39001 matches found
Acunetix Web Vulnerability Scanner 10 *.slg Buffer Overflow (PoC) Exploit
Exploit for windows platform in category dos / poc Exploit Title: Acunetix Web Vulnerability Scanner 10 ".slg" Buffer Overflow PoC Author: Kağan Çapar Software Link: https://s3.amazonaws.com/a280ccaaf904330a389db759e6275285/acunetixtrial.exe Vendor Homepage : https://www.acunetix.com Tested...
ManageEngine OPManager 12.3 Cross Site Scripting Vulnerability
ManageEngine OPManager version 12.3 suffers from a persistent cross site scripting vulnerability...
Heatmiser Wifi Thermostat 1.7 - Credential Disclosure Exploit
Exploit for hardware platform in category web applications Exploit Title: Heatmiser Wifi Thermostat 1.7 - Credential Disclosure Dork: intitle:"Heatmiser Wifi Thermostat" Exploit Author: d0wnp0ur Original Discoverer: Andrew Tierney Vendor Lnk: https://www.heatmiser.com/en/ Product Link:...
Library CMS 2.1.1 - Cross-Site Scripting Vulnerability
Exploit for php platform in category web applications Exploit Title: Library CMS 2.1.1 - Cross-Site Scripting Exploit Author: Ismail Tasdelen Vendor Homepage: https://kaasoft.pro/ Software Link : https://library.kaasoft.pro/ Software : Library CMS - Powerful Book Management System Version : v 2.1...
Rukovoditel Project Management CRM 2.3 - path SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: Rukovoditel Project Management CRM 2.3 - 'path' SQL Injection Exploit Author: Ihsan Sencan Vendor Homepage: https://www.rukovoditel.net/ Software Link: https://www.rukovoditel.net/download.php Version: 2.3 Category: Webapps Test...
HotelDruid 2.2.4 - anno SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: HotelDruid 2.2.4 - 'anno' SQL Injection Exploit Author: Ihsan Sencan Vendor Homepage: http://www.hoteldruid.com/ Software Link: http://www.hoteldruid.com/en/download.html Version: 2.2.4 Category: Webapps Tested on:...
Wordpress Support Board 1.2.3 Plugin - Cross-Site Scripting Vulnerability
Exploit for php platform in category web applications Exploit Title: Wordpress Plugin Support Board 1.2.3 - Cross-Site Scripting Exploit Author: Ismail Tasdelen Vendor Homepage: https://schiocco.com/ Software Link : https://board.support/ Software : Support Board - Chat And Help Desk Version :...
VLC Media Player - MKV Use-After-Free Exploit
Exploit for windows platform in category local exploits This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'VLC Media Player MKV Use After Free', 'Description' = %q This module exploits a use after...
MV Video Sharing Software 1.2 - searchname SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: MV Video Sharing Software 1.2 - 'searchname' SQL Injection Exploit Author: Ihsan Sencan Vendor Homepage: https://melerovideo.com/software/ Software Link: https://sourceforge.net/projects/mvvideosharingsoftware/ Version: 1.2...
Kados R10 GreenBee - release_id SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: Kados R10 GreenBee - 'releaseid' SQL Injection Exploit Author: Ihsan Sencan Vendor Homepage: https://www.kados.info/ Software Link: https://sourceforge.net/projects/kados/ Version: R10 GreenBee Category: Webapps Tested on:...
Microsoft Windows - FSCTL_FIND_FILES_BY_SID Information Disclosure Exploit
Exploit for windows platform in category dos / poc Windows: FSCTLFINDFILESBYSID Information Disclosure Platform: Windows 10 1709, 1803 Class: Information Disclosure / Elevation of Privilege Summary: The FSCTLFINDFILESBYSID control code doesn’t check for permissions to list a directory leading to...
HighPortal 12.5 Cross Site Scripting Vulnerability
Exploit for php platform in category web applications Vulnerable Product: HighPortal Affected version: 12.5 Vulnerability Type: XSS CVE: CVE-2018-17964 CWE: CWE-79 Credit: Ali Abdollahi Remote: Yes Description:XSS vulnerability on Aryanic HighPortal version 12.5 via an Add Tags action.Contact:...
Vishesh Auto Index 3.1 - fid SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: Vishesh Auto Index 3.1 - 'fid' SQL Injection Exploit Author: Ihsan Sencan Vendor Homepage: http://www.vishesh.cf/ Software Link: https://sourceforge.net/projects/vishesh-wap-auto-index/files/latest/download Version: 3.1 Category...
