39001 matches found
ABB Cylon Aspect 3.08.01 jsonProxy.php Denial Of Service Vulnerability
ABB Cylon Aspect version 3.08.01 is vulnerable to an unauthenticated denial of service attack in the jsonProxy.php endpoint. An attacker can remotely restart the main Java server by accessing the FTControlServlet with the restart parameter. The endpoint proxies requests to localhost without...
ABB Cylon Aspect 3.08.01 jsonProxy.php Unauthenticated Remote SSH Service Control Vulnerability
ABB Cylon Aspect 3.08.01 jsonProxy.php Unauthenticated Remote SSH Service Control Vendor: ABB Ltd. Product web page: https://www.global.abb Affected version: NEXUS Series, MATRIX-2 Series, ASPECT-Enterprise, ASPECT-Studio Firmware: =3.08.01 Summary: ASPECT is an award-winning scalable building...
ABB Cylon Aspect 3.08.01 Active Debug Data Exposure Vulnerability
ABB Cylon Aspect version 3.08.01 is deployed to unauthorized actors with debugging code still enabled or active, which can create unintended entry points or expose sensitive information. ABB Cylon Aspect 3.08.01 auth/ Active Debug Code Vulnerability Vendor: ABB Ltd. Product web page:...
Xerox Printers Authenticated Remote Code Execution Vulnerability
Various Xerox printers, such as models EC80xx, AltaLink, VersaLink, and WorkCentre, suffer from an authenticated remote code execution vulnerability. ======================================================================= title: Authenticated Remote Code Execution product: Multiple Xerox printers...
ABB Cylon Aspect 3.08.01 jsonProxy.php Servlet Inclusion Authentication Bypass Vulnerability
ABB Cylon Aspect version 3.08.01 is vulnerable to remote, arbitrary servlet inclusion. The jsonProxy.php endpoint allows unauthenticated remote attackers to access internal services by proxying requests to localhost. This results in an authentication bypass, enabling attackers to interact with...
ABB Cylon Aspect 3.08.01 jsonProxy.php Cross Site Scripting Vulnerability
ABB Cylon Aspect version 3.08.01 suffers from an unauthenticated reflected cross-site scripting vulnerability. Input passed to the GET parameters query and application is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML/JS code in a user's...
ABB Cylon Aspect 3.08.01 jsonProxy.php Information Disclosure Vulnerability
ABB Cylon Aspect 3.08.01 jsonProxy.php Information Disclosure Vendor: ABB Ltd. Product web page: https://www.global.abb Affected version: NEXUS Series, MATRIX-2 Series, ASPECT-Enterprise, ASPECT-Studio Firmware: =3.08.01 Summary: ASPECT is an award-winning scalable building energy management and...
ABB Cylon Aspect 3.08.01 jsonProxy.php Unauthenticated Credential Disclosure Vulnerability
ABB Cylon Aspect version 3.08.01 allows an unauthenticated attacker to disclose credentials in plain-text. ABB Cylon Aspect 3.08.01 jsonProxy.php Unauthenticated Credentials Disclosure Vendor: ABB Ltd. Product web page: https://www.global.abb Affected version: NEXUS Series, MATRIX-2 Series,...
ABB Cylon Aspect 3.08.02 logYumLookup.php Authenticated File Disclosure Vulnerability
ABB Cylon Aspect version 3.08.02 suffers from an authenticated arbitrary file disclosure vulnerability. Input passed through the logFile GET parameter via the logYumLookup.php script is not properly verified before being used to download log files. This can be exploited to disclose the contents o...
ABB Cylon Aspect 3.08.01 logCriticalLookup.php Unauthenticated Log Disclosure Vulnerability
ABB Cylon Aspect version 3.08.01 suffers from an unauthenticated log information disclosure vulnerability. An unauthorized attacker can reference the affected page and disclose the webserver's log file containing system information running on the device. ABB Cylon Aspect 3.08.01...
ABB Cylon Aspect 3.08.01 throttledLog.php Unauthenticated Log Disclosure Vulnerability
ABB Cylon Aspect version 3.08.01 suffers from an unauthenticated log information disclosure vulnerability. An unauthorized attacker can reference the affected page and disclose the webserver's log file containing system information running on the device. ABB Cylon Aspect 3.08.01 throttledLog.php...
ABB Cylon Aspect 3.08.01 networkDiagAjax.php Remote Network Utility Execution Vulnerability
ABB Cylon Aspect version 3.08.01 allows an unauthenticated attacker to perform network operations such as ping, traceroute, or nslookup on arbitrary hosts or IPs by sending a crafted GET request to networkDiagAjax.php. This could be exploited to interact with or probe internal or external systems...
