39001 matches found
Banco Guayaquil 8.0.0 Cross Site Scripting Vulnerability
Banco Guayaquil for iOS version 8.0.0 suffers from a script insertion vulnerability where a user can insert malicious code into their own name and could possibly be leveraged for attacks upstream. Document Title: =============== Banco Guayaquil Versión 8.0.0 IOS - Cross Site Scripting Stored...
TerraMaster F4-210 / F2-210 Remote Code Execution Exploit
Terramaster F4-210 and F2-210 chained exploit that performs session crafting to achieve escalated privileges that then allows an attacker to access vulnerable code execution flaws. TOS versions 4.2.x are affected. /bin/env python """ Product: Terramaster F4-210, Terramaster F2-210 Version: TOS...
Microsoft Internet Explorer Active-X Control Security Bypass Vulnerability
Microsoft Internet Explorer suffers from an active-x related bypass vulnerability. Microsoft will not address the issue as it is end of life. + Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source:...
Simple Client Management System 1.0 - SQL injection Authentication Bypass Vulnerability
Exploit Title: Simple Client Management System 1.0 - SQLi Authentication Bypass Exploit Author: Sentinal920 Category: Web application Vendor Homepage: https://www.sourcecodester.com/php/15027/simple-client-management-system-php-source-code.html Software Link:...
Remote Mouse 4.002 - Unquoted Service Path Vulnerability
Exploit Title: Remote Mouse 4.002 - Unquoted Service Path Exploit Author: Salman Asad @deathflash1411, email protected Software Link: https://www.remotemouse.net/downloads/RemoteMouse.exe Vendor Homepage: https://www.remotemouse.net/ Version: Remote Mouse 3.008 & 4.002 Tested on: Windows 10 Proof...
VMware WorkStation 12.5.3 - Virtual Machine Escape Exploit
VMware Escape Exploit VMware Escape Exploit before VMware WorkStation 12.5.3 Host Target: Win10 x64 Compiler: VS2013 Test on VMware 12.5.2 build-4638234 Known issues Failing to heap manipulation causes host process crash. About 50% successful rate Not quite elaborate because I'm not good at doing...
Oracle PeopleSoft 8.5x - Remote Code Execution Vulnerability
Exploit for java platform in category web applications Exploit Title: RCE vulnerability in monitor service of PeopleSoft 8.54, 8.55, 8.56 Date: 30 Oct 2017 Exploit Author: Vahagn Vardanyan Vendor Homepage: Oracle Software Link: Oracle PeopleSoft Version: 8.54, 8.55, 8.56 Tested on: Windows, Linux...
Eremetia (news.php and faq2.php) SQL Injection Vulnerability
Exploit for php platform in category web applications ============================================================ Eremetia news.php and faq2.php SQL Injection Vulnerability ============================================================...
Mambo cropimage Component <= 1.0 Remote File Include Vulnerability
Exploit for unknown platform in category web applications ================================================================== Mambo cropimage Component = 1.0 Remote File Include Vulnerability ================================================================== C Y B E R - W A R R I O R T I M Mambo...
Limbo <= 1.0.4.2 _SERVER[REMOTE_ADDR] Overwrite Remote Exploit
Exploit for unknown platform in category web applications ============================================================== Limbo this works wtih registerglobals off & regardless of magicquotesgpc settings usage: launch from Apache, fill in requested fields, then go! Sun-Tzu: "Humble words and...
WordPress Contact Form To Any API 1.1.6 Cross Site Request Forgery Vulnerability
Exploit Title: WP Plugins Contact Form to Any API history.pushState'', '', '/'; document.forms0.submit; Recommendation Upgrade to version 1.1.7...
Outline V1.6.0 - Unquoted Service Path Vulnerability
Exploit Title: Outline V1.6.0 - Unquoted Service Path Exploit Author: Milad Karimi Ex3ptionaL Vendor Homepage: https://getoutline.org/ Software Link: https://getoutline.org/ Tested Version: V1.6.0 Vulnerability Type: Unquoted Service Path Tested on OS: Microsoft Windows 11 Enterprise Step to...
Tiki Wiki CMS Groupware 24.1 tikiimporter_blog_wordpress.php PHP Object Injection Vulnerability
---------------------------------------------------------------------------------------------------- Tiki Wiki CMS Groupware input type="fi...
WordPress Anti-Malware Security And Brute-Force Firewall Cross Site Scripting Vulnerability
Tittle: WordPress Plugin Anti-Malware Security and Brute-Force Firewall HTTP/1.1 Cache-Control: max-age=0 Upgrade-Insecure-Requests: 1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9 Accept-Encoding: gzi...
