Zyxel Firewall SUID Binary Privilege Escalation Exploit

This Metasploit module exploits CVE-2022-30526, a local privilege escalation vulnerability that allows a low privileged user e.g. nobody escalate to root. The issue stems from a suid binary that allows all users to copy files as root. This module overwrites the firewall's crontab to execute an...

WordPress Testimonial Slider and Showcase 2.2.6 Plugin - Stored XSS Vulnerability

Exploit Title: WordPress Plugin Testimonial Slider and Showcase 2.2.6 - Stored Cross-Site Scripting XSS Exploit Author: saitamang , yunaranyancat , syad Vendor Homepage: https://wordpress.org Software Link: https://wordpress.org/plugins/testimonial-slider-and-showcase/ Version: 2.2.6 Tested on:...

Doctors Appointment System 1.0 Cross Site Scripting / SQL Injection Vulnerabilities

Exploit Title: Doctor's Appointment System v1.0 - Cross-Site Scripting XSS Google Dork: N/A Exploit Author: Abdullah Zaid - @aznull Vendor Homepage: https://www.sourcecodester.com/hashenudara/simple-doctors-appointment-project.html Software Link:...

Sophos XG115w Firewall 17.0.10 MR-10 - Authentication Bypass Vulnerability

Aryan Chehreghani Exploit Title: Sophos XG115w Firewall 17.0.10 MR-10 - Authentication Bypass Exploit Author: Aryan Chehreghani Vendor Homepage: https://www.sophos.com Version: 17.0.10 MR-10 Tested on: Windows 11 CVE : CVE-2022-1040 VULNERABILITY DETAILS : This vulnerability allows an attacker to...

AeroCMS v0.0.1 SQL injection Vulnerability

Title: AeroCMS-v0.0.1 SQLi Author: nu11secur1ty Vendor: https://github.com/MegaTKC Software: https://github.com/MegaTKC/AeroCMS/releases/tag/v0.0.1 Reference: https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/MegaTKC/2021/AeroCMS-v0.0.1-SQLi Description: The author parameter from...

WordPress Robo Gallery 3.2.1 plugin - XSS Stored Vulnerability

Title: WordPress 6.0.1 Plugin-Robo Gallery 3.2.1 XSS-Stored Author: nu11secur1ty Vendor: https://wordpress.org/ Software: https://wordpress.org/plugins/robo-gallery/ Reference: https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/WordPress/2022/RoboGallery/XSS-Stored Description: Th...

WordPress Robo Gallery 3.2.1 plugin - Bypass POST comment approvement Vulnerability

Title: WordPress 6.0 - Bypass POST comment approvement Robo Gallery 3.2.1 Author: nu11secur1ty Vendor: https://wordpress.org/ Software: https://wordpress.org/plugins/robo-gallery/ Reference: https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/WordPress/2022/RoboGallery Description:...

Centreon 22.04.0 Cross Site Scripting Vulnerability

Exploit Title: Stored XSS in name parameter in Centreon version 22.04.0 Exploit Author: syad, yunaranyancat, saitamang Vendor Homepage: Centreon Software Link: https://download.centreon.com/ Version: 22.04.0 CVE ID : CVE-2022-36194 Tested on: Centos 7 Centreon 22.04.0 is vulnerable to Cross Site...

Zimbra Zip Path Traversal Exploit

This Metasploit module POSTs a ZIP file containing path traversal characters to the administrator interface for Zimbra Collaboration Suite. If successful, it plants a JSP-based backdoor within the web directory, then executes it. The core vulnerability is a path traversal issue in Zimbra...

PrestaShop Ap Pagebuilder 2.4.4 SQL Injection Vulnerability

Exploit Title: AP PAGEBUILDER Prestashop module = 2.4.4 'productalloneimg' , 'imageproduct' Blind SQL Injection Exploit Author: Mohamed Ali Hammami Vendor Homepage: https://apollotheme.com/ Software Link : https://apollotheme.com/products/ap-pagebuilder-prestashop-module Version: 2.4.4 Tested on:...

10-Strike Network Inventory Explorer 9.3 Buffer Overflow Vulnerability

10-Strike Network Inventory Explorer versions 9.3 and below are vulnerable to a SEH based buffer overflow which leads to code execution or local privilege escalation. The vulnerable part of the program is the functionality to add computers from a text file. I. VULNERABILITY...

Teleport 9.3.6 Command Injection Vulnerability

Teleport 9.3.6 is vulnerable to command injection leading to remote code execution. An attacker can craft a malicious ssh agent installation link by URL encoding a bash escape with carriage return line feed. This url encoded payload can be used in place of a token and sent to a user in a social...

