Veyon 4.4.1 - (VeyonService) Unquoted Service Path Vulnerability

Exploit Title: Veyon 4.4.1 - 'VeyonService' Unquoted Service Path Discovery by: Víctor García Vendor Homepage: https://veyon.io/ Software Link: https://github.com/veyon/veyon/releases/download/v4.4.1/veyon-4.4.1.0-win64-setup.exe Tested Version: 4.4.1 Vulnerability Type: Unquoted Service Path...

CHIYU IoT devices - (Multiple) Cross-Site Scripting Vulnerability

Exploit Title: CHIYU IoT devices - 'Multiple' Cross-Site Scripting XSS Exploit Author: sirpedrotavares Vendor Homepage: https://www.chiyu-tech.com/msg/msg88.html Software Link: https://www.chiyu-tech.com/category-hardware.html Version: BF-430, BF-431, BF-450M, BF-630, BF631-W, BF830-W, Webpass,...

CHIYU TCP/IP Converter devices - CRLF injection Vulnerability

Exploit Title: CHIYU TCP/IP Converter devices - CRLF injection Exploit Author: sirpedrotavares Vendor Homepage: https://www.chiyu-tech.com/msg/msg88.html Software Link: https://www.chiyu-tech.com/category-hardware.html Version: BF-430, BF-431, and BF-450M TCP/IP Converter devices - all firmware...

DupTerminator 1.4.5639.37199 - Denial of Service Exploit

Exploit Title: DupTerminator 1.4.5639.37199 - Denial of Service PoC Author: Brian Rodríguez Software Site: https://sourceforge.net/projects/dupterminator/ Version: 1.4.5639.37199 Category: DoS Windows Vulnerability DupTerminator is vulnerable to a DoS condition when a long list of characters is...

WordPress WP Prayer v1.6.1 Plugin - (prayer_messages) Stored Cross-Site Scripting Vulnerability

Exploit Title: WordPress Plugin WP Prayer version 1.6.1 - 'prayermessages' Stored Cross-Site Scripting XSS Authenticated Exploit Author: Bastijn Ouwendijk Vendor Homepage: http://goprayer.com/ Software Link: https://wordpress.org/plugins/wp-prayer/ Version: 1.6.1 and earlier Tested on: Windows 10...

LogonTracer 1.2.0 - Remote Code Execution (Unauthenticated) Exploit

Exploit Title: LogonTracer 1.2.0 - Remote Code Execution Unauthenticated Exploit Author: g0ldm45k Vendor Homepage: https://www.jpcert.or.jp/ Software Link: https://github.com/JPCERTCC/LogonTracer/releases/tag/v1.2.0 Version: 1.2.0 and earlier Tested on: Version 1.2.0 on Debian GNU/Linux 8 jessie...

Atlassian Jira 8.15.0 - Information Disclosure (Username Enumeration) Exploit

Exploit Title: Atlassian Jira 8.15.0 - Information Disclosure Username Enumeration Exploit Author: Mohammed Aloraimi Vendor Homepage: https://www.atlassian.com/ Software Link: https://www.atlassian.com/software/jira Vulnerable versions: version 8.11.x to 8.15.0 Tested on: Kali Linux Proof Of...

Ubee EVW327 - (Enable Remote Access) Cross-Site Request Forgery Vulnerability

Exploit Title: Ubee EVW327 - 'Enable Remote Access' Cross-Site Request Forgery CSRF Exploit Author: lated Vendor Homepage: https://www.ubeeinteractive.com Version: EVW327 document.forms0.submit;...

IPS Community Suite 4.5.4.2 PHP Code Injection Vulnerability

IPS Community Suite versions 4.5.4.2 and below suffer from a PHP code injection vulnerability. The vulnerability exists because the IPS\cms\modules\front\pages\builder::previewBlock method allows to pass arbitrary content to the IPS\Theme::runProcessFunction method, which will be used in a call t...

PHP 8.1.0-dev Backdoor Remote Command Execution Exploit (2)

PHP version 8.1.0-dev unauthenticated remote command execution proof of concept exploit that leverages the backdoor. !/usr/bin/env python3 Exploit Title: PHP 8.1.0-dev WebShell RCE Unauthenticated Exploit Author: Mayank Deshmukh Vendor Homepage: https://www.php.net/ Software Link:...

