39001 matches found
Daily Habit Tracker 1.0 - Stored Cross-Site Scripting Vulnerability
Exploit Title: Daily Habit Tracker 1.0 - Stored Cross-Site Scripting XSS Exploit Author: Yevhenii Butenko Vendor Homepage: https://www.sourcecodester.com Software Link: https://www.sourcecodester.com/php/17118/daily-habit-tracker-using-php-and-mysql-source-code.html Version: 1.0 Tested on: Debian...
JFrog Artifactory < 7.25.4 - Blind SQL Injection Exploit
Exploit Title: artifactory low-privileged blind sql injection Exploit Author: ardr Vendor Homepage:https://jfrog.com/help/r/jfrog-release-information/cve-2021-3860-artifactory-low-privileged-blind-sql-injection Software Link:...
Milesight UR5X / UR32L / UR32 / UR35 / UR41 Credential Leakage Exploit
Milesight IoT router versions UR5X, UR32L, UR32, UR35, and UR41 suffer from a credential leaking vulnerability due to unprotected system logs and weak password encryption. !/usr/bin/env python3 -- coding: utf-8 -- """ Title: Credential Leakage Through Unprotected System Logs and Weak Password...
WordPress AI ChatBot 4.8.9 SQL Injection / Traversal / File Deletion Vulnerabilities
Vulnerability Details and Technical Analysis The AI ChatBot plugin provides website owners with a plug and play chat solution that can be expanded upon with customizable FAQs and custom text responses. It provides website users with an interface that allows them to look up order information, leav...
WordPress Real Estate 7 Theme 3.3.4 Cross Site Request Forgery Vulnerability
WordPress Real Estate 7 Theme versions 3.3.4 and below suffer from multiple cross site request forgery vulnerabilities. ==== Z://USB-00RESEARCH/WORDPRESS/ ============================================= 2023 == Report Title: WordPress Real Estate 7 Theme = 3.3.4 - Multiple Cross-Site Request Forger...
TLR-2005KSH - Arbitrary File Upload Vulnerability
Exploit Title: TLR-2005KSH - Arbitrary File Upload Shodan Dork: title:"Login to TLR-2021" Exploit Author: Ahmed Alroky Author Company : Aiactive Version: 1.0.0 Vendor home page : http://telesquare.co.kr/ Authentication Required: No Tested on: Windows CVE: CVE-2021-45428 Vulnerability Description...
Reprise License Manager 14.2 Cross Site Scripting / Information Disclosure Vulnerabilities
Multiple Vulnerabilities in Reprise License Manager 14.2 Credit: Giulia Melotti Garibaldi ////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// Product:...
Kmaleon 1.1.0.205 - (tipocomb) SQL Injection Vulnerability
Exploit Title: Kmaleon 1.1.0.205 - 'tipocomb' SQL Injection Authenticated Google Dork: intitle: "Inicio de Sesión - Kmaleon" Exploit Author: Amel BOUZIANE-LEBLOND Vendor Homepage: https://www.levelprograms.com Software Link: https://www.levelprograms.com/kmaleon-abogados/ Version: v1.1.0.205 Test...
HoMaP-CMS 0.1 (index.php go) SQL Injection Vulnerability
Exploit for unknown platform in category web applications ======================================================== HoMaP-CMS 0.1 index.php go SQL Injection Vulnerability ======================================================== Exploit Title: HoMaP-CMS 0.1 index.php go SQL Injection Vulnerability...
Advaced-Clan-Script <= 3.4 (mcf.php) Remote File Include Vulnerability
Exploit for unknown platform in category web applications ====================================================================== Advaced-Clan-Script / // | | Y \ //\ \ | || / / / / discovered by xdh Critical Level: Dangerous Class: Remote File Inclusion Venedor site: http://avc.x.philipwette.de/...
Wondershare Filmora 12.2.9.2233 - Unquoted Service Path Vulnerability
Exploit Title: Wondershare Filmora 12.2.9.2233 - Unquoted Service Path Exploit Author: msd0pe Vendor Homepage: https://www.wondershare.com My Github: https://github.com/msd0pe-1 Wondershare Filmora: Versions = wmic service get name,pathname,displayname,startmode | findstr /i auto | findstr /i /v...
Joomla! v4.2.8 - Unauthenticated information disclosure Exploit
!/usr/bin/env ruby Exploit Title: Joomla! v4.2.8 - Unauthenticated information disclosure Exploit author: noraj Alexandre ZANNI for ACCEIS https://www.acceis.fr Author website: https://pwn.by/noraj/ Exploit source: https://github.com/Acceis/exploit-CVE-2023-23752 Date: 2023-03-24 Vendor Homepage:...