FLIR AX8 1.46.16 Remote Command Execution Exploit

-- coding: utf-8 -- Exploit Title: FLIR AX8 Unauthenticated OS Command Injection Exploit Author: Samy Younsi Naqwada https://samy.link Vendor Homepage: https://www.flir.com/ Software Link: https://www.flir.com/products/ax8-automation/ PoC: https://www.youtube.com/watch?v=dh0rfAIWok Version: 1.46....

Microsoft Exchange Server ChainedSerializationBinder Remote Code Execution Exploit

This Metasploit module exploits vulnerabilities within the ChainedSerializationBinder as used in Exchange Server 2019 CU10, Exchange Server 2019 CU11, Exchange Server 2016 CU21, and Exchange Server 2016 CU22 all prior to Mar22SU. Note that authentication is required to exploit these...

FLIR AX8 1.46.16 Traversal / Access Control / Command Injection / XSS Vulnerabilities

FLIR AX8 versions 1.46.16 and below suffer from command injection, directory traversal, improper access control, and cross site scripting vulnerabilities. FLIR AX8 vulnerabilities. Product description: The FLIR AX8 is a thermal sensor with imaging capabilities, combining thermal and visual camera...

Personnel Property Equipment 2015-2022 SQL Injection Vulnerability

Title: Personnel Property Equipment-2015-2022 SQLi, Unauthenticated-File-Upload Author: nu11secur1ty Vendor Homepage: https://www.trickcode.in/ Video vendor: https://www.youtube.com/watch?v=ltSwom8sQAQ Software https://www.trickcode.in/2021/03/personnel-property-equipment-system.html Reference:...

macOS RawCamera Out-Of-Bounds Write Vulnerability

There is an out-of-bounds write vulnerability when decoding a certain flavor of RAW image files on macOS. The vulnerability has been confirmed on macOS 12.3.1. Although the advisory notes an attached poc, Google did not have one attached. MacOS: Out-of-bounds write in RawCamera There is an...

Transposh WordPress Translation 1.0.8.1 Incorrect Authorization Vulnerability

ADVISORY INFORMATION ======================= Product: Transposh WordPress Translation Vendor URL: https://wordpress.org/plugins/transposh-translation-filter-for-wordpress/ Type: Incorrect Authorization CWE-863 Date found: 2022-07-23 Date published: 2022-08-16 CVSSv3 Score: 7.5...

Polar Flow Android 5.7.1 Secret Disclosure Vulnerability

Insecure data storage in Polar Flow Android application Overview Advisory ID: TRSA-2110-01 Advisory version: 1.0 Advisory status: Public Advisory URL: https://trovent.io/security-advisory-2110-01 Affected product: Polar Flow Android mobile application fi.polar.polarflow Affected version: 5.7.1...

Advantech iView NetworkServlet Command Injection Exploit

Advantech iView software versions prior to 5.7.04.6469 are vulnerable to an unauthenticated command injection vulnerability via the NetworkServlet endpoint. The database backup functionality passes a user-controlled parameter, backupfile to the mysqldump command. The sanitization functionality on...

Inout RealEstate 2.1.2 SQL Injection Vulnerability

┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ┌┘ Exploits ┌┘ └───────────────────────────────────────────────────────────────────────────────────────┘┘ : Author : CraCkEr │ │ : │ Website : inoutscripts.com │ │ │ │ Vendor : Inout Scripts │ │ │ │ Softwar...

Powershell Code Arbitary Execution Builder FUD Exploit

A desired powershell.ps1 hides the payload with special methods. It allows it to run secretly on the installed computer. Bypasses all modern antivirus protections. Completely FUD...

TypeORM 0.3.7 Information Disclosure Vulnerability

I found what I think is a vulnerability in the latest typeorm 0.3.7. TypeORM v0.3 has a new findOneBy method instead of findOneById and it is the only way to get a record by id Sending undefined as a value in this method removes this parameter from the query. This leads to the data exposure. For...

Gas Agency Management 2022 SQL Injection / XSS / Shell Upload Vulnerabilities

Gas Agency Management 2022 suffers from cross site scripting, remote SQL injection, and remote shell upload vulnerabilities. Title: Gas Agency Management-2022 by Mayuri K - SQLi+FU-RCE+XSS Author: nu11secur1ty Vendor Homepage: https://www.mayurik.com/downloadsection Software Link-0:...

Readymade Job Portal Script SQL Injection Vulnerability

Readymade Job Portal Script suffers from a remote SQL injection vulnerability. The researcher requested version information from the vendor while reporting the vulnerability but the company has been unresponsive. ┌──── From The Ashes and Dust Rises An Unimaginable crack.... ────┐...

AirSpot 5410 0.3.4.1-4 Remote Command Injection Exploit

-- coding: utf-8 -- Exploit Title: AirSpot unauthenticated remote command injection Date: 7/26/2022 Exploit Author: Samy Younsi NSLABS https://samy.link Vendor Homepage: https://www.airspan.com/ Software Link: https://wdi.rfwel.com/cdn/techdocs/AirSpot5410.pdf Version: 0.3.4.1-4 and under. Tested...

