39001 matches found
VSCode ipynb Remote Code Execution Exploit
VSCode when opening a Jupyter notebook .ipynb file bypasses the trust model. On versions v1.4.0 through v1.71.1, its possible for the Jupyter notebook to embed HTML and javascript, which can then open new terminal windows within VSCode. Each of these new windows can then execute arbitrary code at...
SnipeIT 6.2.1 - Stored Cross Site Scripting Vulnerability
Exploit Title: SnipeIT 6.2.1 - Stored Cross Site Scripting Exploit Author: Shahzaib Ali Khan Vendor Homepage: https://snipeitapp.com Software Link: https://github.com/snipe/snipe-it/releases/tag/v6.2.1 Version: 6.2.1 Tested on: Windows 11 22H2 and Ubuntu 20.04 CVE: CVE-2023-5452 Description:...
Linksys AX3200 V1.1.00 - Command Injection Vulnerability
Exploit Title: Linksys AX3200 V1.1.00 - Command Injection Exploit Author: Ahmed Alroky Author: Linksys Version: 1.1.00 Authentication Required: YES CVE : CVE-2022-38841 Tested on: Windows Proof Of Concept: 1 - login into AX3200 webui 2 - go to diagnostics page 3 - put "google.com|ls" to perform a...
Marty Marketplace Multi Vendor Ecommerce Script 1.2 SQL Injection Vulnerability
┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...
HighCMS / HighPortal 12.x SQL Injection Vulnerability
Exploit Title: HighCMS/HighPortal v12.x SQL Inj Type : WEBAPPS "HighCMS/HighPortal" Platform : ASP.NET Exploit Author : E1.Coders Software Link : https://aryanic.com/page/portal Version : v12.x Category : Webapps Tested on: Linux/Windows Google Dork:...
Telesquare TLR-2855KS6 - Arbitrary File Creation Vulnerability
Exploit Title: Telesquare TLR-2855KS6 - Arbitrary File Creation Exploit Author: Momen Eldawakhly Cyber Guy Vendor Homepage: http://www.telesquare.co.kr/ Version: TLR-2855KS6 Tested on: Linux Firefox CVE : CVE-2021-46418 Proof of Concept PUT /cgi-bin/testingcve.txt HTTP/1.1 Host: 192.168.1.5...
FAUST iServer 9.0.018.018.4 Local File Inclusion Vulnerability
Land Software's FAUST iServer versions 9.0.017.017.1-3 through 9.0.018.018.4 suffer from a local file inclusion vulnerability. ======================================================================= title: Local file inclusion vulnerability product: Land Software - FAUST iServer vulnerable versio...
Wordpress BulletProof Security 5.1 Plugin - Sensitive Information Disclosure Vulnerability
Exploit Title: Wordpress Plugin BulletProof Security 5.1 - Sensitive Information Disclosure Exploit Author: Ron Jost Hacker5preme Vendor Homepage: https://forum.ait-pro.com/read-me-first/ Software Link: https://downloads.wordpress.org/plugin/bulletproof-security.5.1.zip Version: = 5.1 Tested on:...
Active WebCam 11.5 - Unquoted Service Path Vulnerability
Exploit Title: Active WebCam 11.5 - Unquoted Service Path Exploit Author: Salman Asad @deathflash1411, email protected Software Link: https://www.techspot.com/downloads/175-active-webcam.html Vendor Homepage: https://www.pysoft.com/ Version: 11.5 Tested on: Windows 10 Note: "Start on Windows...
Strapi 3.0.0-beta - Set Password (Unauthenticated) Exploit
Exploit Title: Strapi 3.0.0-beta - Set Password Unauthenticated Date: 2021-08-29 Exploit Author: David Anglada CodiObert Vendor Homepage: https://strapi.io/ Version: 3.0.0-beta Tested on: Linux CVE: CVE-2019-18818 !/usr/bin/python import requests import sys import json userEmail = "email protecte...
MailCarrier 2.51 - POP3 (USER) Buffer Overflow Exploit
!/usr/bin/python Exploit Title: MailCarrier 2.51 - Remote Buffer Overflow in "USER" commandPOP3 Exploit Author: Dino Covotsos - Telspace Systems Vendor Homepage: https://www.tabslab.com/ Version: 2.51 Software Link: N.A Contact: [email protected] Twitter: @telspacesystems Greets to the...
Apache Struts 2.x Remote Code Execution Vulnerability
Man Yue Mo from the Semmle Security Research team noticed that Apache Struts versions 2.3 to 2.3.34 and 2.5 to 2.5.16 suffer from possible remote code execution vulnerabilities. CVEID:CVE-2018-11776 PRODUCT:Apache Struts VERSION:Apache Struts 2.3 to 2.3.34 and 2.5 to 2.5.16 PROBLEMTYPE:Remote Cod...
