39001 matches found
Inim Electronics Smartliving SmartLAN 6.x - Hard-coded Credentials Vulnerability
Exploit for hardware platform in category web applications Exploit Title: Inim Electronics Smartliving SmartLAN 6.x - Hard-coded Credentials Exploit Author: LiquidWorm Product web page: https://www.inim.biz Link:...
Microsoft Windows - CmpAddRemoveContainerToCLFSLog Arbitrary File/Directory Creation Exploit
Windows: CmpAddRemoveContainerToCLFSLog Arbitrary File/Directory Creation EoP Platform: Windows 10 1809 not tested earlier Class: Elevation of Privilege Security Boundary per Windows Security Service Criteria: User boundary Summary: The kernel’s CmpAddRemoveContainerToCLFSLog function doesn’t...
FreeBSD rtld execl() Privilege Escalation Exploit
This Metasploit module exploits a vulnerability in the FreeBSD run-time link-editor rtld. The rtld unsetenv function fails to remove LD environment variables if findenv fails. This can be abused to load arbitrary shared objects using LDPRELOAD, resulting in privileged code execution. This module...
WordPress Custom Frontend Login Registration Form 1.01 Cross Site Scripting Vulnerability
Exploit for php platform in category web applications ======================================================================================== Custom Frontend Login Registration Form v1.01 WP Plugin - Multiple XSS Vulnerabilities...
EdTv 2 - id SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: EdTv 2 - 'id' SQL Injection Exploit Author: Ihsan Sencan Vendor Homepage: http://edtv.edsup.org/ Software Link: https://ayera.dl.sourceforge.net/project/edtv/beta/edtv2go.zip Version: 2 Category: Webapps Tested on:...
Python socket.recvfrom_into() remote buffer overflow exploit
Proof of concept, that demonstrated the remote exploitability of this python socket flaw, if the python code uses recvfrominto unsafelly. To avoid NX, ret2libc can be used thanx to !/usr/bin/env python ''' Exploit Title: python socket.recvfrominto remote buffer overflow Date: 21/02/2014 Exploit...
Apache Struts 2 DefaultActionMapper Prefixes OGNL Code Execution
The Struts 2 DefaultActionMapper supports a method for short-circuit navigation state changes by prefixing parameters with "action:" or "redirect:", followed by a desired navigational target expression. This mechanism was intended to help with attaching navigational information to buttons within...
ABB Cylon Aspect 3.08.01 databaseFileDelete.php Command Injection Vulnerability
ABB Cylon Aspect version 3.08.01 suffers from an unauthenticated OS command injection vulnerability. This can be exploited to inject and execute arbitrary shell commands through the file HTTP POST parameter called by the databaseFileDelete.php script. ABB Cylon Aspect 3.08.01 databaseFileDelete.p...
Online Fire Reporting System OFRS - SQL Injection Authentication Bypass Exploit
Exploit Title: Online Fire Reporting System SQL Injection Authentication Bypass Exploit Author: Diyar Saadi Vendor Homepage: https://phpgurukul.com/online-fire-reporting-system-using-php-and-mysql/ Software Link: https://phpgurukul.com/projects/Online-Fire-Reporting-System-using-PHP.zip Version: ...
Grocy <= 4.0.2 - CSRF Vulnerability
Exploit Title: Grocy history.pushState'','', '/'; document.forms0.submit; If a user is logged into the Grocy Webapp at time of execution, a new user will be created in the app with the following credentials Username: hacker Password: test Note: In order for this to work, the target must have Crea...
PluXml Blog 5.8.9 Remote Code Execution Vulnerability
Exploit Title: PluXml Blog Version : 5.8.9 - Remote Code Execution Authenticated Exploit Author: tmrswrr Category: Webapps Vendor Homepage: https://pluxml.org/ Version : 5.8.9 Tested on: https://www.softaculous.com/apps/cms/PluXml 1 After login Click Static pages Edit Write in content your payloa...
BuildaGate5library v5 - Reflected Cross-Site Scripting Vulnerability
Exploit Title: BuildaGate5library v5 - Reflected Cross-Site Scripting XSS Date: 06/07/2023 Exploit Author: Idan Malihi Vendor Homepage: None Version: 5 Tested on: Microsoft Windows 10 Pro CVE : CVE-2023-36163 PoC: An attacker just needs to find the vulnerable parameter mc= and inject the JS code...
GitLab v15.3 - Remote Code Execution (Authenticated) Exploit
Exploit Title: GitLab v15.3 - Remote Code Execution RCE Authenticated Exploit Author: Antonio Francesco Sardella Vendor Homepage: https://about.gitlab.com/ Software Link: https://about.gitlab.com/install/ Version: GitLab CE/EE, all versions from 11.3.4 prior to 15.1.5, 15.2 to 15.2.3, 15.3 to...