Oracle DB Broken PDB Isolation / Metadata Exposure Vulnerability
Proof of concept details for Oracle database versions 12.1.0.2, 12.2.0.1, 18c, and 19c that had a PDB isolation vulnerability allowing viewing of metadata for a different database within the same container. Title: CVE-2021-2173 – PDB Isolation is broken through metadata exposure Product: Database...
AbsoluteTelnet 11.24 - (Username) Denial of Service Exploit
Exploit Title: AbsoluteTelnet 11.24 - 'Username' Denial of Service PoC Discovered by: Yehia Elghaly Vendor Homepage: https://www.celestialsoftware.net/ Software Link: https://www.celestialsoftware.net/telnet/AbsoluteTelnet32.11.24.exe Tested Version: 11.24 Vulnerability Type: Denial of Service Do...
Getsup 3.1.45 - Multiple XSS Vulnerability
Usage Info Multiple XSS - Getsup ticketing - XSS 1 : Connect to panel Getsup, Go to yours tickets - All states - Paste your payload on "Number" or "Title" form and press Enter for execute - XSS 2 : Connect to panel Getsup, Go to All tickets - All states - Paste your payload on "Number" or "Title"...
Website Baker <= 2.6.0 Login Bypass / Remote Code Execution Exploit
Exploit for unknown platform in category web applications =================================================================== Website Baker this works with magicquotesgpc off usage: launch from Apache, fill in requested fields, then go! Sun Tzu: "The control of a large force is the same principle...
Sitecore - Remote Code Execution v8.2 Exploit
!/usr/bin/env python3 Exploit Title: Sitecore - Remote Code Execution v8.2 Exploit Author: abhishek morla Google Dork: N/A Date: 2024-01-08 Vendor Homepage: https://www.sitecore.com/ Software Link: https://dev.sitecore.net/ Version: 10.3 Tested on: windows64bit / mozila firefox CVE : CVE-2023-358...
IBM i Access Client Solutions Remote Credential Theft Vulnerability
IBM i Access Client Solutions ACS versions 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.4 suffer from a remote credential theft vulnerability. + Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source:...
Webedition CMS v2.9.8.8 - Remote Code Execution Exploit
Exploit Title: Webedition CMS v2.9.8.8 - Remote Code Execution RCE Application: webedition Cms Version: v2.9.8.8 Bugs: RCE Technology: PHP Vendor URL: https://www.webedition.org/ Software Link: https://download.webedition.org/releases/OnlineInstaller.tgz?p=1 Date of found: 03.08.2023 Author:...
Simmeth System GmbH Supplier Manager LFI / SQL Injection / Bypass Vulnerabilities
Simmeth System GmbH Supplier Manager Lieferantenmanager versions prior to 5.6 suffer from authentication bypass, code execution, cross site scripting, information leakage, remote SQL injection, and various other vulnerabilities...
VMware Workspace ONE Access Privilege Escalation Exploit
VMware Workspace ONE Access contains a vulnerability whereby the horizon user can escalate their privileges to those of the root user by modifying a file and then restarting the vmware-certproxy service which invokes it. The service control is permitted via the sudo configuration without a...
Musical World 1 Shell Upload Exploit
Musical-World-Unrestricted-File-Upload-RCE-POC Author: D4rkP0w4r Note Login to client. don't need login to admin Description Upload web shell at UploadedSongs Step to Reproduct Login to user - TRACK - UploadedSongs - Choose File - UPLOAD - access /songs/uploadedsongs/shell.php Exploit When upload...
Sports Complex Booking System 1.0 SQL Injection Vulnerability
Sports Complex Booking System version 1.0 suffers from a remote blind SQL injection vulnerability that can be used to escalate privileges and execute code. Title: Sports Complex Booking System 1.0 Blind SQLi To Rce Author: Hejap Zairy Vendor:...
Wipro Holmes Orchestrator 20.4.1 Arbitrary File Download Exploit
Exploit Title: Wipro Holmes Orchestrator 20.4.1 Unauthenticated Arbitrary File Read PoC Exploit Author: Rizal Muhammed @ub3rsick Vendor Homepage: https://www.wipro.com/holmes/ Version: 20.4.1 Tested on: Windows 10 x64 CVE : CVE-2021-38146 import requests as rq import argparse port = 8001 change...
