admidio v4.2.5 - CSV Injection Vulnerability

Exploit Title: admidio v4.2.5 - CSV Injection Application: admidio Version: 4.2.5 Bugs: CSV Injection Technology: PHP Vendor URL: https://www.admidio.org/ Software Link: https://www.admidio.org/download.php Date of found: 26.04.2023 Author: Mirabbas Ağalarov Tested on: Windows 2. Technical Detail...

MilleGPG5 5.9.2 Local Privilege Escalation Vulnerability

Exploit Title: MilleGPG5 5.9.2 Gennaio 2023 - Local Privilege Escalation / Incorrect Access Control Exploit Author: Andrea Intilangelo Vendor Homepage: https://millegpg.it/ Software Homepage: https://millegpg.it - https://millewin.it/prodotti/governo-clinico-3/ Software Link:...

Piwigo 13.5.0 SQL Injection Vulnerability

Piwigo - Version 13.5.0 Author: Rodolfo Tavares Tempest Security Intelligence - Recife, Pernambuco - Brazil ===== Table of Contents================================================== Overview Detailed description Timeline of disclosure Thanks & Acknowledgments References ===== Vulnerability...

Aigital Wireless-N Repeater Mini_Router.0.131229 Remote Command Execution Vulnerability

Exploit Title: Aigital Wireless-N Repeater - Command Injection Exploit Author: Matteo Mandolini Date : 13/04/2023 Vendor Homepage: https://web.archive.org/web/20220625053314/https://www.aigital.com/ Version: MiniRouter.0.131229 Command Injection POST /boafrm/formSysCmd HTTP/1.1 Host: 192.168.10.2...

Aigital Wireless-N Repeater Mini_Router.0.131229 Cross Site Scripting Vulnerability

Exploit Title: Aigital Wireless-N Repeater - Stored Cross-Site Scripting Exploit Author: Matteo Mandolini Vendor Homepage: https://web.archive.org/web/20220625053314/https://www.aigital.com/ Version: MiniRouter.0.131229 XSS Stored POST /boafrm/formHomeWlanSetup HTTP/1.1 Host: 192.168.10.253...

OCS Inventory NG 2.3.0.0 - Unquoted Service Path Vulnerability

Exploit Title: OCS Inventory NG 2.3.0.0 - Unquoted Service Path Exploit Author: msd0pe Vendor Homepage: https://oscinventory-ng.org Software Link: https://github.com/OCSInventory-NG/WindowsAgent My Github: https://github.com/msd0pe-1 Fixed in version 2.3.1.0 OCS Inventory NG Windows Agent: Versio...

KodExplorer 4.49 - CSRF to Arbitrary File Upload Exploit

Exploit Title: KodExplorer ?php s...

Sophos Web Appliance 4.3.10.4 - Pre-auth command injection Exploit

!/bin/bash Exploit Title: Sophos Web Appliance 4.3.10.4 - Pre-auth command injection Exploit Author: Behnam Abasi Vanda Vendor Homepage: https://www.sophos.com Version: Sophos Web Appliance older than version 4.3.10.4 Tested on: Ubuntu CVE : CVE-2023-1671 Shodan Dork: title:"Sophos Web Appliance"...

PaperCut NG/MG 22.0.4 - Authentication Bypass Exploit

Exploit Title: PaperCut NG/MG 22.0.4 - Authentication Bypass Exploit Author: MaanVader Vendor Homepage: https://www.papercut.com/ Version: 8.0 or later Tested on: 22.0.4 CVE: CVE-2023-27350 import requests from bs4 import BeautifulSoup import re def vulnversion: ip = input"Enter the ip address: "...

WordPress Shield Security 17.0.17 Cross Site Scripting / Missing Authorization Vulnerability

WordPress Shield Security Smart Bot Blocking and Intrusion Prevention plugin versions 17.0.17 and below suffer from cross site scripting and missing authorization vulnerabilities. Affected Plugin: Shield Security – Smart Bot Blocking & Intrusion Prevention Plugin Slug: wp-simple-firewall Affected...