GIU Gallery Image Upload 0.3.1 - category SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: GIU Gallery Image Upload 0.3.1 - 'category' SQL Injection Exploit Author: Ihsan Sencan Vendor Homepage: http://tradesouthwest.com Software Link: https://sourceforge.net/projects/giugalleryimageupload/ Version: 0.3.1 Category:...
Navigate CMS 2.8.5 - Arbitrary File Download Vulnerability
Exploit for php platform in category web applications Exploit Title: Navigate CMS 2.8.5 - Arbitrary File Download Exploit Author: Ihsan Sencan Vendor Homepage: https://www.navigatecms.com/ Software Link: http://master.dl.sourceforge.net/project/navigatecms/releases/navigate-2.8.5r1355.zip Version...
FLIR Brickstream 3D+ - RTSP Stream Disclosure Vulnerability
Exploit for hardware platform in category web applications FLIR Systems FLIR Brickstream 3D+ Unauthenticated RTSP Stream Disclosure Vendor: FLIR Systems, Inc. Product web page: http://www.brickstream.com Affected version: Firmware: 2.1.742.1842 Api: 1.0.0 Node: 0.10.33 Onvif: 0.1.1.47 Summary: Th...
Advanced HRM 1.6 - Remote Code Execution Vulnerability
Exploit for php platform in category web applications Exploit Title: Advanced HRM 1.6 - Remote Code Execution Google Dork: intext:"Advanced HRM" Exploit Author: Renos Nikolaou Vendor Homepage: https://coderpixel.com/ Software Link: https://codecanyon.net/item/advanced-hrm/17767006 Version: 1.6...
FLIR AX8 Thermal Camera 1.32.16 - RTSP Stream Disclosure Vulnerability
Exploit for hardware platform in category web applications...
College Notes Management System 1.0 - user SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: College Notes Management System 1.0 - 'user' SQL Injection Exploit Author: Ihsan Sencan Vendor Homepage: https://anirbandutta.ml/ Software Link: https://sourceforge.net/projects/college-notes-management/ Software Link:...
AlchemyCMS 4.1 - Cross-Site Scripting Vulnerability
Exploit for php platform in category web applications...
BigTree CMS 4.2.23 Cross Site Scripting Vulnerability
Exploit for php platform in category web applications Exploit Title: BigTree CMS 4.2.23 - Cross-Site Scripting Exploit Author: Ismail Tasdelen Vendor Homepage: https://www.bigtreecms.org/ Software Link : https://github.com/bigtreecms/BigTree-CMS/ Software : BigTree CMS Version : 4.2.23...
FLIR AX8 Thermal Camera 1.32.16 - Remote Code Execution Exploit
Exploit for hardware platform in category web applications Exploit Title: FLIR AX8 Thermal Camera 1.32.16 - Remote Code Execution Author: Gjoko 'LiquidWorm' Krstic @zeroscience Vendor: FLIR Systems, Inc. Product web page: https://www.flir.com Affected version: Firmware: 1.32.16, 1.17.13, OS:...
Academic Timetable Final Build 7.0a-7.0b - id SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: Academic Timetable Final Build 7.0a-7.0b - 'id' SQL Injection Exploit Author: Ihsan Sencan Vendor Homepage: http://geoffpartridge.net/ Software Link: https://sourceforge.net/projects/timetableacademic/files/latest/download...
Academic Timetable Final Build 7.0 - Information Disclosure Exploit
Exploit for php platform in category web applications \n"; printr$ver; echo "\n"; / Array sEcho = 10 iTotalRecords = 3 iTotalDisplayRecords = 3 aaData = Array 0 = Array 0 = testdb1 1 = testdb1 2 = ADMIN 3 = 6CC4E8CFFEAF202D7475BC906612F9A29A9C8117 1 = Array 0 = ADMIN 1 = admin...
FLIR AX8 Thermal Camera 1.32.16 - Arbitrary File Disclosure Vulnerability
Exploit for hardware platform in category web applications Exploit Title: FLIR AX8 Thermal Camera 1.32.16 - Arbitrary File Disclosure Auhor: Gjoko 'LiquidWorm' Krstic Date: 2018-10-14 Vendor: FLIR Systems, Inc. Product web page: https://www.flir.com Affected version: Firmware: 1.32.16, 1.17.13 OS...
