39001 matches found
SISQUAL WFM 7.1.319.103 Host Header Injection Vulnerability
Exploit Title: SISQUAL WFM 7.1.319.103 Host Header Injection Exploit Author: Omer Shaik unknownexploit Vendor Homepage: https://www.sisqualwfm.com Version: 7.1.319.103 Tested on: SISQUAL WFM 7.1.319.103 Affected Version: sisqualWFM - 7.1.319.103 Fixed Version: sisqualWFM - 7.1.319.111 CVE :...
Traceroute 2.1.2 Privilege Escalation Vulnerability
In Traceroute versions 2.0.12 through to 2.1.2, the wrapper scripts mishandle shell metacharacters, which can lead to privilege escalation if the wrapper scripts are executed via sudo. The affected wrapper scripts include tcptraceroute, tracepath, traceproto, and traceroute-nanog. Version 2.1.3...
phpFox 4.8.13 PHP Object Injection Exploit
phpFox versions 4.8.13 and below have an issue where user input passed through the "url" request parameter to the /core/redirect route is not properly sanitized before being used in a call to the unserialize PHP function. This can be exploited by remote, unauthenticated attackers to inject...
Piwigo 13.5.0 SQL Injection Vulnerability
Piwigo - Version 13.5.0 Author: Rodolfo Tavares Tempest Security Intelligence - Recife, Pernambuco - Brazil ===== Table of Contents================================================== Overview Detailed description Timeline of disclosure Thanks & Acknowledgments References ===== Vulnerability...
Poly Studio X30 / Studio X50 / Studio X70 / G7500 Command Injection Vulnerability
======================================================================= title: Authenticated Command Injection product: Poly Studio X30, Studio X50, Studio X70, G7500 vulnerable version: 3.4.0-292042, 3.5.0-344025, 3.6.0 fixed version: 3.7.0 or higher CVE number: CVE-2022-26481 impact: critical...
E-Commerce Website 1.0 Shell Upload Exploit
Ecommerce Website Unrestricted File Upload + RCE Author: D4rkP0w4r Note = Create account, don't need login client or admin Description = Create account upload web shell at Customer Image Step to Reproduct Register - upload web shell at Customer Image - clicked Register button Exploit Upload web...
SCHLIX 2.2.8-1 Denial Of Service Exploit
Exploit Title: SCHLIX v2.2.8-1 Regular Expression Denial of Service Exploit Author: Diyar Saadi Vendor Homepage: https://www.schlix.com Software Link: https://www.schlix.com/html/schlix-cms-downloads.html Version: v2.2.8-1 Tested on: Windows 11 + XAMPP Description SCHLIX v2.2.8-1 is vulnerable to...
WordPress TextMe SMS 1.9.0 Cross Site Request Forgery Vulnerability
Exploit Title: WP Plugins TextMe SMS history.pushState'', '', '/'; document.forms0.submit; Recommendation Upgrade to version 1.9.1...
Ivanti Avalanche MDM Buffer Overflow Exploit
This Metasploit module exploits a buffer overflow condition in Ivanti Avalanche MDM versions prior to 6.4.1. An attacker can send a specially crafted message to the Wavelink Avalanche Manager, which could result in arbitrary code execution with the NT/AUTHORITY SYSTEM permissions. This...
OctoBot WebInterface 0.4.3 - Remote Code Execution Exploit
Exploit Title: OctoBot WebInterface 0.4.3 - Remote Code Execution RCE Exploit Author: Samy Younsi, Thomas Knudsen Vendor Homepage: https://www.octobot.online/ Software Link: https://github.com/Drakkar-Software/OctoBot Version: 0.4.0beta3 - 0.4.3 Tested on: Linux Ubuntu, CentOs CVE : CVE-2021-3671...
WordPress AccessPress Social Icons 1.8.2 Plugin - (icon title) XSS Vulnerability
Exploit Title: WordPress Plugin AccessPress Social Icons 1.8.2 - 'icon title' Stored Cross-Site Scripting XSS Exploit Author: Murat DEMIRCI @butterflyhunt3r Vendor Homepage: https://accesspressthemes.com/ Software Link: https://wordpress.org/plugins/accesspress-social-icons/ Version: 1.8.2 Tested...
Google Assistant Authentication Bypass Vulnerability
Google Assistant suffered from an authentication bypass vulnerability allowing a webpage to execute commands without permission. Auth Bypass in Google Assistant Summary: Webpage can execute Google Assistant commands without any permissions Steps to reproduce: Generate the TTS audio files using th...
Joomla 3.9.13 - (Host) Header Injection Exploit
Exploit for php platform in category web applications 0day.today 2019-12-04...