Ancillary Function Driver (AFD) For Winsock Privilege Escalation Exploit
A vulnerability exists in the Windows Ancillary Function Driver for Winsock afd.sys can be leveraged by an attacker to escalate privileges to those of NT AUTHORITY\SYSTEM. Due to a flaw in AfdNotifyRemoveIoCompletion, it is possible to create an arbitrary kernel Write-Where primitive, which can b...
X-Skipper-Proxy v0.13.237 - Server Side Request Forgery Vulnerability
Exploit Title: X-Skipper-Proxy v0.13.237 - Server Side Request Forgery SSRF Exploit Author: Hosein Vita & Milad Fadavvi Vendor Homepage: https://github.com/zalando/skipper Software Link: https://github.com/zalando/skipper Version: v0.13.237 Tested on: Linux CVE: CVE-2022-38580 Summary: Skipper...
wkhtmltopdf 0.12.6 - Server Side Request Forgery Vulnerability
Exploit Title: wkhtmltopdf 0.12.6 - Server Side Request Forgery Date: 20/8/2022 Exploit Author: Momen Eldawakhly Cyber Guy Vendor Homepage: https://wkhtmltopdf.org Software Link: https://wkhtmltopdf.org/downloads.html Version: 0.12.6 Tested on: Windows ASP.NET POST /PDF/FromHTML HTTP/1.1 Host:...
Online Market Place Site 1.0 Cross Site Scripting Vulnerability
Exploit Title: Online Market Place Site v1.0 - Stored Cross-Site Scripting XSS Exploit Author: Joe Pollock Vendor Homepage: https://www.sourcecodester.com/php/15273/online-market-place-site-phpoop-free-source-code.html Software Link:...
Showdoc 2.10.3 - Stored Cross-Site Scripting Vulnerability
Exploit Title: Showdoc 2.10.3 - Stored Cross-Site Scripting XSS Exploit Author: Akshay Ravi Vendor Homepage: https://github.com/star7th/showdoc Software Link: https://github.com/star7th/showdoc/releases/tag/v2.10.3 Version: alert1" 2. Login to showdoc v2.10.2 and go to file library Endpoint =...
WordPress 99robots Header Footer Code Manager 1.1.16 Cross Site Scripting Vulnerability
The Wordfence Threat Intelligence team responsibly disclosed a reflected Cross-Site Scripting XSS vulnerability in Header Footer Code Manager, a WordPress plugin with over 300,000 installations. The plugin publisher quickly acknowledged our initial contact and we sent the full disclosure details...
Cisco IP Phone Cleartext Password Storage Vulnerability
Cisco IP Phone Series 78x1, 88x5, 88x1, 7832, 8832, 8821 and 3905 suffer from an insecure password storage vulnerability. ======================================================================= title: Cleartext Storage of Phone Password product: Cisco IP Phone Series 78x1, 88x5, 88x1, 7832, 8832,...
Daily Tracker System 1.0 Cross Site Scripting Vulnerability
Exploit for php platform in category web applications Exploit Title: Daily Tracker System v1.0 - Reflected Cross Site Scripting XSS Exploit Author: Adeeb Shah Vendor Homepage: https://www.sourcecodester.com/ Software Link:...
Daily Expense Tracker 1.0 SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: Daily Expense Tracker 1.0 - Authentication Bypass Exploit Author: gh1mau Team Members: Capt'N,muzzo,chaos689 | https://h0fclanmalaysia.wordpress.com/ Vendor Homepage:...
Oracle Coherence Fusion Middleware Remote Code Execution Exploit
Exploit Title: Oracle Coherence Fusion Middleware - Remote Author: nu11secur1ty Vendor: Oracle Link: https://github.com/nu11secur1ty/Windows10Exploits/tree/master/Undefined/CVE-2020-2555 CVE: CVE-2020-2555 + Credits: Ventsislav Varbanovski @ nu11secur1ty + Website: https://www.nu11secur1ty.com/ +...
Webexcels Ecommerce CMS 2.x SQL Injection / Cross Site Scripting Vulnerabilities
Exploit for php platform in category web applications Exploit Title: Webexcels Ecommerce CMS SQL Injection & XSS Vulnerability Google Dork: intext:intext:" By WEB EXCELS "+inurl:"?Id=" Exploit Author: @ThelastVvV Vendor Homepage: https://www.webexcels.com/ Version: 2.x 2017,2018,2019,2020 Tested...
D-LINK Central WifiManager (CWM 100) 1.03 r0098 Server-Side Request Forgery Vulnerability
Using a web browser or script server-side request forgery SSRF can be initiated against internal/external systems to conduct port scans by leveraging D-LINK's MailConnect component. The MailConnect feature on D-Link Central WiFiManager CWM-100 version 1.03 r0098 devices is intended to check a...
