39001 matches found
Windows MultiPoint Server 2011 RpcEptMapper and Dnschade Local Privilege Escalation Vulnerability
Exploit Title: Windows MultiPoint Server 2011 SP1 - RpcEptMapper and Dnschade Local Privilege Escalation Exploit Author: it Vendor Homepage: https://www.microsoft.com Software Link: https://www.microsoft.com/pt-br/download/details.aspx?id=8518 Version: Version 6.1 Compilation 7601 Service Pack 1...
Mumara Classic 2.93 - (license) SQL Injection (Unauthenticated) Vulnerability
Exploit Title: Mumara Classic 2.93 - 'license' SQL Injection Unauthenticated Exploit Author: v0yager Shain Lakin Vendor Homepage: https://mumara.com Version: = 2.93 Tested on: CentOS 7 -==== Vulnerability ====- An SQL injection vulnerability in licenseupdate.php in Mumara Classic through 2.93...
Apache HTTP Server 2.4.50 - Remote Code Execution Exploit (3)
Exploit Title: Apache HTTP Server 2.4.50 - Remote Code Execution RCE 3 Exploit Author: Valentin Lobstein Vendor Homepage: https://apache.org/ Software Link: https://github.com/Balgogan/CVE-2021-41773 Version: Apache 2.4.49/2.4.50 CGI enabled Tested on: Debian GNU/Linux CVE : CVE-2021-41773 /...
AbsoluteTelnet 11.24 - (Phone) Denial of Service Exploit
Exploit Title: AbsoluteTelnet 11.24 - 'Phone' Denial of Service PoC Discovered by: Yehia Elghaly Vendor Homepage: https://www.celestialsoftware.net/ Software Link : https://www.celestialsoftware.net/telnet/AbsoluteTelnet32.11.24.exe Tested Version: 11.24 Vulnerability Type: Denial of Service DoS...
AbsoluteTelnet 11.24 - (Username) Denial of Service Exploit
Exploit Title: AbsoluteTelnet 11.24 - 'Username' Denial of Service PoC Discovered by: Yehia Elghaly Vendor Homepage: https://www.celestialsoftware.net/ Software Link: https://www.celestialsoftware.net/telnet/AbsoluteTelnet32.11.24.exe Tested Version: 11.24 Vulnerability Type: Denial of Service Do...
YeaLink SIP-TXXXP 53.84.0.15 - (cmd) Command Injection Vulnerability
Exploit Title: YeaLink SIP-TXXXP 53.84.0.15 - 'cmd' Command Injection Authenticated Exploit Author: tahaafarooq Vendor Homepage: https://www.yealink.com/ Version: 53.84.0.15 Tested on: YeaLink IP Phone SIP-T19P Hadrware VOIP Phone Description: Using Diagnostic tool from the Networking Tab to...
FormaLMS 2.4.4 - Authentication Bypass Exploit
Exploit Title: FormaLMS 2.4.4 - Authentication Bypass Google Dork: inurl:index.php?r=adm/ Exploit Author: Cristian 'void' Giustini @ Hacktive Security Vendor Homepage: https://formalms.org Software Link: https://formalms.org Version: = 2.4.4 Tested on: Linux CVE : CVE-2021-43136 Info: An...
Employee and Visitor Gate Pass Logging System 1.0 - (name) Stored Cross-Site Scripting Vulnerability
Exploit Title: Employee and Visitor Gate Pass Logging System 1.0 - 'name' Stored Cross-Site Scripting XSS Exploit Author: İlhami Selamet Vendor Homepage: https://www.sourcecodester.com/php/15026/employee-and-visitor-gate-pass-logging-system-php-source-code.html Software Link:...
Dolibarr ERP / CRM 13.0.2 Cross Site Scripting Vulnerability
Stored cross-site scripting in Dolibarr ERP & CRM Overview Advisory version: 1.0 Advisory status: Public Advisory URL: https://trovent.io/security-advisory-2105-02 Affected product: Dolibarr ERP & CRM Tested versions: Dolibarr 13.0.2 Vendor: Dolibarr foundation, https://www.dolibarr.org Credits:...