MAMP PRO 4.2.0 Local Privilege Escalation Vulnerability
Exploit Title: MAMP PRO 4.2.0 Local Privilege Escalation Exploit Author: b1nary Vendor Homepage: https://www.mamp.info/ Software Link: https://downloads.mamp.info/MAMP-PRO-WINDOWS/releases/4.2.0/MAMPMAMPPRO4.2.0.exe Version: 4.2.0 Tested on: Windows 10 Pro x64 Version 10.0.19041 MAMPPRO Windows...
logrotten 3.15.1 - Privilege Escalation Exploit
Exploit Title: logrotten 3.15.1 - Privilege Escalation Exploit Author: Wolfgang Hotwagner Vendor Homepage: https://github.com/logrotate/logrotate Software Link: https://github.com/logrotate/logrotate/releases/tag/3.15.1 Version: all versions through 3.15.1 Tested on: Debian GNU/Linux 9.5 stretch...
CloudMe Sync 1.11.0 - Buffer Overflow (SEH) (DEP Bypass) Exploit
Exploit for windows platform in category remote exploits Author: Juan Prescotto Tested Against: Win7 Pro SP1 64 bit Software Download: https://www.cloudme.com/downloads/CloudMe1109.exe Tested Against Version: 1.10.9 Special Thanks to my wife for allowing me spend countless hours on this passion o...
CCBILL CGI Remote Exploit for whereami.cgi (ccbillx.c)
Exploit for cgi platform in category web applications ====================================================== CCBILL CGI Remote Exploit for whereami.cgi ccbillx.c ====================================================== / ===================================== CCBILL CGI Remote Exploit for...
elFinder Web file manager Version - 2.1.53 Remote Command Execution Vulnerability
Exploit Title: elFinder Web file manager Version: 2.1.53 Remote Command Execution Exploit Author: tmrswrr Google Dork: intitle:"elFinder 2.1.53" Vendor Homepage: https://studio-42.github.io/elFinder/ Software Link: https://github.com/Studio-42/elFinder/archive/refs/tags/2.1.53.zip Version: 2.1.53...
mooSocial 3.1.8 - Cross-Site Scripting (XSS) on User Login Page Vulnerability
Exploit Title: mooSocial 3.1.8 - Cross-Site Scripting XSS on User Login Page Exploit Author: Astik Rawat ahrixia Vendor Homepage: https://moosocial.com Software Link: https://travel.moosocial.com/ Version: 3.1.8 Tested on: Windows 11 CVE : CVE-2023-43325 Description: A Cross Site Scripting XSS...
OpenSMTPD Out-Of-Bounds Read / Local Privilege Escalation Exploit
This Metasploit module exploits an out-of-bounds read of an attacker-controlled string in OpenSMTPD's MTA implementation to execute a command as the root or nobody user, depending on the kind of grammar OpenSMTPD uses. This module requires Metasploit: https://metasploit.com/download Current sourc...
Apache 2.2 - Scoreboard Invalid Free On Shutdown Vulnerability
Exploit for linux platform in category dos / poc Source: http://www.halfdog.net/Security/2011/ApacheScoreboardInvalidFreeOnShutdown/ Introduction Apache 2.2 webservers may use a shared memory segment to share child process status information scoreboard between the child processes and the parent...
Daily Habit Tracker 1.0 - Broken Access Control Vulnerability
Exploit Title: Daily Habit Tracker 1.0 - Broken Access Control Exploit Author: Yevhenii Butenko Vendor Homepage: https://www.sourcecodester.com Software Link: https://www.sourcecodester.com/php/17118/daily-habit-tracker-using-php-and-mysql-source-code.html Version: 1.0 Tested on: Debian CVE :...
PostgreSQL 9.6.1 - Remote Code Execution (Authenticated) Exploit
Exploit Title: PostgreSQL 9.6.1 - Remote Code Execution RCE Authenticated Exploit Author: Paulo Trindade @paulotrindadec, Bruno Stabelini @Bruno Stabelini, Diego Farias @fulcrum and Weslley Shaimon Github: https://github.com/paulotrindadec/CVE-2019-9193 Version: PostgreSQL 9.6.1 on...
wolfSSL 5.5.0 Session Resumption Denial Of Service Vulnerability
wolfSSL versions prior to 5.5.0 suffer from a denial of service condition related to session resumption. When a TLS 1.3 client connects to a wolfSSL server and SSLclear is called on its session, the server crashes with a segmentation fault. The bug occurs after a client performs a handshake again...
TypeORM 0.3.7 Information Disclosure Vulnerability
I found what I think is a vulnerability in the latest typeorm 0.3.7. TypeORM v0.3 has a new findOneBy method instead of findOneById and it is the only way to get a record by id Sending undefined as a value in this method removes this parameter from the query. This leads to the data exposure. For...
Pentaho Business Analytics / Pentaho Business Server 9.1 Insufficient Access Control Vulnerability
Pentaho implements a series of web services using the SOAP protocol to allow scripting interaction with the backend server. While most of the interfaces correctly implement ACL, the Data Source Management Service located at /pentaho/webservices/datasourceMgmtService allows low-privilege...
