39001 matches found
Microsoft Windows Shell SMB LNK Code Execution Exploit
This Metasploit module exploits a vulnerability in the MS10-046 patch to abuse again the handling of Windows Shortcut files .LNK that contain an icon resource pointing to a malicious DLL. This creates an SMB resource to provide the payload and the trigger, and generates a LNK file which must be...
Oracle Java jp2launcher.exe Privilege Escalation Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of path...
WP-Forum <= 2.3 SQL Injection & Blind SQL Injection vulnerabilities
Exploit for unknown platform in category web applications =================================================================== WP-Forum = 5.0 III. DESCRIPTION ------------------------- WP-Forum fails to sanitized user supplied input and is vulnerable to SQL Injection and Blind SQL Injection. An...
dhtmlxFileExplorer 8.4.6 Local File Inclusion / Traversal Vulnerabilities
Exploit Title: dhtmlxFileExplorer 8.4.6 - Local File Inclusion in the Download Function of File Explorer Exploit Author: Nutchaya Augkanavitayakul, Nattachai Wanmak, Pongtorn Angsuchotmetee Vendor Homepage: https://dhtmlx.com Software Link: https://dhtmlx.com Version: 8.4.6 Tested on: macOS CVE :...
ABB Cylon Aspect 4.00.00 factorySetSerialNum.php Remote Code Execution Vulnerability
ABB Cylon Aspect version 4.00.00 suffers from an unauthenticated blind command injection vulnerability. Input passed to the serial and ManufactureDate POST parameters is not properly sanitized, allowing attackers to execute arbitrary shell commands on the system. While factory test scripts includ...
Asterisk AMI Originate Authenticated Remote Code Execution Exploit
On Asterisk, prior to versions 18.24.2, 20.9.2, and 21.4.2 and certified-asterisk versions 18.9-cert11 and 20.7-cert2, an AMI user with write=originate may change all configuration files in the /etc/asterisk/ directory. Writing a new extension can be created which performs a system command to...
dizqueTV 1.5.3 - Remote Code Execution Vulnerability
Exploit Title: dizqueTV 1.5.3 - Remote Code Execution RCE Date: 9/21/2024 Exploit Author: Ahmed Said Saud Al-Busaidi Vendor Homepage: https://github.com/vexorian/dizquetv Version: 1.5.3 Tested on: linux POC: Vulnerability Description dizqueTV 1.5.3 is vulnerable to unauthorized remote code...
AEGON LIFE v1.0 Life Insurance Management System - SQL injection Vulnerability
Exploit Title: Life Insurance Management System- SQL injection vulnerability. Exploit Author: Aslam Anwar Mahimkar Category: Web application Vendor Homepage: https://projectworlds.in/ Software Link: https://projectworlds.in/life-insurance-management-system-in-php/ Version: AEGON LIFE v1.0 Tested...
Xlight FTP Server 3.9.3.6 - Stack Buffer Overflow Exploit
Exploit Title: Xlight FTP Server 3.9.3.6 - 'Stack Buffer Overflow' DOS Discovered by: Yehia Elghaly Vendor Homepage: https://www.xlightftpd.com/ Software Link : https://www.xlightftpd.com/download/setup.exe Tested Version: 3.9.3.6 Vulnerability Type: Buffer Overflow Local Tested on OS: Windows XP...
Zomplog 3.9 - Remote Code Execution Exploit
Exploit Title: zomplog 3.9 - Remote Code Execution RCE Application: zomplog Version: v3.9 Bugs: RCE Technology: PHP Vendor URL: http://zomp.nl/zomplog/ Software Link: http://zomp.nl/zomplog/downloads/zomplog/zomplog3.9.zip Date of found: 22.07.2023 Author: Mirabbas Ağalarov Tested on: Linux impor...
