39001 matches found
LISTSERV 17 Cross Site Scripting Vulnerability
Exploit Title: LISTSERV 17 - Reflected Cross Site Scripting XSS Exploit Author: Shaunt D Vendor Homepage: https://www.lsoft.com/ Version: 17 Tested on: Windows Server 2019 CVE : CVE-2022-39195 A reflected cross-site scripting XSS vulnerability in the LISTSERV 17 web interface allows remote...
ClanSphere 2010.3 Xss Vulnerability
Exploit for php platform in category web applications author: lemlajt software : Clansphere @ sourceforge.net version: 20103 tested on: linux cve : xss-01 PoC : POST http://localhost/www/cmsadmins/clansphere20103/clansphere20103/index.php?mod=messages&action=create $messagessubject= xss-02 Stored...
Arab Portal v2.x (forum.php qc) Remote SQL Injection Exploit
Exploit for unknown platform in category web applications ============================================================ Arab Portal v2.x forum.php qc Remote SQL Injection Exploit ============================================================ getqc &&!isset$apt-getqp $qc = $apt-getqc; $result =...
WordPress Sogrid 1.5.6 Local File Inclusion Vulnerability
CVE-2024-54374 Sogrid = 1.5.6 - Unauthenticated Local File Inclusion Description The Sogrid plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 1.5.6. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server...
Apache Olingo OData 4.0 - XML External Entity Injection Exploit
Exploit for java platform in category web applications Product: Apache Olingo OData 4.0 Vendor: Apache Foundation CSNC ID: CSNC-2009-025 CVE ID: CVE-2019-17554 Subject: XML External Entity Resolution XXE Risk: High Effect: Remotely exploitable Author: Archibald Haddock email protected Date:...
Microsoft Office Word Malicious Hta Execution Exploit
This Metasploit module creates a malicious RTF file that when opened in vulnerable versions of Microsoft Word will lead to code execution. The flaw exists in how an olelink object can make a https request, and execute hta code in response. This bug was originally seen being exploited in the wild...
Korenix JetNet Series Unauthenticated Access Exploit
------------------------------------------------------------------------------- title| Multiple Vulnerabilities product| Korenix JetNet Series vulnerable version| See "Vulnerable versions" fixed version| - CVE number| CVE-2023-5376, CVE-2023-5347 impact| High homepage| https://www.korenix.com/...
ESET Forwarder 16.0.26.0 Unquoted Service Path Vulnerability
Exploit Title: ESET Forwarder 16.0.26.0 - Unquoted Service Path Privilege Escalation Date: 2023-04-30 Author: Milad Karimi Ex3ptionaL Vendor Homepage: https://www.eset.com Software Link: https://www.eset.com/download/ version : 16.0.26.0 Latest Tested on: Windows 11 ESET installs as a service wit...
PHPGurukul Zoo Management System 1.0 SQL Injection Vulnerability
Zoo Management System SQL Injection Author: D4rkP0w4r Description = sql injection at /animals?classid=1 Injection Point http://192.168.1.101:8080/ZooManagementSystem/publichtml/animals?classid=1 Exploit Exploit with Sqlmap python3 sqlmap.py -u...
OpenVPN Monitor 1.1.3 Authorization Bypass / Denial Of Service Vulnerabilities
OpenVPN Monitor versions 1.1.3 and below suffer from an authorization bypass vulnerability that allows an attacker to disconnect arbitrary clients, even if the disconnect feature is disabled. Product: openvpn-monitor Vendor: https://github.com/furlongm/openvpn-monitor CSNC ID: CSNC-2021-009 CVE I...
Microsoft Exchange 2019 15.2.221.12 - Authenticated Remote Code Execution Exploit
Exploit Title: Microsoft Exchange 2019 15.2.221.12 - Authenticated Remote Code Execution Exploit Author: Photubias Vendor Advisory: 1 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0688 2...
Dell Security Management Server <1.9.0 - Local Privilege Escalation Exploit
Exploit Title: title Dell Security Management Server versions prior to 11.9.0 Exploit Author: author Amirhossein Bahramizadeh CVE : if applicable CVE-2023-32479 Dell Encryption, Dell Endpoint Security Suite Enterprise, and Dell Security Management Server versions prior to 11.9.0 contain privilege...
ChurchCRM 4.5.3 SQL Injection Vulnerability
Title: ChurchCRM-4.5.3-121fcc1-SQLi Author: nu11secur1ty Vendor: http://churchcrm.io/ Software: https://github.com/ChurchCRM/CRM Reference: https://portswigger.net/web-security/sql-injection Description: In the manual insertion point 1 - parameter EID appears to be vulnerable to SQL injection...
