39001 matches found
Boa 0.93.15 HTTP Basic Authentication Bypass Exploit
Exploit for linux platform in category remote exploits ==================================================== Boa 0.93.15 HTTP Basic Authentication Bypass Exploit ==================================================== / Boa HTTP Basic Authentication Bypass Vuln: Boa/0.93.15 with Intersil Extensions...
TEM Opera Plus FM Family Transmitter 35.45 Cross Site Request Forgery Vulnerability
CSRF Change Forward Power: -------------------------...
AirDisk 7.5.5 Cross Site Scripting Vulnerability
Exploit Title: AirDisk 7.5.5 File Manager Stored XSS Exploit Author: Chokri Hammedi Vendor Homepage: https://apps.apple.com/us/developer/felix-yew/id505904424 Software Link: https://apps.apple.com/us/app/airdisk-file-manager/id566530748 Version: 7.5.5 Tested on: iPhone ios 15.6 1/ Starting the...
Nortek Linear eMerge E3-Series Credential Disclosure Vulnerability
Nortek Linear eMerge E3-Series versions 0.32-07p, 0.32-07e, 0.32-07p, 0.32-08f, and 0.32-09c suffer from an administrative credential disclosure vulnerability. Exploit Title: Nortek Linear eMerge E3-Series - Information Disclosure lead to access admin dashboard Exploit Author: Omar Hashim Version...
WordPress TaxoPress 3.0.7.1 Plugin - Stored Cross-Site Scripting Vulnerability
Exploit Title: WordPress Plugin TaxoPress 3.0.7.1 - Stored Cross-Site Scripting XSS Authenticated Exploit Author: Akash Rajendra Patil Vendor Homepage: Software Link: https://wordpress.org/plugins/simple-tags/ Tested on Windows CVE: CVE-2021-24444...
ESCAM QD-900 WIFI HD Camera - Remote Configuration Disclosure Vulnerability
Exploit for hardware platform in category web applications Title: ESCAM QD-900 WIFI HD Camera - Remote Configuration Disclosure Author: Todor Donev Vendor: www.escam.cn Product Link: http://www.escam.cn/search/?class1=&class2=&class3=&searchtype=0&searchword=qd-900&lang=en CVE: N/A !/usr/bin/perl...
DLink DWL-2600AP - Multiple OS Command Injection Vulnerability
Exploit for hardware platform in category web applications Document Title: =============== D-Link DWL-2600AP - Authenticated OS Command Injection Restore Configuration Product & Service Introduction: =============================== The D-Link DWL-2600AP has a web interface for configuration. You...
Microsoft IIS WebDav ScStoragePathFromUrl Overflow Exploit
Buffer overflow in the ScStoragePathFromUrl function in the WebDAV service in Internet Information Services IIS 6.0 in Microsoft Windows Server 2003 R2 allows remote attackers to execute arbitrary code via a long header beginning with "If: ' Microsoft IIS WebDav ScStoragePathFromUrl Overflow',...
ASPapp (links.asp CatId) Remote SQL Injection Vulnerability
Exploit for unknown platform in category web applications =========================================================== ASPapp links.asp CatId Remote SQL Injection Vulnerability =========================================================== ....... ...... ..... .....CoRPITX...
ABB Cylon Aspect 3.08.01 File Upload MD5 Checksum Bypass Vulnerability
ABB Cylon Aspect version 3.08.01 has a vulnerability in caldavInstall.php, caldavInstallAgendav.php, and caldavUpload.php files, where the presence of an EXPERTMODE parameter activates a badassMode feature. This mode allows an unauthenticated attacker to bypass MD5 checksum validation during file...
Moodle 3.10.1 - Authenticated Blind Time-Based SQL Injection - (sort) parameter Exploit
Exploit Title: Moodle Authenticated Time-Based Blind SQL Injection - "sort" Parameter Exploit Author: Julio Ángel Ferrari Aka. T0X1Cx Vendor Homepage: https://moodle.org/ Software Link: Version: 3.10.1 Tested on: Linux CVE : CVE-2021-36393 import requests import string from termcolor import color...
Complaint Management System 2.0 SQL Injection Vulnerability
Exploit Title: Complaint-Management-System Multiple SQL Injection Vulnerabilities Exploit Author: Diyar Saadi Vendor Homepage: https://phpgurukul.com/complaint-management-sytem/ Software Link: https://phpgurukul.com/?sdmprocessdownload=1&downloadid=7259 Version: V 2.0 Tested on: Windows 11 + XAMP...
Online Nurse Hiring System 1.0 - Time-Based SQL Injection Vulnerability
Exploit Title: Online Nurse Hiring System 1.0 - 'bookid' Time-Based SQL Injection Exploit Author: Alperen Yozgat Vendor Homepage: https://phpgurukul.com/online-nurse-hiring-system-using-php-and-mysql Software Link: https://phpgurukul.com/?sdmprocessdownload=1&downloadid=17826 Version: 1.0 Tested...
