39001 matches found
Wordpress Playlist for Youtube 1.32 Plugin - Stored Cross-Site Scripting Vulnerability
Exploit Title: Wordpress Plugin Playlist for Youtube - Stored Cross-Site Scripting XSS Exploit Author: Erdemstar Vendor: https://wordpress.com/ Version: 1.32 Proof Of Concept: 1. Click Add a new playlist and enter the XSS payload as below into the properties named "Name" or "Playlist ID". PoC...
R Radio Network FM Transmitter 1.07 system.cgi Password Disclosure Vulnerability
R Radio Network FM Transmitter version 1.07 suffers from an improper access control that allows an unauthenticated actor to directly reference the system.cgi endpoint and disclose the clear-text password of the admin user allowing authentication bypass and FM station setup access. R Radio Network...
Equipment Rental Script 1.0 SQL Injection Vulnerability
Title: Equipment Rental Script-1.0 - SQLi Author: nu11secur1ty Vendor: https://www.phpjabbers.com/ Software: https://www.phpjabbers.com/equipment-rental-script/sectionDemo Reference: https://portswigger.net/web-security/sql-injection Description: The packageid parameter appears to be vulnerable t...
Taskhub CRM Tool 2.8.6 - SQL Injection Vulnerability
Exploit Title: Taskhub CRM Tool 2.8.6 - SQL Injection Date: 2023-08-12 Exploit Author: Ahmet Ümit BAYRAM Vendor: https://codecanyon.net/item/taskhub-project-management-finance-crm-tool/25685874 Tested on: Kali Linux & MacOS CVE: N/A Request GET /projects?filter=notstarted HTTP/1.1 Host: localhost...
WordPress Forminator 1.24.6 Plugin - Unauthenticated Remote Command Execution Vulnerability
Exploit Title: WordPress Plugin Forminator 1.24.6 - Unauthenticated Remote Command Execution Exploit Author: Mehmet Kelepçe Vendor Homepage: https://wpmudev.com/project/forminator-pro/ Software Link: https://wordpress.org/plugins/forminator/ Version: 1.24.6 Tested on: PHP - Mysql - Apache2 -...
Pluck v4.7.18 - Remote Code Execution Exploit
Exploit Title: Pluck v4.7.18 - Remote Code Execution RCE Application: pluck Version: 4.7.18 Bugs: RCE Technology: PHP Vendor URL: https://github.com/pluck-cms/pluck Software Link: https://github.com/pluck-cms/pluck Date of found: 10-07-2023 Author: Mirabbas Ağalarov Tested on: Linux import reques...
USB Flash Drives Control 4.1.0.0 - Unquoted Service Path Vulnerability
Exploit Title: USB Flash Drives Control 4.1.0.0 - Unquoted Service Path Exploit Author: Jeffrey Bencteux Vendor Homepage: https://binisoft.org/ Software Link: https://binisoft.org/wfc Version: 4.1.0.0 Tested on: Microsoft Windows 11 Pro Vulnerability Type: Unquoted Service Path PS C:\ wmic servic...
Arris Router Firmware 9.1.103 - Remote Code Execution (Authenticated) Exploit
Exploit Title: Arris Router Firmware 9.1.103 - Remote Code Execution RCE Authenticated Exploit Author: Yerodin Richards Vendor Homepage: https://www.commscope.com/ Version: 9.1.103 Tested on: TG2482A, TG2492, SBG10 CVE : CVE-2022-45701 import requests import base64 routerhost = "http://192.168.0....
ESM ETAP Safety Manager 1.0.0.32 Cross Site Scripting Vulnerability
ETAP Safety Manager 1.0.0.32 Remote Unauthenticated Reflected XSS Vendor: ETAP Lighting International NV Product web page: https://www.etaplighting.com Affected version: 1.0.0.32 Summary: The ETAP Safety Manager ESM is a central managing and control system that helps you to monitor, adjust and...
IdeaRE RefTree Path Traversal Vulnerability
=============================================================================== title: IdeaRE RefTree Download Path Traversal product: IdeaRE RefTree =============================================================================== EXECUTIVE SUMMARY RefTree is a web application made for managing...
