39001 matches found
Composr CMS Version <=10.0.39 - Authenticated Remote Code Execution Exploit
Exploit Title: Composr-CMS Version Commandr !/usr/bin/python3 import requests from bs4 import BeautifulSoup import time cookies = 'hascookies': '1', 'PHPSESSID': 'ddf2e7c8ff1000a7c27b132b003e1f5c', You need to change this as it is dynamic 'commandrdir': 'L3Jhdy91cGxvYWRzL2ZpbGVkdW1wLw%3D%3D',...
Password Manager for IIS v2.0 - XSS Vulnerability
Exploit Title: Password Manager for IIS v2.0 - XSS Exploit Author: VP4TR10T Vendor Homepage: http://passwordmanager.adiscon.com/en/manual/ Software Link: http://passwordmanager.adiscon.com/ Version: Version 2.0 Tested on: WINDOWS CVE : CVE-2022-36664 Affected URI when changing user password: POST...
One Church Management System 1.0 Cross Site Scripting Vulnerability
Exploit Title: One Church Management System 1.0 - Multiple Cross-site Scripting Exploit Author: Mr Empy Software Link: https://www.sourcecodester.com/php/15225/church-management-software-free-download-full-version.html Version: 1.0 Tested on: Linux Title: ================ One Church Management...
WordPress Contact Form Entries Cross Site Scripting Vulnerability
WordPress Contact Form Entries plugin versions prior to 1.2.4 suffer from an unauthenticated persistent cross site scripting vulnerability. Exploit Title: Contact Form Entries Vulnerability Discovery: Gaetano Perrone aka gx1 Vendor Homepage: https://www.crmperks.com/ Software Link:...
Microsoft Internet Explorer / ActiveX Control - Security Bypass Vulnerability
Exploit Title: Microsoft Internet Explorer / ActiveX Control - Security Bypass Exploit Author: John Page aka hyp3rlinx Website: hyp3rlinx.altervista.org Source: http://hyp3rlinx.altervista.org/advisories/MICROSOFT-INTERNET-EXPLORER-ACTIVEX-CONTROL-SECURITY-BYPASS.txt twitter.com/hyp3rlinx ISR:...
Oracle WebLogic Server Administration Console Handle Remote Code Execution Exploit
This Metasploit module exploits a path traversal and a Java class instantiation in the handle implementation of WebLogic's Administration Console to execute code as the WebLogic user. Versions 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0, and 14.1.1.0.0 are known to be affected. Tested against...
CDATA OLTs Backdoor / Privilege Escalation / Information Disclosure Vulnerabilities
Various CDATA OLTs suffer from backdoor access with telnet, credential leaks, shell escape with root privileges, denial of service, and weak encryption algorithm vulnerabilities. Advisory Information Title: Multiple vulnerabilities found in CDATA OLTs Advisory URL:...
PHPMailer 5.2.21 Local File Disclosure Exploit
Exploit for php platform in category local exploits Exploit Title: PHPMailer SetFrom$POST"your-email", $POST"your-name"; $address = "email protected"; $mail-AddAddress$address, "root"; if isset$POST'cc' $mail-AddCC$POST"your-email", $POST"your-name"; $mail-Subject = "PHPMailer...
Microsoft Windows - SrvOs2FeaToNt SMB Remote Code Execution (MS17-010) Exploit
Exploit for windows platform in category remote exploits Exploit Author: Juan Sacco MS17-010 - https://technet.microsoft.com/en-us/library/security/ms17-010.aspx Tested on: Microsoft Windows Server 2008 x64 SP1 R2 Standard Description: SMBv1 SrvOs2FeaToNt OOB is prone to a remote code execution...
Apache mod_cgi Bash Environment Variable Code Injection Exploit
This Metasploit module exploits a code injection in specially crafted environment variables in Bash, specifically targeting Apache modcgi scripts through the HTTPUSERAGENT variable. This module requires Metasploit: http//metasploit.com/download Current source:...
NoteMark < 0.13.0 - Stored XSS Vulnerability
Exploit Title: Stored XSS in NoteMark Exploit Author: Alessio Romano sfoffo Vendor Homepage: https://notemark.docs.enchantedcode.co.uk/ Version: 0.13.0 and below Tested on: Linux References: https://notes.sfoffo.com/contributions/2024-contributions/cve-2024-41819,...
Visual Studio Code Execution Exploit
This Metasploit module creates a vsix file which can be installed in Visual Studio Code as an extension. At activation/install, the extension will execute a shell or two. Tested against VSCode 1.87.2 on Ubuntu 22.04. This module requires Metasploit: https://metasploit.com/download Current source:...