WordPress Social Login And Register 7.6.4 Authentication Bypass Vulnerability
Description: WordPress Social Login and Register Discord, Google, Twitter, LinkedIn = 7.6.4 – Authentication Bypass Affected Plugin: WordPress Social Login and Register Discord, Google, Twitter, LinkedIn Plugin Slug: woocommerce-abandoned-cart Affected Versions: = 7.6.4 CVE ID: CVE-2023-2982 CVSS...
e-Biz Technocrats Pvt.Ltd SQL Injection Vulnerability
It appears that sites designed by e-Biz Technocrats Pvt.Ltd suffer from a remote SQL injection vulnerability. As they do not provide any sort of versioning with their offerings, the researcher was unable to provide affected versions. Versions as of May 11, 2023 were affected. Exploit Title: Sql...
GLPI 9.5.7 - Username Enumeration Vulnerability
Exploit Title: GLPI 9.5.7 - Username Enumeration Author: Rafael B. Vendor Homepage: https://glpi-project.org/pt-br/ Affected Versions: GLPI version 9.1 = 9.5.7 Software: https://github.com/glpi-project/glpi/releases/download/9.5.7/glpi-9.5.7.tgz import requests from bs4 import BeautifulSoup Send ...
Fastly Secret Disclosure Vulnerability
Fastly suffers from the poor practice of sending a temporary password in plaintext. Correspondence from Fastly declined to comment regarding new discovered vulnerabilities within their website. Poor practices regarding password changes. 1. Reset user password 2. Access link sent 3. Temporary...
wolfSSL 5.5.2 WOLFSSL_CALLBACKS Heap Buffer Over-Read Vulnerability
wolfSSL before 5.5.2: Heap-buffer over-read with WOLFSSLCALLBACKS ==================================================================== INFO ======= The CVE project has assigned the id CVE-2022-42905 to this issue. Severity: 9.1 CRITICAL Affected version: before 5.5.2 End of embargo: Ended October...
Personnel Property Equipment 2015-2022 SQL Injection Vulnerability
Title: Personnel Property Equipment-2015-2022 SQLi, Unauthenticated-File-Upload Author: nu11secur1ty Vendor Homepage: https://www.trickcode.in/ Video vendor: https://www.youtube.com/watch?v=ltSwom8sQAQ Software https://www.trickcode.in/2021/03/personnel-property-equipment-system.html Reference:...
Pharmacy Management System 1.0 SQL Injection Vulnerability
Exploit Title: Pharmacy management system - 'email' SQL injection Exploit Author: Saud Alenazi Vendor Homepage: https://www.sourcecodester.com/ Software Link: https://www.sourcecodester.com/php/15281/multi-language-pharmacy-management-system-project-source-code.html Version: 1.0 Tested on: XAMPP,...
Spring Cloud Function SpEL Injection Exploit
Spring Cloud Function versions prior to 3.1.7 and 3.2.3 are vulnerable to remote code execution due to using an unsafe evaluation context with user-provided queries. By crafting a request to the application and setting the spring.cloud.function.routing-expression header, an unauthenticated attack...
AtomCMS v2.0 - SQL injection Vulnerability
Exploit Title: AtomCMS v2.0 - SQLi Exploit Author: Luca Cuzzolin aka czz78 Vendor Homepage: https://github.com/thedigicraft/Atom.CMS Version: v2.0 Category: Webapps Tested on: Debian linux CVE : CVE-2022-24223 ==================================================== PoC : SQLi :...
WBCE CMS 1.5.1 - Admin Password Reset Exploit
Exploit Title: WBCE CMS 1.5.1 - Admin Password Reset Google Dork: intext: "Way Better Content Editing" Exploit Author: citril or https://github.com/maxway2021 Vendor Homepage: https://wbce.org/ Software Link: https://wbce.org/de/downloads/ Version: = 1.5.1 Tested on: Linux CVE : CVE-2021-3817...
Opencart 3 Extension TMD Vendor System - Blind SQL Injection Exploit
Exploit Title: Opencart 3 Extension TMD Vendor System - Blind SQL Injection Author: Muhammad Zaki Sulistya email protected Product: TMD Vendor System Vendor Homepage: https://www.opencartextensions.in/ Software Link: https://www.opencartextensions.in/opencart-multi-vendor-multi-seller-marketplace...
