39001 matches found
Gibbon LMS < v26.0.00 - Authenticated Remote Code Execution Exploit
Exploit Title: Gibbon LMS has a PHP Deserialization vulnerability on the v26.0.00 version Exploit Author: SecondX.io Research TeamAli Maharramli,Fikrat Guliev,Islam Rzayev Vendor Homepage: https://gibbonedu.org/ Software Link: https://github.com/GibbonEdu/core Version: v26.0.00 Tested on: Ubuntu...
MajorDoMo Remote Code Execution Vulnerability
Introduction MajorDoMo, a beacon in Russian home automation and particularly favored by Raspberry Pi aficionados, has been a trusted name for over a decade. With over 380 stars on its official GitHub repository at the time of writing https://github.com/sergejey/majordomo, its popularity is eviden...
WordPress Royal Elementor 1.3.78 Shell Upload Vulnerability
Today, on October 16, 2023, the Wordfence Threat Intelligence Team became aware of a vulnerability that was recently patched in Royal Elementor Addons and Templates, a WordPress plugin installed on over 200,000 sites, that makes it possible for unauthenticated attackers to upload arbitrary files ...
CSZCMS 1.3.0 SSRF / LFI / Remote Code Execution Vulnerabilities
Title: CSZCMS V1.3.0 - SSRF To LFI To Rce Author: Hejap Zairy Vendor: https://sourceforge.net/projects/cszcms/files/install/ Software: https://liquidtelecom.dl.sourceforge.net/project/cszcms/install/CSZCMS-V1.3.0.zip Reference: https://github.com/Matrix07ksa Tested on: Windows, MySQL, Apache 1 -...
Ionic Identity Vault 5.0.4 PIN Unlock Lockout Bypass Vulnerability
Ionic Identity Vault versions 5.0.4 and below suffer from a PIN unlock lockout bypass vulnerability on both Android and iOS. Product: Identity Vault Vendor: Ionic CSNC ID: CSNC-2021-020 CVE ID: CVE-2021-44033 Subject: PIN Unlock Lockout Bypass Android & iOS Severity: Medium Effect: Authentication...
HealthForYou 1.11.1 / HealthCoach 2.9.2 Missing Password Policy Vulnerability
HealthForYou version 1.11.1 and HealthCoach version 2.9.2 are missing a server-side password policy. When creating an account or changing your password the mobile and web application both check the password against the password policy. But the API assumes that the given password is already checke...
DropBearSSHD 2015.71 - Command Injection
Exploit for linux platform in category remote exploits VuNote ============ Author: Ref: https://github.com/tintinweb/pub/tree/master/pocs/cve-2016-3116 Version: 0.2 Date: Mar 3rd, 2016 Tag: dropbearsshd xauth command injection may lead to forced-command bypass Overview -------- Name: dropbear...
man2web <= 0.88 Multiple Remote Command Execution Exploit (update2)
Exploit for cgi platform in category web applications =================================================================== man2web include include include include void usagechar argv0 fprintfstderr, "x86/linux multipie man2web cgi-scripts remote command spawn\n"; fprintfstderr, "researched by...
ABB Cylon Aspect 3.08.02 CookieDB SQL Injection Vulnerability
ABB Cylon Aspect version 3.08.02 suffers from an SQL injection through the key and user parameters. These inputs are not properly sanitized and do not utilize stored procedures, allowing attackers to manipulate SQL queries and potentially gain unauthorized access to the database or execute...
Rocket LMS 1.6 Shell Upload Vulnerability
Exploit Title: Rocket LMS - Learning Management System Shell Upload Exploit Author: th3d1gger Vendor Homepage: https://codecanyon.net Software Link: https://codecanyon.net/item/rocket-lms-learning-management-academy-script/33120735 Version: Version 1.6 Tested on Ubuntu 18.04 base64 encode your...
USR IOT 4G LTE Industrial Cellular VPN Router 1.0.36 Remote Root Backdoor Exploit
The USR IOT industrial router is vulnerable to hard-coded credentials within its Linux distribution image. These sets of credentials are never exposed to the end-user and cannot be changed through any normal operation of the device. Affected versions include 1.0.36 and 1.2.7. !/usr/bin/env python...
EaseUS Data Recovery - (ensserver.exe) Unquoted Service Path Vulnerability
Exploit Title: EaseUS Data Recovery - 'ensserver.exe' Unquoted Service Path Discovery by: bios Vendor Homepage: https://www.easeus.com/ Tested Version: 15.1.0.0 Vulnerability Type: Unquoted Service Path Tested on OS: Microsoft Windows 10 Pro x64 Step to discover Unquoted Service Path: C:\wmic...
