39001 matches found
Vinchin Backup And Recovery 7.2 syncNtpTime Command Injection Vulnerability
Vinchin Backup and Recovery versions 7.2 and below suffer from a command injection vulnerability in the syncNtpTime function. CVE ID: CVE-2024-22899 Title: Command Injection Vulnerability in Vinchin Backup and Recovery's syncNtpTime Function in Versions 7.2 and Earlier Description: A critical...
VMware vRealize Log Insight Unauthenticated Remote Code Execution Exploit
VMware vRealize Log Insights versions 8.x contain multiple vulnerabilities, such as directory traversal, broken access control, deserialization, and information disclosure. When chained together, these vulnerabilities allow a remote, unauthenticated attacker to execute arbitrary commands on the...
FileZilla Client 3.63.1 - (TextShaping.dll) DLL Hijacking Vulnerability
--------------------------------------------------------- Title: FileZilla Client 3.63.1 - 'TextShaping.dl' DLL Hijacking Author: Bilal Qureshi Vendor: https://filezilla-project.org/ Version: 3.63.1 Tested on: Windows 10 Pro 64-bit 10.0, Build 19044...
WordPress Elementor 3.6.2 Plugin - Remote Code Execution (Authenticated) Exploit
Exploit Title: WordPress Plugin Elementor 3.6.2 - Remote Code Execution RCE Authenticated Exploit Author: AkuCyberSec https://github.com/AkuCyberSec Vendor Homepage: https://elementor.com/ Software Link: https://wordpress.org/plugins/elementor/advanced/ scroll down to select the version Version:...
Balbooa Joomla Forms Builder 2.0.6 - SQL Injection Vulnerability
Exploit Title: Balbooa Joomla Forms Builder 2.0.6 - SQL Injection Unauthenticated Exploit Author: blockomat2100 Vendor Homepage: https://www.balbooa.com/ Version: 2.0.6 Tested on: Docker An example request to trigger the SQL-Injection: POST /index.php?option=combaforms HTTP/1.1 Host: localhost...
vBulletin 5.5.4 Remote Command Execution Exploit #RCE
This Metasploit module exploits vBulletin versions 5.x through 5.5.4 leveraging a remote command execution vulnerability via the widgetConfigcode parameter in an ajax/render/widgetphp routestring POST request. This module requires Metasploit: https://metasploit.com/download Current source:...
Wordpress Seotheme - Remote Code Execution Unauthenticated Exploit
Exploit Title: Wordpress Seotheme - Remote Code Execution Unauthenticated Author: Milad Karimi Ex3ptionaL Category : webapps Tested on: windows 10 , firefox import sys , requests, re from multiprocessing.dummy import Pool from colorama import Fore from colorama import init initautoreset=True fr =...
WordPress Simple Page Transition 1.4.1 Cross Site Scripting Vulnerability
Exploit Title: WordPress Plugin ‘Simple Page Transition’ - Stored Cross Site Scripting Exploit Author: Mariam Tariq - HunterSherlock Vendor Homepage: https://wordpress.org/plugins/simple-page-transition/ Version: 1.4.1 Tested on: Firefox Contact me: email protected Vulnerable code: " / POC: 1-...
Simple House Rental System 1 Shell Upload Exploit
Simple House Rental System Unrestricted File Upload + RCE Author: D4rkP0w4r Note = login to client, don't need login to admin Description = Login to client = Upload web shell at Image Step to Reproduct Login to client - Register - Apartment Registration - Image - Submit Exploit Upload web shell a...
Barco Control Room Management Suite Directory Traversal Vulnerability
I. SUMMARY Title: CVE-2022-2623 Barco Control Room Management Suite File Path Traversal Vulnerability Product: Barco Control Room Management Suite before 2.9 build 0275 and all prior versions Vulnerability Type: File Path Traversal Credit by/Researcher: Murat Aydemir from Accenture Cyber Security...