Windows Server 2019 Remote Desktop Protocol Bypass 0day Exploit

...

PHPFusion 9.03.50 - Remote Code Execution Exploit

Exploit Title: Selenium 3.141.59 - Remote Code Execution Firefox/geckodriver Exploit Author: Jon Stratton Vendor Homepage: https://www.selenium.dev/ Software Link: https://selenium-release.storage.googleapis.com/3.141/selenium-server-standalone-3.141.59.jar Version: 3.141.59 Tested on: Selenium...

Selenium 3.141.59 - Remote Code Execution (Firefox/geckodriver) Exploit

Exploit Title: Selenium 3.141.59 - Remote Code Execution Firefox/geckodriver Exploit Author: Jon Stratton Vendor Homepage: https://www.selenium.dev/ Software Link: https://selenium-release.storage.googleapis.com/3.141/selenium-server-standalone-3.141.59.jar Version: 3.141.59 Tested on: Selenium...

Trixbox 2.8.0.4 - (lang) Path Traversal Exploit

Exploit Title: Trixbox 2.8.0.4 - 'lang' Path Traversal Exploit Author: Ron Jost Hacker5preme Credits to: https://secur1tyadvisory.wordpress.com/2018/02/13/trixbox-multiple-path-traversal-vulnerabilities-cve-2017-14537/ Credits to: Sachin Wagh Vendor Homepage:...

Trixbox 2.8.0.4 - (lang) Remote Code Execution (Unauthenticated) Exploit

Exploit Title: Trixbox 2.8.0.4 - 'lang' Remote Code Execution Unauthenticated Exploit Author: Ron Jost Hacker5preme Credits to: https://secur1tyadvisory.wordpress.com/2018/02/11/trixbox-os-command-injection-vulnerability-cve-2017-14535/ Credits to: Sachin Wagh Vendor Homepage:...

WordPress LifterLMS 4.21.0 Plugin - Stored Cross-Site Scripting Vulnerability

Exploit Title: WordPress Plugin LifterLMS 4.21.0 - Stored Cross-Site Scripting XSS Exploit Author: Captainhook Vendor Homepage: https://lifterlms.com/ Software Link: https://github.com/gocodebox/lifterlms/releases/tag/4.21.0 Version: LifterLMS alert/XSS/ 3- The XSS will be stored and triggered in...

QNAP MusicStation / MalwareRemover File Upload / Command Injection Vulnerabilities

QNAP MusicStation/MalwareRemover Pre-Auth Remote Code Execution Summary QNAP MusicStation and MalwareRemover official apps are affected by an arbitrary file upload and a command injection vulnerabilities, leading to pre-auth remote root command execution. Product description from vendor “QNAP...

CommScope Ruckus IoT Controller 1.7.1.0 Unauthenticated API Endpoints Vulnerability

Three API endpoints for the IoT Controller are accessible without authentication. Two of the endpoints result in information leakage and consumption of computing/storage resources. The third API endpoint that does not require authentication allows for a factory reset of the IoT Controller...

CommScope Ruckus IoT Controller 1.7.1.0 Web Application Directory Traversal Vulnerability

A Python script web.py for a Dockerized webservice contains a directory traversal vulnerability, which can be leveraged by an authenticated attacker to view the contents of directories on the IoT Controller. CommScope Ruckus IoT Controller 1.7.1.0 Web Application Directory Traversal Vulnerability...

CommScope Ruckus IoT Controller 1.7.1.0 Undocumented Account Vulnerability

An upgrade account is included in the IoT Controller OVA that provides the vendor undocumented access via Secure Copy SCP. 1. Vulnerability Details Affected Vendor: CommScope Affected Product: Ruckus IoT Controller Affected Version: 1.7.1.0 and earlier Platform: Linux CWE Classification: CWE-798:...

CommScope Ruckus IoT Controller 1.7.1.0 Hard-Coded Web Application Administrator Password

An undocumented, administrative-level, hard-coded web application account exists in the IoT Controller OVA which cannot be changed by the customer. CommScope Ruckus IoT Controller 1.7.1.0 Hard-Coded Web Application Administrator Password Vulnerability 1. Vulnerability Details Affected Vendor:...

