39001 matches found
SonicWall SMA 100 Series Authenticated Command Injection Exploit
This Metasploit module exploits an authenticated command injection vulnerability in the SonicWall SMA 100 series web interface. Exploitation results in command execution as root. The affected versions are 10.2.1.2-24sv and below, 10.2.0.8-37sv and below, and 9.0.0.11-31sv and below. This module...
Linux/x86_64 - Bind (4444/TCP) Shell (/bin/sh) #Shellcode (131 bytes)
Exploit for linux/x86-64 platform in category shellcode ;Title: Linux/x8664 - Bind 4444/TCP Shell /bin/sh ;Author: Aron Mihaljevic ;Architecture: Linux x8664 ;Shellcode Length: 131 bytes ;github = https://github.com/STARRBOY ;test shellcode = after you run the shellcode, open another terminal and...
Android DeviceVersionFragment.java Privilege Escalation Exploit
Proof of concept exploit for a privilege escalation issue in Android. In checkDebuggingDisallowed of DeviceVersionFragment.java, there is a possible way to access adb before SUW completion due to an insecure default value. This could lead to local escalation of privilege with no additional...
WebCalendar 1.3.0 Cross Site Scripting Vulnerability
Exploit Title: WebCalendar Version: 1.3.0 - Stored XSS - Reflected XSS Exploit Author: tmrswrr Vendor Homepage: http://www.k5n.us/webcalendar.php Version: 1.3.0 Tested on: https://www.softaculous.com/apps/calendars/WebCalendar Stored XSS 1 Write Events Add New Events Brief Description :...
FICO Origination Manager Decision Module 4.8.1 XSS / Session Hijacking Vulnerabilities
Multiple persistent cross site scripting vulnerabilities in FICO Origination Manager Decision Module version 4.8.1 allow an attacker to execute code in the context of the victim's browser using a crafted payload. Additionally, an attacker with initial access to the application, can get the...
Android GKI Kernels Contain Broken Non-Upstream Speculative Page Faults MM Code Exploit
Android GKI kernels contain broken non-upstream Speculative Page Faults MM code that can lead to multiple use-after-free conditions. Android: GKI kernels contain broken non-upstream Speculative Page Faults MM code A central recurring theme in Linux MM development is that contention on the mmap lo...
Seowon SlC 130 Router - Remote Code Execution Exploit
Exploit for hardware platform in category web applications Exploit Title: Seowon SlC 130 Router - Remote Code Execution Author: maj0rmil4d - Ali Jalalat Author website: https://secureguy.ir Date: 2020-08-20 Vendor Homepage: seowonintech.co.kr Software Link:...
Apache 2.2.14 mod_isapi Dangling Pointer Remote SYSTEM Exploit
Exploit for unknown platform in category remote exploits ============================================================== Apache 2.2.14 modisapi Dangling Pointer Remote SYSTEM Exploit ============================================================== / Apache 2.2.14 modisapi Dangling Pointer Remote...
OpenClinic GA 5.247.01 - Path Traversal (Authenticated) Vulnerability
Exploit Title: OpenClinic GA 5.247.01 - Path Traversal Authenticated Vendor Homepage: https://sourceforge.net/projects/open-clinic/ Software Link: https://sourceforge.net/projects/open-clinic/ Version: OpenClinic GA 5.247.01 Tested on: Windows 10, Windows 11 CVE: CVE-2023-40279 Details An issue w...
QNAP QTS / QuTS Hero Unauthenticated Remote Code Execution Exploit
There exists an unauthenticated command injection vulnerability in the QNAP operating system known as QTS and QuTS hero. QTS is a core part of the firmware for numerous QNAP entry and mid-level Network Attached Storage NAS devices, and QuTS hero is a core part of the firmware for numerous QNAP...
Shuttle Booking Software 2.0 Cross Site Scripting Vulnerability
Exploit Title: Shuttle Booking Software v2.0 - Multiple Stored Cross-Site Scripting Authenticated Exploit Author: BugsBD Security Researcher Rahad Chowdhury Vendor Homepage: https://www.phpjabbers.com/shuttle-booking-software/ Software Link: https://www.phpjabbers.com/shuttle-booking-software/...
OpenText Extended ECM 22.3 Java Frontend Remote Code Execution Vulnerability
======================================================================= title: Pre-authenticated Remote Code Execution via Java frontend and QDS endpoint product: OpenText™ Content Server component of OpenText™ Extended ECM vulnerable version: 20.4 - 22.3 fixed version: 22.4 CVE number:...