SAP Netweaver IUUC_GENERATE_ACPLAN_DELIMITER ABAP Code Injection Exploit
SAP Netweaver versions SAP DMIS in at least 20111731 SP versions 0013 and below suffer from a remote ABAP code injection vulnerability in IUUCGENERATEACPLANDELIMITER. ============================================================================== title: Remote ABAP Code Injection in...
Oliver Library Server v5 - Arbitrary File Download Vulnerability
Exploit Title: Oliver Library Server v5 - Arbitrary File Download Exploit Authors: Mandeep Singh, Ishaan Vij, Luke Blues, CTRL Group Vendor Homepage: https://www.softlinkint.com/product/oliver/ Product: Oliver Server v5 Version: /oliver/FileServlet?source=serverFile&fileName= 2 Example to downloa...
Reprise License Manager 14.2 Remote Binary Execution Vulnerability
Product: Reprise License Manager 14.2 Vendor: Reprise Software CVE ID: CVE-2021-44153 Vulnerability Title: Authenticated Remote Binary Execution Severity: High Authors: Mark Staal Steenberg, Bilal El Ghoul, Gionathan Armando Reale, Andreas Fyhn Andersen, Oliver Lind Nordestgaard Introduction: Whe...
Dolibarr ERP / CRM 13.0.2 Cross Site Scripting Vulnerability
Stored cross-site scripting in Dolibarr ERP & CRM Overview Advisory version: 1.0 Advisory status: Public Advisory URL: https://trovent.io/security-advisory-2105-02 Affected product: Dolibarr ERP & CRM Tested versions: Dolibarr 13.0.2 Vendor: Dolibarr foundation, https://www.dolibarr.org Credits:...
PHPJabbers Simple CMS 5 - (name) Persistent Cross-Site Scripting Vulnerability
Exploit Title: PHPJabbers Simple CMS 5 - 'name' Persistent Cross-Site Scripting XSS Google Dork: subtitle:Copyright © 2021 PHPJabbers.com Date: 2021-10-28 Exploit Author: Vulnerability-Lab Vendor Homepage: https://www.phpjabbers.com/faq.php Software Link: https://www.phpjabbers.com/simple-cms/...
Tapatalk Plugins PHP Object Injection Vulnerability
PHP object injection vulnerability in all Tapatalk plugins that can allow attackers to execute PHP code, perform SQL injection, or cause denial of service conditions. Tapatalk Plugins PHP Object Injection dH team discovered PHP Object Injection vulnerability in all Tapatalk plugins, which is allo...
Microsoft Windows - Uncredentialed SMB RCE (MS17-010) Exploit
This Metasploit module uses information disclosure to determine if MS17-010 has been patched or not. Specifically, it connects to the IPC$ tree and attempts a transaction on FID 0. If the status returned is "STATUSINSUFFSERVERRESOURCES", the machine does not have the MS17-010 patch. This Metasplo...
Multilaser RE160 Cookie Manipulation Access Bypass Vulnerability
Multilaser RE160 versions 5.07.51ptMTL01 and 5.07.52ptMTL01 suffer from an access control bypass vulnerability through cookie manipulation. =====Tempest Security Intelligence - Security Advisory - CVE-2023-38946======= Access Control Bypass in Multilaser router's Web Management Interface Author:...
Online Project Time Management 1.0 SQL Injection Vulnerability
Title: Online Project Time Management 1.0 Multiple SQL - Injections Author: nu11secur1ty Date: 01.20.2022 Vendor: https://www.sourcecodester.com/users/tips23 Software: https://www.sourcecodester.com/php/15136/online-project-time-management-system-phpoop-free-source-code.html Description: The pid...
WordPress Core < 5.3.x - (xmlrpc.php) Denial of Service Exploit
Exploit for php platform in category web applications !/usr/bin/env python WordPress methodNamepingback.ping" entry += f"paramspingback/COUNT" entry += f"paramspingback/uuid.uuid4" entry += f"target/?p=1" entry += f"target/e" taxes DB more return entry def buildrequestpingback,target,entries:...