Microweber CMS 1.2.10 Local File Inclusion Exploit
Exploit Title: Microweber CMS v1.2.10 Local File Inclusion Authenticated Exploit Author: Talha Karakumru Vendor Homepage: https://microweber.org/ Software Link: https://github.com/microweber/microweber/archive/refs/tags/v1.2.10.zip Version: Microweber CMS v1.2.10 Tested on: Microweber CMS v1.2.10...
VulturiBuilder Insecure Permissions Vulnerability
Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/ca294b2f778abc14fef6313b3cea7155.txt Contact: email protected Media: twitter.com/malvuln Threat: VulturiBuilder Vulnerability: Insecure Permissions Description: The malware writes an .EXE with insecure...
Dixell XWEB 500 - Arbitrary File Write Vulnerability
Exploit Title: Dixell XWEB-500 - Arbitrary File Write Google Dork: inurl:"xweb500.cgi" Exploit Author: Roberto Palamaro Vendor Homepage: https://climate.emerson.com/it-it/shop/1/dixell-electronics-sku-xweb500-evo-it-it Version: XWEB-500 Tested on: Dixell XWEB-500 References:...
XenForo 2.1.10 Patch 2 Cross Site Scripting Vulnerability
Exploit for php platform in category web applications Exploit Title: XenForo v2.1.10 Patch 2 Stored XSS Author: Vincent666 ibn Winnie Software Link: https://xenforo.com/demo/ Tested on: Windows 10 Web Browser: Mozilla Firefox Blog :https://pentest-vincent.blogspot.com/ PoC...
PHP 7.2.2 - php_stream_url_wrap_http_ex Buffer Overflow Exploit
Exploit for php platform in category dos / poc Description: ------------ The latest PHP distributions contain a memory corruption bug while parsing malformed HTTP response packets. Vulnerable code at: phpstreamurlwraphttpex /home/weilei/php-7.2.2/ext/standard/httpfopenwrapper.c:723 if...
WeBid 1.1.1 Unrestricted File Upload Exploit
Exploit for php platform in category web applications ?php / ,--^----------,--------,-----,-------^--, | ||||||||| --------' | O .. CWH Underground Hacking Team .. +---------------------------^----------| ,-------, | / XXXXXX /| / / XXXXXX / \ / / XXXXXX /\ / XXXXXX / / XXXXXX / ------' Exploit...
Ollama 0.5.11 Denial of Service Exploit
Ollama supports importing and parsing user-uploaded customized GGUF models via the network request by default. This functionality can be manipulated to cause an out-of-memory denial of service attack. Title: The malicious gguf model can lead to DoS due to out of memory killed via network in ollam...
Tramyardg Autoexpress 1.3.0 SQL Injection Vulnerability
Exploit Title: tramyardg autoexpress - SQL Injection Exploit Author: Scott White Vendor Homepage: https://github.com/tramyardg/autoexpress Version: v1.3.0 Tested on: Ubuntu 22.04.3 LTS + Apache/2.4.52 CVE : CVE-2023-48901 References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48901...
Zoo Management System 1.0 - Unauthenticated Remote Code Execute Vulnerability
Exploit Title: Zoo Management System 1.0 - Unauthenticated RCE Exploit Author: Çağatay Ceyhan Vendor Homepage: https://www.sourcecodester.com/php/15347/zoo-management-system-source-code-php-mysql-database.htmlgooglevignette Software Link:...
Student Study Center Management System v1.0 - Stored Cross-Site Scripting Vulnerability
Exploit Title: Student Study Center Management System v1.0 - Stored Cross-Site Scripting XSS Exploit Author: VIVEK CHOUDHARY @sudovivek Version: V1.0 Tested on: Windows 10 Vendor Homepage: https://phpgurukul.com Software Link:...
Serendipity 2.4.0 - Remote Code Execution (Authenticated) Vulnerability
Exploit Title: Serendipity 2.4.0 - Remote Code Execution RCE Authenticated Application: Serendipity Version: 2.4.0 Bugs: Remote Code Execution RCE Authenticated via file upload Technology: PHP Vendor URL: https://docs.s9y.org/ Software Link: https://docs.s9y.org/downloads.html Date of found:...
Joomla! 4.2.7 Unauthenticated Information Disclosure Exploit
!/usr/bin/env ruby Exploit Title: Joomla! = 4.2.8 References: - https://nsfocusglobal.com/joomla-unauthorized-access-vulnerability-cve-2023-23752-notice/ - https://developer.joomla.org/security-centre/894-20230201-core-improper-access-check-in-webservice-endpoints.html -...