Sophos XG115w Firewall 17.0.10 MR-10 Authentication Bypass Vulnerability

Exploit Title: Sophos XG115w Firewall 17.0.10 MR-10 - Authentication Bypass Exploit Author: Aryan Chehreghani Vendor Homepage: https://www.sophos.com Version: 17.0.10 MR-10 Tested on: Windows 11 CVE : CVE-2022-1040 VULNERABILITY DETAILS : This vulnerability allows an attacker to gain unauthorized...

Zimbra zmslapd Privilege Escalation Exploit

This Metasploit module exploits CVE-2022-37393, which is a vulnerability in Zimbra's sudo configuration that permits the zimbra user to execute the zmslapd binary as root with arbitrary parameters. As part of its intended functionality, zmslapd can load a user-defined configuration file, which...

Feehi CMS 2.1.1 - Stored Cross-Site Scripting Vulnerability

Exploit Title: Feehi CMS 2.1.1 - Stored Cross-Site Scripting XSS Exploit Author: Shivam Singh Vendor Homepage: https://feehi.com/ Software Link: https://github.com/liufee/cms Profile Link: https://www.linkedin.com/in/shivam-singh-3906b0203/ Version: 2.1.1 REQUIRED Tested on: Linux, Windows, Docke...

PAN-OS 10.0 - Remote Code Execution (Authenticated) Exploit

Exploit Title: PAN-OS 10.0 - Remote Code Execution RCE Authenticated Exploit Author: UnD3sc0n0c1d0 Software Link: https://security.paloaltonetworks.com/CVE-2020-2038 Category: Web Application Version: 10.0.1, 9.1.4 and 9.0.10 Tested on: PAN-OS 10.0 - Parrot OS CVE : CVE-2020-2038 Description: An ...

Matrimonial PHP Script 1.0 SQL Injection Vulnerability

┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ┌┘ Exploits ┌┘ └───────────────────────────────────────────────────────────────────────────────────────┘┘ : Author : CraCkEr │ │ : │ Website : uisort.com │ │ │ │ Vendor : Uisort Technologies Pvt. Ltd. │ │ │...

Prestashop blockwishlist module 2.1.0 - SQL injection Exploit

Exploit Title: Prestashop blockwishlist module 2.1.0 - SQLi Date: 29/07/22 Exploit Author: Karthik UJ @5up3r541y4n Vendor Homepage: https://www.prestashop.com/en Software Link blockwishlist: https://github.com/PrestaShop/blockwishlist/releases/tag/v2.1.0 Software Link prestashop:...

WordPress Duplicator 1.4.7.1 Plugin - Unauthenticated Backup Download Vulnerability

Title: WordPress Plugin Duplicator 1.4.7.1 - Unauthenticated Backup Download Author: nu11secur1ty Vendor: https://wordpress.org/ Software: https://wordpress.org/plugins/duplicator/ Reference:...

ManageEngine ADAudit Plus Path Traversal / XML Injection Exploit

This Metasploit module exploits CVE-2022-28219, which is a pair of vulnerabilities in ManageEngine ADAudit Plus versions before build 7060. They include a path traversal in the /cewolf endpoint along with a blind XML external entity injection vulnerability to upload and execute a file. This modul...

ThingsBoard 3.3.1 - Stored Cross-Site Scripting Vulnerability

Exploit Title: ThingsBoard 3.3.1 - Stored Cross-Site Scripting XSS within the description of a rule node Exploit Author: Steffen Langenfeld & Sebastian Biehler Vendor Homepage: https://thingsboard.io/ Software Link: https://github.com/thingsboard/thingsboard/releases/tag/v3.3.1 Version: 3.3.1...

Nortek Linear eMerge E3-Series Account Takeover XSS Vulnerability

Nortek Linear eMerge E3-Series version 0.32-07p suffers from a vulnerability where session fixation tied with cross site scripting can allow for account takeover. Exploit Title: Nortek Linear eMerge E3-Series - Account Take Over Exploit Author: Omar Hashim Version: 0.32-07p Vendor home page:...

Nortek Linear eMerge E3-Series Credential Disclosure Vulnerability

Nortek Linear eMerge E3-Series versions 0.32-07p, 0.32-07e, 0.32-07p, 0.32-08f, and 0.32-09c suffer from an administrative credential disclosure vulnerability. Exploit Title: Nortek Linear eMerge E3-Series - Information Disclosure lead to access admin dashboard Exploit Author: Omar Hashim Version...

Nortek Linear eMerge E3-Series Command Injection Vulnerability

Exploit Title: Nortek Linear eMerge E3-Series - Blind OS Command Injection Exploit Author: Omar Hashim Version: 0.32-09c Vendor home page: https://www.nortekcontrol.com/access-control/ Vendor home page: https://linear-solutions.com/ Authentication Required: No CVE: CVE-2022-31499 POC:...

