39001 matches found
Gom Player 2.3.92.5362 DLL Hijacking Vulnerability
Exploit Title: Gom Player 2.3.92.5362 - nvcuda.dll DLL Hijacking Exploit Author: Yehia Elghaly Mrvar0x Vendor Homepage: https://www.mrvar0x.com/ Version: 2.3.92.5362 Tested on: Windows 7, Windows 10 A DLL hijacking vulnerability has been discovered Gom Player 2.3.92.5362. When a user loads the...
Webigniter 28.7.23 Shell Upload Vulnerability
Title: WEBIGniter-28.7.23 File Upload - RCE Author: nu11secur1ty Vendor: https://webigniter.net/ Software: https://webigniter.net/demo Reference: https://portswigger.net/web-security/file-upload Description: The media function suffers from file upload vulnerability. The attacker can upload and he...
EuroTel ETL3100 Transmitter Authorization Bypass / Insecure Direct Object Reference Vulnerabilities
The EuroTel ETL3100 transmitter is vulnerable to insecure direct object references that occur when the application provides direct access to objects based on user-supplied input. As a result of this vulnerability attackers can bypass authorization and access the hidden resources on the system and...
Apache Superset 2.0.0 - Authentication Bypass Exploit
Exploit Title: Apache Superset 2.0.0 - Authentication Bypass Exploit Author: MaanVader Vendor Homepage: https://superset.apache.org/ Version: Apache Superset= 1.4.1 b'thisISaSECRET1234', deployment template b'YOUROWNRANDOMGENERATEDSECRETKEY', documentation b'TESTNONDEVSECRET' docker compose def...
Mars Stealer 8.3 - Admin Account Takeover Exploit
Exploit Title: Mars Stealer 8.3 - Admin Account Takeover Product: Mars Stelaer Technology: PHP Version: 8.3 Google Dork: N/A Date: 20.04.2023 Tested on: Linux Author: Sköll - twitter.com/skoll import argparse import requests parser = argparse.ArgumentParserdescription='Mars Stealer Account Takeov...
Bludit 4.0.0-rc-2 Privilege Escalation Vulnerability
Bludit version 4.0.0-rc-2 suffers from an account takeover vulnerability due to an API key that can be abused to change the administrative password. Title: Bludit-4.0.0-rc-2 - Release candidate 2 Account takeover: API token vulnerability Author: nu11secur1ty Date: 04.11.2013 Vendor:...
CKEditor 5 35.4.0 - Cross-Site Scripting Vulnerability
Exploit Title: CKEditor 5 35.4.0 - Cross-Site Scripting XSS Exploit Author: Manish Pathak Vendor Homepage: https://cksource.com/ Software Link: https://ckeditor.com/ckeditor-5/download/ Version: 35.4.0 Tested on: Linux / Web CVE : CVE-2022-48110 CKSource CKEditor5 35.4.0 was discovered to contain...
Tapo C310 RTSP server v1.3.0 - Unauthorised Video Stream Access Vulnerability
Exploit Title: Tapo C310 RTSP server v1.3.0- Unauthorised Video Stream Access Date: 19th July 2022 Exploit Author: dsclee1 Vendor Homepage: tp-link.com Software Link: http://download.tplinkcloud.com/firmware/TapoC310v1en1.3.0Build220328Rel.64283nu1649923652150.bin Version: 1.3.0 Tested on: Linux ...
FortiOS FortiProxy FortiSwitchManager v7.2.1 - Authentication Bypass Vulnerability
Exploit Title: Fortinet Authentication Bypass v7.2.1 - FortiOS, FortiProxy, FortiSwitchManager Exploit Author: Felipe Alcantara Filiplain Vendor Homepage: https://www.fortinet.com/ Version: FortiOS from 7.2.0 to 7.2.1 FortiOS from 7.0.0 to 7.0.6 FortiProxy 7.2.0 FortiProxy from 7.0.0 to 7.0.6...