Petrol Pump Management Software v1.0 - Remote Code Execution Vulnerability
Exploit Title: Petrol Pump Management Software v1.0 - Remote Code Execution RCE Exploit Author: Sandeep Vishwakarma Vendor Homepage: https://www.sourcecodester.com Software Link:https://www.sourcecodester.com/php/17180/petrol-pump-management-software-free-download.html Version: v1.0 Tested on:...
GYM MS - GYM Management System - Cross Site Scripting Vulnerability
Exploit Title: GYM MS - GYM Management System - Cross Site Scripting Stored Vendor Homepage: https://phpgurukul.com/gym-management-system-using-php-and-mysql/ Software Link: https://phpgurukul.com/projects/GYM-Management-System-using-PHP.zip Version: 1.0 Last Update: 31 August 2022 Tested On: Kal...
Online Security Guards Hiring System 1.0 - Reflected XSS Exploit
Exploit Title: Online Security Guards Hiring System 1.0 – REFLECTED XSS Exploit Author : AFFAN AHMED Vendor Homepage: https://phpgurukul.com Software Link: https://phpgurukul.com/projects/Online-Security-Guard-Hiring-SystemPHP.zip Version: 1.0 Tested on: Windows 11 + XAMPP + PYTHON-3.X CVE :...
Zenphoto 1.6 - Multiple stored XSS Vulnerability
Exploit Title: Zenphoto 1.6 - Multiple stored XSS Application: Zenphoto-1.6 xss poc Version: 1.6 Bugs: XSS Technology: PHP Vendor URL: https://www.zenphoto.org/news/zenphoto-1.6/ Software Link: https://github.com/zenphoto/zenphoto/archive/v1.6.zip Date of found: 01-05-2023 Author: Mirabbas Ağalar...
ALLMediaServer 1.6 Remote Buffer Overflow Exploit
Exploit Title: ALLMediaServer 1.6 Remote Buffer Overflow Discovered by: Yehia Elghaly Vendor Homepage: https://www.allmediaserver.org/ Software Link : https://www.allmediaserver.org/LiveUpdate/ALLMediaServer.exe Tested Version: 1.6 Vulnerability Type: Buffer Overflow DoS Remote Tested on OS:...
Employee Daily Task Management System 1.0 - (Name) Stored Cross-Site Scripting Vulnerability
Exploit Title: Employee Daily Task Management System 1.0 - 'Name' Stored Cross-Site Scripting XSS Exploit Author: Ragavender A G Vendor Homepage: https://www.sourcecodester.com/ Software Link: https://www.sourcecodester.com/sites/default/files/download/oretnom23/edtms.zip Version: v1.0 Tested on:...
FreeBSD ip6_setpktopt Use-After-Free Privilege Escalation Exploit
This Metasploit module exploits a race and use-after-free vulnerability in the FreeBSD kernel IPv6 socket handling. A missing synchronization lock in the IPV62292PKTOPTIONS option handling in setsockopt permits racing ip6setpktopt access to a freed ip6pktopts struct. This exploit overwrites the...
FreeBSD ftpd Remote Root Exploit
needs user account inside a chroot. ''' example reverse shells: [email protected] / uname -a;id; uname -a;id; FreeBSD r00tbox 10.0-RELEASE FreeBSD 10.0-RELEASE 0 r260789: Thu Jan 16 22:34:59 UTC 2014 [email protected]:/usr/obj/usr/src/sys/GENERIC amd64 uid=0root gid=0wheel groups=0wheel...
TitanNit Web Control 2.01 / Atemio 7600 Root Remote Command Execution Vulnerability
The Atemio AM 520 HD Full HD satellite receiver has a vulnerability that enables an unauthorized attacker to execute system commands with elevated privileges. This exploit is facilitated through the use of the getcommand query within the application, allowing the attacker to gain root access...