WordPress Secure Copy Content Protection and Content Locking 2.8.1 Plugin - SQL-Injection Exploit
Exploit Title: WordPress Plugin Secure Copy Content Protection and Content Locking 2.8.1 - SQL-Injection Unauthenticated Exploit Author: Ron Jost Hacker5preme Vendor Homepage: https://ays-pro.com/ Software Link: https://downloads.wordpress.org/plugin/secure-copy-content-protection.2.8.1.zip...
Strapi CMS 3.0.0-beta.17.4 - Set Password (Unauthenticated) Exploit
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule "Strapi CMS 3.0.0-beta.17.4 - Set Password Unauthenticated Metasploit", 'Description' = %q This exploit module abuses the...
Online Resort Management System 1.0 - SQL injection (Authenticated) Vulnerability
Exploit Title: Online Resort Management System 1.0 - SQLi Authenticated Exploit Author: Gaurav Grover Vendor Homepage: Software Link: Version: 1.0 Tested on: Linux and windows both Summary: There are a vulnerabilities in Online Resort Management System ORMS 1. The attacker can easily retrieved th...
WebKit WebCore::FrameLoader::PolicyChecker::checkNavigationPolicy Heap Use-After-Free Vulnerability
WebKit: heap-use-after-free in WebCore::FrameLoader::PolicyChecker::checkNavigationPolicy VULNERABILITY DETAILS PolicyChecker.cpp: define ISALLOWED mframe.page ? mframe.page-sessionID.isAlwaysOnLoggingAllowed : false define PAGEID mframe.loader.pageID.valueOrPageIdentifier.toUInt64 define FRAMEID...
Alps HID Monitor Service 8.1.0.10 - (ApHidMonitorService) Unquote Service Path Vulnerability
Exploit Title: Alps HID Monitor Service 8.1.0.10 - 'ApHidMonitorService' Unquote Service Path Exploit Author: Héctor Gabriel Chimecatl Hernández Vendor Homepage: https://www.alps.com/e/ Software Link: https://www.alps.com/e/ Version: 8.1.0.10 Tested on: Windows 10 Home Single Language x64 Esp Ste...
GoAhead 2.5.0 - Host Header Injection Vulnerability
Exploit Title: GoAhead Web server HTTP Header Injection. Shodan Query: Server: Goahead Exploit Author: Ramikan Vendor Homepage: https://www.embedthis.com/goahead/ Affected Version: 2.5.0 may be others. Tested On Version: 2.5.0 in Cisco Switches and Net Gear routers. Vendor Fix: N/A CVE : N/A CVSS...
AZADMIN CMS 1.0 - SQL Injection Vulnerability
Exploit for php platform in category web applications + Sql Injection on AZADMIN CMS of HIDEA v1.0 + Date: 24/06/2019 + CWE Number : CWE-89 + Risk: High + Author: Felipe Andrian Peixoto + Vendor Homepage: https://www.hidea.com/ + Contact: email protected + Tested on: Windows 7 and Linux +...
QQ Mail hijacking account 0day Exploit
Using 0day exploit you can hijack any account and take possession of the correspondence...
Nutanix AOS & Prism < 5.5.5 (LTS) / < 5.8.1 (STS) SFTP Authentication Bypass Vulnerability
Exploit Title: Nutanix AOS & Prism - SFTP Authentication Bypass Exploit Author: Adam Brown Vendor Homepage: https://www.nutanix.org Software Link: https://www.nutanix.com/products/software-options/ Version: 5.5.5 LTS, 5.8.1 STS Tested on: Acropolis Operating System CVE : Related to CVE-2018-7750...
phpBB <= 2.0.19 (user_sig_bbcode_uid) Remote Code Execution Exploit
Exploit for unknown platform in category web applications =================================================================== phpBB new or die; $cookiejar = HTTP::Cookies-new; $xpl-cookiejar $cookiejar ; $xpl-proxy'http'='http://'.$proxy if $proxy; $ids = 'IDS:r57 phpBB2 exploit...
