EuroTel ETL3100 - Transmitter Unauthenticated Config/Log Download Vulnerability

Exploit Title: EuroTel ETL3100 - Transmitter Unauthenticated Config/Log Download Exploit Author: LiquidWorm Vendor: EuroTel S.p.A. | SIEL, Sistemi Elettronici S.R.L Product web page: https://www.eurotel.it | https://www.siel.fm Affected version: v01c01 Microprocessor: socs0t10/ats01s01, Model:...

Credit Lite 1.5.4 SQL Injection Vulnerability

Exploit Title: Credit Lite 1.5.4 - SQL Injection Exploit Author: CraCkEr Vendor: Hobby-Tech Vendor Homepage: https://codecanyon.net/item/credit-lite-micro-credit-solutions/39554392 Software Link: https://credit-lite.appshat.xyz/ Tested on: Windows 10 Pro Impact: Database Access CVE: CVE-2023-4407...

TSPlus 16.0.0.0 - Remote Work Insecure Credential storage Vulnerability

Exploit Title: TSPlus 16.0.0.0 - Remote Work Insecure Credential storage Exploit Author: Carlo Di Dato for Deloitte Risk Advisory Italia Vendor Homepage: https://tsplus.net/ Version: Up to 16.0.0.0 Tested on: Windows CVE : CVE-2023-31069 With TSPlus Remote Work v. 16.0.0.0 you can create a secure...

OVOO Movie Portal CMS v3.3.3 - SQL Injection Vulnerability

Exploit Title: OVOO Movie Portal CMS v3.3.3 - SQL Injection Exploit Author: Ahmet Ümit BAYRAM Vendor: https://codecanyon.net/item/ovoomovie-video-streaming-cms-with-unlimited-tvseries/20180569 Tested on: Kali Linux & MacOS CVE: N/A Request POST /filtermovies/1 HTTP/2 Host: localhost Cookie:...

Linux/x64 - memfd_create ELF loader Shellcode (170 bytes)

Shellcode Title: Linux/x64 - memfdcreate ELF loader 170 bytes Shellcode Author: Ivan Nikolsky enty8080 & Tomas Globis tomasglgg Tested on: Linux x8664 Shellcode Description: This shellcode attempts to establish reverse TCP connection, reads ELF length, reads ELF and maps it into the memory, creat...

TSplus 16.0.0.0 - Remote Work Insecure Files and Folders Vulnerability

Exploit Title: TSplus 16.0.0.0 - Remote Work Insecure Files and Folders Permissions Exploit Author: Carlo Di Dato for Deloitte Risk Advisory Italia Vendor Homepage: https://tsplus.net/ Version: Up to 16.0.0.0 Tested on: Windows CVE : CVE-2023-31068 With TSPlus Remote Work v. 16.0.0.0 you can crea...

Cisco ThousandEyes Enterprise Agent Virtual Appliance Arbitrary File Read Vulnerability

Cisco ThousandEyes Enterprise Agent Virtual Appliance version thousandeyes-va-64-18.04 0.218 has an insecure sudo configuration which permits a low-privilege user to read root-only files via the dig command without a password. Title: Cisco ThousandEyes Enterprise Agent Virtual Appliance Arbitrary...

Cisco ThousandEyes Enterprise Agent Virtual Appliance Arbitrary File Modification Vulnerability

Cisco ThousandEyes Enterprise Agent Virtual Appliance version thousandeyes-va-64-18.04 0.218 suffers from an unpatched vulnerability in sudoedit, allowed by sudo configuration, which permits a low-privilege user to modify arbitrary files as root and subsequently execute arbitrary commands as root...

Cisco ThousandEyes Enterprise Agent Virtual Appliance Privilege Escalation Vulnerability

Cisco ThousandEyes Enterprise Agent Virtual Appliance version thousandeyes-va-64-18.04 0.218 has an insecure sudo configuration which permits a low-privilege user to run arbitrary commands as root via the tcpdump command without a password. Title: Cisco ThousandEyes Enterprise Agent Virtual...

Maltrail 0.53 Unauthenticated Command Injection Exploit

Maltrail is a malicious traffic detection system, utilizing publicly available blacklists containing malicious and/or generally suspicious trails. Maltrail versions below 0.54 suffer from a command injection vulnerability. The subprocess.checkoutput function in mailtrail/core/http.py contains a...