ABB Cylon Aspect 3.08.01 persistenceManagerAjax.php Command Injection Vulnerability
ABB Cylon Aspect version 3.08.01 suffers from an unauthenticated OS command injection vulnerability. This can be exploited to inject and execute arbitrary shell commands through the directory HTTP POST parameter called by the persistenceManagerAjax.php script. ABB Cylon Aspect 3.08.01...
SofaWiki 3.9.2 Cross Site Scripting Vulnerability
Exploit Title: SofaWiki 3.9.2 - Stored XSS Authenticated Exploit Author: Chokri Hammedi Vendor Homepage: https://www.sofawiki.com Software Link: https://www.sofawiki.com/site/files/snapshot.zip Version: 3.9.2 Tested on: Windows XP Summary: A stored XSS exists in SofaWiki's Open Ticket feature. An...
Magento / Adobe Commerce Remote Code Execution Exploit
This Metasploit module uses a combination of an arbitrary file read CVE-2024-34102 and a buffer overflow in glibc CVE-2024-2961. It allows for unauthenticated remote code execution on various versions of Magento and Adobe Commerce and earlier versions if the PHP and glibc versions are also...
SofaWiki 3.9.2 Shell Upload Exploit
Exploit Title: SofaWiki 3.9.2 - Remote Code Execution RCE via Open Ticket File Upload Exploit Author: Chokri Hammedi Vendor Homepage: https://www.sofawiki.com Software Link: https://www.sofawiki.com/site/files/snapshot.zip Version: 3.9.2 Tested on: Windows XP Summary: A remote code execution RCE...
BYOB Unauthenticated Remote Code Execution Exploit
This Metasploit module exploits two vulnerabilities in the BYOB Build Your Own Botnet web GUI. It leverages an unauthenticated arbitrary file write that allows modification of the SQLite database, adding a new admin user. It also uses an authenticated command injection in the payload generation...
ABB Cylon Aspect 3.08.01 databaseFileDelete.php Command Injection Vulnerability
ABB Cylon Aspect version 3.08.01 suffers from an unauthenticated OS command injection vulnerability. This can be exploited to inject and execute arbitrary shell commands through the file HTTP POST parameter called by the databaseFileDelete.php script. ABB Cylon Aspect 3.08.01 databaseFileDelete.p...
ABB Cylon Aspect 3.08.01 mapConfigurationDownload.php Configuration Download Vulnerability
ABB Cylon Aspect version 3.08.01 suffers from an unauthenticated configuration download vulnerability. This can be exploited to download the SQLite DB that contains the configuration mappings information via the FTControlServlet by directly calling the mapConfigurationDownload.php script. ABB Cyl...
ABB Cylon Aspect 3.08.00 sslCertAjax.php Remote Command Execution Vulnerability
ABB Cylon Aspect version 3.08.00 suffers from an authenticated OS command injection vulnerability. This can be exploited to inject and execute arbitrary shell commands through the country, state, locality, organization, and hostname HTTP POST parameters called by the sslCertAjax.php script. ABB...
ABB Cylon Aspect 3.08.00 yumSettings.php Command Injection Vulnerability
ABB Cylon Aspect version 3.08.00 suffers from an authenticated OS command injection vulnerability. This can be exploited to inject and execute arbitrary shell commands through the PROXY HTTP POST parameter called by the yumSettings.php script. ABB Cylon Aspect 3.08.00 yumSettings.php Remote Code...
Peel Shopping 2.x Cross Site Scripting / SQL Injection Exploit
Peel Shopping versions 2.x and below 3.1 suffer from cross site scripting and remote SQL injection vulnerabilities. This was already noted discovery in 2012 by Cyber-Crystal but this data provides more details. Exploit Title: Peel Shopping "catid=" SQL injection Google Dork:...
Vivo Fibra Askey RTF8225VW Command Execution Vulnerability
The Vivo Fibra Askey RTF8225VW modem suffers from an input validation vulnerability that allows for full escalation to a functioning shell once logged in and using the restricted aspsh shell. --- Exploit 1 Documentation on the Vivo Fibra Modem Exploit I discovered an exploit that allows access to...
ABB Cylon Aspect 3.07.02 sshUpdate.php Unauthenticated Remote SSH Service Control Vulnerability
ABB Cylon Aspect version 3.07.02 suffers from a vulnerability that allows an unauthenticated attacker to enable or disable the SSH daemon by sending a POST request to sshUpdate.php with a simple JSON payload. This can be exploited to start the SSH service on the remote host without proper...