Academic Timetable Final Build 7.0b - Cross-Site Request Forgery (Add Admin) Vulnerability
Exploit for php platform in category web applications Exploit Title: Academic Timetable Final Build 7.0b - Cross-Site Request Forgery Add Admin Dork: N/A Date: 2018-10-13 Exploit Author: Ihsan Sencan Vendor Homepage: http://geoffpartridge.net/ Software Link:...
FLIR Brickstream 3D+ 2.1.742.1842 - Config File Disclosure Vulnerability
Exploit for hardware platform in category web applications Exploit Title: FLIR Brickstream 3D+ 2.1.742.1842 - Config File Disclosure Author: Gjoko 'LiquidWorm' Krstic Date: 2018-10-14 Vendor: FLIR Systems, Inc. Product web page: http://www.brickstream.com Affected version: Firmware: 2.1.742.1842,...
Snes9K 0.0.9z - Buffer Overflow (SEH) Exploit
Exploit for windows platform in category local exploits Exploit Title: Snes9K 0.0.9z - Buffer Overflow SEH Exploit Author: Abdullah Alıç Vendor Homepage: https://sourceforge.net/projects/snes9k/ Software Link: https://sourceforge.net/projects/snes9k/files/latest/download Version: 0.0.9z Tested on...
MaxOn ERP Software 8.x-9.x - nomor SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: MaxOn ERP Software 8.x-9.x - 'nomor' SQL Injection Exploit Author: Ihsan Sencan Vendor Homepage: http://www.talagasoft.com Software Link: http://demo.maxonerp.com/ Software Download:...
Solaris RSH Stack Clash Privilege Escalation Exploit
This Metasploit module exploits a vulnerability in RSH on unpatched Solaris systems which allows users to gain root privileges. The stack guard page on unpatched Solaris systems is of insufficient size to prevent collisions between the stack and heap memory, aka Stack Clash. This Metasploit modul...
KORA 2.7.0 - cid SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: KORA 2.7.0 - SQL Injection Dork: N/A Date: 2018-10-13 Exploit Author: Ihsan Sencan Vendor Homepage: http://www.matrix.msu.edu/ Software Link: https://sourceforge.net/projects/kora/files/latest/download Version: 2.7.0 Category:...
D-Link DSL-2640T Cross Site Scripting Vulnerability
Exploit for hardware platform in category web applications Exploit Title: Multiple XSS Vulnerabilities in D-Link DSL-2640T Exploit Author: Anas Falhi/m0ti0nl3ss ,https://anasfalhi.blogspot.com. Tested on: D-Link DSL-2640T Tags: xss, cross site scripting, D-Link DSL-2640T router POC: a!XSS via GET...
Phoenix Contact WebVisit 2985725 - Authentication Bypass Exploit
Exploit for windows platform in category web applications Exploit Title: Phoenix Contact WebVisit 2985725 - Authentication Bypass Date: 2018-09-30 Exploit Author: Deneut Tijl Vendor Homepage: www.phoenixcontact.com Software Link:...
gsview -dSAFER Not Used Vulnerability
Exploit for windows platform in category dos / poc gsview: -dSAFER not used I was planning to test the exploit for bug 1640 against gsview, the official ghostscript viewer, but it turns out systemdict /SAFER get returns false. That means opening a file in gsview is equivalent to running arbitrary...
LUYA CMS 1.0.12 - Cross-Site Scripting Vulnerability
Exploit for php platform in category web applications...
NoMachine 5.3.26 Remote Code Execution Exploit
NoMachine versions 5.3.26 and below suffer from a remote code execution vulnerability when opening a malicious .nxs file. + Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/NOMACHINE-TROJAN-FILE-REMOTE-CODE-EXECUTION.txt...
Teltonika RUT9XX Unauthenticated OS Command Injection Exploit
Teltonika RUT9XX routers with firmware before 00.04.233 are prone to multiple unauthenticated OS command injection vulnerabilities in autologin.cgi and hotspotlogin.cgi due to insufficient user input sanitization. This allows remote attackers to execute arbitrary commands with root privileges...
Teltonika RUT9XX Reflected Cross Site Scripting Vulnerability
Teltonika RUT9XX routers with firmware before 00.05.01.1 are prone to cross site scripting vulnerabilities in hotspotlogin.cgi due to insufficient user input sanitization. Teltonika RUT9XX Reflected Cross-Site Scripting XSS Link:...