Microsoft OMI Management Interface Authentication Bypass Exploit
This Metasploit module demonstrates that by removing the authentication exchange, an attacker can issue requests to the local OMI management socket that will cause it to execute an operating system command as the root user. This vulnerability was patched in OMI version 1.6.8-1 released September...
Dolibarr ERP / CRM 13.0.2 Remote Code Execution Vulnerability
Authenticated remote code execution in Dolibarr ERP & CRM Overview Advisory version: 1.0 Advisory status: Public Affected product: Dolibarr ERP & CRM Tested versions: Dolibarr 13.0.2 Vendor: Dolibarr foundation, https://www.dolibarr.org Credits: Trovent Security GmbH, Nick Decker Detailed...
Employee Daily Task Management System 1.0 - (Name) Stored Cross-Site Scripting Vulnerability
Exploit Title: Employee Daily Task Management System 1.0 - 'Name' Stored Cross-Site Scripting XSS Exploit Author: Ragavender A G Vendor Homepage: https://www.sourcecodester.com/ Software Link: https://www.sourcecodester.com/sites/default/files/download/oretnom23/edtms.zip Version: v1.0 Tested on:...
Win32k NtGdiResetDC Use-After-Free / Local Privilege Escalation Exploit
A use after free vulnerability exists in the NtGdiResetDC function of Win32k which can be leveraged by an attacker to escalate privileges to those of NT AUTHORITY\SYSTEM. The flaw exists due to the fact that this function calls hdcOpenDCW, which performs a user mode callback. During this callback...
Google Assistant Authentication Bypass Vulnerability
Google Assistant suffered from an authentication bypass vulnerability allowing a webpage to execute commands without permission. Auth Bypass in Google Assistant Summary: Webpage can execute Google Assistant commands without any permissions Steps to reproduce: Generate the TTS audio files using th...
Moodle Cross Site Scripting / Server-Side Request Forgery Vulnerabilities
Moodle versions 3.10 to 3.10.1, 3.9 to 3.9.4, 3.8 to 3.8.7, and 3.5 to 3.5.16 suffer from cross site scripting and server-side request forgery vulnerabilities. Moodle is an opensource learning management system, popular in universities and workplaces largely used to manage courses, activities and...
zlog 1.2.15 - Buffer Overflow Exploit
Exploit Title: zlog 1.2.15 - Buffer Overflow Exploit Author: LIWEI Vendor Homepage: https://github.com/HardySimpson/zlog Software Link: https://github.com/HardySimpson/zlog Version: v1.2.15 Tested on: ubuntu 18.04.2 1.- compile the zlogv1.2.15 code to a library. 2.- Use the "zloginit" API to pars...
WordPress Backup and Restore 1.0.3 Plugin - Arbitrary File Deletion Vulnerability
Exploit Title: WordPress Plugin Backup and Restore 1.0.3 - Arbitrary File Deletion Exploit Author: Murat DEMIRCI @butterflyhunt3r Vendor Homepage: https://www.miniorange.com/ Software Link: https://wordpress.org/plugins/backup-and-restore-for-wp/ Version: 1.0.3 Tested on : Windows 10 Poc:...
Froxlor 0.10.29.1 - SQL Injection (Authenticated) Vulnerability
Exploit Title: Froxlor 0.10.29.1 - SQL Injection Authenticated Exploit Author: Martin Cernac Vendor: Froxlor https://froxlor.org/ Software Link: https://froxlor.org/download.php Affected Version: 0.10.28, 0.10.29, 0.10.29.1 Patched Version: 0.10.30 Category: Web Application Tested on: Ubuntu CVE:...
FusionPBX 4.5.29 - Remote Code Execution (Authenticated) Exploit
Exploit Title: FusionPBX 4.5.29 - Remote Code Execution RCE Authenticated Exploit Author: Luska Vendor Homepage: https://www.fusionpbx.com/ Software Link: https://github.com/fusionpbx/fusionpbx Version: 4.5.30 Tested on: Debian CVE : CVE-2021-43405 !/usr/bin/python3 import requests from...
