39001 matches found
Shenzhen Skyworth RN510 Information Disclosure Vulnerability
Overview ======== Title:- UnAuthenticated Sensitive information Discloser in RN510 Mesh Extender. CVE-ID :- CVE-2021-25326 Author: Kaustubh G. Padwad Vendor: Shenzhen Skyworth Digital Technology Company Ltd.http://www.skyworthdigital.com/products Products: 1. RN510 with firmware V.3.1.0.4 Tested...
Shenzhen Skyworth RN510 Cross Site Request Forgery / Cross Site Scripting Vulnerabilities
Overview ======== Title:- Authenticated XSRF in RN510 Mesh Extender. CVE-ID :- CVE-2021-25327 Author: Kaustubh G. Padwad Vendor: Shenzhen Skyworth Digital Technology Company Ltd.http://www.skyworthdigital.com/products Products: 1. RN510 with firmware V.3.1.0.4 Tested and verified Potential 2.RN62...
Shenzhen Skyworth RN510 Buffer Overflow Vulnerability
Title :- Authenticated Stack Overflow in RN510 mesh Device CVE-ID:- CVE-2021-25328 Author: Kaustubh G. Padwad Vendor: Shenzhen Skyworth Digital Technology Company Ltd.http://www.skyworthdigital.com/products Products: 1. RN510 with firmware V.3.1.0.4 Tested and verified Potential 2.RN620 with...
GNU Wget < 1.18 - Arbitrary File Upload / Remote Code Execution Exploit (2)
Exploit Title: GNU Wget 1.18 - Arbitrary File Upload / Remote Code Execution 2 Original Exploit Author: Dawid Golunski Exploit Author: liewehacksie Version: GNU Wget 1.18 CVE: CVE-2016-4971 import http.server import socketserver import socket import sys class...
Piwigo 11.3.0 SQL Injection Exploit
Exploit Title: SQL injection in language parameter to admin.php?page=languages.on Piwigo 11.3.0 Testing and Debugging: nu11secur1ty Vendor: https://piwigo.org/ Link: https://github.com/Piwigo/Piwigo/releases/tag/11.3.0 CVE: CVE-2021-27973 + Exploit Source: !/usr/bin/python3 Author: @nu11secur1ty...
Micro Focus Operations Bridge Reporter Unauthenticated Command Injection Exploit
This Metasploit module exploits a command injection vulnerability on login that affects Micro Focus Operations Bridge Reporter on Linux, versions 10.40 and below. It is a straight up command injection, with little escaping required, and it works before authentication. This module has been tested ...
Moodle 3.6.1 - Persistent Cross-Site Scripting Vulnerability
Exploit Title: Moodle 3.6.1 - Persistent Cross-Site Scripting XSS Exploit Author: farisv Vendor Homepage: https://moodle.org/ Software Link: https://download.moodle.org https://github.com/moodle/moodle/archive/refs/tags/v3.6.1.zip Version: Moodle 3.6.2, 3.5.4, 3.4.7, 3.1.16 CVE: CVE-2019-3810...
Micro Focus Operations Bridge Reporter shrboadmin Default Password Exploit
This Metasploit module abuses a known default password on Micro Focus Operations Bridge Reporter. The shrboadmin user, installed by default by the product has the password of shrboadmin, and allows an attacker to login to the server via SSH. This module has been tested with Micro Focus Operations...
Microsoft SAFER Bypass Vulnerability
Hi @ll, Microsoft introduced SAFER alias Software Restriction Policies SRP with Windows XP about 20 years ago. See for the API, plus the TechNet articles "How Software Restriction Policies Work" and "Using Software Restriction Policies to Protect Against Unauthorized Software" for the use case...
Microsoft Windows UAC Privilege Escalation Vulnerability
Hi @ll, Microsoft still ships Windows with and lets it create user-writable directories below the "Windows" directory %SystemRoot%\ -- despite that, with exception of %SystemRoot%\Temp, they are all used to store DATA and SHOULD have been placed below %ProgramData% alias %SystemDrive%\ProgramData...
Cacti 1.2.12 - (filter) SQL Injection / Remote Code Execution Exploit
Exploit Title: Cacti 1.2.12 - 'filter' SQL Injection / Remote Code Execution Exploit Author: Leonardo Paiva Vendor Homepage: https://www.cacti.net/ Software Link: https://www.cacti.net/downloads/cacti-1.2.12.tar.gz Version: 1.2.12 Tested on: Ubuntu 20.04 CVE : CVE-2020-14295 Credits: @M4yFly...