IBM OpenAdmin Tool SOAP welcomeServer PHP Code Execution Exploit
This Metasploit module exploits an unauthenticated remote PHP code execution vulnerability in IBM OpenAdmin Tool included with IBM Informix versions 11.5, 11.7, and 12.1. The 'welcomeServer' SOAP service does not properly validate user input in the 'newhomepage' parameter of the 'saveHomePage'...
GeekLog 2.x ImageImageMagick.php Remote File Inclusion Vulnerability
Exploit for unknown platform in category web applications ==================================================================== GeekLog 2.x ImageImageMagick.php Remote File Inclusion Vulnerability ==================================================================== --------------------------------...
ABB Cylon Aspect 3.08.02 CookieDB SQL Injection Vulnerability
ABB Cylon Aspect version 3.08.02 suffers from an SQL injection through the key and user parameters. These inputs are not properly sanitized and do not utilize stored procedures, allowing attackers to manipulate SQL queries and potentially gain unauthorized access to the database or execute...
Employee Management System 1.0 - (admin_id) SQL injection Vulnerability
Exploit Title: Employee Management System 1.0 - 'adminid' SQLi Exploit Author: Shubham Pandey Vendor Homepage: https://www.sourcecodester.com Software Link: https://www.sourcecodester.com/php/17217/employee-management-system-php-and-mysql-free-download.html Version: 1.0 Tested on: Windows, Linux...
Spring Cloud Gateway 3.1.0 Remote Code Execution Exploit
This Metasploit module exploits an unauthenticated remote code execution vulnerability in Spring Cloud Gateway versions 3.0.0 through 3.0.6 and 3.1.0. The vulnerability can be exploited when the Gateway Actuator endpoint is enabled, exposed and unsecured. An unauthenticated attacker can use SpEL...
Siemens S7-1200 - Unauthenticated Start / Stop Command Vulnerability
Exploit Title: Unauthenticated Siemens S7-1200 CPU Start/Stop Command Exploit Author: RoseSecurity Vendor Homepage: https://www.siemens.com/global/en.html Version: V4.5 and below Tested on: Siemens S7-1200 CPU: 1215C IP == PLC IP address Start Command curl -i -s -k -X $'POST' \ -H $'Host: ' -H...
Bus Pass Management System 1.0 - (Search) SQL injection Vulnerability
Exploit Title: Bus Pass Management System 1.0 - 'Search' SQL injection Exploit Author: Abhijeet Singh Vendor Homepage: https://phpgurukul.com/ Software Link: https://phpgurukul.com/bus-pass-management-system-using-php-and-mysql/ Version: v-1.0 Default Tested on: macOS MontereyVersion 12.0.1 SQL...
Linux Polkit pkexec Helper PTRACE_TRACEME Local Root Exploit
This Metasploit module exploits an issue in ptracelink in kernel/ptrace.c before Linux kernel 5.1.17. This issue can be exploited from a Linux desktop terminal, but not over an SSH session, as it requires execution from within the context of a user with an active Polkit agent. In the Linux kernel...
ZTE F660 - Remote Config Download Vulnerability
Exploit for hardware platform in category web applications / Exploit Title : ZTE remote configuration download Date : 09 May 2015 Exploit Author : Daniel Cisa Vendor Homepage : http://wwwen.zte.com.cn/en/ Platform : Hardware Tested On : ZTE F660 Firmware Version: 2.22.21P1T8S...
SugarCRM 13.0.1 Server-Side Template Injection Exploit
SugarCRM versions 13.0.1 and below suffer from a server-side template injection vulnerability in the GetControl action from the Import module. This issue can be leveraged to execute arbitrary php code. ---------------------------------------------------------------------------- SugarCRM = 13.0.1...
Buffalo TeraStation Network Attached Storage (NAS) 1.66 - Authentication Bypass Vulnerability
Exploit Title: Buffalo TeraStation Network Attached Storage NAS 1.66 - Authentication Bypass Exploit Author: JORDAN GLOVER Type: WEBAPPS Platform: HARDWARE Vendor Homepage: https://www.buffalotech.com/ Model: TeraStation Series Firmware Version: 1.66 Tested on: Windows 10 An authentication bypass...
Online Pre-owned/Used Car Showroom Management System 1.0 - SQL injection Authentication Bypass
Exploit Title: Online Pre-owned/Used Car Showroom Management System 1.0 - SQLi Authentication Bypass Exploit Author: Mohamed habib Smidi Craniums Vendor Homepage: https://www.sourcecodester.com/php/15067/online-pre-ownedused-car-showroom-management-system-php-free-source-code.html Software Link:...
