39001 matches found
HTMLy Version v2.9.6 - Stored XSS Vulnerability
Exploit Title: HTMLy Version v2.9.6 - Stored XSS Exploit Author: tmrswrr Vendor Homepage: https://www.htmly.com/ Version 3.10.8.21 Date : 04/08/2024 1 Login admin https://127.0.0.1/HTMLy/admin/config 2 General Setting Blog title " 3 After save it you will be see XSS alert...
Rapid7 nexpose - (nexposeconsole) Unquoted Service Path Vulnerability
Exploit Title: Rapid7 nexpose - 'nexposeconsole' Unquoted Service Path Exploit Author: Saud Alenazi Vendor Homepage: https://www.rapid7.com/ Software Link: https://www.rapid7.com/products/nexpose/ Version: 6.6.240 Tested: Windows 10 x64 Step to discover Unquoted Service Path: C:\Users\saudhwmic...
Ansible Agent Payload Deployer Exploit
This exploit module creates an ansible module for deployment to nodes in the network. It creates a new yaml playbook which copies our payload, chmods it, then runs it on all targets which have been selected default all. This module requires Metasploit: https://metasploit.com/download Current...
OpenCart CMS 4.0.2.2 Brute Force Vulnerability
Exploit Title: OpenCart CMS v4.0.2.2 Login Vulnerability Category: Web Application CMS Exploit Author: Rajdip Dey Sarkar Version: 4.0.2.2 Tested on: Windows/Kali CVE: CVE-2023-40834 Description: ---------------- OpenCart CMS version 4.0.2.2 is susceptible to login brute-force attacks, where...
Simple Food Ordering System v1.0 - Cross-Site Scripting Vulnerability
Exploit Title: Simple Food Ordering System v1.0 - Cross-Site Scripting XSS Exploit Author: Muhammad Navaid Zafar Ansari CVE Assigned: CVE-2023-0902 mitre.org nvd.nist.org Vendor Homepage: https://www.sourcecodester.com Software Link: Simple Food Ordering System Version: v 1.0 Tested on: Windows 1...
LimeSurvey 5.2.4 - Remote Code Execution Exploit
Exploit Title: LimeSurvey 5.2.4 - Remote Code Execution RCE Authenticated Google Dork: inurl:limesurvey/index.php/admin/authentication/sa/login Exploit Author: Y1LD1R1M Vendor Homepage: https://www.limesurvey.org/ Software Link:...
IFSC Code Finder Project 1.0 SQL Injection Vulnerability
IFSC Code Finder Project 1.0 SQL Injection Vulnerability CVE-2021-42224 Vendor Description: - vulnerability: all or nothing SQL Injection vulnerability exists in IFSC Code Finder Project 1.0 via the searchifsccode POST parameter in /search.php. The searchifsccode parameter appears to be vulnerabl...
Android - Binder Driver Use-After-Free Exploit
The following issue exists in the android-msm-wahoo-4.4-pie branch of https://android.googlesource.com/kernel/msm and possibly others: There is a use-after-free of the wait member in the binderthread struct in the binder driver at /drivers/android/binder.c. As described in the upstream commit:...
WordPress 4.6 - Unauthenticated Remote Code Execution Exploit
Exploit for php platform in category web applications !/bin/bash / / / / / / / / / / / / / / / / / / // / / / /// / / / / // / // / // / / / / // / // , / / / ///, /,// // //,///||// // // WordPress 4.6 - Remote Code Execution RCE PoC Exploit CVE-2016-10033 wordpress-rce-exploit.sh ver. 1.0...
InvokeAI Remote Code Execution Exploit
InvokeAI has a critical vulnerability leading to remote code execution in the /api/v2/models/install API through unsafe model deserialization. The API allows users to specify a model URL, which is downloaded and loaded server-side using torch.load without proper validation. This functionality...
OpenMediaVault rpc.php Authenticated Cron Remote Code Execution Exploit
OpenMediaVault allows an authenticated user to create cron jobs as root on the system. An attacker can abuse this by sending a POST request via rpc.php to schedule and execute a cron entry that runs arbitrary commands as root on the system. All OpenMediaVault versions including the latest release...