Simple Client Management System 1.0 - SQL injection Authentication Bypass Vulnerability
Exploit Title: Simple Client Management System 1.0 - SQLi Authentication Bypass Exploit Author: Sentinal920 Category: Web application Vendor Homepage: https://www.sourcecodester.com/php/15027/simple-client-management-system-php-source-code.html Software Link:...
Kmaleon 1.1.0.205 - (tipocomb) SQL Injection Vulnerability
Exploit Title: Kmaleon 1.1.0.205 - 'tipocomb' SQL Injection Authenticated Google Dork: intitle: "Inicio de Sesión - Kmaleon" Exploit Author: Amel BOUZIANE-LEBLOND Vendor Homepage: https://www.levelprograms.com Software Link: https://www.levelprograms.com/kmaleon-abogados/ Version: v1.1.0.205 Test...
Simple Client Management System 1.0 - (multiple) Stored Cross-Site Scripting Vulnerability
Exploit Title: Simple Client Management System 1.0 - 'multiple' Stored Cross-Site Scripting XSS Exploit Author: Sentinal920 Category: Web application Vendor Homepage: https://www.sourcecodester.com/php/15027/simple-client-management-system-php-source-code.html Software Link:...
Money Transfer Management System 1.0 - Authentication Bypass Vulnerability
Exploit Title: Money Transfer Management System 1.0 - Authentication Bypass Exploit Author: Aryan Chehreghani Vendor Homepage: https://www.sourcecodester.com Software Link: https://www.sourcecodester.com/php/15015/money-transfer-management-system-send-money-businesses-php-free-source-code.html...
Pentaho Business Analytics / Pentaho Business Server 9.1 Insufficient Access Control Vulnerability
Pentaho implements a series of web services using the SOAP protocol to allow scripting interaction with the backend server. While most of the interfaces correctly implement ACL, the Data Source Management Service located at /pentaho/webservices/datasourceMgmtService allows low-privilege...
Pentaho Business Analytics / Pentaho Business Server 9.1 SQL Injection Vulnerability
Pentaho allows users to create and manage Data Sources. Users can select a Data Source when creating a Dashboard through the Pentaho User Console. When a Data Source is added, Pentaho makes a HTTP request to the dashboards editor /pentaho/api/repos/dashboards/editor in order to test the connectio...
Pentaho Business Analytics / Pentaho Business Server 9.1 Remote Code Execution Vulnerability
Pentaho allows users to create and run Pentaho Report Bundles .prpt. Users can create PRPT reports by utilizing the Pentaho Designer application and can include BeanShell Script functions to ease the production of complex reports. However, the BeanShell Script functions can allow for the executio...
Pentaho Business Analytics / Pentaho Business Server 9.1 Authentication Bypass Vulnerability
Product: Pentaho Business Analytics / Pentaho Business Server Vendor / Manufacturer: Hitachi Vantara Affected Versions: sec:intercept-url pattern="\A/api/.\Z" access="Authent...
Pentaho Business Analytics / Pentaho Business Server 9.1 Filename Bypass Vulnerability
Pentaho allows users to upload various files of different file types. The upload service is implemented under the /pentaho/UploadService endpoint. The file types allowed by the application are csv, dat, txt, tar, zip, tgz, gz, gzip. When uploading a file with an extension other than the allowed...
Pentaho Business Analytics / Pentaho Business Server 9.1 User Enumeration Vulnerability
Pentaho implements a series of web services using the SOAP protocol to allow scripting interaction with the backend server. HAWSEC identified that the services userRoleListService and ServiceAction exposed through the /pentaho/webservices/userRoleListService and...
HealthForYou 1.11.1 / HealthCoach 2.9.2 Missing Password Policy Vulnerability
HealthForYou version 1.11.1 and HealthCoach version 2.9.2 are missing a server-side password policy. When creating an account or changing your password the mobile and web application both check the password against the password policy. But the API assumes that the given password is already checke...
