Kemp LoadMaster Unauthenticated Command Injection Exploit

This Metasploit module exploits an unauthenticated command injection vulnerability in Progress Kemp LoadMaster in the authorization header after version 7.2.48.1. The following versions are patched: 7.2.59.2 GA, 7.2.54.8 LTSF, and 7.2.48.10 LTS. This module requires Metasploit:...

Doctor Appointment Management System 1.0 Cross Site Scripting Vulnerability

Application Name: Doctor Appointment Management System Software Link: Download Link Vendor Homepage: Vendor Homepage BuG: XsS BUGAuthor: SoSPiro Version: 1.0 CVE: CVE-2024-4293 Vulnerable code section: - http://localhost/Doctor-Appointment-SystemPHP/dams/doctor/appointment-bwdates.php - Lines 57-...

ESET NOD32 Antivirus 17.1.11.0 Unquoted Service Path Vulnerability

Exploit Title: ESET NOD32 Antivirus 17.1.11.0 - Unquoted Service Path Exploit Author: Milad Karimi Ex3ptionaL Exploit Date: 2024-04-27 Contact: email protected Zone-H: www.zone-h.org/archive/notifier=Ex3ptionaL Vendor : https://www.eset.com Version : 17.1.11.0 Tested on OS: Microsoft Windows 10 p...

Nginx 1.25.5 Host Header Validation Vulnerability

Nginx versions 1.25.5 and below appear to have a host header filtering validation bug that could possibly be used for malice. Nginx = 1.25.5 $host variable validation bug Intro: In the "Host" header sent to Nginx web server you can't just insert a dot or something like that, because a filtering...

Relate Learning And Teaching System SSTI / Remote Code Execution Vulnerability

Relate Learning and Teaching System versions prior to 2024.1 suffers from a server-side template injection vulnerability that leads to remote code execution. This particular finding targets the Batch-Issue Exam Tickets function. Exploit Title: Relate Learning And Teaching system Version before...

Apache Solr Backup/Restore API Remote Code Execution Exploit

Apache Solr versions 6.0.0 through 8.11.2 and versions 9.0.0 up to 9.4.1 are affected by an unrestricted file upload vulnerability which can result in remote code execution in the context of the user running Apache Solr. When Apache Solr creates a Collection, it will use a specific directory as t...

Visual Studio Code Execution Exploit

This Metasploit module creates a vsix file which can be installed in Visual Studio Code as an extension. At activation/install, the extension will execute a shell or two. Tested against VSCode 1.87.2 on Ubuntu 22.04. This module requires Metasploit: https://metasploit.com/download Current source:...

Gambio Online Webshop 4.9.2.0 Remote Code Execution Exploit

A remote code execution vulnerability in Gambio online webshop versions 4.9.2.0 and below allows remote attackers to run arbitrary commands via an unauthenticated HTTP POST request. The identified vulnerability within Gambio pertains to an insecure deserialization flaw, which ultimately allows an...

Palo Alto Networks PAN-OS Unauthenticated Remote Code Execution Exploit

This Metasploit module exploits two vulnerabilities in Palo Alto Networks PAN-OS that allow an unauthenticated attacker to create arbitrarily named files and execute shell commands. Configuration requirements are PAN-OS with GlobalProtect Gateway or GlobalProtect Portal enabled and telemetry...

FortiNet FortiClient EMS 7.2.2 / 7.0.10 SQL Injection / Remote Code Execution Exploit

A remote SQL injection vulnerability exists in FortiNet FortiClient EMS Endpoint Management Server versions 7.2.0 through 7.2.2 and 7.0.1 through 7.0.10. FortiClient EMS serves as an endpoint management solution tailored for enterprises, offering a centralized platform for overseeing enrolled...

GitLens Git Local Configuration Execution Exploit

GitKraken GitLens versions prior to 14.0.0 allow an untrusted workspace to execute git commands. A repo may include its own .git folder including a malicious config file to execute arbitrary code. Tested against VSCode 1.87.2 with GitLens 13.6.0 on Ubuntu 22.04 and Windows 10. This module require...

