39001 matches found
Zyxel Unauthenticated LAN Remote Code Execution Exploit
This Metasploit module exploits a buffer overflow in the zhttpd binary /bin/zhttpd. It is present on more than 40 Zyxel routers and CPE devices. The code execution vulnerability can only be exploited by an attacker if the zhttp webserver is reachable. No authentication is required. After...
Spitfire CMS 1.0.475 PHP Object Injection Vulnerability
Spitfire CMS version 1.0.475 is prone to a PHP object injection vulnerability due to the unsafe use of unserialize function. A potential attacker, authenticated, could exploit this vulnerability by sending specially crafted requests to the web application containing malicious serialized input...
Feehi CMS 2.1.1 - Remote Code Execution (Authenticated) Vulnerability
Exploit Title: Feehi CMS 2.1.1 - Remote Code Execution RCE Authenticated Exploit Author: yuyudhn Vendor Homepage: https://feehi.com/ Software Link: https://github.com/liufee/cms Version: 2.1.1 REQUIRED Tested on: Linux, Docker CVE : CVE-2022-34140 Proof of Concept: 1. Login using admin account at...
Social Share Buttons 2.2.3 SQL injection Vulnerability
Title: Social Share Buttons-2.2.3 SQLi Author: nu11secur1ty Vendor: https://wordpress.org/ Software: https://downloads.wordpress.org/plugin/social-share-buttons-by-supsystic.2.2.3.zip Reference:...
FruityWifi Remote Code Execution Exploit
This is an exploit for FruityWifi that binds a shell to tcp port 4444 using a remote code execution vulnerability leveraged via a SOAP request. !/usr/bin/python3 -- coding: utf-8 -- usage: ./akhlutprowlingterror.py http://phishingsiteurl text=''' -o==============o- ████ ██████ ██████ ██ ██ ██████...
Wordpress 404 to 301 2.0.2 Plugin - SQL Injection (Authenticated) Exploit
Exploit Title: Wordpress Plugin 404 to 301 2.0.2 - SQL-Injection Authenticated Exploit Author: Ron Jost Hacker5preme Vendor Homepage: https://de.wordpress.org/plugins/404-to-301/ Software Link: https://downloads.wordpress.org/plugin/404-to-301.2.0.2.zip Version: = 2.0.2 Tested on: Ubuntu 20.04 CV...
Chaos Ransomware Builder 4 Insecure Permissions Vulnerability
Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/8b855e56e41a6e10d28522a20c1e0341.txt Contact: email protected Media: twitter.com/malvuln Threat: Chaos Ransomeware Builder v4 Vulnerability: Insecure Permissions Description: The malware writes an .EXE...
Online Examination System Project 1.0 SQL Injection Vulnerability
Title: Online Examination System Project 1.0 SQL - Injections Author: nu11secur1ty Vendor: https://projectworlds.in/free-projects/php-projects/ Software: https://projectworlds.in/free-projects/php-projects/online-examination/ Description: The eid parameter in account.php from Online Examination...
Library System in PHP 1.0 - (publisher name) Stored Cross-Site Scripting Vulnerability
Exploit Title: Library System in PHP 1.0 - 'publisher name' Stored Cross-Site Scripting XSS Exploit Author: Akash Rajendra Patil Vendor Homepage: https://www.yahoobaba.net/project/library-system-in-php Software Link: https://www.yahoobaba.net/project/library-system-in-php Version: V 1.0 Tested on...
WordPress Hotel Listing 3 Plugin - (Multiple) Cross-Site Scripting Vulnerability
Exploit Title: WordPress Plugin Hotel Listing 3 - 'Multiple' Cross-Site Scripting XSS Exploit Author: Vulnerability Lab Vendor Homepage: https://hotel.eplug-ins.com/ Software Link: https://hotel.eplug-ins.com/hoteldoc/ Version: v3 Document Title: =============== Hotel Listing WP Plugin v3.x -...