MAN-EAM-0003 V3.2.4 - XML External Entity (XXE) Vulnerability
Exploit Title: MAN-EAM-0003 V3.2.4 - XXE Date: 2022-09-19 Exploit Author: Ahmed Alroky Author: http://guralp.com/ Version: 3.2.4 Authentication Required: NO CVE : CVE-2022-38840 Google dork: " webconfig menu.cgi " Tested on: Windows Exploit 1 - browse to http:// name/cgi-bin/xmlstatus.cgi 2 - cli...
AirSpot 5410 0.3.4.1-4 Remote Command Injection Exploit
-- coding: utf-8 -- Exploit Title: AirSpot unauthenticated remote command injection Date: 7/26/2022 Exploit Author: Samy Younsi NSLABS https://samy.link Vendor Homepage: https://www.airspan.com/ Software Link: https://wdi.rfwel.com/cdn/techdocs/AirSpot5410.pdf Version: 0.3.4.1-4 and under. Tested...
Online Diagnostic Lab Management System 1.0 - SQL Injection Vulnerability
Exploit Title: Online Diagnostic Lab Management System 1.0 - SQL Injection Unauthenticated Exploit Author: Himash Vendor Homepage: https://www.sourcecodester.com/php/15129/online-diagnostic-lab-management-system-php-free-source-code.html Software Link:...
Bio Star 2.8.2 - Local File Inclusion Vulnerability
Exploit for multiple platform in category web applications Exploit Title: Bio Star 2.8.2 - Local File Inclusion Authors: SITE Team Rian Saaty, Bashaer AlHarthy, Safeyah Alhazmi Exploit Author: SITE Team Vendor Homepage: https://www.supremainc.com/en/main.asp Software Link:...
WordPress Email Subscribers & Newsletters 4.2.2 Plugin - Unauthenticated File Download Vulnerabi
Exploit for php platform in category web applications Exploit Title: WordPress Plugin Email Subscribers & Newsletters 4.2.2 - Unauthenticated File Download Google Dork: "Stable tag" inurl:wp-content/plugins/email-subscribers/readme.txt Exploit Author: email protectedESEC Vendor Homepage:...
Metasploit Sample Linux Privilege Escalation Exploit
This Metasploit exploit module illustrates how a vulnerability could be exploited in a linux command for privilege escalation. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework This exploit sample shows how an exploit...
XMPlay 3.8.3 - .m3u Denial of Service Exploit
Exploit for windows platform in category dos / poc Exploit Title: XMPlay 3.8.3 - '.m3u' Denial of Service PoC Exploit Author: s7acktrac3 Vendor Homepage: https://www.xmplay.com/ Software Link: https://support.xmplay.com/filesview.php?fileid=676 Version: 3.8.3 latest Tested on: Windows XP/7/8 CVE ...
Exim GHOST (glibc gethostbyname) Buffer Overflow Exploit
Exploit for linux platform in category remote exploits This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit4 'Exim GHOST glibc gethostbyname Buffer Overflow', 'Description' = %q This modu...
SongForever clone Shell Upload Vulnerability
Exploit for unknown platform in category web applications ============================================ SongForever clone Shell Upload Vulnerability ============================================ ======================================================================================== | Title :...
Human Resource Management System 1.0 - (employeeid) SQL Injection Vulnerability
Exploit Title: Human Resource Management System - SQL Injection Exploit Author: Srikar Exp1o1t9r Vendor Homepage: https://www.sourcecodester.com/php/15740/human-resource-management-system-project-php-and-mysql-free-source-code.html Software Link:...
Ubuntu 22.04 perl2exe < V30.10C - Arbitrary Code Execution Vulnerability
Exploit Title: Executables Created with perl2exe safe.pl user@testing:/example$ ./perl2exe-Linux-x64-5.30.1/perl2exe safe.pl Perl2Exe V30.10C 2020-12-11 Copyright c 1997-2020 IndigoSTAR Software ... Generating safe user@testing:/example$ user@testing:/example$ Check that the program executes as...
etcd-browser 87ae63d75260 Directory Traversal Vulnerability
An issue was discovered in server.js in etcd-browser 87ae63d75260. By supplying a /../../../ Directory Traversal input to the URL's GET request while connecting to the remote server port specified during setup, an attacker can retrieve local operating system files from the remote system...
Anevia Flamingo XL 3.2.9 Remote Root Jailbreak Vulnerability
Anevia Flamingo XL 3.2.9 login Remote Root Jailbreak Vendor: Ateme Product web page: https://www.ateme.com Affected version: 3.2.9 Hardware revision 1.0 SoapLive 2.0.3 Summary: Flamingo XL, a new modular and high-density IPTV head-end product for hospitality and corporate markets. Flamingo XL...
