39001 matches found
Superfood 1.0 - Multiple Vulnerabilities
Exploit for php platform in category web applications Exploit Title: Superfood - Restaurants & Online Food Order System 1.0 - Persistent cross site scripting / Cross site request forgery / Admin panel Authentication bypass Date: 2018-05-20 Exploit Author: Borna nematzadeh L0RD or email protected...
Zenar Content Management System - Cross-Site Scripting Vulnerability
Exploit for php platform in category web applications Exploit Title: Zenar Content Management System - Cross-Site Scripting Software Link: https://zenar.io/ Dork: N/A Author: Berk Dusunur Tested Website: http://demo.zenar.io Category: Web App PoC GET Request: POST...
ManageEngine Recovery Manager Plus 5.3 - Persistent Cross-Site Scripting Vulnerability
Exploit for java platform in category web applications Exploit Title: ManageEngine Recovery Manager Plus 5.3 Build 5330 - Persistent Cross-Site Scripting Exploit Author: Ahmet GÜREL Software Link: https://www.manageengine.com/ad-recovery-manager/ Version: = 5.3 Build 5330 Platform: Java Tested on...
Siemens SIMATIC S7-1200 CPU - Cross-Site Request Forgery Vulnerability
Exploit for linux platform in category web applications Exploit Title: Siemens SIMATIC S7-1200 CPU - Cross-Site Request Forgery Google Dork: inurl:/Portal/Portal.mwsl Exploit Author: t4rkd3vilz, Jameel Nabbo Vendor Homepage: https://www.siemens.com/ Version: SIMATIC S7-1200 CPU family: All versio...
GitBucket 4.23.1 - Remote Code Execution Exploit
Exploit for java platform in category web applications Exploit Title: GitBucket 4.23.1 Unauthenticated RCE Software Link: https://github.com/gitbucket/gitbucket Exploit Author: Kacper Szurek Contact: https://twitter.com/KacperSzurek Website: https://security.szurek.pl/ Category: remote 1...
Karenderia Multiple Restaurant System < 4.5 - Blind SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: Karenderia Multiple Restaurant System 4.5 - Blind SQL injection Google Dork: N/A Date: 2018-05-10 Exploit Author: telahdihapus Email Author: email protected Vendor Homepage: https://codecanyon.net/user/bastikikang Software Link:...
Linux 2.6.30 < 2.6.36-rc8 - Reliable Datagram Sockets (RDS) Privilege Escalation Exploit
Exploit for linux platform in category local exploits This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Reliable Datagram Sockets RDS Privilege Escalation', 'Description' = %q This module exploit...
R 3.4.4 fow Windows - Local Buffer Overflow (DEP Bypass) Exploit
Exploit for windows platform in category local exploits Exploit Title: R v3.4.4 - Local Buffer Overflow DEP Bypass Exploit Author: Hashim Jawad Vendor Homepage: https://www.r-project.org/ Tested on OS: Microsoft Windows 7 Enterprise - SP1 x86 Steps to reproduce: under GUI preferences, paste...
Flippy DamnFacts - Viral Fun Facts Sharing Script 1.1.0 - XSS / CSRF Vulnerabilities
Exploit for php platform in category web applications Exploit Title: Flippy DamnFacts - Viral Fun Facts Sharing Script 1.1.0 - Persistent cross site scripting / Cross site request forgery Exploit Author: borna nematzadeh L0RD Vendor Homepage:...
Private Message PHP Script 2.0 - Persistent Cross-Site scripting Vulnerability
Exploit for php platform in category web applications Exploit Title: Private Message PHP Script 2.0 - Persistent Cross-Site scripting Exploit Author: Borna nematzadeh L0RD Vendor Homepage: https://codecanyon.net/item/private-message-php-script/21027192?srank=1 Version: 2.0 Tested on: Windows...
Joomla EkRishta 2.10 Component - Cross-Site Scripting / SQL Injection Vulnerabilities
Exploit for php platform in category web applications Exploit Title: Joomla! extension EkRishta 2.10 - Persistent Cross-Site Scripting / SQL Injection Dork: N/A Exploit Author: Sina Kheirkhah || email protected Software Link:...
D-Link DSL-3782 - Authentication Bypass Vulnerability
Exploit for hardware platform in category web applications Exploit Title: D-Link DSL 3782 - Authentication Bypass Vendor Homepage: https://eu.dlink.com Version: A1WI20170303 || SWVer="V100R001B012" FWVer="3.10.0.24" FirmVer="TT77616E6771696F6E67" Category: Webapps Exploit Author: Giulio Comi CVE ...
mySCADA myPRO 7 - Hard-Coded Credentials Vulnerability
Exploit for multiple platform in category remote exploits Exploit Title: mySCADA myPRO 7 - Hardcoded FTP Username and Password Exploit Author: Emre ÖVÜNÇ Vendor Homepage: https://www.myscada.org/mypro/ Software Link: https://www.myscada.org/download/ Version: v7 Tested on: Linux, Windows I. Probl...
