VICIdial 2.14-917a Remote Code Execution Vulnerability

An attacker with authenticated access to VICIdial version 2.14-917a as an agent can execute arbitrary shell commands as the root user. This attack can be chained with CVE-2024-8503 to execute arbitrary shell commands starting from an unauthenticated perspective. Title: VICIdial Authenticated Remo...

ASIS 3.2.0 SQL Injection Vulnerability

Aplikasi Sistem Sekolah using CodeIgniter 3 versions 3.0.0 through 3.2.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass...

Linux Kernel 5.6.13 Use-After-Free Exploit

Proof of concept exploit that uses a use-after-free vulnerability due to a race condition in MIDI devices in Linux Kernel version 5.6.13. // gcc -o exploit exploit.c -masm=intel -static -s -lpthread define GNUSOURCE include include include include include include include include include include...

IntelliNet 2.0 Remote Root Exploit

Zero day remote root exploit for IntelliNet version 2.0. It affects multiple devices of AES Corp and Siemens. The exploit provides a remote shell and escalates your permissions to full root permissions by abusing execsuid. No authentication needed at all, neither any interaction from the victim...

WordPress GiveWP Donation / Fundraising Platform 3.14.1 Code Execution Exploit

The GiveWP Donation plugin and Fundraising Platform plugin for WordPress in all versions up to and including 3.14.1 is vulnerable to a PHP object injection POI flaw granting an unauthenticated attacker arbitrary code execution. This module requires Metasploit: https://metasploit.com/download...

pgAdmin 8.4 Remote Code Execution Exploit

pgAdmin versions 8.4 and below are affected by a remote code execution vulnerability through the validate binary path API. This vulnerability allows attackers to execute arbitrary code on the server hosting PGAdmin, posing a severe risk to the database management system's integrity and the securi...

vTiger CRM 7.4.0 Cross Site Scripting / Open Redirection Vulnerabilities

CVE-ID:CVE-2024-44778 ------------------------------------------ Suggested description:A reflected cross-site scripting XSS vulnerability in the parent parameter in the index page of vTiger CRM 7.4.0 allows attackers to execute arbitrary code in the context of a user's browser via injecting a...

Invesalius 3.1 Remote Code Execution Exploit

Invesalius versions 3.1.99991 through 3.1.99998 suffer from a remote code execution vulnerability. The exploitation steps of this vulnerability involve the use of a specifically crafted DICOM file which, once imported inside the victim's client application, allows an attacker to gain remote code...

Windows TCP/IP - Remote Code Execution Checker and Denial of Service Exploit

Microsoft Windows IPv6 vulnerability checking proof of concept python script that causes a denial of service. Windows 10 and 11 versions under 10.0.26100.1457 and Server 2016-2019-2022 versions under 10.0.17763.6189 are affected. !/usr/bin/env python3 -- coding: utf-8 -- Exploit Title: Windows IP...

Gitea 1.22.0 - Stored XSS Vulnerability

Exploit Title: Stored XSS in Gitea Exploit Authors: Catalin Iovita & Alexandru Postolache Vendor Homepage: https://github.com/go-gitea/gitea Version: 1.22.0 Tested on: Linux 5.15.0-107, Go 1.23.0 CVE: CVE-2024-6886 Vulnerability Description Gitea 1.22.0 is vulnerable to a Stored Cross-Site...

NoteMark < 0.13.0 - Stored XSS Vulnerability

Exploit Title: Stored XSS in NoteMark Exploit Author: Alessio Romano sfoffo Vendor Homepage: https://notemark.docs.enchantedcode.co.uk/ Version: 0.13.0 and below Tested on: Linux References: https://notes.sfoffo.com/contributions/2024-contributions/cve-2024-41819,...

Ray cpu_profile Command Injection Exploit

This Metasploit module demonstrates a command injection vulnerability in Ray via cpuprofile. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Ray cpuprofile command injection', 'Description' = %...

Aurba 501 - Authenticated Remote Code Execution Exploit

Exploit Title: Remote Command Execution | Aurba 501 Exploit Author: Hosein Vita Vendor Homepage: https://www.hpe.com Version: Aurba 501 CN12G5W0XX Tested on: Linux import requests from requests.auth import HTTPBasicAuth def getinputprompt, defaultvalue: userinput = inputprompt return userinput if...

Ray Agent Job Remote Code Execution Exploit

This Metasploit modules demonstrates remote code execution in Ray via the agent job submission endpoint. This is intended functionality as Ray's main purpose is executing arbitrary workloads. By default Ray has no authentication. This module requires Metasploit: https://metasploit.com/download...