Wordpress WP Video Playlist 1.1.1 Plugin - Stored Cross-Site Scripting Vulnerability
Exploit Title: Wordpress Plugin WP Video Playlist 1.1.1 - Stored Cross-Site Scripting XSS Exploit Author: Erdemstar Vendor: https://wordpress.com/ Version: 1.1.1 Proof Of Concept: 1. Click Add Video part and enter the XSS payload as below into the first input of form or Request body named...
SimpleWebServer 2.2-rc2 Denial Of Service Exploit
!/usr/bin/perl use IO::Socket::INET; Exploit Title: PSimpleWebServer 2.2-rc2 - Denial of Service DoS Discovery by: Fernando Mengali Discovery Date: 11 january 2024 Vendor Homepage: http://www.pmx.it/ Download to demo:...
copyparty 1.8.2 - Directory Traversal Vulnerability
Exploit Title: copyparty 1.8.2 - Directory Traversal Exploit Author: Vartamtzidis Theodoros @TheHackyDog Vendor Homepage: https://github.com/9001/copyparty/ Software Link: https://github.com/9001/copyparty/releases/tag/v1.8.2 Version: =1.8.2 Tested on: Debian Linux CVE : CVE-2023-37474 Descriptio...
Cameleon CMS 2.7.4 - Persistent Stored XSS in Post Title Vulnerability
Exploit Title: Authenticated Persistent XSS in Cameleon CMS 2.7.4 Google Dork: intext:"Camaleon CMS is a free and open-source tool and a fexible content management system CMS based on Ruby on Rails" Exploit Author: Yasin Gergin Vendor Homepage: http://camaleon.tuzitio.com Software Link:...
LDAP Tool Box Self Service Password v1.5.2 - Account takeover Vulnerability
Exploit Title: LDAP Tool Box Self Service Password v1.5.2 - Account takeover Exploit Author: Tahar BENNACEF aka tar.gz Software Link: https://github.com/ltb-project/self-service-password Version: 1.5.2 Tested on: Ubuntu Self Service Password is a PHP application that allows users to change their...
Hashicorp Consul v1.0 - Remote Command Execution Exploit
Exploit Title: Hashicorp Consul v1.0 - Remote Command Execution RCE Exploit Author: GatoGamer1155, 0bfxgh0st Vendor Homepage: https://www.consul.io/ Description: Exploit for gain reverse shell on Remote Command Execution via API References: https://www.consul.io/api/agent/service.html Tested on:...
Human Resources Management System 1.0 SQL Injection Vulnerability
Exploit Title: Human Resources Management System - HRM - Multiple SQLi Exploit Author: Abdulhakim Öner Vendor Homepage: https://www.sourcecodester.com Software Link: https://www.sourcecodester.com/php/15740/human-resource-management-system-project-php-and-mysql-free-source-code.html Software...
Chrome JSNativeContextSpecialization::BuildElementAccess Bypass Exploit
Chrome: Copy-on-write check bypass in JSNativeContextSpecialization::BuildElementAccess VULNERABILITY DETAILS Copy-on-write is one of V8's internal optimization features that allows multiple JavaScript objects to share the same element store. This feature is primarily used to optimize creation of...
Product Show Room Site 1.0 Cross Site Scripting Vulnerability
Product Show Room Site - 'Telephone' Stored Cross-Site ScriptingXSS Exploit Title: Product Show Room Site - 'Telephone' Stored Cross-Site ScriptingXSS Exploit Author: email protected inc Vendor Homepage: https://www.sourcecodester.com/php/15370/product-show-room-site-phpoop-free-source-code.html...
Attendance and Payroll System v1.0 - SQL injection Authentication Bypass Exploit
Exploit Title: Attendance and Payroll System v1.0 - SQLi Authentication Bypass Exploit Author: pr0z Vendor Homepage: https://www.sourcecodester.com Software Link: https://www.sourcecodester.com/sites/default/files/download/oretnom23/apsystem.zip Version: v1.0 Tested on: Linux, MySQL, Apache impor...
Simple Online College Entrance Exam System 1.0 - Account Takeover Vulnerability
Exploit Title: Simple Online College Entrance Exam System 1.0 - Account Takeover Exploit Author: Amine ismail @aminei Vendor Homepage: https://www.sourcecodester.com/php/14976/simple-online-college-entrance-exam-system-php-and-sqlite-free-source-code.html Software Link:...
Apartment Visitor Management System (AVMS) 1.0 - SQL injection to Remote Code Execution 0day Exploit
Exploit Title: Apartment Visitor Management System AVMS 1.0 - SQLi to RCE Exploit Author: mari0x00 Vendor Homepage: https://phpgurukul.com/apartment-visitors-management-system-using-php-and-mysql/ Software Link: https://phpgurukul.com/?smdprocessdownload=1&downloadid=10395 Version: 1.0 Tested on:...