Positron Broadcast Signal Processor TRA7005 v1.20 - Authentication Bypass Exploit
Exploit Title: Positron Broadcast Signal Processor TRA7005 v1.20 - Authentication Bypass Author: LiquidWorm Vendor: Positron srl Product web page: https://www.positron.it https://www.positron.it/prodotti/apparati-broadcast/stereo-multicoder/tra-7005/ Affected version: 1.20 TRA7K5REV107 TRA7K5REV1...
soosyze 2.0.0 - File Upload Exploit
Title: soosyze 2.0.0 - File Upload Author: nu11secur1ty Vendor: https://soosyze.com/ Software: https://github.com/soosyze/soosyze/releases/tag/2.0.0 Reference: https://portswigger.net/web-security/file-upload Description: Broken file upload logic. The malicious user can upload whatever he wants t...
Hikvision Hybrid SAN Ds-a71024 Firmware - Multiple Remote Code Execution Exploit
Exploit Title: Hikvision Hybrid SAN Ds-a71024 Firmware - Multiple Remote Code Execution Exploit Author: Thurein Soe CVE : CVE-2022-28171 Vendor Homepage: https://www.hikvision.com Software Link: N/A Refence Link: https://cve.report/CVE-2022-28171 Version: Filmora 12: Ds-a71024 Firmware, Ds-a71024...
Microsoft GamingServicesNet 12.77.3001.0 Unquoted Service Path Vulnerability
Exploit Title: Microsoft GamingServicesNet 12.77.3001.0 - 'GamingServicesNet' Unquoted Service Path Exploit Author: tmrswrr Vendor : https://www.microsoft.com/store/productId/9MWPM2CQNLHN Version : 12.77.3001.0 Tested on OS: Windows 10 Enterprise Step to discover Unquoted Service Path:...
FS-S3900-24T4S - Privilege Escalation Exploit
Exploit Title: FS-S3900-24T4S Privilege Escalation Exploit Author: Daniele Linguaglossa & Alberto Bruscino Vendor Homepage: https://www.fs.com/ Software Link: not available Version: latest Tested on: latest CVE : CVE-2023-30350 import sys import telnetlib def exploitargs: printargs if lenargs != ...
WordPress Paid Memberships Pro v2.9.8 Plugin - Unauthenticated SQL Injection Exploit
!/usr/bin/env python Exploit Title: Paid Memberships Pro v2.9.8 WordPress Plugin - Unauthenticated SQL Injection Exploit Author: r3nt0n CVE: CVE-2023-23488 Vulnerability discovered by Joshua Martinelle Vendor Homepage: https://www.paidmembershipspro.com Software Link:...
Sales Tracker System 1.0 SQL Injection Vulnerability
Exploit Title: Authenticated SQL Injection on Sales Tracker System Exploit Author: Ahmed Ismail @MrOz1l Vendor Homepage: https://www.sourcecodester.com/php/16061/sales-tracker-management-system-using-php-free-source-code.html Software Link: download link if available Version: 1.0 Tested on: Windo...
@Drive 2.8 Local File Inclusion Vulnerability
Exploit Title: @Drive 2.8 Local File inclusion Exploit Author: Chokri Hammedi Vendor Homepage: https://evolutive.co/ Software Link: https://apps.apple.com/us/app/drive/id578982909 Version: 2.8 Tested on: iPhone ios 15.6 GET /../../../../../../../../../../../../../../../../etc/hosts HTTP/1.1 Host:...
Accounting Journal Management System 1.0 - (id) SQL injection (Authenticated) Vulnerability
Exploit Title: Accounting Journal Management System 1.0 - 'id' SQLi Authenticated Exploit Author: Alperen Ergel Contact: @alpernae IG/TW Software Homepage: https://www.sourcecodester.com/php/15155/accounting-journal-management-system-trial-balance-php-free-source-code.html Version : 1.0 Tested on...
