39001 matches found
D2-Shoutbox 4.2 IPB Mod (load) Remote SQL Injection Exploit
Exploit for unknown platform in category web applications =========================================================== D2-Shoutbox 4.2 IPB Mod load Remote SQL Injection Exploit =========================================================== !/usr/bin/perl | | | \ | | |/ D2-Shoutbox 4.2IPB Mod=SQL...
ITA Forum <= 1.49 SQL Injection Exploit
Exploit for unknown platform in category web applications ======================================= ITA Forum = 1.49 SQL Injection Exploit ======================================= !/usr/bin/perl use LWP::UserAgent; ITA Forum 1.49 sql injection exploit with one char bruteforce by 1dt.w0lf // r57...
Open WebUI 0.1.105 Persistent Cross Site Scripting Vulnerability
Title: Open WebUI Stored Cross-Site Scripting Publication URL: https://korelogic.com/Resources/Advisories/KL-001-2024-005.txt 1. Vulnerability Details Affected Vendor: Open WebUI Affected Product: Open WebUI Affected Version: 0.1.105 Platform: Debian 12 CWE Classification: CWE-79: Improper...
Zstore 6.5.4 Cross Site Scripting Vulnerability
Title: zstore-6.5.4 - XSS-Reflected Development: nu11secur1ty Vendor: https://zippy.com.ua/ Software: https://github.com/leon-mbs/zstore/releases/tag/6.5.4 Reproduce: https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/zippy/zstore-6.5.4 Description: The value of manual insertion...
Online Examination System 1.0 Cross Site Scripting Vulnerability
Exploit Title: Online Examination System - Cross site scripting Reflected Exploit Author: yousef alraddadi - https://twitter.com/y0usef11 Vendor Homepage: https://projectworlds.in/free-projects/php-projects/online-examination/ Software Link:...
Hades RAT Web Panel Insecure Credential Storage Vulnerability
Original source: https://malvuln.com/advisory/c4cc1317aea42f7dd4a1b786c5278a24.txt Contact: email protected Media: twitter.com/malvuln Threat: Hades RAT - Web Panel Vulnerability: Insecure Credential Storage Family: Hades Type: WebUI MD5: c4cc1317aea42f7dd4a1b786c5278a24 MD5:...
Dbltek GoIP - Local File Inclusion Vulnerability
Exploit Title: Dbltek GoIP - Local File Inclusion Exploit Author: Valtteri Lehtinen & Lassi Korhonen Vendor Homepage: http://en.dbltek.com/index.html Software Link: - Version: GHSFVT-1.1-67-5 firmware version Tested on: Target is an IoT device Exploit summary Dbltek GoIP-1 is a VoIP-GSM gateway...
Budget and Expense Tracker System 1.0 - Remote Code Execution (Unauthenticated) Exploit
Exploit Title: Budget and Expense Tracker System 1.0 - Remote Code Execution RCE Unauthenticated Exploit Author: Abdullah Khawaja hax.3xploit Vendor Homepage: https://www.sourcecodester.com/php/14893/budget-and-expense-tracker-system-php-free-source-code.html Software Link:...
Yenkee Hornet Gaming Mouse - (GM312Fltr.sys) Denial Of Service Exploit
Exploit Title: Yenkee Hornet Gaming Mouse - 'GM312Fltr.sys' Denial-Of-Service PoC Exploit Author: Quadron Research Lab Version: all version Tested on: Windows 10 x64 HUN/ENG Professional Vendor: https://www.yenkee.eu/gaming-mouse-hornet-aim/yms-3029 Reference:...
Port Forwarding Wizard 4.8.0 - Buffer Overflow (SEH) Exploit
Exploit Title: Port Forwarding Wizard 4.8.0 - Buffer Overflow SEH Exploit Author: Sarang Tumne Confirmed on release 4.8.0 and 4.5.0 Vendor: http://www.port-forwarding.net/ Tested on OS- Windows Vista Buffer overflow in upRedSun Port Forwarding Wizard 4.8.0 and earlier version allows local attacke...
WordPress PHPMailer Host Header Command Injection Exploit
This Metasploit module exploits a command injection vulnerability in WordPress version 4.6 with Exim as an MTA via a spoofed Host header to PHPMailer, a mail-sending library that is bundled with WordPress. A valid WordPress username is required to exploit the vulnerability. Additionally, due to t...
PHP openssl_x509_parse() Memory Corruption Vulnerability
The PHP function opensslx509parse uses a helper function called asn1timetotimet to convert timestamps from ASN1 string format into integer timestamp values. The parser within this helper function is not binary safe and can therefore be tricked to write up to five NUL bytes outside of an allocated...
Joomla VideoWhisper 2 Way Video Chat XSS Vulnerability
Exploit for php platform in category web applications ====================================================== Joomla VideoWhisper 2 Way Video Chat XSS Vulnerability ====================================================== 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1...