ABB Cylon Aspect 3.08.01 persistenceManagerAjax.php Directory Traversal Vulnerability
ABB Cylon Aspect version 3.08.01 has a directory traversal vulnerability that can be exploited by an unauthenticated attacker to list the contents of arbitrary directories without reading file contents, leading to information disclosure of directory structures and filenames. This may expose...
ABB Cylon Aspect 3.07.02 user.properties Default Credentials Vulnerability
ABB Cylon Aspect version 3.07.02 uses a weak set of default administrative credentials that can be guessed in remote password attacks and used to gain full control of the system. ABB Cylon Aspect 3.07.02 user.properties Default Credentials Vendor: ABB Ltd. Product web page: https://www.global.abb...
ABB Cylon Aspect 3.08.00 dialupSwitch.php Remote Code Execution Vulnerability
ABB Cylon Aspect version 3.08.00 suffers from an authenticated OS command injection vulnerability. This can be exploited to inject and execute arbitrary shell commands through the MODEM HTTP POST parameter called by the dialupSwitch.php script. ABB Cylon Aspect 3.08.00 dialupSwitch.php Remote Cod...
MD-Pro 1.0.76 Shell Upload / SQL Injection Vulnerability
Exploit Title: MD-Pro 1.0.76. SQL injection + shell upload Google Dork: intext: Powered by MD-Pro Exploit Author: Emiliano Febbi Vendor Homepage: https://www.opensourcecms.com/wp-content/uploads/MDPro-website-description.png Software Link: https://www.opensourcecms.com/mdpro/ Version: 1.0.76...
Linux kernel versions 6.8. Local Privilege Escalation 0day Exploit
...
Acronis Cyber Infrastructure Default Password Remote Code Execution Exploit
Acronis Cyber Infrastructure ACI is an IT infrastructure solution that provides storage, compute, and network resources. Businesses and Service Providers are using it for data storage, backup storage, creating and managing virtual machines and software-defined networks, running cloud-native...
openSIS 9.1 - SQL injection (Authenticated) Vulnerability
Exploit Title: openSIS 9.1 - SQLi Authenticated Google Dork: intext:"openSIS is a product" Exploit Author: Devrim Dıragumandan d0ub1edd Vendor Homepage: https://www.os4ed.com/ Software Link: https://github.com/OS4ED/openSIS-Classic/releases/tag/V9.1 Version: 9.1 Tested on: Linux A SQL injection...
VICIdial Authenticated Remote Code Execution Exploit
metasploit.com This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'VICIdial Authenticated Remote Code Execution', 'Description' = %q An attacker with authenticated access to VICIdial as an "agent"...
dizqueTV 1.5.3 - Remote Code Execution Vulnerability
Exploit Title: dizqueTV 1.5.3 - Remote Code Execution RCE Date: 9/21/2024 Exploit Author: Ahmed Said Saud Al-Busaidi Vendor Homepage: https://github.com/vexorian/dizquetv Version: 1.5.3 Tested on: linux POC: Vulnerability Description dizqueTV 1.5.3 is vulnerable to unauthorized remote code...
reNgine 2.2.0 - Command Injection (Authenticated) Vulnerability
Exploit Title: reNgine 2.2.0 - Command Injection Authenticated Exploit Author: Caner Tercan Vendor Homepage: https://rengine.wiki/ Software Link: https://github.com/yogeshojha/rengine Version: v2.2.0 Tested on: macOS POC : 1. Login the Rengine Platform 2. Click the Scan Engine 3. Modify any Scan...
Linux OverlayFS Local Privilege Escalation Exploit
This Metasploit module exploit targets the Linux kernel bug in OverlayFS. A flaw was found in the Linux kernel, where unauthorized access to the execution of the setuid file with capabilities was found in the Linux kernel’s OverlayFS subsystem in how a user copies a capable file from a nosuid mou...
Traccar 5.12 Remote Code Execution Exploit
This Metasploit module exploits a remote code execution vulnerability in Traccar versions 5.1 through 5.12. Remote code execution can be obtained by combining path traversal and an unrestricted file upload vulnerabilities. By default, the application allows self-registration, enabling any user to...
Elaines Realtime CRM Automation 6.18.17 Cross Site Scripting Vulnerability
Exploit Title: Reflected XSS in Elaine's Realtime CRM Automation v6.18.17 Exploit Author: Haythem Arfaoui CBTW Team Vendor Homepage: https://www.elaine.io/ Software Link: https://www.elaine.io/en/products/elaine-marketing-automation/ Version: 6.18.17 and below Tested on: Windows, Linux CVE :...
