39001 matches found
Ruby On Rails DoubleTap Development Mode secret_key_base Remote Code Execution Exploit
This Metasploit module exploits a vulnerability in Ruby on Rails. In development mode, a Rails application would use its name as the secretkeybase, and can be easily extracted by visiting an invalid resource for a path. As a result, this allows a remote user to create and deliver a signed...
Android 5.0 Battery Information Broadcast Information Disclosure Vulnerability
Android OS version 5.0 suffers from a sensitive data exposure vulnerability in its battery information broadcasts. Android 5.0 Battery Information Broadcast Information Disclosure NOTE: This bug is part of a series of three related Android bugs with the same root cause: CVE-2018-9489, CVE-2018-95...
ABB Cylon Aspect 3.08.00 fileSystemUpdate.php File Upload / Denial Of Service Vulnerabilities
ABB Cylon Aspect version 3.08.00 suffers from a vulnerability in the fileSystemUpdate.php endpoint of the ABB BEMS controller due to improper handling of uploaded files. The endpoint lacks restrictions on file size and type, allowing attackers to upload excessively large or malicious files. This...
vTiger CRM 7.4.0 Cross Site Scripting / Open Redirection Vulnerabilities
CVE-ID:CVE-2024-44778 ------------------------------------------ Suggested description:A reflected cross-site scripting XSS vulnerability in the parent parameter in the index page of vTiger CRM 7.4.0 allows attackers to execute arbitrary code in the context of a user's browser via injecting a...
Genexus Protection Server 9.7.2.10 - (protsrvservice) Unquoted Service Path Vulnerability
Exploit Title: Genexus Protection Server 9.7.2.10 - 'protsrvservice' Unquoted Service Path Service Path Exploit Author : SamAlucard Vendor : Genexus Version : Genexus Protection Server 9.7.2.10 Software Link: https://www.genexus.com/en/developers/downloadcenter?data=;; Vendor Homepage :...
FAQ Management System v1.0 - (faq) SQL Injection Vulnerability
Exploit Title: FAQ Management System v1.0 - 'faq' SQL Injection Application: FAQ Management System Bugs: SQL Injection Exploit Author: SoSPiro Vendor Homepage: https://www.sourcecodester.com/ Software Link:...
OpenEMR v7.0.1 - Authentication credentials brute force Exploit
Exploit Title: OpenEMR v7.0.1 - Authentication credentials brute force Date: 2023-04-28 Exploit Author: abhhi Abhishek Birdawade Vendor Homepage: https://www.open-emr.org/ Software Link: https://github.com/openemr/openemr/archive/refs/tags/v701.tar.gz Version: 7.0.1 Tested on: Windows ''' Example...
PHPIPAM 1.4.4 Cross Site Request Forgery / Cross Site Scripting Vulnerabilities
PHPIPAM - Version 1.4.4 Author: Rodolfo Tavares Tempest Security Intelligence - Recife, Pernambuco - Brazil ===== Table of Contents ================================================== Overview Detailed description Timeline of disclosure Thanks & Acknowledgements References ===== Vulnerability...
TikTok reset account password Exploit
Exploit can reset password and get full control any TikTok account. You can change target mobile phone without any problems, because exploit use bypass 2fa vulnerability...
Sony playmemories home - (PMBDeviceInfoProvider) Unquoted Service Path Vulnerability
Exploit Title: Sony playmemories home - 'PMBDeviceInfoProvider' Unquoted Service Path Exploit Author: Saud Alenazi Vendor Homepage: https://www.sony.com/ Software Link: https://support.d-imaging.sony.co.jp/www/disoft/int/download/playmemories-home/win/en/index.html Version: 6.0 Tested: Windows 10...
Matrimony 1.0 SQL injection Vulnerability
Title: Matrimony 1.0 SQLi Author: nu11secur1ty Vendor: https://www.vetbossel.in/matrimony-project-php/ Software: https://cutt.ly/LOHzKd0, https://www.vetbossel.in/matrimony-project-php/ Reference: https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/vetbossel.in/2022/Matrimony...
WordPress WP User Frontend 3.5.25 Plugin - SQL injection (Authenticated) Exploit
Exploit Title: WordPress Plugin WP User Frontend 3.5.25 - SQLi Authenticated Exploit Author: Ron Jost Hacker5preme Vendor Homepage: https://wedevs.com/ Software Link: https://downloads.wordpress.org/plugin/wp-user-frontend.3.5.25.zip Version: 3.5.25 Tested on: Ubuntu 20.04 CVE: CVE-2021-25076 CWE...
