39001 matches found
Yeastar TG400 GSM Gateway 91.3.0.3 Path Traversal Vulnerability
Path Traversal on Yeastar TG400 GSM Gateway - 91.3.0.3 This is a Proof of Concept for CVE-2021-27328 Example to get firmware decrypting password http://192.168.43.246/cgi/WebCGI?1404=../../../../../../../../../../bin/firmwaredetect to get /etc/paswd...
Online Catering Reservation System 1.0 SQL Injection Vulnerability
Exploit Title: Online Catering Reservation System - SQL Injection Authenticated Exploit Author: email protected Vendor Homepage: https://www.sourcecodester.com/php/11355/online-catering-reservation.html Software Link:...
LightCMS 1.3.4 - (exclusive) Stored XSS Vulnerability
Exploit Title: LightCMS 1.3.4 - 'exclusive' Stored XSS Exploit Author: Peithon Vendor Homepage: https://github.com/eddy8/LightCMS Software Link: https://github.com/eddy8/LightCMS/releases/tag/v1.3.4 Version: 1.3.4 Tested on: latest version of Chrome, Firefox on Windows and Linux CVE: CVE-2021-335...
Remote Desktop Web Access - Authentication Timing Attack Exploit
!/usr/bin/env python3 -- coding: utf-8 -- standard modules from metasploit import module extra modules DEPENDENCIESMISSING = False try: import base64 import itertools import os import requests except ImportError: DEPENDENCIESMISSING = True Metasploit Metadata metadata = 'name': 'Microsoft RDP Web...
Doctor Appointment System 1.0 Cross Site Scripting Vulnerability
Exploit Title: Doctor Appointment System 1.0 - Reflected POST based Cross Site Scripting XSS in comment parameter CVE: CVE-2021-27317 Exploit Author: Soham Bakore Vendor Homepage: https://www.sourcecodester.com/php/14182/doctor-appointment-system.html Software Link:...
Nagios XI 5.7.5 Remote Code Execution Exploit
nagios-xi-5.7.5-bugs Bugs reported to Nagios XI CVE-2021-25296 Code Location /usr/local/nagiosxi/html/includes/configwizards/windowswmi/windowswmi.inc.php Code snippet php if !empty$pluginoutputlen $diskwmicommand .= " --forcetruncateoutput " . $pluginoutputlen; $servicewmicommand .= "...
Zenphoto CMS 1.5.7 Shell Upload Vulnerability
Authenticated arbitrary file upload to RCE Product : Zenphoto Affected : Zenphoto CMS - = 1.5.7 Attack Type : Remote login then go to plugins then go to uploader and press on the check box elFinder then press apply , after that you go to upload then FileselFinder drag and drop any malicious php...
Triconsole 3.75 - Reflected XSS Vulnerability
Exploit Title: Triconsole 3.75 - Reflected XSS Google Dork: inurl : /calendar/calendarform.php Exploit Author: Akash Chathoth Vendor Homepage: http://www.triconsole.com/ Software Link: http://www.triconsole.com/php/calendardatepicker.php Version: alertdocument.domain 0day.today 2021-09-10...
Squid 4.14 / 5.0.5 Code Execution / Double Free Vulnerabilities
A Double-Free bug was found in Squid versions 4.14 and 5.0.5 when processing the "acl" directive on configuration files, more specifically the first and second addresses. This may allow arbitrary code execution on a Squid deployment on where the configuration files may be processed from untrusted...
ASUS Remote Link 1.1.2.13 - Remote Code Execution Exploit
Exploit: ASUS Remote Link 1.1.2.13 - Remote Code Execution Exploit Author: H4rk3nz0 Vendor Homepage: http://asus.com/ Software Link: http://remotelink.asus.com/ Version: 1.1.2.13 Tested on: Windows 10 Enterprise Build 17763 CVE: N/A !/usr/bin/python import socket from time import sleep import sys...
Vehicle Parking Management System 1.0 - (catename) Persistent Cross-Site Scripting Vulnerability
Exploit Title: Vehicle Parking Management System 1.0 - 'catename' Persistent Cross-Site Scripting XSS Exploit Author: Tushar Vaidya Vendor Homepage: https://www.sourcecodester.com/php/14415/vehicle-parking-management-system-project-phpmysql-full-source-code.html Software Link:...