Teltonika RUT9XX Missing Access Control To UART Root Terminal Vulnerability
Exploit for cgi platform in category web applications Teltonika RUT9XX Missing Access Control to UART Root Terminal Link: https://github.com/sbaresearch/advisories/tree/public/2018/SBA-ADV-20180319-02TeltonikaIncorrectAccessControl Vulnerability Overview Teltonika RUT9XX routers with firmware...
Cockpit CMS CSRF / XSS / Path Traversal Vulnerabilities
Cockpit CMS suffers from cross site request forgery, cross site scripting, and traversal vulnerabilities. Version 0.6.2 should address these issues. 1 Path Traversal CVE-2018-15540 It is possible to read/write/delete files or list directories by using "../" to traverse to other folders via reques...
HaPe PKH 1.1 - id SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: HaPe PKH 1.1 - 'id' SQL Injection Date: 2018-10-12 Exploit Author: Ihsan Sencan Vendor Homepage: http://www.sitejo.id Software Link: https://sourceforge.net/projects/hape-pkh/files/latest/download Version: 1.1 Category: Webapps...
HaPe PKH 1.1 - Arbitrary File Upload Vulnerability
Exploit for php platform in category web applications Exploit Title: HaPe PKH 1.1 - Arbitrary File Upload Exploit Author: Ihsan Sencan Vendor Homepage: http://www.sitejo.id Software Link: https://sourceforge.net/projects/hape-pkh/files/latest/download Version: 1.1 Category: Webapps Tested on:...
HaPe PKH 1.1 - Cross-Site Request Forgery (Update Admin) Vulnerability
Exploit for perl platform in category web applications Exploit Title: HaPe PKH 1.1 - Cross-Site Request Forgery Update Admin Exploit Author: Ihsan Sencan Vendor Homepage: http://www.sitejo.id Software Link: https://sourceforge.net/projects/hape-pkh/files/latest/download Version: 1.1 Category:...
FluxBB < 1.5.6 - SQL Injection Exploit
Exploit for multiple platform in category web applications !/usr/bin/env python Friday, November 21, 2014 - secthrowaway safe-mail net FluxBB 80: sys.exit'SQL too long, max 80 chars' print "1st stage: %s %d chars" % sql, lensql r = urlopenRequest'%sprofile.php?action=changeemail&id=%s' % url, uid...
CAMALEON CMS 2.4 Cross Site Scripting Vulnerability
Exploit for php platform in category web applications Exploit Title: CAMALEON CMS 2.4 - Cross-Site Scripting Exploit Author: Ismail Tasdelen Vendor Homepage: http://camaleon.tuzitio.com/ Software Link : https://github.com/owen2345/camaleon-cms Software : CAMALEON CMS Version : 2.4 Vulernability...
SugarCRM 6.5.26 - Cross-Site Scripting Vulnerability
Exploit for php platform in category web applications Exploit Title: SugarCRM 6.5.26 - Cross-Site Scripting Exploit Author: Purplemet Security Author Website: https://www.purplemet.com/ Vendor Homepage: https://www.sugarcrm.com/ Software Link: https://sourceforge.net/projects/sugarcrm/ Version:...
VLC Media Player 2.2.8 MKV Use-After-Free Exploit
This Metasploit module exploits a use-after-free vulnerability in VideoLAN VLC versions 2.2.8 and below. The vulnerability exists in the parsing of MKV files and affects both 32 bits and 64 bits. In order to exploit this, this module will generate two files: The first .mkv file contains the main...
DELL EMC OneFS Storage Administration 8.1.2.0 .zshrc Overwrite Exploit
!/usr/bin/env python Exploit name : isilon-onefs-brute.py Created date : 9/21/18 Submit Date : 10/10/18 Author : wetw0rk Python version : 2.7 Brute Force Script:...
Microsoft SQL Server Management Studio 17.9 - .xel XML External Entity Injection Vulnerability
Exploit for windows platform in category web applications Exploit Title: Microsoft SQL Server Management Studio 17.9 - '.xel' XML External Entity Injection Author: John Page aka hyp3rlinx Website: hyp3rlinx.altervista.org Venodor: www.microsoft.com Software: SQL Server Management Studio 17.9 and...
Phoenix Contact WebVisit 6.40.00 - Password Disclosure Vulnerability
Exploit for hardware platform in category web applications Exploit Title: Phoenix Contact WebVisit 6.40.00 - Password Disclosure Exploit Author: Deneut Tijl Vendor Homepage: www.phoenixcontact.com Software Link:...