Online Admission System 1.0 SQL Injection Vulnerability

Exploit Title: online-admission-system 1.0 - unauthenticated SQL Injection Exploit Author: syad Vendor Homepage: https://www.sourcecodester.com Software Link: https://www.sourcecodester.com/php/15514/online-admission-system-php-and-mysql.html Version: 1.0 Tested on: Windows 10 + XAMPP 3.2.4 CVE I...

WordPress Testimonial Slider And Showcase 2.2.6 Cross Site Scripting Vulnerability

Exploit Title: Stored XSS in posttitle parameter in WordPress Plugin "Testimonial Slider and Showcase" 2.2.6 Exploit Author: saitamang , yunaranyancat , amdsyad Vendor Homepage: wordpress Software Link: https://wordpress.org/plugins/testimonial-slider-and-showcase/ Version: 2.2.6 Tested on: Cento...

Zimbra UnRAR Path Traversal Exploit

This Metasploit module creates a RAR file that can be emailed to a Zimbra server to exploit CVE-2022-30333. If successful, it plants a JSP-based backdoor in the public web directory, then executes that backdoor. The core vulnerability is a path-traversal issue in unRAR that can extract an arbitra...

VMware Workspace ONE Access Privilege Escalation Exploit

VMware Workspace ONE Access contains a vulnerability whereby the horizon user can escalate their privileges to those of the root user by modifying a file and then restarting the vmware-certproxy service which invokes it. The service control is permitted via the sudo configuration without a...

Zoho Password Manager Pro XML-RPC Java Deserialization Exploit

This Metasploit module exploits a Java deserialization vulnerability in Zoho ManageEngine Pro before 12101 and PAM360 before 5510. Unauthenticated attackers can send a crafted XML-RPC request containing malicious serialized data to /xmlrpc to gain remote command execution as the SYSTEM user. This...

Multi-Language Hotel Management 2022 1.0 SQL Injection Vulnerability

Title: Multi-Language-Hotel-Management-2022 1.0 SQLi Author: nu11secur1ty Vendor: https://www.nikhilbhalerao.com/ Software: https://github.com/nu11secur1ty/CVE-nu11secur1ty/blob/main/vendors/Nikhil%20Bhalerao/2022/Multi-Language-Hotel-Management-2022/Docs/sparkz.zip Reference:...

MobileIron Log4Shell Remote Command Execution Exploit

MobileIron Core is affected by the Log4Shell vulnerability whereby a JNDI string sent to the server will cause it to connect to the attacker and deserialize a malicious Java object. This results in OS command execution in the context of the tomcat user. This Metasploit module will start an LDAP...

IObit Malware Fighter 9.2 Tampering / Privilege Escalation Vulnerability

IObit Malware Fighter version 9.2 fails to provide sufficient anti-tampering protection and that shortcoming can be leveraged to escalate to SYSTEM privileges. + Credits: Yehia Elghaly aka Mrvar0x + Website: https://mrvar0x.com/ + Source:...

uftpd 2.10 - Directory Traversal (Authenticated) Vulnerability

Exploit Title: uftpd 2.10 - Directory Traversal Authenticated Exploit Author: Aaron Esau arinerron Vendor Homepage: https://github.com/troglobit/uftpd Software Link: https://github.com/troglobit/uftpd Version: 2.7 to 2.10 Tested on: Linux CVE : CVE-2020-20277 Reference:...

Webmin 1.996 - Remote Code Execution (Authenticated) Exploit

Exploit Title: Webmin 1.996 - Remote Code Execution RCE Authenticated Exploit Author: Emir Polat Technical analysis: https://medium.com/@emirpolat/cve-2022-36446-webmin-1-997-7a9225af3165 Vendor Homepage: https://www.webmin.com/ Software Link: https://www.webmin.com/download.html Version: 1.997...

mPDF 7.0 - Local File Inclusion Exploit

Exploit Title: mPDF 7.0 - Local File Inclusion Exploit Author: Musyoka Ian Vendor Homepage: https://mpdf.github.io/ Software Link: https://mpdf.github.io/ Version: CuteNews Tested on: Ubuntu 20.04, mPDF 7.0.x CVE: N/A !/usr/bin/env python3 from urllib.parse import quote from cmd import Cmd from...

CuteEditor for PHP 6.6 - Directory Traversal Vulnerability

Exploit Title: CuteEditor for PHP 6.6 - Directory Traversal Exploit Author: Stefan Hesselman Vendor Homepage: http://phphtmledit.com/ Software Link: http://phphtmledit.com/download/phphtmledit.zip Version: 6.6 Tested on: Windows Server 2019 CVE : N/A There is a path traversal vulnerability in the...