39001 matches found
CMSimple 5.4 - Local file inclusion to Remote code execution Exploit
Exploit Title: CMSimple 5.4 - Local file inclusion LFI to Remote code execution RCE Authenticated Exploit Author: S1lv3r Vendor Homepage: https://www.cmsimple.org/en/ Software Link: https://www.cmsimple.org/en/ Version: CMSimple 5.4 Tested on: CMSimple 5.4 writeup:...
Compro Technology IP Camera - (index_MJpeg.cgi) Stream Disclosure Vulnerability
Exploit Title: Compro Technology IP Camera - ' indexMJpeg.cgi' Stream Disclosure Exploit Author: icekam,xiao13,Rainbow,tfsec Software Link: http://www.comprotech.com.hk/ Version: Compro IP70 2.087130218, IP570 2.087130520, IP60, TN540 CVE : CVE-2021-40381 Has an unauthorized access vulnerability,...
Node.JS - (node-serialize) Remote Code Execution Exploit (3)
Exploit Title: Node.JS - 'node-serialize' Remote Code Execution 3 Exploit Author: Beren Kuday GORUN Vendor Homepage: https://github.com/luin/serialize Software Link: https://github.com/luin/serialize Version: 0.0.4 Tested on: Windows & Ubuntu CVE : 2017-5941 var serialize = require'node-serialize...
Avast Secure Browser 76.0.1659.101 Local Privilege Escalation Vulnerability
A local privilege escalation issue was discovered in Avast Secure Browser version 76.0.1659.101. The vulnerability is due to an insecure ACL set by the AvastBrowserUpdate.exe which is running as NT AUTHORITY\SYSTEM when AvastSecureBrowser.exe checks for new updates. Avast Secure Browser...
Windows x32 / Windows x64 - cmd.exe Shellcode (718 bytes)
;Full tutorial: https://www.zinzloun.info Windows CMD shellcode ;COMPILE: ;nasm.exe -f win32 dynamic.asm -o dynamic.obj ;SKIP -f win32 to create the .obj file to extract eventually the hex code ;then execute: python bin2hex.py dynamic.obj to get the hex code:...
pgAdmin 8.4 Remote Code Execution Exploit
pgAdmin versions 8.4 and below are affected by a remote code execution vulnerability through the validate binary path API. This vulnerability allows attackers to execute arbitrary code on the server hosting PGAdmin, posing a severe risk to the database management system's integrity and the securi...
Barracuda CloudGen WAN OS Command Injection Vulnerability
Barracuda CloudGen WAN provides a private edge appliance for hybrid deployments. An authenticated user in the administration interface for the private edge virtual appliance can inject arbitrary OS commands via the /ajax/updatecertificate endpoint. Versions prior to v8. hotfix 1089 are affected...
Social Codia SMS 1 Cross Site Scripting Vulnerability
sms-AddStudent-StoredXSS-POC Author: D4rkP0w4r Description = StoredXSS at Add Student Step to Reproduct Login to admin - Students - Add Student - input payload at Enter Name Exploit Input payload at Enter Name - clicked Add Students - access All Student - The XSS will trigger Log out admin and...
Simplephpscripts Simple CMS 2.1 - (Multiple) SQL Injection Vulnerability
Exploit Title: Simplephpscripts Simple CMS 2.1 - 'Multiple' SQL Injection Vendor Homepage: https://simplephpscripts.com/simple-cms-php Version: 2.1 Product & Service Introduction: =============================== The system could be used only in already existing websites to control their page...
vBulletin 5.6.2 - (widget_tabbedContainer_tab_panel) Remote Code Execution Exploit
Exploit for php platform in category web applications Exploit Title: vBulletin 5.6.2 - 'widgettabbedContainertabpanel' Remote Code Execution Exploit Author: @zenofex Vendor Homepage: https://www.vbulletin.com/ Software Link: None Version: 5.4.5 through 5.6.2 Tested on: vBulletin 5.6.2 on Ubuntu...