SEO Friendly Blog CMS 1.0 Cross Site Scripting Vulnerability
Title: SEO-friendly-blog-CMS-system-in-PHP-with-MYSQL-database-1.0-2023 XSS-Reflected Vulnerability Author: nu11secur1ty Vendor: https://technosmarter.com/ Software: https://github.com/technosmarter/SEO-friendly-blog-CMS-system-in-PHP-with-MYSQL-database Reference XSS:...
TitanFTP 2.0.1.2102 - Path traversal to Remote Code Execution Exploit
Titan FTP Server Path Traversal Vulnerability in move-file Function Version: 2.0.1.2102 CVE-2023-22629 CWE-24: Path Traversal TitanFTP Server is vulnerable to a path traversal attack in the move-file function. An attacker can exploit this vulnerability by providing a specially crafted newPath...
Linear eMerge E3-Series Access Controller Command Injection Exploit
This Metasploit module exploits a command injection vulnerability in the Linear eMerge E3-Series Access Controller. The Linear eMerge E3 versions 1.00-06 and below are vulnerable to unauthenticated command injection in cardscandecoder.php via the No and door HTTP GET parameter. Successful...
Canteen Management 1.0 2022 - XSS Reflected Vulnerability
Title: Canteen-Management-1.0-2022 suffers from XSS-Reflected Author: nu11secur1ty Vendor: https://www.mayurik.com/ Software: https://github.com/nu11secur1ty/CVE-nu11secur1ty/blob/main/vendors/mayurik/2022/Canteen-Management/Docs/youthappam.zip?raw=true Reference:...
PHP Laravel 8.70.1 - Cross Site Scripting to Cross Site Request Forgery Vulnerability
Exploit Title: PHP Laravel 8.70.1 - Cross Site Scripting XSS to Cross Site Request Forgery CSRF Exploit Author: Hosein Vita Vendor Homepage: https://laravel.com/ Software Link: https://laravel.com/docs/4.2 Version: Laravel Framework 8.70.1 Tested on: Windows/Linux Description: We can bypass larav...
Cisco 7937G All-In-One Exploiter Exploit
This exploit is an all-in-one tool that leverages vulnerabilities described in CVE-2020-16139, CVE-2020-16138, and CVE-2020-16137 against Cisco 7937G devices versions SIP-1-4-5-7 and below. Exploit Title: Cisco 7937G All-In-One Exploiter Date: 2020-08-10 Exploit Author: Cody Martin Vendor Homepag...
Nginx (Debian-Based Distributions) - Local Privilege Escalation Exploit
Exploit for linux platform in category local exploits !/bin/bash Source: http://legalhackers.com/advisories/Nginx-Exploit-Deb-Root-PrivEsc-CVE-2016-1247.html Nginx Debian-based distros - Root Privilege Escalation PoC Exploit nginxed-root.sh ver. 1.0 CVE-2016-1247 Discovered and coded by: Dawid...
Wordpress plugins sitepress-multilingual-cms Full Path Disclosure
Exploit for php platform in category web applications 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /' \ /\ //\ Exploit database separated by exploit 0 0 // type local, remote, DoS, etc. 1 1 1 0 +...
ElkArte Forum 1.1.9 Remote Code Execution Vulnerability
Exploit Title : ElkArte Forum 1.1.9 - Remote Code Execution RCE Authenticated Exploit Author: tmrswrr Category: Webapps Vendor Homepage: https://www.elkarte.net/ Software Link : https://github.com/elkarte/Elkarte/releases/download/v1.1.9/ElkArtev1-1-9install.zip Version : 1.1.9 1 After login go t...
Laravel Framework 11 - Credential Leakage Vulnerability
Exploit Title: Laravel Framework 11 - Credential Leakage Exploit Author: Huseein Amer Vendor Homepage: https://laravel.com/ Software Link: N/A Version: 8. - 11. REQUIRED Tested on: N/A CVE : CVE-2024-29291 Proof of concept: Go to any Laravel-based website and navigate to storage/logs/laravel.log...
PrusaSlicer 2.6.1 - Arbitrary code execution Vulnerability
Exploit Title: PrusaSlicer 2.6.1 - Arbitrary code execution on g-code export Exploit Author: Kamil Breński Vendor Homepage: https://www.prusa3d.com Software Link: https://github.com/prusa3d/PrusaSlicer Version: PrusaSlicer up to and including version 2.6.1 Tested on: Windows and Linux CVE:...