Greenshot 1.3.274 Deserialization / Command Execution Exploit

There exists a .NET deserialization vulnerability in Greenshot versions 1.3.274 and below. The deserialization allows the execution of commands when a user opens a Greenshot file. The commands execute under the same permissions as the Greenshot service. Typically, it is the logged in user. This...

Hyip Rio 2.1 Cross Site Scripting / File Upload Vulnerabilities

Exploit Title: Hyip Rio 2.1 - Arbitrary File Upload Exploit Author: CraCkEr Vendor: tdevs Vendor Homepage: https://tdevs.co/ Software Link: https://hyiprio-feature.tdevs.co/ Tested on: Windows 10 Pro Impact: Allows User to upload files to the web server CVE: CVE-2023-4382 Description Allows...

H2 Database Web Interface Create Alias Remote Code Execution Exploit

The H2 database contains an alias function which allows for arbitrary Java code to be used. This functionality can be abused to create an exec functionality to pull our payload down and execute it. H2's web interface contains restricts MANY characters, so injecting a payload directly is not...

Microsoft Azure Subdomain Scanner / Enumerator Exploit

This is a Metasploit module for enumerating public Azure services by validating legitimate subdomains through various DNS record queries. This cloud reconnaissance module rapidly identifies API services, storage accounts, key vaults, databases, and more! Background: Microsoft makes use of a numbe...

RaspAP 2.8.7 Unauthenticated Command Injection Exploit

RaspAP is feature-rich wireless router software that just works on many popular Debian-based devices, including the Raspberry Pi. A Command Injection vulnerability in RaspAP versions 2.8.0 thru 2.8.7 allows unauthenticated attackers to execute arbitrary commands in the context of the user running...

OutSystems Service Studio 11.53.30 - DLL Hijacking Vulnerability

Exploit Title: OutSystems Service Studio 11.53.30 - DLL Hijacking Exploit Author: Carlo Di Dato for Deloitte Risk Advisory Italia Vendor Homepage: https://www.outsystems.com/ Version: Up to 11.53.30 Build 61739 Tested on: Windows CVE : CVE-2022-47636 A DLL hijacking vulnerability has been...

systemd 246 - Local Privilege Escalation Vulnerability

Exploit Title: systemd 246 - Local Privilege Escalation Exploit Author: Iyaad Luqman K init6 Application: systemd 246 Tested on: Ubuntu 22.04 CVE: CVE-2023-26604 systemd 246 was discovered to contain Privilege Escalation vulnerability, when the systemctl status command can be run as root user. Th...

Request-Baskets v1.2.1 - Server-side request forgery Vulnerability

Exploit Title: Request-Baskets v1.2.1 - Server-side request forgery SSRF Exploit Author: Iyaad Luqman K init6 Application: Request-Baskets v1.2.1 Tested on: Ubuntu 22.04 CVE: CVE-2023-27163 PoC !/bin/bash if "$" -lt 2 || "$1" = "-h" || "$1" = "--help" ; then help="Usage: exploit.sh \n\n";...

TP-Link Archer AX21 - Unauthenticated Command Injection Exploit

!/usr/bin/python3 Exploit Title: TP-Link Archer AX21 - Unauthenticated Command Injection Date: 07/25/2023 Exploit Author: Voyag3r https://github.com/Voyag3r-Security Vendor Homepage: https://www.tp-link.com/us/ Version: TP-Link Archer AX21 AX1800 firmware versions before 1.1.4 Build 20230219...

Maltrail v0.53 - Unauthenticated Remote Code Execution Exploit

Exploit Title: Maltrail v0.53 - Unauthenticated Remote Code Execution RCE Exploit Author: Iyaad Luqman K init6 Application: Maltrail v0.53 Tested on: Ubuntu 22.04 CVE: CVE-2023-27163 PoC import sys; import os; import base64; def main: listeningIP = None listeningPORT = None targetURL = None if...

EuroTel ETL3100 Transmitter Authorization Bypass / Insecure Direct Object Reference Vulnerabilities

The EuroTel ETL3100 transmitter is vulnerable to insecure direct object references that occur when the application provides direct access to objects based on user-supplied input. As a result of this vulnerability attackers can bypass authorization and access the hidden resources on the system and...