Online Veterinary Appointment System 1.0 - (Multiple) SQL Injection Vulnerability
Exploit Title: Online Veterinary Appointment System 1.0 - 'Multiple' SQL Injection Exploit Author: twseptian Vendor Homepage: https://www.sourcecodester.com/php/15119/online-veterinary-appointment-system-using-phpoop-free-source-code.html Software Link:...
Pandora FMS 7.0 NG 7XX Remote Command Execution Exploit
This Metasploit module exploits a vulnerability CVE-2020-13851 in Pandora FMS versions 7.0 NG 742, 7.0 NG 743, and 7.0 NG 744 and perhaps older versions in order to execute arbitrary commands. This module takes advantage of a command injection vulnerability in th e Events feature of Pandora FMS...
Apache Tomcat 6/7/8/9 - Information Disclosure Vulnerability
Exploit for multiple platform in category remote exploits Exploit Title:Apache Tomcat CVE-2016-6816 Security Bypass Vulnerability Date: 4th March 2017 Exploit Author: justpentest Vendor Homepage: tomcat.apache.org Version: Apache Tomcat 9.0.0.M1 through 9.0.0.M11, 8.5.0 through 8.5.6, 8.0.0.RC1...
WordPress Right Now theme - Arbitrary File Upload Vulnerability
Exploit for php platform in category web applications Exploit Title: WordPress Right Now theme - Arbitrary File Upload Vulnerability Author: Smail Max Date: 10/31/2013 Vendor Homepage: http://themeforest.net/ Themes Link: http://themeforest.net/item/right-now-wp-full-video-image-with-audio/157599...
TeamCity Agent XML-RPC Command Execution Exploit
This Metasploit module allows remote code execution on TeamCity Agents configured to use bidirectional communication via xml-rpc. In bidirectional mode the TeamCity server pushes build commands to the Build Agents over port TCP/9090 without requiring authentication. Up until version 10 this was t...
Dotclear 2.29 Cross Site Scripting Vulnerability
Exploit Title: Dotclear Version : 2.29 - Reflected XSS Exploit Author: tmrswrr Vendor Homepage: https://dotclear.org/ Version : 2.29 Tested on: https://softaculous.com/demos/dotclear 1 Enter admin panel after write search button this payload : " 2...
httpdx 1.5.4 Denial Of Service Exploit
!/usr/bin/perl use IO::Socket::INET; Exploit Title: httpdx 1.5.4 - Denied of Service DoS Discovery by: Fernando Mengali Discovery Date: 06 january 2024 Vendor Homepage: http://httpdx.sourceforge.net Download to demo: https://sourceforge.net/projects/httpdx/files/httpdx/httpdx%201.5.4/ Download 2 ...
WordPress Weaver Xtreme 5.0.7 / Weaver Show Posts 1.6 Cross Site Scripting Vulnerability
WordPress Weaver Xtreme theme versions 5.0.7 and below and Weaver Show Posts plugin versions 1.6 and below suffer from a persistent cross site scripting vulnerability. On March 14, 2023, the Wordfence Threat Intelligence team initiated the responsible disclosure process for 2 nearly identical...
GLPI v10.0.1 - Unauthenticated Sensitive Data Exposure Vulnerability
Exploit Title: GLPI v10.0.1 - Unauthenticated Sensitive Data Exposure Version: =10.0.0 and 10.0.2 Author: Nuri Çilengir Vendor Homepage: https://glpi-project.org/ Software Link: https://github.com/glpi-project/glpi Advisory:...
Senayan Library Management System 9.2.2 Cross Site Scripting Vulnerability
Title: Senayan Library Management System v9.2.2 a.k.a SLIMS 9 XSS-Reflected - inserting gif - redirect to outside HTTPS server Author: nu11secur1ty Vendor: https://slims.web.id/web/ Software: https://github.com/slims/slims9bulian/releases/tag/v9.2.2 Reference:...
