39001 matches found
InnovaStudio WYSIWYG Editor Asset Manager 5.4 Shell Upload Vulnerability
InnovaStudio WYSIWYG Editor Asset Manager versions 5.4 and below suffer from a remote shell upload vulnerability. Exploit Title: InnovaStudio WYSIWYG Editor 5.4 ASSET MANAGER Unrestricted File Upload / Directory Traversal / Multiple WebApps Exploit Date: 11/04/2023 Exploit Author: Zer0FauLT...
WordPress Visual Slide Box Builder 3.2.9 SQL Injection Vulnerability
Title: WordPress 6.0 - Visual Slide Box Builder 3.2.9 SQLi Author: nu11secur1ty Vendor: https://wphive.com/ Software: https://wphive.com/plugins/wp-visual-slidebox-builder/?pluginversion=3.2.9 Reference:...
REDCap 11.3.9 - Stored Cross Site Scripting Vulnerability
Exploit Title: REDCap 11.3.9 - Stored Cross-Site Scripting Exploit Author: Kendrick Lam References: https://github.com/KCL04/XSS-PoCs/blob/main/CVE-2021-42136.js Vendor Homepage: https://projectredcap.org Software Link: https://projectredcap.org Version: Redcap before 11.4.0 Tested on: 11.2.5 CVE...
Servisnet Tessa - MQTT Credentials Dump (Unauthenticated) Exploit
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'metasploit/framework/credentialcollection' require 'metasploit/framework/loginscanner/mqtt' class MetasploitModule 'Servisnet Tessa - MQTT Credentials Dump...
Shrew Soft VPN Client 2.2.2 - (iked) Unquoted Service Path Vulnerability
Exploit Title: Shrew Soft VPN Client 2.2.2 - 'iked' Unquoted Service Path Exploit Author: D.Goedecke Vendor Homepage: www.shrew.net Software Link: https://www.shrew.net/download/vpn/vpn-client-2.2.2-release.exe Version: 2.2.2 Tested on: Windows 10 64bit C:\Users\userwmic service get name,...
GrandNode 4.40 - Path Traversal / Arbitrary File Download Vulnerabilities
Exploit for multiple platform in category web applications Exploit Title: GrandNode Path Traversal & Arbitrary File Download Unauthenticated Exploit Author: Corey Robinson https://twitter.com/CRobSec Vendor Homepage: https://grandnode.com/ Software Link:...
WordPress Site Import 1.0.1 Plugin - Local File Inclusion / Remote File Inclusion
Exploit for php platform in category web applications Exploit Title: Wordpress Site Import 1.0.1 | Local and Remote file inclusion Exploit Author: Wadeek Website Author: https://github.com/Wad-Deek Software Link: https://downloads.wordpress.org/plugin/site-import.1.0.1.zip Version: 1.0.1 Tested o...
MS15-034 Microsoft IIS Remote Code Execution Exploit
Reverdes from http.sys exploit includes ROP gadgets for Server 2008 and Server 2012 only! This is private exploit. You can buy it at https://0day.today...
Geeklog 2 (BaseView.php) Remote File Inclusion Vulnerability
Exploit for unknown platform in category web applications ============================================================ Geeklog 2 BaseView.php Remote File Inclusion Vulnerability ============================================================ GeekLog = 2.x BaseView.php Remote File Include...
taskhub 2.8.7 - SQL Injection Vulnerability
Exploit Title: taskhub 2.8.7 - SQL Injection Exploit Author: CraCkEr Vendor: Infinitie Technologies Vendor Homepage: https://www.infinitietech.com/ Software Link: https://codecanyon.net/item/taskhub-project-management-finance-crm-tool/25685874 Demo: https://taskhub.company/auth Tested on: Windows...
TP-Link Archer AX21 - Unauthenticated Command Injection Exploit
!/usr/bin/python3 Exploit Title: TP-Link Archer AX21 - Unauthenticated Command Injection Date: 07/25/2023 Exploit Author: Voyag3r https://github.com/Voyag3r-Security Vendor Homepage: https://www.tp-link.com/us/ Version: TP-Link Archer AX21 AX1800 firmware versions before 1.1.4 Build 20230219...
Bumsys Business Management System 1.0.3-beta Shell Upload Vulnerability
Exploit Title: - unilogies/bumsys v1.0.3-beta - Unrestricted File Upload Exploit Author: AFFAN AHMED Vendor Homepage: https://github.com/unilogies/bumsys Software Link: https://github.com/unilogies/bumsys/archive/refs/tags/v1.0.3-beta.zip Version: 1.0.3-beta Tested on: Windows 11, XAMPP-8.2.0 CVE...
modoboa 2.0.4 - Admin Account Takeover Exploit
/ Exploit Title: modoboa 2.0.4 - Admin TakeOver Description: Authentication Bypass by Primary Weakness Software Link: https://github.com/modoboa/modoboa Version: modoboa/modoboa prior to 2.0.4 Tested on: Arch Linux Exploit Author: 7h3h4ckv157 CVE: CVE-2023-0777 / package main import "fmt"...