CommScope Ruckus IoT Controller 1.7.1.0 Hard-Coded API Keys Exposed Vulnerability

CommScope Ruckus IoT Controller 1.7.1.0 Hard-Coded API Keys Exposed Vulnerability 1. Vulnerability Details Affected Vendor: CommScope Affected Product: Ruckus IoT Controller Affected Version: 1.7.1.0 and earlier Platform: Linux CWE Classification: CWE-798: Use of Hard-coded Credentials CVE ID:...

Pandora FMS 6.0SP3 Cross Site Scripting Vulnerability

Exploit Title: XSS vulnerability for keywords searching parameter in pandorafms-6.0SP3/pandoraconsole Author: @nu11secur1ty Testing and Debugging: @nu11secur1ty Vendor: https://pandorafms.com/ Link: https://github.com/pandorafms/pandorafms/releases CVE: 2021-0527-nu11secur1ty Proof:...

CommScope Ruckus IoT Controller 1.7.1.0 Web Application Arbitrary Read/Write Vulnerability

The IoT Controller web application includes a NodeJS module, node-red, which has the capability for users to read or write to local files on the IoT Controller. With the elevated privileges the web application runs as, this allowed for reading and writing to any file on the IoT Controller...

Postbird 0.8.4 - Javascript Injection Exploit

Exploit Title: Postbird 0.8.4 - Javascript Injection Exploit Author: Debshubra Chakraborty Vendor Homepage: https://github.com/paxa/postbird Software Link: https://www.electronjs.org/apps/postbird Version: 0.8.4 Tested on: Linux CVE : CVE-2021-33570 """ XSS Payload LFI Payload PostgreSQL Password...

CommScope Ruckus IoT Controller 1.7.1.0 Hard-Coded System Passwords Vulnerability

CommScope Ruckus IoT Controller 1.7.1.0 Hard-Coded System Passwords Vulnerability 1. Vulnerability Details Affected Vendor: CommScope Affected Product: Ruckus IoT Controller Affected Version: 1.7.1.0 and earlier Platform: Linux CWE Classification: CWE-259: Use of Hard-coded Password CVE ID:...

nginx 1.20.0 DNS Resolver Off-By-One Heap Write Exploit

An off-by-one error in ngxresolvercopy while processing DNS responses allows a network attacker to write a dot character '.', 0x2E out of bounds in a heap allocated buffer. The vulnerability can be triggered by a DNS response in reply to a DNS request from nginx when the resolver primitive is...

Codiad 2.8.4 - Remote Code Execution (Authenticated) Exploit (3)

Exploit Title: Codiad 2.8.4 - Remote Code Execution Authenticated 3 Exploit Author: Ron Jost Hacker5preme Vendor Homepage: http://codiad.com/ Software Link: https://github.com/Codiad/Codiad/releases/tag/v.2.8.4 Version: 2.8.4 Tested on Xubuntu 20.04 CVE: CVE-2018-19423 ''' Description: Codiad 2.8...

i-doit 1.15.2 Cross Site Scripting Vulnerability

Exploit Title: SXX for i-doit 1.15.2 in parameret viewMode from Infrastructure Author: @nu11secur1ty Testing and Debugging: @nu11secur1ty Date: 05.25.2021 Vendor: https://www.i-doit.org/news/ Link: https://www.i-doit.org/new-minor-release-i-doit-open-1-15-2/ From Github:...

Zen Cart 1.5.7 Cross Site Scripting Vulnerability

Information -------------------- Advisory by Netsparker Name: Cross-Site Scripting Vulnerability in Zen Cart 1.5.7 Affected Software: Zen Cart Affected Versions: 1.5.7 Homepage: https://www.zen-cart.com/ Vulnerability: Cross-Site Scripting Severity: High Status: Fixed CVSS Score 3.0:...

RarmaRadio 2.72.8 - Denial of Service Exploit

Exploit Title: RarmaRadio 2.72.8 - Denial of Service PoC Exploit Author: Ismael Nava Vendor Homepage: http://www.raimersoft.com/ Software Link: http://raimersoft.com/downloads/rarmaradiosetup.exe Version: 2.75.8 Tested on: Windows 10 Home x64 STEPS Open the program RarmaRadio Click in Edit and...