Avantune Genialcloud ProJ 10 Cross Site Scripting Vulnerability
Exploit Title: Avantune Genialcloud ProJ 10 - Reflected XSS Cross-Site Scripting Exploit Author: Andrea Intilangelo Vendor Homepage: https://www.avantune.com Software Link: https://www.genialcloud.com - https://www.genialcloud.com/discover-genialcloud-proj - https://store.genialcloud.com Version:...
WordPress WP Downgrade Plugin < 1.2.3 - Stored Cross-Site Scripting Vulnerability
Tittle: WordPress Plugin WP Downgrade alert/XSS/ Classification Type XSS OWASP top 10 A7: Cross-Site Scripting XSS CWE-79 wpScan: https://wpscan.com/vulnerability/85582b4f-a40a-4394-9834-0c88c5dc57ba TracWordpress: https://plugins.trac.wordpress.org/changeset/2696091...
iRZ Mobile Router - CSRF to Remote Code Execution Exploit
Exploit Title: iRZ Mobile Router - CSRF to RCE Google Dork: intitle:"iRZ Mobile Router" Exploit Author: Stephen Chavez & Robert Willis Vendor Homepage: https://en.irz.ru/ Software Link: https://github.com/SakuraSamuraii/ez-iRZ Version: Routers through 2022-03-16 Tested on: RU21, RU21w, RL21, RU41...
Cipi Control Panel 3.1.15 - Stored Cross-Site Scripting (Authenticated) Vulnerability
Exploit Title: Cipi Control Panel 3.1.15 - Stored Cross-Site Scripting XSS Authenticated Exploit Author: Fikrat Ghuliev Ghuliev Vendor Homepage: https://cipi.sh/ Software Link: https://cipi.sh/ Version: 3.1.15 Tested on: Ubuntu When the user wants to add a new server on the "Server" panel, in...
Sickbeard 0.1 - Cross-Site Request Forgery (Disable Authentication) Vulnerability
Exploit for multiple platform in category web applications Exploit Title: Sickbeard 0.1 - Cross-Site Request Forgery Disable Authentication Google Dork: https://www.shodan.io/search?query=sickbeard Exploit Author: bdrake Vendor Homepage: https://sickbeard.com/ Software Link:...
Ivanti Workspace Manager Security Bypass Vulnerability
Ivanti Workspace Manager Security Bypass Vulnerability Rem Remarks CVE-2019-10885 - 0day Rem An issue was discovered in Ivanti Workspace Control before 10.3.90.0. Local authenticated Rem users with low privileges in a Workspace Control managed session can bypass Workspace Control Rem security...
Aida64 6.00.5100 - (Log to CSV File) Local SEH Buffer Overflow Exploit
Exploit for windows platform in category local exploits !/usr/bin/python Exploit : Aida64 6.00.5100 'Log to CSV File' Local SEH Buffer Overflow Exploit Author : Nipun Jaswal Tested On : Windows 7 Home Basicx86 Version : 6.00.5100 Vendor Homepage: https://www.aida64.com/downloads Software Link:...
SwitchVPN For MacOS 2.1012.03 Privilege Escalation Exploit
Exploit for macOS platform in category local exploits ======================================================================= Title: Privilege Escalation Vulnerability Product: SwitchVPN for MacOS Vulnerable version: 2.1012.03 CVE ID: CVE-2018-18860 Impact: Critical Homepage: https://switchvpn.ne...
Ivanti Buffer Overflow Proof of Concept Exploit
Proof of concept exploit for CVE-2025-0282, a remote unauthenticated stack based buffer overflow affecting Ivanti Connect Secure, Ivanti Policy Secure, and Ivanti Neurons for ZTA gateways. PoC for CVE-2025-0282, a remote unauthenticated stack based buffer overflow affecting Ivanti Connect Secure,...
ABB Cylon Aspect 3.08.02 logYumLookup.php Authenticated File Disclosure Vulnerability
ABB Cylon Aspect version 3.08.02 suffers from an authenticated arbitrary file disclosure vulnerability. Input passed through the logFile GET parameter via the logYumLookup.php script is not properly verified before being used to download log files. This can be exploited to disclose the contents o...