CmsMadeSimple v2.2.17 - session hijacking via Server-Side Template Injection Vulnerability
Exploit Title: CmsMadeSimple v2.2.17 - session hijacking via Server-Side Template Injection SSTI Application: CmsMadeSimple Version: v2.2.17 Bugs: SSTI Technology: PHP Vendor URL: https://www.cmsmadesimple.org/ Software Link: https://www.cmsmadesimple.org/downloads/cmsms Date of found: 13-07-2023...
Screen SFT DAB 600/C - Authentication Bypass Password Change Exploit
!/usr/bin/env python3 Exploit Title: Screen SFT DAB 600/C - Authentication Bypass Password Change Exploit Author: LiquidWorm Vendor: DB Elettronica Telecomunicazioni SpA Product web page: https://www.screen.it | https://www.dbbroadcast.com...
Stackposts Social Marketing Tool v1.0 - SQL Injection Vulnerability
Exploit Title: Stackposts Social Marketing Tool v1.0 - SQL Injection Exploit Author: Ahmet Ümit BAYRAM Vendor: https://codecanyon.net/item/stackposts-social-marketing-tool/21747459 Demo Site: https://demo.stackposts.com Tested on: Kali Linux CVE: N/A Request POST /spmo/auth/login HTTP/1.1...
Lavalite 9.0.0 XSRF TOKEN cookie File path traversal Vulnerability
Title: Lavalite-9.0.0 XSRF-TOKEN cookie File path traversal Author: nu11secur1ty Vendor: https://lavalite.org/ Software: https://github.com/LavaLite/cms/releases/tag/v9.0.0 Reference: https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/LavaLite Description: The XSRF-TOKEN cookie is...
Transposh WordPress Translation 1.0.8.1 Improper Authorization Vulnerability
Transposh WordPress Translation versions 1.0.8.1 and below do not properly enforce authorization on functionalities available on the plugin's "Utilities" page leading to unauthorized access for all user roles, including "Subscriber". 1. ADVISORY INFORMATION ======================= Product:...
Loan Management System 1.0 SQL Injection Vulnerability
Exploit Title: Loan Management System - SQL Injection via login page Exploit Author: saitamang Vendor Homepage: sourcecodester Software Link: https://www.sourcecodester.com/sites/default/files/download/razormist/LMS.zip Version: 1.0 Tested on: Centos 7 apache2 + MySQL The attack vector for the SQ...
Loan Management System 1.0 Cross Site Scripting Vulnerability
Exploit Title: Loan Management System - XSS Stored Exploit Author: saitamang Vendor Homepage: sourcecodester Software Link: https://www.sourcecodester.com/sites/default/files/download/razormist/LMS.zip Version: 1.0 Tested on: Centos 7 apache2 + MySQL There are several functions and parameter...
One Church Management System 1.0 SQL Injection Vulnerability
Exploit Title: One Church Management System 1.0 - attendancy.php search2 SQL Injection Exploit Author: Mr Empy Software Link: https://www.sourcecodester.com/php/15225/church-management-software-free-download-full-version.html Version: 1.0 Tested on: Linux Title: ================ One Church...
Royale Event Management System 1.0 Privilege Escalation Vulnerability
Royale Event Management System version 1.0 suffers from a privilege escalation vulnerability by allowing an attacker to register an account as an administrator. Exploit Title: Royale Event Management System 1.0 - Authentication Bypass Date: 25/03/2022 Exploit Author: Mr Empy Software Link:...
Cab Management System 1.0 - Remote Code Execution (Authenticated) Vulnerability
Exploit Title: Cab Management System 1.0 - Remote Code Execution RCE Authenticated Exploit Author: Alperen Ergel Contact: @alpernae IG/TW Software Homepage: https://www.sourcecodester.com/php/15180/cab-management-system-phpoop-free-source-code.html Version : 1.0 Tested on: windows 10 xammp | Kali...
WordPress Post Grid 2.1.1 Plugin - Cross Site Scripting Vulnerability
Exploit Title: WordPress Plugin Post Grid 2.1.1 - Cross Site Scripting XSS Author: 0xB9 Software Link: https://wordpress.org/plugins/post-grid/ Version: 2.1.1 Tested on: Windows 10 CVE: CVE-2021-24488 1. Description: This plugin creates a post grid from any post types. The slider import search...
