39001 matches found
PHPJabbers Cinema Booking System 2.0 Cross Site Request Forgery Vulnerability
CVE-2024-57429 A cross-site request forgery CSRF vulnerability in the pjActionUpdate function of PHPJabbers Cinema Booking System v2.0 allows remote attackers to escalate privileges by tricking an authenticated admin into submitting an unauthorized request. Impact: Exploitation of this CSRF...
Compop Online Mall 3.5.3 Authentication Bypass Vulnerability
Exploit Title: Compop Online Mall Authentication Bypass Google Dork: Terms of Use inurl:compop.vip Exploit Author: dmlino Vendor Homepage: https://www.compop.ca/ Version: 3.5.3 CVE : CVE-2024-48445 Vulnerability Overview: The system uses a Unix timestamp "ts" parameter in URLs for authentication,...
Checkmk 2.3.0p2 / NagVis 1.9.40 Cross Site Scripting Vulnerability
Title: Checkmk NagVis Reflected Cross-site Scripting Publication URL: https://korelogic.com/Resources/Advisories/KL-001-2025-001.txt 1. Vulnerability Details Affected Vendor: Checkmk Affected Product: Checkmk/NagVis Affected Version: Checkmk 2.3.0p2, NagVis 1.9.40 Platform: GNU/Linux CWE...
ABB Cylon FLXeon 9.3.4 login.js Unauthenticated Root Remote Code Execution Exploit
ABB Cylon FLXeon version 9.3.4 suffers from an unauthenticated remote code execution vulnerability with root privileges. Input passed through the login.js script for the password JSON parameter allows out-of-band command injection. !/usr/bin/env python3 ABB Cylon FLXeon 9.3.4 login.js...
ABB Cylon FLXeon 9.3.4 upload.js Authenticated Root Remote Code Execution Exploit
ABB Cylon FLXeon version 9.3.4 is vulnerable to an authenticated root command injection. An attacker can exploit the Backup-Restore feature via the /api/upload endpoint to execute arbitrary system commands as root. The issue arises due to improper input validation in upload.js, where user-supplie...
ABB Cylon FLXeon 9.3.4 timeConfig.js Authenticated Root Remote Code Execution Exploit
ABB Cylon FLXeon version 9.3.4 is vulnerable to authenticated remote root code execution via the /api/timeConfig endpoint. An attacker with valid credentials can inject arbitrary system commands by manipulating parameters such as tz, timeServerYN, and multiple timeDate fields. The vulnerability...
ABB Cylon FLXeon 9.3.4 cmds.js Authenticated Root Remote Code Execution Exploit
ABB Cylon FLXeon version 9.3.4 is vulnerable to authenticated root command execution via the cmds API. An authenticated attacker can execute arbitrary system commands with root privileges. !/usr/bin/env python3 ABB Cylon FLXeon 9.3.4 cmds.js Authenticated Root Remote Code Execution Vendor: ABB Lt...
Quorum onQ OS 6.0.0.5.2064 Cross Site Scripting Vulnerability
Vendor https://quorum.com/about/ Product Quorum onQ OS - 6.0.0.5.2064 Vulnerability Type Reflected Cross Site Scripting XSS Affected Component Login page get parameter 'msg' is vulnerable to Reflected Cross site scripting CVE Reference CVE-2024-44449 Security Issue Cross Site Scripting...
NEXT-EMP 1.0 Shell Upload Vulnerability
Titles: NEXT-EMP v1.0-Copyright © 2024. All rights reserved. File Upload-FU and Remote Code Execution-RCE Vulnerabilities Author: nu11secur1ty Date: 01/29/2025 Vendor: https://www.mayurik.com/ Software:...
OpenPanel 0.3.4 Command Injection Vulnerability
Exploit Title: OpenPanel 0.3.4 - OS Command Injection via The Timezone Parameter Exploit Author: Korn Chaisuwan, Punthat Siriwan, Pongtorn Angsuchotmetee Vendor Homepage: https://openpanel.com/ Software Link: https://openpanel.com/ Version: 0.3.4 Tested on: macOS CVE : CVE-2024-53584 POST...