WordPress Filterable Portfolio Gallery 1.0 Plugin - (title) XSS Vulnerability
Exploit Title: WordPress Plugin Filterable Portfolio Gallery 1.0 - 'title' Stored Cross-Site Scripting XSS Exploit Author: Murat DEMIRCI @butterflyhunt3r Vendor Homepage: http://www.filterable-portfolio.com/ Software Link: https://wordpress.org/plugins/fg-gallery/ Version: 1.0 Tested on : Windows...
ManageEngine Desktop Central Java Deserialization Exploit
This Metasploit module exploits a Java deserialization vulnerability in the getChartImage method from the FileStorage class within ManageEngine Desktop Central versions below 10.0.474. Tested against 10.0.465 x64. This module requires Metasploit: https://metasploit.com/download Current source:...
Integard Pro NoJs 2.2.0.9026 - Remote Buffer Overflow Exploit
Exploit Title: Integard Pro NoJs 2.2.0.9026 - Remote Buffer Overflow Exploit Author: purpl3f0xsecur1ty Vendor Homepage: https://www.tucows.com/ Software Link: http://www.tucows.com/preview/519612/Integard-Home Version: Pro 2.2.0.9026 / Home 2.0.0.9021 Tested on: Windows XP / Win7 / Win10 CVE:...
Microsoft Windows - BlueKeep RDP Remote Windows Kernel Use After Free Exploit
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework Exploitation and Caveats from zerosum0x0: 1. Register with channel MST120 and others such as RDPDR/RDPSND nominally. 2. Perform a full RDP handshake, I like to wait for...
Dnsmasq < 2.78 - Information Leak Exploit
Exploit for multiple platform in category dos / poc ''' Sources: https://raw.githubusercontent.com/google/security-research-pocs/master/vulnerabilities/dnsmasq/CVE-2017-14494.py https://security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html Sadly, there are no easy docker setup...
Splunk 9.0.4 - Information Disclosure Vulnerability
Exploit Title: Splunk 9.0.4 - Information Disclosure Date: 2023-09-18 Exploit Author: Parsa rezaie khiabanloo Vendor Homepage: https://www.splunk.com/ Version: 9.0.4 Tested on: Windows OS Splunk through 9.0.4 allows information disclosure by appending...
Ultra Mini HTTPd 1.21 Denial Of Service Exploit
Exploit Title: Ultra Mini HTTPd 1.21 - Denial of Service DoS Discovery by: Fernando Mengali Vendor Homepage: https://acme.com/ Software Link: https://acme.com/ Notification vendor: Yes reported Tested Version: Ultra Mini HTTPd 1.21 Tested on: Window XP Professional - Service Pack 2 and 3 - Englis...
Splunk Enterprise Account Takeover Exploit
Splunk Enterprise versions below 9.0.5, 8.2.11, and 8.1.14 allows low-privileged users who hold a role with edituser capability assigned to it the ability to escalate their privileges to that of the admin user by providing specially crafted web requests...
Microsoft Outlook Remote Code Execution 0day Exploit
Microsoft Outlook Remote Code Execution 0day Exploit - zero-click exploit leading to remote code execution when receiving/downloading emails in Outlook, without requiring any user interaction such as reading the malicious email message or opening an attachment...
Zoho ManageEngine ServiceDesk Plus 14003 Remote Code Execution Exploit
This Metasploit module exploits an unauthenticated remote code execution vulnerability that affects Zoho ManageEngine ServiceDesk Plus versions 14003 and below CVE-2022-47966. Due to a dependency to an outdated library Apache Santuario version 1.4.1, it is possible to execute arbitrary code by...
WordPress Robo Gallery 3.2.1 plugin - Bypass POST comment approvement Vulnerability
Title: WordPress 6.0 - Bypass POST comment approvement Robo Gallery 3.2.1 Author: nu11secur1ty Vendor: https://wordpress.org/ Software: https://wordpress.org/plugins/robo-gallery/ Reference: https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/WordPress/2022/RoboGallery Description:...
Fruits-Bazar 2021 1.0 SQL Injection Vulnerability
Title: Fruits-Bazar 2021 v1.0 SQLi Author: nu11secur1ty Vendor: https://github.com/creativesaiful Software: https://github.com/creativesaiful/Ecommerce-project-with-php-and-mysqli-Fruits-Bazar- Reference:...
Spring4Shell Spring Framework Class Property Remote Code Execution Exploit
Spring Framework versions 5.3.0 to 5.3.17, 5.2.0 to 5.2.19, and older versions when running on JDK 9 or above and specifically packaged as a traditional WAR and deployed in a standalone Tomcat instance are vulnerable to remote code execution due to an unsafe data binding used to populate an objec...