WordPress Duplicator 1.4.7 Plugin - Information Disclosure Vulnerability
Exploit Title: WordPress Plugin Duplicator 1.4.7 - Information Disclosure Exploit Author: SecuriTrust Vendor Homepage: https://snapcreek.com/ Software Link: https://wordpress.org/plugins/duplicator/ Version: = 1.4.7 Tested on: Linux, Windows CVE : CVE-2022-2552 Reference: https://securitrust.fr...
Wavlink WN530HG4 - Password Disclosure Vulnerability
Exploit Title: Wavlink WN530HG4 - Password Disclosure Exploit Author: Ahmed Alroky Author Company : AIactive Version: M30HG4.V5030.191116 Vendor home page : wavlink.com Authentication Required: No CVE : CVE-2022-34047 Tested on: Windows Exploit view-source:http://IPaddress/setsafety.shtml?r=52300...
Feberr 12.7 Shell Upload Vulnerability
Exploit Title: Feberr - Multivendor Digital Products Marketplace arbitrary file upload Version 12.7 Google Dork: N/A Exploit Author: Sohel Yousef - email protected Software Link: https://www.codester.com/items/14224/feberr-multivendor-digital-products-marketplace Software link 2...
Wordpress Catch Themes Demo Import 1.6.1 Plugin- Remote Code Execution Exploit
Exploit Title: Wordpress Plugin Catch Themes Demo Import 1.6.1 - Remote Code Execution RCE Authenticated Exploit Author: Ron Jost Hacker5preme Vendor Homepage: https://wordpress.org/plugins/catch-themes-demo-import/ Software Link:...
Microsoft Windows 7 / 2008 R2 (x64) - EternalBlue SMB Remote Code Execution (MS17-010) Exploit
Exploit for windows platform in category remote exploits !/usr/bin/python from impacket import smb from struct import pack import os import sys import socket ''' EternalBlue exploit for Windows 7/2008 by sleepya The exploit might FAIL and CRASH a target system depended on what is overwritten Test...
ZKTeco ZKAccess Professional 3.5.3 - Insecure File Permissions Privilege Escalation
Exploit for windows platform in category local exploits ZKTeco ZKAccess Professional 3.5.3 Insecure File Permissions Vendor: ZKTeco Inc. | Xiamen ZKTeco Biometric Identification Technology Co.,ltd Product web page: http://www.zkteco.com Affected version: 3.5.3 Build 0005 Summary: ZKAccess 3.5 is ...
Lost and Found Information System v1.0 - ( IDOR ) leads to Account Take over Exploit
Exploit Title: Lost and Found Information System v1.0 - idor leads to Account Take over Exploit Author: OR4NG.M4N Category : webapps CVE : CVE-2023-38965 Python p0c : import argparse import requests import time parser = argparse.ArgumentParserdescription='Send a POST request to the target server'...
Fortinet FortiOS / FortiProxy / FortiSwitchManager Authentication Bypass Exploit
This Metasploit module exploits an authentication bypass vulnerability in the Fortinet FortiOS, FortiProxy, and FortiSwitchManager API to gain access to a chosen account and then adds an SSH key to the authorizedkeys file of the chosen account, allowing you to login to the system with the chosen...
Pentaho Business Analytics / Pentaho Business Server 9.1 Filename Bypass Vulnerability
Pentaho allows users to upload various files of different file types. The upload service is implemented under the /pentaho/UploadService endpoint. The file types allowed by the application are csv, dat, txt, tar, zip, tgz, gz, gzip. When uploading a file with an extension other than the allowed...
Maian-Cart 3.8 - Remote Code Execution (Unauthenticated) Exploit
Exploit title: Maian-Cart 3.8 - Remote Code Execution RCE Unauthenticated Tested on: Ubuntu 20.04 LTS Exploit Authors: DreyAnd, purpl3 Software Link: https://www.maiancart.com/download.html Vendor homepage: https://www.maianscriptworld.co.uk/ Version: Maian Cart 3.8 CVE: CVE-2021-32172...
F5 BIG-IP iControl Cross Site Request Forgery Exploit
This Metasploit module exploits a cross-site request forgery CSRF vulnerability in F5 Big-IP's iControl interface to write an arbitrary file to the filesystem. While any file can be written to any location as root, the exploitability is limited by SELinux; the vast majority of writable locations...
Pharmacy Management System 1.0 Shell Upload Vulnerability
Exploit Title: Pharmacy management system - Remote Code Execution RCE Exploit Author: Saud Alenazi Vendor Homepage: https://www.sourcecodester.com/ Software Link: https://www.sourcecodester.com/php/15281/multi-language-pharmacy-management-system-project-source-code.html Version: 1.0 Tested on:...
