39001 matches found
Screen SFT DAB 600/C - Authentication Bypass Erase Account Exploit
!/usr/bin/env python3 Exploit Title: Screen SFT DAB 600/C - Authentication Bypass Erase Account Exploit Author: LiquidWorm Vendor: DB Elettronica Telecomunicazioni SpA Product web page: https://www.screen.it | https://www.dbbroadcast.com...
Yank Note v3.52.1 (Electron) - Arbitrary Code Execution Vulnerability
Exploit Title: Yank Note v3.52.1 Electron - Arbitrary Code Execution Exploit Author: 8bitsec CVE: CVE-2023-31874 Vendor Homepage: yank-note.com Software Link: https://github.com/purocean/yn Version: 3.52.1 Tested on: Ubuntu 22.04 | Mac OS 13 Release Date: 2023-04-27 Product & Service Introduction...
X2CRM v6.6/6.9 - Reflected Cross-Site Scripting (Authenticated) Vulnerability
Exploit Title: X2CRM v6.6/6.9 - Reflected Cross-Site Scripting XSS Authenticated Exploit Author: Betul Denizler Vendor Homepage: https://x2crm.com/ Software Link: https://sourceforge.net/projects/x2engine/ Version: X2CRM v6.6/6.9 Tested on: Ubuntu Mate 20.04 Vulnerable Parameter: model CVE: Use...
Stonesoft VPN Client 6.2.0 / 6.8.0 - Local Privilege Escalation Exploit
Exploit Title: Stonesoft VPN Client 6.2.0 / 6.8.0 - Local Privilege Escalation Exploit Author : TOUHAMI KASBAOUI Vendor Homepage : https://www.forcepoint.com/ Software: Stonesoft VPN Windows Version : 6.2.0 / 6.8.0 Tested on : Windows 10 CVE : N/A Description local privilege escalation vertical...
Symantec Messaging Gateway 10.7.4 - Stored Cross-Site Scripting Vulnerability
Exploit Title: Symantec Messaging Gateway 10.7.4 - Stored Cross-Site Scripting XSS Exploit Author: omurugur Vendor Homepage: https://support.broadcom.com/external/content/SecurityAdvisories/0/21117 Version: 10.7.4-10.7.13 Tested on: relevant os CVE : CVE-2022-25630 Author Web:...
Tenda N300 F3 12.01.01.48 - Malformed HTTP Request Header Processing Exploit
!/usr/bin/python3 Exploit Title: Tenda N300 F3 12.01.01.48 - Malformed HTTP Request Header Processing Shodan Dork: http.favicon.hash:-2145085239 http.title:"Tenda | LOGIN" Exploit Author: @h454nsec Github: https://github.com/H454NSec/CVE-2020-35391 Vendor Homepage:...
FatPipe Networks WARP/IPVPN/MPVPN 10.2.2 - (Add Admin) Cross-Site Request Forgery Vulnerability
Exploit Title: FatPipe Networks WARP/IPVPN/MPVPN 10.2.2 - 'Add Admin' Cross-Site Request Forgery CSRF Exploit Author: LiquidWorm Vendor Homepage: https://www.fatpipeinc.com !-- FatPipe Networks WARP/IPVPN/MPVPN 10.2.2 CSRF Add Admin Exploit Vendor: FatPipe Networks Inc. Product web page:...
qdPM 9.2 - DB Connection String and Password Exposure (Unauthenticated) Vulnerability
Exploit Title: qdPM 9.2 - DB Connection String and Password Exposure Unauthenticated Exploit Author: Leon Trappett thepcn3rd Vendor Homepage: https://qdpm.net/ Software Link: https://sourceforge.net/projects/qdpm/files/latest/download Version: 9.2 Tested on: Ubuntu 20.04 Apache2 Server running PH...