Pluck CMS 4.7.13 - File Upload Remote Code Execution (Authenticated) Exploit

Exploit Title: Pluck CMS 4.7.13 - File Upload Remote Code Execution Authenticated Exploit Author: Ron Jost Hacker5preme Vendor Homepage: https://github.com/pluck-cms/pluck Software Link: https://github.com/pluck-cms/pluck/releases/tag/4.7.13 Version: 4.7.13 Tested on Xubuntu 20.04 CVE:...

ProFTPd 1.3.5 - (mod_copy) Remote Command Execution Exploit (2)

Exploit Title: ProFTPd 1.3.5 - 'modcopy' Remote Command Execution 2 Exploit Author: Shellbr3ak Version: 1.3.5 Tested on: Ubuntu 16.04.6 LTS CVE : CVE-2015-3306 !/usr/bin/env python3 import sys import socket import requests def exploitclient, target: client.connecttarget,21 Connecting to the targe...

WordPress Cookie Law Bar 1.2.1 Plugin - (clb_bar_msg) Stored Cross-Site Scripting Vulnerability

Exploit Title: WordPress Plugin Cookie Law Bar 1.2.1 - 'clbbarmsg' Stored Cross-Site Scripting XSS Exploit Author: Mesut Cetin Vendor Homepage: https://www.cookielawinfo.com/wordpress-plugin/ Software Link: https://wordpress.org/plugins/cookie-law-bar/ Version: 1.2.1 Tested on: Ubuntu 16.04 LTS,...

Gadget Works Online Ordering System 1.0 - (Category) Persistent Cross-Site Scripting Vulnerability

Exploit Title: Gadget Works Online Ordering System 1.0 - 'Category' Persistent Cross-Site Scripting XSS Exploit Author: Vinay H C Vendor Homepage: https://www.sourcecodester.com/ Software Link: https://www.sourcecodester.com/php/13093/gadget-works-online-ordering-system-phpmysqli.html Version: 1....

Schlix CMS 2.2.6-6 - Arbitary File Upload And Directory Traversal Leads To Remote Code Execution

Exploit Title: Schlix CMS 2.2.6-6 - Arbitary File Upload And Directory Traversal Leads To RCE Authenticated Exploit Author: Emir Polat Vendor Homepage: https://www.schlix.com/ Software Link: https://www.schlix.com/html/schlix-cms-downloads.html Version: 2.2.6-6 Tested On: Ubuntu 20.04 Firefox...

WordPress ReDi Restaurant Reservation 21.0307 Plugin - (Comment) Stored Cross-Site Scripting

Exploit Title: WordPress Plugin ReDi Restaurant Reservation 21.0307 - 'Comment' Stored Cross-Site Scripting XSS Exploit Author: Bastijn Ouwendijk Vendor Homepage: https://reservationdiary.eu/ Software Link: https://wordpress.org/plugins/redi-restaurant-reservation/ Version: 21.0307 and earlier...

iDailyDiary 4.30 - Denial of Service Exploit

Exploit Title: iDailyDiary 4.30 - Denial of Service PoC Exploit Author: Ismael Nava Vendor Homepage: https://www.splinterware.com/index.html Software Link: https://www.splinterware.com/download/iddfree.exe Version: 4.30 Tested on: Windows 10 Home x64 STEPS Open the program iDailyDiary Create a Ne...

DiskBoss Service 12.2.18 - (diskbsa.exe) Unquoted Service Path Vulnerability

Exploit Title: DiskBoss Service 12.2.18 - 'diskbsa.exe' Unquoted Service Path Discovery by: Erick Galindo Vendor Homepage: https://www.diskboss.com Software : https://www.diskboss.com/setupsx64/diskbosssetupv12.2.18x64.exe Tested Version: 12.2.18 Vulnerability Type: Unquoted Service Path Tested o...

Shopizer 2.16.0 - (Multiple) Cross-Site Scripting Vulnerability

Exploit Title: Shopizer 2.16.0 - 'Multiple' Cross-Site Scripting XSS Exploit Author: Marek Toth Vendor Homepage: https://www.shopizer.com Software Link: https://github.com/shopizer-ecommerce/shopizer Version: alert1 and save it 4. Open "Customers" - XSS payload will trigger Reflected XSS - 'ref'...