SpotAuditor 5.3.5 - (multiple) Denial Of Service Exploit
Exploit Title: SpotAuditor 5.3.5 - 'multiple' Denial Of Service PoC Exploit Author : Sinem Şahin Vendor Homepage : http://www.nsauditor.com/ Link Software : http://spotauditor.nsauditor.com/downloads/spotauditorsetup.exe Tested on: Windows 7 x64 Version: 5.3.5 Steps: 1- Run the python script...
eChat 1.0 SQL Injection Vulnerability
Exploit Title: eChat | Time-Based Blind SQL Injection Exploit Author: email protected Vendor Homepage: https://www.sourcecodester.com/php/10498/echat-simple-chat-system-app-using-phpmysql.html Software Link: https://www.sourcecodester.com/sites/default/files/download/oretnom23/echat.zip Version:...
Seattle Lab Mail (SLMail) 5.1.0.4420 Remote Code Execution Exploit
-- coding: utf-8 -- import socket from time import sleep from os import system system"clear" print 'Shell-code-foi-informada?\r\n' print '1 sim' print '2 nao\n' quest = intinput' ' def main: system"clear" ============================ --ensira-sua-shell-code-aqui buf = "" buf +=...
Product Key Explorer 4.2.7 - (multiple) Denial of Service Exploit
Exploit Title: Product Key Explorer 4.2.7 - 'multiple' Denial of Service PoC Exploit Author : Sinem Şahin Vendor Homepage : http://www.nsauditor.com/ Link Software : http://www.nsauditor.com/downloads/productkeyexplorersetup.exe Version: 4.2.7 Tested on: Windows 7 x64 Steps: 1- Run the python...
Microsoft Exchange Server msExchEcpCanary CSRF / Privilege Escalation Exploit
Microsoft Exchange Server has a flaw that exists within the HasValidCanary function inside of the Canary15 class. The issue results in an insecure generation of cross site request forgery tokens that can be used to install an office-addins. An attacker can leverage this vulnerability to escalate...
LayerBB 1.1.4 - (search_query) SQL Injection Vulnerability
Exploit Title: LayerBB 1.1.4 - 'searchquery' SQL Injection Exploit Author: Görkem Haşin Version: 1.1.4 Tested on: Linux/Windows POST /search.php HTTP/1.1 Host: Target Payload: searchquery=Lffd' AND 8460=SELECT CASE WHEN 8460=8460 THEN 8460 ELSE SELECT 1560 UNION SELECT 2122 END--...
Unified Remote 3.9.0.2463 - Remote Code Execution Exploit
Exploit Title: Unified Remote 3.9.0.2463 - Remote Code Execution Author: H4rk3nz0 Vendor Homepage: https://www.unifiedremote.com/ Software Link: https://www.unifiedremote.com/download Tested on: Windows 10, 10.0.19042 Build 19042 !/usr/bin/python import socket import sys import os from time impor...
jsonpickle 2.0.0 Python library - Remote Code Execution Exploit
Exploit Title: python jsonpickle 2.0.0 - Remote Code Execution Vendor Homepage: https://jsonpickle.github.io Exploit Author: Adi Malyanker, Shay Reuven Software Link: https://github.com/jsonpickle/jsonpickle Version: 2.0.0 Tested on: windows, linux Python is an open source language. jsonickle...
LogonExpert 8.1 - (LogonExpertSvc) Unquoted Service Path Vulnerability
Exploit Title: LogonExpert 8.1 - 'LogonExpertSvc' Unquoted Service Path Discovery by: Victor Mondragón Vendor Homepage: https://www.softros.com/ Software Links : https://download.logonexpert.com/LogonExpertSetup64.msi Tested Version: 8.1 Vulnerability Type: Unquoted Service Path Tested on: Window...
Softros LAN Messenger 9.6.4 - (SoftrosSpellChecker) Unquoted Service Path Vulnerability
Exploit Title: Softros LAN Messenger 9.6.4 - 'SoftrosSpellChecker' Unquoted Service Path Discovery by: Victor Mondragón Vendor Homepage: https://www.softros.com/ Software Links : https://download.softros.com/SoftrosLANMessengerSetup.exe Tested Version: 9.6.4 Vulnerability Type: Unquoted Service...