Elber Cleber/3 Broadcast Multi-Purpose Platform 1.0.0 Authentication Bypass Vulnerability

Elber Cleber/3 Broadcast Multi-Purpose Platform version 1.0.0 suffers from an authentication bypass vulnerability through a direct and unauthorized access to the password management functionality. The issue allows attackers to bypass authentication by manipulating the setpwd endpoint that enables...

Elber ESE DVB-S/S2 Satellite Receiver 1.5.x Authentication Bypass Vulnerability

Elber ESE DVB-S/S2 Satellite Receiver version 1.5.x suffers from an authentication bypass vulnerability through a direct and unauthorized access to the password management functionality. The issue allows attackers to bypass authentication by manipulating the setpwd endpoint that enables them to...

Elber Wayber Analog/Digital Audio STL 4.00 Authentication Bypass Vulnerability

Elber Wayber Analog/Digital Audio STL version 4.00 suffers from an authentication bypass vulnerability through a direct and unauthorized access to the password management functionality. The issue allows attackers to bypass authentication by manipulating the setpwd endpoint that enables them to...

Elber Reble610 M/ODU XPIC IP-ASI-SDH Microwave Link Insecure Direct Object Reference Vulnerability

Elber Reble610 M/ODU XPIC IP-ASI-SDH Microwave Link suffers from an unauthenticated device configuration and client-side hidden functionality disclosure vulnerability. Elber Reble610 M/ODU XPIC IP-ASI-SDH Microwave Link Device Config Vendor: Elber S.r.l. Product web page: https://www.elber.it...

Elber ESE DVB-S/S2 Satellite Receiver 1.5.x Insecure Direct Object Reference Vulnerability

Elber ESE DVB-S/S2 Satellite Receiver version 1.5.x suffers from an unauthenticated device configuration and client-side hidden functionality disclosure vulnerability. Elber ESE DVB-S/S2 Satellite Receiver 1.5.x Device Config Vendor: Elber S.r.l. Product web page: https://www.elber.it Affected...

Elber Reble610 M/ODU XPIC IP-ASI-SDH Microwave Link Authentication Bypass Vulnerability

Elber Reble610 M/ODU XPIC IP-ASI-SDH Microwave Link suffers from an authentication bypass vulnerability through a direct and unauthorized access to the password management functionality. The issue allows attackers to bypass authentication by manipulating the setpwd endpoint that enables them to...

Elber Wayber Analog/Digital Audio STL 4.00 Insecure Direct Object Reference Vulnerability

Elber Wayber Analog/Digital Audio STL version 4.00 suffers from an unauthenticated device configuration and client-side hidden functionality disclosure vulnerability. Elber Wayber Analog/Digital Audio STL 4.00 Device Config Vendor: Elber S.r.l. Product web page: https://www.elber.it Affected...

Elber Cleber/3 Broadcast Multi-Purpose Platform 1.0.0 Insecure Direct Object Reference Vulnerability

Elber Cleber/3 Broadcast Multi-Purpose Platform version 1.0.0 suffers from an unauthenticated device configuration and client-side hidden functionality disclosure vulnerability. Elber Cleber/3 Broadcast Multi-Purpose Platform 1.0.0 Device Config Vendor: Elber S.r.l. Product web page:...

Elber Signum DVB-S/S2 IRD For Radio Networks 1.999 Authentication Bypass Vulnerability

Elber Signum DVB-S/S2 IRD for Radio Networks version 1.999 suffers from an authentication bypass vulnerability through a direct and unauthorized access to the password management functionality. The issue allows attackers to bypass authentication by manipulating the setpwd endpoint that enables th...

Elber Signum DVB-S/S2 IRD For Radio Networks 1.999 Insecure Direct Object Reference Vulnerability

Elber Signum DVB-S/S2 IRD for Radio Networks version 1.999 suffers from an unauthenticated device configuration and client-side hidden functionality disclosure vulnerability. Elber Signum DVB-S/S2 IRD For Radio Networks 1.999 Device Config Vendor: Elber S.r.l. Product web page: https://www.elber....