OCS Inventory NG 2.7 - Remote Code Execution Exploit
Exploit for multiple platform in category web applications Exploit Title: OCS Inventory NG 2.7 - Remote Code Execution Exploit Author: Askar @mohammadaskar2 CVE: CVE-2020-14947 Vendor Homepage: https://ocsinventory-ng.org/ Version: v2.7 Tested on: Ubuntu 18.04 / PHP 7.2.24 !/usr/bin/python3 impor...
Pulse Secure Client For Windows Local Privilege Escalation Vulnerability
Red Timmy Sec has discovered that Pulse Secure Client for Windows suffers from a local privilege escalation vulnerability in the PulseSecureService.exe service. Pulse Secure is recognized among the top 10 Network Access Control NAC vendors by global revenue market share. The company declares that...
Netlink GPON Router 1.0.11 - Remote Code Execution Exploit
Exploit for hardware platform in category web applications Exploit Title: Netlink GPON Router 1.0.11 - Remote Code Execution Exploit Author: shellord Vendor Homepage: https://www.netlink-india.com/ Version: 1.0.11 Tested on: Windows 10 CVE: N/A Exploit : curl -L -d "targetaddr=;ls...
TexasSoft CyberPlanet 6.4.131 - (CCSrvProxy) Unquoted Service Path Vulnerability
Exploit Title: TexasSoft CyberPlanet 6.4.131 - 'CCSrvProxy' Unquoted Service Path Exploit Author: Cristian Ayala G Vendor Homepage: https://tenaxsoft.com/index.html Software Link: https://tenaxsoft.com/descargas.html Version: 6.4.131 Tested on: Windows 10 Pro x64 Step to discover the unquoted...
Pulse Secure VPN Arbitrary Command Execution Exploit
This Metasploit module exploits a post-auth command injection in the Pulse Secure VPN server to execute commands as root. The env1 command is used to bypass application whitelisting and run arbitrary commands. Please see related module auxiliary/gather/pulsesecurefiledisclosure for a pre-auth fil...
Linux Kernel 4.4.0-21 < 4.4.0-51 (Ubuntu 14.04/16.04 x86-64) AF_PACKET Race Condition Privilege
Exploit for linux platform in category local exploits / chocoboroot.c linux AFPACKET race condition exploit for CVE-2016-8655. Includes KASLR and SMEP/SMAP bypasses. For Ubuntu 14.04 / 16.04 x8664 kernels 4.4.0 before 4.4.0-53.74. All kernel offsets have been tested on Ubuntu / Linux Mint. vroom...
Microsoft Windows ALPC Task Scheduler Local Privilege Elevation Exploit
On vulnerable versions of Windows the alpc endpoint method SchRpcSetSecurity implemented by the task scheduler service can be used to write arbitrary DACLs to .job files located in c:\windows\tasks because the scheduler does not use impersonation when checking this location. Since users can creat...
Nord VPN 6.14.31 - Denial of Service Exploit
Exploit for windows platform in category dos / poc Exploit Title: Nord VPN = 6.14.31 - Denial of Service PoC Exploit Author : L0RD borna nematzadeh Contact: email protected Vendor Homepage : https://nordvpn.com Software link: https://nordvpn.com/download/ Version: = 6.14.31 Tested on: Windows 10...
GoAhead httpd 2.5 < 3.6.5 - LD_PRELOAD Remote Code Execution Exploit
Exploit for linux platform in category remote exploits !/usr/bin/python GoAhead httpd/2.5 to 3.6.5 LDPRELOAD remote code execution exploit EDB Note: Payloads https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/bin-sploits/43360.zip EDB Note: Source...
SMF 2.0.x Remote Code Execution 0day Exploit
When used in conjunction, multiple vulnerabilities within SMF 2.0.x allow a remote attacker with the ability to create a basic user account to execute arbitrary code with the privileges of the application. This is private exploit. You can buy it at https://0day.today...