HughesNet HT2000W Satellite Modem - Password Reset Exploit

Exploit Title: HughesNet HT2000W Satellite Modem Arcadyan httpd 1.0 - Password Reset Exploit Author: Simon Greenblatt Vendor: HughesNet Version: Arcadyan httpd 1.0 Tested on: Linux CVE: CVE-2021-20090 import sys import requests import re import base64 import hashlib import urllib red = "\0330;41m...

Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Device Config Vulnerability

Elber ESE DVB-S/S2 Satellite Receiver 1.5.x Device Config Vendor: Elber S.r.l. Product web page: https://www.elber.it Affected version: 1.5.179 Revision 904 1.5.56 Revision 884 1.229 Revision 440 Summary: ESE Elber Satellite Equipment product line, designed for the high-end radio contribution and...

Calibre-web 0.6.21 - Stored XSS Vulnerability

Exploit Title: Stored XSS in Calibre-web Exploit Authors: Pentest-Tools.com Catalin Iovita & Alexandru Postolache Vendor Homepage: https://github.com/janeczku/calibre-web/ Version: 0.6.21 - Romesa Tested on: Linux 5.15.0-107, Python 3.10.12, lxml 4.9.4 CVE: CVE-2024-39123 Vulnerability Descriptio...

Helpdeskz v2.0.2 - Stored XSS Vulnerability

Exploit Title: Stored XSS Vulnerability via File Name Exploit Author: Md. Sadikul Islam Vendor Homepage: https://www.helpdeskz.com/ Software Link: https://github.com/helpdesk-z/helpdeskz-dev/archive/2.0.2.zip Version: v2.0.2 Tested on: Kali Linux / Firefox 115.1.0esr 64-bit CVE : N/A Payload: "...

Elber Wayber Analog/Digital Audio STL 4.00 - Device Config Disclosure Vulnerability

Elber Wayber Analog/Digital Audio STL 4.00 Device Config Vendor: Elber S.r.l. Product web page: https://www.elber.it Affected version: Version 3.0.0 Revision 1553 Firmware Ver. 4.00 Rev. 1501 Version 3.0.0 Revision 1542 Firmware Ver. 4.00 Rev. 1516 Version 3.0.0 Revision 1530 Firmware Ver. 4.00...

Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Authentication Bypass Vulnerability

Elber ESE DVB-S/S2 Satellite Receiver 1.5.x Authentication Bypass Vendor: Elber S.r.l. Product web page: https://www.elber.it Affected version: 1.5.179 Revision 904 1.5.56 Revision 884 1.229 Revision 440 Summary: ESE Elber Satellite Equipment product line, designed for the high-end radio...

Elber Wayber Analog/Digital Audio STL 4.00 - Authentication Bypass Vulnerability

Elber Wayber Analog/Digital Audio STL 4.00 Authentication Bypass Vendor: Elber S.r.l. Product web page: https://www.elber.it Affected version: Version 3.0.0 Revision 1553 Firmware Ver. 4.00 Rev. 1501 Version 3.0.0 Revision 1542 Firmware Ver. 4.00 Rev. 1516 Version 3.0.0 Revision 1530 Firmware Ver...

DIAEnergie 1.10 SQL Injection Exploit

This Metasploit module exploit a remote SQL injection vulnerability in the CBEC service of DIAEnergie versions 1.10 and below from Delta Electronics. The commands will get executed in the context of NT AUTHORITY\SYSTEM. class MetasploitModule 'DIAEnergie SQL Injection CVE-2024-4548', 'Description...

SPIP 4.2.12 Remote Code Execution Exploit

This Metasploit module exploits a remote code execution vulnerability in SPIP versions up to and including 4.2.12. The vulnerability occurs in SPIP's templating system where it incorrectly handles user-supplied input, allowing an attacker to inject and execute arbitrary PHP code. This can be...

Build Your Own Botnet 2.0.0 Remote Code Execution Exploit

Build Your Own Botnet BYOB version 2.0.0 exploit that works by spoofing an agent callback to overwrite the sqlite database and bypass authentication and exploiting an authenticated command injection in the payload builder page. Exploit Title: BYOB Build Your Own Botnet v2.0.0 Unauthenticated RCE...

OpenMetadata 1.2.3 Authentication Bypass / SpEL Injection Exploit

This Metasploit module exploits OpenMetadata versions 1.2.3 and below by chaining an API authentication bypass using JWT tokens along with a SpEL injection vulnerability to achieve arbitrary command execution. This module requires Metasploit: https://metasploit.com/download Current source:...