Wordpress Background Image Cropper v1.2 Plugin - Remote Code Execution Exploit

Exploit Title: Wordpress Plugin Background Image Cropper v1.2 - Remote Code Execution Author: Milad Karimi Ex3ptionaL Contact: email protected Zone-H: www.zone-h.org/archive/notifier=Ex3ptionaL Vendor Homepage: https://wordpress.org Software Link:...

SofaWiki 3.9.2 - Remote Command Execution (Authenticated) Exploit

Exploit Title: SofaWiki 3.9.2 - Remote Command Execution RCE Authenticated Discovered by: Ahmet Ümit BAYRAM Vendor Homepage: https://www.sofawiki.com Software Link: https://www.sofawiki.com/site/files/snapshot.zip Tested Version: v3.9.2 latest Tested on: MacOS import requests import random import...

FlatPress v1.3 - Remote Command Execution Exploit

Exploit Title: FlatPress v1.3 - Remote Command Execution Discovered by: Ahmet Ümit BAYRAM Vendor Homepage: https://www.flatpress.org Software Link: https://github.com/flatpressblog/flatpress/archive/1.3.zip Tested Version: 1.3 latest Tested on: MacOS import requests import time import random impo...

Palo Alto PAN-OS < v11.1.2-h3 - Command Injection and Arbitrary File Creation Exploit

Exploit Title: Palo Alto PAN-OS bool: ret = False uri = "/ssl-vpn/hipreport.esp" s = requests.Session r = "" headers = "User-Agent" : \ "Mozilla/5.0 Windows NT 10.0; Win64; x64 AppleWebKit/537.36 KHTML, like Gecko Chrome/118.0.0.0 Safari/537.36", Windows 10 Chrome 118.0.0.0 "Content-Type":...

Laravel Framework 11 - Credential Leakage Vulnerability

Exploit Title: Laravel Framework 11 - Credential Leakage Exploit Author: Huseein Amer Vendor Homepage: https://laravel.com/ Software Link: N/A Version: 8. - 11. REQUIRED Tested on: N/A CVE : CVE-2024-29291 Proof of concept: Go to any Laravel-based website and navigate to storage/logs/laravel.log...

Flowise 1.6.5 - Authentication Bypass Vulnerability

Exploit Title: Flowise 1.6.5 - Authentication Bypass Exploit Author: Maerifat Majeed Vendor Homepage: https://flowiseai.com/ Software Link: https://github.com/FlowiseAI/Flowise/releases Version: 1.6.5 Tested on: mac-os CVE : CVE-2024-31621 The flowise version if req.url.includes'/api/v1/'...

Palo Alto OS Command Injection Vulnerability

Palo Alto OS was recently hit by a command injection zero day attack. These are exploitation details related to the zero day. CVE-2024-3400 CVE-2024-3400 Palo Alto OS Command Injection send this HTTP request: http POST /ssl-vpn/hipreport.esp HTTP/1.1 Host: 127.0.0.1 Cookie:...

pgAdmin 8.3 Remote Code Execution Exploit

pgAdmin versions 8.3 and below have a path traversal vulnerability within their session management logic that can allow a pickled file to be loaded from an arbitrary location. This can be used to load a malicious, serialized Python object to execute code within the context of the target...

Centreon 23.10-1.el8 SQL Injection Vulnerability

;; Postauth SQL Injection in Centreon 23.10-1.el8 ;; by code610 ;; ;; version: centreon-vbox-vm-2310-1.el8.zip ;; details: https://code610.blogspot.com/2024/04/postauth-sqli-in-centreon-2310-1el8.html ;; ;; sqlmap request.txt POST /centreon/main.get.php?p=60201 HTTP/1.1 Host: 192.168.56.156...

BMC Compuware iStrobe Web - 20.13 - Pre-auth Remote Code Execution Exploit

!/usr/bin/env python3 Exploit Title: Pre-auth RCE on Compuware iStrobe Web Date: 01-08-2023 Exploit Author: trancap Vendor Homepage: https://www.bmc.com/ Version: BMC Compuware iStrobe Web - 20.13 Tested on: zOS CVE : CVE-2023-40304 To exploit this vulnerability you'll need "Guest access" enabled...