Easy MPEG to DVD Burner 1.7.11 - Local Buffer Overflow (SEH) (DEP Bypass) Exploit
Exploit for windows platform in category local exploits !/usr/bin/python ------------------------------------------------------------------------------------------------------------------------------------ Exploit: Easy MPEG to DVD Burner 1.7.11 SEH + DEP Bypass Local Buffer Overflow Date:...
Adobe Enterprise Manager (AEM) 6.3 - Remote Code Execution Exploit
Exploit for jsp platform in category web applications Exploit Title: Adobe Experience Manager AEM 6.3 default credentials leads to RCE Exploit Author: StaticFlow Vendor Homepage: https://www.adobe.com/in/marketing-cloud/experience-manager.html Version: 6.3 import requests import sys baseUrl =...
SAP B2B / B2C CRM 2.x < 4.x - Local File Inclusion Vulnerability
Exploit for linux platform in category web applications Title: SAP B2B / B2C CRM 2.x 4.x - Local File Inclusion Application:SAP B2B OR B2C is CRM Versions Affected: SAP B2B OR B2C is CRM 2.x 3.x and 4.x with Bakend R/3 to icssb2b Vendor URL: http://SAP.com Bugs: SAP LFI in B2B OR B2C CRM Sent:...
Powerlogic / Schneider Electric IONXXXX Series - Cross-Site Request Forgery Vulnerability
Exploit for php platform in category web applications Exploit Title: Powerlogic Schneider Electric IONXXXX Series - Cross-Site Request Forgery Exploit Author: t4rkd3vilz Vendor Homepage: http://www.schneider-electric.com/ Version: ION73XX series, ION75XX series, ION76XX series, ION8650 series,...
Infinity Market Classified Ads Script 1.6.2 - Cross-Site Request Forgery Vulnerability
Exploit for php platform in category web applications Exploit Title: Infinity Market Classified Ads Script 1.6.2 - Cross-Site Request Forgery Exploit Author: L0RD Vendor Homepage: https://codecanyon.net/item/classifieds-multipurpose-portal-infinity-market/16572285?srank=1520 Version: 1.6.2 Tested...
SAP NetWeaver Web Dynpro 6.4 < 7.5 - Information Disclosure Vulnerability
Exploit for php platform in category web applications Application: SAP NetWeaver Web Dynpro 6.4 to 7.5 - Information disclosure Versions Affected: SAP NetWeaver 6.4 - 7.5 Vendor URL: http://SAP.com Bugs: Information disclosure Enumerate users Date of Public Advisory: 09.02.2016 Reference: SAP...
Cisco SA520W Security Appliance - Path Traversal Vulnerability
Exploit for hardware platform in category web applications Title: Cisco SA520W Security Appliance - Path Traversal Author: Nassim Asrir Contact: email protected / https://www.linkedin.com/in/nassim-asrir-b73a57122/ Vendor: https://www.cisco.com/ About Product: =============== Cisco SA 500 Series...
Healwire Online Pharmacy 3.0 - XSS / CSRF Vulnerabilities
Exploit for php platform in category web applications Exploit Title: Healwire Online Pharmacy 3.0 - Persistent Cross-Site Scripting / Cross-Site Request Forgery Exploit Author: L0RD Vendor Homepage: https://codecanyon.net/item/healwire-online-pharmacy/16423338?srank=1499 Version: 3.0 Tested on:...
Monstra CMS before 3.0.4 - Cross-Site Scripting Vulnerability
Exploit for php platform in category web applications Exploit Title: Monstra CMS 3.0.4 - Cross-Site Scripting Exploit Author: Berk Dusunur Vendor Homepage: https://monstra.org Software Link: https://monstra.org Version: before 3.0.4 Tested on: Pardus / Win10 AppServer Proof Of Concept Monstra is ...
SuperCom Online Shopping Ecommerce Cart 1 - XSS / CSRF / Authentication bypass Vulnerabilities
Exploit for php platform in category web applications Exploit Title: SuperCom Online Shopping Ecommerce Cart 1 - Persistent Cross-Site scripting / Cross site request forgery / Authentication bypass Exploit Author: L0RD Vendor Homepage:...
Reliable Datagram Sockets (RDS) Privilege Escalation Exploit
This Metasploit module exploits a vulnerability in the rdspagecopyuser function in net/rds/page.c RDS in Linux kernel versions 2.6.30 to 2.6.36-rc8 to execute code as root CVE-2010-3904. This Metasploit module has been tested successfully on Fedora 13 i686 with kernel version...