Online Enrollment Management System 1.0 - Authentication Bypass Vulnerability
Exploit Title: Online Enrollment Management System 1.0 - Authentication Bypass Exploit Author: Amine ismail @aminei Vendor Homepage: https://www.sourcecodester.com/php/12914/online-enrollment-management-system-paypal-payments-phpmysqli.html Software Link:...
OpenBSD OpenSMTPD 6.6 Remote Code Execution Exploit
smtpmailaddr in smtpsession.c in OpenSMTPD version 6.6, as used in OpenBSD version 6.6 and other products, allows remote attackers to execute arbitrary commands as root via a crafted SMTP session, as demonstrated by shell metacharacters in a MAIL FROM field. This affects the "uncommented" default...
iMessage - NSKeyedUnarchiver Deserialization Allows file Backed NSData Objects Exploit
The class NSDataFileBackedFuture can be deserialized even if secure encoding is enabled. This class is a file-backed NSData object that loads a local file into memory when the NSData bytes selector is called. This presents two problems. First, it could potentially allow undesired access to local...
GAT-Ship Web Module 1.30 Information Disclosure Vulnerability
Exploit for multiple platform in category web applications GAT-Ship Web Module 1.30 - Unauthenticated Information Disclosure Vulnerability It is possible in versions 1.30 and below for unauthenticated attackers to query the GAT-Ship Web Module for system information via a crafted request: PoC:...
Huawei eSpace Meeting 1.1.11.103 - (cenwpoll.dll) SEH Buffer Overflow (Unicode) Exploit
!/usr/bin/env python -- coding: utf-8 -- Huawei eSpace Meeting cenwpoll.dll Unicode Stack Buffer Overflow with SEH Overwrite Vendor: Huawei Technologies Co., Ltd. Product web page: https://www.huawei.com Affected application: eSpace 1.1.11.103 aka eSpace ECS, eSpace Desktop, eSpace Meeting, eSpac...
Chrome 72.0.3626.119 FileReader Use-After-Free Exploit
This exploit takes advantage of a use after free vulnerability in Google Chrome 72.0.3626.119 running on Windows 7 x86. The FileReader.readAsArrayBuffer function can return multiple references to the same ArrayBuffer object, which can be freed and overwritten with sprayed objects. The dangling...
Reliable Datagram Sockets (RDS) Privilege Escalation Exploit
This Metasploit module exploits a vulnerability in the rdspagecopyuser function in net/rds/page.c RDS in Linux kernel versions 2.6.30 to 2.6.36-rc8 to execute code as root CVE-2010-3904. This Metasploit module has been tested successfully on Fedora 13 i686 with kernel version...
MySQl 5.1 DLL Hijacking Exploit (lPK.dll)
Exploit for windows platform in category local exploits ========================================= MySQl 5.1 DLL Hijacking Exploit lPK.dll ========================================= / Exploit Title: MySQl 5.1 DLL Hijacking Exploit lPK.dll Date: Octobre 6, 2010 Author: Mu$lim email protected Version...
Gibbon 26.0.00 Server-Side Template Injection / Remote Code Execution Exploit
Exploit Title: Gibbon LMS has an SSTI vulnerability on the v26.0.00 version Exploit Author: SecondX.io Research TeamIslam Rzayev,Fikrat Guliev, Ali Maharramli Vendor Homepage: https://gibbonedu.org/ Software Link: https://github.com/GibbonEdu/core Version: v26.0.00 Tested on: Ubuntu 22.0 CVE :...
AdminLTE PiHole 5.18 - Broken Access Control Vulnerability
Exploit Title: AdminLTE PiHole ' HTTP requests GET /admin/scripts/pi-hole/php/queryads.php?domain=' HTTP/1.1 HOST: pi.hole Cookie: ..SNIPPED.. ..SNIPPED.. HTTP Response HTTP/1.1 200 OK ..SNIPPED.. data: Match found in ..SNIPPED.. data: data: data:...