WordPress Shield Security 17.0.17 Cross Site Scripting / Missing Authorization Vulnerability
WordPress Shield Security Smart Bot Blocking and Intrusion Prevention plugin versions 17.0.17 and below suffer from cross site scripting and missing authorization vulnerabilities. Affected Plugin: Shield Security – Smart Bot Blocking & Intrusion Prevention Plugin Slug: wp-simple-firewall Affected...
Osprey Pump Controller 1.0.1 pseudonym Command Injection Vulnerability
Osprey Pump Controller version 1.0.1 suffers from an unauthenticated OS command injection vulnerability. This can be exploited to inject and execute arbitrary shell commands through the pseudonym HTTP POST parameter called by index.php script. Osprey Pump Controller 1.0.1 pseudonym Semi-blind...
Osprey Pump Controller 1.0.1 eventFileSelected Command Injection Vulnerability
Osprey Pump Controller version 1.0.1 suffers from an unauthenticated OS command injection vulnerability. This can be exploited to inject and execute arbitrary shell commands through the eventFileSelected HTTP GET parameter called by DataLogView.php, EventsView.php and AlarmsView.php scripts. Ospr...
Sophos XG115w Firewall 17.0.10 MR-10 - Authentication Bypass Vulnerability
Aryan Chehreghani Exploit Title: Sophos XG115w Firewall 17.0.10 MR-10 - Authentication Bypass Exploit Author: Aryan Chehreghani Vendor Homepage: https://www.sophos.com Version: 17.0.10 MR-10 Tested on: Windows 11 CVE : CVE-2022-1040 VULNERABILITY DETAILS : This vulnerability allows an attacker to...
Xen PV Guest Non-SELFSNOOP CPU Memory Corruption Exploit
On CPUs without SELFSNOOP support, a Xen PV domain that has access to a PCI device which grants the domain the ability to set arbitrary cache attributes on all its pages can trick Xen into validating an L2 pagetable that contains a cacheline that is marked as clean in the cache but actually diffe...
Online Sports Complex Booking System 1.0 Account Takeover Vulnerability
Exploit Title: Online Sports Complex Booking System - Account Takeover Unauthenticated Exploit Author: Saud Alenazi Vendor Homepage: https://www.sourcecodester.com/ Software Link: https://www.sourcecodester.com/php/15236/online-sports-complex-booking-system-phpmysql-free-source-code.html Version:...
Adobe ColdFusion 11 Remote Code Execution Vulnerability
Exploit Title: Adobe ColdFusion 11 - LDAP Java Object Deserialization Remode Code Execution RCE Google Dork: intext:"adobe coldfusion 11" Exploit Author: Amel BOUZIANE-LEBLOND https://twitter.com/amellb Vendor Homepage: https://www.adobe.com/sea/products/coldfusion-family.html Version: Adobe...
FaceTime - RTP Video Processing Heap Corruption Exploit
Exploit for iOS platform in category dos / poc FaceTime - RTP Video Processing Heap Corruption Exploit There is a memory corruption issue when processing a malformed RTP video stream in FaceTime that leads to a kernel panic due to a corrupted heap cookie or data abort. This bug can be reached if ...
Foxit Reader 9.0.1.1049 - Remote Code Execution Exploit
Exploit for windows platform in category remote exploits %PDF 1 0 obj 2 0 obj /S /JavaScript /JS / Foxit Reader Remote Code Execution Exploit ========================================== Written by: Steven Seeley mrme of Source Incite Date: 22/06/2018 Technical details:...
WordPress Site Import 1.0.1 Plugin - Local File Inclusion / Remote File Inclusion
Exploit for php platform in category web applications Exploit Title: Wordpress Site Import 1.0.1 | Local and Remote file inclusion Exploit Author: Wadeek Website Author: https://github.com/Wad-Deek Software Link: https://downloads.wordpress.org/plugin/site-import.1.0.1.zip Version: 1.0.1 Tested o...