AllPlayer 7.4 - SEH Buffer Overflow (Unicode) Exploit
Exploit for windows platform in category local exploits !/usr/bin/python -w Exploit Author: Chris Au Exploit Title: AllPlayer V7.4 - Local Buffer Overflow SEH Unicode Vulnerable Software: AllPlayer V7.4 Vendor Homepage: https://www.allplayer.org/ Version: 7.4 Software Link:...
BioTime Directory Traversal / Remote Code Execution Exploit
BioTime versions 8.5.5 and 9.0.1 suffer from directory traversal and file write vulnerabilities. This exploit also achieves remote code execution on version 8.5.5. . . \ | \ /|| | | / |/ | | | |/ / \ | | \ | | | Y Y \ / | /|/|| |||| /\ / / / Tested on 8.5.5 Build:20231103.R1905 Tested on...
Simple Food Ordering System 1.0 Cross Site Scripting Vulnerability
Simple Food Ordering System - Authenticated Reflected Cross Site Scripting CVE Assigned: CVE-2023-0902 mitre.org nvd.nist.org Author Email: navaidnemail protected Vendor Homepage: https://www.sourcecodester.com Software Link: Simple Food Ordering System Version: v 1.0 What is Reflected Cross-Site...
SentinelOne sentinelagent 22.3.2.5 Privilege Escalation Vulnerability
SentinelOne sentinelagent version 22.3.2.5 on Linux suffers from a privilege escalation vulnerability due to not use a fully qualified path when calling grep. Exploit Title: SentinelOne sentinelagent linux root Privilege Escalation zero day vulnerability Exploit Author: ouchthishurts Vendor...
Microsoft Windows Defender - Detections Bypass Vulnerability
Exploit Title: Microsoft Internet Explorer / ActiveX Control - Security Bypass Exploit Author: John Page aka hyp3rlinx Website: hyp3rlinx.altervista.org Source: http://hyp3rlinx.altervista.org/advisories/MICROSOFTWINDOWSDEFENDERDETECTIONBYPASS.txt twitter.com/hyp3rlinx ISR: ApparitionSec Vendor...
Cradlepoint Router Password Disclosure Vulnerability
Exploit for hardware platform in category web applications Cradlepoint Router Password Disclosure Many vulnerabilities in the built-in software of the Cradlepoint Router. 100000 such routers can be seen in the shodan https://www.shodan.io/search?query=cradlepointhttpservice. These vulnerabilities...
eMeeting Online Dating Software 5.2 SQL Injection Vulnerabilities
Exploit for unknown platform in category web applications ================================================================= eMeeting Online Dating Software 5.2 SQL Injection Vulnerabilities =================================================================...
FleetCart 4.1.1 Information Disclosure Vulnerability
Exploit Title: FleetCart 4.1.1 - WebPage Content Information Disclosure Exploit Author: CraCkEr Vendor: EnvaySoft Vendor Homepage: https://codecanyon.net/item/fleetcart-laravel-ecommerce-system/23014826 Software Demo Link: https://demo.fleetcart.envaysoft.com/en Tested on: Windows 11 Pro 22H2...
containerd Image Volume Insecure Handling Exploit
containerd: Insecure handling of image volumes containerd's cri plugin handles image volumes containing path traversals insecurely. This can be used to copy arbitrary host directories to a container-mounted path. OCI images contain a JSON config file described in...
Windows/x64 - Reverse TCP (192.168.201.11:4444) Shellcode (330 Bytes)
Title: Windows/x64 - Reverse TCP 192.168.201.11:4444 Shellcode 330 Bytes Author: Xenofon Vassilakopoulos Tested on: Windows/x64 - 10.0.19043 N/A Build 19043 / MIT License Copyright c 2021 Xenofon Vassilakopoulos Permission is hereby granted, free of charge, to any person obtaining a copy of this...