WordPress International SMS For Contact Form 7 Integration 1.2 CSRF Vulnerability
WordPress International SMS for Contact Form 7 Integration plugin version 1.2 suffers from a cross site request forgery vulnerability. Exploit Title: WordPress Plugin International Sms For Contact Form 7 Integration V1.2 - Cross-Site Request Forgery CSRF Author: Milad Karimi Software Link:...
FreeSWITCH 1.10.6 Missing SIP MESSAGE Authentication Exploit
FreeSWITCH does not authenticate SIP MESSAGE requests, leading to spam and message spoofing - Fixed versions: v1.10.7 - Enable Security Advisory: https://github.com/EnableSecurity/advisories/tree/master/ES2021-07-freeswitch-SIP-MESSAGE-without-auth - Vendor Security Advisory:...
Qmail SMTP Bash Environment Variable Injection (Shellshock) Exploit
This Metasploit module exploits a shellshock vulnerability on Qmail, a public domain MTA written in C that runs on Unix systems. Due to the lack of validation on the MAIL FROM field, it is possible to execute shell code on a system with a vulnerable BASH Shellshock. This flaw works on the latest...
Greenshot 1.3.274 Deserialization / Command Execution Exploit
There exists a .NET deserialization vulnerability in Greenshot versions 1.3.274 and below. The deserialization allows the execution of commands when a user opens a Greenshot file. The commands execute under the same permissions as the Greenshot service. Typically, it is the logged in user. This...
Qualcomm Adreno/KGSL Data Leakage Exploit
On Qualcomm Adreno/KGSL builds where CONFIGQCOMKGSLUSESHMEM is not set or on older KGSL versions without CONFIGQCOMKGSLUSESHMEM, KGSL allocates GPU-shared memory from its own page pool. Pages from this pool are inserted into VMAs that don't have any weird flags like VMPFNMAP set, which means...
Pega Platform 8.7.3 Remote Code Execution Vulnerability
Pega Platform versions 8.1.0 through 8.7.3 suffer from a remote code execution vulnerability. If an on-premise installation of the Pega Platform is configured with the port for the JMX interface exposed to the Internet and port filtering is not properly configured, then it may be possible to uplo...
NanoCMS v0.4 - Remote Code Execution (Authenticated) Exploit
Exploit Title: NanoCMS v0.4 - Remote Code Execution RCE Authenticated Exploit Auuthor: p1ckzi Vendor Homepage: https://github.com/kalyan02/NanoCMS Version: NanoCMS v0.4 Tested on: Linux Mint 20.3 CVE: N/A Description: this script uploads a php reverse shell to the target. NanoCMS does not sanitis...
BigBlueButton 2.3 / 2.4.7 Cross Site Scripting Vulnerability
CVE-2022-31064 - Stored Cross-Site Scripting in BigBlueButton. ========================= Exploit Title: Stored Cross-Site Scripting XSS in BigBlueButton Product: BigBlueButton Vendor: BigBlueButton Vulnerable Versions: 2.3, IV. References ------------------------- Security advisory...
Printix Client 1.3.1106.0 - Remote Code Execution Exploit
Exploit Title: Printix Client 1.3.1106.0 - Remote Code Execution RCE Exploit Author: Logan Latvala Vendor Homepage: https://printix.net Software Link: https://software.printix.net/client/win/1.3.1106.0/PrintixClientWindows.zip Version: = 1.3.1106.0 Tested on: Windows 7, Windows 8, Windows 10,...
Snes9K 0.09z - (Port Number) Buffer Overflow (SEH) Exploit
Exploit Title: Snes9K 0.09z - 'Port Number' Buffer Overflow SEH Exploit Author: MasterVlad Vendor Homepage: https://sourceforge.net/projects/snes9k/ Software Link: https://www.exploit-db.com/apps/ef5249b64ce34575c12970b334a08c17-snes9k009z.zip Version: 0.09z Vulnerability Type: Local Buffer...
Apache ActiveMQ 5.11.1 Directory Traversal / Shell Upload Exploit
This Metasploit module exploits a directory traversal vulnerability CVE-2015-1830 in Apache ActiveMQ versions 5.x before 5.11.2 for Windows. The module tries to upload a JSP payload to the /admin directory via the traversal path /fileserver/..\admin\ using an HTTP PUT request with the default...
Joomla Components com_extcalendar File Include Vulnerability
Exploit for php platform in category web applications ============================================================ Joomla Components comextcalendar File Include Vulnerability ============================================================...
