39001 matches found
Company's Recruitment Management System 1.0 - (description) Stored XSS Vulnerability
Exploit Title: Company's Recruitment Management System 1.0 - 'description' Stored Cross-Site Scripting XSS Exploit Author: Aniket Anil Deshmane Vendor Homepage: https://www.sourcecodester.com/php/14959/companys-recruitment-management-system-php-and-sqlite-free-source-code.html Software Link:...
Ivanti Avalanche FileStoreConfig Shell Upload Exploit
Ivanti Avalanche versions prior to 6.4.0.186 permits MS-DOS style short names in the configuration path for the Central FileStore. Because of this, an administrator can change the default path to the web root of the applications, upload a JSP file, and achieve remote command execution as NT...
Telegram Android 8.4.4 Denial Of Service Vulnerability
Telegram Android version 8.4.4 suffers from a denial of service vulnerability. Telegram Android v8.4.4 - Denial of Service PoC Product & Service Introduction: =============================== Telegram is a freeware, cross-platform, cloud-based instant messaging IM service. The service also provide...
Fuel CMS 1.4.13 - (col) Blind SQL Injection Vulnerability
Exploit Title: Fuel CMS 1.4.13 - 'col' Blind SQL Injection Authenticated Exploit Author: Rahad Chowdhury Vendor Homepage: https://www.getfuelcms.com/ Software Link: https://github.com/daylightstudio/FUEL-CMS/archive/1.4.13.zip Version: 1.4.13 Tested on: Kali Linux, PHP 7.4.16, Apache 2.4.46 Steps...
OpenVPN Monitor 1.1.3 Command Injection Vulnerability
OpenVPN Monitor versions 1.1.3 and below suffer from an injection vulnerability that allows an attacker to inject arbitrary commands into the OpenVPN server management interface socket. Product: openvpn-monitor Vendor: https://github.com/furlongm/openvpn-monitor CSNC ID: CSNC-2021-010 CVE ID:...
vBulletin <= 3.0.4 "forumdisplay.php" Code Execution
Exploit for unknown platform in category web applications ==================================================== vBulletin fetcharray$forumusers == True , when you visit the forums, it must has at least one user show the forum. 4th condition : magicquotesgpc must be OFF SPECIAL condition : you must...
SugarCRM 12.2.0 Bean Manipulation Vulnerability
------------------------------------------------------------------------ SugarCRM = 12.2.0 updateGeocodeStatus Bean Manipulation Vulnerability ------------------------------------------------------------------------ - Software Link: https://www.sugarcrm.com - Affected Versions: Version 12.2.0 and...
EQS Integrity Line Cross Site Scripting / Information Disclosure Vulnerabilities
EQS Integrity Line: Multiple Vulnerabilities Name Multiple Vulnerabilities in EQS Integrity Line Systems Affected EQS Integrity Line through 2022-07-01 Severity High Impact CVSSv2 High 8.8/10, score: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Vendor EQS Group AG https://www.eqs.com/ Advisory...
orangescrum 1.8.0 - Privilege escalation (Authenticated) Vulnerability
Exploit Title: orangescrum 1.8.0 - Privilege escalation Authenticated Exploit Author: Hubert Wojciechowski Contact Author: email protected Company: https://redteam.pl Vendor Homepage: https://www.orangescrum.org/ Software Link: https://www.orangescrum.org/ Version: 1.8.0 Tested on: Windows 10 usi...
Pure-FTPd External Authentication Bash Environment Variable Code Injection Exploit
This Metasploit module exploits the code injection flaw known as shellshock which leverages specially crafted environment variables in Bash. This exploit specifically targets Pure-FTPd when configured to use an external program for authentication. This module requires Metasploit:...
Elementor Website Builder < 3.12.2 SQL injection Exploit
Elementor Website Builder versions prior to 3.12.2 suffer from a remote SQL injection vulnerability. EXPLOIT Elementor Website Builder Replace URL page. On the Replace URL page, enter any random string as the "New URL" and the following malicious payload as the "Old URL": code :...
Linux/x64 - create a shell with execve() sending argument using XOR (/bin//sh) Shellcode (55 bytes)
Exploit Title: Linux-x64 - create a shell with execve sending argument using XOR /bin//sh 55 bytes Shellcode Author: Alexys 0x177git Tested on: Linux x8664 Shellcode Description: creating a new process using execve syscall sending bin//sh as argument | encrypted using XOR operation was QWORD size...
WPForms 1.7.8 - Cross-Site Scripting Vulnerability
Exploit Title: WPForms 1.7.8 - Cross-Site Scripting XSS Date: 2022-12-05 Author: Milad karimi Software Link: https://wordpress.org/plugins/wpforms-lite Version: 1.7.8 Tested on: Windows 10 CVE: N/A 1. Description: This plugin creates a WPForms from any post types. The slider import search feature...