SpagoBI 3.5.1 Command Injection Vulnerability
CVE-2024-54794 Severity : Critical 9.1 CVSS score : CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H Summary : Engineering Ingegneria Informatica SpagoBI version 3.5.1 is affected by Command Injection vulnerability in the script input feature. Poc In the Poc the attacker has to be logged into the...
Wordpress Alemha Watermarker 1.3.1 Plugin - Stored Cross-Site Scripting Vulnerability
Exploit Title: Wordpress Plugin Alemha Watermarker 1.3.1 - Stored Cross-Site Scripting XSS Exploit Author: Erdemstar Vendor: https://wordpress.com/ Version: 1.3.1 Proof Of Concept: 1. Click Add New Watermark and enter the XSS payload into the Watermark Text. 2. Stored XSS will run on anyone who...
Online Diagnostic Lab Management 1.0 SQL Injection Vulnerability
Title: Online-Diagnostic-Lab-Management v1.0 Multiple-SQLi Author: nu11secur1ty Vendor: https://www.youtube.com/watch?v=0nA5xfQ5G0g Vendor: https://www.youtube.com/@MayuriK Software:...
Diafan CMS 6.0 - Reflected Cross-Site Scripting Vulnerability
Exploit Title: Diafan CMS 6.0 - Reflected Cross-Site Scripting XSS Exploit Author: tmrswrr / Hulya Karabag Vendor Homepage: https://www.diafancms.com/ Version: 6.0 Tested on: https://demo.diafancms.com Description: 1 https://demo.diafancms.com/ Go to main page and write your payload in Search in...
Arcsoft PhotoStudio 6.0.0.172 - Unquoted Service Path Vulnerability
Exploit Title: Arcsoft PhotoStudio 6.0.0.172 - Unquoted Service Path Date: 2023/04/22 Exploit Author: msd0pe Vendor Homepage: https://www.arcsoft.com/ My Github: https://github.com/msd0pe-1 Arcsoft PhotoStudio: Versions = wmic service get name,pathname,displayname,startmode | findstr /i auto |...
Sielco Analog FM Transmitter 2.12 Cookie Brute Force Vulnerability
Sielco Analog FM Transmitter 2.12 'id' Cookie Brute Force Session Hijacking Vendor: Sielco S.r.l Product web page: https://www.sielco.org Affected version: 2.12 EXC5000GX 2.12 EXC120GX 2.11 EXC300GX 2.10 EXC1600GX 2.10 EXC2000GX 2.08 EXC1600GX 2.08 EXC1000GX 2.07 EXC3000GX 2.06 EXC5000GX 1.7.7...
WiFi Mouse 1.8.3.2 - Remote Code Execution Exploit
Exploit Title: WiFi Mouse 1.8.3.2 - Remote Code Execution RCE Author: Payal Vendor Homepage: http://necta.us/ Software Link: http://wifimouse.necta.us/download Version: 1.8.3.2 Tested on: Windows 10 Pro Build 21H2 Desktop Server software used by mobile app has PIN option which does not to prevent...
Cisco Secure Email Gateway Malware Detection Evasion Vulnerability
Cisco Secure Email Gateways, formerly known as Cisco Ironport Email Security Appliances, that are configured to detect malicious email attachments, can easily be circumvented. A remote attacker can leverage error tolerance and different MIME decoding capabilities of email clients, compared with t...
Wordpress Zephyr Project Manager 3.2.42 Plugin - Multiple SQL injection Vulnerabilities
Exploit Title: Wordpress Plugin Zephyr Project Manager 3.2.42 - Multiple SQLi Exploit Author: Rizacan Tufan Blog Post: https://rizax.blog/blog/wordpress-plugin-zephyr-project-manager-multiple-sqli-authenticated Software Link: https://wordpress.org/plugins/zephyr-project-manager/ Vendor Homepage:...
Garage Management System 1.0 Shell Upload Exploit
Exploit Title: Garage Management System Remote Code Execution via File Upload Exploit Author: saitamang Vendor Homepage: https://www.sourcecodester.com Software Link: https://www.sourcecodester.com/sites/default/files/download/mayurik/garage.zip Version: 1.0 Tested on: Centos 7 + MySQL import...
libxml2 xmlBufAdd Heap Buffer Overflow Exploit
libxml2: heap-buffer-overflow in xmlBufAdd libxml2 is vulnerable to a heap-buffer-overflow when xmlBufAdd is called on a very large buffer: int xmlBufAddxmlBufPtr buf, const xmlChar str, int len unsigned int needSize; .. needSize = buf-use + len + 2; A if needSize buf-size .. if !xmlBufResizebuf,...