OpenTSDB 2.4.1 Unauthenticated Command Injection Exploit
This Metasploit module exploits an unauthenticated command injection vulnerability in the key parameter in OpenTSDB through 2.4.1 in order to achieve unauthenticated remote code execution as the root user. The module first attempts to obtain the OpenTSDB version via the api. If the version is 2.4...
WordPress WP Data Access 5.3.7 Privilege Escalation Vulnerability
The Wordfence team responsibly disclosed an authenticated Privilege Escalation vulnerability in the WP Data Access plugin. On April 5, 2023 the Wordfence Threat Intelligence team initiated the responsible disclosure process for a vulnerability we discovered in WP Data Access, a WordPress plugin...
Online Learning System 2.0 - Remote Code Execution Exploit
Exploit Title: Online Learning System 2.0 - Remote Code Execution RCE Exploit Author: djebbaranon Vendor Homepage: https://github.com/oretnom23 Software Link: https://www.sourcecodester.com/sites/default/files/download/oretnom23/elearningv20.zip Version: 2.0 Tested on: Kali linux / Windows 10 CVE...
Linux/x86-64 - Continuously-Probing Reverse Shell via Socket + Port-range + Password Shellcode (172
include include // Exploit Title: Continuously-Probing Reverse Shell via Socket + port-range + password 172 bytes // Date: 07/10/2016 // Exploit Author: CripSlick // Tested on: Kali 2.0 // Version: No program being used or exploited; I only relied on syscalls...
Nagios XI 5.7.5 Remote Code Execution Exploit
This Metasploit module exploits CVE-2021-25296, CVE-2021-25297, and CVE-2021-25298, which are OS command injection vulnerabilities in the windowswmi, switch, and cloud-vm configuration wizards that allow an authenticated user to perform remote code execution on Nagios XI versions 5.5.6 to 5.7.5 a...
Movie Seat Reservation System 1.0 File Disclosure / SQL Injection Vulnerabilities
Movie Seat Reservation System Sql Injection Author: D4rkP0w4r Note = exploit don't need login account Exploit Use Burp Suite capture request with payload GET...
WordPress Theme Enfold 4.8.3 - Reflected Cross-Site Scripting Vulnerability
Exploit Title: WordPress Theme Enfold 4.8.3 - Reflected Cross-Site Scripting XSS Google Dork: "inurl:avia-element-paging" Exploit Author: Francisco Díaz-Pache Alonso, Sergio Corral Cristo and David Álvarez Robles Vendor Homepage: https://kriesi.at/ Version: Enfold This URL must include pages show...
TP-Link Cloud Cameras NCXXX Bonjour Command Injection Exploit
TP-Link cloud cameras NCXXX series NC200, NC210, NC220, NC230, NC250, NC260, NC450 are vulnerable to an authenticated command injection vulnerability. In all devices except NC210, despite a check on the name length in swSystemSetProductAliasCheck, no other checks are in place in order to prevent...
Jenkins 2.150.2 - Remote Command Execution Exploit
Exploit for linux platform in category web applications This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule 'Jenkins %q This module can run commands on the system using Jenkins...
Invoice Ninja 5.10.10 Insecure Deserialization / Remote Code Execution Exploit
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Invoice Ninja unauthenticated PHP Deserialization Vulnerability', 'Description' = %q Invoice Ninja is a free invoicing software for small...
Loytec LINX Automation Servers Information Disclosure / Cleartext Secrets Vulnerability
Loytec LINX-151 with firmware version 7.2.4 and LINX-212 with firmware version 6.2.4 suffer from file disclosure vulnerabilities that leak secrets as well as issues with stories secrets in the clear. + CVE : CVE-2023-46386, CVE-2023-46387, CVE-2023-46388, CVE-2023-46389 + Title : Multiple...
PyTorch Model Server Registration / Deserialization Remote Code Execution Exploit
The PyTorch model server contains multiple vulnerabilities that can be chained together to permit an unauthenticated remote attacker arbitrary Java code execution. The first vulnerability is that the management interface is bound to all IP addresses and not just the loop back interface as the...
Shopware createInstanceFromNamedArguments PHP Object Instantiation Exploit
This Metasploit module exploits a php object instantiation vulnerability that can lead to remote code execution in Shopware. An authenticated backend user could exploit the vulnerability. The vulnerability exists in the createInstanceFromNamedArguments function, where the code insufficiently...