NIMax 5.3.1 - (Remote VISA System) Denial of Service Exploit
Exploit Title: NIMax 5.3.1 - 'Remote VISA System' Denial of Service PoC Exploit Author: LinxzSec Vulnerability: Local Denial of Service DoS Vendor Homepage: https://www.ni.com/en-gb.html Software Link: License Required - https://knowledge.ni.com/KnowledgeArticleDetails?id=kA03q000000YGQwCAO&l=en-...
VMware Fusion USB Arbitrator Setuid Privilege Escalation Exploit
This Metasploit module exploits an improper use of setuid binaries within VMware Fusion versions 10.1.3 through 11.5.3. The Open VMware USB Arbitrator Service can be launched outside of its standard path which allows loading of an attacker controlled binary. By creating a payload in the user home...
Microsoft Windows 10 < build 17763 - AppXSvc Hard Link Privilege Escalation Exploit
There exists a privilege escalation vulnerability for Windows 10 builds prior to build 17763. Due to the AppXSvc's improper handling of hard links, a user can gain full privileges over a SYSTEM-owned file. The user can then utilize the new file to execute code as SYSTEM. This Metasploit module...
ATutor 2.2.4 - file_manager Remote Code Execution Exploit #RCE
Exploit for php platform in category web applications This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "ATutor %q This module allows the user to run commands on the server with teacher user...
HP TouchSmart Calendar 4.1.4245 - Insecure File Permissions Privilege Escalation Vulnerability
Exploit for windows platform in category local exploits + Credits: John Page aka hyp3rlinx Vendor: ========== www.hp.com Product: =========================================== Hewlett Packard TouchSmart Calendar Service File version : 4.1.4245 HP TouchSmart Calendar is a shared calendar where you c...
LG Simple Editor 3.21.0 Command Injection Exploit
LG Simple Editor versions 3.21.0 and below suffer from an unauthenticated command injection vulnerability. The vulnerability can be exploited by a remote attacker to inject arbitrary operating system commands which will get executed in the context of NT AUTHORITY\SYSTEM. class MetasploitModule 'L...
RAD SecFlow-2 Path Traversal Vulnerability
RAD SecFlow-2 devices with Hardware 0202, Firmware 4.1.01.63, and U-Boot 2010.12 suffer from a directory traversal vulnerability. Exploit Title: Path traversal in RAD SecFlow-2 devices with Firmware 4.1.01.63 CVE: CVE-2019-6268 Exploit Author: Branko Milicevic RAD SecFlow-2 devices with Hardware...
Simple Student Attendance System v1.0 Time Based Blind & Union Based SQL Injection Vulnerability
Exploit Title: Simple Student Attendance System v1.0 - 'classid' Time Based Blind & Union Based SQL Injection Exploit Author: Gnanaraj Mauviel @0xm3m Vendor: oretnom23 Vendor Homepage: https://www.sourcecodester.com/php/17018/simple-student-attendance-system-using-php-and-mysql.html Software Link...
Splunk XSLT Upload Remote Code Execution Exploit
This Metasploit module exploits a remote code execution vulnerability in Splunk Enterprise. The affected versions include 9.0.x before 9.0.7 and 9.1.x before 9.1.2. The exploitation process leverages a weakness in the XSLT transformation functionality of Splunk. Successful exploitation requires...
Windows/x64 - PIC Null-Free TCP Reverse Shell Shellcode (476 Bytes)
import ctypes, struct import argparse from keystone import Exploit Title: Windows/x64 - PIC Null-Free TCP Reverse Shell Shellcode 476 Bytes Exploit Author: Senzee Date: 08/29/2023 Platform: Windows X64 Tested on: Windows 11 Home/Windows Server 2022 Standard/Windows Server 2019 Datacenter OS Versi...
mooSocial Social-Commerce 3.1.6 - Reflected XSS Vulnerability
Exploit Title: Social-Commerce 3.1.6 - Reflected XSS Exploit Author: CraCkEr Vendor: mooSocial Vendor Homepage: https://moosocial.com/ Software Link: https://social-commerce.moosocial.com/ Version: 3.1.6 Tested on: Windows 10 Pro Impact: Manipulate the content of the site CVE: CVE-2023-4174...
Apache RocketMQ 5.1.0 Arbitrary Code Injection Exploit
RocketMQ versions 5.1.0 and below are vulnerable to arbitrary code injection. Broker component of RocketMQ is leaked on the extranet and lack permission verification. An attacker can exploit this vulnerability by using the update configuration function to execute commands as the system users that...
WordPress Watu Quiz 3.3.9 / GN Publisher 1.5.5 / Japanized For WooComerce 2.5.4 XSS Vulnerability
WordPress plugins Watu Quiz versions 3.3.9 and below, GN Publisher versions 1.5.5 and below, and Japanized For WooCommerce versions 2.5.4 and below suffer from cross site scripting vulnerabilities. Description: Reflected Cross-Site Scripting Affected Plugin: Watu Quiz Plugin Slug: watu Affected...
