39001 matches found
Red Planet Laundry Management System 1.0 SQL injection Vulnerability
Title: Red Planet Laundry Management System 1.0 SQLi Author: nu11secur1ty Vendor: https://laundry.redplanetcomputers.com/ Software: https://laundry.redplanetcomputers.com/ Reference: https://github.com/nu11secur1ty/CVE-mitre/tree/main/2022/CVE-2022-28452 Description: The username parameter appear...
openSIS Student Information System 8.0 - (multiple) SQL Injection Vulnerability
Exploit Title: openSIS Student Information System 8.0 - 'multiple' SQL Injection Date: 26/12/2021 Exploit Author: securityforeveryone.com Author Mail: helloATsecurityforeveryone.com Vendor Homepage: https://opensis.com Software Link: https://opensis.com Version: 8.0 Community Edition Tested on:...
OpenEMR 6.0.0 / 6.1.0-dev SQL Injection Vulnerability
OpenEMR versions 6.0.0 and 6.1.0-dev suffer from an authenticated remote SQL injection vulnerability in the calendar search functionality. Authenticated SQL injection in OpenEMR calendar search Overview Advisory version: 1.0 Advisory status: Public Advisory URL:...
Customer Support System 1.0 SQL Injection Vulnerability
Customer Support System version 1.0 suffers from a remote SQL injection vulnerability in /customersupport/ajax.php. Original discovery of SQL injection in this version is attributed to Ahmed Abbas in November of 2020. Exploit Title: Customer Support System 1.0 - Multiple SQL injection...
osCommerce 4 SQL Injection Vulnerability
Exploit Title: osCommerce 4 - SQL Injection Exploit Author: CraCkEr Date: 22/11/2023 Vendor: osCommerce ltd. Vendor Homepage: https://www.oscommerce.com/ Software Link: https://demo.oscommerce.com/ Demo Link: https://demo.oscommerce.com/b2b-supermarket/ Tested on: Windows 11 Home Impact: Database...
MilleGPG5 5.9.2 Local Privilege Escalation Vulnerability
Exploit Title: MilleGPG5 5.9.2 Gennaio 2023 - Local Privilege Escalation / Incorrect Access Control Exploit Author: Andrea Intilangelo Vendor Homepage: https://millegpg.it/ Software Homepage: https://millegpg.it - https://millewin.it/prodotti/governo-clinico-3/ Software Link:...
Eclipse Business Intelligence Reporting Tool 4.11.0 Remote Code Execution Vulnerability
======================================================================= title: Remote code execution - CVE-2021-34427 bypass product: Eclipse Business Intelligence Reporting Tool BiRT vulnerable version: = 4.11.0 fixed version: 4.12 CVE number: CVE-2021-34427 impact: High homepage:...
Microsoft Windows Unsafe Handling Practices Vulnerability
This post outlines multiple unsafe practices in Microsoft Windows that can allow for local privilege escalation. This multi-part post can be read even without a MIME-compliant program! Back in 2014, I reported a vulnerability in CreateProcess's handling of .cmd and .bat files that Microsoft fixed...
DOUBLEPULSAR - Payload Execution and Neutralization Exploit
This Metasploit module executes a Metasploit payload against the Equation Group's DOUBLEPULSAR implant for SMB as popularly deployed by ETERNALBLUE. While this module primarily performs code execution against the implant, the "Neutralize implant" target allows you to disable the implant. This...
WordPress Royal Elementor Addons Remote Code Execution Exploit
Exploit for the unauthenticated file upload vulnerability in WordPress Royal Elementor Addons and Templates plugin 'WordPress Royal Elementor Addons RCE', 'Description' = %q Exploit for the unauthenticated file upload vulnerability in WordPress Royal Elementor Addons and Templates plugin...
Microsoft Error Reporting Local Privilege Elevation Exploit
This Metasploit module takes advantage of a bug in the way Windows error reporting opens the report parser. If you open a report, Windows uses a relative path to locate the rendering program. By creating a specific alternate directory structure, we can coerce Windows into opening an arbitrary...
Super Store Finder 3.7 Remote Command Execution Vulnerability
Vulnerability : Authenticated Arbitrary PHP Code Injection lead to Remote Code Execution Researcher : Etharus Vendor : Joe Iz, https://www.superstorefinder.net/ Demo Url : https://superstorefinder.net/products/superstorefinder/ Version Affected : 3.7 and below Date : 18 September 2023 FOFA Dork :...
Vanguard 2.1 - (Search) Cross-Site Scripting Vulnerability
Exploit Title: Vanguard 2.1 - 'Search' Cross-Site Scripting XSS Vendor Homepage: https://codecanyon.net/item/vanguard-marketplace-digital-products-php/20287975 Version: 2.1 Product & Service Introduction: ===============================...