Apache James Server 2.3.2 - Remote Command Execution (Authenticated) Exploit (2)
Exploit Title: Apache James Server 2.3.2 - Remote Command Execution RCE Authenticated 2 Exploit Author: shinris3n Vendor Homepage: http://james.apache.org/server/ Software Link: http://ftp.ps.pl/pub/apache/james/server/apache-james-2.3.2.zip Version: Apache James Server 2.3.2 Tested on: Ubuntu...
WordPress 5.0.0 crop-image Shell Upload Exploit
This Metasploit module exploits a path traversal and a local file inclusion vulnerability on WordPress versions 5.0.0 and versions below or equal to 4.9.8. The crop-image function allows a user, with at least author privileges, to resize an image and perform a path traversal by changing the...
ImageMagick 6.9.3-9 / 7.0.1-0 - Multiple Vulnerabilities (ImageTragick)
Exploit for multiple platform in category dos / poc Nikolay Ermishkin from the Mail.Ru Security Team discovered several vulnerabilities in ImageMagick. We've reported these issues to developers of ImageMagick and they made a fix for RCE in sources and released new version 6.9.3-9 released...
Jcow 7.1.2 XSS/FPD Vulnerabilities
Exploit for php platform in category web applications 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /' \ /\ //\ Exploit database separated by exploit 0 0 // type local, remote, DoS, etc. 1 1 1 0 +...
Microsoft SharePoint Server 2019 - Remote Code Execution Exploit
Exploit for asp platform in category web applications Exploit Title: Microsoft SharePoint Server 2019 - Remote Code Execution Google Dork: inurl:quicklinks.aspx Date: 2020-08-14 Exploit Author: West Shepherd Vendor Homepage: https://www.microsoft.com Version: SharePoint Enterprise Server 2013...
UCM6202 1.0.18.13 - Remote Command Injection Exploit
Exploit for hardware platform in category web applications Exploit Title: UCM6202 1.0.18.13 - Remote Command Injection Exploit Author: Jacob Baines Vendor: http://www.grandstream.com Product Link: http://www.grandstream.com/products/ip-pbxs/ucm-series-ip-pbxs/product/ucm6200-series Tested on:...
XNU Kernel iOS / macOS heap buffer overflow Exploit
The vulnerability is a heap buffer overflow in the networking code in the XNU operating system kernel. XNU is used by both iOS and macOS, which is why iPhones, iPads, and Macbooks are all affected. My exploit PoC just overwrites the heap with garbage, which causes an immediate kernel crash and...
MySQL / MariaDB / PerconaDB - 'mysql' System User Privilege Escalation / Race Condition
Exploit for linux platform in category local exploits ============================================= - Release date: 01.11.2016 - Discovered by: Dawid Golunski - Severity: Critical - CVE-2016-6663 / OCVE-2016-5616 - http://legalhackers.com ============================================= I...
AllMyLinks 0.5 (Auth Bypass) SQL Injection Vulnerability
Exploit for php platform in category web applications ----------exploit Debut Auth Bypass SQL Injection Vulnerability ----------Script Info Author : JIKO ----------Script Info Site : http://www.voice-of-web.de/c-AllMyLinks-s37.html Version : 0.5.0 Download :...
Ovidentia 7.9.4 - Multiple Vulnerabilities
Input passed via several parameters is not properly sanitized before being returned to the user or used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code and HTML/script code in a user's browser session in context of an affected site...
Penglead 2.0 Multiple SQL injection Vulnerabilities
Title: PENGLEAD-2.0 Multiple-SQLi Author: nu11secur1ty Vendor: https://www.mayurik.com/ Software: https://www.mayurik.com/source-code/P2760/lead-management-system-in-php-free-download Reference: https://portswigger.net/web-security/sql-injection Description: The username parameter appears to be...
Nortek Linear eMerge E3-Series Command Injection Vulnerability
Exploit Title: Nortek Linear eMerge E3-Series - Blind OS Command Injection Exploit Author: Omar Hashim Version: 0.32-09c Vendor home page: https://www.nortekcontrol.com/access-control/ Vendor home page: https://linear-solutions.com/ Authentication Required: No CVE: CVE-2022-31499 POC:...
TP-Link Router AX50 firmware 210730 - Remote Code Execution (Authenticated) Exploit
Exploit Title: TP-Link Router AX50 firmware 210730 - Remote Code Execution RCE Authenticated Exploit Author: Tomas Melicher Technical Details: https://github.com/aaronsvk/CVE-2022-30075 Vendor Homepage: https://www.tp-link.com/ Tested On: Tp-Link Archer AX50 Vulnerability Description: Remote Code...