ZTE ZXHN-H108NS Authentication Bypass Vulnerability
ZTE ZXHN-H108NS router with firmware version H108NSV1.0.7uZRDGR2A68 suffers from an authentication bypass vulnerability when alternate HTTP methods are leveraged. Exploit Title: Router ZTE-H108NS - Authentication Bypass Exploit Author: George Tsimpidas Vendor: https://www.zte.com.cn/global/...
Bookwyrm v0.4.3 - Authentication Bypass Vulnerability
Exploit Title: Bookwyrm v0.4.3 - Authentication Bypass Exploit Author: Akshay Ravi Vendor Homepage: https://github.com/bookwyrm-social/bookwyrm Software Link: https://github.com/bookwyrm-social/bookwyrm/releases/tag/v0.4.3 Version: = 4.0.3 Tested on: MacOS Monterey CVE: CVE-2022-2651 Original...
ThingsBoard 3.3.1 - Stored Cross-Site Scripting Vulnerability
Exploit Title: ThingsBoard 3.3.1 - Stored Cross-Site Scripting XSS within the description of a rule node Exploit Author: Steffen Langenfeld & Sebastian Biehler Vendor Homepage: https://thingsboard.io/ Software Link: https://github.com/thingsboard/thingsboard/releases/tag/v3.3.1 Version: 3.3.1...
LiquidFiles 3.4.15 Cross Site Scripting Vulnerability
LiquidFiles - 3.4.15 Author: Rodolfo Tavares Tempest Security Intelligence - Recife, Pernambuco - Brazil ===== Table of Contents================================================== Overview Detailed description Timeline of disclosure Thanks & Acknowledgements References ===== Vulnerability...
Simple Bakery Shop Management System 1.0 SQL Injection Vulnerability
Title: Simple Bakery Shop Management System v1.0 remote SQL-Injections Author: nu11secur1ty Vendor: https://www.sourcecodester.com/users/tips23 Software: https://www.sourcecodester.com/php/15174/simple-bakery-shop-management-system-phpoop-free-source-code.html Description: The username parameter...
Grandstream GXV31XX settimezone Unauthenticated Command Execution Exploit
This Metasploit module exploits a command injection vulnerability in Grandstream GXV31XX IP multimedia phones. The settimezone action does not validate input in the timezone parameter allowing injection of arbitrary commands. A buffer overflow in the phonecookie cookie parsing allows authenticati...
Creston Web Interface 1.0.0.2159 - Credential Disclosure Vulnerability
Exploit Title: Creston Web Interface 1.0.0.2159 - Credential Disclosure Exploit Author: RedTeam Pentesting GmbH Advisory: Credential Disclosure in Web Interface of Crestron Device When the administrative web interface of the Crestron HDMI switcher is accessed unauthenticated, user credentials are...
Projeqtor v9.3.1 - Stored Cross Site Scripting Vulnerability
Exploit Title: Projeqtor v9.3.1 - Stored Cross Site Scripting XSS Exploit Author: Oscar Gutierrez m4xp0w3r Date: January 4, 2021 Vendor Homepage: https://www.projeqtor.org/en/ Software Link: https://www.projeqtor.org/en/product-en/downloads Tested on: Ubuntu, LAAMP Vendor: Projeqtor Version: v9.3...
Exim 4.87 / 4.91 - Local Privilege Escalation Exploit
This Metasploit module exploits a flaw in Exim versions 4.87 to 4.91 inclusive. Improper validation of recipient address in delivermessage function in /src/deliver.c may lead to command execution with root privileges. This module requires Metasploit: https://metasploit.com/download Current source...
Helpdezk 1.1.1 - Arbitrary File Upload Vulnerability
Exploit for php platform in category web applications Exploit Title: Helpdezk 1.1.1 - Arbitrary File Upload Exploit Author: Ihsan Sencan Vendor Homepage: http://www.helpdezk.org/ Software Link: https://netcologne.dl.sourceforge.net/project/helpdezk/helpdezk-1.1.1.zip Version: 1.1.1 Category:...
