39001 matches found
Mitsubishi Electric & INEA SmartRTU - Reflected Cross-Site Scripting Vulnerability
Exploit Title: Mitsubishi Electric & INEA SmartRTU - Reflected Cross-Site Scripting XSS Exploit Author: Hamit CİBO Vendor Homepage: https://www.inea.si Software Link: https://www.inea.si/telemetrija-in-m2m-produkti/mertu/ Version: ME RTU Tested on: Windows CVE : CVE-2018-16061 PoC Request POST...
Ovidentia 7.9.4 - Multiple Vulnerabilities
Input passed via several parameters is not properly sanitized before being returned to the user or used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code and HTML/script code in a user's browser session in context of an affected site...
SolarWinds Platform 2024.1 SR1 - Race Condition Expoit
Exploit Title: SolarWinds Platform 2024.1 SR1 - Race Condition CVE: CVE-2024-28999 Affected Versions: SolarWinds Platform 2024.1 SR 1 and previous versions Author: Elhussain Fathy, AKA 0xSphinx import requests import urllib3 import asyncio import aiohttp...
comments-like-dislike < 1.2.0 - Authenticated (Subscriber+) Plugin Setting Reset Exploit
Exploit Title: POC-CVE-2023-3244 Exploit Author: Diaa Hanna Software Link: download link if available Version: = 1.2.0 comments-like-dislike Tested on: 1.1.6 comments-like-dislike CVE : CVE-2023-3244 References https://nvd.nist.gov/vuln/detail/CVE-2023-3244 The Comments Like Dislike plugin for...
OpenCart 3.x So Filter Shop By SQL Injection Vulnerability
Exploit Title: OpenCart v3.x So Filter Shop By - Blind SQL Injection Exploit Author: Saud Alenazi Vendor Homepage: https://www.opencart.com/ Software Link: https://codecanyon.net/item/so-filter-shop-by-responsive-opencart-module/13945633 Version: V3.X Tested on: XAMPP, Linux Contact:...
Microsoft Windows .Reg File - Dialog Spoof / Mitigation Bypass Vulnerability
Exploit Title: Microsoft Windows .Reg File - Dialog Spoof / Mitigation Bypass Exploit Author: John Page aka hyp3rlinx Website: hyp3rlinx.altervista.org Source: http://hyp3rlinx.altervista.org/advisories/MICROSOFTWINDOWSREGFILEDIALOGSPOOFMITIGATIONBYPASS.txt twitter.com/hyp3rlinx ISR: ApparitionSe...
Online Event Booking and Reservation System 1.0 - (reason) Stored Cross-Site Scripting Vulnerability
Exploit Title: Online Event Booking and Reservation System 1.0 - 'reason' Stored Cross-Site Scripting XSS Exploit Author: Alon Leviev Category: Web application Vendor Homepage: https://www.sourcecodester.com/php/14241/online-event-booking-and-reservation-system-phpmysql.html Software Link:...
PassFab Excel Password Recovery 8.3.1 - SEH Local Exploit
Exploit for windows platform in category local exploits Exploit Title: PassFab Excel Password Recovery SEH Local Exploit Vendor Homepage:https://www.passfab.com/products/excel-password-recovery.html Software Link: https://www.passfab.com/downloads/passfab-excel-password-recovery.exe Exploit Autho...
Microsoft Azure Subdomain Scanner / Enumerator Exploit
This is a Metasploit module for enumerating public Azure services by validating legitimate subdomains through various DNS record queries. This cloud reconnaissance module rapidly identifies API services, storage accounts, key vaults, databases, and more! Background: Microsoft makes use of a numbe...
Emagic Data Center Management Suite v6.0 - OS Command Injection Exploit
!/bin/bash Exploit Title: Emagic Data Center Management Suite v6.0 - OS Command Injection Exploit Author: Shubham Pandey & thewhiteh4t Vendor Homepage: https://www.esds.co.in/enlight360 Version: 6.0.0 Tested on: Kali Linux CVE : CVE-2023-37569 URL=$1 LHOST=$2 LPORT=$3 echo "" echo " ESDS eMagic...
Control Web Panel Unauthenticated Remote Command Execution Exploit
Control Web Panel versions prior to 0.9.8.1147 are vulnerable to unauthenticated OS command injection. Successful exploitation results in code execution as the root user. The results of the command are not contained within the HTTP response and the request will block while the command is running...
AeroCMS v0.0.1 SQL injection Vulnerability
Title: AeroCMS-v0.0.1 SQLi Author: nu11secur1ty Vendor: https://github.com/MegaTKC Software: https://github.com/MegaTKC/AeroCMS/releases/tag/v0.0.1 Reference: https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/MegaTKC/2021/AeroCMS-v0.0.1-SQLi Description: The author parameter from...
