SoX 14.4.2 - Denial Of Service Vulnerability

Exploit Title: SoX 14.4.2 - Denial Of Service Exploit Author: LiquidWorm Vendor: Chris Bagwell Product web page: http://sox.sourceforge.net https://en.wikipedia.org/wiki/SoX Affected version: , buffer=, buffersize=optim...

Zyxel Unauthenticated LAN Remote Code Execution Exploit

This Metasploit module exploits a buffer overflow in the zhttpd binary /bin/zhttpd. It is present on more than 40 Zyxel routers and CPE devices. The code execution vulnerability can only be exploited by an attacker if the zhttp webserver is reachable. No authentication is required. After...

VIAVIWEB Wallpaper Admin 1.0 - Multiple Vulnerabilities

Exploit Title: VIAVIWEB Wallpaper Admin 1.0 - Multiple Vulnerabilities Google Dork: intext:"Wallpaper Admin" "LOGIN" "password" "Username" Exploit Author: Edd13Mora Vendor Homepage: www.viaviweb.com Version: N/A Tested on: Windows 11 - Kali Linux ------------------ SQLI on the Login page...

Linksys AX3200 V1.1.00 - Command Injection Vulnerability

Exploit Title: Linksys AX3200 V1.1.00 - Command Injection Exploit Author: Ahmed Alroky Author: Linksys Version: 1.1.00 Authentication Required: YES CVE : CVE-2022-38841 Tested on: Windows Proof Of Concept: 1 - login into AX3200 webui 2 - go to diagnostics page 3 - put "google.com|ls" to perform a...

101+ News Portal 1.0 SQL Injection Vulnerability

Exploit Title: 101+ News Portal - SQLi Exploit Author: Abdulhakim Öner Vendor Homepage: https://www.sourcecodester.com Software Link: https://www.sourcecodester.com/php/16067/best-online-news-portal-project-php-free-download.html Software Download:...

Open Web Analytics 1.7.3 Remote Code Execution Exploit

Open Web Analytics OWA versions prior to 1.7.4 allow an unauthenticated remote attacker to obtain sensitive user information, which can be used to gain admin privileges by leveraging cache hashes. class MetasploitModule 'Open Web Analytics 1.7.3 - Remote Code Execution RCE', 'Description' = %q Op...

Yoga Class Registration System 1.0 Cross Site Scripting Vulnerability

Exploit Title: Yoga Class Registration System - Cross Site Scripting Vulnerability Authenticated Exploit Author: Abdulhakim Öner Vendor Homepage: https://www.sourcecodester.com Software Link: https://www.sourcecodester.com/php/16097/yoga-class-registration-system-php-and-mysql-free-source-code.ht...

Microsoft User Account Control Nuances Vulnerability

This write up is an overview of how Microsoft's attempts to manage elevated access to executables via registry entries has added over complexity that still allows for escalation. Hi @ll, with Windows 2000, Microsoft virtualised the HKEYCLASSESROOT registry branch: what was just an alias for...

Human Resources Management System 1.0 SQL Injection Vulnerability

Exploit Title: Human Resources Management System - HRM - Multiple SQLi Exploit Author: Abdulhakim Öner Vendor Homepage: https://www.sourcecodester.com Software Link: https://www.sourcecodester.com/php/15740/human-resource-management-system-project-php-and-mysql-free-source-code.html Software...

Medicine Tracker System 1.0 Cross Site Scripting Vulnerability

Exploit Title: Medicine Tracker System - Cross Site Scripting Vulnerability Exploit Author: Abdulhakim Öner Vendor Homepage: https://www.sourcecodester.com Software Link: https://www.sourcecodester.com/php/16308/medicine-tracker-system-php-oop-and-mysql-db-source-code-free-download.html Software...

Music Gallery Site 1.0 Cross Site Scripting Vulnerability

Exploit Title: Music Gallery Site - Cross Site Scripting Vulnerability Authenticated Exploit Author: Abdulhakim Öner Vendor Homepage: https://www.sourcecodester.com Software Link: https://www.sourcecodester.com/php/16073/music-gallery-site-using-php-and-mysql-database-free-source-code.html Softwa...

Online Pizza Ordering System 1.0 SQL Injection Vulnerability

Exploit Title: Online Pizza Ordering System 1.0 - "id" SQLi Exploit Author: Abdulhakim Öner Vendor Homepage: https://www.sourcecodester.com Software Link: https://www.sourcecodester.com/php/16166/online-pizza-ordering-system-php-free-source-code.html Software Download:...