SOPlanning 1.52.00 Cross Site Scripting Vulnerability
Exploit Title: SOPlanning v1.52.00 'groupesave.php' XSS Reflected XSS Application: SOPlanning Version: 1.52.00 Exploit Author: Joseph McPeters Liquidsky Vendor Homepage: https://www.soplanning.org/en/ Software Link: https://sourceforge.net/projects/soplanning/ Tested on: Linux CVE: Not yet assign...
OSGi v3.8-3.18 Console - Remote Code Execute Exploit
!/usr/bin/python Exploit Title: OSGi v3.8-3.18 Console RCE Date: 2023-07-28 Exploit Author: Andrzej Olchawa, Milenko Starcik, VisionSpace Technologies GmbH Exploit Repository: https://github.com/visionspacetec/offsec-osgi-exploits.git Vendor Homepage: https://eclipse.dev/equinox Software Link:...
GL.iNet AR300M v4.3.7 Arbitrary File Read Exploit
!/usr/bin/env python3 Exploit Title: GL.iNet = 4.3.7 Arbitrary File Write Google Dork: intitle:"GL.iNet Admin Panel" Date: XX/11/2023 Exploit Author: Michele 'cyberaz0r' Di Bonaventura Vendor Homepage: https://www.gli-net.com Software Link:...
Apache NiFi H2 Connection String Remote Code Execution Exploit
The DBCPConnectionPool and HikariCPConnectionPool Controller Services in Apache NiFi 0.0.2 through 1.21.0 allow an authenticated and authorized user to configure a Database URL with the H2 driver that enables custom code execution. This exploit will result in several shells 5-7. Successfully test...
Microsoft Outlook Microsoft 365 MSO (Version 2306 Build 16.0.16529.20100) 32-bit RCE Exploit
Title: Microsoft Outlook Microsoft 365 MSO Version 2306 Build 16.0.16529.20100 32-bit - Remote Code Execution Author: nu11secur1ty Date: 07.07.2023 Vendor: https://www.microsoft.com/ Software: https://outlook.live.com/owa/ Reference:...
Unilogies Bumsys v1.0.3 beta - Unrestricted File Upload Vulnerability
Exploit Title: - unilogies/bumsys v1.0.3-beta - Unrestricted File Upload Exploit Author: AFFAN AHMED Vendor Homepage: https://github.com/unilogies/bumsys Software Link: https://github.com/unilogies/bumsys/archive/refs/tags/v1.0.3-beta.zip Version: 1.0.3-beta Tested on: Windows 11, XAMPP-8.2.0 CVE...
CKSource CKEditor5 35.4.0 Cross Site Scripting Vulnerability
Exploit Title: Cross Site Scripting in CKSource's CKEditor5 35.4.0 Google Dork: N/A Exploit Author: Manish Pathak Vendor Homepage: https://cksource.com/ Software Link: https://ckeditor.com/ckeditor-5/download/ Version: 35.4.0 Tested on: Linux / Web CVE : CVE-2022-48110 CKSource CKEditor5 35.4.0 w...
Intelbras WiFiber 120AC inMesh 1.1-220216 Command Injection Vulnerability
------------------------------------------------------------------------------- title| Authenticated Command Injection product| Intelbras WiFiber 120AC inMesh vulnerable version| 1.1-220216 fixed version| 1-1-220826 CVE number| CVE-2022-40005 impact| High homepage| https://www.intelbras.com found...
Expert X Jobs Portal And Resume Builder 1.0 SQL Injection Vulnerability
┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...
Reolink E1 Zoom Camera 3.0.0.716 Private Key Disclosure Vulnerability
ADVISORY INFORMATION ======================= Product: Reolink E1 Zoom Camera Vendor URL: https://reolink.com/product/e1-zoom/ Type: Exposure of Sensitive Information to an Unauthorized Actor CWE-200 Date found: 2021-08-26 Date published: 2022-06-01 CVSSv3 Score: 7.5...