Cisco IOX XE unauthenticated OS Command Execution Exploit

msf use auxiliary/admin/http/ciscoiosxeosexeccve202320273 msf auxiliaryciscoiosxeosexeccve202320273 show actions ...actions... msf auxiliaryciscoiosxeosexeccve202320273 set ACTION msf auxiliaryciscoiosxeosexeccve202320273 show options ...show and set options... msf...

F5 BIG-IP TMUI AJP Smuggling Remote Code Execution Exploit

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'rex/proto/apachejp' class MetasploitModule 'F5 BIG-IP TMUI AJP Smuggling RCE', 'Description' = %q This module exploits a flaw in F5's BIG-IP Traffic Management...

Apache ActiveMQ Unauthenticated Remote Code Execution Exploit

This module exploits a deserialization vulnerability in the OpenWire transport unmarshaller in Apache ActiveMQ. Affected versions include 5.18.0 through to 5.18.2, 5.17.0 through to 5.17.5, 5.16.0 through to 5.16.6, and all versions before 5.15.16. This module requires Metasploit:...

Linux/x64 - create a shell with execve() sending argument using XOR (/bin//sh) Shellcode (55 bytes)

Exploit Title: Linux-x64 - create a shell with execve sending argument using XOR /bin//sh 55 bytes Shellcode Author: Alexys 0x177git Tested on: Linux x8664 Shellcode Description: creating a new process using execve syscall sending bin//sh as argument | encrypted using XOR operation was QWORD size...

SugarCRM 13.0.1 Server-Side Template Injection Exploit

SugarCRM versions 13.0.1 and below suffer from a server-side template injection vulnerability in the GetControl action from the Import module. This issue can be leveraged to execute arbitrary php code. ---------------------------------------------------------------------------- SugarCRM = 13.0.1...

XAMPP 3.3.0 Buffer Overflow Exploit

XAMPP version 3.3.0 .ini unicode + SEH buffer overflow exploit. Exploit Title: XAMPP v3.3.0 — '.ini' Buffer Overflow Unicode + SEH Date: 2023-10-26 Author: Talson @Ripp3rdoc Software Link:...

SugarCRM 13.0.1 Shell Upload Exploit

SugarCRM versions 13.0.1 and below suffer from a remote shell upload vulnerability in the setnoteattachment SOAP call. ------------------------------------------------------------------------------- SugarCRM = 13.0.1 setnoteattachment Unrestricted File Upload Vulnerability...

phpFox 4.8.13 PHP Object Injection Exploit

phpFox versions 4.8.13 and below have an issue where user input passed through the "url" request parameter to the /core/redirect route is not properly sanitized before being used in a call to the unserialize PHP function. This can be exploited by remote, unauthenticated attackers to inject...

Splunk edit_user Capability Privilege Escalation Exploit

Splunk suffers from an issue where a low-privileged user who holds a role that has the edituser capability assigned to it can escalate their privileges to that of the admin user by providing a specially crafted web request. This is because the edituser capability does not honor the grantableRoles...

TEM Opera Plus FM Family Transmitter 35.45 Remote Code Execution Vulnerability

TEM Opera Plus FM Family Transmitter 35.45 Remote Code Execution Vendor: Telecomunicazioni Elettro Milano TEM S.r.l. Product web page: https://www.tem-italy.it Affected version: Software version: 35.45 Webserver version: 1.7 Summary: This new line of Opera plus FM Transmitters combines very high...

WordPress AI ChatBot 4.8.9 SQL Injection / Traversal / File Deletion Vulnerabilities

Vulnerability Details and Technical Analysis The AI ChatBot plugin provides website owners with a plug and play chat solution that can be expanded upon with customizable FAQs and custom text responses. It provides website users with an interface that allows them to look up order information, leav...

TEM Opera Plus FM Family Transmitter 35.45 Cross Site Request Forgery Vulnerability

CSRF Change Forward Power: -------------------------...

VMWare Aria Operations For Networks SSH Private Key Exposure Exploit

VMWare Aria Operations for Networks vRealize Network Insight versions 6.0.0 through 6.10.0 do not randomize the SSH keys on virtual machine initialization. Since the key is easily retrievable, an attacker can use it to gain unauthorized remote access as the "support" root user. This module requir...

WordPress LiteSpeed Cache 5.6 Cross Site Scripting Vulnerability

Vulnerability Summary from Wordfence Intelligence Description: LiteSpeed Cache = 5.6 – Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode Affected Plugin: LiteSpeed Cache Plugin Slug: litespeed-cache Affected Versions: = 5.6 CVE ID: CVE-2023-4372 CVSS Score: 6.4 Medium CVSS...