Arris DG3450 AR01.02.056.18_041520_711.NCS.10 XSS / Missing Authentication Vulnerabilities
Arris DG3450 cable gateway version AR01.02.056.18041520711.NCS.10 suffers from cross site scripting and missing authentication vulnerabilities. ======================================================================= title: Multiple Vulnerabilities product: Arris DG3450 Cable Gateway vulnerable...
Zenitel AlphaCom XE Audio Server 11.2.3.10 Shell Upload Vulnerability
Zenitel AlphaCom XE Audio Server versions up to 11.2.3.10 have a web interface called AlphaWeb XE that allows for a remote shell upload. I. VULNERABILITY ------------------------- AlphaWeb XE - Authenticated Insecure File Upload leading to RCE II. CVE REFERENCE -------------------------...
SweetRice 1.5.1 - Backup Disclosure Vulnerability
Exploit for php platform in category web applications Title: SweetRice 1.5.1 - Backup Disclosure Application: SweetRice Versions Affected: 1.5.1 Vendor URL: http://www.basic-cms.org/ Software URL: http://www.basic-cms.org/attachment/sweetrice-1.5.1.zip Discovered by: Ashiyane Digital Security Tea...
WordPress Elementor Pro Animation Addon 1.6 Missing Authorization Exploit
import argparse import requests from bs4 import BeautifulSoup import re Exploit By Nxploit Khaled ALenazi def loginsession, url, username, password, useragent: loginurl = url + '/wp-login.php' response = session.postloginurl, verify=False, data= 'log': username, 'pwd': password, 'rememberme':...
Stock Management System v1.0 - Unauthenticated SQL Injection Exploit
Exploit Title: Stock Management System v1.0 - Unauthenticated SQL Injection Exploit Author: Josué Mier aka blu3ming Security Researcher & Penetration Tester @wizlynx group Vendor Homepage: https://www.sourcecodester.com/php/15023/stock-management-system-phpoop-source-code.html Software Link:...
Quick CMS v6.7 en 2023 - (password) SQL injection Vulnerability
Title: Quick CMS v6.7 en 2023 - 'password' SQLi Author: nu11secur1ty Vendor: https://opensolution.org/ Software: https://opensolution.org/download/home.html?sFile=Quick.Cmsv6.7-en.zip Reference: https://portswigger.net/web-security/sql-injection Description: The password parameter is vulnerable f...
Atlassian Confluence < 8.5.3 - Remote Code Execution Exploit
Exploit Title: CVE-2023-22527: Atlassian Confluence RCE Vulnerability Exploit Author: MaanVader Vendor Homepage: https://www.atlassian.com/software/confluence Software Link: https://www.atlassian.com/software/confluence Version: 8.0.x, 8.1.x, 8.2.x, 8.3.x, 8.4.x, 8.5.0-8.5.3 Tested on: 8.5.3 CVE ...
SIEMENS-SINEMA Remote Connect 3.0.1.0-01.01.00.02 Cross Site Scripting Vulnerability
SIEMENS-SINEMA Remote Connect versions 3.0.1.0-01.01.00.02 and below suffer from a cross site scripting vulnerability. ======================================================================= title: Reflected Cross Site Scripting product: SIEMENS-SINEMA Remote Connect vulnerable version:...
Vicidial 2.14-783a SQL Injection Vulnerability
=============== Vicidial v2.14-783a - DB SQL Injection Web Vulnerability Vulnerability Class: ==================== SQL Injection Current Estimated Price: ======================== 1.000€ - 2.000€ Product & Service Introduction: =============================== Vicidial is a software suite that is...
Easynews <= 4.4.1 (admin.php) Authentication Bypass Vulnerability
Exploit for unknown platform in category web applications ================================================================= Easynews = 4.4.1 admin.php Authentication Bypass Vulnerability =================================================================...
MISP 2.4.171 - Stored XSS Vulnerability
Exploit Title: MISP 2.4.171 Stored XSS CVE-2023-37307 Authenticated Exploit Author: Mücahit Çeri Vendor Homepage: https://www.circl.lu/ Software Link: https://github.com/MISP/MISP Version: 2.4.171 Tested on: Ubuntu 20.04 CVE : CVE-2023-37307 Exploit: Logged in as low privileged account 1Click on...
SugarCRM 13.0.1 Shell Upload Exploit
SugarCRM versions 13.0.1 and below suffer from a remote shell upload vulnerability in the setnoteattachment SOAP call. ------------------------------------------------------------------------------- SugarCRM = 13.0.1 setnoteattachment Unrestricted File Upload Vulnerability...