POS Codekop v2.0 - Authenticated Remote Code Execution Vulnerability
Exploit Title: POS Codekop v2.0 - Authenticated Remote Code Execution RCE Exploit Author: yuyudhn Vendor Homepage: https://www.codekop.com/ Software Link: https://github.com/fauzan1892/pos-kasir-php Version: 2.0 Tested on: Linux CVE: CVE-2023-36348 Vulnerability description: The application does...
Companymaps v8.0 - Stored Cross Site Scripting Vulnerability
Exploit Title: Companymaps V8.0 - Stored Cross Site Scripting XSS Exploit Author: Lucas Noki 0xPrototype Vendor Homepage: https://github.com/vogtmh Software Link: https://github.com/vogtmh/cmaps Version: 8.0 Tested on: Mac, Windows, Linux CVE : CVE-2023-29983 Steps to reproduce: 1. Clone the...
Active eCommerce CMS 6.5.0 - Stored Cross-Site Scripting Vulnerability
Exploit Title: Active eCommerce CMS 6.5.0 - Stored Cross-Site Scripting XSS Exploit Author: Sajibe Kanti Vendor Name: ActiveITzone Vendor Homepage: https://activeitzone.com/ Software Link: https://codecanyon.net/item/active-ecommerce-cms/23471405 Version: 6.5.0 Tested on: Live Centos & Litespeed...
Social-Share-Buttons v2.2.3 - SQL Injection Vulnerability
Title: Social-Share-Buttons v2.2.3 - SQL Injection Author: nu11secur1ty Vendor: https://wordpress.org/ Software: https://downloads.wordpress.org/plugin/social-share-buttons-by-supsystic.2.2.3.zip Reference:...
Zillya Total Security 3.0.2367.0 / 3.0.2368.0 Local Privilege Escalation Vulnerability
Zillya Total Security versions 3.0.2367.0 and 3.0.2368.0 suffer from a local privilege escalation vulnerability via a symlink vulnerability when using the quarantine module. Title: Zillya Total Security - Link Following Local Privilege Escalation AVGater Vulnerability Author: M. Akil Gündoğan...
School Club Application System v1.0 SQL injection Vulnerability
Title: School Club Application System v1.0 SQLi Author: nu11secur1ty Vendor: https://www.sourcecodester.com/users/tips23 Software: https://www.sourcecodester.com/php/15266/school-club-application-system-phpoop-free-source-code.html Reference:...
Cobian Backup Gravity 11.2.0.582 - (CobianBackup11) Unquoted Service Path
Exploit Title: Cobian Backup Gravity 11.2.0.582 - 'CobianBackup11' Unquoted Service Path Discovery by: Luis Martinez Vendor Homepage: https://www.cobiansoft.com/ Software Link : https://files.cobiansoft.com/programs/cbSetup.exe Tested Version: 11.2.0.582 Vulnerability Type: Unquoted Service Path...
Aruba ClearPass Policy Manager 6.7.0 - Unauthenticated Remote Command Execution Exploit
Exploit Title: Aruba ClearPass Policy Manager 6.7.0 - Unauthenticated Remote Command Execution Exploit Author: SpicyItalian Vendor Homepage: https://www.arubanetworks.com/products/security/network-access-control/ Version: ClearPass 6.7.x prior to 6.7.13-HF, ClearPass 6.8.x prior to 6.8.5-HF,...
IBM TM1 / Planning Analytics - Unauthenticated Remote Code Execution Exploit (2)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'openssl' class MetasploitModule "IBM TM1 / Planning Analytics Unauthenticated Remote Code Execution", 'Description' = %q This module exploits a vulnerability in...
Drobo 5N2 4.1.1 - Remote Command Injection Exploit
Exploit Title: Drobo 5N2 4.1.1 - Remote Command Injection Date: 2020-03-12 Exploit Author: Rick Ramgattie, Ian Sindermann Vendor Homepage: https://www.drobo.com/ Version: 4.1.1 and lower. CVE: CVE-2018-14709, CVE-2018-14701 !/usr/bin/env python3 nasty.py - A proof-of-concept utility for malicious...