VIMESA VHF/FM Transmitter Blue Plus 9.7.1 Denial Of Service Vulnerability

VIMESA VHF/FM Transmitter Blue Plus version 9.7.1 suffers from a denial of service vulnerability. An unauthenticated attacker can issue an unauthorized HTTP GET request to the unprotected endpoint doreboot and restart the transmitter operations. VIMESA VHF/FM Transmitter Blue Plus 9.7.1 doreboot...

Moodle 4.3 Cross Site Scripting Vulnerability

Exploit Title: Moodle 4.3 Reflected XSS Exploit Author: tmrswrr Vendor Homepage: https://moodle.org/ Software Demo: https://school.moodledemo.net/ Version: 4.3 Tested on: Linux Vulnerability Details ====================== Steps : 1. Log in to the application with the given credentials USER: teach...

Atlassian Confluence Unauthenticated Remote Code Execution Exploit

This Metasploit module exploits an improper input validation issue in Atlassian Confluence, allowing arbitrary HTTP parameters to be translated into getter/setter sequences via the XWorks2 middleware and in turn allows for Java objects to be modified at run time. The exploit will create a new...

Zoo Management System 1.0 Shell Upload Vulnerability

Zoo Management System version 1.0 suffers from a remote shell upload vulnerability. This version originally had a shell upload vulnerability discovered by D4rkP0w4r that leveraged the upload CV flow but this particular finding leverages the saveanimal flow. Exploit Title: Zoo Management System 1....

WordPress WP ERP 1.12.2 SQL Injection Vulnerability

Exploit Title: WP Plugins WP ERP = 1.12.2 - SQL Injection Exploit Author: Arvandy Software Link: https://wordpress.org/plugins/erp/ Vendor Homepage: https://wperp.com/ Version: 1.12.2 Tested on: Windows, Linux CVE: CVE-2023-2744 Product Description WP ERP is the first full-fledged ERP Enterprise...

NLB mKlik Makedonija 3.3.12 SQL Injection Vulnerability

NLB mKlik Makedonija 3.3.12 SQL Injection Vendor: NLB Banka AD Skopje Product web page: https://www.nlb.mk Google Play: https://play.google.com/store/apps/details?id=hr.asseco.android.jimba.tutunskamk.production Affected version: 3.3.12 Summary: NLB mKlik е мобилна апликација наменета за физички...

ChurchCRM 4.5.4 SQL Injection Exploit

Exploit Title: ChurchCRM 4.5.4 - Authenticated Blind SQL Injection via the ENtyid Date: 03-05-2023 Exploit Author: Arvandy Blog Post: https://github.com/arvandy/CVE/blob/main/CVE-2023-29842/CVE-2023-29842.md Software Link: https://github.com/ChurchCRM/CRM/releases Vendor Homepage:...

WordPress Royal Elementor 1.3.78 Shell Upload Vulnerability

Today, on October 16, 2023, the Wordfence Threat Intelligence Team became aware of a vulnerability that was recently patched in Royal Elementor Addons and Templates, a WordPress plugin installed on over 200,000 sites, that makes it possible for unauthenticated attackers to upload arbitrary files ...

PyTorch Model Server Registration / Deserialization Remote Code Execution Exploit

The PyTorch model server contains multiple vulnerabilities that can be chained together to permit an unauthenticated remote attacker arbitrary Java code execution. The first vulnerability is that the management interface is bound to all IP addresses and not just the loop back interface as the...

Apache Superset 2.0.0 Remote Code Execution Exploit

Apache Superset versions 2.0.0 and below utilize Flask with a known default secret key which is used to sign HTTP cookies. These cookies can therefore be forged. If a user is able to login to the site, they can decode the cookie, set their userid to that of an administrator, and re-sign the cooki...

OpenPLC WebServer 3 - Denial of Service Exploit

Exploit Title: OpenPLC WebServer 3 - Denial of Service Exploit Author: Kai Feng Vendor Homepage: https://autonomylogic.com/ Software Link: https://github.com/thiagoralves/OpenPLCv3.git Version: Version 3 and 2 Tested on: Ubuntu 20.04 import requests import sys import time import optparse import r...

WEBIGniter v28.7.23 File Upload - Remote Code Execution Vulnerability

Title: WEBIGniter v28.7.23 File Upload - Remote Code Execution Author: nu11secur1ty Vendor: https://webigniter.net/ Software: https://webigniter.net/demo Reference: https://portswigger.net/web-security/file-upload Description: The media function suffers from file upload vulnerability. The attacke...

Wordpress Masterstudy LMS Plugin - 3.0.17 - Unauthenticated Instructor Account Creation Exploit

Exploit Title: Wordpress Plugin Masterstudy LMS - 3.0.17 - Unauthenticated Instructor Account Creation Google Dork: inurl:/user-public-account Exploit Author: Revan Arifio Vendor Homepage: https:/.org/plugins/masterstudy-lms-learning-management-system/ Version: | | \ / | | / /| || / / | | |/ / / ...