Arcsoft PhotoStudio 6.0.0.172 - Unquoted Service Path Vulnerability

Exploit Title: Arcsoft PhotoStudio 6.0.0.172 - Unquoted Service Path Date: 2023/04/22 Exploit Author: msd0pe Vendor Homepage: https://www.arcsoft.com/ My Github: https://github.com/msd0pe-1 Arcsoft PhotoStudio: Versions = wmic service get name,pathname,displayname,startmode | findstr /i auto |...

Multi-Vendor Online Groceries Management System 1.0 - Remote Code Execution Exploit

Exploit Title: Multi-Vendor Online Groceries Management System 1.0 - Remote Code Execution RCE Date: 4/23/2023 Author: Or4nG.M4n Vendor Homepage: https://www.sourcecodester.com/ Software Link:...

Windows/x64 - Delete File shellcode / Dynamic PEB method null-free Shellcode

; Name: Windows/x64 - Delete File shellcode / Dynamic PEB method null-free Shellcode ; Author: Nayani ; Tested on: Microsoft Windows Version 10.0.22621 Build 22621 ; Description: ; This an implementation of DeleteFileA Windows api to delete a file in the C:/Windows/Temp/ directory. ; To test this...

Wondershare Filmora 12.2.9.2233 - Unquoted Service Path Vulnerability

Exploit Title: Wondershare Filmora 12.2.9.2233 - Unquoted Service Path Exploit Author: msd0pe Vendor Homepage: https://www.wondershare.com My Github: https://github.com/msd0pe-1 Wondershare Filmora: Versions = wmic service get name,pathname,displayname,startmode | findstr /i auto | findstr /i /v...

Mars Stealer 8.3 - Admin Account Takeover Exploit

Exploit Title: Mars Stealer 8.3 - Admin Account Takeover Product: Mars Stelaer Technology: PHP Version: 8.3 Google Dork: N/A Date: 20.04.2023 Tested on: Linux Author: Sköll - twitter.com/skoll import argparse import requests parser = argparse.ArgumentParserdescription='Mars Stealer Account Takeov...

Nokia OneNDS 20.9 Insecure Permissions / Privilege Escalation Vulnerability

=============================================================================== title: Incorrect Permission Assignment product: Nokia OneNDS 20.9 vulnerability type: Security Misconfiguration severity: High CVSS Score: 7.8 CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H found on:...

WordPress PowerPress 10.0 Cross Site Scripting Vulnerability

On April 5, 2023, our Wordfence Threat Intelligence team identified and began the responsible disclosure process for a stored Cross-Site Scripting XSS vulnerability in Blubrry’s PowerPress plugin, which is actively installed on more than 50,000 WordPress websites. The vulnerability enables threat...

Nokia OneNDS 17 Insecure Permissions / Privilege Escalation Vulnerability

=============================================================================== title: Incorrect Permission Assignment product: Nokia OneNDS 17 vulnerability type: Security Misconfiguration severity: High CVSS Score: 7.8 CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H found on: 31/03/20...

Bang Resto v1.0 - (Multiple) SQL Injection Vulnerability

Exploit Title: Bang Resto v1.0 - 'Multiple' SQL Injection Exploit Author: Rahad Chowdhury Vendor Homepage: https://www.hockeycomputindo.com/2021/05/restaurant-pos-source-code-free.html Software Link: https://github.com/mesinkasir/bangresto/archive/refs/heads/main.zip Version: 1.0 Tested on: Windo...

Serendipity 2.4.0 - Cross-Site Scripting Vulnerability

Exploit Title: Serendipity 2.4.0 - Cross-Site Scripting XSS Author: Mirabbas Ağalarov Application: Serendipity Version: 2.4.0 Bugs: Stored XSS Technology: PHP Vendor URL: https://docs.s9y.org/ Software Link: https://docs.s9y.org/downloads.html Date of found: 13.04.2023 Tested on: Linux 2. Technic...

ProjeQtOr Project Management System 10.3.2 - Remote Code Execution Vulnerability

Exploit Title: ProjeQtOr Project Management System 10.3.2 -Remote Code Execution RCE Application: ProjeQtOr Project Management System Version: 10.3.2 Bugs: Remote Code Execution RCE Authenticated via file upload Technology: PHP Vendor URL: https://www.projeqtor.org Software Link:...