Apache Struts 2 - Struts 1 Plugin Showcase OGNL Code Execution Exploit
Exploit for multiple platform in category remote exploits This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Apache Struts 2 Struts 1 Plugin Showcase OGNL Code Execution', 'Description' = %q This...
Prime95 29.4b8 - Stack Buffer Overflow (SEH) Exploit
Exploit for windows platform in category local exploits Exploit Author: crashmanucoot Contact: twitter.com/crashmanucoot Vendor Homepage: https://www.mersenne.org/ Software Link: https://www.mersenne.org/download/download Version: 29.4b8 Tested on: Windows 10 Pro x64 SPANISH Windows 7 Home Premiu...
DynoRoot DHCP - Client Command Injection Exploit
Exploit for linux platform in category local exploits Exploit Title: DynoRoot DHCP - Client Command Injection Exploit Author: Kevin Kirsche Exploit Repository: https://github.com/kkirsche/CVE-2018-1111 Exploit Discoverer: Felix Wilhelm Vendor Homepage: https://www.redhat.com/ Version: RHEL 6.x /...
Microsoft Edge Chakra JIT - Bound Check Elimination Bug Exploit
Exploit for windows platform in category dos / poc / Chakra uses the InvariantBlockBackwardIterator class to backpropagate the information about the hoisted bound checks. But the class follows the linked list instaed of the control flow. This may lead to incorrectly remove the bound checks. In th...
HPE iMC 7.3 - Remote Code Execution Exploit
Exploit for windows platform in category remote exploits Exploit Title: HPE iMC EL Injection Unauthenticated RCE Date: 6 February, 2018 Exploit Author: TrendyTofu Vendor Homepage: https://www.hpe.com/us/en/home.html Software Link:...
Jenkins CLI - HTTP Java Deserialization Exploit
Exploit for linux platform in category remote exploits This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule Msf::Exploit::Remote Rank = ExcellentRanking STAGE1 =...
Linux < 4.16.9 / < 4.14.41 - 4-byte Infoleak via Uninitialized Struct Field Exploit
Exploit for linux platform in category dos / poc / Linux tai. If doadjtimex doesn't write to -tai e.g. because the arguments are invalid, compatputtimex then copies the uninitialized -tai field to userspace. Demo: $ cat leak32.c / include include include include include include include / from...
Linux 4.8.0 < 4.8.0-46 - AF_PACKET packet_set_ring Privilege Escalation Exploit
Exploit for linux platform in category local exploits This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'AFPACKET packetsetring Privilege Escalation', 'Description' = %q This module exploits a...
Nanopool Claymore Dual Miner 7.3 - Remote Code Execution Vulnerability
Exploit for windows platform in category remote exploits Exploit Title: Nanopool Claymore Dual Miner = 7.3 Remote Code Execution Exploit Author: ReverseBrain Vendor Homepage: https://nanopool.org/ Software Link: https://github.com/nanopool/Claymore-Dual-Miner Version: 7.3 and later Tested on:...
NodAPS 4.0 - SQL injection / Cross-Site Request Forgery Vulnerabilities
Exploit for php platform in category web applications Exploit Title: Online Booking system - NodAPS 4.0 - 'search' SQL injection / Cross-Site Request Forgery Exploit Author: Borna nematzadeh L0RD Vendor Homepage: https://codecanyon.net/item/appointment-management-system-nodaps/16197805?srank=1535...
Intelbras NCLOUD 300 1.0 - Authentication bypass Exploit
Exploit for hardware platform in category web applications coding: utf-8 Exploit Title: Intelbras NCloud Authentication bypass Date: 16/05/2018 Exploit Author: Pedro Aguiar - email protected Vendor Homepage: http://www.intelbras.com.br/ Software Link:...
WordPress Metronet Tag Manager 1.2.7 Plugin - Cross-Site Request Forgery Vulnerability
Exploit for php platform in category web applications Press submit on a page containing the following HTML snippet: alert1" !-- In a real attack, the form can be made to autosubmit so the victim only has to follow a link. Mitigations ================ Upgrade to version 1.2.9 or later...
Microsoft Windows - Token Process Trust SID Access Check Bypass Privilege Escalation Exploit
Exploit for windows platform in category local exploits Windows: Token Trust SID Access Check Bypass EOP Platform: Windows 10 1709 also tested current build of RS4 Class: Elevation of Privilege Summary: A token’s trust SID isn’t reset when setting a token after process creation allowing a user...
totemomail Encryption Gateway 6.0.0 Build 371 - Cross-Site Request Forgery Vulnerability
Exploit for php platform in category web applications Date: 14.05.2018 Introduction: ------------- The totemomail Encryption Gateway protects email communication with any external partner by encryption. It doesn't matter whether you exchange emails with technically savvy communication partners or...