Confluence Server 7.12.4 - (OGNL injection) Remote Code Execution Exploit
Exploit Title: Confluence Server 7.12.4 - 'OGNL injection' Remote Code Execution RCE Unauthenticated Exploit Author: h3v0x Vendor Homepage: https://www.atlassian.com/ Software Link: https://www.atlassian.com/software/confluence/download-archives Version: All 7.12.x versions before 7.12.5 Tested o...
Linux - Broken uid/gid Mapping for Nested User Namespaces Exploit
Exploit for linux platform in category local exploits Linux - Broken uid/gid Mapping for Nested User Namespaces Exploit commit 6397fac4915a "userns: bump idmap limits to 340" increases the number of possible uid/gid mappings that a namespace can have from 5 to 340. This is implemented by switchin...
WordPress Essential Blocks 4.2.0 / Essential Blocks Pro 1.1.0 PHP Object Injection Vulnerability
Vulnerability Summary from Wordfence Intelligence Description: Insecure Deserialization/PHP Object Injection via queries Affected Plugin: Essential Blocks, Essential Blocks Pro Plugin slug: essential-blocks, essential-blocks-pro Vendor: WPDeveloper Affected versions: = 4.2.0 Free and = 1.1.0 Pro...
Wordpress WP-UserOnline 2.88.0 Plugin - Stored Cross Site Scripting Vulnerability
Exploit Title: Wordpress Plugin WP-UserOnline 2.88.0 - Stored Cross Site Scripting XSS Google Dork: inurl:/wp-content/plugins/wp-useronline/ Exploit Author: UnD3sc0n0c1d0 Vendor Homepage: https://github.com/lesterchan/wp-useronline Software Link:...
m1k1o Blog v.10 - Remote Code Execution Exploit
Exploit Title: m1k1o's Blog v.10 - Remote Code Execution RCE Authenticated Exploit Author: Malte V Vendor Homepage: https://github.com/m1k1o/blog Software Link: https://github.com/m1k1o/blog/archive/refs/tags/v1.3.zip Version: 1.3 and below Tested on: Linux CVE : CVE-2022-23626 import argparse...
OpenCart v3.x Newsletter Module - Blind SQL injection Vulnerability
Exploit Title: OpenCart v3.x Newsletter Module - Blind SQLi Exploit Author: Saud Alenazi Vendor Homepage: https://www.opencart.com/ Software Link: https://www.opencart.com/index.php?route=marketplace/extension/info&extensionid=32750&filtermember=Zemez Version: v.3.0.2.0 Tested on: XAMPP, Linux...
HTTP Protocol Stack Denial Of Service / Remote Code Execution Exploit
!/usr/bin/python Author @nu11secur1ty CVE-2022-21907 from colorama import init, Fore, Back, Style initconvert=True import requests import time printFore.RED +"Please input your host...\n" printStyle.RESETALL printFore.YELLOW host = input printStyle.RESETALL printFore.BLUE +"Sending an especially...
OpenCats 0.9.4 XML Injection Vulnerability
Author : Raed Ahsan Platform : OpenCats Version : 0.9.4 LinkedIn : https://linkedin.com/in/raed-ahsan INSTRUCTIONS FOR EXPLOITING THE OPENCATS 0.9.4 1 Create a file called "cv.py" 2 Paste the following into the cv.py file: from docx import Document document = Document paragraph =...
Whatsapp 2.19.216 - Remote Code Execution Exploit
Exploit Title: Whatsapp 2.19.216 - Remote Code Execution Exploit Author: Valerio Brussani @valbrux Vendor Homepage: https://www.whatsapp.com/ Version: include include include typedef uint8t byte; char gadgetp; void libc, lib; //dls iteration for rop int dlcallbackstruct dlphdrinfo info, sizet siz...