FUXA V.1.1.13-1186 - Unauthenticated Remote Code Execution Exploit

Exploit Title: FUXA V.1.1.13-1186- Unauthenticated Remote Code Execution RCE Exploit Author: Rodolfo Mariano Vendor Homepage: https://github.com/frangoteam/FUXA Version: FUXA V.1.1.13-1186 current from argparse import RawTextHelpFormatter import argparse, sys, threading, requests def mainrhost,...

GDidees CMS 3.9.1 - Local File Disclosure Vulnerability

Exploit Title: GDidees CMS 3.9.1 - Local File Disclosure Exploit Author : Hadi Mene Vendor Homepage : https://www.gdidees.eu/ Software Link : https://www.gdidees.eu/cms-1-0.html Version : 3.9.1 and earlier Tested on : Debian 11 CVE : CVE-2023-27179 Summary: GDidees CMS v3.9.1 and lower versions w...

Franklin Fueling Systems TS-550 - Default Password Vulnerability

Exploit Title: Franklin Fueling Systems TS-550 - Default Password Exploit Author: parsa rezaie khiabanloo Vendor Homepage: Franklin Fueling Systems http://www.franklinfueling.com/ Version: TS-550 Tested on: Linux/Androidtermux Step 1 : attacker can using these dorks and access to find the panel...

Microsoft Word 16.72.23040900 - Remote Code Execution Vulnerability

Exploit Title: Microsoft Word 16.72.23040900 - Remote Code Execution RCE Author: nu11secur1ty Vendor: https://www.microsoft.com/ Software: https://www.microsoft.com/en-us/microsoft-365/word?activetab=tabs%3afaqheaderregion3 Reference:...

Serendipity 2.4.0 - Remote Code Execution (Authenticated) Vulnerability

Exploit Title: Serendipity 2.4.0 - Remote Code Execution RCE Authenticated Application: Serendipity Version: 2.4.0 Bugs: Remote Code Execution RCE Authenticated via file upload Technology: PHP Vendor URL: https://docs.s9y.org/ Software Link: https://docs.s9y.org/downloads.html Date of found:...

Lilac-Reloaded for Nagios 2.0.8 - Remote Code Execution Exploit

!/usr/bin/env python """ Exploit Title: Lilac-Reloaded for Nagios 2.0.8 - Remote Code Execution RCE Exploit Author: max / Zoltan Padanyi Vendor Homepage: https://exchange.nagios.org/directory/Addons/Configuration/Lilac-2DReloaded/visit Software Link:...

Chitor-CMS v1.1.2 - Pre-Auth SQL Injection Exploit

!/usr/bin/python3 Exploit Title: Chitor-CMS v1.1.2 - Pre-Auth SQL Injection Date: 2023/04/13 ExploitAuthor: msd0pe Project: https://github.com/waqaskanju/Chitor-CMS My Github: https://github.com/msd0pe-1 Patched the 2023/04/16: 69d3442 commit description = 'Chitor-CMS 1.1.2 Pre-Auth SQL Injection...

Swagger UI 4.1.3 - User Interface (UI) Misrepresentation of Critical Information Exploit

Exploit Title: Swagger UI 4.1.3 - User Interface UI Misrepresentation of Critical Information Exploit Author: Rafael Cintra Lopes Vendor Homepage: https://swagger.io/ Version: 4.1.3 CVE: CVE-2018-25031 Site: https://rafaelcintralopes.com.br/ Usage: python swagger-exploit.py https://swagger-page.c...

Bang Resto v1.0 - Stored Cross-Site Scripting Vulnerability

Exploit Title: Bang Resto v1.0 - Stored Cross-Site Scripting XSS Exploit Author: Rahad Chowdhury Vendor Homepage: https://www.hockeycomputindo.com/2021/05/restaurant-pos-source-code-free.html Software Link: https://github.com/mesinkasir/bangresto/archive/refs/heads/main.zip Version: 1.0 Tested on...

Piwigo 13.6.0 - Stored Cross-Site Scripting Vulnerability

Exploit Title: Piwigo 13.6.0 - Stored Cross-Site Scripting XSS Application: Piwigo Version: 13.6.0 Bugs: Stored XSS Technology: PHP Vendor URL: https://piwigo.org/ Software Link: https://piwigo.org/get-piwigo Date of found: 18.04.2023 Author: Mirabbas Ağalarov Tested on: Linux 2. Technical Detail...