GovRAT 2.0 - FUD unknown RAT with special functions
This RAT was written by me and cannot be blocked. FUD tested with the strictest firewall policies. You are buying the source code + digital certificate to sign your files. I can also host the C&C for you for extra Functions: Access C&C with any browser. Compile C&C for Linux OR Windows. VALID...
Lenovo Diagnostics Driver Memory Access Exploit
This Metasploit module demonstrates how an incorrect access control for the Lenovo Diagnostics Driver allows a low-privileged user the ability to issue device IOCTLs to perform arbitrary physical/virtual memory reads and writes. This module requires Metasploit: https://metasploit.com/download...
BMC Remedy ITSM-Suite 9.1.10 / 20.02 HTML Injection Vulnerability
======================================================================= title: HTML Injection product: BMC Remedy ITSM-Suite vulnerable version: 9.1.10 = 20.02 in new versioning scheme fixed version: 22.1 CVE number: CVE-2022-26088 impact: Low homepage:...
AeroCMS 0.0.1 Cross Site Scripting Vulnerability
AeroCMS-Comment-StoredXSS-POC Author: D4rkP0w4r Note = Don't need register or login account Description = StoredXSS at comment box Step to Reproduct Click Read More - input payload at Author - click Submit button Exploit Input payload at Author - click Submit button When admin login to admin pane...
WordPress UpdraftPlus 1.22.2 Backup Disclosure Vulnerability
UpdraftPlus, a WordPress plugin with over 3 million installations, updated with a security fix for a vulnerability discovered by security researcher Marc Montpas. This vulnerability allowed any logged-in user, including subscriber-level users, to download backups made with the plugin. Backups are...
phpKF CMS 3.00 Beta y6 - Remote Code Execution (Unauthenticated) Exploit
Exploit Title: phpKF CMS 3.00 Beta y6 - Remote Code Execution RCE Unauthenticated Exploit Author: Halit AKAYDIN hLtAkydn Vendor Homepage: https://www.phpkf.com/ Software Link: https://www.phpkf.com/indirme.php Version: 3.00 Category: Webapps Tested on: Linux/Windows phpKF-CMS; It is a very popula...
Froxlor 0.10.29.1 - SQL Injection (Authenticated) Vulnerability
Exploit Title: Froxlor 0.10.29.1 - SQL Injection Authenticated Exploit Author: Martin Cernac Vendor: Froxlor https://froxlor.org/ Software Link: https://froxlor.org/download.php Affected Version: 0.10.28, 0.10.29, 0.10.29.1 Patched Version: 0.10.30 Category: Web Application Tested on: Ubuntu CVE:...
VMware ESXi OpenSLP Heap Overflow Exploit
Proof of concept exploit for the OpenSLP heap overflow in VMware ESXi versions 7.0 before ESXi70U1c-17325551, 6.7 before ESXi670-202102401-SG, and 6.5 before ESXi650-202102101-SG. !/usr/bin/python3 CVE-2021-21974 PoC Exploit By: Johnny Yu @staightblast Tested against: 1 VMware ESXi 6.7.0...
Palo Alto Networks PAN-OS Unauthenticated Remote Code Execution Exploit
This Metasploit module exploits two vulnerabilities in Palo Alto Networks PAN-OS that allow an unauthenticated attacker to create arbitrarily named files and execute shell commands. Configuration requirements are PAN-OS with GlobalProtect Gateway or GlobalProtect Portal enabled and telemetry...
OpenTSDB 2.4.0 Command Injection Exploit
This Metasploit module exploits an unauthenticated command injection vulnerability in the yrange parameter in OpenTSDB through 2.4.0 CVE-2020-35476 in order to achieve unauthenticated remote code execution as the root user. The module first attempts to obtain the OpenTSDB version via the api. If...
T-Soft E-Commerce 4 - SQL injection (Authenticated) Vulnerability
Exploit Title: T-Soft E-Commerce 4 - SQLi Authenticated Exploit Author: Alperen Ergel Contact: @alpernae IG/TW Software Homepage: https://www.tsoft.com.tr/ Version : v4 Tested on: Kali Linux Category: WebApp Google Dork: N/A CVE: 2022-28132 Description Step-1: Login as Admin or with privilage use...
Bagisto 1.3.3 - Client-Side Template Injection Vulnerability
Exploit Title: Bagisto 1.3.3 - Client-Side Template Injection Exploit Author: Mohamed Abdellatif Jaber Vendor Homepage: https://bagisto.com/en/ Software Link: https://github.com/bagisto/bagisto Version: v1.3.3 Tested on: windows | chrome | firefox Exploit :. 1- register an account and login your...