SB Admin Cross Site Request Forgery / SQL Injection Vulnerabilities
Credits & Authors: ================== Taurus Omar - @TaurusOmar email protected taurusomar.com Document Title: =============== SB Admin Bootstrap CSRF / Sqli Vulnerability / Bypasss Login Access Severity Level: =============== High Google & Bing Dorks =================== intitle:SB Admin - login...
Webrun 3.6.0.42 - (P_0) SQL Injection Vulnerability
Exploit Title: Webrun 3.6.0.42 - 'P0' SQL Injection Google Dork: intitle:"Webrun 3.6.0.42" Exploit Author: Vinicius Alves Vendor Homepage: https://softwell.com.br/ Version: 3.6.0.42 Tested on: Kali Linux 2021.3 =-=-=-= Description =-=-=-= Webrun version 3.6.0.42 is vulnerable to SQL Injection,...
WeBid 1.0.6 SQL Injection Vulnerability
WeBid version 1.0.6 suffers from a remote SQL injection vulnerability. Exploit Title: WeBid 1.0.6 SQL Injection Vulnerability Google Dork: "Powered by WeBid" Exploit Author: Life Wasted Vendor Homepage: http://www.webidsupport.com/ Version: Tested on 1.0.6, but could affect other version Tested O...
Sourcegraph gitserver sshCommand Remote Command Execution Exploit
A vulnerability exists within Sourcegraph's gitserver component that allows a remote attacker to execute arbitrary OS commands by modifying the core.sshCommand value within the git configuration. This command can then be triggered on demand by executing a git push operation. The vulnerability was...
Tokheim Profleet DiaLOG Fuel Management System 11.005.02 SQLi / Code Execution Vulnerabilities
Tokheim Profleet DiaLOG Fuel Management System version 11.005.02 suffers from a remote SQL injection vulnerability that can allow for remote code execution. Exploit Title: Tokheim Profleet DiaLOG Fuel Management System 11.005.02 - SQLi Unauthenticated Exploit Author: golem445 Vendor Homepage:...
PuneethReddyHC Online Shopping System Advanced 1.0 SQL Injection Vulnerability
PuneethReddyHC Online Shopping System Advanced version 1.0 suffers from a remote SQL injection vulnerability. CVE-2021-41648 CVE-2021-41648 SQL Injection in online-shopping-system The online-shopping-system is vulnerable to un-authenticated error/boolean-based blind & error based SQL Injection...
Online Traffic Offense Management System 1.0 - Multiple XSS Vulnerability
Exploit Title: Online Traffic Offense Management System 1.0 - Multiple XSS Unauthenticated Exploit Author: Hubert Wojciechowski Contact Author: email protected Vendor Homepage: https://www.sourcecodester.com Software Link:...
Company's Recruitment Management System SQL Injection Vulneraility
Company's Recruitment Management System in PHP and SQLite Free Source Code suffers from a remote SQL injection vulnerability. Company's Recruitment Management System SQL Injection Vulneraility Description of vulnerability: The Company's Recruitment Management System by: oretnom23 in id=2 of the...
gnuboard 4 Remote Upload Vulnerability
Exploit for php platform in category web applications ====================================== gnuboard 4 Remote Upload Vulnerability ====================================== 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/...
emuCMS 0.3 (cat_id) Remote SQL Injection Vulnerability
Exploit for unknown platform in category web applications ====================================================== emuCMS 0.3 catid Remote SQL Injection Vulnerability ====================================================== Dork : Powered by emuCMS exploit :...
Smart School 6.4.1 - SQL Injection Vulnerability
Exploit Title: Smart School 6.4.1 - SQL Injection Exploit Author: CraCkEr Vendor: QDocs - qdocs.net Vendor Homepage: https://smart-school.in/ Software Link: https://demo.smart-school.in/ Tested on: Windows 10 Pro Impact: Database Access CVE: CVE-2023-5495 CWE: CWE-89 - CWE-74 - CWE-707 Greetings...
Artica Proxy 4.50 Unauthenticated PHP Deserialization Vulnerability
The Artica Proxy administrative web application will deserialize arbitrary PHP objects supplied by unauthenticated users and subsequently enable code execution as the www-data user. Version 4.50 is affected. Title: Artica Proxy Unauthenticated PHP Deserialization Vulnerability Advisory ID:...
WordPress Backup Migration 1.3.7 Remote Command Execution Exploit
This Metasploit module exploits an unauthenticated remote command execution vulnerability in WordPress Backup Migration plugin versions 1.3.7 and below. The vulnerability is exploitable through the Content-Dir header which is sent to the /wp-content/plugins/backup-backup/includes/backup-heart.php...