Wordpress Theme Dazzling Shell Upload Vulnerability
Python exploit able to upload a shell and generate its link in any website having Dazzling Shell Upload Vulnerability Usage Info python exploit.py -t http://site.com -s shellname -p UploadingPath import optparse import sys import pycurl from cStringIO import StringIO print "" print...
Java Applet JMX Remote Code Execution Vulnerability
This Metasploit module abuses the JMX classes from a Java Applet to run arbitrary Java code outside of the sandbox as exploited in the wild in January of 2013. The vulnerability affects Java version 7u10 and earlier. This file is part of the Metasploit Framework and may be subject to redistributi...
Uploadify jQuery Generic File Upload (Metasploit)
This module exploits an arbitrary File Upload and Code Execution flaw Uploadify script jQuery Multiple File Upload, the vulnerability allows for arbitrary file upload and remote code execution POST Data to Vulnerable uploadify.php in any CMS/SCRIPT use Uploadify. Some Joomla, WordPress,...
Tagger Luxury Edition (BBCodeFile) Remote File Include Vulnerability
Exploit for unknown platform in category web applications ==================================================================== Tagger Luxury Edition BBCodeFile Remote File Include Vulnerability ==================================================================== Tagger v3 = BBCodeFile Remote file...
MyBulletinBoard (MyBB) <= 1.1.5 (CLIENT-IP) SQL Injection Exploit
Exploit for unknown platform in category web applications ================================================================= MyBulletinBoard MyBB = 1.1.5 CLIENT-IP SQL Injection Exploit ================================================================= !/usr/bin/php -q -d shortopentag=on ? echo...
PHPJabbers Cinema Booking System 2.0 Cross Site Scripting Vulnerability
CVE-2024-57428 A stored cross-site scripting XSS vulnerability in PHPJabbers Cinema Booking System v2.0 exists due to unsanitized input in file upload fields eventimg, seatmaps and seat number configurations numbernewX in pjActionCreate. Attackers can inject persistent JavaScript, leading to...
Linux 6.4 Use-After-Free / Race Condition Exploit
There is a race between mbind and VMA-locked page faults in the Linux 6.4 kernel, leading to a use-after-free condition. Linux 6.4: UAF race between mbind and VMA-locked page fault tested on git master, at commit 57012c57536f Summary: There's a race between mbind and VMA-locked page faults, leadi...
Bitrix24 - Remote Code Execution (Authenticated) Exploit
Exploit Title: Bitrix24 - Remote Code Execution RCE Authenticated Date: 4/22/2022 Exploit Author: picaroo Vendor Homepage: https://www.bitrix24.com/apps/desktop.php Tested on: Linux os /usr/bin/env python Created by heinjame import requests import re from bs4 import BeautifulSoup import...
Payara Micro Community 5.2021.6 - Directory Traversal Vulnerability
Exploit Title: Payara Micro Community 5.2021.6 - Directory Traversal Exploit Author: Yasser Khan N3Thunt3r Vendor Homepage: https://docs.payara.fish/community/docs/release-notes/release-notes-2021-6.html Software Link: https://www.payara.fish/downloads/payara-platform-community-edition/x Version:...
Antminer Monitor 0.5.0 - Authentication Bypass Vulnerability
Exploit Title: Antminer Monitor 0.5.0 - Authentication Bypass Dork:https://www.zoomeye.org/searchResult?q=%22antminer%20monitor%22 Exploit Author: CQR.company / Vulnz. Vendor Homepage: https://github.com/anselal/antminer-monitor, https://twitter.com/intent/follow?screenname=AntminerMonitor Softwa...
Oracle Fatwire 6.3 - Multiple Vulnerabilities
Exploit Title: Oracle Fatwire 6.3 - Multiple Vulnerabilities Exploit Author: J. Francisco Bolivar @Jfrancbit Vendor Homepage: https://www.oracle.com/index.html Version: 6.3 Tested on: CentOS 1. Xss Adt parameter is vulnerable to Xss: https://IPADDRESS/cs/Satellite?c=Page&cid=xxxx&pagename=xxxx&ad...
