39001 matches found
WordPress Ghost theme - Arbitrary File Upload Vulnerability
Exploit for php platform in category web applications 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /' \ /\ //\ Exploit database separated by exploit 0 0 // type local, remote, DoS, etc. 1 1 1 0 +...
WordPress Navayan CSV Export 1.0.9 SQL Injection Vulnerability
CVE-2024-55988 Navayan CSV Export = 1.0.9 - Unauthenticated SQL Injection Description The Navayan CSV Export plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 1.0.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation o...
Microsoft Windows Defender - VBScript Detection Bypass Vulnerability
This is additional research regarding a mitigation bypass in Windows Defender. Back in 2022, the researcher disclosed how it could be easily bypassed by passing an extra path traversal when referencing mshtml but that issue has since been mitigated. However, the researcher discovered using multip...
Electrolink FM/DAB/TV Transmitter Unauthenticated Remote Denial Of Service Vulnerability
Electrolink FM/DAB/TV Transmitter from a denial of service scenario. An unauthenticated attacker can reset the board as well as stop the transmitter operations by sending one GET request to the command.cgi gateway. Electrolink FM/DAB/TV Transmitter Unauthenticated Remote DoS Vendor: Electrolink...
Franklin Fueling Systems TS-550 - Default Password Vulnerability
Exploit Title: Franklin Fueling Systems TS-550 - Default Password Exploit Author: parsa rezaie khiabanloo Vendor Homepage: Franklin Fueling Systems http://www.franklinfueling.com/ Version: TS-550 Tested on: Linux/Androidtermux Step 1 : attacker can using these dorks and access to find the panel...
macOS/x64 Execve Caesar Cipher String Null-Free Shellcode (286 bytes)
Shellcode Title: macOS/x64 - Execve Caesar Cipher String Null-Free Shellcode 286 Bytes Shellcode Author: Bobby Cooke boku @0xBoku github.com/boku7 Tested on: macOS Monterey; 21.6.0 Darwin Kernel Version; x8664 Shellcode Description: macOS 64 bit shellcode. Uses execve syscall to spawn bash. The...
Stock Management System 2020 SQL injection Vulnerability
Title: Stock-Management-System-2020 SQLi Author: nu11secur1ty Vendor: https://github.com/Dav-ee Software: https://github.com/Dav-ee/Stock-Management-System Reference: https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/Kiprono-Davies/2022/Stock-Management-System-2020 Description: T...
Online Restaurant Table Reservation System 1.0 SQL Injection Vulnerability
Exploit Title: Online Restaurant Table Reservation System v1.0 Exploit Author: segf0lt Vendor Homepage: https://www.sourcecodester.com/php/15286/online-restaurant-table-reservation-system-phpoop-free-source-code.html Software Link:...
Zyxel NWA-1100-NH - Command Injection Vulnerability
Exploit Title: Zyxel NWA-1100-NH - Command Injection Exploit Author: Ahmed Alroky Vendor Homepage: https://www.zyxel.com/homepage.shtml Version: ALL BEFORE 2.12 Tested on: Linux CVE : CVE-2021-4039 References : https://download.zyxel.com/NWA1100-NH/firmware/NWA1100-NH2.12AASI.3C02.pdf ,...
CollectorStealerBuilder Panel 2.0.0 Insecure Credential Storage Vulnerability
The panel for Collector Stealer malware version 2.0.0 stores the login credentials in plaintext in its MySQL database. Third-party attackers who gain access to the system can read the database username passwords without having to crack them offline. Discovery / credits: Malvuln - malvuln.com c 20...
Mikrotik RouterOS NULL Pointer Dereference / Reachable Assertion Failure Vulnerabilities
Mikrotik RouterOS NULL Pointer Dereference / Reachable Assertion Failure Details ======= Product: MikroTik's RouterOS Vendor URL: https://mikrotik.com/ Vendor Status: fixed version released CVE: - Credit: Qian Chen@cq674350529 of Qihoo 360 Nirvan Team Product Description ================== Router...