EuroTel ETL3100 Transmitter Default Credentials Vulnerability

EuroTel ETL3100 transmitters use a weak set of default administrative credentials that can be guessed in remote password attacks and gain full control of the system. EuroTel ETL3100 Transmitter Default Credentials Vendor: EuroTel S.p.A. | SIEL, Sistemi Elettronici S.R.L Product web page:...

EuroTel ETL3100 Transmitter Information Disclosure Vulnerability

The EuroTel ETL3100 TV and FM transmitters suffer from an unauthenticated configuration and log download vulnerability. This will enable the attacker to disclose sensitive information and help him in authentication bypass, privilege escalation and full system access. EuroTel ETL3100 Transmitter...

Metabase Remote Code Execution Exploit

Metabase versions before 0.46.6.1 contain a flaw where the secret setup-token is accessible even after the setup process has been completed. With this token a user is able to submit the setup functionality to create a new database. When creating a new database, an H2 database string is created wi...

Intelliants Subrion CMS 4.2.1 Remote Code Execution Exploit

This Metasploit module exploits an authenticated file upload vulnerability in Subrion CMS versions 4.2.1 and lower. The vulnerability is caused by the .htaccess file not preventing the execution of .pht, .phar, and .xhtml files. Files with these extensions are not included in the .htaccess...

mooSocial Social-Commerce 3.1.6 - Reflected XSS Vulnerability

Exploit Title: Social-Commerce 3.1.6 - Reflected XSS Exploit Author: CraCkEr Vendor: mooSocial Vendor Homepage: https://moosocial.com/ Software Link: https://social-commerce.moosocial.com/ Version: 3.1.6 Tested on: Windows 10 Pro Impact: Manipulate the content of the site CVE: CVE-2023-4174...

Pyro CMS 3.9 - Server-Side Template Injection (SSTI) (Authenticated) Exploit

Exploit Title: Pyro CMS 3.9 - Server-Side Template Injection SSTI Authenticated Exploit Author: Daniel Barros @cupc4k3d - Hakai Offensive Security Vendor: https://pyrocms.com/ Software Link: https://pyrocms.com/documentation/pyrocms/3.9/getting-started/installation Vulnerable Versions: 3.9 CVE:...

Lucee 5.4.2.17 - Authenticated Reflected XSS Vulnerability

Exploit Title: Lucee 5.4.2.17 - Authenticated Reflected XSS Exploit Author: Yehia Elghaly Vendor Homepage: https://www.lucee.org/ Software Link: https://download.lucee.org/ Version: http://172.16.110.130:8888/lucee/admin/server.cfm?action=%22%3E%3Cimg+src%3Dx+onerror%3Dprompt%28%29%3E POST...

Citrix ADC (NetScaler) Remote Code Execution Exploit

A vulnerability exists within Citrix ADC that allows an unauthenticated attacker to trigger a stack buffer overflow of the nsppe process by making a specially crafted HTTP GET request. Successful exploitation results in remote code execution as root. This module requires Metasploit:...

GNOME Files 43.4 Privilege Escalation Vulnerability

GNOME Files version 43.4 nautilus on Fedora 37 will extract zip archives with setuid files for other user identifiers that can be leveraged to escalate privileges. Affected: GNOME Files 43.4 nautilus on fedora 37 Description: If an user A opens in GNOME files zip archive containing setuid file F,...

Emagic Data Center Management Suite v6.0 - OS Command Injection Exploit

!/bin/bash Exploit Title: Emagic Data Center Management Suite v6.0 - OS Command Injection Exploit Author: Shubham Pandey & thewhiteh4t Vendor Homepage: https://www.esds.co.in/enlight360 Version: 6.0.0 Tested on: Kali Linux CVE : CVE-2023-37569 URL=$1 LHOST=$2 LPORT=$3 echo "" echo " ESDS eMagic...

