39001 matches found
ABB Cylon Aspect 3.08.00 yumSettings.php Command Injection Vulnerability
ABB Cylon Aspect version 3.08.00 suffers from an authenticated OS command injection vulnerability. This can be exploited to inject and execute arbitrary shell commands through the PROXY HTTP POST parameter called by the yumSettings.php script. ABB Cylon Aspect 3.08.00 yumSettings.php Remote Code...
WordPress LMS 4.2.7 SQL Injection Vulnerability
CVE-2024-8522 LearnPress – WordPress LMS Plugin execute class-lp-course-db.php:564, LPCourseDB-getcourses Courses.php:241, LearnPress\Models\Courses::getcourses class-lp-rest-courses-v1-controller.php:502, LPJwtCoursesV1Controller-getcourses class-wp-rest-server.php:1230,...
QNX Qconn Command Execution Exploit
This Metasploit module uses the qconn daemon on QNX systems to gain a shell. The QNX qconn daemon does not require authentication and allows remote users to execute arbitrary operating system commands. This Metasploit module has been tested successfully on QNX Neutrino 6.5.0 x86 and 6.5.0 SP1 x86...
10-Strike Network Inventory Explorer 9.3 Buffer Overflow Vulnerability
10-Strike Network Inventory Explorer versions 9.3 and below are vulnerable to a SEH based buffer overflow which leads to code execution or local privilege escalation. The vulnerable part of the program is the functionality to add computers from a text file. I. VULNERABILITY...
ALLMediaServer 1.6 Buffer Overflow Exploit
This Metasploit module exploits a stack buffer overflow in ALLMediaServer version 1.6. The vulnerability is caused due to a boundary error within the handling of HTTP request. This module requires Metasploit: https://metasploit.com/download Current source:...
Employee Performance Evaluation v1.0 SQL injection Vulnerability
Title: Employee Performance Evaluation v1.0 SQLi Author: nu11secur1ty Vendor: https://www.sourcecodester.com/users/tips23 Software: https://www.sourcecodester.com/php/14617/employee-performance-evaluation-system-phpmysqli-source-code.html Reference:...
Vodafone H-500-s 3.5.10 - WiFi Password Disclosure Exploit
Exploit Title: Vodafone H-500-s 3.5.10 - WiFi Password Disclosure Exploit Author: Daniel Monzón stark0de Vendor Homepage: https://www.vodafone.es/ Software Link: N/A Version: Firmware version Vodafone-H-500-s-v3.5.10 Hardware model: Sercomm VFH500 The WiFi access point password gets disclosed jus...
Safari Webkit For iOS 7.1.2 JIT Optimization Bug Exploit
This Metasploit module exploits a JIT optimization bug in Safari Webkit. This allows us to write shellcode to an RWX memory section in JavaScriptCore and execute it. The shellcode contains a kernel exploit CVE-2016-4669 that obtains kernel rw, obtains root and disables code signing. Finally we...
Online Bike Rental 1.0 Shell Upload Vulnerability
Exploit for php platform in category web applications Exploit Title: Online Bike Rental v1.0 – Authenticated Arbitrary File Upload / Remote Code Execution Exploit Author: Adeeb Shah @hyd3sec Vendor Homepage: https:/www.sourcecodester.com Software Link:...
Drupal RESTful Web Services unserialize() Remote Code Execution Exploit
This Metasploit module exploits a PHP unserialize vulnerability in Drupal RESTful Web Services by sending a crafted request to the /node REST endpoint. As per SA-CORE-2019-003, the initial remediation was to disable POST, PATCH, and PUT, but Ambionics discovered that GET was also vulnerable albei...
Linux Kernel 3.10.0 (CentOS / RHEL 7.1) - 'digi_acceleport' Nullpointer Dereference
Exploit for linux platform in category dos / poc Linux digiacceleport Nullpointer Dereference Date: March 4th, 2016 Authors: Sergej Schumilo, Hendrik Schwartke, Ralf Spenneberg CVE: not yet assigned CVSS: 4.9 AV:L/AC:L/Au:N/C:N/I:N/A:C Title: Local RedHat Enterprise Linux DoS â?? RHEL 7.1 Kernel...