FOGProject 1.5.9 - File Upload Remote Code Execution (Authenticated) Vulnerability
Exploit Title: FOGProject 1.5.9 - File Upload RCE Authenticated Exploit Author: email protected Vendor Homepage: https://fogproject.org Software Link: https://github.com/FOGProject/fogproject/archive/1.5.9.zip Tested on: Debian 10 On the Attacker Machine: 1 Create an empty 10Mb file. dd...
NodeBB Plugin Emoji 3.2.1 - Arbitrary File Write Exploit
Exploit Title: NodeBB Plugin Emoji 3.2.1 - Arbitrary File Write Exploit Author: 1F98D Software Link: https://nodebb.org/ Version: Emoji for NodeBB ', r.text, re.IGNORECASE if csrf is None: print'! Could not extract csrf token to proceed.' sys.exit1 auth = 'username': USERNAME, 'password': PASSWOR...
PFSense 2.5.0 Cross Site Scripting Vulnerability
I. VULNERABILITY ------------------------- Store XSS Attacks vulnerabilities in PFSense Version 2.5.0 II. BACKGROUND ------------------------- The pfSense project is a free network firewall distribution, based on the FreeBSD operating system with a custom kernel and including third party free...
Kirby CMS 3.5.3.1 - (file) Cross-Site Scripting Vulnerability
Exploit Title: Kirby CMS 3.5.3.1 - 'file' Cross-Site Scripting XSS Exploit Author: Sreenath Raghunathan Vendor Homepage: https://getkirby.com/ Software Link: https://github.com/getkirby/kirby Version: 3.5.3.1REQUIRED CVE : CVE-2021-29460 POST /api/users//avatar HTTP/1.1 Host: User-Agent:...
Montiorr 1.7.6m - File Upload to XSS Vulnerability
Exploit Title: Montiorr 1.7.6m - File Upload to XSS Exploit Author: Ahmad Shakla Software Link: https://github.com/Monitorr/Monitorr Tested on: Kali GNU/Linux 2020.2 Detailed Bug Description : https://arabcyberclub.blogspot.com/2021/04/monitor-176m-file-upload-to-xss.html An attacker can preform ...
Apache Druid 0.20.0 Remote Command Execution Exploit
Apache Druid includes the ability to execute user-provided JavaScript code embedded in various types of requests; however, that feature is disabled by default. In Druid versions prior to 0.20.1, an authenticated user can send a specially-crafted request that both enables the JavaScript...
VMware vRealize Operations Manager Server-Side Request Forgery / Code Execution Exploit
This Metasploit module exploits a pre-auth server-side request forgery CVE-2021-21975 and post-auth file write CVE-2021-21983 in VMware vRealize Operations Manager to leak admin creds and write/execute a JSP payload. CVE-2021-21975 affects the /casa/nodes/thumbprints endpoint, and CVE-2021-21983...
Kimai 1.14 - CSV Injection Vulnerability
Exploit Title: Kimai 1.14 - CSV Injection Exploit Author: Mohammed Aloraimi Vendor Homepage: https://www.kimai.org/ Software Link: https://github.com/kevinpapst/kimai2 Version: 1.14 Payload: @SUM1+9cmd|' /C calc'!A0 Tested on: Win10x64 Proof Of Concept: CSV Injection aka Excel Macro Injection or...
WordPress WPGraphQL 1.3.5 Plugin - Denial of Service Exploit
Exploit Title: WordPress Plugin WPGraphQL 1.3.5 - Denial of Service Author: Dolev Farhi Vendor Homepage: https://www.wpgraphql.com/ Version: 1.3.5 Tested on: Ubuntu """ This attack uses duplication of fields amplified by GraphQL batched queries, resulting in server OOM and MySQL connection errors...
SEO Panel 4.8.0 - (order_col) Blind SQL Injection Exploit (2)
Exploit Title: SEO Panel 4.8.0 - 'ordercol' Blind SQL Injection 2 Author: nu11secur1ty Testing and Debugging: nu11secur1ty Vendor: https://www.seopanel.org/ Link: https://www.seopanel.org/spdownload/4.8.0 CVE: CVE-2021-28419 + Exploit Source: !/usr/bin/python3 Author: @nu11secur1ty CVE-2021-28419...