PodcastGenerator 3.2.9 - Blind SSRF via XML Injection Vulnerability
Exploit Title: PodcastGenerator 3.2.9 - Blind SSRF via XML Injection Application: PodcastGenerator Version: v3.2.9 Bugs: Blind SSRF via XML Injection Technology: PHP Vendor URL: https://podcastgenerator.net/ Software Link: https://github.com/PodcastGenerator/PodcastGenerator Date of found:...
TinyWebGallery v2.5 - Stored Cross-Site Scripting Vulnerability
Exploit Title: TinyWebGallery v2.5 - Stored Cross-Site Scripting XSS Application: TinyWebGallery Version: v2.5 Bugs: Stored Xss Technology: PHP Vendor URL: http://www.tinywebgallery.com/ Software Link: https://www.tinywebgallery.com/download.php?tinywebgallery=latest Date of found: 07-05-2023...
FortiRecorder 6.4.3 - Denial of Service Exploit
Exploit Title: FortiRecorder 6.4.3 - Denial of Service Exploit Author: Mohammed Adel Vendor Homepage: https://www.fortinet.com/ Software Link: https://www.fortinet.com/products/network-based-video-security/forticam-fortirecorder Version: 6.4.3 and below && 6.0.11 to 6.0.0 Tested on: Kali Linux CV...
HD-Network Real-time Monitoring System 2.0 - Local File Inclusion Vulnerability
Exploit Title: HD-Network Real-time Monitoring System 2.0 - Local File Inclusion LFI Google Dork: intitle:"HD-Network Real-time Monitoring System V2.0" Exploit Author: Momen Eldawakhly Cyber Guy Vendor Homepage: N/A Version: V2.0 Tested on: Nginx NVRDVRIPC Web Server Proof of Concept: GET...
FatPipe Networks WARP/IPVPN/MPVPN 10.2.2 - Remote Privilege Escalation Exploit
Exploit Title: FatPipe Networks WARP/IPVPN/MPVPN 10.2.2 - Remote Privilege Escalation Date: 25.07.2021 Exploit Author: LiquidWorm Vendor Homepage: https://www.fatpipeinc.com !/usr/bin/env python3 FatPipe Networks WARP/IPVPN/MPVPN 10.2.2 Remote Privilege Escalation Vendor: FatPipe Networks Inc...
Redragon Gaming Mouse - (REDRAGON_MOUSE.sys) Denial Of Service Exploit
Exploit Title: Redragon Gaming Mouse - 'REDRAGONMOUSE.sys' Denial-Of-Service PoC Exploit Author: Quadron Research Lab Version: all version Tested on: Windows 10 x64 HUN/ENG Professional Vendor: https://www.redragonzone.com/pages/download Reference:...
ECOA Building Automation System Remote Privilege Escalation Vulnerability
ECOA Building Automation System Remote Privilege Escalation Vendor: ECOA Technologies Corp. Product web page: http://www.ecoa.com.tw Affected version: ECOA ECS Router Controller - ECS FLASH ECOA RiskBuster Terminator - E6L45 ECOA RiskBuster System - RB 3.0.0 ECOA RiskBuster System - TRANE 1.0 ECO...
Online Shopping Portal 3.1 SQL Injection Vulnerability
Proof of concept code for a time-based blind remote SQL injection vulnerability in Online Shopping Portal version 3.1. This is a variant of the original discovery of SQL injection in this version by Umit Yalcin in July of 2020. Exploit Title: Online Shopping Portal - time-based blind SQL Injectio...
Sudo 1.9.5p1 - (Baron Samedit) Heap-Based Buffer Overflow Privilege Escalation Exploit (2)
Sudo versions prior to 1.9.5p2 suffer from buffer overflow and privilege escalation vulnerabilities. Exploit Title: Sudo 1.9.5p1 - 'Baron Samedit ' Heap-Based Buffer Overflow Privilege Escalation 2 Authors and Contributors: cts, help from r4j, debug by nu11secur1ty Vendor: https://www.sudo.ws/...