Shape Web Solutions CMS SQL Injection Vulnerability
Exploit for php platform in category web applications Shape Web Solutions CMS SQL Injection Vulnerability Exploit Title: Shape Web Solutions CMS SQL Injection Vulnerability Date: 03-18-2011 Vendor or Software Link: http://www.shapeweb.com.br/ Version: All version Category:: webapps Google dork:...
VIMESA VHF/FM Transmitter Blue Plus 9.7.1 (doreboot) - Denial Of Service Exploit
VIMESA VHF/FM Transmitter Blue Plus 9.7.1 doreboot Remote Denial Of Service Vendor: Video Medios, S.A. VIMESA Product web page: https://www.vimesa.es Affected version: img:v9.7.1 Html:v2.4 RS485:v2.5 Summary: The transmitter Blue Plus is designed with all the latest technologies, such as high...
CSZ CMS 1.3.0 Shell Upload Vulnerability
Exploit Title: CSZ CMS Version 1.3.0 Remote Command Execution Date: 23/11/2023 Exploit Author: tmrswrr Vendor Homepage: https://www.cszcms.com/ Software Link: https://www.cszcms.com/link/3https://sourceforge.net/projects/cszcms/files/latest/download Version: Version 1.3.0 Tested on:...
GOM Player 2.3.90.5360 MITM / Remote Code Execution Exploit
GOM Player version 2.3.90.5360 man-in-the-middle proof of concept remote code execution exploit. Exploit Title: GOM Player 2.3.90.5360 - Remote Code Execution RCE Author: M. Akil Gündoğan Contact: https://twitter.com/akilgundogan Vendor Homepage: https://www.gomlab.com/gomplayer-media-player/...
Faculty Evaluation System v1.0 - SQL Injection Vulnerability
Exploit Title: Faculty Evaluation System v1.0 - SQL Injection Exploit Author: Andrey Stoykov Vendor Homepage: https://www.sourcecodester.com/php/14635/faculty-evaluation-system-using-phpmysqli-source-code.html Software Link:...
Service Provider Management System v1.0 - SQL Injection Vulnerability
Exploit Title: Service Provider Management System v1.0 - SQL Injection Exploit Author: Ashik Kunjumon Vendor Homepage: https://www.sourcecodester.com/users/lewa Software Link:...
Windows/x64 - Delete File shellcode / Dynamic PEB method null-free Shellcode
; Name: Windows/x64 - Delete File shellcode / Dynamic PEB method null-free Shellcode ; Author: Nayani ; Tested on: Microsoft Windows Version 10.0.22621 Build 22621 ; Description: ; This an implementation of DeleteFileA Windows api to delete a file in the C:/Windows/Temp/ directory. ; To test this...
Explore CMS 1.0 - SQL Injection Vulnerability
Exploit Title: Explore CMS 1.0 - SQL Injection Exploit Author: Sajibe Kanti Vendor Name : EXPLORE IT Vendor Homepage: https://exploreit.com.bd CVE: CVE-2022-27412 POC SQL Injection SQL injection is a web security vulnerability that allows an attacker to interfere with the queries that an...
Scriptcase 9.7 - Remote Code Execution Exploit
Exploit Title: Scriptcasr 9.7 arbitrary file upload getshell Exploit Author: luckyt0mat0 Vendor Homepage: https://www.scriptcase.net/ Software Link: https://www.scriptcase.net/download/ Version: 9.7 Tested on: Windows Server 2019 Proof of Concept: POST...
Virtual Airlines Manager 2.6.2 - (multiple) SQL Injection Vulnerability
Exploit Title: Virtual Airlines Manager 2.6.2 - 'multiple' SQL Injection Google Dork: Powered by Virtual Airlines Manager v2.6.2 Exploit Author: Milad Karimi Vendor Homepage: http://virtualairlinesmanager.net Software Link: https://virtualairlinesmanager.net/index.php/vam-releases/ Version: 2.6.2...