RaspAP 2.8.7 Unauthenticated Command Injection Exploit
RaspAP is feature-rich wireless router software that just works on many popular Debian-based devices, including the Raspberry Pi. A Command Injection vulnerability in RaspAP versions 2.8.0 thru 2.8.7 allows unauthenticated attackers to execute arbitrary commands in the context of the user running...
Fortinet FortiNAC keyUpload.jsp Arbitrary File Write Exploit
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Fortinet FortiNAC keyUpload.jsp arbitrary file write', 'Description' = %q This module uploads a payload to the /tmp directory in addition to a cr...
Oracle DBMS_REDACT Dynamic Data Masking Bypass Vulnerability
Proof of concept overview on how the DBMSREDACT Dynamic Data Masking security feature in Oracle can be bypassed. Affected versions include 19c and 21c. Title: ByPassing DBMSREDACT Dynamic Data Masking security feature in Oracle database system Product: Database Manufacturer: Oracle Affected...
CMDBuild 3.3.2 - (Multiple) Cross Site Scripting Vulnerability
Exploit Title: CMDBuild 3.3.2 - 'Multiple' Cross Site Scripting XSS Exploit Author: Hosein Vita Vendor Homepage: https://www.cmdbuild.org Software Link: https://www.cmdbuild.org/en/download/latest-version Version: CMDBuild 3.3.2 Tested on: Linux Summary: Multiple stored cross-site scripting XSS...
Yachtcontrol 2019-10-06 Remote Code Execution Exploit #RCE
Exploit for windows platform in category remote exploits Exploit Title: Yachtcontrol Webapplication - Unauthenticated Remote Code Execution Exploit Author: Hodorsec Vendor Homepage: http://www.yachtcontrol.nl/en/ Software Link: http://download.yachtcontrol.nl/klant/Software/ &...
JBOSSAS 5.x/6.x Deserializer Vulnerability
Exploit for java platform in category web applications JBOSSAS 5.x/6.x Deserializer Vulnerability https://access.redhat.com/security/cve/cve-2017-12149 CVE-2017-12149 It was found that the doFilter method in the ReadOnlyAccessFilter of the HTTP Invoker does not restrict classes for which it...
KiTTY 0.76.1.13 Command Injection Exploit
KiTTY versions 0.76.1.13 and below suffer from a command injection vulnerability when getting a remote file through scp. It appears to leverage an ANSI escape sequence issue which is quite an interesting vector of attack. !/usr/bin/python...
MilleGPG5 5.7.2 Luglio 2021 - Local Privilege Escalation Vulnerability
Exploit Title: MilleGPG5 5.7.2 Luglio 2021 x64 - Local Privilege Escalation Author: Alessandro 'mindsflee' Salzano Vendor Homepage: https://millegpg.it/ Software Homepage: https://millegpg.it/ Software Link: https://www.millegpg.it/download/MilleGPGInstall.exe Version: 5.7.2 Tested on: Microsoft...
Apache HTTP Server 2.4.50 - Remote Code Execution Exploit (2)
Exploit: Apache HTTP Server 2.4.50 - Remote Code Execution RCE 2 Credits: Ash Daulton & cPanel Security Team Exploit Author: TheLastVvV.com Vendor Homepage: https://apache.org/ Version: Apache 2.4.50 with CGI enable Tested on : Debian 5.10.28 CVE : CVE-2021-42013 !/bin/bash echo 'PoC CVE-2021-420...
Wordpress plugin CKEditor 4.0 Arbitrary File Upload Exploit
Exploit for php platform in category web applications Exploit-Title: Wordpress plugin CKEditor 4.0 Arbitrary File Upload Exploit Date: 2013-02-07 Author: sk0d Software-Link: http://downloads.wordpress.org/plugin/ckeditor-for-wordpress.4.0.zip Version: 4.0 Category: web-applications GoogleDork: n/...
GitLab CE/EE < 16.7.2 - Password Reset Vulnerability
Exploit Title: GitLab CE/EE 16.7.2 - Password Reset Exploit Author: Sebastian Kriesten 0xB455 Twitter: https://twitter.com/0xB455 Vendor Homepage: gitlab.com Vulnerability disclosure: https://about.gitlab.com/releases/2024/01/11/critical-security-release-gitlab-16-7-2-released/ Version: 16.7.2,...
Uvdesk 1.1.4 - Stored XSS (Authenticated) Vulnerability
Exploit Title: Uvdesk 1.1.4 - Stored XSS Authenticated Exploit Author: Hubert Wojciechowski Contact Author: email protected Vendor Homepage: https://www.uvdesk.com/ Software Link: https://github.com/MegaTKC/AeroCMS Version: 1.1.4 Testeted on: Windows 10 using XAMPP, Apache/2.4.48 Win64...