Invision Community 4.7.15 SQL Injection Vulnerability
-------------------------------------------------------------------- Invision Community filter and \isarray \IPS\Request::i-filter 128 129 $url = $url-setQueryString 'filter', \IPS\Request::i-filter ; 130 foreach \IPS\Request::i-filter as $filterId = $allowedValues 131 132 $where = array...
AnyDesk 7.0.15 - Unquoted Service Path Vulnerability
Exploit Title: AnyDesk 7.0.15 - Unquoted Service Path Exploit Author: Milad Karimi Ex3ptionaL Contact: email protected Zone-H: www.zone-h.org/archive/notifier=Ex3ptionaL Vendor Homepage: http://anydesk.com Software Link: http://anydesk.com/download Version: Software Version 7.0.15 Tested on:...
TSPlus 16.0.0.0 - Remote Work Insecure Credential storage Vulnerability
Exploit Title: TSPlus 16.0.0.0 - Remote Work Insecure Credential storage Exploit Author: Carlo Di Dato for Deloitte Risk Advisory Italia Vendor Homepage: https://tsplus.net/ Version: Up to 16.0.0.0 Tested on: Windows CVE : CVE-2023-31069 With TSPlus Remote Work v. 16.0.0.0 you can create a secure...
Pyro CMS 3.9 - Server-Side Template Injection (SSTI) (Authenticated) Exploit
Exploit Title: Pyro CMS 3.9 - Server-Side Template Injection SSTI Authenticated Exploit Author: Daniel Barros @cupc4k3d - Hakai Offensive Security Vendor: https://pyrocms.com/ Software Link: https://pyrocms.com/documentation/pyrocms/3.9/getting-started/installation Vulnerable Versions: 3.9 CVE:...
ABUS Security Camera TVIP 20000-21150 LFI / Remote Code Execution Vulnerability
ABUS Security Camera version TVIP 20000-21150 suffers from local file inclusion, hardcoded credential, and command injection vulnerabilities. When coupled together, they can be leveraged to achieve remote access as root via ssh...
MP3 Convert Lord V1.0 Local Seh Exploit
Exploit Title: MP3 Convert Lord V1.0 Local Seh Exploit Date: 06.01.2023 Vendor Homepage: http://www.avlord.com/ Software Link: https://www.softpedia.com/dyn-postdownload.php/baa965c6b5d22d62987a4638f33d5ec1/63b86eb2/3ecb/4/2 Exploit Author: Achilles Tested Version: 1.0 Tested on: Windows 7 x64 1....
Online Sports Complex Booking System 1.0 SQL Injection Vulnerability
Exploit Title: Online Sports Complex Booking System - 'id' Blind SQL Injection Exploit Author: Saud Alenazi Vendor Homepage: https://www.sourcecodester.com/ Software Link: https://www.sourcecodester.com/php/15236/online-sports-complex-booking-system-phpmysql-free-source-code.html Version: 1.0...
Axis IP Camera Shell Upload Exploit
This Metasploit module exploits the "Apps" feature in Axis IP cameras. The feature allows third party developers to upload and execute eap applications on the device. The system does not validate the application comes from a trusted source, so a malicious attacker can upload and execute arbitrary...
Microsoft Windows SMB Direct Session Takeover Exploit
This Metasploit module will intercept direct SMB authentication requests to another host, gaining access to an authenticated SMB session if successful. If the connecting user is an administrator and network logins are allowed to the target machine, this module will execute an arbitrary payload. T...