WordPress Backup and Restore 1.0.3 Plugin - Arbitrary File Deletion Vulnerability
Exploit Title: WordPress Plugin Backup and Restore 1.0.3 - Arbitrary File Deletion Exploit Author: Murat DEMIRCI @butterflyhunt3r Vendor Homepage: https://www.miniorange.com/ Software Link: https://wordpress.org/plugins/backup-and-restore-for-wp/ Version: 1.0.3 Tested on : Windows 10 Poc:...
ZeroLogon - Netlogon Elevation of Privilege Exploit
Exploit Title: ZeroLogon - Netlogon Elevation of Privilege Date: 2020-10-04 Exploit Author: West Shepherd Vendor Homepage: https://www.microsoft.com Version: Microsoft Windows Server 2019, Windows Server 2016, Windows Server 2012 R2, Windows Server 2012, Windows Server 2008 R2 Tested on: Microsof...
PHP-Fusion 9.03.60 - PHP Object Injection Exploit
Exploit for php platform in category web applications Exploit Title: PHP-Fusion 9.03.60 - PHP Object Injection Exploit Author: coiffeur Vendor Homepage: https://www.php-fusion.co.uk/home.php Software Link: https://www.php-fusion.co.uk/phpfusion9downloads.php Version: v9.03.60 Description: PHP...
ABB Cylon Aspect 3.07.02 user.properties Default Credentials Vulnerability
ABB Cylon Aspect version 3.07.02 uses a weak set of default administrative credentials that can be guessed in remote password attacks and used to gain full control of the system. ABB Cylon Aspect 3.07.02 user.properties Default Credentials Vendor: ABB Ltd. Product web page: https://www.global.abb...
WyreStorm Apollo VX20 Account Enumeration Vulnerability
An issue was discovered on WyreStorm Apollo VX20 devices prior to version 1.3.58. The TELNET service prompts for a password only after a valid username is entered. Attackers who can reach the Apollo VX20 Telnet service can determine valid accounts allowing for account discovery. + Credits: John...
VMWare Aria Operations For Networks SSH Private Key Exposure Exploit
VMWare Aria Operations for Networks vRealize Network Insight versions 6.0.0 through 6.10.0 do not randomize the SSH keys on virtual machine initialization. Since the key is easily retrievable, an attacker can use it to gain unauthorized remote access as the "support" root user. This module requir...
AVEVA InTouch Access Anywhere Secure Gateway 2020 R2 - Path Traversal Vulnerability
Exploit Title: AVEVA InTouch Access Anywhere Secure Gateway 2020 R2 - Path Traversal Exploit Author: Jens Regel CRISEC IT-Security CVE: CVE-2022-23854 Version: Access Anywhere Secure Gateway versions 2020 R2 and older Proof of Concept: GET...
MyBB 1.8.29 - MyBB 1.8.29 - Remote Code Execution (Authenticated) Exploit
Exploit Title: MyBB 1.8.29 - Remote Code Execution RCE Authenticated Exploit Author: Altelus Vendor Homepage: https://mybb.com/ Software Link: https://github.com/mybb/mybb/releases/tag/mybb1829 Version: MyBB 1.8.29 Tested on: Linux CVE : CVE-2022-24734 An RCE can be obtained on MyBB's Admin CP in...
Firefox MCallGetProperty Write Side Effects Use-After-Free Exploit
This Metasploit modules exploits CVE-2020-26950, a use-after-free exploit in Firefox. The MCallGetProperty opcode can be emitted with unmet assumptions resulting in an exploitable use-after-free condition. This exploit uses a somewhat novel technique of spraying ArgumentsData structures in order ...
myfactory.FMS 7.1-911 Cross Site Scripting Vulnerability
Cross-Site Scripting in myfactory.FMS During a penetration test, a reflected cross-site scripting vulnerability XSS was found in the myfactory.FMS login form. If a user opens an attacker-prepared link to the application, attackers can run arbitrary JavaScript code in the user's browser. Details...