WordPress Advanced Order Export For WooCommerce 3.1.7 Plugin - Reflected XSS Vulnerability
Exploit Title: WordPress Plugin Advanced Order Export For WooCommerce 3.1.7 - Reflected Cross-Site Scripting XSS Author: 0xB9 Software Link: https://wordpress.org/plugins/woo-order-export-lite/ Version: 3.1.7 Tested on: Windows 10 CVE: CVE-2021-24169 1. Description: This plugin helps you to easil...
iOS / macOS - Out-of-Bounds Timestamp Write in IOAccelCommandQueue2::processSegmentKernelCommand()
While investigating possible shared memory issues in AGXCommandQueue::processSegmentKernelCommand, I noticed that the size checks used to parse the IOAccelKernelCommand in IOAccelCommandQueue2::processSegmentKernelCommand are incorrect. The IOAccelKernelCommand contains an 8-byte header consistin...
HP Data Protector A.09.00 - Encrypted Communications Arbitrary Command Execution (Metasploit)
Exploit for windows platform in category remote exploits Exploit Title: Data Protector Encrypted Communications Date: 26-05-2016 Exploit Author: Ian Lovering Vendor Homepage: http://www8.hp.com/uk/en/software-solutions/data-protector-backup-recovery-software/ Version: A.09.00 and earlier Tested o...
Huawei 3G Routers Multiple Vulnerabilities
Huawei 3G routers suffer from authentication bypass, cross site request forgery, denial of service, and various other vulnerabilities. Advisory Information Title: Huawei 3G routers vulnerable to multiple threats Advisory URL: https://pierrekim.github.io/advisories/2015-huawei-0x00.txt Blog URL:...
Flowmon Unauthenticated Command Injection Exploit
This Metasploit module exploits an unauthenticated command injection vulnerability in Progress Flowmon versions before v12.03.02. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Flowmon...
FoF Pretty Mail 1.1.2 Command Injection Vulnerability
Exploit Title: FoF Pretty Mail 1.1.2 Extension for Flarum Command Injection Exploit Author: Chokri Hammedi Vendor Homepage: https://flarum.org/ Software Link: https://github.com/FriendsOfFlarum/pretty-mail Version: 1.1.2 Tested on: Windows XP CVE: N/A Description: The FoF Pretty Mail extension fo...
Screen SFT DAB 600/C - Authentication Bypass Reset Board Config Exploit
!/usr/bin/env python3 Exploit Title: Screen SFT DAB 600/C - Authentication Bypass Reset Board Config Exploit Author: LiquidWorm Vendor: DB Elettronica Telecomunicazioni SpA Product web page: https://www.screen.it | https://www.dbbroadcast.com...
Employee Performance Evaluation System v1.0 - File Inclusion / Remote Code Execution Exploit
Exploit Title: Employee Performance Evaluation System v1.0 - File Inclusion and RCE Exploit Author: nu11secur1ty Vendor: https://www.sourcecodester.com/user/257130/activity Software: https://www.sourcecodester.com/php/14617/employee-performance-evaluation-system-phpmysqli-source-code.html...
phpIPAM 1.4.5 - Remote Code Execution (Authenticated) Exploit
Exploit Title: phpIPAM 1.4.5 - Remote Code Execution RCE Authenticated Exploit Author: Guilherme '@behiNdyk1' Alves Vendor Homepage: https://phpipam.net/ Software Link: https://github.com/phpipam/phpipam/releases/tag/v1.4.5 Version: 1.4.5 Tested on: Linux Ubuntu 20.04.3 LTS !/usr/bin/env python3...
EG Free AntiVirus 2020 Privilege Escalation / Unquoted Service Path Vulnerabilities
Exploit Title: EG Free AntiVirus v2020 - Unquoted Service Path Local Privilege Escalation Exploit Author: Shahrukh Iqbal Mirza @shahrukhiqbal24 Vendor Homepage: http://www.egsoftweb.in/index.aspx Software Link: http://www.egsoftweb.in/OurProductReadmore.aspx?id=6 Version: 2020 Tested: Windows 10...
Royale Event Management System 1.0 Cross Site Scripting Vulnerability
Exploit Title: Royale Event Management System 1.0 - Cross-site Scripting Stored unauthenticated Exploit Author: Mr Empy Software Link: https://www.sourcecodester.com/php/15225/church-management-software-free-download-full-version.html Version: 1.0 Tested on: Linux Title: ================ Royale...
Library Management System 1.0 - Blind Time-Based SQL Injection (Unauthenticated) Exploit
Exploit Title: Library Management System 1.0 - Blind Time-Based SQL Injection Unauthenticated Exploit Author: Bobby Cooke @0xBoku & Adeeb Shah @hyd3sec Vendor Homepage: https://www.sourcecodester.com/php/12469/library-management-system-using-php-mysql.html Software Link:...
QCubed 3.1.1 PHP Object Injection Vulnerability
QCubed PHP Object Injection =========================== | Target: | QCubed Framework | | Vendor: | QCubed | | Version: | all versions including 3.1.1 | | CVE: | CVE-2020-24914 | | Accessibility: | Remote | | Severity: | Critical | | Author: | Wolfgang Hotwagner AIT Austrian Institute of Technolog...