Microsoft Exchange Active Directory Topology 15.0.847.40 - Unquoted Service Path Vulnerability
Exploit Title: Microsoft Exchange Active Directory Topology 15.0.847.40 - 'Service MSExchangeADTopology' Unquoted Service Path Exploit Author: Antonio Cuomo arkantolo Vendor : Microsoft Version : 15.0.847.40 Tested on OS: Microsoft Exchange Server 2013 SP1 PoC : ============== C:\sc qc...
Sherpa Connector Service 2020.2.20328.2050 Unquoted Service Path Vulnerability
Exploit Title: Sherpa Connector Service v2020.2.20328.2050 - Unquoted Service Path Exploit Author: Manthan Chhabra netsectuna, Harshit fumenoid Version: 2020.2.20328.2050 Vendor Homepage: http://gimmal.com/ Vulnerability Type: Unquoted Service Path Tested on: Windows 10 CVE: CVE-2022-23909 Step t...
WordPress Contact Form Check Tester 1.0.2 Plugin - Broken Access Control Vulnerability
Exploit Title: WordPress Plugin Contact Form Check Tester 1.0.2 - Broken Access Control Author: 0xB9 Software Link: https://wordpress.org/plugins/contact-fo...ck-tester/ Version: 1.0.2 Tested on: Windows 10 CVE: CVE-2021-24247 1. Description: The plugin settings are visible to all registered user...
Lucee Administrator imgProcess.cfm Arbitrary File Write Exploit
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Lucee Administrator imgProcess.cfm Arbitrary File Write', 'Description' = %q This module exploits an arbitrary file write in Lucee Administrator'...
Nimsoft nimcontroller 7.80 Remote Code Execution Exploit
/ Exploit Title : Sing About Me, I'm Dying Of Thirst Exploit Author : wetw0rk Exploit Version : Public POC CVE : CVE-2020-8012 Vendor Homepage : https://docops.ca.com/ca-unified-infrastructure-management/9-0-2/en Software Version : 7.80 Tested on : Windows 10 Pro x64, Windows Server 2012 R2...
Inateck 2.4 GHz Wearable Wireless Presenter WP2002 Keystroke Injection Vulnerability
Product: 2.4 GHz Wearable Wireless Presenter WP2002 Manufacturer: Inateck Affected Versions: n/a Tested Versions: n/a Vulnerability Type: Insufficient Verification of Data Authenticity CWE-345 Keystroke Injection Vulnerability Risk Level: High Solution Status: Open Manufacturer Notification:...
KACE System Management Appliance (SMA) < 9.0.270 - Multiple Vulnerabilities
Exploit for php platform in category web applications Exploit Title: Dell Kace Appliance Multiple Vulnerabilities Exploit Author: SlidingWindow, Twitter: @kapilkhot Vendor Homepage: https://www.quest.com/products/kace-systems-management-appliance/ Affected Versions: KACE SMA versions prior to...
Data Center Audit 2.6.2 - Cross-Site Request Forgery (Update Admin) Vulnerability
Exploit for php platform in category web applications Exploit Title: Data Center Audit 2.6.2 - Cross-Site Request Forgery Update Admin Exploit Author: Ihsan Sencan Vendor Homepage: https://sourceforge.net/projects/datacenteraudit/ Software Link:...
WordPress LiteSpeed Cache Cookie Theft Exploit
This Metasploit module exploits an unauthenticated account takeover vulnerability in LiteSpeed Cache, a WordPress plugin that currently has around 6 million active installations. In LiteSpeed Cache versions prior to 6.5.0.1, when the Debug Logging feature is enabled, the plugin will log admin...