PHP 8.1.0-dev Backdoor Remote Command Injection Exploit

Exploit Title: PHP 8.1.0-dev backdoor | Remote Command Injection Unauthenticated Exploit Author: Richard Jones Vendor Homepage: https://www.php.net/ Software Link: https://github.com/vulhub/vulhub/tree/master/php/8.1-backdoor Version: PHP 8.1.0-dev Tested on: Linux Ubuntu 20.04.2 LTS...

ePowerSvc 6.0.3008.0 - (ePowerSvc.exe) Unquoted Service Path Vulnerability

Exploit Title: ePowerSvc 6.0.3008.0 - 'ePowerSvc.exe' Unquoted Service Path Discovery by: Emmanuel Lujan Vendor Homepage: https://www.acer.com Tested Version: 6.0.3008.0 Vulnerability Type: Unquoted Service Path Tested on OS: Windows 7 Home Premium x64 Step to discover Unquoted Service Path:...

Codiad 2.8.4 - Remote Code Execution (Authenticated) Exploit

Exploit Title: Codiad 2.8.4 - Remote Code Execution Authenticated 2 Exploit Author: Ron Jost Hacker5preme Credits to: https://herolab.usd.de/security-advisories/usd-2019-0049/ Tobias Neitzel Vendor Homepage: http://codiad.com/ Software Link: https://github.com/Codiad/Codiad/releases/tag/v.2.8.4...

Solaris SunSSH 11.0 x86 - libpam Remote Root Exploit

Exploit Title: Solaris SunSSH 11.0 x86 - libpam Remote Root 2 Original Exploit Author: Hacker Fantastic Metasploit Module Author: wvu Vendor Homepage: https://www.oracle.com/solaris/technologies/solaris10-overview.html Version: 10 Tested on: SunOS solaris 10 CVE: CVE-2020-14871 Ported By: legend...

WordPress WP Statistics 13.0.7 Plugin - Time-Based Blind SQL Injection Vulnerability

Exploit Title: WordPress Plugin WP Statistics 13.0.7 - Time-Based Blind SQL Injection Unauthenticated Date: 20/05/2021 Exploit Author: Mansoor R @time4ster CVSS Score: 7.5 High CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Version Affected: 13.0 to 13.0.7 Vendor URL:...

Mozilla Firefox 88.0.1 - File Extension Execution of Arbitrary Code Exploit

Exploit Title: Mozilla Firefox 88.0.1 - File Extension Execution of Arbitrary Code Exploit Authors: Carlo Di Dato and Michael Caruso from BestEffort Team https://besteffortteam.it Vendor Homepage: https://www.mozilla.org Version: = 88.0.1 Tested on: Windows XP Professional SP3 32-bit, Windows 7...

Microsoft Exchange 2019 - Unauthenticated Email Download Exploit

Exploit Title: Microsoft Exchange 2019 - Unauthenticated Email Download Metasploit Exploit Author: RAMELLA Sébastien Vendor Homepage: https://microsoft.com Version: This vulnerability affects Exchange 2013 Versions 'Microsoft Exchange ProxyLogon Collector', 'Description' = %q This module scan for...

Spotweb 1.4.9 - DOM Based Cross-Site Scripting Vulnerability

Exploit Title: Spotweb 1.4.9 - DOM Based Cross-Site Scripting XSS Exploit Author: @nu11secur1ty Software Link: https://github.com/spotweb/spotweb Proof: https://streamable.com/hix5o1 + Exploit Source: !/usr/bin/python3 Author: @nu11secur1ty from selenium import webdriver import time import os, sy...

Acer Updater Service 1.2.3500.0 - (UpdaterService.exe) Unquoted Service Path Vulnerability

Exploit Title: Acer Updater Service 1.2.3500.0 - 'UpdaterService.exe' Unquoted Service Path Discovery by: Emmanuel Lujan Vendor Homepage: https://www.acer.com/ac/en/US/content/home Tested Version: 1.2.3500.0 Vulnerability Type: Unquoted Service Path Tested on OS: Windows 7 Home Premium x64 Step t...

Backup Manager Module 3.0.0.99 - (IScheduleSvc.exe) Unquoted Service Path Vulnerability

Exploit Title: Acer Backup Manager Module 3.0.0.99 - 'IScheduleSvc.exe' Unquoted Service Path Discovery by: Emmanuel Lujan Vendor Homepage: https://www.acer.com/ac/en/US/content/home Tested Version: 3.0.0.99 Vulnerability Type: Unquoted Service Path Tested on OS: Windows 7 Home Premium x64 Step t...