WyreStorm Apollo VX20 Incorrect Access Control Vulnerability
An issue was discovered on WyreStorm Apollo VX20 versions prior to 1.3.58. Remote attackers can restart the device via a /device/reboot HTTP GET request. + Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source:...
Textpattern CMS v4.8.8 - Stored Cross-Site Scripting (Authenticated) Vulnerability
Exploit Title: Textpattern CMS v4.8.8 - Stored Cross-Site Scripting XSS Authenticated Exploit Author: tmrswrr Vendor Homepage: https://textpattern.com/ Software Link: https://textpattern.com/filedownload/118/textpattern-4.8.8.zip Version: v4.8.8 Tested : https://release-demo.textpattern.co/ ---...
VMware Workspace ONE Remote Code Execution Exploit
This Metasploit module combines two vulnerabilities in order achieve remote code execution in the context of the horizon user. The first vulnerability, CVE-2022-22956, is an authentication bypass in OAuth2TokenResourceController ACS which allows a remote, unauthenticated attacker to bypass the...
Apache Tomcat Privilege Escalation Exploit
This Metasploit module exploits a vulnerability in RedHat based systems where improper file permissions are applied to /usr/lib/tmpfiles.d/tomcat.conf for Apache Tomcat versions before 7.0.54-8. The configuration files in tmpfiles.d are used by systemd-tmpfiles to manage temporary files including...
ZwiiCMS 12.2.04 Remote Code Execution Exploit
Exploit Title: ZwiiCMS 12.2.04 Remote Code Execution Authenticated Exploit Author: Hadi Mene Vendor Homepage: https://zwiicms.fr/ Version: 12.2.04 and potentially lower versions CVE: CVE-2020-10567 Category: webapps ZwiiCMS 12.2.04 uses "Responible FileManager" 9.14.0 for its file manager feature...
WordPress Cozmoslabs Profile Builder 3.6.1 Cross Site Scripting Vulnerability
The Wordfence Threat Intelligence team initiated the responsible disclosure process for a vulnerability we discovered in “Profile Builder – User Profile & User Registration Forms”, a WordPress plugin that is installed on over 50,000 WordPress websites. This vulnerability makes it possible for an...
SAP Netweaver IUUC_RECON_RC_COUNT_TABLE_BIG SQL Injection Exploit
SAP Netweaver suffers from a remote ADBC SQL injection vulnerability in IUUCRECONRCCOUNTTABLEBIG. Other software and various versions are also affected. ============================================================================== title: Remote ADBC SQL Injection in SAP IUUCRECONRCCOUNTTABLEBIG...
Keycloak 12.0.1 - (request_uri) Blind Server-Side Request Forgery (Unauthenticated) Exploit
Exploit Title: Keycloak 12.0.1 - 'requesturi ' Blind Server-Side Request Forgery SSRF Unauthenticated Exploit Author: Mayank Deshmukh Vendor Homepage: https://www.keycloak.org/ Software Link: https://www.keycloak.org/archive/downloads-12.0.1.html Version: versions 192.168.0.1:4444 '''...
Moodle 2.x/3.x - SQL Injection Exploit
Exploit for php platform in category web applications Exploit: Moodle SQL Injection via Object Injection Through User Preferences Date: April 6th, 2017 Exploit Author: Marko Belzetski Contact: email protected Vendor Homepage: https://moodle.org/ Version: 3.2 to 3.2.1, 3.1 to 3.1.4, 3.0 to 3.0.8,...
WebCatalog 48.4 Arbitrary Protocol Execution / Code Execution Vulnerability
WebCatalog versions prior to 48.8 call the Electron shell.openExternal function without verifying that the URL is for an http or https resource. This vulnerability allows an attacker to potentially execute code through arbitrary protocols on the victims machine by having users sync pages with...