Flussonic Media Server 4.1.25 - 4.3.3 - Aribtrary File Disclosure Vulnerability
Exploit for aix platform in category dos / poc Document Title: ============ Flussonic Media Server 4.3.3 Multiple Vulnerabilities Release Date: =========== June 29, 2014 Product & Service Introduction: ======================== Flussonic is a mutli-protocol streaming server with support for many...
Debezium UI 2.5 Credential Disclosure Vulnerability
Exploit Title: Debezium UI - Credential Leakage Exploit Author: Ihsan Cetin, Hamza Kaya Toprak Vendor Homepage: https://debezium.io/ Software Link: N/A Version: 2.5 REQUIRED Tested on: N/A CVE : CVE-2024-28736 Proof of concept: Details Debezium-ui version 2.5 is vulnerable to a password exposure...
Hospital Management System 4.0 XSS / Shell Upload / SQL Injection Vulnerabilities
Hospital Management System versions 4.0 and below suffer from cross site scripting, remote shell upload, and remote SQL injection vulnerabilities. Description: Mutiple vulnerabilties were discovered in Hospital Management System Affected CMS: Hospital Management System Affected Version: unread...
WordPress KiviCare 3.2.0 Cross Site Scripting Vulnerability
Exploit Title: WP Plugins KiviCare 3.2.0 - Reflected Cross-Site Scripting Exploit Author: Arvandy Software Link: https://wordpress.org/plugins/kivicare-clinic-management-system/ Vendor Homepage: https://kivicare.io/ Version: 3.2.0 Tested on: Windows, Linux CVE: CVE-2023-2624 Product Description...
SCM Manager 1.60 - Cross-Site Scripting Stored (Authenticated) Exploit
!/usr/bin/python3 Exploit Title: SCM Manager 1.60 - Cross-Site Scripting Stored Authenticated Google Dork: intitle:"SCM Manager" intext:1.60 Date: 05-25-2023 Exploit Author: neg0x https://github.com/n3gox/CVE-2023-33829 Vendor Homepage: https://scm-manager.org/ Software Link:...
Grafana 7.0.1 - Denial of Service Exploit
Exploit Title: Grafana 7.0.1 - Denial of Service PoC Exploit Author: mostwanted002 Vendor Homepage: https://grafana.com/ Software Link: https://grafana.com/grafana/download Version: 3.0.1 - 7.0.1 Tested on: Linux CVE : CVE-2020-13379 !/bin/bash if $1 != "" ; then curl -I...
SiteVision 4.x / 5.x Insufficient Module Access Control Vulnerability #ByPass
SiteVision suffers from an issue where attacker may inject non-authorized module when editing pages using a lower privileged account, which can lead to cross site scripting and remote code execution. All versions of SiteVision 4 until 4.5.6 and all versions of SiteVision 5 until 5.1.1 are...
NEXT-EMP 1.0 Shell Upload Vulnerability
Titles: NEXT-EMP v1.0-Copyright © 2024. All rights reserved. File Upload-FU and Remote Code Execution-RCE Vulnerabilities Author: nu11secur1ty Date: 01/29/2025 Vendor: https://www.mayurik.com/ Software:...
LaborOfficeFree 19.10 - MySQL Root Password Calculator Exploit
Exploit Title: LaborOfficeFree 19.10 MySQL Root Password Calculator - CVE-2024-1346 Exploit Author: Peter Gabaldon - https://pgj11.com/ Vendor Homepage: https://www.laborofficefree.com/ Software Link: https://www.laborofficefree.com/plans Version: 19.10 Tested on: Windows 10 CVE : CVE-2024-1346...
SPIP 4.2.3 SQL Injection Vulnerability
Title: spip-v4.2.3 SQLi-cookie session vulnerability - Server Side Sensitive information Disclosure! Author: nu11secur1ty Vendor: https://www.spip.net/enrubrique25.html Software: https://files.spip.net/spip/archives/spip-v4.2.3.zip Reference:...
Covid 19 Travel Pass Management System v1.0 SQL injection Vulnerability
Title: Covid 19 Travel Pass Management System v1.0 SQLi Author: nu11secur1ty Date: 05.01.2022 Vendor: https://www.sourcecodester.com/users/tips23 Software: https://www.sourcecodester.com/php/15308/covid-19-travel-pass-management-system-phpoop-free-source-code.html Reference:...
OpenEMR 6.0.0 / 6.1.0-dev SQL Injection Vulnerability
OpenEMR versions 6.0.0 and 6.1.0-dev suffer from an authenticated remote SQL injection vulnerability in the calendar search functionality. Authenticated SQL injection in OpenEMR calendar search Overview Advisory version: 1.0 Advisory status: Public Advisory URL:...