Flash ActiveX 28.0.0.137 - Code Execution Exploit (2)
Exploit for windows platform in category local exploits CVE-2018-4878 Pop up a calculator - Requires Flash ActiveX 28.0.0.137 Download: https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/bin-sploits/44745.swf 0day.today 2018-05-24...
WordPress Gallery 2.3.6 Cross Site Scripting Vulnerability
Exploit Title: Wordpress Gallery Version 2.3.6 Stored XSS Exploit Author: tmrswrr Category : Webapps Vendor Homepage: https://total-soft.com/wp-video-gallery/ Version 2.3.6 Steps to Execute the Payload: 1. Access the Admin Panel: - Navigate to the admin panel of your WordPress site. - Go to TS...
Winter CMS 1.2.3 - Server-Side Template Injection (SSTI) (Authenticated) Vulnerability
Exploit Title: Winter CMS 1.2.2 - Server-Side Template Injection SSTI Authenticated Exploit Author: tmrswrr Vendor: https://wintercms.com/ Software Link: https://github.com/wintercms/winter/releases/v1.2.2 Vulnerable Versions: 1.2.2 Tested : https://www.softaculous.com/demos/WinterCMS 1 Login wit...
projectSend r1605 - CSV injection Vulnerability
Exploit Title: projectSend r1605 - CSV injection Version: r1605 Bugs: CSV Injection Technology: PHP Vendor URL: https://www.projectsend.org/ Software Link: https://www.projectsend.org/ Author: Mirabbas Ağalarov Tested on: Windows 2. Technical Details & POC ========================================...
eXtplorer <= 2.1.14 - Authentication Bypass & Remote Code Execution Exploit
Exploit Title: eXtplorer= 2.1.14 - Authentication Bypass & Remote Code Execution RCE Exploit Author: ErPaciocco Author Website: https://erpaciocco.github.io Vendor Homepage: https://extplorer.net/ Vendor: ============== extplorer.net Product: ================== eXtplorer = v2.1.14 eXtplorer is a...
Music Gallery Site 1.0 Cross Site Scripting Vulnerability
Exploit Title: Music Gallery Site - Cross Site Scripting Vulnerability Authenticated Exploit Author: Abdulhakim Öner Vendor Homepage: https://www.sourcecodester.com Software Link: https://www.sourcecodester.com/php/16073/music-gallery-site-using-php-and-mysql-database-free-source-code.html Softwa...
VMware NSX Manager XStream Unauthenticated Remote Code Execution Exploit
VMware Cloud Foundation NSX-V contains a remote code execution vulnerability via XStream open source library. VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.8. Due to an unauthenticated endpoint that leverages XStream for...
Transposh WordPress Translation 1.0.7 Cross Site Scripting Vulnerability (2)
Transposh WordPress Translation versions 1.0.7 and below have an ajax action "tptp" that is vulnerable to an unauthenticated/authenticated reflected cross site scripting vulnerability when user-supplied input to the HTTP GET parameter "q" is processed by the web application. Since the application...
OpenCart So Listing Tabs 2.2.0 Unsafe Deserialization Vulnerability
Affected Versions: Version 2.2.0 is affected, and prior versions are likely affected too. - Vulnerabilities Description: Vulnerable component is switching to another tab. To exploit vulnerability, an attacker may send a POST request with application/x-www-form-urlencoded content-type to AJAX...
ImpressCMS 1.4.2 Path Traversal Vulnerability
----------------------------------------------------------------- ImpressCMS getVar 'imagename' 162. if @unlink ICMSIMANAGERFOLDERPATH . '/temp/' . $simagetemp 163. $msg = MDAMDBUPDATED; ... 190. else 191. if copy ICMSIMANAGERFOLDERPATH . '/temp/' . $simagetemp, $categpath . $imgname 192. @unlink...
meterN v1.2.3 - Remote Code Execution Exploit
Exploit Title: meterN v1.2.3 - Remote Code Execution RCE Authenticated Exploit Author: LiquidWorm Vendor Homepage: https://www.metern.org !-- meterN v1.2.3 Authenticated Remote Command Execution Vulnerability Vendor: Jean-Marc Louviaux Product web page: https://www.metern.org Affected version:...
Lifestyle Store 1.0 Cross Site Scripting Vulnerability
Lifestyle Store 1.0 Cross Site Scripting Exploit Title: Lifestyle Store Online Shop Store 1.0 - Reflected Cross-Site Scripting XSS Author: Thamer https://twitter.com/thamer9900 Software Link: https://download-media.code-projects.org/2021/07/OnlineShopStoreInPHPWithSourceCode.zip Version: 1.0.0...
macOS < 10.14.5 / iOS < 12.3 XNU - in6_pcbdetach Stale Pointer Use-After-Free Exploit
macOS soflags & SOFPCBCLEARING struct ipmoptions imo; struct ip6moptions im6o; inp-inpvflag = 0; if inp-in6poptions != NULL mfreeminp-in6poptions; inp-in6poptions = NULL; // in6poutputopts; // in6proute; // free IPv4 related resources in case of mapped addr if inp-inpoptions != NULL void...