Easy Outlook Express Recovery 2.0 - Denial of Service Exploit
Exploit for windows platform in category dos / poc Exploit Title: Easy Outlook Express Recovery 2.0 - Denial of Service PoC Exploit Author: Ihsan Sencan Vendor Homepage: https://www.munsoft.com/EasyOutlookExpressRecovery/ Software Link:...
Grocery crud 1.6.1 - search_field SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: Grocery crud 1.6.1 - 'searchfield' SQL Injection Exploit Author: Loading Kura Kura Vendor Homepage: https://www.grocerycrud.com/ Software Link: https://www.grocerycrud.com/downloads Version: 1.6.1 Tested on: Win10/Kali Linux CVE...
WordPress WPDB SQL Injection Vulnerability
Exploit for php platform in category web applications Today, a significant SQL-Injection vulnerability was fixed in WordPress 4.8.3. Before reading further, if you haven’t updated yet stop right now and update. The foundations of this vulnerability was reported via Hacker-One on September 20th,...
OSSEC 2.8 - Insecure Temporary File Creation Vulnerability Privilege Escalation Exploit
Exploit for linux platform in category local exploits !/usr/bin/python Exploit Title: ossec 2.8 Insecure Temporary File Creation Vulnerability Privilege Escalation Date: 14-11-14 Exploit Author: skynet-13 Vendor Homepage: www.ossec.net/ Software Link:...
Dockwatch Remote Command Execution Exploit
Dockwatch is a container management web UI for docker. It runs by default without authentication, although guidance is available for how to setup credentials for access. It has a Commands feature that allows a user to run docker commands such as inspect, network, ps. Prior to fix, it did not...
Elber Wayber Analog/Digital Audio STL 4.00 Insecure Direct Object Reference Vulnerability
Elber Wayber Analog/Digital Audio STL version 4.00 suffers from an unauthenticated device configuration and client-side hidden functionality disclosure vulnerability. Elber Wayber Analog/Digital Audio STL 4.00 Device Config Vendor: Elber S.r.l. Product web page: https://www.elber.it Affected...
MobileShop master v1.0 - SQL Injection Vulnerability
Exploit Title: MobileShop master v1.0 - SQL Injection Vuln. + Exploit Author: "HAZIM ARBAŞ" from EMA Security LTD - Siber Güvenlik ve Bilişim Hizmetleri https://emasecurity.com + Vendor Homepage: https://code-projects.org/mobile-shop-in-php-css-javascript-and-mysql-free-download/ + Software Link:...
TELSAT marKoni FM Transmitter 1.9.5 Root Command Injection Exploit
TELSAT marKoni FM Transmitter version 1.9.5 is susceptible to unauthenticated remote code execution with root privileges. An attacker can exploit a command injection vulnerability by manipulating the Email settings' WAN IP info service, which utilizes the wget module. This allows the attacker to...
Intrasrv Simple Web Server 1.0 Denial Of Service Exploit
!/usr/bin/perl use IO::Socket; Exploit Title: Intrasrv Simple Web Server 1.0 - Denial of Service DoS Discovery by: Fernando Mengali Discovery Date: 09 january 2024 Vendor Homepage: http://www.leighb.com/intrasrv.htm Download to demo: http://www.leighb.com/intrasrv.zip Download 2 to demo:...
Jorani v1.0.3-(c)2014-2023 - XSS Reflected & Information Disclosure Vulnerability
Title: Jorani v1.0.3-c2014-2023 - XSS Reflected & Information Disclosure Author: nu11secur1ty Vendor: https://jorani.org/ Software: https://demo.jorani.org/session/login Reference: https://portswigger.net/web-security/cross-site-scripting Reference:...
Simple Customer Relationship Management CRM 2023 1.0 SQL Injection Vulnerability
Title: SCRMS-2023-05-27-1.0-Multiple-SQLi Author: nu11secur1ty Vendor: https://github.com/oretnom23 Software: https://www.sourcecodester.com/php/15895/simple-customer-relationship-management-crm-system-using-php-free-source-coude.html Reference: https://portswigger.net/web-security/sql-injection...