Apple iOS 17.2.1 Screen Time Passcode Retrieval / Mitigation Bypass Vulnerabilities
A mitigation bypass / privilege escalation flaw has been discovered in Apple's iOS Screen Time functionality, granting one access to modify the restrictions. It allows a local attacker to acquire the Screen Time Passcode by bypassing the anti-bruteforce protections on the four-digit Passcode, and...
Linux i915 PTE Use-After-Free Exploit
Linux i915 suffers from an out-of-bounds PTE write in vmfaultgtt that leads to a PTE use-after-free vulnerability. I found a bug in the i915 code that allows a process with access to a render node /dev/dri/renderD128 to corrupt kernel memory. This bug is subject to a 90-day disclosure deadline. I...
Netman 204 4.05 SQL Injection / Unauthenticated Password Reset Vulnerabilities
------------------------------------------------------------------------------- title| Multiple Vulnerabilities product| Netman 204 vulnerable version| 4.05 fixed version| - CVE number| CVE-2024-8877, CVE-2024-8878 impact| High homepage| https://www.riello-ups.com/ found| 2024-05-17 by| D...
ABB Cylon Aspect 3.08.01 Remote Code Execution Vulnerability
ABB Cylon Aspect version 3.08.01 BMS/BAS controller suffers from a remote code execution vulnerability. The vulnerable uploadFile function in bigUpload.php improperly reads raw POST data using the php://input wrapper without sufficient validation. This data is passed to the fwrite function,...
BlackNET 3.7.0.0 Missing Authentication / File Deletion / Traversal Exploit
BlackNET version 3.7.0.0 appears to allow unauthenticated access to modify data and suffers from arbitrary file deletion and directory traversal vulnerabilities while authenticated. Exploit Title: BlackNET - Multiple Vulnerabilities Exploit Author: bRpsd Date: 20/09/2024 Vendor Homepage:...
WordPress LMS 4.2.7 SQL Injection Vulnerability
CVE-2024-8522 LearnPress – WordPress LMS Plugin execute class-lp-course-db.php:564, LPCourseDB-getcourses Courses.php:241, LearnPress\Models\Courses::getcourses class-lp-rest-courses-v1-controller.php:502, LPJwtCoursesV1Controller-getcourses class-wp-rest-server.php:1230,...
Dockwatch Remote Command Execution Exploit
Dockwatch is a container management web UI for docker. It runs by default without authentication, although guidance is available for how to setup credentials for access. It has a Commands feature that allows a user to run docker commands such as inspect, network, ps. Prior to fix, it did not...
WordPress LiteSpeed Cache Cookie Theft Exploit
This Metasploit module exploits an unauthenticated account takeover vulnerability in LiteSpeed Cache, a WordPress plugin that currently has around 6 million active installations. In LiteSpeed Cache versions prior to 6.5.0.1, when the Debug Logging feature is enabled, the plugin will log admin...
Microsoft Windows TOCTOU Local Privilege Escalation Exploit
CVE-2024-30088 is a Windows kernel elevation of privilege vulnerability which affects many recent versions of Windows 10, Windows 11 and Windows Server 2022. The vulnerability exists inside the function called AuthzBasepCopyoutInternalSecurityAttributes specifically when the kernel copies the...
Windows Escalate UAC Execute RunAs Exploit
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Windows Escalate UAC Execute RunAs', 'Description' = %q This module will attempt to elevate execution level using the ShellExecute undocumented...
SPIP BigUp 4.3.1 / 4.2.15 / 4.1.17 Unauthenticated Remote Code Execution Exploit
This Metasploit module exploits a Remote Code Execution vulnerability in the BigUp plugin of SPIP. The vulnerability lies in the listerfichiersparchamps function, which is triggered when the bigupretrouverfichiers parameter is set to any value. By exploiting the improper handling of multipart for...
QNX Qconn Command Execution Exploit
This Metasploit module uses the qconn daemon on QNX systems to gain a shell. The QNX qconn daemon does not require authentication and allows remote users to execute arbitrary operating system commands. This Metasploit module has been tested successfully on QNX Neutrino 6.5.0 x86 and 6.5.0 SP1 x86...
VICIdial 2.14-917a SQL Injection Vulnerability
An unauthenticated attacker can leverage a time-based SQL injection vulnerability in VICIdial version 2.14-917a to enumerate database records. By default, VICIdial stores plaintext credentials within the database. Title: VICIdial Unauthenticated SQL Injection Publication URL:...