Dell OpenManage Network Manager 6.2.0.51 SP3 Privilege Escalation Exploit
Dell OpenManage Network Manager exposes a MySQL listener that can be accessed with default credentials. This MySQL service is running as the root user, so an attacker can exploit this configuration to, e.g., deploy a backdoor and escalate privileges into the root account. Dell OpenManage Network...
PHP 7.0.13 Use After Free unserialize() PoC Exploit
Exploit for php platform in category dos / poc PoC: data; function unserialize$data $this-data = unserialize$data; class obj2 var $ryat; function wakeup $this-ryat = null; $inner = 's:4:"ryat";'; $exploit = 'a:2:i:0;C:4:"obj1":'.strlen$inner.':'.$inner.'i:1;O:4:"obj2":1:s:4:"ryat";R:3;'; $data =...
djangorestframework-simplejwt 5.3.1 - Information Disclosure Exploit
Exploit Title: djangorestframework-simplejwt 5.3.1 - Information Disclosure Date: 26/01/2024 Exploit Author: Dhrumil Mistry dmdhrumilmistry Vendor Homepage: https://github.com/jazzband/djangorestframework-simplejwt/ Software...
GUnet OpenEclass E-learning 3.15 File Upload / Command Execution Exploit
GUnet OpenEclass E-learning platform version 3.15 suffers from an unrestricted file upload vulnerability in certbadge.php that allows for remote command execution. import requests import argparse import zipfile import os import sys RED = '\03391m' GREEN = '\03392m' YELLOW = '\03393m' RESET =...
Lektor Static CMS 3.3.10 Arbitrary File Upload / Remote Code Execution Vulnerabilities
Lektor Static CMS version 3.3.10 suffers from an arbitrary file upload vulnerability that can be leveraged to achieve remote code execution. Exploit Title: Lektor static content management system Version: 3.3.10 Arbitrary File upload Exploit Author: kai6u Vendor Homepage: https://www.getlektor.co...
DataCube3 v1.0 - Unrestricted file upload Remote Code Execution Exploit
Exploit Title: DataCube3 v1.0 - Unrestricted file upload 'RCE' Exploit Author: Samy Younsi - NS Labs https://neroteam.com Vendor Homepage: https://www.f-logic.jp Software Link: https://www.f-logic.jp/pdf/support/manualproduct/manualproductdatacube3ver1.0sc.pdf Version: Ver1.0 Tested on: DataCube3...
SitePad 1.8.2 Cross Site Scripting Vulnerability
Exploit Title: SitePad Version : 1.8.2 - Stored XSS Exploit Author: tmrswrr Vendor Homepage: https://sitepad.com/ Version : 1.8.2 Tested on: https://www.softaculous.com/apps/blogs/SitePad 1 Go to Templates Header Edit Pagelayer Template 2 Write in Name : " 3 After save and refresh page will be se...
liveSite 2019.1 Remote Code Execution Vulnerability
Exploit Title: liveSite Version : 2019.1 Remote Code Execution Exploit Author: tmrswrr Category: Webapps Vendor Homepage: https://livesite.com/ Version : 2019.1 Tested on: https://www.softaculous.com/apps/cms/liveSite 1 Login with admin cred Click Staff Home Edit Designer Region Name:megamenu ,...
Electrolink FM/DAB/TV Transmitter (controlloLogin.js) Credential Disclosure Vulnerability
Electrolink FM/DAB/TV Transmitter suffers from a disclosure of clear-text credentials in controlloLogin.js that can allow security bypass and system access. Electrolink FM/DAB/TV Transmitter controlloLogin.js Credentials Disclosure Vendor: Electrolink s.r.l. Product web page:...