Adlisting Classified Ads 2.14.0 - WebPage Content Information Disclosure Vulnerability

Exploit Title: Adlisting Classified Ads 2.14.0 - WebPage Content Information Disclosure Exploit Author: CraCkEr Vendor: Templatecookie Vendor Homepage: https://templatecookie.com/ Software Link: https://templatecookie.com/demo/adlisting-classified-ads-script Version: 2.14.0 Tested on: Windows 10...

mooSocial 3.1.8 - Reflected XSS Vulnerability

Exploit Title: mooSocial 3.1.8 - Reflected XSS Exploit Author: CraCkEr Vendor: mooSocial Vendor Homepage: https://moosocial.com/ Software Link: https://travel.moosocial.com/ Version: 3.1.8 Tested on: Windows 10 Pro Impact: Manipulate the content of the site CVE: CVE-2023-4173 Greetings ThePitBull...

PHPJabbers Vacation Rental Script 4.0 - CSRF Vulnerability

Exploit Title: PHPJabbers Vacation Rental Script 4.0 - CSRF Exploit Author: Hasan Ali YILDIR Vendor Homepage: https://www.phpjabbers.com/ Software Link: https://www.phpjabbers.com/vacation-rental-script/ Version: 4.0 Tested on: Windows 10 Pro Description The attacker can send to victim a link...

WordPress Forminator 1.24.6 Plugin - Unauthenticated Remote Command Execution Vulnerability

Exploit Title: WordPress Plugin Forminator 1.24.6 - Unauthenticated Remote Command Execution Exploit Author: Mehmet Kelepçe Vendor Homepage: https://wpmudev.com/project/forminator-pro/ Software Link: https://wordpress.org/plugins/forminator/ Version: 1.24.6 Tested on: PHP - Mysql - Apache2 -...

PHPJabbers Night Club Booking 1.0 - Reflected XSS Vulnerability

Exploit Title: PHPJabbers Night Club Booking 1.0 - Reflected XSS Exploit Author: CraCkEr Vendor: PHPJabbers Vendor Homepage: https://www.phpjabbers.com/ Software Link: https://www.phpjabbers.com/night-club-booking-software/ Version: 1.0 Tested on: Windows 10 Pro Impact: Manipulate the content of...

WordPress adivaha Travel Plugin 2.3 - SQL Injection Vulnerability

Exploit Title: WordPress adivaha Travel Plugin 2.3 - SQL Injection Exploit Author: CraCkEr Vendor: adivaha - Travel Tech Company Vendor Homepage: https://www.adivaha.com/ Software Link: https://wordpress.org/plugins/adiaha-hotel/ Demo: https://www.adivaha.com/demo/adivaha-online/ Version: 2.3...

PHPJabbers Shuttle Booking Software 1.0 - Reflected XSS Vulnerability

Exploit Title: PHPJabbers Shuttle Booking Software 1.0 - Reflected XSS Exploit Author: CraCkEr Vendor: PHPJabbers Vendor Homepage: https://www.phpjabbers.com/ Software Link: https://www.phpjabbers.com/shuttle-booking-software/ Version: 1.0 Tested on: Windows 10 Pro Impact: Manipulate the content ...

WordPress Ninja Forms 3.6.25 Plugin - Reflected XSS Exploit

Exploit Title: WordPress Plugin Ninja Forms 3.6.25 - Reflected XSS Authenticated Google Dork: inurl:/wp-content/plugins/ninja-forms/readme.txt Exploit Author: Mehran Seifalinia Vendor Homepage: https://ninjaforms.com/ Software Link: https://downloads.wordpress.org/plugin/ninja-forms.3.6.25.zip...

PHPJabbers Cleaning Business 1.0 - Reflected XSS Vulnerability

Exploit Title: PHPJabbers Cleaning Business 1.0 - Reflected XSS Exploit Author: CraCkEr Date: 21/07/2023 Vendor: PHPJabbers Vendor Homepage: https://www.phpjabbers.com/ Software Link: https://www.phpjabbers.com/cleaning-business-software/ Version: 1.0 Tested on: Windows 10 Pro Impact: Manipulate...

Adiscon LogAnalyzer v.4.1.13 - Cross Site Scripting Vulnerability

Exploit Title: Adiscon LogAnalyzer v.4.1.13 - Cross Site Scripting Exploit Author: Pedro ISSDU TW Vendor Homepage: https://loganalyzer.adiscon.com/ Software Link: https://loganalyzer.adiscon.com/download/ Version: v4.1.13 and before Tested on: Linux CVE : CVE-2023-36306 There are several...