OX App Suite / Ox Documents 7.10.x XSS / Code Injection / Traversal Vulnerability
OX App Suite and OX Documents suffer from cross site scripting, code injection, path traversal, and input validation vulnerabilities. Most of these issues affect 7.10.5 and below with one affecting 7.10.4 and below. Product: OX App Suite, OX Documents Vendor: OX Software GmbH Internal reference:...
Online Learning System 2.0 - (Multiple) SQL injection Authentication Bypass Vulnerability
Exploit Title: Online Learning System 2.0 - 'Multiple' SQLi Authentication Bypass Exploit Author: Oguzhan Kara Vendor Homepage: https://www.sourcecodester.com/php/14929/online-learning-system-v2-using-php-free-source-code.html Software Link:...
Eibiz i-Media Server Digital Signage 3.8.0 File Path Traversal Vulnerability
Eibiz i-Media Server Digital Signage version 3.8.0 is affected by a directory traversal vulnerability. An unauthenticated remote attacker can exploit this to view the contents of files located outside of the server's root directory. The issue can be triggered through the oldfile GET parameter...
Deltek Maconomy 2.2.5 - Local File Inclusion Vulnerability
Exploit for multiple platform in category web applications Exploit Title: Maconomy Erp local file include Date: 22/05/2019 Exploit Author: JameelNabbo Website: jameelnabbo.com Vendor Homepage: https://www.deltek.com Software Link: https://www.deltek.com/en-gb/products/project-erp/maconomy CVE:...
PHP PHP_INI_SYSTEM Ineffective Controls Vulnerability
Security controls configured via php.ini directives at the PHPINISYSTEM level are ineffective as they could be bypassed by malicious scripts via writing their own process memory on the Linux platform. Proof of concept code included. "PHP is a popular general-purpose scripting language that is...
WinRAR 5.61 - Path Traversal Exploit
Exploit for windows platform in category local exploits !/usr/bin/env python3 import os import re import zlib import binascii The archive filename you want rarfilename = "test.rar" The evil file you want to run evilfilename = "calc.exe" The decompression path you want, such shown below...
CoreHTTP Arbitrary Command Execution Vulnerability
Exploit for unknown platform in category remote exploits ================================================== CoreHTTP Arbitrary Command Execution Vulnerability ================================================== Title: CoreHTTP Arbitrary Command Execution Vulnerability CVE-ID: OSVDB-ID: Author: Aar...
Microsoft Windows PowerShell Code Execution / Event Log Bypass Vulnerabilities
Prior work from this researcher disclosed how PowerShell executes unintended files or BASE64 code when processing specially crafted filenames. This research builds on their PSTrojanFile work, adding a PS command line single quote bypass and PS event logging failure. On Windows CL tab, completing ...
Atos Unify OpenScape Code Execution / Missing Authentication Vulnerabilities
Atos Unify OpenScape Session Border Controller, Atos Unify OpenScape Branch, and Atos Unify OpenScape BCF suffer from remote code execution and missing authentication vulnerabilities. Atos OpenScape SBC versions before 10 R3.3.0, Branch version 10 versions before R3.3.0, and BCF version 10 versio...
WinRAR Remote Code Execution Exploit
This Metasploit module exploits a vulnerability in WinRAR CVE-2023-38831. When a user opens a crafted RAR file and its embedded document, the decoy document is executed, leading to code execution. This module requires Metasploit: https://metasploit.com/download Current source:...
WordPress Limit Login Attempts 1.7.1 Cross Site Scripting Vulnerability
WordPress Limit Login Attempts plugin versions 1.7.1 and below suffer from a persistent cross site scripting vulnerability. On January 26, 2023, the Wordfence team responsibly disclosed an unauthenticated stored Cross-Site Scripting vulnerability in Limit Login Attempts, a WordPress plugin...
WordPress WP-file-manager v6.9 Plugin - Unauthenticated Arbitrary File Upload Exploit
!/usr/bin/env Exploit Title: WP-file-manager v6.9 - Unauthenticated Arbitrary File Upload leading to RCE Date: 22-01-2023 Exploit Author: BLY Vendor Homepage: https://wpscan.com/vulnerability/10389 Version: File Manager plugin 6.0-6.9 Tested on: Debian CVE : CVE-2020-25213 import...
VMware Workspace ONE Access Template Injection / Command Execution Exploit
This Metasploit module exploits CVE-2022-22954, an unauthenticated server-side template injection SSTI vulnerability in VMware Workspace ONE Access, to execute shell commands as the horizon user. This module requires Metasploit: https://metasploit.com/download Current source:...