WordPress SiteGround Security 1.2.5 Authentication Bypass Vulnerability
WordPress SiteGround Security plugin versions 1.2.5 and below suffer from an authentication bypass vulnerability as well as an authorization weakness in versions 1.2.4 and below. Description: Authentication Bypass via 2-Factor Authentication Setup Affected Plugin: SiteGround Security Plugin Slug:...
Servisnet Tessa - Add sysAdmin User (Unauthenticated) Exploit
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Servisnet Tessa - Add sysAdmin User Unauthenticated Metasploit', 'Description' = %q This module exploits an authentication bypass in Servisnet...
Xlight FTP 3.9.3.1 - Buffer Overflow Exploit
Exploit Title: Xlight FTP 3.9.3.1 - 'Buffer Overflow' PoC Discovered by: Yehia Elghaly Vendor Homepage: https://www.xlightftpd.com/ Software Link: https://www.xlightftpd.com/download/setup.exe Tested Version: 3.9.3.1 Vulnerability Type: Buffer Overflow Local Tested on OS: Windows XP SP3 - Windows...
Microsoft Windows 7 build 7601 (x86) - Local Privilege Escalation Exploit
Exploit for windows platform in category local exploits include include / EDB Note: Download https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/47176.zip / / PREPROCESSOR DEFINITIONS / define MNSELECTITEM 0x1E5 define MNSELECTFIRSTVALIDITEM 0x1E7 define...
fuelCMS 1.4.1 - Remote Code Execution Exploit
Exploit for linux platform in category web applications Exploit Title: fuelCMS 1.4.1 - Remote Code Execution Exploit Author: 0xd0ff9 Vendor Homepage: https://www.getfuelcms.com/ Software Link: https://github.com/daylightstudio/FUEL-CMS/releases/tag/1.4.1 Version: = 0 and n 1: start =...
Vinchin Backup And Recovery Command Injection Exploit
This Metasploit module exploits a command injection vulnerability in Vinchin Backup & Recovery v5.0., v6.0., v6.7., and v7.0.. Due to insufficient input validation in the checkIpExists API endpoint, an attacker can execute arbitrary commands as the web server user. This module requires Metasploit...
WordPress Medic Theme v1.0.0 - Weak Password Recovery Mechanism for Forgotten Password Exploit
Exploit Title: WordPress Theme Medic v1.0.0 - Weak Password Recovery Mechanism for Forgotten Password Dork: inurl:/wp-includes/class-wp-query.php Exploit Author: Amirhossein Bahramizadeh Category : Webapps Vendor Homepage:...
Inbit Messenger v4.9.0 - Unauthenticated Remote Command Execution Exploit
Exploit Title: Inbit Messenger v4.9.0 - Unauthenticated Remote Command Execution RCE Exploit Author: a-rey Vendor Homepage: http://www.inbit.com/support.html Software Link: http://www.softsea.com/review/Inbit-Messenger-Basic-Edition.html Version: v4.6.0 - v4.9.0 Tested on: Windows XP SP3, Windows...
WordPress Duplicator 1.4.7.1 Plugin - Unauthenticated Backup Download Vulnerability
Title: WordPress Plugin Duplicator 1.4.7.1 - Unauthenticated Backup Download Author: nu11secur1ty Vendor: https://wordpress.org/ Software: https://wordpress.org/plugins/duplicator/ Reference:...
Jcow 4.2.0 Blind SQL/XPath injection Vulnerability
Exploit for php platform in category web applications ================================================== Jcow 4.2.0 Blind SQL/XPath injection Vulnerability ================================================== 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\...
WyreStorm Apollo VX20 Credential Disclosure Vulnerability
WyreStorm Apollo VX20 versions prior to 1.3.58 suffer from a cleartext credential disclosure vulnerability when accessing /device/config with an HTTP GET. + Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source:...
Adlisting Classified Ads 2.14.0 - WebPage Content Information Disclosure Vulnerability
Exploit Title: Adlisting Classified Ads 2.14.0 - WebPage Content Information Disclosure Exploit Author: CraCkEr Vendor: Templatecookie Vendor Homepage: https://templatecookie.com/ Software Link: https://templatecookie.com/demo/adlisting-classified-ads-script Version: 2.14.0 Tested on: Windows 10...
STARFACE 7.3.0.10 Broken Authentication Exploit
RedTeam Pentesting discovered that the web interface of STARFACE as well as its REST API allows authentication using the SHA512 hash of the password instead of the cleartext password. While storing password hashes instead of cleartext passwords in an application's database generally has become be...
Nexxt Router Firmware 42.103.1.5095 Remote Code Execution Exploit
Exploit Title: Nexxt Router Firmware 42.103.1.5095 - Remote Code Execution RCE Authenticated Exploit Author: Yerodin Richards Vendor Homepage: https://www.nexxtsolutions.com/ Version: 42.103.1.5095 Tested on: ARN02304U8 CVE : CVE-2022-44149 import requests import base64 routerhost =...