Shenzhen Skyworth RN510 Information Disclosure Vulnerability
Overview ======== Title:- UnAuthenticated Sensitive information Discloser in RN510 Mesh Extender. CVE-ID :- CVE-2021-25326 Author: Kaustubh G. Padwad Vendor: Shenzhen Skyworth Digital Technology Company Ltd.http://www.skyworthdigital.com/products Products: 1. RN510 with firmware V.3.1.0.4 Tested...
QiHang Media Web Digital Signage 3.0.9 Credential Disclosure Vulnerability
QiHang Media Web Digital Signage version 3.0.9 suffers from a clear-text credential disclosure vulnerability that allows an unauthenticated attacker to issue a request to an unprotected directory that hosts an XML file /xml/User/User.xml and obtain administrative login information that allows for...
Gantt-Chart For Jira 5.5.3 Missing Privilege Check Vulnerability
Gantt-Chart for Jira versions 5.5.3 and below misses a privilege check which allows an attacker to read and write the module configuration for other users. Product: Jira module "Gantt-Chart for Jira" Manufacturer: Frank Polscheit - Solutions & IT-Consulting Affected Versions: =5.5.3 Tested...
Bludit - Directory Traversal Image File Upload Exploit
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "Bludit Directory Traversal Image File Upload Vulnerability", 'Description' = %q This module exploits a vulnerability in Bludit. A remote user cou...
Windows Kernel - Out-of-Bounds Read in CI!CipFixImageType While Parsing Malformed PE File
We have encountered a Windows kernel crash in CI!CipFixImageType while trying to load a malformed PE image into the process address space as a data file i.e. LoadLibraryExLOADLIBRARYASDATAFILE | LOADLIBRARYASIMAGERESOURCE. An example crash log generated after triggering the bug is shown below: --...
OpenSLP 2.0.0 - Multiple Vulnerabilities
Exploit for linux platform in category local exploits OpenSLP 2.0.0 - Multiple Vulnerabilities ========================== I discovered some bugs in openslp-2.0.0 back in January, 2018. One of them I disclosed in June dumpco.re/blog/openslp-2.0.0-double-free, and today I'm disclosing two more. BUG...
Gate Pass Management System 2.1 - login SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: Gate Pass Management System 2.1 - 'login' SQL Injection Exploit Author: Ihsan Sencan Vendor Homepage: http://www.livebms.com Software Link: https://netcologne.dl.sourceforge.net/project/gatepass/gpmsUpdate.zip Version: 2.1...
WampServer 3.1.2 CSRF to add or delete any virtual hosts remotely Vulnerability
Exploit for php platform in category web applications WampServer 3.1.2 CSRF to add or delete any virtual hosts remotely CVE-2018-8817 CSRF Cross site request forgery in WampServer 3.1.2 which allows a remote attacker to force any victim to add or delete virtual hosts...
Piwik 2.14.3 PHP Object Injection Vulnerability
Piwik versions 2.14.3 and below suffer from a PHP object injection vulnerability that can lead to remote code execution. ----------------------------------------------------------------------- Piwik = 2.14.3 DisplayTopKeywords PHP Object Injection Vulnerability...
QEMU Programmable Interrupt Timer Controller Heap Overflow Exploit
Exploit for multiple platform in category dos / poc Source: https://code.google.com/p/google-security-research/issues/detail?id=419c4 The programmable interrupt timer PIT controller in QEMU does not correctly validate the channel number when performing IO writes to the device controller, allowing...
Windows Kerberos - Elevation of Privilege (MS14-068) Exploit
Exploit for windows platform in category remote exploits !/usr/bin/python MS14-068 Exploit Author ------ Sylvain Monne Contact : sylvain dot monne at solucom dot fr http://twitter.com/bidord import sys, os from random import getrandbits from time import time, localtime, strftime from kek.ccache...
Cherokee web server v1.2.101 Full Path Disclosure
This bug is a remote 'Full Path Disclosure in Cherokee web server version 1.2.101 the attacker can use this bug for get Important information and Navigate between files/folders of server and get the content. 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /...
PHPhotoalbum Remote File Upload Vulnerability
Exploit for unknown platform in category web applications ============================================= PHPhotoalbum Remote File Upload Vulnerability ============================================= 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0...
Invision Power Board Dragoran Portal Mod <= 1.3 SQL Injection Exploit
Exploit for unknown platform in category web applications ===================================================================== Invision Power Board Dragoran Portal Mod Invision Power Board plugin Created By SkOd SED security Team , http://sed-team.be google: "Portal 1.3 by Dragoran" use...
Devika v1 - Path Traversal via (snapshot_path) Exploit
Exploit Title: Devika v1 - Path Traversal via 'snapshotpath' Parameter Exploit Author: Alperen Ergel Contact: @alpernae IG/X Vendor Homepage: https://devikaai.co/ Software Link: https://github.com/stitionai/devika Version: v1 Tested on: Windows 11 Home Edition CVE: CVE-2024-40422 !/usr/bin/python...