Windows/x86 - Add User Alfred to Administrators/Remote Desktop Users Group Shellcode (240 bytes)
Exploit Title: Windows/x86 - Add User Alfred to Administrators/Remote Desktop Users Group Shellcode 240 bytes Exploit Author: Armando Huesca Prida Tested on: Windows 7 Professional 6.1.7601 SP1 Build 7601 x86 Windows Vista Ultimate 6.0.6002 SP2 Build 6002 x86 Windows Server 2003 Enterprise Editio...
VMware vCenter 6.5 / 7.0 Remote Code Execution Exploit
-- coding:utf-8 -- banner = """ 888888ba dP 88 8b 88 a88aaaa8P' .d8888b. d8888P .d8888b. dP dP 88 8b. 88' 88 88 Y8ooooo. 88 88 88 .88 88. .88 88 88 88. .88 88888888P 88888P8 dP 88888P' 88888P' ooooooooooooooooooooooooooooooooooooooooooooooooooooo @time:2021/02/24 CVE-2021-21972.py C0de by...
Apache Flink JAR Upload Java Code Execution Exploit
This Metasploit module uses job functionality in the Apache Flink dashboard web interface to upload and execute a JAR file, leading to remote execution of arbitrary Java code as the web server user. This module has been tested successfully on Apache Flink versions: 1.9.3 on Ubuntu 18.04.4; 1.11.2...
Monica 2.19.1 - (last_name) Stored XSS Vulnerability
Exploit Title: Monica 2.19.1 - 'lastname' Stored XSS Exploit Author: BouSalman Vendor Homepage: https://www.monicahq.com/ Software Link: https://github.com/monicahq/monica/releases Version: Monica 2.19.1 Tested on: Ubuntu 18.04 CVE : CVE-2021-27370 POST /people HTTP/1.1 Host: 192.168.99.162...
Batflat CMS 1.3.6 - multiple Stored XSS Vulnerabilities
Exploit Title: Batflat CMS 1.3.6 - 'multiple' Stored XSS Exploit Author: Tadjmen Vendor Homepage: https://batflat.org/ Software Link: https://github.com/sruupl/batflat/archive/master.zip Version: 1.3.6 Tested on: Xammpp on Windows, Firefox Newest CVE : N/A Multiple Stored XSS Cross-Site Scripting...
HFS Http File Server 2.3.x - Remote Command Execution Exploit (3)
Exploit Title: HFS HTTP File Server 2.3.x - Remote Command Execution 3 Google Dork: intext:"httpfileserver 2.3" Exploit Author: Pergyz Vendor Homepage: http://www.rejetto.com/hfs/ Software Link: https://sourceforge.net/projects/hfs/ Version: 2.3.x Tested on: Microsoft Windows Server 2012 R2...
CIRA Canadian Shield iOS Application - Man-In-The-Middle SSL Certificate Vulnerability
CIRA Canadian Shield iOS Application - MITM SSL Certificate Vulnerability CVE-2021-27189 -- https://www.info-sec.ca/advisories/CIRA-Canadian-Shield.html Overview "CIRA Canadian Shield protects you from online threats such as malicious domains, phishing websites and helps to keep your personal dat...
docsify 4.11.6 Cross Site Scripting Vulnerability
docsify versions 4.11.6 and below suffer from a cross site scripting vulnerability. This vulnerability exists due to an incomplete fix for CVE-2020-7680. -------------------------------------------------------------- docsify = 4.11.6 DOM-based Cross-Site Scripting Vulnerability...
Apache MyFaces 2.x Cross Site Request Forgery Vulnerability
PRODUCT : Apache MyFaces VENDOR : The Apache Software Foundation SEVERITY : High AFFECTED VERSION : =2.2.13, =2.3.7, =2.3-next-M4, =2.1 branches IDENTIFIERS : CVE-2021-26296 PATCH VERSION : 2.2.14, 2.3.8, 2.3-next-M5, 3.0.0 FOUND BY : Wolfgang Ettlinger, Certitude Lab Introduction ------------...