LibreHealth 2.0.0 - Authenticated Remote Code Execution Exploit
Exploit for php platform in category web applications Exploit Title: LibreHealth 2.0.0 - Authenticated Remote Code Execution Exploit Author: Bobby Cooke Vendor Homepage: https://librehealth.io/ Software Link: https://github.com/LibreHealthIO/lh-ehr Version: 2.0.0 Tested On: Windows 10 Pro 1909...
Hawtio 2.5.0 Server Side Request Forgery Vulnerability
Exploit for java platform in category web applications Hawtio Server-Side Request Forgery Introduction ============ Hawtio https://hawt.io/ is a modular web console for managing Java. CipherTechs discovered that Hawtio up to and including version 2.5.0 is vulnerable to unauthenticated Server-Side...
OpenCart Core 4.0.2.3 - (search) SQL injection Vulnerability
Exploit Title: OpenCart Core 4.0.2.3 - 'search' SQLi Exploit Author: Saud Alenazi Vendor Homepage: https://www.opencart.com/ Software Link: https://github.com/opencart/opencart/releases Version: 4.0.2.3 Tested on: XAMPP, Linux Contact: https://twitter.com/dmaral3noz Description : Opencart allows...
Atlassian Confluence Improper Authorization / Code Execution Exploit
This improper authorization vulnerability allows an unauthenticated attacker to reset Confluence and create a Confluence instance administrator account. Using this account, an attacker can then perform all administrative actions that are available to the Confluence instance administrator. This...
Veritas Backup Exec Agent Remote Code Execution Exploit
Veritas Backup Exec Agent supports multiple authentication schemes and SHA authentication is one of them. This authentication scheme is no longer used within Backup Exec versions, but had not yet been disabled. An attacker could remotely exploit the SHA authentication scheme to gain unauthorized...
Modbus Slave 7.3.1 - Buffer Overflow Exploit
Exploit Title: Modbus Slave 7.3.1 - Buffer Overflow DoS Discovered by: Yehia Elghaly Vendor Homepage: https://www.modbustools.com/ Software Link : https://www.modbustools.com/download/ModbusSlaveSetup32Bit.exe Tested Version: 7.3.1 Connect 5. - Paste the characters of txt file Registration Key 6....
Bludit 3.13.1 - (username) Cross Site Scripting Vulnerability
Exploit Title: Bludit 3.13.1 - 'username' Cross Site Scripting XSS Exploit Author: Vasu tamilanmkv Vendor Homepage: https://www.bludit.com Software Link: https://www.bludit.com/releases/bludit-3-13-1.zip Version: bludit-3-13-1 Tested on: kali linux CVE : CVE-2021-35323 Steps to reproduce 1. Open...
Cypress Solutions CTM-200 2.7.1 Root Remote OS Command Injection Exploit
Cypress Solutions CTM-200 wireless gateway version 2.7.1 suffers from an authenticated semi-blind OS command injection vulnerability. This can be exploited to inject and execute arbitrary shell commands as the root user through the 'ctm-config-upgrade.sh' script leveraging the 'fwurl' POST...
Karaoke Video Creator V2.5.6.3 Denial of Service Exploit
Exploit Title: Karaoke Video Creator V2.5.6.3 Denial of Service Exploit Date: 20.04.2022 Vendor Homepage:https://www.powerkaraoke.com Software Link: https://www.powerkaraoke.com/download/karaoke-video-creator-setup.exe?v=2.5.6.3 Exploit Author: Achilles Tested Version: V2.5.6.3 Tested on: Windows...
E-Commerce Website 1.1.0 Shell Upload Exploit
Full-Ecommece-Website-Slides-Unrestricted-File-Upload-RCE-POC Author: D4rkP0w4r Description = Upload web shell at Slides in admin panel Step to Reproduct Login to admin - Slides - upload web shell - Submit Exploit Upload web shell at Slides When upload success access...
Kingdia CD Extractor 3.0.2 - Buffer Overflow (SEH) Exploit
Exploit Title: Kingdia CD Extractor 3.0.2 - Buffer Overflow SEH Software Link: https://en.softonic.com/download/kingdia-cd-extractor/windows/post-download Exploit Author: Achilles Tested Version: 3.0.2 Tested on: Windows 7 64bit 1.- Run python code : Kingdia.py 2.- Open EVIL.txt and copy All...
Cisco RV320 / RV325 Unauthenticated Remote Code Execution Exploit
This Metasploit module combines an information disclosure CVE-2019-1653 and a command injection vulnerability CVE-2019-1652 together to gain unauthenticated remote code execution on Cisco RV320 and RV325 small business routers. Can be exploited via the WAN interface of the router. Either via HTTP...