Linux Kernel 6.2 - Userspace Processes To Enable Mitigation Exploit

Exploit Title: Linux Kernel 6.2 - Userspace Processes To Enable Mitigation Exploit Author: nu11secur1ty CVE ID: CVE-2023-1998 Description Summary The Linux kernel allows userspace processes to enable mitigations by calling prctl with PRSETSPECULATIONCTRL which disables the speculation feature as...

VMware Workspace ONE Access Privilege Escalation Exploit

This Metasploit module exploits CVE-2022-22960 which allows the user to overwrite the permissions of the certproxyService.sh script so that it can be modified by the horizon user. This allows a local attacker with the uid 1001 to escalate their privileges to root access. This module requires...

SecurePoint UTM 12.x Session ID Leak Vulnerability

ADVISORY INFORMATION ======================= Product: SecurePoint UTM Vendor URL: https://www.securepoint.de/en/for-companies/firewall-vpn Type: Exposure of Sensitive Information to an Unauthorized Actor CWE-200 Date found: 2023-01-05 Date published: 2023-04-11 CVSSv3 Score: 9.0...

GDidees CMS 3.9.1 Local File Disclosure / Directory Traversal Vulnerabilities

Exploit Title: GDidees CMS - 'imgdownload.php' Local File Disclosure Date : 03/27/2023 Exploit Author : Hadi Mene Vendor Homepage : https://www.gdidees.eu/ Software Link : https://www.gdidees.eu/cms-1-0.html Version : 3.9.1 and earlier Tested on : Debian 11 CVE : CVE-2023-27179 Summary: GDidees C...

AspEmail 5.6.0.2 Weak Permissions / Local Privilege Escalation Vulnerability

Exploit Title: AspEmail 5.6.0.2 - Local Privilege Escalation Vulnerability Category: Weak Services Permission - Binary Permission Vulnerability Date: 13/04/2023 Exploit Author: Zer0FauLT email protected Vendor Homepage: https://www.aspemail.com Software Link: https://www.aspemail.com/download.htm...

SPIP Remote Command Execution Exploit

This Metasploit module exploits a PHP code injection in SPIP. The vulnerability exists in the oubli parameter and allows an unauthenticated user to execute arbitrary commands with web user privileges. Branches 3.2, 4.0, 4.1 and 4.2 are concerned. Vulnerable versions are below 3.2.18, below 4.0.10...

WordPress Weaver Xtreme 5.0.7 / Weaver Show Posts 1.6 Cross Site Scripting Vulnerability

WordPress Weaver Xtreme theme versions 5.0.7 and below and Weaver Show Posts plugin versions 1.6 and below suffer from a persistent cross site scripting vulnerability. On March 14, 2023, the Wordfence Threat Intelligence team initiated the responsible disclosure process for 2 nearly identical...

SecurePoint UTM 12.x Memory Leak Vulnerability

ADVISORY INFORMATION ======================= Product: SecurePoint UTM Vendor URL: https://www.securepoint.de/en/for-companies/firewall-vpn Type: Use of Uninitialized Variable CWE-457 Date found: 2023-01-05 Date published: 2023-04-12 CVSSv3 Score: 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N...

VMware Workspace ONE Remote Code Execution Exploit

This Metasploit module combines two vulnerabilities in order achieve remote code execution in the context of the horizon user. The first vulnerability, CVE-2022-22956, is an authentication bypass in OAuth2TokenResourceController ACS which allows a remote, unauthenticated attacker to bypass the...

Sielco PolyEco Digital FM Transmitter 2.0.6 - Unauthenticated Information Disclosure Vulnerability

Exploit Title: Sielco PolyEco Digital FM Transmitter 2.0.6 - Unauthenticated Information Disclosure Exploit Author: LiquidWorm Vendor: Sielco S.r.l Product web page: https://www.sielco.org Affected version: PolyEco1000 CPU:2.0.6 FPGA:10.19 PolyEco1000 CPU:1.9.4 FPGA:10.19 PolyEco1000 CPU:1.9.3...