PHP Event Calendar Lite Edition SQL Injection Vulnerability
Product: PHP Event Calendar Manufacturer: Kayson Group Ltd. Affected Versions: PHP Event Calendar Lite edition Tested Versions: PHP Event Calendar Lite edition Vulnerability Type: SQL injection CWE-89 Risk Level: High Solution Status: Closed Manufacturer Notification: 2021-08-09 Solution Date:...
IBM Sterling B2B Integrator Cross Site Scripting Vulnerability
IBM Sterling B2B Integrator suffers from a cross site scripting vulnerability. Versions affected include 5.2.0.0 through 5.2.6.53, 6.0.0.0 through 6.0.3.4, and 6.1.0.0 through 6.1.0.2. ======================================================================= title: Reflected cross-site scripting...
10-Strike Network Inventory Explorer Pro 9.31 - (srvInventoryWebServer) Unquoted Service Path
Exploit Title: 10-Strike Network Inventory Explorer Pro 9.31 - 'srvInventoryWebServer' Unquoted Service Path Discovery by: Brian Rodriguez Vendor Homepage: https://www.10-strike.com/ Software Link: https://www.10-strike.com/networkinventoryexplorer/network-inventory-pro-setup.exe Tested Version:...
Payment Terminal 3.1 - (Multiple) Cross-Site Scripting Vulnerability
Exploit Title: Payment Terminal 3.1 - 'Multiple' Cross-Site Scripting XSS Exploit Author: Vulnerability Lab Vendor Homepage: https://www.criticalgears.com/ Software Link: https://www.criticalgears.com/product/authorize-net-payment-terminal/...
ImportExportTools NG 10.0.4 - HTML Injection Vulnerability
Exploit Title: ImportExportTools NG 10.0.4 - HTML Injection Date: 2021-11-05 Exploit Author: Vulnerability Lab Vendor Homepage: https://github.com/thundernest/import-export-tools-ng Software Link: https://addons.thunderbird.net/en-US/thunderbird/addon/importexporttools-ng/ Version: 10.0.4 Tested...
PHP Event Calendar Lite Edition Cross Site Scripting Vulnerability
Product: PHP Event Calendar Manufacturer: Kayson Group Ltd. Affected Versions: PHP Event Calendar Lite edition Tested Versions: PHP Event Calendar Lite edition Vulnerability Type: Cross-site Scripting CWE-79 Risk Level: High Solution Status: Open Manufacturer Notification: 2021-08-09 Public...
Opencart 3 Extension TMD Vendor System - Blind SQL Injection Exploit
Exploit Title: Opencart 3 Extension TMD Vendor System - Blind SQL Injection Author: Muhammad Zaki Sulistya email protected Product: TMD Vendor System Vendor Homepage: https://www.opencartextensions.in/ Software Link: https://www.opencartextensions.in/opencart-multi-vendor-multi-seller-marketplace...
GitLab Unauthenticated Remote ExifTool Command Injection Exploit
This Metasploit module exploits an unauthenticated file upload and command injection vulnerability in GitLab Community Edition CE and Enterprise Edition EE. The patched versions are 13.10.3, 13.9.6, and 13.8.8. Exploitation will result in command execution as the git user. This module requires...
Simplephpscripts Simple CMS 2.1 - (Multiple) Stored Cross-Site Scripting Vulnerability
Exploit Title: Simplephpscripts Simple CMS 2.1 - 'Multiple' Stored Cross-Site Scripting XSS Vendor Homepage: https://simplephpscripts.com/simple-cms-php Version: 2.1 Product & Service Introduction: =============================== The system could be used only in already existing websites to contr...
Fuel CMS 1.4.1 - Remote Code Execution Exploit (3)
Exploit Title: Fuel CMS 1.4.1 - Remote Code Execution 3 Exploit Author: Padsala Trushal Vendor Homepage: https://www.getfuelcms.com/ Software Link: https://github.com/daylightstudio/FUEL-CMS/releases/tag/1.4.1 Version: ',epilog=f'EXAMPLE - python3 sys.argv0 -u http://10.10.21.74'...