Savsoft Quiz 5 - Stored Cross-Site Scripting Vulnerability
Exploit for php platform in category web applications Exploit Title: Savsoft Quiz 5 - Stored Cross-Site Scripting Exploit Author: Mayur Parmarth3cyb3rc0p Vendor Homepage: https://savsoftquiz.com/ Software Link: https://github.com/savsofts/savsoftquizv5.git Version: 5.0 Tested on: Windows 10...
Online Birth Certificate System 1.0 SQL Injection / Code Execution Exploit
Exploit for php platform in category web applications Exploit Title: Online Birth Certificate System - RCE Through SQLi Date: 2020-07-08 Exploit Author: gh1mau Team Members: Capt'N,muzzo,chaos689 | https://h0fclanmalaysia.wordpress.com/ Vendor Homepage:...
Bolt CMS 3.7.0 XSS / CSRF / Shell Upload Vulnerabilities
Bolt CMS versions 3.7.0 and below suffer from cross site request forgery, cross site scripting, and remote shell upload vulnerabilities that when combined can achieve remote code execution in one click. Bolt CMS = 3.7.0 Multiple Vulnerabilities Author - Sivanesh Ashok | @sivaneshashok | stazot.co...
Nexus Repository Manager 3.21.1-01 Remote Code Execution Exploit
This Metasploit module exploits a Java Expression Language EL injection in Nexus Repository Manager versions up to and including 3.21.1 to execute code as the Nexus user. Tested against 3.21.1-01. This module requires Metasploit: https://metasploit.com/download Current source:...
WordPress StatTraq 1.3.0 SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title : WordPress StatTraq 1.3.0 SQL Injection Author Discovered By : KingSkrupellos Team : Cyberizm Digital Security Army Software Download Link : downloads.wordpress.org/plugin/wp-stattraq.zip Software Version : 1.3.0 WordPress Versi...
Google Chrome 72 / 73 Array.map Corruption Exploit
This Metasploit module exploits an issue in Chrome version 73.0.3683.86 64 bit. The exploit corrupts the length of a float in order to modify the backing store of a typed array. The typed array can then be used to read and write arbitrary memory. The exploit then uses WebAssembly in order to...
OpenSMTPD - MAIL FROM Remote Code Execution Exploit
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'OpenSMTPD MAIL FROM Remote Code Execution', 'Description' = %q This module exploits a command injection in the MAIL FROM field during SMTP...
ACTi ACD-2100 Video Encoder Remote Command Execution Exploit
Exploit for hardware platform in category web applications !/usr/bin/perl ACTi ACD-2100 Video Encoder Remote Command Execution Exploit Copyright 2019 c Todor Donev Firmware Version = A1D-220-V3.08.08-AC Production ID = ACD2100-08E-X-00498 Factory Default Type = NTSC, Composite, Two Ways Audio 0x7...
macOS < 10.14.5 / iOS < 12.3 XNU - Wild-read due to bad cast in stf_ioctl Exploit
macOS ifaaddr-safamily != AFINET6 // - crash here IFAUNLOCKifa; error = EAFNOSUPPORT; break; Note that IFALOCK is called on user-provided data; it appears that there is an opportunity for memory corruption a controlled write when using indirect mutexes via LCKMTXTAGINDIRECT see lckmtxlockslow...
Netscape Enterprise 3.63 Cross Site Scripting Vulnerability
Exploit for multiple platform in category web applications alert"XSS" The server response: Request URL: http://X.X.X.X/servlet/SnoopServlet Request information: Request method: GET Request URI: /servlet/SnoopServlet Request protocol: HTTP/1.1 Servlet path: /servlet/SnoopServlet Path info: Path...
Foxit PDF Reader 9.0.1.1049 Pointer Overwrite Use-After-Free Exploit
Foxit PDF Reader version 9.0.1.1049 has a use-after-free vulnerability in the Text Annotations component and the TypedArray's use uninitialized pointers. The vulnerabilities can be combined to leak a vtable memory address, which can be adjusted to point to the base address of the executable. A RO...
PlaySMS 1.4 - sendfromfile.php?Filename Authenticated Code Execution Exploit
This Metasploit module exploits a code injection vulnerability within an authenticated file upload feature in PlaySMS version 1.4. This issue is caused by improper file name handling in sendfromfile.php file. Authenticated Users can upload a file and rename the file with a malicious payload. This...
Linksys WVBR0-25 User-Agent Command Execution Exploit
The Linksys WVBR0-25 Wireless Video Bridge, used by DirecTV to connect wireless Genie cable boxes to the Genie DVR, is vulnerable to OS command injection in versions prior to 1.0.41 of the web management portal via the User-Agent header. Authentication is not required to exploit this vulnerabilit...