WordPress Kaswara Modern WPBakery Page Builder 3.0.1 File Upload Vulnerability
WordPress Kaswara Modern WPBakery Page Builder plugin versions 3.0.1 and below suffer from an arbitrary file upload vulnerability. Description: Arbitrary File Upload/Deletion and Other Affected Plugin: Kaswara Modern WPBakery Page Builder Addons Plugin Slug: kaswara Affected Versions: = 3.0.1 CVE...
WordPress Pie Register 3.7.1.4 Authentication Bypass / Remote Code Execution Exploit
This Metasploit module uses an authentication bypass vulnerability in Wordpress Pie Register plugin versions 3.7.1.4 and below to generate a valid cookie. With this cookie, hopefully of the admin, it will generate a plugin, pack the payload into it and upload it to a server running WordPress. Thi...
Oracle #Weblogic 10.3.6.0.0 / 12.1.3.0.0 - Remote Code Execution Exploit #RCE
Exploit for windows platform in category web applications !/usr/bin/python Exploit Title: Oracle Weblogic Exploit CVE-2019-2725 Date: 30/04/2019 Exploit Author: Avinash Kumar Thapa Vendor Homepage: https://www.oracle.com/middleware/technologies/weblogic.html Software Link:...
ASUS Aura Sync versions 1.07.22 Driver Privilege Escalation Exploit
Multiple vulnerabilities were found in the GLCKIo and Asusgio drivers installed by ASUS Aura Sync, which could allow a local attacker to elevate privileges. ASUS Aura Sync versions 1.07.22 and below are affected. ASUS Drivers Elevation of Privilege Vulnerabilities 1. Advisory Information Title:...
Magento 2.4.6 XSLT Server Side Injection / Command Execution Vulnerability
Magento version 2.4.6 suffers from an XSLT server side injection vulnerability that allows for remote command execution. Exploit Title: Magento ver. 2.4.6 - XSLT Server Side Injection Exploit Author: tmrswrr Vendor Homepage: https://magento2demo.firebearstudio.com/ Software Link:...
Textpattern 4.8.8 Session Token Disclosure Vulnerability
Textpattern version 4.8.8 logs the session token in a GET request where it may end up getting disclosed in logs or via a referer. Title: textpattern-4.8.8 Session token in URL Vulnerability Author: nu11secur1ty Vendor: https://textpattern.com/ Software:...
Atlassian Jira Server/Data Center 8.16.0 - Arbitrary File Read Vulnerability
Exploit Title: Atlassian Jira Server/Data Center 8.16.0 - Arbitrary File Read Exploit Author: Mayank Deshmukh Vendor Homepage: https://www.atlassian.com/ Software Link: https://www.atlassian.com/software/jira/download/data-center Version: versions 8.5.14, 8.6.0 ≤ version 8.13.6, 8.14.0 ≤ version...
Veyon 4.4.1 - (VeyonService) Unquoted Service Path Vulnerability
Exploit Title: Veyon 4.4.1 - 'VeyonService' Unquoted Service Path Discovery by: Víctor García Vendor Homepage: https://veyon.io/ Software Link: https://github.com/veyon/veyon/releases/download/v4.4.1/veyon-4.4.1.0-win64-setup.exe Tested Version: 4.4.1 Vulnerability Type: Unquoted Service Path...
ElasticSearch Search Groovy Sandbox Bypass Exploit
This Metasploit module exploits a remote command execution RCE vulnerability in ElasticSearch, exploitable by default on ElasticSearch prior to 1.4.3. The bug is found in the REST API, which does not require authentication, where the search function allows groovy code execution and its sandbox ca...
DS Wireless Communication - Remote Code Execution Exploit
Exploit Title: DS Wireless Communication Remote Code Execution Exploit Author: MikeIsAStar Vendor Homepage: https://www.nintendo.com Version: Unknown Tested on: Wii CVE: CVE-2023-45887 """This code will inject arbitrary code into a client's game. You are fully responsible for all activity that...
SPA-Cart eCommerce CMS 1.9.0.3 SQL Injection Vulnerability
Exploit Title: SPA-Cart eCommerce CMS 1.9.0.3 - SQL Injection Exploit Author: CraCkEr Vendor: SPA-Cart Vendor Homepage: https://spa-cart.com/ Software Link: https://demo.spa-cart.com/ Tested on: Windows 10 Pro Impact: Database Access CVE: CVE-2023-4548 CWE: CWE-89 - CWE-74 - CWE-707 Greetings...