Music Gallery Site v1.0 - SQL Injection Vulnerability (2)
Exploit Title: Music Gallery Site v1.0 - SQL Injection on page viewmusicdetails.php Exploit Author: Muhammad Navaid Zafar Ansari CVE Assigned: CVE-2023-0961 mitre.org nvd.nist.org Author Name: Muhammad Navaid Zafar Ansari Vendor Homepage: https://www.sourcecodester.com Software Link: Music Galler...
Covenant v0.5 - Remote Code Execution Exploit
Exploit Title: Covenant v0.5 - Remote Code Execution RCE Exploit Author: xThaz Author website: https://xthaz.fr/ Vendor Homepage: https://cobbr.io/Covenant.html Software Link: https://github.com/cobbr/Covenant Version: v0.1.3 - v0.5 Tested on: Windows 11 compiled covenant Windows defender disable...
Inbit Messenger v4.9.0 - Unauthenticated Remote SEH Overflow Exploit
Exploit Title: Inbit Messenger v4.9.0 - Unauthenticated Remote SEH Overflow Exploit Author: a-rey Vendor Homepage: http://www.inbit.com/support.html Software Link: http://www.softsea.com/review/Inbit-Messenger-Basic-Edition.html Version: v4.6.0 - v4.9.0 Tested on: Windows XP SP3, Windows 7, Windo...
Intel Data Center Manager 4.1 SQL Injection Vulnerability
Intel Data Center Manager's endpoint at "/DcmConsole/DataAccessServlet?action=getRoomRackData" is vulnerable to an authenticated, blind SQL injection attack when user-supplied input to the HTTP POST parameter "dataName" is processed by the web application. Versions 4.1 and below are affected. 1...
Student Management System 1.0 - SQL injection Authentication Bypass Vulnerability
Exploit Title: Student Management System 1.0 - SQLi Authentication Bypass Exploit Author: Enes Özeser Vendor Homepage: https://www.sourcecodester.com/php/14268/student-management-system.html Version: 1.0 Tested on: Windows & WampServer CVE: CVE-2020-23935 1- Go to following url...
FIBARO System Home Center 5.021 - Remote File Include Vulnerability
Exploit for multiple platform in category web applications Exploit Title: FIBARO System Home Center 5.021 - Remote File Include Author: LiquidWorm Vendor: https://www.fibaro.com CVE: N/A Vendor: FIBAR GROUP S.A. Product web page: https://www.fibaro.com Affected version: Home Center 3, Home Center...
Ricoh Printer Drivers - Local Privilege Escalation Exploit
/ This proof of concept code monitors file changes on Ricoh's driver DLL files and overwrites a DLL file before the library is loaded CVE-2019-19363. Written by Pentagrid AG, 2019. Cf. https://pentagrid.ch/en/blog/local-privilege-escalation-in-ricoh-printer-drivers-for-windows-cve-2019-19363/...
FreeRadius 3.0.19 Logrotate Privilege Escalation Vulnerability
Privilege Escalation via Logrotate in FreeRadius Overview Identifier: AIT-SA-20191112-01 Target: FreeRadius Vendor: FreeRadius Version: all versions including 3.0.19 Fixed in Version: 12.2.3, 12.1.8 and 12.0.8 CVE: https://nvd.nist.gov/vuln/detail/CVE-2019-10143 Author: Wolfgang Hotwagner AIT...
OpenBiz Cubi Lite 3.0.8 - username SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: OpenBiz Cubi Lite 3.0.8 - 'username' SQL Injection Exploit Author: Özkan Mustafa Akkuş AkkuS Contact: https://pentest.com.tr Vendor Homepage: https://sourceforge.net/projects/bigchef/ Software Link:...