Stock Management System 1.0 Cross Site Scripting Exploit
Exploit for php platform in category web applications Exploit Title: Stock Management System v1.0 - Cross-Site Scripting Credential Harvester Login-Portal Exploit Author: Bobby Cooke Vendor Homepage: https://www.sourcecodester.com/php/14366/stock-management-system-php.html Software Link:...
Linux/x86 - execve(/bin/sh) using JMP-CALL-POP Shellcode (21 bytes)
/ ;Category: Shellcode ;Title: GNU/Linux x86 - execve /bin/sh using JMP-CALL-POP technique 21 bytes ;Author: kiriknik ;Date: 01/07/2019 ;Architecture: Linux x86 =========== Asm Source =========== global start section .text start: jmp short callshellcode shellcode: pop ebx xor eax,eax mov al, 11 i...
Siemens LOGO! 8 Recoverable Password Format Vulnerability
Due to storing passwords in a recoverable format on Siemens LOGO! 8 PLCs, an attacker can gain access to configured passwords as cleartext. Siemens LOGO! 8 Recoverable Password Format Vulnerability Product: LOGO! Manufacturer: Siemens Affected Versions: LOGO! 8 all versions Tested Versions: LOGO!...
VMware Cloud Director 10.5 - Bypass identity verification Exploit
Exploit Title: VMware Cloud Director | Bypass identity verification Exploit Author: Abdualhadi khalifa Version: 10.5 CVE : CVE-2023-34060 import requests import paramiko import subprocess import socket import argparse import threading Define a function to check if a port is open def isportopenip,...
TEM Opera Plus FM Family Transmitter 35.45 - XSRF Vulnerability
CSRF Change Forward Power: -------------------------...
Advanced Page Visit Counter 1.0 - Admin+ Stored Cross-Site Scripting Vulnerability
Exploit Title: Advanced Page Visit Counter 1.0 - Admin+ Stored Cross-Site Scripting XSS Authenticated Exploit Author: Furkan ÖZER Software Link: https://wordpress.org/plugins/advanced-page-visit-counter/ Version: 8.0.5 Tested on: Kali-Linux,Windows10,Windows 11 CVE: N/A Description: Advanced Page...
TinyDir 1.2.5 Buffer Overflow Exploit
Title: Buffer overflow vulnerabilities with long path names in TinyDir Product: TinyDir Date: 2023-12-04 CVE ID: CVE-2023-49287 Severity: High - 7.7 - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H Vendor URL: https://github.com/cxong/tinydir Advisory URL:...
Quick Quiz 2.4 File Upload - Remote Code Execution Vulnerability
Title: Quick-Quiz-2.4 File Upload - RCE Author: nu11secur1ty Vendor: https://mediacity.co.in/mediacity/ Software: https://codecanyon.net/item/quick-quiz-laravel-quiz-and-exam-system/21117633?srank=14 Reference: https://portswigger.net/web-security/file-upload,...
Moodle 4.3 Cross Site Scripting Vulnerability
Exploit Title: Moodle 4.3 Reflected XSS Exploit Author: tmrswrr Vendor Homepage: https://moodle.org/ Software Demo: https://school.moodledemo.net/ Version: 4.3 Tested on: Linux Vulnerability Details ====================== Steps : 1. Log in to the application with the given credentials USER: teach...
User Registration & Login and User Management System v3.0 - SQL Injection Vulnerability
Exploit Title: User Registration & Login and User Management System v3.0 - SQL Injection Unauthenticated Exploit Author: Ashutosh Singh Umath Vendor Homepage: https://phpgurukul.com Software Link: https://phpgurukul.com/user-registration-login-and-user-management-system-with-admin-panel/ Version:...
Microsoft SharePoint Enterprise Server 2016 - Spoofing Exploit
// Exploit Title: Microsoft SharePoint Enterprise Server 2016 - Spoofing // country: Iran // Exploit Author: Amirhossein Bahramizadeh // Category : Remote // Vendor Homepage: // Microsoft SharePoint Foundation 2013 Service Pack 1 // Microsoft SharePoint Server Subscription Edition // Microsoft...