HTTP Commander 3.1.9 - Stored Cross Site Scripting Vulnerability
Exploit Title: HTTP Commander 3.1.9 - Stored Cross Site Scripting XSS Exploit Author: Oscar Sandén Vendor Homepage: https://www.element-it.com Software Link: https://www.element-it.com/downloads.aspx Version: 3.1.9 Tested on: Windows Server 2016 Description There is a stored XSS in the 'Zip...
Microsoft Exchange 2019 - SSRF to Arbitrary File Write (Proxylogon) Exploit
Exploit Title: Microsoft Exchange 2019 - SSRF to Arbitrary File Write Proxylogon Date: 2021-03-10 Exploit Author: testanull Vendor Homepage: https://www.microsoft.com Version: MS Exchange Server 2013, 2016, 2019 CVE: 2021-26855, 2021-27065 import requests from urllib3.exceptions import...
Atlassian Confluence 6.15.1 - Directory Traversal Exploit
Exploit for jsp platform in category web applications Exploit Title: Atlassian Confluence 6.15.1 - Directory Traversal Metasploit Vendor Homepage: https://www.atlassian.com Software Link: https://www.atlassian.com/software/confluence/download-archives Version: 6.15.1 Tested on: Microsoft Windows ...
Google ChromeOS SafeSetID LSM Transitive Trust Exploit
ChromeOS: multiple issues in SafeSetID LSM I decided to take a look at the new SafeSetID LSM that ChromeOS upstreamed and found several issues. Since this LSM is already running on Pixelbook on the stable channel, I'm filing this as a security bug. This LSM restricts the use of CAPSETUID by...
Sahi pro 7.x/8.x - Directory Traversal Vulnerability
Exploit for multiple platform in category web applications Exploit Title: Sahi pro :/s/dyn/Loghighlight?href=../../../../windows/win.ini&n=1selected 0day.today 2019-06-18...
Linux/x86 - INSERTION Encoder / Decoder execve(/bin/sh) Shellcode (88 bytes)
/ ''' ; Date: 07/03/2019 ; Insertion-Encoder.asm ; Author: Daniele Votta ; Description: This program encode shellcode with insertion technique 0xAA. ; Tested on: i686 GNU/Linux ''' !/usr/bin/python Python Insertion Encoder import random Execve /bin/sh 25 bytes shellcode...
Linux - kvm_ioctl_create_device() NULL Pointer Dereference Exploit
Linux - kvmioctlcreatedevice NULL Pointer Dereference Exploit kvmioctlcreatedevice contains the following code: dev = kzallocsizeofdev, GFPKERNEL; if !dev return -ENOMEM; dev-ops = ops; dev-kvm = kvm; mutexlock&kvm-lock; ret = ops-createdev, cd-type; if ret lock; kfreedev; return ret;...
WordPress PeepSo 1.11.2 XSS / SQL Injection Vulnerabilities
Exploit for php platform in category web applications WordPress PeepSo 1.11.2 XSS / SQL Injection Vulnerabilities Author: Socket0x03 Alvaro J. Gene Software Link: https://wordpress.org/plugins/peepso-core/ Plugin: PeepSo Version: 1.11.2 File: Members Parameter: query Language: This application is...
glibc - realpath() Privilege Escalation Exploit
Exploit for linux platform in category local exploits This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "glibc 'realpath' Privilege Escalation", 'Description' = %q This module attempts to gain roo...
Microsoft Internet Explorer 11 #InternetExplorer #IE (#Windows7 x64/x86) - vbscript Code Execution E
Exploit for windows platform in category local exploits Dim lIIl Dim IIIlI6,IllII6 Dim IllI Dim IIllI40 Dim lIlIIl,lIIIll Dim IlII Dim llll,IIIIl Dim llllIl,IlIIII Dim NtContinueAddr,VirtualProtectAddr IlII=195948557...
Apache HTTPD Web Server 2.4.23 Memory Exhaustion Vulnerability
Exploit for linux platform in category remote exploits Apache HTTPD WebServer / httpd.apache.org Server memory can be exhausted and service denied when HTTP/2 is used CVE-2016-8740 The Apache HTTPD web server from 2.4.17-2.4.23 did not apply limitations on request headers correctly when...
AspxCommerce v2.0 - Arbitrary File Upload Vulnerability
The application doesn't sanitize file extension or content in the Logo Editing module. The vulnerability allows a remote attacker to upload files via POST method with multiple extensions and access them remotely. Exploit Title: AspxCommerce v2.0 - Arbitrary File Upload Vulnerability Exploit Autho...
ABB Cylon FLXeon 9.3.4 app.js Insecure CORS Configuration Vulnerability
ABB Cylon FLXeon version 9.3.4 suffers from an insecure CORS configuration. !-- ABB Cylon FLXeon 9.3.4 app.js Insecure CORS Configuration Vendor: ABB Ltd. Product web page: https://www.global.abb Affected version: FLXeon Series FBXi Series, FBTi Series, FBVi Series CBX Series FLX Series CBT Serie...