Sielco Analog FM Transmitter 2.12 - Remote Privilege Escalation Vulnerability

!-- Exploit Title: Sielco Analog FM Transmitter 2.12 - Remote Privilege Escalation Exploit Author: LiquidWorm Vendor: Sielco S.r.l Product web page: https://www.sielco.org Affected version: 2.12 EXC5000GX 2.12 EXC120GX 2.11 EXC300GX 2.10 EXC1600GX 2.10 EXC2000GX 2.08 EXC1600GX 2.08 EXC1000GX 2.07...

Sielco PolyEco Digital FM Transmitter 2.0.6 - Authorization Bypass Factory Reset Vulnerability

Exploit Title: Sielco PolyEco Digital FM Transmitter 2.0.6 - Authorization Bypass Factory Reset Exploit Author: LiquidWorm Vendor: Sielco S.r.l Product web page: https://www.sielco.org Affected version: PolyEco1000 CPU:2.0.6 FPGA:10.19 PolyEco1000 CPU:1.9.4 FPGA:10.19 PolyEco1000 CPU:1.9.3...

Sielco PolyEco Digital FM Transmitter 2.0.6 - Account Takeover / Lockout / EoP Vulnerability

Exploit Title: Sielco PolyEco Digital FM Transmitter 2.0.6 - Account Takeover / Lockout / EoP Exploit Author: LiquidWorm Vendor: Sielco S.r.l Product web page: https://www.sielco.org Affected version: PolyEco1000 CPU:2.0.6 FPGA:10.19 PolyEco1000 CPU:1.9.4 FPGA:10.19 PolyEco1000 CPU:1.9.3 FPGA:10....

Sielco PolyEco Digital FM Transmitter 2.0.6 - Authentication Bypass Exploit

!/usr/bin/env python3 -- coding: utf-8 -- Exploit Title: Sielco PolyEco Digital FM Transmitter 2.0.6 - Authentication Bypass Exploit Exploit Author: LiquidWorm Sielco PolyEco Digital FM Transmitter 2.0.6 Authentication Bypass Exploit Vendor: Sielco S.r.l Product web page: https://www.sielco.org...

Sielco PolyEco Digital FM Transmitter 2.0.6 - Radio Data System POST Manipulation Vulnerability

Exploit Title: Sielco PolyEco Digital FM Transmitter 2.0.6 - Radio Data System POST Manipulation Exploit Author: LiquidWorm Vendor: Sielco S.r.l Product web page: https://www.sielco.org Affected version: PolyEco1000 CPU:2.0.6 FPGA:10.19 PolyEco1000 CPU:1.9.4 FPGA:10.19 PolyEco1000 CPU:1.9.3...

Sielco Analog FM Transmitter 2.12 - Improper Access Control Change Admin Password Vulnerability

!-- Exploit Title: Sielco Analog FM Transmitter 2.12 - Improper Access Control Change Admin Password Exploit Author: LiquidWorm Vendor: Sielco S.r.l Product web page: https://www.sielco.org Affected version: 2.12 EXC5000GX 2.12 EXC120GX 2.11 EXC300GX 2.10 EXC1600GX 2.10 EXC2000GX 2.08 EXC1600GX...

File Replication Pro 7.5.0 Insecure Permissions / Privilege Escalation Vulnerabilities

File Replication Pro version 7.5.0 suffers from having insecure directory permissions that can allow a local attacker the ability to escalate privileges. Exploit Title: File Replication Pro 7.5.0 - Password disclosure/reset & PrivEsc due Incorrect Access Control Exploit Author: Andrea Intilangelo...

InnovaStudio WYSIWYG Editor Asset Manager 5.4 Shell Upload Vulnerability

InnovaStudio WYSIWYG Editor Asset Manager versions 5.4 and below suffer from a remote shell upload vulnerability. Exploit Title: InnovaStudio WYSIWYG Editor 5.4 ASSET MANAGER Unrestricted File Upload / Directory Traversal / Multiple WebApps Exploit Date: 11/04/2023 Exploit Author: Zer0FauLT...

Bludit 4.0.0-rc-2 Privilege Escalation Vulnerability

Bludit version 4.0.0-rc-2 suffers from an account takeover vulnerability due to an API key that can be abused to change the administrative password. Title: Bludit-4.0.0-rc-2 - Release candidate 2 Account takeover: API token vulnerability Author: nu11secur1ty Date: 04.11.2013 Vendor:...