Zyxel Buffer Overflow / File Disclosure / CSRF / XSS / Broken Access Control Vulnerabilities
Multiple Zyxel devices suffer from buffer overflow, local file disclosure, unsafe storage of sensitive data, command injection, broken access control, symbolic link processing, cross site request forgery, and cross site scripting vulnerabilities...
Moodle 3.11.4 - SQL Injection Vulnerability
Exploit Title: Moodle 3.11.4 - SQL Injection Exploit Author: lavclash75 Vendor Homepage: https://moodle.org/ Version: Moodle 3.11 to 3.11.4 CVE: CVE-2022-0332 POC GET...
Karenderia CMS 5.3 SQL Injection Vulnerability
Exploit for php platform in category web applications =========================================================================================== Exploit Title: Karenderia CMS 5.3 - Multiple SQL Vuln. Exploit Author: Mehmet EMIROGLU Vendor Homepage: email protected Software Link:...
Mantis Bug Tracker 1.3.0/2.3.0 - Password Reset Exploit
Exploit for php platform in category web applications + Credits: John Page a.k.a hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/MANTIS-BUG-TRACKER-PRE-AUTH-REMOTE-PASSWORD-RESET.txt + ISR: ApparitionSec Vendor: ================ www.mantisbt.org...
WordPress eTemplates 0.2.1 SQL Injection Vulnerability
CVE-2024-55972 eTemplates = 0.2.1 - Unauthenticated SQL Injection Description The eTemplates plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 0.2.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing S...
Chamilo 1.11.18 Command Injection Exploit
This Metasploit module exploits an unauthenticated remote command execution vulnerability that affects Chamilo versions 1.11.18 and below. Due to a functionality called Chamilo Rapid to easily convert PowerPoint slides to courses on Chamilo, it is possible for an unauthenticated remote attacker t...
Rails 5.2.1 - Arbitrary File Content Disclosure Exploit
Exploit for multiple platform in category web applications ''' Exploit Title: File Content Disclosure on Rails Date: CVE disclosed 3/16 today's date is 3/20 Exploit Author: NotoriousRebel Vendor Homepage: https://rubyonrails.org/ Software Link: https://github.com/rails/rails Version: Versions...
GL.iNet Unauthenticated Remote Command Execution Exploit
A command injection vulnerability exists in multiple GL.iNet network products, allowing an attacker to inject and execute arbitrary shell commands via JSON parameters at the glsystemlog and glcrashlog interface in the logread module. This Metasploit exploit requires post-authentication using the...
FreeSWITCH 1.10.6 SRTP Packet Denial Of Service Vulnerability
FreeSWITCH susceptible to Denial of Service via invalid SRTP packets - Fixed versions: v1.10.7 - Enable Security Advisory: https://github.com/EnableSecurity/advisories/tree/master/ES2021-09-freeswitch-srtp-dos - Vendor Security Advisory:...
Centreon 19.04 - Remote Code Execution Exploit #RCE
Exploit for php platform in category web applications !/usr/bin/python ''' Exploit Title: Centreon v19.04 authenticated Remote Code Execution Date: 28/06/2019 Exploit Author: Askar @mohammadaskar2 CVE : CVE-2019-13024 Vendor Homepage: https://www.centreon.com/ Software link:...
TP-Link JetStream Smart Switch TL-SG2210P 5.0 Build 20211201 Privilege Escalation Vulnerability
Credits: Shahnawaz Shaikh, Security Researcher at Cybergate Defense LLC + twitter.com/striv3r Vendor Tp-Link http://tp-link.com Product JetStream Smart Switch - TL-SG2210P v5.0 Build 20211201 Vulnerability Type Improper Access Control Affected Product Code Base JetStream Smart Switch - TL-SG2210P...
IBM AIX 7.2 inscout Privilege Escalation Exploit
This Metasploit module exploits a command injection vulnerability in IBM AIX invscout set-uid root utility present in AIX 7.2 and earlier. The undocumented -rpm argument can be used to install an RPM file; and the undocumented -o argument passes arguments to the rpm utility without validation,...
Kabir Alhasan Student Management System 1.0 SQL Injection Vulnerability
Exploit Title: Student Management System 1.0 - SQLi Authentication Bypass Exploit Author: Enes Özeser Vendor Homepage: https://www.sourcecodester.com/php/14268/student-management-system.html Version: 1.0 Tested on: Windows & WampServer CVE: CVE-2020-23935 1- Go to following url...