Notepad3 1.0.2.350 - Denial of Service Exploit
Exploit for windows platform in category dos / poc Exploit Title: Notepad3 1.0.2.350 - Denial of Service PoC Exploit Author: Ihsan Sencan Vendor Homepage: http://www.rizonesoft.com/ Software Link: https://netix.dl.sourceforge.net/project/notepad3/Notepad3%20Build%20350/Notepad3-1.0.2.350.exe...
Atlassian Jira Authenticated Upload Code Execution Exploit
This Metasploit module can be used to execute a payload on Atlassian Jira via the Universal Plugin ManagerUPM. The module requires valid login credentials to an account that has access to the plugin manager. The payload is uploaded as a JAR archive containing a servlet using a POST request agains...
AMPPS 2.7 - Denial of Service Exploit
Exploit for windows platform in category dos / poc Exploit Title: AMPPS 2.7 - Denial of Service PoC Exploit Author: Ihsan Sencan Vendor Homepage: http://www.ampps.com/ Software Link: https://kent.dl.sourceforge.net/project/ampps/2.7/Ampps-2.7-setup.exe Version: 2.7 Category: Dos Tested on:...
Hikvision DVR RTSP Request Remote Code Execution Exploit
This module exploits a buffer overflow in the RTSP request parsing code of Hikvision DVR appliances. The Hikvision DVR devices record video feeds of surveillance cameras and offer remote administration and playback of recorded footage. The vulnerability is present in several models / firmware...
Human Resource Management System v1.0 - Multiple SQL injection Vulnerability
Title: Human Resource Management System v1.0 - Multiple SQLi Author: nu11secur1ty Vendor: https://github.com/oretnom23 Software: https://www.sourcecodester.com/php/15740/human-resource-management-system-project-php-and-mysql-free-source-code.html Reference:...
Event Booking Calendar 4.0 Cross Site Scripting Vulnerability
Title: Event Booking Calendar-4.0 XSS-Reflected Author: nu11secur1ty Vendor: https://www.phpjabbers.com/ Software: https://www.phpjabbers.com/event-booking-calendar/sectionDemo Reference: https://portswigger.net/web-security/cross-site-scripting/reflected Description: The value of the index reque...
Fortigate 7.0.1 Stack Overflow Exploit
c@ubuntu:/LABS$ cat fp17.py !/usr/bin/env python3 fortigate 7.0.1 postauth stack overflow 0day more: https://code610.blogspot.com/2023/04/fuzzing-fortigate-7.html Pid: 00243, application: newcli, Firmware: FortiGate-VM64 v7.0.1,build0157b0157,210714 GA Release, Signal 6 received, Backtrace:...
Online Computer and Laptop Store 1.0 - Remote Code Execution Exploit
!/usr/bin/env python3 Exploit Title: Online Computer and Laptop Store 1.0 - Remote Code Execution RCE Date: 09/04/2023 Exploit Author: Matisse Beckandt Backendt Vendor Homepage:...
Grand Theft Auto III/Vice City Skin File v1.1 - Buffer Overflow Exploit
Exploit Title: Grand Theft Auto III/Vice City Skin File v1.1 - Buffer Overflow Discovered and Written by: Knursoft Vendor Homepage: https://www.rockstargames.com/ Version: v1.1 Tested on: Windows XP SP2/SP3, 7, 10 21H2 CVE : N/A 1 - Run this python script to generate "evil.bmp" file. 2 - Copy it ...
Judging Management System 1.0 SQL Injection Vulnerability
Judging Management System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass. Exploit Title: Judging Management System v1.0 - Authentication Bypass Exploit Author: Angelo Pio Amirante Vendor Homepage: https://www.sourcecodester.com/ Software Link:...
WordPress Videos sync PDF 1.7.4 Plugin - Stored Cross Site Scripting Vulnerability
Exploit Title: WordPress Plugin Videos sync PDF 1.7.4 - Stored Cross Site Scripting XSS Google Dork: inurl:/wp-content/plugins/video-synchro-pdf/ Exploit Author: UnD3sc0n0c1d0 Vendor Homepage: http://www.a-j-evolution.com/ Software Link:...
ImpressCMS 1.4.2 Incorrect Access Control Vulnerability
-------------------------------------------------------------------------- ImpressCMS validateToken$REQUEST'token', false 22. $denied = false; 23. 24. elseif isobjecticms::$user && icms::$user-isAdmin 25. $denied = false; 26. 27. if $denied 28. icmscoreMessage::errorNOPERM; 29. exit; 30. This...