Hasura GraphQL 1.3.3 - Remote Code Execution Exploit
Exploit Title: Hasura GraphQL 1.3.3 - Remote Code Execution Software: Hasura GraphQL Software Link: https://github.com/hasura/graphql-engine Version: 1.3.3 Exploit Author: Dolev Farhi Date: 4/23/2021 Tested on: Ubuntu import requests import sys HASURASCHEME = 'http' HASURAHOST = '192.34.57.144'...
OpenPLC 3 - Remote Code Execution (Authenticated) Exploit
Exploit Title: OpenPLC 3 - Remote Code Execution Authenticated Exploit Author: Fellipe Oliveira Vendor Homepage: https://www.openplcproject.com/ Software Link: https://github.com/thiagoralves/OpenPLCv3 Version: OpenPLC v3 Tested on: Ubuntu 16.04,Debian 9,Debian 10 Buster /usr/bin/python3 import...
Windows 10 Wi-Fi Drivers For Intel Wireless Adapters 22.30.0 Privilege Escalation Exploit
Windows 10 Wi-Fi Drivers For Intel Wireless Adapters version 22.30.0 suffer from a privilege escalation vulnerability. Hi @ll, the executable installers version 22.30.0 Latest, published 2/23/2021, for the "Windows® 10 Wi-Fi Drivers for Intel® Wireless Adapters", and , available from are SURPRISE...
Document Management System 1.0 SQL Injection / Remote Code Execution Exploit
Exploit Title: Document Management System - SQL Injection to RCE webshell Exploit Author: Richard Jones Vendor Homepage: https://www.sourcecodester.com/php/7652/document-management-system.html Version: 1.0 Tested on: Windows 10 build 19041 + xampp 3.2.4 !/usr/bin/python3 import requests import sy...
BMD BMDWeb 2.0 Cross Site Scripting Vulnerability
======================================================================= title: Stored Cross Site Scripting Outdated software library product: BMD BMDWeb 2.0 vulnerable version: BMD versions prior to 24.01.21 fixed version: 24.01.21 and 24.02.11 or higher CVE number: - impact: High homepage:...
GetSimple CMS My SMTP Contact Plugin 1.1.2 - CSRF to Stored XSS to RCE Exploit
Exploit Title: GetSimple CMS My SMTP Contact Plugin 1.1.2 - CSRF to Stored XSS to RCE Exploit Author: Bobby Cooke boku Vendor Homepage: http://get-simple.info & Software Link: http://get-simple.info/download/ Version: Exploit = v1.1.1 | Stored XSS = v1.1.2 Tested against Server Host: Windows 10 P...
Sipwise C5 NGCP CSC - Click2Dial Cross-Site Request Forgery Vulnerability
Exploit Title: Sipwise C5 NGCP CSC - Click2Dial Cross-Site Request Forgery CSRF Exploit Author: LiquidWorm Vendor Homepage: https://www.sipwise.com Sipwise C5 NGCP CSC CSRF Click2Dial Exploit Vendor: Sipwise GmbH Product web page: https://www.sipwise.com Affected version: =CEm39.3.1 NGCP wwwadmin...
DzzOffice 2.02.1 - (Multiple) Cross-Site Scripting Exploit
Exploit Title: DzzOffice 2.02.1 - 'Multiple' Cross-Site Scripting XSS Author: @nu11secur1ty Testing and Debugging: @nu11secur1ty, g3ck0dr1v3r Vendor: http://www.dzzoffice.com/ Link: https://github.com/zyx0814/dzzoffice CVE: CVE-2021-3318 + Exploit Source: !/usr/bin/python3 Author: @nu11secur1ty...
Sipwise C5 NGCP CSC - (Multiple) Stored/Reflected Cross-Site Scripting Vulnerability
Exploit Title: Sipwise C5 NGCP CSC - 'Multiple' Stored/Reflected Cross-Site Scripting XSS Exploit Author: LiquidWorm Vendor Homepage: https://www.sipwise.com Sipwise C5 NGCP CSC Multiple Stored/Reflected XSS Vulnerabilities Vendor: Sipwise GmbH Product web page: https://www.sipwise.com Affected...
Moodle 3.10.3 - (url) Persistent Cross Site Scripting Vulnerability
Exploit Title: Moodle 3.10.3 - 'url' Persistent Cross Site Scripting Exploit Author: UVision Vendor Homepage: https://moodle.org/ Software Link: https://download.moodle.org Version: 3.10.3 Tested on: Debian/Windows 10 By having the role of a teacher or an administrator or a manager to have the...