PHPJabbers Vacation Rental Script 4.0 - CSRF Vulnerability
Exploit Title: PHPJabbers Vacation Rental Script 4.0 - CSRF Exploit Author: Hasan Ali YILDIR Vendor Homepage: https://www.phpjabbers.com/ Software Link: https://www.phpjabbers.com/vacation-rental-script/ Version: 4.0 Tested on: Windows 10 Pro Description The attacker can send to victim a link...
Wordpress EventON Calendar 4.4 Plugin - Unauthenticated Post Access via IDOR Vulnerability
Exploit Title: Wordpress Plugin EventON Calendar 4.4 - Unauthenticated Post Access via IDOR Exploit Author: Miguel Santareno Vendor Homepage: https://www.myeventon.com/ Version: 4.4 Tested on: Google and Firefox latest version CVE : CVE-2023-3219 1. Description The plugin does not validate that t...
mRemoteNG v1.77.3.1784-NB - Cleartext Storage of Sensitive Information in Memory Exploit
Exploit Title: mRemoteNG v1.77.3.1784-NB - Cleartext Storage of Sensitive Information in Memory Exploit Author: Maximilian Barz Vendor Homepage: https://mremoteng.org/ Software Link: https://mremoteng.org/download Version: mRemoteNG = v1.77.3.1784-NB Tested on: Windows 11 CVE : CVE-2023-30367 /...
PaulPrinting CMS - Multiple Cross Site Web Vulnerabilities
Exploit Title: PaulPrinting CMS - Multiple Cross Site Web Vulnerabilities Common Vulnerability Scoring System: ==================================== 5.8 Vulnerability Class: ==================== Cross Site Scripting - Persistent Current Estimated Price: ======================== 500€ - 1.000€ Produ...
Raspberry Pi Camera Server 1.0 Authentication Bypass Vulnerability
Exploit Title: "camp" Raspberry Pi camera server 1.0 - Authentication Bypass Exploit Author: Elias Hohl Vendor Homepage: https://github.com/patrickfuller Software Link: https://github.com/patrickfuller/camp Version: bf6af5c2e5cf713e4050c11c52dd4c55e89880b1 Tested on: Ubuntu 20.04 CVE :...
IOTransfer V4 - Unquoted Service Path Vulnerability
Exploit Title: IOTransfer V4 - Unquoted Service Path Exploit Author: BLAY ABU SAFIAN Inveteck Global Vendor Homepage: http://www.iobit.com/en/index.php Software Link: https://iotransfer.itopvpn.com/download/ Tested Version: V4 Vulnerability Type: Unquoted Service Path Tested on OS: Microsoft...
Warehouse Management System 2022 Multiple SQL injection Vulnerabilities
Title: Warehouse Management System 2022 ML-SQLi Author: nu11secur1ty Date: 06.13.2022 Vendor: https://www.sourcecodester.com/users/tips23 Software: https://www.sourcecodester.com/php-codeigniter-warehouse-management-system-free-source-code Reference:...
Bakery Shop Management System 1.0 Local File Inclusion Vulnerability
Title: Bakery Shop Management System 1.0 LFI To RCE Author: Hejap Zairy Date: 06.04.2022 Vendor: https://www.campcodes.com/projects/php/simple-bakery-shop-management-system/ Software: https://www.campcodes.com/wp-content/uploads/2022/02/bsms0.zip Reference: https://github.com/Matrix07ksa Tested o...
Fingerprint Attendance 1.0 Shell Upload Vulnerability
Title: Fingerprint Attendance 1.0 Shell Upload Author: Hejap Zairy Vendor: https://www.vetbossel.in/fingerprint-attendance-project-php/ Software: https://app.box.com/s/xlyqalhvayq8oi25tqykcbouzrrjytqy Reference: https://github.com/Matrix07ksa Tested on: Windows, MySQL, Apache registered user can...
Sandboxie Plus 5.50.2 - (Service SbieSvc) Unquoted Service Path Vulnerability
Exploit Title: Sandboxie-Plus 5.50.2 - 'Service SbieSvc' Unquoted Service Path Exploit Author: Antonio Cuomo arkantolo Vendor : David Xanatos Version : SbieSvc 5.50.2 Vendor Homepage : https://sandboxie-plus.com/ Tested on OS: Windows 10 Pro x64 PoC : ============== C:\sc qc SbieSvc SC...
Yellowfin Cross Site Scripting / Insecure Direct Object Reference Vulnerabilities
Yellowfin versions prior to 9.6.1 suffer from persistent cross site scripting and insecure direct object reference vulnerabilities. YELLOWFIN 9.6.1 MULTIPLE VULNERABILITIES ---------------------------------------------------- Vulnerability: ============== Stored Cross-Site Scripting Affected...