Transposh WordPress Translation 1.0.8.1 Incorrect Authorization Vulnerability
ADVISORY INFORMATION ======================= Product: Transposh WordPress Translation Vendor URL: https://wordpress.org/plugins/transposh-translation-filter-for-wordpress/ Type: Incorrect Authorization CWE-863 Date found: 2022-07-23 Date published: 2022-08-16 CVSSv3 Score: 7.5...
Nortek Linear eMerge E3-Series Account Takeover XSS Vulnerability
Nortek Linear eMerge E3-Series version 0.32-07p suffers from a vulnerability where session fixation tied with cross site scripting can allow for account takeover. Exploit Title: Nortek Linear eMerge E3-Series - Account Take Over Exploit Author: Omar Hashim Version: 0.32-07p Vendor home page:...
RiteCMS 3.1.0 - Remote Code Execution (Authenticated) Vulnerability
Exploit Title: RiteCMS 3.1.0 - Remote Code Execution RCE Authenticated Exploit Author: faisalfs10x https://github.com/faisalfs10x Vendor Homepage: https://ritecms.com/ Software Link: https://github.com/handylulu/RiteCMS/releases/download/V3.1.0/ritecms.v3.1.0.zip Version: = 3.1.0 Tested on: Windo...
ImportExportTools NG 10.0.4 - HTML Injection Vulnerability
Exploit Title: ImportExportTools NG 10.0.4 - HTML Injection Date: 2021-11-05 Exploit Author: Vulnerability Lab Vendor Homepage: https://github.com/thundernest/import-export-tools-ng Software Link: https://addons.thunderbird.net/en-US/thunderbird/addon/importexporttools-ng/ Version: 10.0.4 Tested...
GSearch 1.0.1.0 - Denial of Service Exploit
Exploit Title: GSearch v1.0.1.0 - Denial of Service PoC Author: 0xB9 Twitter: @0xB9Sec Contact: 0xB9atpm.me Software Link: https://www.microsoft.com/store/productId/9NDTMZKLC693 Version: 1.0.1.0 Tested on: Windows 10 Proof of Concept: Run the python script, it will create a new file "PoC.txt" Cop...
Microsoft Windows 10 1809 - CmKeyBodyRemapToVirtualForEnum Arbitrary Key Enumeration
Exploit for windows platform in category local exploits Microsoft Windows 10 1809 - 'CmKeyBodyRemapToVirtualForEnum' Arbitrary Key Enumeration Privilege Escalation Windows: CmKeyBodyRemapToVirtualForEnum Arbitrary Key Enumeration EoP Platform: Windows 10 1809 not tested earlier Class: Elevation o...
Microsoft Windows 10 (Build 17134) - Local Privilege Escalation (UAC Bypass) Exploit
Exploit for windows platform in category local exploits Microsoft Windows 10 Build 17134 - Local Privilege Escalation UAC Bypass Exploit include "stdafx.h" include include "resource.h" void DropResourceconst wchart rsrcName, const wchart filePath HMODULE hMod = GetModuleHandleNULL; HRSRC res =...
Linux Kernel 4.4.0 AF_PACKET Race Condition / Privilege Escalation Exploit
Linux AFPACKET race condition exploit for Ubuntu 16.04 x8664. / chocoboroot.c linux AFPACKET race condition exploit exploit for Ubuntu 16.04 x8664 vroom vroom ============================== email protected:$ uname -a Linux ubuntu 4.4.0-51-generic 72-Ubuntu SMP Thu Nov 24 18:29:54 UTC 2016 x8664...
WeBid v1.0.2 Multiple Remote (CSRF) Vulnerabilities
Exploit for php platform in category web applications 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /' \ /\ //\ Exploit database separated by exploit 0 0 // type local, remote, DoS, etc. 1 1 1 0 +...
CMS Mini <= 0.2.2 Remote Command Execution Exploit
Exploit for unknown platform in category web applications ================================================== CMS Mini ". "\n+ Ex. : php xpl.php localhost /CMSmini". "\n\n"; if $argc != 3 usage; $hostname = $argv 1; $path = $argv 2; $fp = fsockopen $hostname, 80; $post = "message="; $request = "PO...
Wallos Shell Upload Vulnerability
Exploit Title: Wallos - File Upload RCE Authenticated Date: 2024-03-04 Exploit Author: email protected Vendor Homepage: https://github.com/ellite/Wallos Software Link: https://github.com/ellite/Wallos Version: -----------------------------2925144213...