PHPJabbers Taxi Booking 2.0 - Reflected XSS Vulnerability

Exploit Title: PHPJabbers Taxi Booking 2.0 - Reflected XSS Exploit Author: CraCkEr Vendor: PHPJabbers Vendor Homepage: https://www.phpjabbers.com/ Software Link: https://www.phpjabbers.com/taxi-booking-script/ Version: 2.0 Tested on: Windows 10 Pro Impact: Manipulate the content of the site CVE:...

Campcodes Online Matrimonial Website System v3.3 - Code Execution via malicious SVG file upload

Exploit Title: Online Matrimonial Website System v3.3 - Code Execution via malicious SVG file upload Category: Web Application Exploit Author: Rajdip Dey Sarkar Version: 3.3 Tested on: Windows/Kali CVE: CVE-2023-39115 Description: ---------------- An arbitrary file upload vulnerability in Campcod...

Webutler v3.2 - Remote Code Execution Exploit

Exploit Title: Webutler v3.2 - Remote Code Execution RCE Application: webutler Cms Version: v3.2 Bugs: RCE Technology: PHP Vendor URL: https://webutler.de/en Software Link: http://webutler.de/download/webutlerv3.2.zip Date of found: 03.08.2023 Author: Mirabbas Ağalarov Tested on: Linux 2. Technic...

Xlight FTP Server 3.9.3.6 - Stack Buffer Overflow Exploit

Exploit Title: Xlight FTP Server 3.9.3.6 - 'Stack Buffer Overflow' DOS Discovered by: Yehia Elghaly Vendor Homepage: https://www.xlightftpd.com/ Software Link : https://www.xlightftpd.com/download/setup.exe Tested Version: 3.9.3.6 Vulnerability Type: Buffer Overflow Local Tested on OS: Windows XP...

WordPress adivaha Travel Plugin 2.3 - Reflected XSS Vulnerability

Exploit Title: WordPress adivaha Travel Plugin 2.3 - Reflected XSS Exploit Author: CraCkEr Vendor: adivaha - Travel Tech Company Vendor Homepage: https://www.adivaha.com/ Software Link: https://wordpress.org/plugins/adiaha-hotel/ Demo: https://www.adivaha.com/demo/adivaha-online/ Version: 2.3...

Joomla JLex Review 6.0.1 - Reflected XSS Vulnerability

Exploit Title: Joomla JLex Review 6.0.1 - Reflected XSS Exploit Author: CraCkEr Vendor: JLexArt Vendor Homepage: https://jlexart.com/ Software Link: https://extensions.joomla.org/extension/jlex-review/ Demo: https://jlexreview.jlexart.com/ Version: 6.0.1 Tested on: Windows 10 Pro Impact: Manipula...

Webedition CMS v2.9.8.8 - Remote Code Execution Exploit

Exploit Title: Webedition CMS v2.9.8.8 - Remote Code Execution RCE Application: webedition Cms Version: v2.9.8.8 Bugs: RCE Technology: PHP Vendor URL: https://www.webedition.org/ Software Link: https://download.webedition.org/releases/OnlineInstaller.tgz?p=1 Date of found: 03.08.2023 Author:...

JLex GuestBook 1.6.4 - Reflected XSS Vulnerability

Exploit Title: JLex GuestBook 1.6.4 - Reflected XSS Exploit Author: CraCkEr Vendor: JLexArt Vendor Homepage: https://jlexart.com/ Software Link: https://extensions.joomla.org/extension/contacts-and-feedback/guest-book/jlex-guestbook/ Demo: https://jlexguestbook.jlexart.com/ Version: 1.6.4 Tested...

Academy LMS 6.0 - Reflected XSS Vulnerability

Exploit Title: Academy LMS 6.0 - Reflected XSS Exploit Author: CraCkEr Vendor: Creativeitem Vendor Homepage: https://creativeitem.com/ Software Link: https://demo.creativeitem.com/academy/ Version: 6.0 Tested on: Windows 10 Pro Impact: Manipulate the content of the site CVE: CVE-2023-4119 Greetin...