Cisco Catalyst 2960 IOS 12.2(55)SE11 - ROCEM Remote Code Execution Exploit
Exploit for hardware platform in category remote exploits !/usr/bin/python Exploit Title: Cisco Catalyst 2960 - Buffer Overflow Exploit Details: https://artkond.com/2017/04/10/cisco-catalyst-remote-code-execution/ Date: 04.10.2017 Exploit Author: https://twitter.com/artkond Vendor Homepage:...
vm2 - Sandbox Escape Exploit
/ Exploit Title: vm2 Sandbox Escape vulnerability Exploit Author: Calil Khalil & Adriel Mc Roberts Vendor Homepage: https://github.com/patriksimek/vm2 Software Link: https://github.com/patriksimek/vm2 Version: vm2 = 3.9.19 Tested on: Ubuntu 22.04 CVE : CVE-2023-37466 / const VM = require"vm2";...
XenForo 2.2.13 ArchiveImport.php Zip Slip Vulnerability
------------------------------------------------------------ XenForo zip; 201. $DS = \XF::$DS; 202. 203. if $this-extracted 204. 205. return; 206. 207. 208. for $i = 0; $i numFiles; $i++ 209. 210. $zipFileName = $zip-getNameIndex$i; 211. $fsFileName = $this-getFsFileNameFromZipName$zipFileName;...
WordPress File Manager Advanced Shortcode 2.3.2 Remote Code Execution Exploit
WordPress File Manager Advanced Shortcode plugin does not adequately prevent uploading files with disallowed MIME types when using the shortcode. This leads to remote code execution in cases where the allowed MIME type list does not include PHP files. In the worst case, this is available to...
WordPress BackupBuddy 8.7.4.1 Arbitrary File Read Vulnerability
WordPress BackupBuddy plugin versions 8.5.8.0 through 8.7.4.1 suffer from an arbitrary file read and download vulnerability. Description: Arbitrary File Download/Read Affected Plugin: BackupBuddy Plugin Slug: backupbuddy Plugin Developer: iThemes Affected Versions: 8.5.8.0 – 8.7.4.1 CVE ID:...
Wavlink WN533A8 - Cross-Site Scripting Vulnerability
Exploit Title: Wavlink WN533A8 - Cross-Site Scripting XSS Exploit Author: Ahmed Alroky Author Company : AIactive Version: M33A8.V5030.190716 Vendor home page : wavlink.com Authentication Required: No CVE : CVE-2022-34048 Tested on: Windows Poc code history.pushState'', '', '/'...
pppd 2.4.8 Buffer Overflow Exploit
Exploit Title: Point to Point Protocol Daemon versions 2.4.2 through 2.4.8 are vulnerable to buffer overflow - remote Author: nu11secur1ty Date: 2020-03-18 Vendor: Point to Point Protocol Daemon Link: https://github.com/nu11secur1ty/Windows10Exploits/tree/master/Undefined/CVE-2020-8597 CVE:...
Simple Task List 1.0 - (status) SQL injection Vulnerability
Exploit Title: Simple Task List 1.0 - 'status' SQLi Exploit Author: Ersin Erenler Vendor Homepage: https://code-projects.org/simple-task-list-in-php-with-source-code Software Link: https://download-media.code-projects.org/2020/12/SimpleTaskListInPHPWithSourceCode.zip Version: 1.0 Tested on:...
Windows 11 10.0.22000 - Backup service Privilege Escalation Vulnerability
Title: Windows 11 10.0.22000 - Backup service Privilege Escalation Author: nu11secur1ty Vendor: https://www.microsoft.com/ Software: https://www.microsoft.com/en-us/software-download/windows11 Reference: https://github.com/nu11secur1ty/CVE-mitre/tree/main/2023/CVE-2023-21752 Description: Windows ...
ASKEY RTF3505VW-N1 Privilege Escalation Vulnerability
Exploit Title: ASKEY RTF3505VW-N1 - Privilege escalation Exploit Author: Leonardo Nicolas Servalli Vendor Homepage: www.askey.com Platform: ASKEY router devices RTF3505VW-N1 Tested on: Firmware BRSVg000R3505VMN1001s327 Vulnerability analysis:...
WordPress WPGateway 3.5 Privilege Escalation Vulnerability
Description: Unauthenticated Privilege Escalation Affected Plugin: WPGateway Plugin Slug: wpgateway Plugin Developer: Jack Hopman/WPGateway Affected Versions: = 3.5 CVE ID: CVE-2022-3180 CVSS Score: 9.8 Critical CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Fully Patched Version: N/A...
Laravel Media Library Pro 2.1.6 Shell Upload Vulnerability
Exploit Title: Laravel Media Library Pro Vendor Homepage: https://spatie.be/ Software Link: https://spatie.be/products/media-library-pro Version: =1.17.10 & =2.1.6 Tested on: Laradock PHP 8.0 inside Ubuntu 20.04 CVE : CVE-2021-45040 Description: The Spatie media-library-pro library through 1.17.1...