Online Shopping Alphaware 1.0 Cross Site Request Forgery Vulnerability
Exploit for php platform in category web applications Exploit Title: Online Shopping Alphaware 1.0 - Cross-Site Request Forgery Account Takeover Exploit Author: Edo Maland Vendor Homepage: https://www.sourcecodester.com/php/14368/online-shopping-alphaware-phpmysql.html Software Link:...
Online Shopping Alphaware 1.0 Insecure Direct Object Reference Vulnerability
Exploit for php platform in category web applications Exploit Title: Online Shopping Alphaware 1.0 - 'Summary' Insecure Direct Object Reference Authenticated Exploit Author: Edo Maland Vendor Homepage: https://www.sourcecodester.com/php/14368/online-shopping-alphaware-phpmysql.html Software Link:...
Online Student Enrollment System 1.0 - Unauthenticated Arbitrary File Upload Vulnerability
Exploit for php platform in category web applications Exploit Title: Online Student Enrollment System 1.0 - Unauthenticated Arbitrary File Upload Exploit Author: BKpatron Vendor Homepage: https://www.campcodes.com/projects/php/4745/online-student-enrollment-system-in-php-mysqli/ Software Link:...
Symantec Web Gateway 5.0.2.8 Remote Code Execution Exploit
Exploit for windows platform in category web applications Title: Postauth RCE in Symantec Web Gateway 5.0.2.8 Vendor: www.symantec.com Vulnerable software: www.symantec.com Repo: https://github.com/c610/free/ POST /spywall/timeConfig.php HTTP/1.1 Host: 192.168.216.133 User-Agent: Mozilla/5.0...
D-Link DWL-2600 Authenticated Remote Command Injection Exploit
This Metasploit module exploits some DLINK Access Points that are vulnerable to an authenticated OS command injection. Default credentials for the web interface are admin/admin. This module requires Metasploit: https://metasploit.com/download Current source:...
Common Desktop Environment 2.3.1 Buffer Overflow Exploit
A buffer overflow in the CheckMonitor function in the Common Desktop Environment 2.3.1 and earlier and 1.6 and earlier, as distributed with Oracle Solaris 10 1/13 Update 11 and earlier, allows local users to gain root privileges via a long palette name passed to dtsession in a malicious .Xdefault...
HomeAutomation 3.3.2 - Authentication Bypass Vulnerability
Exploit for php platform in category web applications Exploit: HomeAutomation 3.3.2 - Authentication Bypass Author: LiquidWorm Vendor: Tom Rosenback and Daniel Malmgren Product web page: http://karpero.mine.nu/ha/ Affected version: 3.3.2 Tested on: Apache/2.4.41 centos OpenSSL/1.0.2k-fips Advisor...
HomeAutomation 3.3.2 - Remote Code Execution Vulnerability
Exploit for php platform in category web applications Exploit: HomeAutomation 3.3.2 - Remote Code Execution Author: LiquidWorm Vendor: Tom Rosenback and Daniel Malmgren Product web page: http://karpero.mine.nu/ha/ Affected version: 3.3.2 Tested on: Apache/2.4.41 centos OpenSSL/1.0.2k-fips Advisor...
Linux - Use-After-Free via race Between modify_ldt() and #BR Exception Exploit
/ When a BR exception is raised because of an MPX bounds violation, Linux parses the faulting instruction and computes the linear address of its memory operand. If the userspace instruction is in 32-bit code, this involves looking up the correct segment descriptor and adding the segment offset to...
XNU POSIX Shared Memory Mapping Issue Exploit
Exploit for multiple platform in category local exploits XNU: POSIX shared memory mappings have incorrect maximum protection CVE-2018-4435 When the mmap syscall is invoked on a POSIX shared memory segment DTYPEPSXSHM, pshmmmap maps the shared memory segment's pages into the address space of the...
ServerZilla 1.0 - email SQL Injection Vulnerability
Exploit for php platform in category web applications...