OpenClinic GA 5.247.01 - Information Disclosure Vulnerability

Exploit Title: OpenClinic GA 5.247.01 - Information Disclosure Vendor Homepage: https://sourceforge.net/projects/open-clinic/ Software Link: https://sourceforge.net/projects/open-clinic/ Version: OpenClinic GA 5.247.01 Tested on: Windows 10, Windows 11 CVE: CVE-2023-40278 Details An Information...

Online Fire Reporting System OFRS - SQL Injection Authentication Bypass Exploit

Exploit Title: Online Fire Reporting System SQL Injection Authentication Bypass Exploit Author: Diyar Saadi Vendor Homepage: https://phpgurukul.com/online-fire-reporting-system-using-php-and-mysql/ Software Link: https://phpgurukul.com/projects/Online-Fire-Reporting-System-using-PHP.zip Version: ...

CrushFTP Remote Code Execution Exploit

This Metasploit exploit module leverages an improperly controlled modification of dynamically-determined object attributes vulnerability CVE-2023-43177 to achieve unauthenticated remote code execution. This affects CrushFTP versions prior to 10.5.1. It is possible to set some user's session...

djangorestframework-simplejwt 5.3.1 - Information Disclosure Exploit

Exploit Title: djangorestframework-simplejwt 5.3.1 - Information Disclosure Date: 26/01/2024 Exploit Author: Dhrumil Mistry dmdhrumilmistry Vendor Homepage: https://github.com/jazzband/djangorestframework-simplejwt/ Software...

OpenClinic GA 5.247.01 - Path Traversal (Authenticated) Vulnerability

Exploit Title: OpenClinic GA 5.247.01 - Path Traversal Authenticated Vendor Homepage: https://sourceforge.net/projects/open-clinic/ Software Link: https://sourceforge.net/projects/open-clinic/ Version: OpenClinic GA 5.247.01 Tested on: Windows 10, Windows 11 CVE: CVE-2023-40279 Details An issue w...

Stock Management System v1.0 - Unauthenticated SQL Injection Exploit

Exploit Title: Stock Management System v1.0 - Unauthenticated SQL Injection Exploit Author: Josué Mier aka blu3ming Security Researcher & Penetration Tester @wizlynx group Vendor Homepage: https://www.sourcecodester.com/php/15023/stock-management-system-phpoop-source-code.html Software Link:...

Savsoft Quiz v6.0 Enterprise - Stored XSS Vulnerability

Exploit Title: Savsoft Quiz v6.0 Enterprise - Persistent Cross-Site Scripting Exploit Author: Eren Sen Vendor: SAVSOFT QUIZ Vendor Homepage: https://savsoftquiz.com Software Link: https://savsoftquiz.com/web/index.php/online-demo/ Version: 6.0 CVE-ID: N/A Tested on: Kali Linux / Windows 10...

PopojiCMS Version 2.0.1 - Remote Command Execution Vulnerability

Exploit Title: PopojiCMS Version : 2.0.1 Remote Command Execution Exploit Author: tmrswrr Vendor Homepage: https://www.popojicms.org/ Software Link: https://github.com/PopojiCMS/PopojiCMS/archive/refs/tags/v2.0.1.zip Version: Version : 2.0.1 Tested on: https://www.softaculous.com/apps/cms/PopojiC...

Wordpress Playlist for Youtube 1.32 Plugin - Stored Cross-Site Scripting Vulnerability

Exploit Title: Wordpress Plugin Playlist for Youtube - Stored Cross-Site Scripting XSS Exploit Author: Erdemstar Vendor: https://wordpress.com/ Version: 1.32 Proof Of Concept: 1. Click Add a new playlist and enter the XSS payload as below into the properties named "Name" or "Playlist ID". PoC...