Cobian Backup 11 Gravity 11.2.0.582 - (Password) Denial of Service Exploit
Exploit Title: Cobian Backup 11 Gravity 11.2.0.582 - 'Password' Denial of Service PoC Discovery by: Luis Martinez Vendor Homepage: https://www.cobiansoft.com/ Software Link: https://files.cobiansoft.com/programs/cbSetup.exe Tested Version: 11.2.0.582 Vulnerability Type: Denial of Service DoS Loca...
Zepl Notebook Sandbox Escape Vulnerability
Exploit Title: Zepl Notebook - Sandbox Escape Vendor Homepage: https://zepl.com/ Software Link: https://app.zepl.com/ Version: Affects all versions of the product up to the date of this submission Tested on: The issue affects all versions of the product up to the date of this submission Exploit...
Online Diagnostic Lab Management System 1.0 - Stored Cross Site Scripting Vulnerability
Exploit Title: Online Diagnostic Lab Management System 1.0 - Stored Cross Site Scripting XSS Exploit Author: Himash Vendor Homepage: https://www.sourcecodester.com/php/15129/online-diagnostic-lab-management-system-php-free-source-code.html Software Link:...
Online Railway Reservation System 1.0 - (id) SQL Injection Vulnerability
Exploit Title: Online Railway Reservation System 1.0 - 'id' SQL Injection Unauthenticated Exploit Author: twseptian Vendor Homepage: https://www.sourcecodester.com/php/15121/online-railway-reservation-system-phpoop-project-free-source-code.html Software Link:...
Cypress Solutions CTM-200/CTM-ONE Hard-Coded Credentials Remote Root Exploit
Cypress Solutions CTM-200/CTM-ONE suffers from a hard-coded credential remote root vulnerability via telnet and ssh. !/usr/bin/env python3 Cypress Solutions CTM-200/CTM-ONE Hard-coded Credentials Remote Root Telnet/SSH Vendor: Cypress Solutions Inc. Product web page: https://www.cypress.bc.ca...
Argus Surveillance DVR 4.0 - Unquoted Service Path Vulnerability
Exploit Title: Argus Surveillance DVR 4.0 - Unquoted Service Path Exploit Author: Salman Asad @deathflash1411, email protected Version: Argus Surveillance DVR 4.0 Tested on: Windows 10 Note: "Start as service on Windows Startup" must be enabled in Program Options Proof of Concept: C:\Users\deaths...
Linux eBPF ALU32 32-bit Invalid Bounds Tracking Local Privilege Escalation Exploit
Linux kernels from 5.7-rc1 prior to 5.13-rc4, 5.12.4, 5.11.21, and 5.10.37 are vulnerable to a bug in the eBPF verifier's verification of ALU32 operations in the scalar32minmaxand function when performing AND operations, whereby under certain conditions the bounds of a 32 bit register would not b...
Gila CMS 1.1.18.1 SQL Injection / Shell Upload Exploit
This Metasploit module exploits a remote SQL injection vulnerability in the "query" parameter found on Gila CMS version 1.1.18.1. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' require "net/http"...
AMD Secure Encrypted Virtualization (SEV) Key Recovery Vulnerability
AMD Secure Encrypted Virtualization SEV is a hardware memory encryption feature. SEV protects guest virtual machines from the hypervisor, provides confidentiality guarantees at runtime and remote attestation at launch time. The SEV elliptic-curve ECC implementation was found to be vulnerable to a...
Sricam gSOAP 2.8 - Denial of Service Exploit
!/bin/bash Exploit Title: Sricam gSOAP 2.8 - Denial of Service Date: 25/01/2019 Vendor Status: Informed 24/10/2018 CVE ID: CVE-2019-6973 Exploit Author: Andrew Watson Contact: https://keybase.io/bitfu Software Version: Sricam gSOAP 2.8 Vendor Homepage: http://www.sricam.com/ Tested on: Sricam IP...
Linux kernel < 4.10.15 - Race Condition Privilege Escalation Exploit
Exploit for linux platform in category local exploits PoC for CVE-2017-10661, triggers UAF with KASan enabled in kernel 4.10 / include include include include include include include include include include include include include include include include include define RACETIME 1000000 int fd; in...
Joomla Akeeba Kickstart Unserialize Remote Code Execution Exploit
This Metasploit module exploits a vulnerability found in Joomla! through 2.5.25, 3.2.5 and earlier 3.x versions and 3.3.0 through 3.3.4 versions. The vulnerability affects the Akeeba component, which is responsible for Joomla! updates. Nevertheless it is worth to note that this vulnerability is...
Woltlab Burning Board Lite 1.0.2 decode_cookie() SQL Injection Exploit
Exploit for unknown platform in category web applications ====================================================================== Woltlab Burning Board Lite 1.0.2 decodecookie SQL Injection Exploit ====================================================================== ?php printr'...