Linux Ubuntu - Other Users coredumps can be read via setgid Directory and killpriv Bypass Exploit
Exploit for linux platform in category dos / poc / Note: I am both sending this bug report to email protected and filing it in the Ubuntu bugtracker because I can't tell whether this counts as a kernel bug or as a Ubuntu bug. You may wish to talk to each other to determine the best place to fix...
Lanifex DMO <= 2.3b (_incMgr) Remote File Include Exploit
Exploit for unknown platform in category web applications ========================================================= Lanifex DMO s...
Automad 2.0.0-alpha.4 - Stored Cross-Site Scripting Vulnerability
Exploit Title: Automad 2.0.0-alpha.4 - Stored Cross-Site Scripting XSS Exploit Author: Jerry Thomas w3bn00b3r Vendor Homepage: https://automad.org Software Link: https://github.com/marcantondahmen/automad Category: Web Application Flat File CMS Version: 2.0.0-alpha.4 Tested on: Docker version...
Elber Reble610 M/ODU XPIC IP-ASI-SDH Microwave Link Insecure Direct Object Reference Vulnerability
Elber Reble610 M/ODU XPIC IP-ASI-SDH Microwave Link suffers from an unauthenticated device configuration and client-side hidden functionality disclosure vulnerability. Elber Reble610 M/ODU XPIC IP-ASI-SDH Microwave Link Device Config Vendor: Elber S.r.l. Product web page: https://www.elber.it...
Online Thesis Archiving System v1.0 - Multiple SQL injection Vulnerability
Exploit Title: Online Thesis Archiving System v1.0 - Multiple-SQLi Author: nu11secur1ty Vendor: https://github.com/oretnom23 Software: https://www.sourcecodester.com/php/15083/online-thesis-archiving-system-using-phpoop-free-source-code.html Reference:...
Sales Tracker Management System v1.0 - Multiple Vulnerabilities
Exploit Title: Sales Tracker Management System v1.0 – Multiple Vulnerabilities EXPLOIT-AUTHOR: AFFAN AHMED Vendor Homepage: Software Link: Version: 1.0 Tested on: Windows 11 + XAMPP CVE : CVE-2023-3184 ============================== CREDENTIAL TO USE ============================== ADMIN-ACCOUNT...
Anevia Flamingo XS 3.6.5 Authenticated Root Remote Code Execution Vulnerability
Anevia Flamingo XS version 3.6.5 suffers from an authenticated remote code execution vulnerability. A remote attacker can exploit this issue and execute arbitrary system commands granting her system access with root privileges. Anevia Flamingo XS 3.6.5 Authenticated Root Remote Code Execution...
phpMyFAQ v3.1.12 - CSV Injection Vulnerability
Exploit Title: phpMyFAQ v3.1.12 - CSV Injection Application: phpMyFAQ Version: 3.1.12 Bugs: CSV Injection Technology: PHP Vendor URL: https://www.phpmyfaq.de/ Software Link: https://download.phpmyfaq.de/phpMyFAQ-3.1.12.zip Date of found: 21.04.2023 Author: Mirabbas Ağalarov Tested on: Windows 2...
Paradox Security Systems IPR512 - Denial Of Service Exploit
!/bin/bash Exploit Title: Paradox Security Systems IPR512 - Denial Of Service Google Dork: intitle:"ipr512 - login screen" Date: 09-APR-2023 Exploit Author: Giorgi Dograshvili Vendor Homepage: Paradox - Headquarters https://www.paradox.com/Products/default.asp?PID=423 Version: IPR512 CVE :...
Adobe Connect 11.4.5 - Local File Disclosure Vulnerability
Title: Adobe Connect 11.4.5 - Local File Disclosure Author: h4shur date:2021.01.16-2023.02.17 CVE: CVE-2023-22232 Vendor Homepage: https://www.adobe.com Software Link: https://www.adobe.com/products/adobeconnect.html Version: 11.4.5 and earlier, 12.1.5 and earlier User interaction: None Tested on...
SolarWinds Information Service (SWIS) Remote Command Execution Exploit
The SolarWinds Information Service SWIS is vulnerable to remote code execution by way of a crafted message received through the AMQP message queue. A malicious user that can authenticate to the AMQP service can publish such a crafted message whose body is a serialized .NET object which can lead t...
Joomla MyMuse 4.3.0 SQL Injection Vulnerability
┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ┌┘ Exploits ┌┘ └───────────────────────────────────────────────────────────────────────────────────────┘┘ : Author : CraCkEr : │ Website : extensions.joomla.org │ │ Vendor : Gordon Fisch - joomlamymuse.com ...
Online Market Place Site 1.0 SQL Injection Exploit
Online Market Place Site version 1.0 suffers from an unauthenticated blind SQL injection vulnerability allowing remote attackers to dump the SQL database via time-based SQL injection. Exploit Title: Online Market Place Site v1.0 - Unauthenticated Blind Time-Based SQL Injection Exploit Author: Joe...