SISQUAL WFM 7.1.319.103 Host Header Injection Vulnerability
Exploit Title: SISQUAL WFM 7.1.319.103 Host Header Injection Exploit Author: Omer Shaik unknownexploit Vendor Homepage: https://www.sisqualwfm.com Version: 7.1.319.103 Tested on: SISQUAL WFM 7.1.319.103 Affected Version: sisqualWFM - 7.1.319.103 Fixed Version: sisqualWFM - 7.1.319.111 CVE :...
Taskhub 2.8.7 SQL Injection Vulnerability
Exploit Title: taskhub 2.8.7 - SQL Injection Exploit Author: CraCkEr Vendor: Infinitie Technologies Vendor Homepage: https://www.infinitietech.com/ Software Link: https://codecanyon.net/item/taskhub-project-management-finance-crm-tool/25685874 Demo: https://taskhub.company/auth Tested on: Windows...
Piwigo 13.5.0 SQL Injection Vulnerability
Piwigo - Version 13.5.0 Author: Rodolfo Tavares Tempest Security Intelligence - Recife, Pernambuco - Brazil ===== Table of Contents================================================== Overview Detailed description Timeline of disclosure Thanks & Acknowledgments References ===== Vulnerability...
Poly Studio X30 / Studio X50 / Studio X70 / G7500 Command Injection Vulnerability
======================================================================= title: Authenticated Command Injection product: Poly Studio X30, Studio X50, Studio X70, G7500 vulnerable version: 3.4.0-292042, 3.5.0-344025, 3.6.0 fixed version: 3.7.0 or higher CVE number: CVE-2022-26481 impact: critical...
E-Commerce Website 1.0 Shell Upload Exploit
Ecommerce Website Unrestricted File Upload + RCE Author: D4rkP0w4r Note = Create account, don't need login client or admin Description = Create account upload web shell at Customer Image Step to Reproduct Register - upload web shell at Customer Image - clicked Register button Exploit Upload web...
Tiny File Manager 2.4.6 - Remote Code Execution Exploit
Exploit Title: Tiny File Manager 2.4.6 - Remote Code Execution RCE Exploit Author: FEBIN MON SAJI Software Link: https://github.com/prasathmani/tinyfilemanager Version: Tiny File Manager Example: $0 http://files.ubuntu.local/index.php admin "email protected" " log-in URL=$1 admin=$2 pass=$3...
Seowon SLR-120 Router - Remote Code Execution (Unauthenticated) Exploit
Exploit Title: Seowon SLR-120 Router - Remote Code Execution Unauthenticated Exploit Author: Aryan Chehreghani Vendor Homepage: http://www.seowonintech.co.kr Software Link: http://www.seowonintech.co.kr/en/product/detail.asp?num=126&bigkind=B05&middlekind=B0530 Version: All version Tested on:...
Talariax sendQuick Alertplus Server Admin 4.3 SQL Injection Vulnerability
Talariax sendQuick Alertplus Server Admin version 4.3 suffers from a vulnerability that allows an authenticated user to perform error-based SQL injection via unsanitized form fields. Dear Full Disclosure Team, We are writing to submit a full disclosure for the following vulnerability discovered f...
AngelineCMS 0.8.1 (installpath) Remote File Inclusion Exploit
Exploit for unknown platform in category web applications ============================================================= AngelineCMS 0.8.1 installpath Remote File Inclusion Exploit ============================================================= !/usr/bin/perl AngelineCMS 0.8.1 installpath Remote Cod...
CrushFTP Remote Code Execution Exploit
This Metasploit exploit module leverages an improperly controlled modification of dynamically-determined object attributes vulnerability CVE-2023-43177 to achieve unauthenticated remote code execution. This affects CrushFTP versions prior to 10.5.1. It is possible to set some user's session...
WordPress TextMe SMS 1.9.0 Cross Site Request Forgery Vulnerability
Exploit Title: WP Plugins TextMe SMS history.pushState'', '', '/'; document.forms0.submit; Recommendation Upgrade to version 1.9.1...