QBee Camera / iSmartAlarm Credential Disclosure Vulnerability
Cleartext storage of credentials in the iSmartAlermData.xml configuration file in the iSmartAlarm application through 2.0.8 for Android allows an attacker to retrieve the username and password. Insecure cryptographic storage of credentials in com.vestiacom.qbeecamerapreferences.xml in the QBee Ca...
Adobe Enterprise Manager (AEM) 6.3 - Remote Code Execution Exploit
Exploit for jsp platform in category web applications Exploit Title: Adobe Experience Manager AEM 6.3 default credentials leads to RCE Exploit Author: StaticFlow Vendor Homepage: https://www.adobe.com/in/marketing-cloud/experience-manager.html Version: 6.3 import requests import sys baseUrl =...
XMPP Clients User Impersonation Vulnerability
Exploit for multiple platform in category local exploits Multiple XMPP Clients User Impersonation Vulnerability Summary ------- An incorrect implementation of XEP-0280: Message Carbons0 in multiple XMPP clients allows a remote attacker to impersonate any user, including contacts, in the vulnerabl...
KindEditor (v.3.x->4.1.5) <= Multiple File/Shell Upload Vulnerability
This bug in KindEditor you can upload remote files .txt .html ...etc with multiple JSON upload langs type PHP / ASP / JSP / ASP.NET this bug found in old versions by some author , but is still work is latest version . - Latest V. is 4.1.5 , Released on Jan 19, 2013...
phpRaid < 3.0.7 (rss.php phpraid_dir) Remote File Inclusion Exploit
Exploit for unknown platform in category web applications =================================================================== phpRaid cmd shell example: Exploit : http://www.example.com/phpRaidpath/rss.php?phpraiddir=Evil-script? use LWP::UserAgent; $Path = $ARGV0; $Pathtocmd = $ARGV1; $cmdv =...
ABB Cylon Aspect 3.08.01 jsonProxy.php Username Enumeration Vulnerability
ABB Cylon Aspect version 3.08.01 is vulnerable to username enumeration in the jsonProxy.php endpoint. An unauthenticated attacker can interact with the UserManager servlet to enumerate valid usernames on the system. Since jsonProxy.php proxies requests to internal services without requiring...
Employee Management System 1.0 - (txtusername) and (txtpassword) SQL Injection Vulnerability
Exploit Title: Employee Management System 1.0 - txtusername and txtpassword SQL Injection Admin Login Exploit Author: Yevhenii Butenko Vendor Homepage: https://www.sourcecodester.com Software Link: https://www.sourcecodester.com/php/16999/employee-management-system.html Version: 1.0 Tested on:...
Yank Note v3.52.1 (Electron) - Arbitrary Code Execution Vulnerability
Exploit Title: Yank Note v3.52.1 Electron - Arbitrary Code Execution Exploit Author: 8bitsec CVE: CVE-2023-31874 Vendor Homepage: yank-note.com Software Link: https://github.com/purocean/yn Version: 3.52.1 Tested on: Ubuntu 22.04 | Mac OS 13 Release Date: 2023-04-27 Product & Service Introduction...
Screen SFT DAB 600/C - Authentication Bypass Erase Account Exploit
!/usr/bin/env python3 Exploit Title: Screen SFT DAB 600/C - Authentication Bypass Erase Account Exploit Author: LiquidWorm Vendor: DB Elettronica Telecomunicazioni SpA Product web page: https://www.screen.it | https://www.dbbroadcast.com...
Screen SFT DAB 600/C - Authentication Bypass Account Creation Exploit
!/usr/bin/env python3 Exploit Title: Screen SFT DAB 600/C - Authentication Bypass Account Creation Exploit Author: LiquidWorm Vendor: DB Elettronica Telecomunicazioni SpA Product web page: https://www.screen.it | https://www.dbbroadcast.com...