Vanguard 2.1 - (Search) Cross-Site Scripting Vulnerability
Exploit Title: Vanguard 2.1 - 'Search' Cross-Site Scripting XSS Vendor Homepage: https://codecanyon.net/item/vanguard-marketplace-digital-products-php/20287975 Version: 2.1 Product & Service Introduction: ===============================...
OpenAM 13.0 - LDAP Injection Exploit
Exploit Title: OpenAM 13.0 - LDAP Injection Exploit Author: Charlton Trezevant, GuidePoint Security Vendor Homepage: https://www.forgerock.com/ Software Link: https://github.com/OpenIdentityPlatform/OpenAM/releases/tag/13.0.0,...
Sonicwall SonicOS 6.5.4 - (Common Name) Cross-Site Scripting Vulnerability
Exploit Title: Sonicwall SonicOS 6.5.4 - 'Common Name' Cross-Site Scripting XSS Vendor Homepage: https://www.sonicguard.com/NSV-800.asp Product & Service Introduction: =============================== The design, implementation and deployment of modern network architectures, such as virtualization...
Ultimate POS 4.4 - (name) Cross-Site Scripting Vulnerability
Exploit Title: Ultimate POS 4.4 - 'name' Cross-Site Scripting XSS Vendor Homepage: https://ultimatefosters.com/docs/ultimatepos/ Version: 4.4 Product & Service Introduction: =============================== The Ultimate POS is a erp, stock management, point of sale & invoicing web-application. The...
Mult-e-Cart Ultimate 2.4 - (id) SQL Injection Vulnerability
Exploit Title: Mult-e-Cart Ultimate 2.4 - 'id' SQL Injection Vendor Homepage: https://multecart.com/ Version: 2.4 Product & Service Introduction: =============================== Digital Multivendor Marketplace Online Store - eShop CMS Source: https://ultimate.multecart.com/ &...
WordPress Popup Anything 2.0.3 Plugin - (Multiple) Stored Cross-Site Scripting Vulnerability
Exploit Title: WordPress Plugin Popup Anything 2.0.3 - 'Multiple' Stored Cross-Site Scripting XSS Exploit Author: Luca Schembri Vendor Homepage: https://www.essentialplugin.com/ Software Link: https://wordpress.org/plugins/popup-anything-on-click/ Version: 2.0.4 Summary A user with a low privileg...
Simplephpscripts Simple CMS 2.1 - (Multiple) SQL Injection Vulnerability
Exploit Title: Simplephpscripts Simple CMS 2.1 - 'Multiple' SQL Injection Vendor Homepage: https://simplephpscripts.com/simple-cms-php Version: 2.1 Product & Service Introduction: =============================== The system could be used only in already existing websites to control their page...
PHP Melody 3.0 - (vid) SQL Injection Vulnerability
Exploit Title: PHP Melody 3.0 - 'vid' SQL Injection Vendor Homepage: https://www.phpsugar.com/phpmelody.html Version: v3 Product & Service Introduction: =============================== Upload, import, stream or embed any media. The smart way to manage audio & video. Comes with all the tools you...
PHPJabbers Simple CMS 5 - (name) Persistent Cross-Site Scripting Vulnerability
Exploit Title: PHPJabbers Simple CMS 5 - 'name' Persistent Cross-Site Scripting XSS Google Dork: subtitle:Copyright © 2021 PHPJabbers.com Date: 2021-10-28 Exploit Author: Vulnerability-Lab Vendor Homepage: https://www.phpjabbers.com/faq.php Software Link: https://www.phpjabbers.com/simple-cms/...
WordPress Hotel Listing 3 Plugin - (Multiple) Cross-Site Scripting Vulnerability
Exploit Title: WordPress Plugin Hotel Listing 3 - 'Multiple' Cross-Site Scripting XSS Exploit Author: Vulnerability Lab Vendor Homepage: https://hotel.eplug-ins.com/ Software Link: https://hotel.eplug-ins.com/hoteldoc/ Version: v3 Document Title: =============== Hotel Listing WP Plugin v3.x -...