OpenPanel 0.3.4 Directory Traversal Vulnerability
Exploit Title: OpenPanel 0.3.4 - Directory Traversal in Copy Function of File Manager Exploit Author: Korn Chaisuwan, Punthat Siriwan, Pongtorn Angsuchotmetee Vendor Homepage: https://openpanel.com/ Software Link: https://openpanel.com/ Version: 0.3.4 Tested on: macOS CVE : CVE-2024-53582 POST...
MySchool 1.0 SQL Injection / Code Injection / XSS / CSRF Vulnerabilities
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ .:. Exploit Title MySchool System - Multiple Vulnerabilities .:. Google Dorks .:. inurl:web/teacherapp .:. Date:Jan 20, 2025 .:. Exploit Author: bRpsd .:. Contact: cyatlive.no .:. Vendor - https://myschool-system.com/ .:. Vendor...
SpagoBI 3.5.1 Cross Site Scripting Vulnerability
CVE-2024-54795 Severity : Medium 5.4 CVSS score : CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N Summary : Engineering Ingegneria Informatica SpagoBI version 3.5.1 is affected by multiple stored XSS inside of the worksheet designer page. Poc Steps to Reproduce : 1. While editing a document insertin...
SpagoBI 3.5.1 Cross Site Request Forgery Vulnerability
CVE-2024-54792 Severity : Medium 6.1 CVSS score : CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Summary : Engineering Ingegneria Informatica SpagoBI version 3.5.1 is affected by CSRF in the admin panel that manages user grants. Poc The add/edit/delete user panel, accessible by the admin user, do n...
Craft CMS Twig Template Injection / Remote Code Execution Exploit
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Craft CMS Twig Template Injection RCE via FTP Templates Path', 'Description' = %q This module exploits a Twig template injection vulnerability in...
SpagoBI 3.5.1 Command Injection Vulnerability
CVE-2024-54794 Severity : Critical 9.1 CVSS score : CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H Summary : Engineering Ingegneria Informatica SpagoBI version 3.5.1 is affected by Command Injection vulnerability in the script input feature. Poc In the Poc the attacker has to be logged into the...
Airtel Xstream Fiber WiFi Weak Authentication / Brute Force Vulnerability
Exploit Title: Airtel Xstream Fiber WiFi - Usage of Weak Initial WiFi password Exploit Author: Alok kumar email protected, Cyberpwn Technologies Pvt. Ltd. Vendor Homepage: https://www.airtel.in Product Link: https://www.airtel.in/wifi-plans Tested on: Airtel Xstream Fiber WiFi router with SSID...
MacOS CoreAudio Framework Sandbox Escape Exploit
MacOS suffers from a sandbox escape vulnerability due to a type confusion issue in coreaudiod/CoreAudio Framework. The com.apple.audio.audiohald Mach service on MacOS is hosted by the coreaudiod process. This process exposes the Hardware Abstraction Layer HAL of the CoreAudio framework, which...
LibreNMS Authenticated Remote Code Execution Exploit
An authenticated attacker can create dangerous directory names on the system and alter sensitive configuration parameters through the web portal. Those two defects combined then allows to inject arbitrary OS commands inside shellexec calls, thus achieving arbitrary code execution. This module...
Ivanti Buffer Overflow Proof of Concept Exploit
Proof of concept exploit for CVE-2025-0282, a remote unauthenticated stack based buffer overflow affecting Ivanti Connect Secure, Ivanti Policy Secure, and Ivanti Neurons for ZTA gateways. PoC for CVE-2025-0282, a remote unauthenticated stack based buffer overflow affecting Ivanti Connect Secure,...
OBS 1.0 Shell Upload Vulnerability
Titles: OBS by: oretnom23 v1.0 -Copyright © 2025. All rights reserved. File Upload-FU and Remote Code Execution-RCE Vulnerabilities Author: nu11secur1ty Vendor: https://github.com/oretnom23 Software:...
ABB AC500v3 3.7.0.569 Directory Traversal / Privilege Escalation Exploit
------------------------------------------------------------------------------- title| Multiple Vulnerabilities in ABB AC500v3 product| ABB AC500v3 vulnerable version| =3.7.0.569 fixed version| 3.8.0 CVE number| CVE-2024-12429, CVE-2024-12430 impact| High homepage| https://global.abb found|...