IdeaBox <= 1.1 (gorumDir) Remote File Include Vulnerability
Exploit for unknown platform in category web applications =========================================================== IdeaBox = 1.1 gorumDir Remote File Include Vulnerability =========================================================== $$$$$$$$$$$$$$$ DEVIL TEAM THE BEST POLISH TEAM $$$$$$$$$$$$$$...
PHPJabbers Shuttle Booking Software 1.0 - Reflected XSS Vulnerability
Exploit Title: PHPJabbers Shuttle Booking Software 1.0 - Reflected XSS Exploit Author: CraCkEr Vendor: PHPJabbers Vendor Homepage: https://www.phpjabbers.com/ Software Link: https://www.phpjabbers.com/shuttle-booking-software/ Version: 1.0 Tested on: Windows 10 Pro Impact: Manipulate the content ...
TP-Link Archer AX10(EU)_V1.2_230220 Buffer Overflow Vulnerability
Exploit Title: Buffer Overflow in TP-Link Archer AX10EUV1.2230220 Exploit Author: Giuseppe Compare CVE: CVE-2023-34832 Vendor Homepage: https://www.tp-link.com/ Version: TP-Link Archer AX10EUV1.2230220 Buffer Overflow There is a buffer overflow in the FUN131e8 function due to using sprintf...
Adobe Connect 11.4.5 / 12.1.5 Local File Disclosure Vulnerability
Adobe Connect versions 11.4.5 and below as well as versions 12.1.5 and below suffer from a file disclosure vulnerability. Title: adobe connect - Local File Disclosure / Download security feature bypass vulnerability Author: h4shur CVE: CVE-2023-22232 Vendor Homepage: https://www.adobe.com Softwar...
Osprey Pump Controller 1.0.1 Predictable Session Token / Session Hijacking Vulnerabilities
Osprey Pump Controller version 1.0.1 has an ELF binary called MirageCreateSessionCode.x that contains a weak session token generation algorithm that can be predicted and can aid in authentication and authorization bypass attacks. Further, session hijacking is possible due to MitM attack exploitin...
Infix LMS 4.3.0 Shell Upload Vulnerability
Exploit Title: Infix LMS - Learning Management System Shell Upload Exploit Author: th3d1gger Vendor Homepage: https://codecanyon.net Software Link: https://codecanyon.net/item/infixlms-learning-management-system/30626608 Version: 4.3.0 Tested on Ubuntu 18.04 sign up as teacher go profile page and...
Voltage SecureMail Server Business Logic Bypass Vulnerability
======================================================================= title: Business Logic Bypass - Mail Relay Post-authenticated product: Voltage SecureMail Server vulnerable version: Voltage SecureMail Server v7.3.0.1 fixed version: Voltage SecureMail Server v7.3.0.1 CVE number: CVE-2021-381...
Servisnet Tessa - MQTT Credentials Dump (Unauthenticated) Exploit
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'metasploit/framework/credentialcollection' require 'metasploit/framework/loginscanner/mqtt' class MetasploitModule 'Servisnet Tessa - MQTT Credentials Dump...
WeBid 0.7.3 RC9 (upldgallery.php) Remote File Upload Vulnerability
Exploit for unknown platform in category web applications ================================================================== WeBid 0.7.3 RC9 upldgallery.php Remote File Upload Vulnerability ==================================================================...
PHP Easy Downloader <= 1.5 (save.php) Remote Code Execution Exploit
Exploit for unknown platform in category web applications =================================================================== PHP Easy Downloader +------------------------------------------------------------------------------------------- + Details: + PHP Easy Download by default installation...
iboss Secure Web Gateway - Stored Cross-Site Scripting Vulnerability
Exploit Title: iboss Secure Web Gateway - Stored Cross-Site Scripting XSS Exploit Author: modrnProph3t Vendor Homepage: https://www.iboss.com Version: userName=TEST&x=TEST&action=login&redirectUrl= 3. Insert XSS payload into the "redirectUrl" parameter Example of request with inserted payload: PO...