Centreo 19.10.8 - (DisplayServiceStatus) Remote Code Execution Exploit
Exploit for php platform in category web applications Exploit Title: Centreo 19.10.8 - 'DisplayServiceStatus' Remote Code Execution Exploit Author: Engin Demirbilek Vendor Homepage: https://www.centreon.com/ Version: 19.10.8 Tested on: CentOS Advisory link:...
Cisco Data Center Network Manager 11.2.1 - (getVmHostData) SQL Injection Exploit
Exploit for java platform in category web applications !/usr/bin/python """ Cisco Data Center Network Manager HostEnclHandler getVmHostData SQL Injection Remote Code Execution Vulnerability Tested on: Cisco DCNM 11.2.1 Installer for Windows 64-bit - Release: 11.21 - Release Date: 18-Jun-2019 -...
SunOS 5.10 Generic_147148-26 - Local Privilege Escalation Exploit
Exploit: SunOS 5.10 Generic147148-26 - Local Privilege Escalation Date: 2020-01-15 Author: Marco Ivaldi Vendor: www.oracle.com Software Link: https://www.oracle.com/technetwork/server-storage/solaris10/downloads/latest-release/index.html CVE: CVE-2020-2696 / raptordtsessionipa.c - CDE dtsession L...
Microsoft Windows - Win32k Local Privilege Escalation Exploit
Exploit for windows platform in category local exploits CVE-2019-0803 Win32k Elevation of Privilege Poc Reference ----------------------------- steal Security token https://github.com/mwrlabs/CVE-2016-7255 EDB Note: Download...
Raisecom Technology GPON-ONU HT803G-07 Command Injection (2)
Raisecom Technology GPON-ONU HT803G-07 suffers from an authenticated command injection vulnerability in the newpass and confpass parameters in /bin/WebMGR. Raisecom Technology GPON-ONU HT803G-07 Command Injection 2 ===================================== Authenticated Shell Command Injection...
Nominas 0.27 - username SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: Nominas 0.27 - 'username' SQL Injection Exploit Author: Ihsan Sencan Vendor Homepage: http://arixolab.com/proyecto.html Software Link: https://netix.dl.sourceforge.net/project/nominascrm/Nominas%20v0.27.tar.gz Version: 0.27...
Apache Struts 2.5 - Remote Code Execution Exploit
Exploit for linux platform in category remote exploits Exploit Title: Struts 2.5 - 2.5.12 REST Plugin XStream RCE Google Dork: filetype:action Date: 06/09/2017 Exploit Author: Warflop Vendor Homepage: https://struts.apache.org/ Software Link:...
PHPMailer Sendmail Argument Injection Exploit
PHPMailer versions up to and including 5.2.19 are affected by a vulnerability which can be leveraged by an attacker to write a file with partially controlled contents to an arbitrary location through injection of arguments that are passed to the sendmail binary. This Metasploit module writes a...
Wordpress Plugins - wp Dreamwork Gallery Arbitrary File Upload Vulnerability
Exploit for php platform in category web applications 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /' \ /\ //\ Exploit database separated by exploit 0 0 // type local, remote, DoS, etc. 1 1 1 0 +...
Parnian Opendata CMS SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title : Parnian Opendata CMS SQL Injection Vulnerability Date : 2011-04-15 Author : Alexander Software Link : http://www.parniansoft.com/ Test On : php CVE : Web Applications Google Dork : inurl:mpfn=pdview Exploit :...
Uploader by CeleronDude 5.3.0 - Upload Vulnerability
Exploit for unknown platform in category web applications ==================================================== Uploader by CeleronDude 5.3.0 - Upload Vulnerability ==================================================== Uploader by CeleronDude 5.3.0 - Upload Vulnerability Discovered by : Stink' Date...