Horse Market Sell & Rent Portal Script 1.5.7 - Cross-Site Request Forgery Vulnerability
Exploit for linux platform in category web applications Exploit Title: Horse Market Sell & Rent Portal Script 1.5.7 - Cross-Site Request Forgery Date: 2018-05-15 Exploit Author: L0RD Vendor Homepage: https://codecanyon.net/item/horse-market-sell-rent-portal/14174352?srank=1725 CVE: N/A Version:...
RSA Authentication Manager 8.2.1.4.0-build1394922 / < 8.3 P1 - XML External Entity Injection / Cr
Exploit for java platform in category web applications SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: XXE & XSS vulnerabilities product: RSA Authentication Manager vulnerable version: 8.2.1.4.0-build1394922, 8.3 P1...
Inteno IOPSYS 2.0 - 4.2.0 p910nd - Remote Command Execution Exploit
Exploit for hardware platform in category remote exploits ''' Any authenticated user can modify the configuration for it in a way which allows them to read and append to any file as root. This leads to information disclosure and remote code execution. This vulnerability has been assigned the CVE...
Rockwell Scada System 27.011 - Cross-Site Scripting Vulnerability
Exploit for php platform in category web applications Exploit Title: Rockwell Scada System - Cross-Site Scripting Exploit Author: t4rkd3vilz Vendor Homepage: https://rockwellautomation.com/ Software Link: http://compatibility.rockwellautomation.com/Pages/MultiProductDownload.aspx?famID=4 Version:...
VirtueMart 3.1.14 - Persistent Cross-Site Scripting Vulnerability
Exploit for php platform in category web applications Exploit Title: VirtueMart 3.1.14 - Persistent Cross-Site Scripting Software Link: http://virtuemart.net/ Exploit Author: Mattia Furlani CVE: CVE-2018-7465 Category: webapps 1. Description An XSS issue was discovered in VirtueMart before 3.2.14...
Multiplayer BlackJack Online Casino Game 2.5 - Persistent Cross-Site Scripting Vulnerability
Exploit for php platform in category web applications Exploit Title: Multiplayer BlackJack - Online Casino Game 2.5 - Persistent Cross-Site scripting Exploit Author: L0RD Vendor Homepage: https://codecanyon.net/item/multiplayer-blackjack-online-casino-game/15411706?srank=1628 CVE: N/A Version: 2....
WhatsApp 2.18.31 - Memory Corruption Exploit
Exploit for iOS platform in category dos / poc !/usr/bin/env python -- coding: utf-8 -- Exploit Author: Juan Sacco at Exploit Pack - http://www.exploitpack.com This vulnerability has been discovered and exploited using Exploit Pack - Framework Tested on: iPhone 5/6s/X iOS 10 and 11.3 Latest relea...
MyBB Admin Notes Plugin 1.1 - Cross-Site Request Forgery Vulnerability
Exploit for php platform in category web applications Exploit Title: MyBB Admin Notes Plugin - CSRF Author: 0xB9 Contact: luxorforums.com/User-0xB9 or 0xB9atpm.me Software Link: https://community.mybb.com/mods.php?action=view&pid=1106 Version: 1.1 Tested on: Ubuntu 18.04 1. Description: The plugi...
JasperReports - Authenticated File Read Vulnerability
Exploit for multiple platform in category web applications TIBCO’s JasperReports string = wrapper.getParameterValues"page" To: getResource @ DirResourceSet.java:101 file = new File/home/rhino/jasperreports...mcat/webapps/jasperserver,"/WEB-INF/jsp/modules/administer/adminImport.jsp" Due to a lack...
ProjectPier 0.8.8 SQL Injection / Authentication Bypass / RFI Vulnerabilities
ProjectPier versions 0.8.8 and below suffer from remote file inclusion, authentication bypass, remote shell upload, and remote SQL injection vulnerabilities. "ProjectPier is a Free, Open-Source, PHP application for managing tasks, projects and teams through an intuitive web interface."...
WordPress WP ULike 2.8.1 / 3.1 Cross Site Scripting Vulnerability
WordPress WP ULike plugin versions 2.8.1 and 3.1 suffer from a persistent cross site scripting vulnerability. Details ================ Software: WP ULike Version: 2.8.1,3.1 Homepage: https://wordpress.org/plugins/wp-ulike/ Advisory report: https://advisories.dxw.com/advisories/stored-xss-wp-ulike...
MyBiz MyProcureNet 5.0.0 File Upload / Cross Site Scripting Vulnerabilities
MyBiz MyProcureNet version 5.0.0 suffers from remote file upload and cross site scripting vulnerabilities. title: Arbitrary File Upload & Cross-site scripting product: MyBiz MyProcureNet vulnerable version: 5.0.0 fixed version: unknown CVE number: - impact: Critical homepage: http://www.mybiz.net...