PluXml Blog 5.8.9 Remote Code Execution Vulnerability
Exploit Title: PluXml Blog Version : 5.8.9 - Remote Code Execution Authenticated Exploit Author: tmrswrr Category: Webapps Vendor Homepage: https://pluxml.org/ Version : 5.8.9 Tested on: https://www.softaculous.com/apps/cms/PluXml 1 After login Click Static pages Edit Write in content your payloa...
Bus Reservation System 1.1 - Multiple SQL injection Vulnerability
Title: Bus Reservation System-1.1 Multiple-SQLi Author: nu11secur1ty Vendor: https://www.phpjabbers.com/ Software: https://demo.phpjabbers.com/1693027053628/preview.php?lid=1 Reference: https://portswigger.net/web-security/sql-injection Description: The pickupid parameter appears to be vulnerable...
BTCPay Server v1.7.4 - HTML Injection Vulnerability
Exploit Title: BTCPay Server v1.7.4 - HTML Injection Exploit Author: Manojkumar J TheWhiteEvil Vendor Homepage: https://github.com/btcpayserver/btcpayserver Software Link: https://github.com/btcpayserver/btcpayserver/releases/tag/v1.7.5 Version: clickhere 3. Click remove/delete API key, the html...
wkhtmltopdf 0.12.6 - Server Side Request Forgery Vulnerability
Exploit Title: wkhtmltopdf 0.12.6 - Server Side Request Forgery Date: 20/8/2022 Exploit Author: Momen Eldawakhly Cyber Guy Vendor Homepage: https://wkhtmltopdf.org Software Link: https://wkhtmltopdf.org/downloads.html Version: 0.12.6 Tested on: Windows ASP.NET POST /PDF/FromHTML HTTP/1.1 Host:...
MSNSwitch Firmware MNT.2408 - Remote Code Exectuion Exploit
Exploit Title: MSNSwitch Firmware MNT.2408 - Remote Code Exectuion RCE Exploit Author: Eli Fulkerson Vendor Homepage: https://www.msnswitch.com/ Version: MNT.2408 Tested on: MNT.2408 firmware CVE: CVE-2022-32429 !/usr/bin/python3 """ POC for unauthenticated configuration dump, authenticated RCE o...
Showdoc 2.10.3 - Stored Cross-Site Scripting Vulnerability
Exploit Title: Showdoc 2.10.3 - Stored Cross-Site Scripting XSS Exploit Author: Akshay Ravi Vendor Homepage: https://github.com/star7th/showdoc Software Link: https://github.com/star7th/showdoc/releases/tag/v2.10.3 Version: alert1" 2. Login to showdoc v2.10.2 and go to file library Endpoint =...
PyScript - Read Remote Python Source Code Vulnerability
Exploit Title: PyScript Remote Emscripten VMemory Python libraries Source Codes Read Exploit Author: Momen Eldawakhly Cyber Guy Vendor Homepage: https://pyscript.net/ Software Link: https://github.com/pyscript/pyscript Version: 2022-05-04-Alpha Tested on: Ubuntu Apache Server CVE : CVE-2022-30286...
Zenario CMS 9.0.54156 - Remote Code Execution (Authenticated) Exploit
Exploit Title: Zenario CMS 9.0.54156 - Remote Code Execution RCE Authenticated Exploit Author: minhnq22 Vendor Homepage: https://zenar.io/ Software Link: https://zenar.io/download-page Version: 9.0.54156 Tested on: Ubuntu 21.04 CVE : CVE-2021–42171 Python3 import os import sys import json import...
WordPress 99robots Header Footer Code Manager 1.1.16 Cross Site Scripting Vulnerability
The Wordfence Threat Intelligence team responsibly disclosed a reflected Cross-Site Scripting XSS vulnerability in Header Footer Code Manager, a WordPress plugin with over 300,000 installations. The plugin publisher quickly acknowledged our initial contact and we sent the full disclosure details...
Exam Reviewer Management System 1.0 - Remote Code Execution (Authenticated) Vulnerability
Exploit Title: Exam Reviewer Management System 1.0 - Remote Code Execution RCE Authenticated Exploit Author: Juli Agarwal@agarwaljuli Vendor Homepage: https://www.sourcecodester.com/php/15160/simple-exam-reviewer-management-system-phpoop-free-source-code.html Software Link:...