Employee Management System v1 - (email) SQL Injection Vulnerability
Exploit Title: Employee Management System v1 - 'email' SQL Injection Application: Employee Management System Date: 19.02.2024 Bugs: SQL Injection Exploit Author: SoSPiro Vendor Homepage: https://www.sourcecodester.com/ Software Link:...
Spring Cloud 3.2.2 - Remote Command Execution Exploit
Exploit Title: Spring Cloud 3.2.2 - Remote Command Execution RCE Exploit Author: GatoGamer1155, 0bfxgh0st Vendor Homepage: https://spring.io/projects/spring-cloud-function/ Description: Exploit to execute commands exploiting CVE-2022-22963 Software Link:...
Human Resource Management System 1.0 - SQL Injection Vulnerability
Exploit Title: Human Resource Management System - SQL Injection unauthenticated Exploit Author: Matthijs van der Vaart eMVee Vendor Homepage: https://www.sourcecodester.com/php/15740/human-resource-management-system-project-php-and-mysql-free-source-code.html Software Link:...
Agilebio Lab Collector 4.234 Remote Code Execution Exploit
Exploit Title: Agilebio Lab Collector Electronic Lab Notebook Remote Code Execution Date: 2023-02-28 Exploit Author: Anthony Cole Vendor Homepage: https://labcollector.com/labcollector-lims/add-ons/eln-electronic-lab-notebook/ Version: v4.234 Contact: http://twitter.com/acole76 Website:...
Osprey Pump Controller 1.0.1 Administrator Backdoor Access Vulnerability
Osprey Pump Controller version 1.0.1 has a hidden administrative account admin that has the hardcoded password Mirage1234 that allows full access to the web management interface configuration. The user admin is not visible in Usernames and Passwords menu list 120 of the application and the passwo...
Hughes Satellite Router Remote File Inclusion Cross Frame Scripting Vulnerability
Hughes Satellite Router contains a cross-frame scripting via remote file inclusion vulnerability that may potentially be exploited by malicious users to compromise an affected system. This vulnerability may allow an unauthenticated malicious user to misuse frames, include JS/HTML code and steal...
Matrimonial PHP Script 1.0 SQL Injection Vulnerability
┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ┌┘ Exploits ┌┘ └───────────────────────────────────────────────────────────────────────────────────────┘┘ : Author : CraCkEr │ │ : │ Website : uisort.com │ │ │ │ Vendor : Uisort Technologies Pvt. Ltd. │ │ │...
Webmin 1.920 password_change.cgi Backdoor Exploit
This Metasploit module exploits a backdoor in Webmin versions 1.890 through 1.920. Only the SourceForge downloads were backdoored, but they are listed as official downloads on the project's site. Unknown attackers inserted Perl qx statements into the build server's source code on two separate...
Thunderbird ESR < 60.7.XXX - icalrecur_add_bydayrules Stack-Based Buffer Overflow Vulnerability
Stack-based buffer overflow in Thunderbird ========================================== Severity Rating: High Confirmed Affected Versions: All versions affected Confirmed Patched Versions: Thunderbird ESR 60.7.XXX Vendor: Thunderbird Vendor URL: https://www.thunderbird.net/ Vendor Reference:...
Visual Tools DVR Command Injection / Password Disclosure
Exploit for hardware platform in category web applications Title: Visual Tools DVR multiple vulnerabilities Version affected: VS Series = 3.0.6.16, VX Series = 4.2.19.2 Vendor: http://www.visual-tools.com/ Discovered By: Andrea Fabrizi Email: email protected Web: http://www.andreafabrizi.it Statu...
VICIdial 2.14-917a SQL Injection Vulnerability
An unauthenticated attacker can leverage a time-based SQL injection vulnerability in VICIdial version 2.14-917a to enumerate database records. By default, VICIdial stores plaintext credentials within the database. Title: VICIdial Unauthenticated SQL Injection Publication URL:...
Curfew e-Pass Management System 1.0 - FromDate SQL Injection Vulnerability
Exploit Title: Curfew e-Pass Management System 1.0 - FromDate SQL Injection Exploit Author: Puja Dey Vendor Homepage: https://phpgurukul.com Software Link: https://phpgurukul.com/curfew-e-pass-management-system-using-php-and-mysql/ Version: 1.0 Tested on: Windows 10/Wamp 1 login into the...
Penglead 2.0 SQL injection Bypass Authentication Vulnerability
Title: penglead-2.0 SQLi-Bypass Authentication Author: nu11secur1ty Vendor: https://www.mayurik.com/ Software: https://www.mayurik.com/source-code/P2760/lead-management-system-in-php-free-download Reference: https://portswigger.net/web-security/sql-injection Description: The id parameter is...