Minio 2022-07-29T19-40-48Z - Path traversal Exploit

Exploit Title: Minio 2022-07-29T19-40-48Z - Path traversal Exploit Author: Jenson Zhao Vendor Homepage: https://min.io/ Software Link: https://github.com/minio/minio/ Version: Up to excluding 2022-07-29T19-40-48Z Tested on: Windows 10 CVE : CVE-2022-35919 Required before execution: pip install...

Wordpress Sonaar Music Plugin 4.7 - Stored XSS Vulnerability

Exploit Title: Wordpress Sonaar Music Plugin 4.7 - Stored XSS Exploit Author: Furkan Karaarslan Category : Webapps Vendor Homepage: http://127.0.0.1/wp/wordpress/wp-comments-post.php Version: 4.7 REQUIRED Tested on: Windows/Linux...

Shuttle Booking Software v1.0 - Multiple SQL injection Vulnerabilities

Title: Shuttle-Booking-Software v1.0 - Multiple-SQLi Author: nu11secur1ty Vendor: https://www.phpjabbers.com/ Software: https://www.phpjabbers.com/shuttle-booking-software/sectionPricing Reference: https://portswigger.net/web-security/sql-injection Description: The locationid parameter appears to...

Wordpress Media Library Assistant Plugin - Remote Code Execution / Local File Inclusion Exploit

Exploit Title: Media Library Assistant Wordpress Plugin - RCE and LFI CVE: CVE-2023-4634 Exploit Author: Florent MONTEL / Patrowl.io / @Pepitoh / Twitter @Pepitooh Exploitation path: https://patrowl.io/blog-wordpress-media-library-rce-cve-2023-4634/ Exploit:...

Online ID Generator 1.0 - Remote Code Execution Vulnerability

Title: Online ID Generator 1.0 - Remote Code Execution RCE Author: nu11secur1ty Vendor: https://www.youtube.com/watch?v=JdB9po5DTc Software: https://www.sourcecodester.com/sites/default/files/download/oretnom23/idgenerator0.zip Reference: https://portswigger.net/web-security/sql-injection...

Cacti 1.2.24 - Authenticated command injection when using SNMP options Vulnerability

Exploit Title: Cacti 1.2.24 - Authenticated command injection when using SNMP options Exploit Author: Antonio Francesco Sardella Vendor Homepage: https://www.cacti.net/ Software Link: https://www.cacti.net/info/downloads Version: Cacti 1.2.24 Tested on: Cacti 1.2.24 installed on 'php:7.4.33-apach...

Microsoft Windows 11 - (apds.dll) DLL hijacking (Forced) Exploit

--------------------------------------------------------- Title: Microsoft Windows 11 - 'apds.dll' DLL hijacking Forced Date: 2023-09-01 Author: Moein Shahabi Vendor: https://www.microsoft.com Version: Windows 11 Pro 10.0.22621 Tested on: Windows 11x64 eng...

Coppermine Gallery 1.6.25 - Remote Code Execution Vulnerability

Exploit Title: coppermine-gallery 1.6.25 RCE Application: coppermine-gallery Version: v1.6.25 Bugs: RCE Technology: PHP Vendor URL: https://coppermine-gallery.net/ Software Link: https://github.com/coppermine-gallery/cpg1.6.x/archive/refs/tags/v1.6.25.zip Date of found: 05.09.2023 Author: Mirabba...

Webedition CMS v2.9.8.8 - Blind SSRF Vulnerability

Exploit Title: Webedition CMS v2.9.8.8 - Blind SSRF Application: Webedition CMS Version: v2.9.8.8 Bugs: Blind SSRF Technology: PHP Vendor URL: https://www.webedition.org/ Software Link: https://download.webedition.org/releases/OnlineInstaller.tgz?p=1 Date of found: 07.09.2023 Author: Mirabbas...

Kibana Prototype Pollution / Remote Code Execution Exploit

Kibana versions prior to 7.6.3 suffer from a prototype pollution bug within the Upgrade Assistant. By setting a new constructor.prototype.sourceURL value you can execute arbitrary code. Code execution is possible through two different ways. Either by sending data directly to Elastic, or using...

BoidCMS v2.0.0 - authenticated file upload Exploit

!/usr/bin/python3 Exploit Title: BoidCMS v2.0.0 - authenticated file upload vulnerability Exploit Author: 1337kid Vendor Homepage: https://boidcms.github.io// Software Link: https://boidcms.github.io/BoidCMS.zip Version: ' with open'shell.php','w' as f: f.writelinesphpcode ==== file = 'file' :...