Apache HugeGraph Gremlin Remote Code Execution Exploit

This Metasploit module exploits CVE-2024-27348, a remote code execution vulnerability that exists in Apache HugeGraph Server in versions before 1.3.0. An attacker can bypass the sandbox restrictions and achieve remote code execution through Gremlin, resulting in complete control over the server...

LG Simple Editor 3.21.0 Command Injection Exploit

LG Simple Editor versions 3.21.0 and below suffer from an unauthenticated command injection vulnerability. The vulnerability can be exploited by a remote attacker to inject arbitrary operating system commands which will get executed in the context of NT AUTHORITY\SYSTEM. class MetasploitModule 'L...

WordPress PVN Auth Popup 1.0.0 Cross Site Scripting Vulnerability

Exploit Title: PVN Auth Popup alert1 for the "Login text" input 3. Save and see the XSS Note: Other fields are likely vulnerable...

WordPress Profilepro 1.3 Cross Site Scripting Vulnerability

Exploit Title: profilepro if !response.ok throw new Error'Network response was not ok'; return response.text; .thendata = console.logdata .catcherror = console.error'Error:', error; - As an admin, go to http://example.com/wp-admin/edit.php?posttype=profileproform - Choose the default profile, cli...

WordPress Light Poll 1.0.0 Cross Site Request Forgery Vulnerability

Exploit Title: Light Poll history.pushState'', '', '/'; document.forms0.submit; Reference: https://wpscan.com/vulnerability/d598eabd-a87a-4e3e-be46-a5c5cc3f130e/ Exploit Title: Light Poll and are valid: https://example.com/wp-admin/admin.php?page=pollsettings&task=r...

WordPress MapFig Studio 0.2.1 Cross Site Request Forgery / Cross Site Scripting Vulnerabilities

WordPress MapFig Studio plugin versions 0.2.1 and below suffer from cross site request forgery and cross site scripting vulnerabilities. Exploit Title: MapFig Studio alert1" / alert1" / history.pushState'', '', '/'; document.forms0.submit;...

Journyx 11.5.4 Authenticated Remote Code Execution Vulnerability

Journyx version 11.5.4 has an issue where attackers with a valid username and password can exploit a python code injection vulnerability during the natural login flow. Title: Journyx Authenticated Remote Code Execution Advisory ID: KL-001-2024-008 Publication Date: 2024.08.07 Publication URL:...

Calibre 7.15.0 Python Code Injection Exploit

This Metasploit module exploits a Python code injection vulnerability in the Content Server component of Calibre version 6.9.0 through 7.15.0. Once enabled disabled by default, it will listen in its default configuration on all network interfaces on TCP port 8080 for incoming traffic, and does no...

Open WebUI 0.1.105 File Upload / Path Traversal Vulnerabilities

Title: Open WebUI Arbitrary File Upload + Path Traversal Publication URL: https://korelogic.com/Resources/Advisories/KL-001-2024-006.txt 1. Vulnerability Details Affected Vendor: Open WebUI Affected Product: Open WebUI Affected Version: 0.1.105 Platform: Debian 12 CWE Classification: CWE-22:...

Open WebUI 0.1.105 Persistent Cross Site Scripting Vulnerability

Title: Open WebUI Stored Cross-Site Scripting Publication URL: https://korelogic.com/Resources/Advisories/KL-001-2024-005.txt 1. Vulnerability Details Affected Vendor: Open WebUI Affected Product: Open WebUI Affected Version: 0.1.105 Platform: Debian 12 CWE Classification: CWE-79: Improper...

Journyx 11.5.4 XML Injection Vulnerability

Journyx version 11.5.4 has an issue where the soapcgi.pyc API handler allows the XML body of SOAP requests to contain references to external entities. This allows an unauthenticated attacker to read local files, perform server-side request forgery, and overwhelm the web server resources. Title:...

Journyx 11.5.4 Unauthenticated Password Reset Bruteforce Vulnerability

Journyx version 11.5.4 suffers from an issue where password reset tokens are generated using an insecure source of randomness. Attackers who know the username of the Journyx installation user can bruteforce the password reset and change the administrator password. Title: Journyx Unauthenticated...

Windows Firewall Control 6.11.0 Unquoted Service Path Vulnerability

Exploit Title: Microsoft Windows Firewall Control 6.11.0 - Unquoted Service Path Exploit Author: Milad Karimi Ex3ptionaL Contact: email protected Zone-H: www.zone-h.org/archive/notifier=Ex3ptionaL MiRROR-H: https://mirror-h.org/search/hacker/49626/ Vendor Homepage: http://www.binisoft.org Softwar...

