. The module first runs a few checks to test the provided...
phpBB <= 2.0.12 Change User Rights Authentication Bypass
Exploit for unknown platform in category web applications ======================================================== phpBB new ; my $cookiejar = HTTP::Cookies-new ; $browser-cookiejar $cookiejar ; $cookiejar-setcookie "0","phpbb2mysqldata", "a%3A2%3A%7Bs%3A11%3A%22autologinid%22%3Bb%3A1%3B...
MySchool 1.0 SQL Injection / Code Injection / XSS / CSRF Vulnerabilities
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ .:. Exploit Title MySchool System - Multiple Vulnerabilities .:. Google Dorks .:. inurl:web/teacherapp .:. Date:Jan 20, 2025 .:. Exploit Author: bRpsd .:. Contact: cyatlive.no .:. Vendor - https://myschool-system.com/ .:. Vendor...
CHAOS 5.0.8 Cross Site Scripting / Remote Command Execution Exploit
CHAOS version 5.0.8 is a free and open-source Remote Administration Tool that allows generated binaries to control remote operating systems. The web application contains a remote command execution vulnerability which can be triggered by an authenticated user when generating a new executable. The...
Filmora 12 version ( Build 1.0.0.7) - Unquoted Service Paths Privilege Escalation Vulnerability
Exploit Title: Filmora 12 version Build 1.0.0.7 - Unquoted Service Paths Privilege Escalation Exploit Author: Thurein Soe Vendor Homepage: https://filmora.wondershare.com Software Link: https://mega.nz/file/tQNGGZTQE1u20rdbT4R3pgSoUBG93IPAXqesJ5yyn6T8RlMFxaE Version: Filmora 12 Build 1.0.0.7 Test...
Osprey Pump Controller 1.0.1 Unauthenticated Remote Code Execution Exploit
!/usr/bin/env python Osprey Pump Controller 1.0.1 Unauthenticated Remote Code Execution Exploit Vendor: ProPump and Controls, Inc. Product web page: https://www.propumpservice.com | https://www.pumpstationparts.com Affected version: Software Build ID 20211018, Production 10/18/2021 Mirage App:...
WordPress Duplicator 1.4.6 Plugin - Unauthenticated Backup Download Vulnerability
Exploit Title: WordPress Plugin Duplicator 1.4.6 - Unauthenticated Backup Download Exploit Author: SecuriTrust Vendor Homepage: https://snapcreek.com/ Software Link: https://wordpress.org/plugins/duplicator/ Version: 1.4.7 Tested on: Linux, Windows CVE : CVE-2022-2551 Reference:...
Linux SO_PEERCRED / SO_PEERGROUPS Race Condition / Use-After-Free Exploit
Linux suffered from a use-after-free read vulnerability related to an SOPEERCRED and SOPEERGROUPS race with listen and connect. This has been addressed in stable versions 5.14.10, 5.10.71, 5.4.151, 4.19.209, 4.14.249, 4.4.288, and 4.9.286. Linux: UAF read: SOPEERCRED and SOPEERGROUPS race with...
SALTO ProAccess SPACE 5.5 Traversal / File Write / XSS / Bypass Vulnerabilities
SALTO ProAccess SPACE versions 5.5 and below suffer from path traversal, arbitrary file write, persistent cross site scripting, privilege escalation, and clear text transmission of sensitive data vulnerabilities. ======================================================================= title:...
F5 BIG-IP TMUI Directory Traversal / File Upload / Code Execution Exploit
This Metasploit module exploits a directory traversal in F5's BIG-IP Traffic Management User Interface TMUI to upload a shell script and execute it as the Unix root user. Unix shell access is obtained by escaping the restricted Traffic Management Shell TMSH. The escape may not be reliable, and yo...
Intelliants Subrion CMS 4.2.1 Remote Code Execution Exploit
This Metasploit module exploits an authenticated file upload vulnerability in Subrion CMS versions 4.2.1 and lower. The vulnerability is caused by the .htaccess file not preventing the execution of .pht, .phar, and .xhtml files. Files with these extensions are not included in the .htaccess...
Lucee Authenticated Scheduled Job Code Execution Exploit
This Metasploit module can be used to execute a payload on Lucee servers that have an exposed administrative web interface. It's possible for an administrator to create a scheduled job that queries a remote ColdFusion file, which is then downloaded and executed when accessed. The payload is...