Comment System 1.0 - multiple Stored Cross-Site Scripting Vulnerability
Exploit Title: Comment System 1.0 - 'multiple' Stored Cross-Site Scripting Exploit Author: Pintu Solanki Vendor Homepage: https://www.sourcecodester.com/ Software Link: https://www.sourcecodester.com/php/14713/comment-system-phpmysqli-full-source-code.html Software: : Comment System 1.0 Tested On...
Online Exam System With Timer 1.0 - (email) SQL injection Auth Bypass Vulnerability
Exploit Title: Online Exam System With Timer 1.0 - 'email' SQL injection Auth Bypass Exploit Author: Suresh Kumar Vendor Homepage: https://www.sourcecodester.com/ Software Link: https://www.sourcecodester.com/php/13877/online-exam-timer.html Tested On: Windows 10 Pro 10.0.18363 N/A Build 18363 +...
Beauty Parlour Management System 1.0 - (sername) SQL Injection Vulnerability
Exploit Title: Beauty Parlour Management System 1.0 - 'sername' SQL Injection Exploit Author: Thinkland Security Team Vendor Homepage: https://phpgurukul.com/beauty-parlour-management-system-using-php-and-mysql/ Software Link:...
OpenText Content Server 20.3 - multiple Stored Cross-Site Scripting Vulnerabilities
Exploit Title: OpenText Content Server 20.3 - 'multiple' Stored Cross-Site Scripting Exploit Author: Kamil Breński Vendor Homepage: https://www.opentext.com/ Software Link: https://www.opentext.com/products-and-solutions/products/enterprise-content-management/content-management Version: 20.3...
PEEL Shopping 9.3.0 -(Comments/Special Instructions) Stored Cross-Site Scripting Vulnerability
Exploit Title: PEEL Shopping 9.3.0 - 'Comments/Special Instructions' Stored Cross-Site Scripting Exploit Author: Anmol K Sachan Vendor Homepage: https://www.peel.fr/ Software Link: https://sourceforge.net/projects/peel-shopping/ Software: PEEL SHOPPING 9.3.0 Vulnerability Type: Stored Cross-site...
dataSIMS Avionics ARINC 664-1 - Local Buffer Overflow Exploit
Exploit Title: dataSIMS Avionics ARINC 664-1 - Local Buffer Overflow PoC Exploit Author: Kağan Çapar Vendor Homepage: https://www.ddc-web.com/ Software Link: https://www.ddc-web.com/en/connectivity/databus/milstd1553-1/software-1/bu-69414?partNumber=BU-69414 Version: 4.5.3 Tested On: Windows 10...
Apport 2.20 - Local Privilege Escalation Exploit
Exploit Title: Apport 2.20 - Local Privilege Escalation Exploit Author: Gr33nh4t Vendor Homepage: https://ubuntu.com/ Version: Apport: Ubuntu 20.10 - Before 2.20.11-0ubuntu50.5 Apport: Ubuntu 20.04 - Before 2.20.11-0ubuntu27.16 Apport: Ubuntu 18.04 - Before 2.20.9-0ubuntu7.23 Apport: Ubuntu 16.04...
Batflat CMS 1.3.6 - Remote Code Execution (Authenticated) Exploit
Exploit Title: Batflat CMS 1.3.6 - Remote Code Execution Authenticated Exploit Author: mari0x00 Vendor Homepage: https://batflat.org/ Software Link: https://github.com/sruupl/batflat/archive/master.zip Description:...
Gitea 1.12.5 - Remote Code Execution (Authenticated) Exploit
Exploit Title: Gitea 1.12.5 - Remote Code Execution Authenticated Exploit Author: Podalirius PoC demonstration article: https://podalirius.net/articles/exploiting-cve-2020-14144-gitea-authenticated-remote-code-execution/ Vendor Homepage: https://gitea.io/ Software Link: https://dl.gitea.io/...