Apache Tomcat 10.1 - Denial Of Service Exploit
Exploit Title: Apache Tomcat 10.1 - Denial Of Service Exploit Author: Cristian 'void' Giustini Vendor Homepage: https://tomcat.apache.org/ Software Link: https://tomcat.apache.org/download-10.cgi Version: = 10.1 Tested on: Apache Tomcat 10.0 Docker CVE : CVE-2022-29885 CVE Owner: 4ra1n Exploit...
libxml2 xmlParseNameComplex Integer Overflow Vulnerability
libxml2: Integer overflow in xmlParseNameComplex libxml2 is vulnerable to an integer overflow in xmlParseNameComplex when an attribute list has a very long name name is = 232 characters. static const xmlChar xmlParseNameComplexxmlParserCtxtPtr ctxt int len = 0, l; ... return xmlDictLookupctxt-dic...
WordPress User Meta Lite / Pro 2.4.3 Path Traversal Vulnerability
RCE Security Advisory https://www.rcesecurity.com 1. ADVISORY INFORMATION ======================= Product: User Meta Vendor URL: https://wordpress.org/plugins/user-meta Type: Relative Path Traversal CWE-23 Date found: 2022-02-28 Date published: 2022-05-24 CVSSv3 Score: 4.3...
10-Strike Network Inventory Explorer Pro 9.31 - Buffer Overflow (SEH) Exploit
Exploit Title: 10-Strike Network Inventory Explorer Pro 9.31 - Buffer Overflow SEH Exploit Author: ro0k Vendor Homepage: https://www.10-strike.com/ Software Link: https://www.10-strike.com/networkinventoryexplorer/network-inventory-pro-setup.exe Version: 9.31 Tested on: Windows 10 x64 Education...
Rejetto HTTP File Server (HFS) 2.3.x - Remote Command Execution (2)
Exploit for windows platform in category remote exploits !/usr/bin/python Exploit Title: HttpFileServer 2.3.x Remote Command Execution Google Dork: intext:"httpfileserver 2.3" Date: 04-01-2016 Remote: Yes Exploit Author: Avinash Kumar Thapa aka "-Acid" Vendor Homepage: http://rejetto.com/ Softwar...
CMS Made Simple 2.2.19 Server-Side Template Injection Vulnerability
Exploit Title: CMS Made Simple Version: 2.2.19 - SSTI Exploit Author: tmrswrr Vendor Homepage: https://www.cmsmadesimple.org/ Version: 2.2.19 Tested on: https://www.softaculous.com/demos/CMSMadeSimple 1 log in as admin and go to Layout Design Manager Breadcrumbs 2 Click edit and write SSTI payloa...
WordPress My Login Theme 2FA Brute Force Exploit
The theme my login plugin before 1.2 does not check how often a 2FA code was wrongly entered, allowing a bruteforce of codes to bypass 2FA effectively. A working python exploit: from typing import KeysView from selenium.webdriver.common.by import By from selenium import webdriver from...
Chrome Read-Only Property Overwrite Exploit
Chrome: Read-only property overwrite in TurboFan VULNERABILITY DETAILS While collecting information for a property store, TurboFan bails out if the property isn't writable2. Unfortunately, the branch condition1 does not include one of the store modes, namely kDefine. This allows an attacker to...
PHP Shopping Cart 4.2 SQL Injection Vulnerability
Title: PHP Shopping Cart-4.2 Multiple-SQLi Author: nu11secur1ty Vendor: https://www.phpjabbers.com/ Software:https://www.phpjabbers.com/php-shopping-cart-script/sectionPricing Reference: https://portswigger.net/web-security/sql-injection Description: The id parameter appears to be vulnerable to S...
ProcessMaker Privilege Escalation Exploit
Exploit Title: ProcessMaker - User Profile Privilege Escalation Description: ProcessMaker before v3.5.4 was discovered to contain insecure permissions in the user profile page. This vulnerability allows attackers to escalate normal users to Administrators. Exploit Author: Sornram Kampeera...
PHP Library Remote Code Execution Vulnerability
Several PHP compatibility libraries contain a potential remote code execution flaw in their jsondecode function based on having copy pasted existing vulnerable code. Affected components include the WassUp Realtime analytics WordPress plugin, AjaXplorer Core, and more. JAHx221 - RCE in copy/pasted...
Car Rental System 1.0 SQL Injection Vulnerability
Car Rental System SQL Injection Author: D4rkP0w4r Note = Login to customer Injection Point = http://192.168.1.101:8080/CarRental/booking.php?id=1 Exploit Exploit with Sqlmap + Burp Suite Use Burp Suite capture request Then save as sqlicar.txt GET /CarRental/booking.php?id=1 HTTP/1.1 Host:...
iOS 12.1.3 - cfprefsd Memory Corruption Exploit
// c 2019 ZecOps, Inc. - https://www.zecops.com - Find Attackers' Mistakes // Intended only for educational and defensive purposes only. // Use at your own risk. // iOS 12.1.3 - cfprefsd Memory Corruption Exploit include import include include include include include define AGENT 1 define...