Riello UPS Restricted Shell Bypass Vulnerability

Riello UPS systems can have their restricted configuration shell bypassed to gain full underlying operating system access. I. VULNERABILITY ------------------------- Riello UPS systems allow to easily escape the configuration shell and get access to the operating system II. VENDOR...

Yoga Class Registration 1.0 SQL Injection Vulnerability

Title: Yoga Class Registration -1.0-2023 - Multiple SQLi Author: nu11secur1ty Date: 02.27.2023 Vendor: https://github.com/oretnom23 Software: https://www.sourcecodester.com/php/16097/yoga-class-registration-system-php-and-mysql-free-source-code.html Reference:...

Adobe Connect 11.4.5 / 12.1.5 Local File Disclosure Vulnerability

Adobe Connect versions 11.4.5 and below as well as versions 12.1.5 and below suffer from a file disclosure vulnerability. Title: adobe connect - Local File Disclosure / Download security feature bypass vulnerability Author: h4shur CVE: CVE-2023-22232 Vendor Homepage: https://www.adobe.com Softwar...

Employee Performance Evaluation System 1.0 - File Inclusion Vulnerabilities

Title: Employee Performance Evaluation System-1.0 - File Inclusion Vulnerabilities - RCE - User Interaction Author: nu11secur1ty Vendor: https://www.sourcecodester.com/user/257130/activity Software:...

Bitbucket Environment Variable Remote Command Injection Exploit

For various versions of Bitbucket, there is an authenticated command injection vulnerability that can be exploited by injecting environment variables into a user name. This module achieves remote code execution as the atlbitbucket user by injecting the GITEXTERNALDIFF environment variable, a null...

Human Resources Management System - Multiple SQL injection Vulnerability

A Blind SQL injection vulnerability in the login page /hrm/controller/login.php in Human Resources Management System allows remote unauthenticated attackers to execute remote command through arbitrary SQL commands by "name" parameter. Request PoC POST /hrm/controller/login.php HTTP/1.1 Host:...

Microsoft SQL Server 2014 / 2016 / 2017 / 2019 / 2022 Audit Logging Failure Vulnerability

Microsoft SQL Server 2014, 2016, 2017, 2019, and 2022 appears to ignore audit rules for sys.sysxlgns allowing an attacker with administrative permissions to extract password hashes under the radar. Microsoft told the researcher they are not willing to fix it but acknowledge it as a security...

Oracle DB Broken PDB Isolation / Metadata Exposure Vulnerability

Proof of concept details for Oracle database versions 12.1.0.2, 12.2.0.1, 18c, and 19c that had a PDB isolation vulnerability allowing viewing of metadata for a different database within the same container. Title: CVE-2021-2173 – PDB Isolation is broken through metadata exposure Product: Database...

Fortinet FortiNAC keyUpload.jsp Arbitrary File Write Exploit

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Fortinet FortiNAC keyUpload.jsp arbitrary file write', 'Description' = %q This module uploads a payload to the /tmp directory in addition to a cr...

WordPress Profile Builder 3.9.0 Missing Authorization Vulnerability

WordPress Profile Builder plugin versions 3.9.0 and below suffer from a missing authorization vulnerability in wppbtoolboxusermetahandler. Description: Profile Builder – User Profile & User Registration Forms get’. Finally, the function returns the value of the retrieved ‘key’ for the given...

Microsoft Outlook Remote Code Execution 0day Exploit

Microsoft Outlook Remote Code Execution 0day Exploit - zero-click exploit leading to remote code execution when receiving/downloading emails in Outlook, without requiring any user interaction such as reading the malicious email message or opening an attachment...

Apache Tomcat Privilege Escalation Exploit

This Metasploit module exploits a vulnerability in RedHat based systems where improper file permissions are applied to /usr/lib/tmpfiles.d/tomcat.conf for Apache Tomcat versions before 7.0.54-8. The configuration files in tmpfiles.d are used by systemd-tmpfiles to manage temporary files including...

Shopify Cross Site Scripting Vulnerability

Correspondence from Shopify declined to comment regarding new discovered vulnerabilities within their website. Although 'frontend' vulnerabilities are considered out of scope, person/tester foundhimself a beefy bugbounty from the same page that has been listed below, including similar functionali...

Fastly Secret Disclosure Vulnerability

Fastly suffers from the poor practice of sending a temporary password in plaintext. Correspondence from Fastly declined to comment regarding new discovered vulnerabilities within their website. Poor practices regarding password changes. 1. Reset user password 2. Access link sent 3. Temporary...