PaperCut NG/MG 22.0.4 - Remote Code Execution Exploit
Exploit Title: PaperCut NG/MG 22.0.4 - Remote Code Execution RCE Exploit Author: Mohin Paramasivam Shad0wQu35t and MaanVader Vendor Homepage: https://www.papercut.com/ Version: 8.0 or later Tested on: 22.0.4 CVE: CVE-2023-27350 import requests import argparse Grouppayload =...
WordPress Real Estate 7 Theme 3.3.4 Cross Site Scripting Vulnerability
==== Z://USB-00RESEARCH/WORDPRESS/ ============================================= 2023 == Report Title: WordPress Real Estate 7 Theme = 3.3.4 - Unauthenticated Reflected Cross-Site Scripting XSS Google Dork: inurl:/wp-content/themes/realestate-7/ Research Date: 2023-02-10 Researcher: FearZzZz...
OpenCart 3.x Newsletter Custom Popup 4.0 SQL Injection Vulnerability
Exploit Title: OpenCart v3.x So Newsletter Custom Popup Module - Blind SQL Injection Exploit Author: Saud Alenazi Vendor Homepage: https://www.opencart.com/ Software Link:...
Lepin EP-KP001 KP001_V19 Authentication Bypass Vulnerability
When analyzing the USB flash drive Lepin EP-KP001, Matthias Deeg found out that it uses an insecure hardware design which allows an attacker to bypass the password-based user authentication. Product: EP-KP001 Manufacturer: Lepin Affected Versions: KP001V19 Tested Versions: KP001V19 Vulnerability...
Wing FTP Server 4.3.8 - Remote Code Execution (Authenticated) Exploit
Exploit Title: Wing FTP Server 4.3.8 - Remote Code Execution RCE Authenticated Exploit Author: notcos Credit: Credit goes to the initial discoverer of this exploit, Alex Haynes. Vendor Homepage: https://www.wftpserver.com/ Software Link: https://www.wftpserver.com/download/WingFtpServer.exe...
Landa Driving School Management System 2.0.1 Arbitrary File Upload Vulnerability
Exploit Title: Landa Driving School Management System Arbitrary File Upload Version 2.0.1 Exploit Author: Sohel Yousef - email protected Software Link: https://codecanyon.net/item/landa-driving-school-management-system/23220151 Software link 2 :https://simcycreative.com/landa/ Software Demo :...
Reprise License Manager 14.2 Buffer Overflow Vulnerability
Product: Reprise License Manager 14.2 Vendor: Reprise Software CVE ID: CVE-2021-44154 Vulnerability Title: Authenticated Buffer Overflow Severity: High Authors: Mark Staal Steenberg, Bilal El Ghoul, Gionathan Armando Reale, Andreas Fyhn Andersen, Oliver Lind Nordestgaard Introduction: By using an...
GLPI 9.4.5 - Remote Code Execution Exploit
Exploit Title: GLPI 9.4.5 - Remote Code Execution RCE Exploit Author: Brian Peters Vendor Homepage: https://glpi-project.org Software Link: https://github.com/glpi-project/glpi/releases Version: | grep "CREATE TABLE" | grep -n wifinetworks Update the offsettable value with this number in the...
Linux/x64 - execve(/bin/sh) Shellcode (21 bytes) (2)
Linux/x64 - execve/bin/sh Shellcode 21 bytes Author: s1ege Tested on: x8664 GNU/Linux Shellcode Length: 21 / objdump disassembly 401000: 50 push %rax 401001: 48 31 d2 xor %rdx,%rdx 401004: 48 bb 2f 62 69 6e 2f movabs $0x68732f2f6e69622f,%rbx 40100b: 2f 73 68 40100e: 53 push %rbx 40100f: 54 push...
Cisco Data Center Network Manager 11.1(1) Remote Code Execution Exploit
Cisco Data Center Network Manager DCNM versions 11.11 and below suffer from authentication bypass, arbitrary file upload, arbitrary file download, and information disclosure vulnerabilities. Authentication Bypass and Arbitrary File Upload leading to remote code execution on Cisco Data Center...
Clubpage (clubpage.php) SQL Injection Vulnerability
Exploit for php platform in category web applications ==================================================== Clubpage clubpage.php SQL Injection Vulnerability ==================================================== Title: Clubpage clubpage.php SQL Injection Vulnerability Version: All versions Author:...
WordPress Critical Site Intel 1.0 SQL Injection Vulnerability
CVE-2024-55976 Critical Site Intel = 1.0 - Unauthenticated SQL Injection Description The Critical Site Intel plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 1.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on...
Artica Proxy Unauthenticated PHP Deserialization Exploit
A command injection vulnerability in Artica Proxy appliance versions 4.50 and 4.40 allows remote attackers to run arbitrary commands via an unauthenticated HTTP request. The Artica Proxy administrative web application will deserialize arbitrary PHP objects supplied by unauthenticated users and...