Microweber CMS 1.2.15 - Account Takeover Vulnerability
Exploit Title: Microweber CMS 1.2.15 - Account Takeover Exploit Author: Manojkumar J Vendor Homepage: https://github.com/microweber/microweber Software Link: https://github.com/microweber/microweber/releases/tag/v1.2.15 Version: =1.2.15 Tested on: Windows10 CVE : CVE-2022-1631 Description:...
WordPress amministrazione-aperta 3.7.3 Plugin - Local File Read - Unauthenticated Vulnerability
Exploit Title: WordPress Plugin amministrazione-aperta 3.7.3 - Local File Read - Unauthenticated Google Dork: inurl:/wp-content/plugins/amministrazione-aperta/ Exploit Author: Hassan Khan Yusufzai - Splint3r7 Vendor Homepage: https://wordpress.org/plugins/amministrazione-aperta/ Version: 3.7.3...
WordPress Product Slider for WooCommerce 1.13.21 Plugin - Cross Site Scripting Vulnerability
Exploit Title: WordPress Plugin Product Slider for WooCommerce 1.13.21 - Cross Site Scripting XSS Author: 0xB9 Software Link: https://wordpress.org/plugins/woocommerc...ts-slider/ Version: 1.13.21 Tested on: Windows 10 CVE: CVE-2021-24300 1. Description: This plugin is a easy carousel slider for...
BIG-IP 15.0.0 < 15.1.0.3 - Traffic Management User Interface (TMUI) Remote Code Execution (2)
Exploit for linux platform in category web applications BIG-IP 15.0.0 15.1.0.3 / 14.1.0 14.1.2.5 / 13.1.0 13.1.3.3 / 12.1.0 12.1.5.1 / 11.6.1 11.6.5.1 - Traffic Management User Interface 'TMUI' Remote Code Execution RCE: curl -v -k 'https://F5...
Joomla! 3.4.6 - Remote Code Execution Exploit
Exploit for php platform in category web applications Exploit Title: Joomla! 3.4.6 - Remote Code Execution Metasploit Vendor Homepage: https//www.joomla.it/ Software Link: https://downloads.joomla.org/it/cms/joomla3/3-4-6 Version: 3.0.0 -- 3.4.6 Tested on: Linux CVE : N/A This module requires...
Thunderbird ESR < 60.7.XXX - parser_get_next_char Heap-Based Buffer Overflow Vulnerability
Heap-based buffer overflow in Thunderbird ========================================= Severity Rating: High Confirmed Affected Versions: All versions affected Confirmed Patched Versions: Thunderbird ESR 60.7.XXX Vendor: Thunderbird Vendor URL: https://www.thunderbird.net/ Vendor Reference:...
EasyIO 30P Authentication Bypass / Cross Site Scripting Vulnerabilities
EasyIO 30P versions prior to 2.0.5.27 suffer from authentication bypass and cross site scripting vulnerabilities. EasyIO 30P Authentication Bypass / Cross Site Scripting Vulnerabilities INFORMATION Product: EasyIO 30P http://www.easyio.com Affected versions: 2.0.5.27 tested on version 2.0.5.16 CV...
Rmedia SMS 1.0 - SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: Rmedia SMS 1.0 - SQL Injection Exploit Author: Ihsan Sencan Vendor Homepage: http://sms.rmediaindia.com/ Software Link: https://master.dl.sourceforge.net/project/rmediasms/rmediasms.rar Version: 1.0 Category: Webapps Tested on:...
ZTE ZXDSL-931VII Unauthenticated Configuration Dump
Unauthenticated Configuration File Download and Decompression of the config.bin file by L0ukanik0s,GR 2014,email protected Usage Info Visit the Url provided above and get a copy of the configuration.bin file form the ZTE router then run the script and decompress the .bin file to get the...
Book Gallery (aboutbook.php) SQL Injection Vulnerability
Exploit for php platform in category web applications ======================================================== Book Gallery aboutbook.php SQL Injection Vulnerability ======================================================== Version: 1.0 Author: Mr.P3rfekT Software Link:N/A Tested on Lunix CVE : N/...
iFrame for Phpnuke (iframe.php) Remote File Inclusion Vulnerability
Exploit for unknown platform in category web applications =================================================================== iFrame for Phpnuke iframe.php Remote File Inclusion Vulnerability =================================================================== iFRAME for PhpNuke iframe.php Remote...
VSCode ipynb Remote Code Execution Exploit
VSCode when opening a Jupyter notebook .ipynb file bypasses the trust model. On versions v1.4.0 through v1.71.1, its possible for the Jupyter notebook to embed HTML and javascript, which can then open new terminal windows within VSCode. Each of these new windows can then execute arbitrary code at...