Bruno IDE Desktop Command Injection Vulnerability
Bruno IDE Desktop prior to 1.29.0 Author: Rodolfo Tavares Tempest Security Intelligence - Recife, Pernambuco - Brazil ===== Table of Contents ================================================== Overview Detailed Description Timeline of Disclosure Thanks & Acknowledgements References =====...
Cleo LexiCom / VLTrader / Harmony 5.8.0.23 Remote Code Execution Exploit
This Metasploit module exploits an unauthenticated file write vulnerability in Cleo LexiCom, VLTrader, and Harmony versions 5.8.0.23 and below. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule...
Microweber 2.0.9 Cross Site Scripting Vulnerability
Microweber versions 2.0.9 and below suffer from multiple persistent cross site scripting vulnerabilities. CVE-2024-33298 Stored Cross Site Scripting vulnerability in Microweber .jpg on /media/default/ 6. Go back to the endpoint /admin/module/view?type=adminbackup and click on "Upload file" 7...
OCLS MSMS-PHP 1.0 Shell Upload Vulnerability
OCLS MSMS-PHP version 1.0 suffers from a remote shell upload vulnerability. Titles: OCLS MSMS-PHP by: oretnom23 v1.0 -Copyright © 2025. All rights reserved. File Upload-FU and Remote Code Execution-RCE Vulnerabilities Author: nu11secur1ty Date: 01/15/2025 Vendor: https://github.com/oretnom23...
WordPress VRPConnector 2.0.1 PHP Object Injection Vulnerability
CVE-2024-56058 VRPConnector = 2.0.1 - Unauthenticated PHP Object Injection Description The VRPConnector plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 2.0.1 via deserialization of untrusted input. This makes it possible for unauthenticated attackers t...
WordPress Partners 0.2.0 PHP Object Injection Vulnerability
CVE-2024-56059 Partners = 0.2.0 - Unauthenticated PHP Object Injection Description The Partners plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 0.2.0 via deserialization of untrusted input. This makes it possible for unauthenticated attackers to inject...
WordPress SuperBackup 2.3.3 Missing Authorization Vulnerability
CVE-2024-56067 WP SuperBackup = 2.3.3 - Missing Authorization to Unauthenticated Back-Up File Download Description The Super Backup & Clone - Migrate for WordPress plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and...
WordPress ARPrice 4.0.3 PHP Object Injection Vulnerability
CVE-2024-49699 ARPrice...
WordPress Event Monster 1.4.3 Information Disclosure Vulnerability
CVE-2024-11396 Event monster = 1.4.3 - Information Exposure Via Visitors List Export Description The Event Monster – Event Management, Tickets Booking, Upcoming Event plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.4.3 via the Visitors List Expor...
WordPress linkID 0.1.2 Missing Authorization / Information Disclosure Vulnerability
CVE-2024-12542 linkID = 0.1.2 - Missing Authorization to Unauthenticated Sensitive Information Exposure Description The linkID plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check when including the 'phpinfo' function in all versions up to, and...
WordPress CF Internal Link Shortcode 1.1.0 SQL Injection Vulnerability
CVE-2024-12404 CF Internal Link Shortcode = 1.1.0 - Unauthenticated SQL Injection Description The CF Internal Link Shortcode plugin for WordPress is vulnerable to SQL Injection via the 'posttitle' parameter in all versions up to, and including, 1.1.0 due to insufficient escaping on the user...
WordPress SuperBackup 2.3.3 Shell Upload Vulnerability
CVE-2024-56064 WP SuperBackup = 2.3.3 - Unauthenticated Arbitrary File Upload Description The Super Backup & Clone - Migrate for WordPress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 2.3.3. This makes it...
WordPress Fancy Product Designer 6.4.3 SQL Injection Vulnerability
CVE-2024-51818 Fancy Product Designer = 6.4.3 - Unauthenticated SQL Injection Description The Fancy Product Designer plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 6.4.3 due to insufficient escaping on the user supplied parameter and lack of sufficient...
WordPress Chartify 2.9.5 Local File Inclusion Vulnerability
CVE-2024-10571 Chartify – WordPress Chart Plugin = 2.9.5 - Unauthenticated Local File Inclusion via source Description The Chartify – WordPress Chart Plugin plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.9.5 via the 'source' parameter. This make...