Plantronics Hub 3.25.1 - Arbitrary File Read Vulnerability
Exploit Title: Plantronics Hub 3.25.1 – Arbitrary File Read Date: 2024-05-10 Exploit Author: Farid Zerrouk from Deloitte Belgium, Alaa Kachouh from Mastercard Vendor Homepage: https://support.hp.com/us-en/document/ish9869257-9869285-16/hpsbpy03895 Version: Plantronics Hub for Windows version 3.25...
Employee Management System 1.0 - (txtfullname) and (txtphone) SQL Injection Vulnerability
Exploit Title: Employee Management System 1.0 - txtfullname and txtphone SQL Injection Exploit Author: Yevhenii Butenko Vendor Homepage: https://www.sourcecodester.com Software Link: https://www.sourcecodester.com/php/16999/employee-management-system.html Version: 1.0 Tested on: Debian CVE :...
Color Prediction Game v1.0 - SQL Injection Vulnerability
Exploit Title: Color Prediction Game v1.0 - SQL Injection Exploit Author: Ahmet Ümit BAYRAM Vendor: https://www.codester.com/items/44411/color-prediction-game-php-script Tested on: Kali Linux & MacOS CVE: N/A Request POST /loginNow.php HTTP/1.1 Host: localhost Cookie:...
PHPJabbers Night Club Booking 1.0 - Reflected XSS Vulnerability
Exploit Title: PHPJabbers Night Club Booking 1.0 - Reflected XSS Exploit Author: CraCkEr Vendor: PHPJabbers Vendor Homepage: https://www.phpjabbers.com/ Software Link: https://www.phpjabbers.com/night-club-booking-software/ Version: 1.0 Tested on: Windows 10 Pro Impact: Manipulate the content of...
SOUND4 LinkAndShare Transmitter 1.1.2 - Format String Stack Buffer Overflow
Exploit Title: SOUND4 LinkAndShare Transmitter 1.1.2 - Format String Stack Buffer Overflow Exploit Author: LiquidWorm Vendor: SOUND4 Ltd. Product web page: https://www.sound4.com | https://www.sound4.biz Affected version: 1.1.2 Summary: The SOUND4 Link&Share L&S is a simple and open protocol that...
Shoplazza 1.1 - Stored Cross-Site Scripting Vulnerability
Exploit Title: Shoplazza 1.1 - Stored Cross-Site Scripting XSS Exploit Author: Andrey Stoykov Software Link: https://github.com/Shoplazza/LifeStyle Version: 1.1 Tested on: Ubuntu 20.04 Stored XSS 1: To reproduce do the following: 1. Login as normal user account 2. Browse "Blog Posts" - "Manage...
WordPress WP Event Manager 3.1.27 Cross Site Scripting Vulnerability
Exploit Title: WordPress Plugin WP Event Manager - Stored Cross Site Scripting Exploit Author: Mariam Tariq - HunterSherlock Vendor Homepage: https://wordpress.org/plugins/wp-event-manager/ Version: 3.1.27 Tested on: Firefox Contact me: email protected Steps To Reproduce : 1 - First Install the...
Craft CMS 3.7.36 Password Reset Poisoning Attack Vulnerability
Craft CMS version 3.7.36 suffers from a password reset poisoning vulnerability. An unauthenticated attacker who knows valid email addresses or account names of Craft CMS backend users is able to manipulate the password reset functionality in a way that the registered users of the CMS receive...
Delta Controls enteliTOUCH 3.40.3935 Cookie User Password Disclosure Vulnerability
Delta Controls enteliTOUCH 3.40.3935 Cookie User Password Disclosure Vendor: Delta Controls Inc. Product web page: https://www.deltacontrols.com Affected version: 3.40.3935 3.40.3706 3.33.4005 Summary: enteliTOUCH - Touchscreen Building Controller. Get instant access to the heart of your BAS. The...
Home Owners Collection Management System 1.0 - (id) Blind SQL Injection Vulnerability
Exploit Title: Home Owners Collection Management System 1.0 - 'id' Blind SQL Injection Exploit Author: Saud Alenazi Vendor Homepage: https://www.sourcecodester.com/ Software Link: https://www.sourcecodester.com/php/15162/home-owners-collection-management-system-phpoop-free-source-code.html Versio...
Vivellio 1.2.1 User Account Enumeration Vulnerability
Vivellio version 1.2.1 suffers from a user account enumeration vulnerability. User account enumeration in password reset function Overview Advisory version: 1.0 Advisory status: Public Advisory URL: https://trovent.io/security-advisory-2108-01 Affected product: Vivellio Android mobile application...