Journyx 11.5.4 Cross Site Scripting Vulnerability

Journyx version 11.5.4 suffers from a cross site scripting vulnerability due to mishandling of the errordescription during an active directory login flow. Title: Journyx Reflected Cross Site Scripting Publication URL: https://korelogic.com/Resources/Advisories/KL-001-2024-009.txt 1. Vulnerability...

Leads Manager Tool SQL Injection / Cross Site Scripting Vulnerabilities

x========================================================================================================================================x | Title : Leads Manager Tool SQL & XSSstored Vulnerabilities | Software : Leads Manager Tool Using PHP and MySQL with Source Code | Create By :...

Linux DRM drm_file_update_pid() Race Condition / Use-After-Free Exploit

Linux DRM has drmfileupdatepid call to getpid too late, which creates a race condition that can lead to use-after-free issue of a struct pid. Linux: DRM: refcount incremented too late in drmfileupdatepid I am sending this to security@ and to the drm-misc maintainers - based on...

Computer Laboratory Management System 1.0 Privilege Escalation Vulnerability

Exploit Title: Computer Laboratory Management System v1.0 - Incorrect access control Exploit Author: Sampath kumar kadajari Vendor Homepage: https://www.sourcecodester.com/php/17268/computer-laboratory-management-system-using-php-and-mysql.html Software Link:...

Microweber 2.0.15 Cross Site Scripting Vulnerability

Microweber version 1.0 suffers from a cross site scripting vulnerability in the search functionality. Original discovery of cross site scripting in this version is attributed to tmrswrr in June of 2024. Exploit Title: Microweber =v2.0.15 - Reflected Cross-Site Scripting XSS Exploit Author: Prerak...

Online Shopping Portal Project 2.0 SQL Injection Vulnerability

x========================================================================================================================================x | Title : Online Shopping Portal Project 2.0 SQL Vulnerabilities | Software : Online Shopping Portal Project | Create By :...

Dolphin 7.4.2 Blind SQL Injection Vulnerability

Exploit Title: Blind SQL Injection - dolphinv7.4.2. Date: 8/2024 Exploit Author: Andrey Stoykov Version: 7.4.2 Tested on: Ubuntu 22.04 Blog: https://msecureltd.blogspot.com/2024/07/friday-fun-pentest-series-8-dolphinv742.html SQL Injection: Steps to Reproduce: 1. Navigate to "Builders" menu 2. Th...

WordPress PayPlus Payment Gateway SQL Injection Exploit

!/usr/bin/env python3.11 import requests import time def exploiturl: payload = "wc-api": "payplusgateway&statuscode=true&moreinfo=selectfromselectsleep5a" start = time.time with requests.Session as session: session.headers.update 'User-Agent': 'Mozilla/5.0 Windows NT 10.0; Win64; x64...

Tourism Management System 2.0 Cross Site Scripting Vulnerability

Exploit Title: Tourism Management System v2.0 - Cross Site Scripting XSS Exploit Author: Sampath kumar kadajari Vendor Homepage: https://phpgurukul.com/tourism-management-system-free-download/ Software Link: https://phpgurukul.com/?sdmprocessdownload=1&downloadid=7204 Version: v2.0 CVE:...

ReadyMade Unilevel Ecommerce MLM Blind SQL Injection / Cross Site Scripting Vulnerabilities

Readymade Unilevel Ecommerce MLM suffers from remote blind SQL injection and cross site scripting vulnerabilities. These issues affected the version released as late as March 15, 2024...

Genexus Protection Server 9.7.2.10 - (protsrvservice) Unquoted Service Path Vulnerability

Exploit Title: Genexus Protection Server 9.7.2.10 - 'protsrvservice' Unquoted Service Path Service Path Exploit Author : SamAlucard Vendor : Genexus Version : Genexus Protection Server 9.7.2.10 Software Link: https://www.genexus.com/en/developers/downloadcenter?data=;; Vendor Homepage :...

Oracle Database 12c Release 1 - Unquoted Service Path Vulnerability

Exploit Title: Oracle Database 12c Release 1 - Unquoted Service Path Exploit Author: Milad Karimi Ex3ptionaL Contact: email protected Zone-H: www.zone-h.org/archive/notifier=Ex3ptionaL MiRROR-H: https://mirror-h.org/search/hacker/49626/ Vendor Homepage: https://www.oracle.com/ Software Link:...