ARM Mali r44p0 Use-After-Free Exploit
Arm Mali r44p0: UAF by freeing waitqueue with elements on it In Mali r44p0, it became possible to free the kbasecontext of a kbasefile while still having a file pointing to the kbasefile. This is supposed to be safe because of the kfile-fopscount and kfile-mapcount checks. However, kbasepoll will...
ERPGo SaaS 3.9 - CSV Injection Vulnerability
Exploit Title: ERPGo SaaS 3.9 - CSV Injection Exploit Author: Sajibe Kanti Vendor Name: RajodiyaInfotech Vendor Homepage: https://rajodiya.com/ Software Link: https://codecanyon.net/item/erpgo-saas-all-in-one-business-erp-with-project-account-hrm-crm-pos/33263426 Version: 3.9 Tested on: Windows &...
TLR-2005KSH - Arbitrary File Upload Vulnerability
Exploit Title: TLR-2005KSH - Arbitrary File Upload Shodan Dork: title:"Login to TLR-2021" Exploit Author: Ahmed Alroky Author Company : Aiactive Version: 1.0.0 Vendor home page : http://telesquare.co.kr/ Authentication Required: No Tested on: Windows CVE: CVE-2021-45428 Vulnerability Description...
LiquidFiles 3.5.13 Privilege Escalation Vulnerability
=============================================================================== title: LiquidFiles Privilege Escalation product: LiquidFiles v3.5.13 vulnerability type: Privilege Escalation severity: Medium CVSSv3 score: 6.7 CVSSv3 vector: AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L found: 2021-10-29 by:...
Linux/x86 - execve /bin/sh Shellcode (20 bytes)
/ Linux/x86 - execve /bin/sh shellcode 20 bytes Author: Rajvardhan Tested on: i686 GNU/Linux Shellcode Length: 20 Disassembly of section .text: 08049000 : 8049000: 31 c9 xor %ecx,%ecx 8049002: 6a 0b push $0xb 8049004: 58 pop %eax 8049005: 51 push %ecx 8049006: 68 2f 2f 73 68 push $0x68732f2f...
Android 4.2 Browser and WebView - addJavascriptInterface Code Execution Exploit
Exploit for Android platform in category local exploits This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' require 'msf/core/exploit/android' class MetasploitModule OperatingSystems::Match::ANDROID, :ar...
Daily Habit Tracker 1.0 - Stored Cross-Site Scripting Vulnerability
Exploit Title: Daily Habit Tracker 1.0 - Stored Cross-Site Scripting XSS Exploit Author: Yevhenii Butenko Vendor Homepage: https://www.sourcecodester.com Software Link: https://www.sourcecodester.com/php/17118/daily-habit-tracker-using-php-and-mysql-source-code.html Version: 1.0 Tested on: Debian...
Progress Software WS_FTP Unauthenticated Remote Code Execution Exploit
This Metasploit module exploits an unsafe .NET deserialization vulnerability to achieve unauthenticated remote code execution against a vulnerable WSFTP server running the Ad Hoc Transfer module. All versions of WSFTP Server prior to 2020.0.4 version 8.7.4 and 2022.0.2 version 8.8.2 are vulnerabl...
WordPress Newsletter 7.8.9 Cross Site Scripting Vulnerability
Vulnerability Summary from Wordfence Intelligence Description: Newsletter = 7.8.9 – Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode Affected Plugin: Newsletter – Send awesome emails from WordPress Plugin Slug: newsletter Affected Versions: = 7.8.9 CVE ID: CVE-2023-4772 CVSS...
Wondershare Filmora 12.2.9.2233 - Unquoted Service Path Vulnerability
Exploit Title: Wondershare Filmora 12.2.9.2233 - Unquoted Service Path Exploit Author: msd0pe Vendor Homepage: https://www.wondershare.com My Github: https://github.com/msd0pe-1 Wondershare Filmora: Versions = wmic service get name,pathname,displayname,startmode | findstr /i auto | findstr /i /v...
Linux/x86_64 - sudo enumeration Shellcode (245 bytes)
sudo vulnerability enumeration shellcode / sudo vulnerability enumeration shellcode xordynamic - Linux/x8664 Author : Kağan Çapar contact: email protected shellcode len : 245 bytes compilation: gcc -fno-stack-protector -z execstack .c -o "disasssemble only main." 0000000000001179 : 1179: 55 push...
Wipro Holmes Orchestrator 20.4.1 Report Disclosure Vulnerability
Exploit Title: Wipro Holmes Orchestrator 20.4.1 Unauthenticated Excel Report Download Exploit Author: Rizal Muhammed @ub3rsick Vendor Homepage: https://www.wipro.com/holmes/ Version: 20.4.1 Tested on: Windows 10 x64 CVE : CVE-2021-38147 In the Wipro Holmes Orchestrator 20.4.1 application, if at...