Zyxel ZyWALL 2 Plus Internet Security Appliance - Cross-Site Scripting Vulnerability
Exploit Title: Zyxel ZyWALL 2 Plus Internet Security Appliance - Cross-Site Scripting XSS Exploit Author: Momen Eldawakhly CyberGuy Vendor Homepage: https://www.zyxel.com Version: ZyWALL 2 Plus Tested on: Ubuntu Linux Firefox CVE : CVE-2021-46387 GET...
Atlassian Confluence Data Center and Server - Authentication Bypass Exploit
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Atlassian Confluence Data Center and Server Authentication Bypass via Broken Access Control', 'Description' = %q This module exploits a broken...
WordPress WP ERP 1.12.2 SQL Injection Vulnerability
Exploit Title: WP Plugins WP ERP = 1.12.2 - SQL Injection Exploit Author: Arvandy Software Link: https://wordpress.org/plugins/erp/ Vendor Homepage: https://wperp.com/ Version: 1.12.2 Tested on: Windows, Linux CVE: CVE-2023-2744 Product Description WP ERP is the first full-fledged ERP Enterprise...
HCL Lotus Notes V12 - Unquoted Service Path Vulnerability
Exploit Title: HCL Lotus Notes V12- Unquoted Service Path Exploit Author: Mert DAŞ Version: V12 Vendor Homepage: https://www.hcltechsw.com/domino/download Tested on: Windows 10 ProcessId : 3860 Name : LNSUSvc DisplayName : HCL Notes Smart Upgrade Hizmeti PathName : c:\HCL\Notes\SUService.exe...
Cacti 1.2.12 SQL Injection / Remote Command Execution Exploit
This Metasploit module exploits a SQL injection vulnerability in Cacti versions 1.2.12 and below. An admin can exploit the filter variable within color.php to pull arbitrary values as well as conduct stacked queries. With stacked queries, the pathphpbinary value is changed within the settings tab...
vBulletin 5.x Remote Code Execution Exploit
This Metasploit module exploits a logic bug within the template rendering code in vBulletin 5.x. The module uses the vBulletin template rendering functionality to render the widgettabbedcontainertabpanel template while also providing the widgetphp argument. This causes the former template to load...
WWWBoard 2.0 (passwd.txt) Remote Password Disclosure Vulnerability
Exploit for cgi platform in category web applications ================================================================== WWWBoard 2.0 passwd.txt Remote Password Disclosure Vulnerability ================================================================== Affected Software: WWWBoard 2.0 Alpha...
phpBB 3 (memberlist.php) Remote SQL Injection Exploit
Exploit for unknown platform in category web applications ===================================================== phpBB 3 memberlist.php Remote SQL Injection Exploit ===================================================== !/usr/bin/php -q -d shortopentag=on ? echo "PhpBB 3 memberlist.php/'ip' argumen...
WordPress GutenKit 2.1.0 Arbitrary File Upload Vulnerability
CVE-2024-9234 GutenKit = 2.1.0 - Unauthenticated Arbitrary File Upload Description The GutenKit – Page Builder Blocks, Patterns, and Templates for Gutenberg Block Editor plugin for WordPress is vulnerable to arbitrary file uploads due to a missing capability check on the...
Magnolia CMS 6.2.19 Cross Site Scripting Vulnerability
Exploit Title: Magnolia CMS = 6.2.19 - Stored Cross-Site Scripting XSS Exploit Author: Giulio Garzia 'Ozozuz' Vendor Homepage: https://www.magnolia-cms.com/ Software Link:...
WordPress Perfect Survey Plugin - 1.5.1 - SQL injection (Unauthenticated) Exploit
Exploit Title: WordPress Plugin Perfect Survey - 1.5.1 - SQLi Unauthenticated Exploit Author: Ron Jost Hacker5preme Vendor Homepage: https://www.getperfectsurvey.com/ Software Link: https://web.archive.org/web/20210817031040/https://downloads.wordpress.org/plugin/perfect-survey.1.5.1.zip Version:...
Chikitsa Patient Management System 2.0.2 - (plugin) Remote Code Execution Exploit
Exploit Title: Chikitsa Patient Management System 2.0.2 - Remote Code Execution RCE Authenticated Exploit Author: 0z09e https://twitter.com/0z09e Vendor Homepage: https://sourceforge.net/u/dharashah/profile/ Software Link:...
D-Link DSL-3782 Pre-Authentication Remote Root Exploit
!/usr/bin/python2 preauth rece for dlink dsl-3782 pwned: 18.112021 @ 19:26 import sys import urllib2 requests import urllib import struct target = 'http://192.168.0.50/index.php' cgi-bin/ChgLang.asp' nopsled = "" NOP sled XOR $t0, $t0, $t0; as NOP is only null bytes for i in range74: nopsled +=...