Webpower UPS 5.53 Denial Of Service Exploit

Exploit Title: Webpower UPS v5.53 HTTP Denial of Service Exploit Author: Yehia Elghaly Vendor Homepage: https://www.eaton.com/ae/en-gb.html Software Link: https://www.eaton.com/ae/en-gb.html Version: Revision v5.53 Tested on: WebPower UPS CVE: N/A !/usr/bin/env python Webpower UPS v5.53 HTTP Deni...

Wondershare Dr.Fone 12.9.6 Weak Permissions / Privilege Escalation Vulnerability

Executive Summary: Product Name: Wondershare Dr. Fone Vendor Home Page: https://drfone.wondershare.com Affected Versions: Dr Fone version 12.9.6 Vulnerability Type: Execution with Unnecessary Privileges CWE-250 CVE Reference: CVE-2023-27010. Credit: Thurein Soe Vendor Description: Wondershare Dr...

SugarCRM 12.x Remote Code Execution / Shell Upload Exploit

This Metasploit module exploits CVE-2023-22952, a remote code execution vulnerability in SugarCRM 11.0 Enterprise, Professional, Sell, Serve, and Ultimate versions prior to 11.0.5 and SugarCRM 12.0 Enterprise, Sell, and Serve versions prior to 12.0.2. This module requires Metasploit:...

CoreDial sipXcom sipXopenfire 21.04 Remote Command Execution / Weak Permissionsundefined Exploit

CoreDial sipXcom sipXopenfire versions 21.04 and below suffer from XMPP message system command argument injection and insecure service file permissions that when chained together gives root. ¯¯¯¯¯¯¯/ ༼ つ ◕◕ ༽つ ง'̀-'́ง ╯°□°）╯︵ ┻━┻ ヽ´ー｀ノ /¯¯...

Arris DG3450 AR01.02.056.18_041520_711.NCS.10 XSS / Missing Authentication Vulnerabilities

Arris DG3450 cable gateway version AR01.02.056.18041520711.NCS.10 suffers from cross site scripting and missing authentication vulnerabilities. ======================================================================= title: Multiple Vulnerabilities product: Arris DG3450 Cable Gateway vulnerable...

ZwiiCMS 12.2.04 Remote Code Execution Exploit

Exploit Title: ZwiiCMS 12.2.04 Remote Code Execution Authenticated Exploit Author: Hadi Mene Vendor Homepage: https://zwiicms.fr/ Version: 12.2.04 and potentially lower versions CVE: CVE-2020-10567 Category: webapps ZwiiCMS 12.2.04 uses "Responible FileManager" 9.14.0 for its file manager feature...

Oracle Database 19c Access Bypass Vulnerability

Oracle Database Vault had a flaw that would allow unauthorized privileged users to extract data from a protected table. Oracle 19c versions 19.18 and below are affected. Fixed in the Oracle Critical Patch Update October 2022. Title: Oracle Database Vault Protected Table With Realm Data Extraction...

Purchase Order Management - 1.0 - File Inclusion Vulnerabilities

Title: Purchase Order Management-1.0 - File Inclusion Vulnerabilities - Unprivilage user interaction Author: nu11secur1ty Date: 03.06.2023 Vendor: https://www.sourcecodester.com/user/257130/activity Software:...

Agilebio Lab Collector 4.234 Remote Code Execution Exploit

Exploit Title: Agilebio Lab Collector Electronic Lab Notebook Remote Code Execution Date: 2023-02-28 Exploit Author: Anthony Cole Vendor Homepage: https://labcollector.com/labcollector-lims/add-ons/eln-electronic-lab-notebook/ Version: v4.234 Contact: http://twitter.com/acole76 Website:...

Lucee Authenticated Scheduled Job Code Execution Exploit

This Metasploit module can be used to execute a payload on Lucee servers that have an exposed administrative web interface. It's possible for an administrator to create a scheduled job that queries a remote ColdFusion file, which is then downloaded and executed when accessed. The payload is...

Purchase Order Management 1.0 Cross Site Scripting Vulnerability

Purchase Order Management version 1.0 appears to suffer from a cross site scripting vulnerability due to printing errors with a malicious password payload. Title: Purchase Order Management-1.0 - XSS-Reflected - Information-gathering Author: nu11secur1ty Vendor:...

Barracuda CloudGen WAN OS Command Injection Vulnerability

Barracuda CloudGen WAN provides a private edge appliance for hybrid deployments. An authenticated user in the administration interface for the private edge virtual appliance can inject arbitrary OS commands via the /ajax/updatecertificate endpoint. Versions prior to v8. hotfix 1089 are affected...