Atcom 2.7.x.x - Authenticated Command Injection Vulnerability

Exploit Title: Atcom 2.7.x.x - Authenticated Command Injection Exploit Author: Mohammed Adel Vendor Homepage: https://www.atcom.cn/ Software Link: https://www.atcom.cn/html/yingwenban/Product/FastIPphone/2017/1023/135.html Version: All versions above 2.7.x.x Tested on: Kali Linux Exploit Request:...

GLPI GZIP(Py3) 9.4.5 - Remote Code Execution Exploit

!/usr/bin/env python3 Exploit Title: GLPI GZIPPy3 9.4.5 - RCE Date: 08-30-2021 Exploit Authors: Brian Peters & n3rada Vendor Homepage: https://glpi-project.org/ Software Link: https://github.com/glpi-project/glpi/releases Version: 0.8.5-9.4.5 Tested on: Exploit ran on Kali 2021. GLPI Ran on Windo...

Limo Booking Software v1.0 - CORS Vulnerability

Title: Limo Booking Software v1.0 - CORS Author: nu11secur1ty Vendor: https://www.phpjabbers.com/ Software: https://www.phpjabbers.com/limo-booking-software/sectionDemo Reference: https://portswigger.net/web-security/cors Description: The application implements an HTML5 cross-origin resource...

Ruijie Reyee Mesh Router - MITM Remote Code Execution Exploit

Exploit Title: Ruijie Reyee Wireless Router firmware version B11P204 - MITM Remote Code Execution RCE Date: April 15, 2023 Exploit Author: Mochammad Riyan Firmansyah of SecLab Indonesia Vendor Homepage: https://ruijienetworks.com Software Link:...

glibc ld.so Local Privilege Escalation Vulnerability

Dubbed Looney Tunables, Qualys discovered a buffer overflow vulnerability in the glibc dynamic loader's processing of the GLIBCTUNABLES environment variable. This vulnerability was introduced in April 2021 glibc 2.34 by commit 2ed18c. Looney Tunables: Local Privilege Escalation in the glibc's ld....

Progress Software WS_FTP Unauthenticated Remote Code Execution Exploit

This Metasploit module exploits an unsafe .NET deserialization vulnerability to achieve unauthenticated remote code execution against a vulnerable WSFTP server running the Ad Hoc Transfer module. All versions of WSFTP Server prior to 2020.0.4 version 8.7.4 and 2022.0.2 version 8.8.2 are vulnerabl...

WordPress KiviCare 3.2.0 Cross Site Scripting Vulnerability

Exploit Title: WP Plugins KiviCare 3.2.0 - Reflected Cross-Site Scripting Exploit Author: Arvandy Software Link: https://wordpress.org/plugins/kivicare-clinic-management-system/ Vendor Homepage: https://kivicare.io/ Version: 3.2.0 Tested on: Windows, Linux CVE: CVE-2023-2624 Product Description...

WordPress Contact Form Generator 2.5.5 Cross Site Scripting Vulnerability

Exploit Title: WP Plugins Contact Form Generator 2.5.5 - Reflected Cross-Site Scripting Exploit Author: Arvandy Software Link: https://wordpress.org/plugins/contact-form-generator/ Vendor Homepage: https://www.creative-solutions.net/ Version: 2.5.5 Tested on: Windows, Linux CVE: CVE-2023-37988...

JetBrains TeamCity Unauthenticated Remote Code Execution Exploit

This Metasploit module exploits an authentication bypass vulnerability to achieve unauthenticated remote code execution against a vulnerable JetBrains TeamCity server. All versions of TeamCity prior to version 2023.05.4 are vulnerable to this issue. The vulnerability was originally discovered by...

Electrolink FM/DAB/TV Transmitter SuperAdmin Hidden Functionality Vulnerability

Electrolink FM/DAB/TV Transmitter allows an unauthenticated attacker to bypass authentication and modify the Cookie to reveal hidden pages that allows more critical operations to the transmitter. Electrolink FM/DAB/TV Transmitter SuperAdmin Hidden Functionality Vendor: Electrolink s.r.l. Product...

Electrolink FM/DAB/TV Transmitter (controlloLogin.js) Credential Disclosure Vulnerability

Electrolink FM/DAB/TV Transmitter suffers from a disclosure of clear-text credentials in controlloLogin.js that can allow security bypass and system access. Electrolink FM/DAB/TV Transmitter controlloLogin.js Credentials Disclosure Vendor: Electrolink s.r.l. Product web page:...

Juniper SRX Firewall / EX Switch Remote Code Execution Exploit

This Metasploit module exploits a PHP environment variable manipulation vulnerability affecting Juniper SRX firewalls and EX switches. The affected Juniper devices running FreeBSD and every FreeBSD process can access their stdin by opening /dev/fd/0. The exploit also makes use of two useful PHP...