Wordpress WP Video Playlist 1.1.1 Plugin - Stored Cross-Site Scripting Vulnerability

Exploit Title: Wordpress Plugin WP Video Playlist 1.1.1 - Stored Cross-Site Scripting XSS Exploit Author: Erdemstar Vendor: https://wordpress.com/ Version: 1.1.1 Proof Of Concept: 1. Click Add Video part and enter the XSS payload as below into the first input of form or Request body named...

WBCE 1.6.0 - Unauthenticated SQL injection Vulnerability

Exploit Title: |Unauthenticated SQL injection in WBCE 1.6.0 Exploit Author: young pope Vendor Homepage: https://github.com/WBCE/WBCECMS Software Link: https://github.com/WBCE/WBCECMS/archive/refs/tags/1.6.0.zip Version: 1.6.0 Tested on: Kali linux CVE : CVE-2023-39796 There is an sql injection...

Terratec dmx_6fire USB - Unquoted Service Path Vulnerability

Exploit Title: Terratec dmx6fire USB - Unquoted Service Path Google Dork: null Exploit Author: Joseph Kwabena Fiagbor Vendor Homepage: https://dmx-6fire-24-96-controlpanel.software.informer.com/download/ Software Link: Version: v.1.23.0.02 Tested on: windows 7-11 CVE : CVE-2024-31804 1...

Open eShop 2.7.0 Cross Site Scripting Vulnerability

Exploit Title: Open eShop Version : 2.7.0 - Reflected XSS Exploit Author: tmrswrr Vendor Homepage: http://www.open-eshop.com/ Version : 2.7.0 1 Go to home page https://127.0.0.1/OpeneShop 2 Write url this payload : test.html" 3 After save it you will be see xss alert...

HTMLy Version v2.9.6 - Stored XSS Vulnerability

Exploit Title: HTMLy Version v2.9.6 - Stored XSS Exploit Author: tmrswrr Vendor Homepage: https://www.htmly.com/ Version 3.10.8.21 Date : 04/08/2024 1 Login admin https://127.0.0.1/HTMLy/admin/config 2 General Setting Blog title " 3 After save it you will be see XSS alert...

Moodle 3.10.1 - Authenticated Blind Time-Based SQL Injection - (sort) parameter Exploit

Exploit Title: Moodle Authenticated Time-Based Blind SQL Injection - "sort" Parameter Exploit Author: Julio Ángel Ferrari Aka. T0X1Cx Vendor Homepage: https://moodle.org/ Software Link: Version: 3.10.1 Tested on: Linux CVE : CVE-2021-36393 import requests import string from termcolor import color...

PrusaSlicer 2.6.1 - Arbitrary code execution Vulnerability

Exploit Title: PrusaSlicer 2.6.1 - Arbitrary code execution on g-code export Exploit Author: Kamil Breński Vendor Homepage: https://www.prusa3d.com Software Link: https://github.com/prusa3d/PrusaSlicer Version: PrusaSlicer up to and including version 2.6.1 Tested on: Windows and Linux CVE:...

Concrete CMS 9.2.7 Cross Site Scripting / Open Redirect Vulnerabilities

Concrete CMS version 9.2.7 suffers from information disclosure, open redirection, and persistent cross site scripting vulnerabilities. Exploit Title: Multiple Web Flaws in concretecmsv9.2.7 Exploit Author: Andrey Stoykov Version: 9.2.7 Tested on: Ubuntu 22.04 Blog: http://msecureltd.blogspot.com...

MinIO < 2024-01-31T20-20-33Z - Privilege Escalation Exploit

Exploit Title: MinIO 2024-01-31T20-20-33Z - Privilege Escalation Exploit Author: Jenson Zhao Vendor Homepage: https://min.io/ Software Link: https://github.com/minio/minio/ Version: Up to excluding RELEASE.2024-01-31T20-20-33Z Tested on: Windows 10 CVE : CVE-2024-24747 Required before execution:...

Gibbon School Platform Authenticated PHP Deserialization Exploit

A Remote Code Execution vulnerability in Gibbon online school platform version 26.0.00 and lower allows remote authenticated users to conduct PHP deserialization attacks via columnOrder in a POST request to the endpoint /modules/System%20Admin/importrun.php&type=externalAssessment&step=4. As it...