Purchase Order Management 1.0 SQL Injection Vulnerability

Title: Purchase Order Management-1.0 - SQLi Author: nu11secur1ty Vendor: https://www.sourcecodester.com/user/257130/activity Software: https://www.sourcecodester.com/php/14935/purchase-order-management-system-using-php-free-source-code.html Reference:...

Android GKI Kernels Contain Broken Non-Upstream Speculative Page Faults MM Code Exploit

Android GKI kernels contain broken non-upstream Speculative Page Faults MM code that can lead to multiple use-after-free conditions. Android: GKI kernels contain broken non-upstream Speculative Page Faults MM code A central recurring theme in Linux MM development is that contention on the mmap lo...

Oracle E-Business Suite (EBS) Unauthenticated Arbitrary File Upload Exploit

This Metasploit module exploits an unauthenticated arbitrary file upload vulnerability in Oracle Web Applications Desktop Integrator, as shipped with Oracle EBS versions 12.2.3 through to 12.2.11, in order to gain remote code execution as the oracle user. This module requires Metasploit:...

Osprey Pump Controller 1.0.1 Predictable Session Token / Session Hijacking Vulnerabilities

Osprey Pump Controller version 1.0.1 has an ELF binary called MirageCreateSessionCode.x that contains a weak session token generation algorithm that can be predicted and can aid in authentication and authorization bypass attacks. Further, session hijacking is possible due to MitM attack exploitin...

WordPress WoodMart Theme 7.1.1 Cross Site Request Forgery Vulnerability

WordPress WoodMart Theme versions 7.1.1 and below suffer from a cross site request forgery vulnerability due to missing nonce validation on the processform function. ==== Z://USB-00RESEARCH/WORDPRESS/ ============================================= 2023 == Report Title: WordPress WoodMart Theme =...

Osprey Pump Controller 1.0.1 Unauthenticated File Disclosure Vulnerability

Osprey Pump Controller version 1.0.1 suffers from an unauthenticated file disclosure vulnerability. Osprey Pump Controller 1.0.1 Unauthenticated File Disclosure Vendor: ProPump and Controls, Inc. Product web page: https://www.propumpservice.com | https://www.pumpstationparts.com Affected version:...

WordPress Real Estate 7 Theme 3.3.4 Abuse Of Functionality Vulnerability

==== Z://USB-00RESEARCH/WORDPRESS/ ============================================= 2023 == Report Title: WordPress Real Estate 7 Theme = 3.3.4 - Abuse of Functionality Google Dork: inurl:/wp-content/themes/realestate-7/ Research Date: 2023-02-10 Researcher: FearZzZz https://fearzzzz.ru Component...

Osprey Pump Controller 1.0.1 Authentication Bypass Exploit

Osprey Pump Controller version 1.0.1 allows an unauthenticated attacker to create an account and bypass authentication, thereby gaining unauthorized access to the system. !/usr/bin/env python Osprey Pump Controller 1.0.1 Authentication Bypass Credentials Modification Vendor: ProPump and Controls,...

WordPress WoodMart Theme 7.1.0 Shortcodes Injection Vulnerability

The WoodMart premium theme for WordPress is vulnerable to unauthenticated arbitrary shortcodes injection in versions 7.1.0 and below. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes. ==== Z://USB-00RESEARCH/WORDPRESS/...

Osprey Pump Controller 1.0.1 pseudonym Command Injection Vulnerability

Osprey Pump Controller version 1.0.1 suffers from an unauthenticated OS command injection vulnerability. This can be exploited to inject and execute arbitrary shell commands through the pseudonym HTTP POST parameter called by index.php script. Osprey Pump Controller 1.0.1 pseudonym Semi-blind...

Osprey Pump Controller 1.0.1 Administrator Backdoor Access Vulnerability

Osprey Pump Controller version 1.0.1 has a hidden administrative account admin that has the hardcoded password Mirage1234 that allows full access to the web management interface configuration. The user admin is not visible in Usernames and Passwords menu list 120 of the application and the passwo...

ChurchCRM 4.5.3 SQL Injection Vulnerability

Title: ChurchCRM-4.5.3-121fcc1-SQLi Author: nu11secur1ty Vendor: http://churchcrm.io/ Software: https://github.com/ChurchCRM/CRM Reference: https://portswigger.net/web-security/sql-injection Description: In the manual insertion point 1 - parameter EID appears to be vulnerable to SQL injection...