EuroTel ETL3100 - Transmitter Default Credentials Vulnerability
Exploit Title: EuroTel ETL3100 Transmitter Default Credentials Exploit Author: LiquidWorm Vendor: EuroTel S.p.A. | SIEL, Sistemi Elettronici S.R.L Product web page: https://www.eurotel.it | https://www.siel.fm Affected version: v01c01 Microprocessor: socs0t10/ats01s01, Model: ETL3100 Exciter v01x...
Seagate Central Storage 2015.0916 - Unauthenticated Remote Command Execution Exploit
Exploit Title: Seagate Central Storage 2015.0916 - Unauthenticated Remote Command Execution Metasploit Date: Dec 9 2019 Exploit Author: Ege Balci Vendor Homepage: https://www.seagate.com/de/de/support/external-hard-drives/network-storage/seagate-central/ Version: 2015.0916 CVE : 2020-6627 This...
Active eCommerce CMS 6.3.0 Cross Site Scripting Vulnerability
Exploit Title: Active eCommerce CMS Cross Site Scripting Exploit Author: th3d1gger Vendor Homepage: https://codecanyon.net Software Link: https://codecanyon.net/item/active-ecommerce-cms/23471405 Version: Version 6.3.0 Tested on Ubuntu 18.04 -------Request----------- POST /ajax-search HTTP/1.1...
Banco Guayaquil 8.0.0 Cross Site Scripting Vulnerability
Banco Guayaquil for iOS version 8.0.0 suffers from a script insertion vulnerability where a user can insert malicious code into their own name and could possibly be leveraged for attacks upstream. Document Title: =============== Banco Guayaquil Versión 8.0.0 IOS - Cross Site Scripting Stored...
TerraMaster F4-210 / F2-210 Remote Code Execution Exploit
Terramaster F4-210 and F2-210 chained exploit that performs session crafting to achieve escalated privileges that then allows an attacker to access vulnerable code execution flaws. TOS versions 4.2.x are affected. /bin/env python """ Product: Terramaster F4-210, Terramaster F2-210 Version: TOS...
Microsoft Internet Explorer Active-X Control Security Bypass Vulnerability
Microsoft Internet Explorer suffers from an active-x related bypass vulnerability. Microsoft will not address the issue as it is end of life. + Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source:...
Simple Client Management System 1.0 - SQL injection Authentication Bypass Vulnerability
Exploit Title: Simple Client Management System 1.0 - SQLi Authentication Bypass Exploit Author: Sentinal920 Category: Web application Vendor Homepage: https://www.sourcecodester.com/php/15027/simple-client-management-system-php-source-code.html Software Link:...
NIMax 5.3.1f0 - (VISA Alias) Denial of Service Exploit
Exploit Title: NIMax 5.3.1f0 - 'VISA Alias' Denial of Service PoC Exploit Author: LinxzSec Vulnerability: Local Denial of Service DoS Vendor Homepage: https://www.ni.com/en-gb.html Software Link: License Required - https://knowledge.ni.com/KnowledgeArticleDetails?id=kA03q000000YGQwCAO&l=en-GB...
Remote Mouse 4.002 - Unquoted Service Path Vulnerability
Exploit Title: Remote Mouse 4.002 - Unquoted Service Path Exploit Author: Salman Asad @deathflash1411, email protected Software Link: https://www.remotemouse.net/downloads/RemoteMouse.exe Vendor Homepage: https://www.remotemouse.net/ Version: Remote Mouse 3.008 & 4.002 Tested on: Windows 10 Proof...
VMware WorkStation 12.5.3 - Virtual Machine Escape Exploit
VMware Escape Exploit VMware Escape Exploit before VMware WorkStation 12.5.3 Host Target: Win10 x64 Compiler: VS2013 Test on VMware 12.5.2 build-4638234 Known issues Failing to heap manipulation causes host process crash. About 50% successful rate Not quite elaborate because I'm not good at doing...