DblTek GoIP GSM Gateway Multiple Vulnerabilities
Exploit for hardware platform in category remote exploits DblTek GoIP GSM Gateway Multiple Vulnerabilities Vulnerabilities summary The following advisory describes 2 two vulnerabilities found in DblTek webserver. DBL is “specialized in VoIP products, especially GoIPs. We design, develop,...
Joomla 3.7.5 LDAP Injection Vulnerability
Exploit for php platform in category web applications With over 84 million downloads, Joomla! is one of the most popular content management systems in the World Wide Web. It powers about 3.3% of all websites’ content and articles. Our code analysis solution RIPS detected a previously unknown LDAP...
ABB Cylon Aspect 3.08.00 Off-By-One Vulnerability
A vulnerability was identified in a ABB Cylon Aspect version 3.08.00 where an off-by-one error in array access could lead to undefined behavior and potential denial of service. The issue arises in a loop that iterates over an array using a less than or equals to condition, allowing access to an...
Calibre 7.15.0 Python Code Injection Exploit
This Metasploit module exploits a Python code injection vulnerability in the Content Server component of Calibre version 6.9.0 through 7.15.0. Once enabled disabled by default, it will listen in its default configuration on all network interfaces on TCP port 8080 for incoming traffic, and does no...
Terratec dmx_6fire USB - Unquoted Service Path Vulnerability
Exploit Title: Terratec dmx6fire USB - Unquoted Service Path Google Dork: null Exploit Author: Joseph Kwabena Fiagbor Vendor Homepage: https://dmx-6fire-24-96-controlpanel.software.informer.com/download/ Software Link: Version: v.1.23.0.02 Tested on: windows 7-11 CVE : CVE-2024-31804 1...
AtlasVPN Linux Client 1.0.3 IP Leak Vulnerability
Remote disconnect exploit for AtlasVPN Linux client version 1.0.3 that will allow a remote website to extract a client's real IP address. The following is my 0day. This code, when executed on any website, disconnects the AtlasVPN linux client and leaks the users IP address. I am not yet aware of ...
Clcknshop 1.0.0 Cross Site Scripting Vulnerability
Exploit Title: Clcknshop 1.0.0 - Reflected XSS Exploit Author: CraCkEr Vendor: Infosoftbd Solutions Vendor Homepage: https://infosoftbd.com/ Software Link: https://infosoftbd.com/multitenancy-e-commerce-solution/ Demo: https://kidszone.clckn.shop/ Tested on: Windows 10 Pro Impact: Manipulate the...
Aero CMS v0.0.1 - PHP Code Injection (auth) Vulnerability
Exploit Title: Aero CMS v0.0.1 - PHP Code Injection auth Exploit Author: Hubert Wojciechowski Contact Author: email protected Vendor Homepage: https://github.com/MegaTKC/AeroCMS Software Link: https://github.com/MegaTKC/AeroCMS Version: 0.0.1 Testeted on: Windows 10 using XAMPP, Apache/2.4.48 Win...
Yoga Class Registration 1.0 SQL Injection Vulnerability
Title: Yoga Class Registration -1.0-2023 - Multiple SQLi Author: nu11secur1ty Date: 02.27.2023 Vendor: https://github.com/oretnom23 Software: https://www.sourcecodester.com/php/16097/yoga-class-registration-system-php-and-mysql-free-source-code.html Reference:...
Zhuhai Suny Technology ESL Tag Forgery / Replay Attacks Vulnerability
Zhuhai Suny Technology ESL Tag suffers from replay attacks and a forgery attack allowing for the displaying of arbitrary contents. ======================================================================= title: Replay attacks & Displaying arbitrary contents product: Zhuhai Suny Technology ESL Tag ...
Senayan Library Management System 9.5.0 SQL Injection Vulnerability
Title: Senayan Library Management System v9.5.0 a.k.a SLIMS 9 BULIAN SQLi Author: nu11secur1ty Vendor: https://slims.web.id/web/ Software: https://github.com/slims/slims9bulian/releases Reference: https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/slims.web.id/SLIMS-9.5.0...