OpenBMCS 2.4 Remote File Inclusion / Server-Side Request Forgery Vulnerabilities
OpenBMCS 2.4 Unauthenticated SSRF / RFI Vendor: OPEN BMCS Product web page: https://www.openbmcs.com Affected version: 2.4 Summary: Building Management & Controls System BMCS. No matter what the size of your business, the OpenBMCS software has the ability to expand to hundreds of controllers. Our...
FreeCommander XE 2020 Pathname Buffer Overflow Exploit
!/usr/bin/python Exploit Title: FreeCommander XE 2020 - Pathname Buffer Overflow SEH Version: Build 810a 32-bit Software Link: https://freecommander.com/downloads/FreeCommanderXE-32-publicsetup.zip Exploit Author: Hodorsec email protected / email protected Vendor Homepage:...
Broadcom Wi-Fi Devices - (KR00K) Information Disclosure Exploit
Kr00ker Experimetal KR00K PoC in python3 using scapy Description: This script is a simple experiment to exploit the KR00K vulnerability CVE-2019-15126, that allows to decrypt some WPA2 CCMP data in vulnerable devices. More specifically this script attempts to retrieve Plaintext Data of WPA2 CCMP...
Linux/x86 - ASCII AND, SUB, PUSH, POPAD Encoder Shellcode
!/usr/bin/env python3 INTRODUCTION Encoder Title: ASCII shellcode encoder via AND, SUB, PUSH, POPAD Date: 26.6.2019 Encoder Author: Petr Javorik, www.mmquant.net Tested on: Linux ubuntu 3.13.0-32-generic, x86 Special thx to: Corelanc0d3r for intro to this technique Description: This encoder is...
Microsoft Windows SetImeInfoEx Win32k NULL Pointer Dereference Exploit
This Metasploit module exploits an elevation of privilege vulnerability that exists in Windows 7 and 2008 R2 when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploits this vulnerability could run arbitrary code in kernel mode. An attacker could th...
Navigate CMS 2.8.5 - Arbitrary File Download Vulnerability
Exploit for php platform in category web applications Exploit Title: Navigate CMS 2.8.5 - Arbitrary File Download Exploit Author: Ihsan Sencan Vendor Homepage: https://www.navigatecms.com/ Software Link: http://master.dl.sourceforge.net/project/navigatecms/releases/navigate-2.8.5r1355.zip Version...
ASUS routers Remote FTP login Authentication Bypass Vulnerability
============ Device Description: ============ Best For: Delivers plenty of speed and coverage, so large groups of users can go online, transfer large files, print, and stream stored media Features: Fast Wireless-N connectivity frees you to do more around your home Easy to set up and use,...
ThinkEdit 1.9.2 (render.php) Remote File Inclusion Vulnerability
Exploit for unknown platform in category web applications ================================================================ ThinkEdit 1.9.2 render.php Remote File Inclusion Vulnerability ================================================================ r0ut3r Presents... Another r0ut3r discovery!...
ACal <= 2.2.6 (day.php) Remote File Inclusion Vulnerability
Exploit for unknown platform in category web applications =========================================================== ACal = 2.2.6 day.php Remote File Inclusion Vulnerability =========================================================== $$ $ Title: ACal 2.2.6 = Remote File Inclusion $ $$ $ URL:...
Fast Click (<= 1.1.3 , <= 2.3.8) (show.php) Remote File Inclusion Exploit
Exploit for unknown platform in category web applications ========================================================================= Fast Click perl fc.pl http://target.com/fclick/ http://target.com/cmd.gif cmd cmd shell example: cmd shell variable: $GETcmd; use LWP::UserAgent; $Path = $ARGV0;...
GFHost PHP GMail Remote Command Execution Exploit
Exploit for unknown platform in category web applications ================================================= GFHost PHP GMail Remote Command Execution Exploit ================================================= GFHost explo Spawn bash style Shell with webserver uid Greetz SPAX, foxtwo, Zone-H This...
Boelter Blue System Management 1.3 - SQL Injection Vulnerability
Exploit Title: SQL Injection Vulnerability in Boelter Blue System Management version 1.3 Google Dork: inurl:"Powered by Boelter Blue" Exploit Author: CBKB DeadlyData, R4d1x Vendor Homepage: https://www.boelterblue.com Software Link:...
Ricoh Printer - Directory and File Exposure Exploit
Exploit Title: Ricoh Printer Directory and File Exposure Exploit Author: Thomas Heverin Heverin Hacker Vendor Homepage: https://www.ricoh.com/products/printers-and-copiers Software Link: https://replit.com/@HeverinHacker/Ricoh-Printer-Directory-and-File-Findermain.py Version: Ricoh Printers - All...
PHPJabbers Service Booking Script 1.0 - Reflected XSS Vulnerability
...