ZTE ZXHN-H108NS Stack Buffer Overflow / Denial Of Service Exploit
ZTE ZXHN-H108NS router with firmware version H108NSV1.0.7uZRDGR2A68 remote stack buffer overflow exploit that causes a denial of service condition. Exploit Title: Router ZTE-H108NS - Stack Buffer Overflow DoS Date: 19-11-2022 Exploit Author: George Tsimpidas Vendor: https://www.zte.com.cn/global/...
Spryker Commerce OS Remote Command Execution Vulnerability
Spryker Commerce OS with spryker/http module versions prior to 1.7.0 suffer from a remote command execution vulnerability due to a predictable value in use. Title ===== SCHUTZWERK-SA-2022-003: Remote Command Execution in Spryker Commerce OS Status ====== PUBLISHED Version ======= 1.0 CVE referenc...
Mitsubishi Electric & INEA SmartRTU - Source Code Disclosure Vulnerability
Exploit Title: Mitsubishi Electric & INEA SmartRTU - Source Code Disclosure Exploit Author: Hamit CİBO Vendor Homepage: https://www.inea.si Software Link: https://www.inea.si/telemetrija-in-m2m-produkti/mertu/ Version: ME RTU Tested on: Windows CVE : CVE-2018-16060 PoC Request GET /web HTTP/1.1...
FaceSentry Access Control System 6.4.8 - Remote SSH Root Exploit
Exploit for hardware platform in category web applications !/usr/bin/env python -- coding: utf-8 -- FaceSentry Access Control System 6.4.8 Remote SSH Root Access Exploit Vendor: iWT Ltd. Product web page: http://www.iwt.com.hk Affected version: Firmware 6.4.8 build 264 Algorithm A16 Firmware 5.7....
OpenKM 6.3.2 < 6.3.7 - Remote Command Execution Exploit #RCE
Exploit for jsp platform in category web applications This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'OpenKM Document Management %q Versions of the OpenKM Document Management 'AkkuS ' ,...
MiniNuke <= 1.8.2 Multiple SQL Injection Vulnerabilities
Exploit for unknown platform in category web applications ======================================================== MiniNuke http://site/news.asp?Action=Print&hid=SQLQuery http://www.miniex.net/news.asp?Action=Print&hid=66%20union+select+0,sifre,0,0,0,0,0,0,0,0+from+members+where+uyeid=52 Columns ...
vmwgfx Driver File Descriptor Handling Privilege Escalation Exploit
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'vmwgfx Driver File Descriptor Handling Priv Esc', 'Description' = %q If the vmwgfx driver fails to copy the 'fencerep' object to userland, it tri...
Citrix Workspace App For Linux 2212 Credential Leak Vulnerability
The Citrix Linux client emits its session credentials when starting a Citrix session. These credentials end up being recorded in the client's system log. Citrix does not consider this to be a security vulnerability. Citrix Workspace App for Linux versions 2212 is affected. Citrix Linux client...
AimOne Video Converter V2.04 Build 103 Denial of Service Exploit
Exploit Title: AimOne Video Converter V2.04 Build 103 Denial of Service Exploit Date: 30.12.2022 Vendor Homepage:www.aimonesoft.com Software Link: https://aimone-video-converter.software.informer.com/download/downloading Exploit Author: Achilles Tested Version: v2.04 Tested on: Windows 7 x64 1.-...
rpc.py 0.6.0 - Remote Code Execution Exploit
Exploit Title: rpc.py 0.6.0 - Remote Code Execution RCE Exploit Author: Elias Hohl Vendor Homepage: https://github.com/abersheeran Software Link: https://github.com/abersheeran/rpc.py Version: v0.4.2 - v0.6.0 Tested on: Debian 11, Ubuntu 20.04 CVE : CVE-2022-35411 import requests import pickle...
WordPress 5.9 Cross Site Scripting Vulnerability
WordPress versions 5.9 and below suffer from a cross site scripting vulnerability in the author and contributor roles. Per the researcher, WordPress is addressing this in their next release and considers this a medium severity vulnerability. Document Title: =============== Wordpress = 5.9...
Online Magazine Management System 1.0 SQL Injection Vulnerability
Online Magazine Management System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass. Exploit Title: Online Magazine Management System 1.0 - SQLi Authentication Bypass Exploit Author: Mohamed habib Smidi Craniums Vendor Homepage:...
Microsoft Windows - AppX Deployment Service Local Privilege Escalation (2) Exploit
Exploit for windows platform in category local exploits Microsoft Windows - AppX Deployment Service Local Privilege Escalation 2 Exploit There is still a vuln in the code triggered by CVE-2019-0841 The bug that this guy found:...