X2CRM v6.6/6.9 - Reflected Cross-Site Scripting (Authenticated) Vulnerability
Exploit Title: X2CRM v6.6/6.9 - Reflected Cross-Site Scripting XSS Authenticated Exploit Author: Betul Denizler Vendor Homepage: https://x2crm.com/ Software Link: https://sourceforge.net/projects/x2engine/ Version: X2CRM v6.6/6.9 Tested on: Ubuntu Mate 20.04 Vulnerable Parameter: model CVE: Use...
Stonesoft VPN Client 6.2.0 / 6.8.0 - Local Privilege Escalation Exploit
Exploit Title: Stonesoft VPN Client 6.2.0 / 6.8.0 - Local Privilege Escalation Exploit Author : TOUHAMI KASBAOUI Vendor Homepage : https://www.forcepoint.com/ Software: Stonesoft VPN Windows Version : 6.2.0 / 6.8.0 Tested on : Windows 10 CVE : N/A Description local privilege escalation vertical...
ECOA Building Automation System Hardcoded SSH Credentials Vulnerability
ECOA building automation systems have hardcoded SSH credentials. Many versions are affected. ECOA Building Automation System Hard-coded Credentials SSH Access Vendor: ECOA Technologies Corp. Product web page: http://www.ecoa.com.tw Affected version: ECOA ECS Router Controller - ECS FLASH ECOA...
ECOA Building Automation System Weak Default Credentials Vulnerability
ECOA Building Automation System Weak Default Credentials Vendor: ECOA Technologies Corp. Product web page: http://www.ecoa.com.tw Affected version: ECOA ECS Router Controller - ECS FLASH ECOA RiskBuster Terminator - E6L45 ECOA RiskBuster System - RB 3.0.0 ECOA RiskBuster System - TRANE 1.0 ECOA...
WordPress Mail Masta 1.0 Plugin - Local File Inclusion Exploit (2)
Exploit Title: WordPress Plugin Mail Masta 1.0 - Local File Inclusion 2 Exploit Author: Matheus Alexandre Xcatolin Software Link: https://downloads.wordpress.org/plugin/mail-masta.zip Version: 1.0 WordPress Plugin Mail Masta is prone to a local file inclusion vulnerability because it fails to...
Microsoft Exchange 2019 - Unauthenticated Email Download Exploit
Exploit Title: Microsoft Exchange 2019 - Unauthenticated Email Download Metasploit Exploit Author: RAMELLA Sébastien Vendor Homepage: https://microsoft.com Version: This vulnerability affects Exchange 2013 Versions 'Microsoft Exchange ProxyLogon Collector', 'Description' = %q This module scan for...
OCS Inventory NG 2.7 - Remote Code Execution Exploit
Exploit for multiple platform in category web applications Exploit Title: OCS Inventory NG 2.7 - Remote Code Execution Exploit Author: Askar @mohammadaskar2 CVE: CVE-2020-14947 Vendor Homepage: https://ocsinventory-ng.org/ Version: v2.7 Tested on: Ubuntu 18.04 / PHP 7.2.24 !/usr/bin/python3 impor...
Netlink GPON Router 1.0.11 - Remote Code Execution Exploit
Exploit for hardware platform in category web applications Exploit Title: Netlink GPON Router 1.0.11 - Remote Code Execution Exploit Author: shellord Vendor Homepage: https://www.netlink-india.com/ Version: 1.0.11 Tested on: Windows 10 CVE: N/A Exploit : curl -L -d "targetaddr=;ls...
Android - Directory Traversal over USB via Injection in blkid Output Exploit
Exploit for Android platform in category local exploits When a USB mass storage device is inserted into an Android phone even if the phone is locked!, vold will attempt to automatically mount partitions from the inserted device. For this purpose, vold has to identify the partitions on the connect...
GoAhead httpd 2.5 < 3.6.5 - LD_PRELOAD Remote Code Execution Exploit
Exploit for linux platform in category remote exploits !/usr/bin/python GoAhead httpd/2.5 to 3.6.5 LDPRELOAD remote code execution exploit EDB Note: Payloads https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/bin-sploits/43360.zip EDB Note: Source...