XMB <= 1.9.6 (u2uid) Remote SQL Injection Exploit (mq=off)
Exploit for unknown platform in category web applications ========================================================== XMB = 4.1 allowing subs / if $argc5 echo "Usage: php ".$argv0." host path username password OPTIONS\n"; echo "host: target server ip/hostname\n"; echo "path: path to XMB \n"; echo...
PBLang <= 4.65 Remote Command Execution Exploit
Exploit for unknown platform in category web applications =============================================== PBLang site: http://rgod.altervista.org make these changes in php.ini if you have troubles with this script: allowcalltimepassreference = on registerglobals = on / errorreporting0;...
WordPress Chartify 2.9.5 Local File Inclusion Vulnerability
CVE-2024-10571 Chartify – WordPress Chart Plugin = 2.9.5 - Unauthenticated Local File Inclusion via source Description The Chartify – WordPress Chart Plugin plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.9.5 via the 'source' parameter. This make...
Azon Dominator Affiliate Marketing Script - SQL Injection Vulnerability
Exploit Title: Azon Dominator - Affiliate Marketing Script - SQL Injection Exploit Author: Buğra Enis Dönmez Vendor: https://www.codester.com/items/12775/azon-dominator-affiliate-marketing-script Demo Site: https://azon-dominator.webister.net/ Tested on: Arch Linux CVE: N/A Request POST...
Microweber 2.0.15 - Stored XSS Vulnerability
Exploit Title: Stored XSS in Microweber Exploit Author: tmrswrr Vendor Homepage: https://microweber.me/ Version: 2.0.15 Tested on: http://active.demo.microweber.me/ Vulnerability Description A Stored Cross-Site Scripting XSS vulnerability has been identified in Microweber version 2.0.15. This...
Prison Management System - SQL Injection Authentication Bypass Vulnerability
Exploit : Prison Management System Using PHP -SQL Injection Authentication Bypass Exploit Author: Sanjay Singh Vendor Homepage: https://www.sourcecodester.com Software Link:https://www.sourcecodester.com/sql/17287/prison-management-system.html Tested on: Windows ,XAMPP CVE : CVE-2024-33288 Proof ...
COMMAX CVD-Axx DVR 5.1.4 - Weak Default Credentials Stream Disclosure Vulnerability
Exploit Title: COMMAX CVD-Axx DVR 5.1.4 - Weak Default Credentials Stream Disclosure Exploit Author: LiquidWorm Vendor Homepage: https://www.commax.com COMMAX CVD-Axx DVR 5.1.4 Weak Default Credentials Stream Disclosure Vendor: COMMAX Co., Ltd. Prodcut web page: https://www.commax.com Affected...
ExpressVPN VPN Router 1.0 - Router Login Panels Integer Overflow Vulnerability
Exploit Title: ExpressVPN VPN Router 1.0 - Router Login Panel's Integer Overflow Exploit Author: Jai Kumar Sharma Vendor Homepage: https://www.expressvpn.com/ Software Link: https://www.expressvpn.com/vpn-software/vpn-router Version: version 1 Tested on: Windows/Ubuntu/MacOS CVE : CVE-2020-29238...
BSA Radar 1.6.7234.24750 - Authenticated Privilege Escalation Vulnerability
Exploit for multiple platform in category web applications Exploit Title: BSA Radar 1.6.7234.24750 - Authenticated Privilege Escalation Exploit Author: William Summerhill Vendor homepage: https://www.globalradar.com/ Version: BSA Radar - Version 1.6.7234.24750 and lower CVE-2020-14945 - Privilege...
AppleiOS 13.5.1 Resource Exposure Vulnerability
Apple iOS version 13.5.1 suffers from an issue where it is possible to circumvent the copy and paste restriction from the company profile to the private profile. Thus, it is possible to extract attachments that can be previewed "Quick Look" in the native Mail client to any private app. Product:...