CMS Made Simple 2.2.15 - (title) Cross-Site Scripting (XSS) Vulnerability
Exploit Title: CMS Made Simple 2.2.15 - 'title' Cross-Site Scripting XSS Exploit Author: bt0 Vendor Homepage: http://www.cmsmadesimple.org/ Software Link: https://s3.amazonaws.com/cmsms/downloads/14832/cmsms-2.2.15-install.zip Version: 2.2.15 CVE: CVE-2021-28935...
OTRS 6.0.1 - Remote Command Execution Exploit (2)
Exploit Title: OTRS 6.0.1 - Remote Command Execution 2 Exploit Author: Hex26 Vendor Homepage: https://www.otrs.com/ Software Link: http://ftp.otrs.org/pub/otrs/ Version: 4.0.1 - 4.0.26, 5.0.0 - 5.0.24, 6.0.0 - 6.0.1 Tested on: OTRS 5.0.2/CentOS 7.2.1511 CVE : CVE-2017-16921 !/usr/bin/env python3...
RemoteClinic 2.0 - (Multiple) Stored Cross-Site Scripting (XSS) Vulnerability
Exploit Title: RemoteClinic 2.0 - 'Multiple' Stored Cross-Site Scripting XSS Exploit Author: Saud Ahmad Vendor Homepage: https://remoteclinic.io/ Software Link: https://github.com/remoteclinic/RemoteClinic Version: 2.0 Tested on: Windows 10 CVE : CVE-2021-30030, CVE-2021-30034, CVE-2021-30039,...
Tenda D151 & D301 - Configuration Download (Unauthenticated) Exploit
Exploit Title: Tenda D151 & D301 - Configuration Download Unauthenticated Exploit Author: BenChaliah Author link: https://github.com/BenChaliah Vendor Homepage: https://www.tendacn.com Software Link: https://www.tendacn.com/us/download/detail-3331.html Versions: - D301 1.2.11.2EN - D301 V2.0...
Adtran Personal Phone Manager 10.8.1 - (emailAddress) Stored Cross-Site Scripting Vulnerability
Exploit Title: Adtran Personal Phone Manager 10.8.1 - 'emailAddress' Stored Cross-Site Scripting XSS Exploit Author: 3ndG4me Vendor Homepage: https://adtran.com/web/page/portal/Adtran/wphome Version: v10.8.1 Tested on: NetVanta 7060 and NetVanta 7100 CVE : CVE-2021-25679 CVE-2021-25679 - Adtran...
RemoteClinic 2 - (Multiple) Cross-Site Scripting (XSS) Exploit
Exploit Title: RemoteClinic 2 - 'Multiple' Cross-Site Scripting XSS Exploit Author: nu11secur1ty Debug: g3ck0dr1v3r Vendor Homepage: https://remoteclinic.io/ Software Link: https://github.com/remoteclinic/RemoteClinic CVE: CVE-2021-30044 + Exploit Source:...
BlackCat CMS 1.3.6 - (Multiple) Stored Cross-Site Scripting (XSS) Vulnerability
Exploit Title: BlackCat CMS 1.3.6 - 'Multiple' Stored Cross-Site Scripting XSS Exploit Author: Ömer Hasan Durmuş Vendor Homepage: https://blackcat-cms.org/ Software Link: https://blackcat-cms.org/page/download.php Version: BlackCat CMS - 1.3.6 Step 1 : Login to admin account in...
Adtran Personal Phone Manager 10.8.1 - DNS Exfiltration Vulnerability
Exploit Title: Adtran Personal Phone Manager 10.8.1 - DNS Exfiltration Exploit Author: 3ndG4me Vendor Homepage: https://adtran.com/web/page/portal/Adtran/wphome Version: v10.8.1 Tested on: NetVanta 7060 and NetVanta 7100 CVE : CVE-2021-25681 CVE-2021-25681 - AdTran Personal Phone Manager DNS...
Discourse 2.7.0 - Rate Limit Bypass leads to 2FA Bypass Exploit
Exploit Title: Discourse 2.7.0 - Rate Limit Bypass leads to 2FA Bypass Exploit Author: Mesh3l911 Vendor Homepage: https://www.discourse.org/ Software Link:https://github.com/discourse/discourse Version: Discourse 2.7.0 CVE: CVE-2021-3138 import requests username = input"\n input ur username : "...