Joomla com_newsfeeds 1.0 Component - (feedid) SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: Joomla! Component comnewsfeeds 1.0 - 'feedid' SQL Injection Author: Milad Karimi Software Link: Version: Category : webapps Tested on: windows 10 , firefox CVE : CWE-89 Dork: inurl:index.php?option=comnewsfeeds...
PRO-7070 Hazır Profesyonel Web Sitesi 1.0 - Authentication Bypass Vulnerability
Exploit for php platform in category web applications Exploit Title: PRO-7070 Hazır Profesyonel Web Sitesi 1.0 - Authentication Bypass Exploit Author: Ahmet Ümit BAYRAM Vendor Homepage: https://www.websitem.biz/hazir-site/pro-7070-hazir-mobil-tablet-uyumlu-web-sitesi Tested on: Kali Linux Version...
FreeSWITCH Event Socket Command Execution Exploit
This Metasploit module uses the FreeSWITCH event socket interface to execute system commands using the system API command. The event socket service is enabled by default and listens on TCP port 8021 on the local network interface. This module has been tested successfully on FreeSWITCH versions:...
Wondershare Application Framework Service - (WsAppService) Unquote Service Path Vulnerability
Exploit Title: Wondershare Application Framework Service - "WsAppService" Unquote Service Path Exploit Author: chuyreds Vendor Homepage: https://www.wondershare.com/ Software Link: https://www.wondershare.com/drfone/ Version: 2.4.3.231 Tested on: Windows 10 Home Single Language CVE : N/A Service...
ZyXEL P-660HN-T1 V2 Missing Authentication / Password Disclosure Vulnerabilities
Exploit for hardware platform in category web applications Description: The rpWLANRedirect.asp ASP page is accessible without authentication on ZyXEL P-660HN-T1 V2 2.00AAKK.3 devices. After accessing the page, the admin user's password can be obtained by viewing the HTML source code, and the...
Linux/MIPS Kernel NetUSB - Remote Code Execution Exploit
Exploit for multiple platform in category remote exploits !/usr/bin/env python Source: http://haxx.in/blasty-vs-netusb.py CVE-2015-3036 - NetUSB Remote Code Execution exploit Linux/MIPS =========================================================================== This is a weaponized exploit for th...
Microsoft Windows Defender / Trojan.Win32/Powessere.G - Detection Mitigation Bypass Vulnerability
Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: https://hyp3rlinx.altervista.org/advisories/MICROSOFTWINDOWSDEFENDERTROJAN.WIN32.POWESSERE.GMITIGATIONBYPASSPART2.txt + twitter.com/hyp3rlinx + ISR: ApparitionSec Vendor www.microsoft.com Product Windows Defender...
Joomla Solidres 2.13.3 - Reflected XSS Vulnerability
Exploit Title: Joomla Solidres 2.13.3 - Reflected XSS Exploit Author: CraCkEr Vendor: Solidres Team Vendor Homepage: http://solidres.com/ Software Link: https://extensions.joomla.org/extension/vertical-markets/booking-a-reservations/solidres/ Demo: http://demo.solidres.com/joomla Version: 2.13.3...
copyparty v1.8.6 - Reflected Cross Site Scripting Vulnerability
Exploit Title: copyparty v1.8.6 - Reflected Cross Site Scripting XSS Exploit Author: Vartamtezidis Theodoros @TheHackyDog Vendor Homepage: https://github.com/9001/copyparty/ Software Link: https://github.com/9001/copyparty/releases/tag/v1.8.6 Version: =1.8.6 Tested on: Debian Linux CVE :...
Webkul Qloapps 1.5.2 - Cross-Site Scripting Vulnerability
Exploit Title: Webkul Qloapps 1.5.2 - Cross-Site Scripting XSS Exploit Author: Astik Rawat ahrixia Vendor Homepage: https://qloapps.com/ Software Link: https://github.com/webkul/hotelcommerce Version: 1.5.2 Tested on: Kali Linux 2022.4 CVE : CVE-2023-30256 Description: A Cross Site Scripting XSS...