Pandora FMS 7.0NG - (net_tools.php) Remote Code Execution Exploit
Exploit for php platform in category web applications Exploit Title: Pandora FMS 7.0NG - 'nettools.php' Remote Code Execution Build: PC170324 - MR 0 Exploit Author: Basim Alabdullah Vendor homepage: http://pandorafms.org/ Version: 7.0 Software link:...
glibc syslog() Heap-Based Buffer Overflow Exploit
Qualys discovered a heap-based buffer overflow in the GNU C Library's vsysloginternal function, which is called by both syslog and vsyslog. This vulnerability was introduced in glibc 2.37 in August 2022. CVE-2023-6246: Heap-based buffer overflow in the glibc's syslog...
Openfire Authentication Bypass / Remote Code Execution Exploit
Openfire is an XMPP server licensed under the Open Source Apache License. Openfire's administrative console, a web-based application, was found to be vulnerable to a path traversal attack via the setup environment. This permitted an unauthenticated user to use the unauthenticated Openfire Setup...
Monitorr 1.7.6m / 1.7.7d Remote Code Execution Exploit
This Metasploit module exploits an arbitrary file upload vulnerability and achieves remote code execution in the Monitorr application. Using a specially crafted request, custom PHP code can be uploaded and injected through endpoint upload.php because of missing input validation. Any user privileg...
Dovecot IMAP Server 2.2 Improper Access Control Vulnerability
Dovecot IMAP server version 2.2 suffers from a privilege escalation vulnerability. When two passdb configuration entries exist in the Dovecot configuration, which have the same driver and args settings, the incorrect usernamefilter and mechanism settings can be applied to passdb definitions. Thes...
Wondershare MirrorGo 2.0.11.346 - Insecure File Permissions Vulnerability
Exploit Title: Wondershare MirrorGo 2.0.11.346 - Insecure File Permissions Discovery by: Luis Martinez Vendor Homepage: https://www.wondershare.com/ Software Link : https://download.wondershare.com/mirrorgofull8050.exe Tested Version: 2.0.11.346 Vulnerability Type: Local Privilege Escalation Test...
Dolibarr ERP / CRM 13.0.2 Remote Code Execution Vulnerability
Authenticated remote code execution in Dolibarr ERP & CRM Overview Advisory version: 1.0 Advisory status: Public Affected product: Dolibarr ERP & CRM Tested versions: Dolibarr 13.0.2 Vendor: Dolibarr foundation, https://www.dolibarr.org Credits: Trovent Security GmbH, Nick Decker Detailed...
Roxy Fileman 1.4.5 For .NET Directory Traversal Vulnerability
Exploit for php platform in category web applications =========================== Exploit Title: Roxy Fileman 1.4.5 for .NET - Directory Traversal Software: Roxy Fileman Version: 1.4.5 Vendor Homepage: http://www.roxyfileman.com/ Software Link: http://www.roxyfileman.com/download.php?f=1.4.5-net...
Microsoft Windows - WSReset UAC Protection Bypass (Registry) Exploit
Fileless UAC bypass WSReset.exe @404death base on : https://www.activecyber.us/activelabs/windows-uac-bypass EDB Note: Download https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/47754.zip import sys, os from ctypes import import winreg CMD =...
ApPHP MicroBlog 1.0.2 - Stored Cross Site Scripting
Exploit for php platform in category web applications Exploit Title : ApPHP MicroBlog 1.0.2 - Stored Cross Site Scripting Author : Besim Google Dork : Date : 12/10/2016 Type : webapps Platform : PHP Vendor Homepage : - Software link : http://www.scriptdungeon.com/jump.php?ScriptID=9162 Descriptio...
Build Your Own Botnet 2.0.0 Remote Code Execution Exploit
Build Your Own Botnet BYOB version 2.0.0 exploit that works by spoofing an agent callback to overwrite the sqlite database and bypass authentication and exploiting an authenticated command injection in the payload builder page. Exploit Title: BYOB Build Your Own Botnet v2.0.0 Unauthenticated RCE...
Jcow Social Network Cross Site Scripting Vulnerability
Exploit Title: Jcow Social Networking 14.2 3 After Send invitations you will be see alert button...
Ruijie Switch PSG-5124 26293 - Remote Code Execution Exploit
Exploit Title: Ruijie Switch PSG-5124 26293 - Remote Code Execution RCE - Shodan Dork: http.htmlhash:-1402735717 - Fofa Dork: body="img/freeloginge.gif" && body="./img/loginbg.gif" - Exploit Author: ByteHunter - Email: email protected - Version: PSG-5124LINK SOFTWARE RELEASE:26293 - Tested on:...