WordPress RSS for Yandex Turbo Plugin 1.29 - Stored Cross-Site Scripting (XSS) Vulnerability
Exploit Title: WordPress Plugin RSS for Yandex Turbo 1.29 - Stored Cross-Site Scripting XSS Exploit Author: Himamshu Dilip Kulkarni Software Link: https://wordpress.org/plugins/rss-for-yandex-turbo/ Version: 1.29 Tested on: Windows Steps to reproduce vulnerability: 1. Install WordPress 5.6 2...
Hasura GraphQL 1.3.3 - Denial of Service Exploit
Exploit Title: Hasura GraphQL 1.3.3 - Denial of Service Software: Hasura GraphQL Software Link: https://github.com/hasura/graphql-engine Version: 1.3.3 Author: Dolev Farhi Tested on: Ubuntu import sys import requests import threading HASURASCHEME = 'http' HASURAHOST = '192.168.1.1' HASURAPORT = 8...
GravCMS 1.10.7 - Unauthenticated Arbitrary YAML Write/Update Exploit
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'GravCMS Remote Command Execution', 'Description' = %q This module exploits arbitrary config write/update vulnerability to achieve remote code...
Hasura GraphQL 1.3.3 - Local File Read Exploit
Exploit Title: Hasura GraphQL 1.3.3 - Local File Read Software: Hasura GraphQL Software Link: https://github.com/hasura/graphql-engine Version: 1.3.3 Exploit Author: Dolev Farhi Tested on: Ubuntu import requests import sys HASURASCHEME = 'http' HASURAHOST = '192.168.1.1' HASURAPORT = 80 READFILE ...
Fast PHP Chat 1.3 - (my_item_search) SQL Injection Vulnerability
Exploit Title: Fast PHP Chat 1.3 - 'myitemsearch' SQL Injection Exploit Author: Fatih Coskun Vendor Homepage: https://codecanyon.net/item/fast-php-chat-responsive-live-ajax-chat/10721076 Version: 1.3 Category: Webapps Tested on: Kali linux Description : The vulnerability allows an attacker to...
rconfig 3.9.6 - Arbitrary File Upload to Remote Code Execution (Authenticated) Exploit (2)
Exploit Title: rconfig 3.9.6 - Arbitrary File Upload to Remote Code Execution Authenticated 2 Exploit Author: Vishwaraj Bhattrai Vendor Homepage: https://www.rconfig.com/ Software Link: https://www.rconfig.com/ Vendor: rConfig Version: = v3.9.6 Tested against Server Host: Linux+XAMPP import...
Adtran Personal Phone Manager 10.8.1 - (Multiple) Reflected Cross-Site Scripting Vulnerability
Exploit Title: Adtran Personal Phone Manager 10.8.1 - 'Multiple' Reflected Cross-Site Scripting XSS Exploit Author: 3ndG4me Vendor Homepage: https://adtran.com/web/page/portal/Adtran/wphome Version: v10.8.1 Tested on: NetVanta 7060 and NetVanta 7100 CVE : CVE-2021-25680 CVE-2021-25680 - Adtran...
Multilaser Router RE018 AC1200 - Cross-Site Request Forgery (Enable Remote Access) Vulnerability
Exploit Title: Multilaser Router RE018 AC1200 - Cross-Site Request Forgery Enable Remote Access Exploit Author: Rodolfo Mariano Version: Firmware V02.03.01.45pt CVE: CVE-2021-31152 Exploit code: document.forms0.submit; 0day.today 2021-10-25...
Hasura GraphQL 1.3.3 - Service Side Request Forgery (SSRF) Exploit
Exploit Title: Hasura GraphQL 1.3.3 - Service Side Request Forgery SSRF Software: Hasura GraphQL Software Link: https://github.com/hasura/graphql-engine Version: 1.3.3 Exploit Author: Dolev Farhi Tested on: Ubuntu import requests HASURASCHEME = 'http' HASURAHOST = '192.168.1.1' HASURAPORT = 80...
OpenEMR 5.0.2.1 - Remote Code Execution Exploit
Exploit Title: OpenEMR 5.0.2.1 - Remote Code Execution Exploit Author: Hato0, BvThTrd Vendor Homepage: https://www.open-emr.org/ Software Link: https://sourceforge.net/projects/openemr/files/OpenEMR%20Current/5.0.2.1/openemr-5.0.2.tar.gz/download Version: 5.0.2.1 without patches Tested on: Ubuntu...