Art Gallery Management System Project v1.0 - Reflected Cross-Site Scripting Vulnerability
Exploit Title: Art Gallery Management System Project v1.0 - Reflected Cross-Site Scripting XSS Exploit Author: Rahul Patwari Vendor Homepage: https://phpgurukul.com/ Software Link: https://phpgurukul.com/projects/Art-Gallery-MS-PHP.zip Version: 1.0 Tested on: XAMPP / Windows 10 CVE : CVE-2023-231...
Reprise Software RLM v14.2BL4 - Cross-Site Scripting Vulnerability
Exploit Title: Reprise Software RLM v14.2BL4 - Cross-Site Scripting XSS Exploit Author: Mohammed A.Siledar Author Company : reprisesoftware Version: rlm.v14.2BL4 Vendor home page : https://reprisesoftware.com Software Link:...
Helmet Store Showroom v1.0 - SQL Injection Vulnerability
Exploit Title: Helmet Store Showroom v1.0 - SQL Injection Exploit Author: Ameer Hamza Vendor Homepage: https://www.sourcecodester.com/php/15851/helmet-store-showroom-site-php-and-mysql-free-source-code.html Software Link:...
D-Link DIR 819 A1 - Denial of Service Exploit
Exploit Title: DLink DIR 819 A1 - Denial of Service Date: 30th September, 2022 Exploit Author: @whokilleddb https://twitter.com/whokilleddb Vendor Homepage: https://www.dlink.com/en/products/dir-819-wireless-ac750-dual-band-router Version: DIR-819 Firmware Version : 1.06 Hardware Version : A1...
MiniDVBLinux 5.4 SVDRP Control Vulnerability
MiniDVBLinux 5.4 Simple VideoDiskRecorder Protocol SVDRP svdrpsend.sh Exploit Vendor: MiniDVBLinux Product web page: https://www.minidvblinux.de Affected version: =5.4 Summary: MiniDVBLinuxTM Distribution MLD. MLD offers a simple way to convert a standard PC into a Multi Media Centre based on the...
HP LaserJet Professional M1210 MFP Series Receive Fax Service - Unquoted Service Path
Exploit Title: HP LaserJet Professional M1210 MFP Series Receive Fax Service - Unquoted Service Path Exploit Author: Ali Alipour Vendor Homepage: https://support.hp.com/us-en/document/c01998934 Software Link:...
GtkRadiant 1.6.6 Buffer Overflow Exploit
===== Intro ===== GtkRadiant is a cross-platform level editor software for idtech game engines such as Quake. It comes with data authoring tools and a BSP map compiler called q3map2 which parses MAP files. The code has been around for a long time and uses unsafe string copy and format functions. ...
Microfinance Management System 1.0 SQL Injection Vulnerability
Microfinance Management System version suffers from multiple remote SQL injection vulnerabilities including one that allows for authentication bypass. Original discovery of SQL injection in this version is attributed to Hejap Zairy in March of 2022. Exploit Title: Microfinance Management System 1...
Home Owners Collection Management System 1.0 - Account Takeover Vulnerability
Exploit Title: Home Owners Collection Management System 1.0 - Account Takeover Unauthenticated Exploit Author: Saud Alenazi Vendor Homepage: https://www.sourcecodester.com/ Software Link: https://www.sourcecodester.com/php/15162/home-owners-collection-management-system-phpoop-free-source-code.htm...
uBidAuction 2.0.1 Cross Site Scripting Vulnerability
Document Title: =============== uBidAuction v2.0.1 - Multiple XSS Web Vulnerabilities Product & Service Introduction: =============================== uBidAuction is a powerful, scalable & fully-featured classic and bid auction software that lets create the ultimate profitable online auctions...