Tree Page View Plugin 1.6.7 - Cross Site Scripting Vulnerability
Exploit Title: Tree Page View Plugin 1.6.7 - Cross Site Scripting XSS Google Dork: inurl:/wp-content/plugins/cms-tree-page-view/ Exploit Author: LEE SE HYOUNG hackintoanetwork Vendor Homepage: https://wordpress.org/plugins/cms-tree-page-view/ Software Link:...
Oracle Database 12.1.0.2 Spatial Component Privilege Escalation Vulnerability
Oracle Database version 12.1.0.2 suffers from a privilege escalation vulnerability that achieves DBA access via the Spatial component. Title: Oracle Database Privilege Escalation Through Oracle Spatial Component Product: Database Manufacturer: Oracle Affected Versions: 12.1.0.2 Tested Versions:...
GuppY CMS 6.00.10 Shell Upload Exploit
Exploit Title: GuppY 6.00.10 CMS Remote Code Execution Exploit Author: Chokri Hammedi Vendor Homepage: https://www.freeguppy.org/ Software Link: https://www.freeguppy.org/fgy6dn.php?lng=en&pg=279927&tconfig=0z2 Version: 6.00.10 Tested on: Linux !/usr/bin/php ?php $username = "Admin";...
Stock Management System 2020 SQL Injection Vulnerability
Title: Stock-Management-System-2020 SQLi Author: nu11secur1ty Vendor: https://github.com/Dav-ee Software: https://github.com/Dav-ee/Stock-Management-System Reference: https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/Kiprono-Davies/2022/Stock-Management-System-2020 Description: T...
GitLab 14.9 - Stored Cross-Site Scripting Vulnerability
Exploit Title: Gitlab Stored XSS Exploit Authors: Greenwolf & stacksmashing Vendor Homepage: https://about.gitlab.com/ Software Link: https://about.gitlab.com/install Version: GitLab CE/EE versions 14.4 before 14.7.7, all versions starting from 14.8 before 14.8.5, all versions starting from 14.9...
Wondershare Dr.Fone 12.0.18 - (Wondershare InstallAssist) Unquoted Service Path Vulnerability
Exploit Title: Wondershare Dr.Fone 12.0.18 - 'Wondershare InstallAssist' Unquoted Service Path Discovery by: Mohamed Alzhrani Vendor Homepage: https://www.wondershare.com/ Software Link : https://download.wondershare.com/drfonefull3360.exe Tested Version: 12.0.18 Vulnerability Type: Unquoted...
Moxa TN-5900 Firmware Upgrade Checksum Validation Exploit
Moxa TN-5900 versions 3.1.0 and below use an insecure method to validate firmware updates. A malicious user with access to the management interface can upload arbitrary code in a crafted Title: Moxa TN-5900 Firmware Upgrade Checksum Validation Vulnerability Publication URL:...
TYPO3 femanager 6.3.0 Cross Site Scripting Vulnerability
======================================================================= title: Stored Cross-Site Scripting vulnerability product: TYPO3 extension "femanager" vulnerable version: 6.0.0 - 6.3.0 and 5.5.0 and below fixed version: 6.3.1 and 5.5.1 CVE number: CVE-2021-36787 impact: Medium homepage:...
Mitrastar GPT-2541GNAC-N1 - Privilege escalation Vulnerability
Exploit Title: Mitrastar GPT-2541GNAC-N1 - Privilege escalation Exploit Author: Leonardo Nicolas Servalli Vendor Homepage: www.mitrastar.com Platform: Mistrastar router devices GPT-2541GNAC-N1 HGU Tested on: Firmware BRg3.5100VNZ0b33 Vulnerability analysis:...