Faulty Evaluation System 1.0 - (multiple) Stored Cross-Site Scripting Vulnerability
Exploit Title: Faulty Evaluation System 1.0 - 'multiple' Stored Cross-Site Scripting Exploit Author: Suresh Kumar Vendor Homepage: https://www.sourcecodester.com/ Software Link: https://www.sourcecodester.com/php/14710/faulty-evaluation-system-using-phpcodeigniter-source-code.html Software: Fault...
Billing Management System 2.0 - (email) SQL injection Auth Bypass Vulnerability
Exploit Title: Billing Management System 2.0 - 'email' SQL injection Auth Bypass Exploit Author: Pintu Solanki Vendor Homepage: https://www.sourcecodester.com/ Software Link: https://www.sourcecodester.com/php/14380/billing-management-system-php-mysql-updated.html Software: Billing Management...
IrfanView 4.57 Denial Of Service / Code Execution Vulnerabilities
======================================================================= title: Multiple Vulnerabilities product: IrfanView - WPG.dll plugin vulnerable version: IrfanView 4.57/WPG.dll version 2.0.0.0 fixed version: WPG.dll version 3.1.0.0 CVE number: CVE-2021-27224 impact: Medium homepage:...
AgataSoft PingMaster Pro 2.1 - Denial of Service Exploit
Exploit Title: AgataSoft PingMaster Pro 2.1 - Denial of Service PoC Exploit Author: Ismael Nava Vendor Homepage: http://agatasoft.com/ Software Link: http://agatasoft.com/PingMasterPro.exe Version: 2.1 Tested on: Windows 10 Home x64 STEPS Open the program AgataSoft PingMaster Pro In Tools select...
Nsauditor 3.2.2.0 - (Event Description) Denial of Service Exploit
Exploit Title: Nsauditor 3.2.2.0 - 'Event Description' Denial of Service PoC Exploit Author: Ismael Nava Vendor Homepage: https://www.nsauditor.com/ Software Link: http://www.nsauditor.com/downloads/nsauditorsetup.exe Version: 3.2.2.0 Tested on: Windows 10 Home x64 STEPS Open the program Nsaudito...
Online Internship Management System 1.0 - (email) SQL injection Auth Bypass Vulnerability
Exploit Title: Online Internship Management System 1.0 - 'email' SQL injection Auth Bypass Exploit Author: Christian Vierschilling Vendor Homepage: https://www.sourcecodester.com Software Link:...
Managed Switch Port Mapping Tool 2.85.2 - Denial of Service Exploit
Exploit Title: Managed Switch Port Mapping Tool 2.85.2 - Denial of Service PoC Exploit Author: Ismael Nava Vendor Homepage: https://switchportmapper.com/ Software Link: https://switchportmapper.com/download.htm Version: 2.85.2 Tested on: Windows 10 Home x64 STEPS Open the program Managed Switch...
BlackCat CMS 1.3.6 - (Display name) XSS Vulnerability
Exploit Title: BlackCat CMS 1.3.6 - 'Display name' Cross Site Scripting XSS Exploit Author: Kamaljeet Kumar - TATA Advanced Systems Limited Vendor Homepage: https://blackcat-cms.org/ Software Link: https://blackcat-cms.org/page/download.php Version: BlackCat CMS - 1.3.6 Tested on: Windows Steps t...
Klog Server 2.4.1 Command Injection Exploit
This Metasploit module exploits an unauthenticated command injection vulnerability in Klog Server versions 2.4.1 and prior. The authenticate.php file uses the user HTTP POST parameter in a call to the shellexec PHP function without appropriate input validation, allowing arbitrary command executio...
Micro Focus Operations Bridge Manager Local Privilege Escalation Exploit
This Metasploit module exploits an insecure permission vulnerability on a folder in Micro Focus Operations Bridge Manager. An unprivileged user such as Guest can drop a JSP file in an exploded WAR directory and then access it without authentication by making a request to the OBM server. This will...
Teachers Record Management System 1.0 - (searchteacher) SQL Injection Vulnerability
Exploit Title: Teachers Record Management System 1.0 - 'searchteacher' SQL Injection Exploit Author: Soham Bakore, Nakul Ratti Vendor Homepage: https://www.sourcecodester.com/ Software Link: https://www.sourcecodester.com/php/14399/teacher-record-system-phpmysql.html Version:1.0 Tested on: latest...