ABB Cylon Aspect 3.08.02 bbmdUpdate.php Remote Code Execution Vulnerability
ABB Cylon Aspect version 3.08.02 suffers from an authenticated blind command injection vulnerability. Input passed to several POST parameters is not properly sanitized when writing files, allowing attackers to execute arbitrary shell commands on the system. There is also an off-by-one error in...
ABB Cylon Aspect 3.08.02 escDevicesUpdate.php Denial of Service Vulnerability
ABB Cylon Aspect version 3.08.02 has an off-by-one error in array access that could lead to undefined behavior and potential denial of service. The issue arises in a loop that iterates over an array using a less than condition, allowing access to an out-of-bounds index. This can trigger errors or...
ABB Cylon Aspect 3.08.02 webServerUpdate.php Configuration Poisoning Vulnerability
ABB Cylon Aspect version 3.08.02 suffers from improper input validation on the port POST parameter in the webServerUpdate.php script. This input is not validated on the server side and relies on bypassable client-side checks using the inString.js script to verify that the port parameter contains...
ABB Cylon Aspect 3.08.02 uploadDb.php Remote Code Execution Vulnerability
ABB Cylon Aspect version 3.08.02 suffers from an authenticated OS command injection vulnerability. This can be exploited to inject and execute arbitrary shell commands through the contents of an uploaded .db file, which is passed to the copyFile.sh script. Although the filename is sanitized, the...
Selenium Firefox Remote Code Execution Exploit
Selenium Server Grid versions 4.27.0 and below allows cross site request forgery because it permits non-JSON content types such as application/x-www-form-urlencoded, multipart/form-data, and text/plain and this issue in turn allows for an attacker to achieve remote code execution. This module...
Banking 1.0 SQL Injection Vulnerability
Banking version 1.0 suffers from a remote SQL injection vulnerability. Titles: banking-1.0-Copyright©2025-Multiple-SQLi Author: nu11secur1ty Vendor: https://github.com/oretnom23 Software: https://www.sourcecodester.com/php/14868/banking-system-using-php-free-source-code.html Reference:...
Netwave IP Camera Secret Disclosure Exploit
!/bin/bash Exploit Title: Netwave Google Dork: "Netwave security camera" "Live feed" Exploit Author: Jeremie Amsellem Version: No version specified by the vendor Tested on: Kali Linux Written by lp1 Run this exploit on a vulnerable Netwave Camera in order To dump the camera's network configuratio...
Selenium Chrome Remote Code Execution Exploit
Selenium Server Grid versions prior to 4.0.0-alpha-7 allows cross site request forgery because it permits non-JSON content types such as application/x-www-form-urlencoded, multipart/form-data, and text/plain and this issue in turn allows for an attacker to achieve remote code execution. This modu...
WordPress Sogrid 1.5.6 Local File Inclusion Vulnerability
CVE-2024-54374 Sogrid = 1.5.6 - Unauthenticated Local File Inclusion Description The Sogrid plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 1.5.6. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server...
WordPress GutenKit 2.1.0 Arbitrary File Upload Vulnerability
CVE-2024-9234 GutenKit = 2.1.0 - Unauthenticated Arbitrary File Upload Description The GutenKit – Page Builder Blocks, Patterns, and Templates for Gutenberg Block Editor plugin for WordPress is vulnerable to arbitrary file uploads due to a missing capability check on the...
WordPress Code Generator Pro 1.2 SQL Injection Vulnerability
CVE-2024-55978 Code Generator Pro = 1.2 - Unauthenticated SQL Injection Description The Code Generator Pro plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 1.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on th...
WordPress Hurrakify 2.4 Server-Side Request Forgery Vulnerability
CVE-2024-54330 Hurrakify bfdibc85r04ky96cie05dfzjjgigz...
WordPress Radio Player 2.0.82 Server-Side Request Forgery Vulnerability
CVE-2024-54385 Radio Player = 2.0.82 - Unauthenticated Server-Side Request Forgery Description The Radio Player – Live Shoutcast, Icecast and Any Audio Stream Player for WordPress plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.0.82. This...
WordPress Navayan CSV Export 1.0.9 SQL Injection Vulnerability
CVE-2024-55988 Navayan CSV Export = 1.0.9 - Unauthenticated SQL Injection Description The Navayan CSV Export plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 1.0.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation o...