Linux/ARM64 - Jump Back Shellcode + execve(/bin/sh, NULL, NULL) Shellcode (8 Bytes)
/ Title: Linux/ARM64 - Jump Back Shellcode + execve"/bin/sh", NULL, NULL Shellcode 8 Bytes Date: 2019-06-30 Tested: Ubuntu 16.04 aarch64 Author: Ken Kitahara Compilation: gcc -o loader loader.c ubuntu@ubuntu:/works$ lsbrelease -a No LSB modules are available. Distributor ID: Ubuntu Description:...
DomainMOD 4.11.01 - Cross-Site Scripting Vulnerability
Exploit for php platform in category web applications Exploit Title: DomainMOD 4.11.01 - Cross-Site Scripting Exploit Author: Dawood Ansar Vendor Homepage: domainmod https://domainmod.org/ Software Link: domainmod https://github.com/domainmod/domainmod Version: v4.09.03 to v4.11.01 CVE :...
Femitter HTTP Server 1.03 Remote Source Disclosure
Exploit for unknown platform in category remote exploits ================================================== Femitter HTTP Server 1.03 Remote Source Disclosure ================================================== Title: Femitter HTTP Server 1.03 Remote Source Disclosure CVE-ID: OSVDB-ID: Author: DrI...
phpBB <= 2.0.10 Remote Command Execution Exploit
Exploit for unknown platform in category web applications ================================================ phpBB = 2.0.10 Remote Command Execution Exploit ================================================ !/usr/bin/perl use IO::Socket; @@@@@@@ @@@ @@@ @@@@@@ @@@ @@@ @@! @@@ @@! @@@ email protected...
WordPress Top Store Theme 1.5.4 Privilege Escalation Exploit
import requests import argparse import re import json By Nxploit | Khaled Alenazi def disablesslverification: requests.packages.urllib3.disablewarnings session.verify = False Ignore SSL verification def loginurl, username, password: loginurl = f"url/wp-login.php" logindata = "log": username, "pwd...
OpenPanel 0.3.4 Directory Traversal Vulnerability
Exploit Title: OpenPanel 0.3.4 - Directory Traversal in Copy Function of File Manager Exploit Author: Korn Chaisuwan, Punthat Siriwan, Pongtorn Angsuchotmetee Vendor Homepage: https://openpanel.com/ Software Link: https://openpanel.com/ Version: 0.3.4 Tested on: macOS CVE : CVE-2024-53582 POST...
Ray OS v2.6.3 - Command Injection Exploit
Exploit Title: Ray OS v2.6.3 - Command Injection RCEUnauthorized Description: The Ray Project dashboard contains a CPU profiling page, and the format parameter is not validated before being inserted into a system command executed in a shell, allowing for arbitrary command execution. If the system...
Craft CMS 4.4.14 - Unauthenticated Remote Code Execution Exploit
!/usr/bin/env python3 coding: utf-8 Exploit Title: Craft CMS unauthenticated Remote Code Execution RCE Version: 4.0.0-RC1 - 4.4.14 Vendor Homepage: https://craftcms.com/ Software Link: https://github.com/craftcms/cms/releases/tag/4.4.14 Tested on: Ubuntu 22.04.3 LTS Tested on: Craft CMS 4.4.14...
TEM Opera Plus FM Family Transmitter 35.45 Remote Code Execution Vulnerability
TEM Opera Plus FM Family Transmitter 35.45 Remote Code Execution Vendor: Telecomunicazioni Elettro Milano TEM S.r.l. Product web page: https://www.tem-italy.it Affected version: Software version: 35.45 Webserver version: 1.7 Summary: This new line of Opera plus FM Transmitters combines very high...
VIMESA VHF/FM Transmitter Blue Plus 9.7.1 Denial Of Service Vulnerability
VIMESA VHF/FM Transmitter Blue Plus version 9.7.1 suffers from a denial of service vulnerability. An unauthenticated attacker can issue an unauthorized HTTP GET request to the unprotected endpoint doreboot and restart the transmitter operations. VIMESA VHF/FM Transmitter Blue Plus 9.7.1 doreboot...