MajorDoMo Remote Code Execution Vulnerability
Introduction MajorDoMo, a beacon in Russian home automation and particularly favored by Raspberry Pi aficionados, has been a trusted name for over a decade. With over 380 stars on its official GitHub repository at the time of writing https://github.com/sergejey/majordomo, its popularity is eviden...
Jobpilot v2.61 - SQL Injection Vulnerability
Exploit Title: Jobpilot v2.61 - SQL Injection Exploit Author: Ahmet Ümit BAYRAM Vendor: https://codecanyon.net/item/jobpilot-job-portal-laravel-script/37897822 Demo Site: https://jobpilot.templatecookie.com Tested on: Kali Linux CVE: N/A ----- PoC: SQLi ----- Parameter: long GET Type: error-based...
PHPGurukul Zoo Management System 1.0 Shell Upload Exploit
Zoo Management System Unrestricted File Upload + RCE Author: D4rkP0w4r Note = don't need register or login account Description= Upload web shell at Upload CV Step to Reproduct Access Vacancies - upload web shell at - Upload CV - APPLY Exploit Upload web shell at Upload CV When upload success acce...
Ionic Identity Vault 5.0.4 PIN Unlock Lockout Bypass Vulnerability
Ionic Identity Vault versions 5.0.4 and below suffer from a PIN unlock lockout bypass vulnerability on both Android and iOS. Product: Identity Vault Vendor: Ionic CSNC ID: CSNC-2021-020 CVE ID: CVE-2021-44033 Subject: PIN Unlock Lockout Bypass Android & iOS Severity: Medium Effect: Authentication...
FormaLMS 2.4.4 - Authentication Bypass Exploit
Exploit Title: FormaLMS 2.4.4 - Authentication Bypass Google Dork: inurl:index.php?r=adm/ Exploit Author: Cristian 'void' Giustini @ Hacktive Security Vendor Homepage: https://formalms.org Software Link: https://formalms.org Version: = 2.4.4 Tested on: Linux CVE : CVE-2021-43136 Info: An...
Employee and Visitor Gate Pass Logging System 1.0 - (name) Stored Cross-Site Scripting Vulnerability
Exploit Title: Employee and Visitor Gate Pass Logging System 1.0 - 'name' Stored Cross-Site Scripting XSS Exploit Author: İlhami Selamet Vendor Homepage: https://www.sourcecodester.com/php/15026/employee-and-visitor-gate-pass-logging-system-php-source-code.html Software Link:...
Microsoft Windows 8 / 2012 R2 (x64) - EternalBlue SMB Remote Code Execution (MS17-010) Exploit
Exploit for windows platform in category remote exploits !/usr/bin/python from impacket import smb from struct import pack import os import sys import socket ''' EternalBlue exploit for Windows 8 and 2012 by sleepya The exploit might FAIL and CRASH a target system depended on what is overwritten...
CUPS 2.0.3 - Remote Command Execution Exploit
Exploit for linux platform in category remote exploits !/usr/bin/python Exploit Title: CUPS Reference Count Over Decrement Remote Code Execution Google Dork: n/a Date: 2/2/17 Exploit Author: @0x00string Vendor Homepage: cups.org Software Link:...
DropBearSSHD 2015.71 - Command Injection
Exploit for linux platform in category remote exploits VuNote ============ Author: Ref: https://github.com/tintinweb/pub/tree/master/pocs/cve-2016-3116 Version: 0.2 Date: Mar 3rd, 2016 Tag: dropbearsshd xauth command injection may lead to forced-command bypass Overview -------- Name: dropbear...
WordPress Royal Elementor 1.3.78 Shell Upload Vulnerability
Today, on October 16, 2023, the Wordfence Threat Intelligence Team became aware of a vulnerability that was recently patched in Royal Elementor Addons and Templates, a WordPress plugin installed on over 200,000 sites, that makes it possible for unauthenticated attackers to upload arbitrary files ...
Planet eStream Code Execution / SQL Injection / XSS / Broken Control Vulnerabilities
Planet eStream versions prior to 6.72.10.07 suffer from shell upload, account takeover, broken access control, SQL injection, both persistent and reflective cross site scripting, path traversal, and information disclosure vulnerabilities...
CuteEditor for PHP 6.6 - Directory Traversal Vulnerability
Exploit Title: CuteEditor for PHP 6.6 - Directory Traversal Exploit Author: Stefan Hesselman Vendor Homepage: http://phphtmledit.com/ Software Link: http://phphtmledit.com/download/phphtmledit.zip Version: 6.6 Tested on: Windows Server 2019 CVE : N/A There is a path traversal vulnerability in the...
Travel Tours Script 1.0 SQL Injection Vulnerability
┌┌────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An Unimaginable crack.... ────┐...