?day POC 漏洞数据库

# Exploit Title: AbsoluteTelnet 11.12 - "license name" Denial of Service (PoC) # Discovery by: chuyreds # Discovery Date: 2020-02-05 # Vendor Homepage: https://www.celestialsoftware.net/ # Software Link : https://www.celestialsoftware.net/telnet/AbsoluteTelnet11.12.exe # Tested Version: 11.12 # Vulnerability Type: Denial of Service (DoS) Local # Tested on OS: Windows 10 Pro x64 es #Steps to produce the crash: #1.- Run python code: AbsoluteTelent 11.12_license_name.py #2.- Open AbsoluteTelent_license_name.txt and copy content to clipboard #3.- Open AbsoluteTelnet.exe #4.- Select "Help" > "Enter License Key" #5.- In "License Name" paste Clipboard #6.- Crashed cod = "\…

# Exploit Title: AbsoluteTelnet 11.12 - 'SSH1/username' Denial of Service (PoC) # Discovery by: chuyreds # Discovery Date: 2020-05-02 # Vendor Homepage: https://www.celestialsoftware.net/ # Software Link : https://www.celestialsoftware.net/telnet/AbsoluteTelnet11.12.exe # Tested Version: 11.12 # Vulnerability Type: Denial of Service (DoS) Local # Tested on OS: Windows 10 Pro x64 es # Steps to produce the crash: # 1.- Run python code: AbsoluteTelnet 11.12_username_ssh1.py # 2.- Open absolutetelnet_username_SSH1.txt and copy content to clipboard # 3.- Open AbsoluteTelnet # 4.- Select "new connection file", "Connection", "SSH1", "Use last username" # 5.- In "username" field…

# Exploit Title: AbsoluteTelnet 11.12 - 'SSH2/username' Denial of Service (PoC) # Discovery by: chuyreds # Discovery Date: 2020-02-05 # Vendor Homepage: https://www.celestialsoftware.net/ # Software Link : https://www.celestialsoftware.net/telnet/AbsoluteTelnet11.12.exe # Tested Version: 11.12 # Vulnerability Type: Denial of Service (DoS) Local # Tested on OS: Windows 10 Pro x64 es #Steps to produce the crash: #1.- Run python code: AbsoluteTelnet 11.12_username_ssh2.py #2.- Open absolutetelnet_username_SSH2.txtabsolutetelnet_username.txt and copy content to clipboard #3.- Open AbsoluteTelnet #4.- Select "new connection file", "Connection", "SSH2", "Use last username" #5…

# Exploit Title: AbsoluteTelnet 11.12 - "license name" Denial of Service (PoC) # Discovery by: chuyreds # Discovery Date: 2020-02-05 # Vendor Homepage: https://www.celestialsoftware.net/ # Software Link : https://www.celestialsoftware.net/telnet/AbsoluteTelnet11.12.exe # Tested Version: 11.12 # Vulnerability Type: Denial of Service (DoS) Local # Tested on OS: Windows 10 Pro x64 es #Steps to produce the crash: #1.- Run python code: AbsoluteTelent 11.12_license_code.py #2.- Open AbsoluteTelent_license_code.txt and copy content to clipboard #3.- Open AbsoluteTelnet.exe #4.- Select "Help" > "Enter License Key" #5.- In "License code" paste Clipboard #6.- Crashed cod = "\x…

# Exploit Title: AbsoluteTelnet 11.21 - 'Username' Denial of Service (PoC) # Discovered by: Xenofon Vassilakopoulos # Discovered Date: 2020-05-21 # Vendor Homepage: https://www.celestialsoftware.net/ # Software Link : https://www.celestialsoftware.net/telnet/AbsoluteTelnet11.21.exe # Tested Version: 11.21 # Vulnerability Type: Denial of Service (DoS) Local # Tested on OS: Windows 7 Professional x86 SP1 # Description: AbsoluteTelnet 11.21 - 'SHA2/Username' and 'Send Error Report' Denial of Service (PoC) # Steps to reproduce: # 1. - Run python script # 2. - Open absolutetelnet.txt and copy content to clipboard # 3. - Open AbsoluteTelnet 11.21 # 4. - Select "new connection…

# Exploit Title: AbsoluteTelnet 11.24 - 'Phone' Denial of Service (PoC) # Discovered by: Yehia Elghaly # Discovered Date: 2021-11-10 # Vendor Homepage: https://www.celestialsoftware.net/ # Software Link : https://www.celestialsoftware.net/telnet/AbsoluteTelnet32.11.24.exe # Tested Version: 11.24 # Vulnerability Type: Denial of Service (DoS) Local # Tested on OS: Windows 7 Professional x86 SP1 - Windows 10 x64 # Description: AbsoluteTelnet 11.24 - 'DialUp/Phone' & license name Denial of Service (PoC) # Steps to reproduce: # 1. - Download and install AbsoluteTelnet # 2. - Run the python script and it will create exploit.txt file. # 3. - Open AbsoluteTelnet 11.24 # 4. …

# Exploit Title: AbsoluteTelnet 11.24 - 'Username' Denial of Service (PoC) # Discovered by: Yehia Elghaly # Discovered Date: 2021-11-10 # Vendor Homepage: https://www.celestialsoftware.net/ # Software Link: https://www.celestialsoftware.net/telnet/AbsoluteTelnet32.11.24.exe # Tested Version: 11.24 # Vulnerability Type: Denial of Service (DoS) Local # Tested on OS: Windows 7 Professional x86 SP1 - Windows 10 x64 # Description: AbsoluteTelnet 11.24 - 'SHA1/SHA2/Username' and 'Error Report' Denial of Service (PoC) # Steps to reproduce: # 1. - Download and install AbsoluteTelnet # 2. - Run the python script and it will create exploit.txt file. # 3. - Open AbsoluteTelnet 11.…

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ # Exploit Title: ABUS Security Camera TVIP 20000-21150 - LFI, RCE and SSH Root Access # Date: 2023-02-16 # Exploit Author: d1g@segfault.net for NetworkSEC [NWSSA-001-2023] # Vendor Homepage: https://www.abus.com # Version/Model: TVIP 20000-21150 (probably many others) # Tested on: GM ARM Linux 2.6, Server: Boa/0.94.14rc21 # CVE: CVE-2023-26609 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ++++++++++++++++++++ 0x00 DESCRIPTION ++++++++++++++++++++ During a recent engagement, a network camera was discovered. Web fuzzing revealed a URL of /device containing outp…

# Exploit Title: AC Repair and Services System v1.0 - Multiple SQL Injection # Date: 27 December 2023 # Exploit Author: Gnanaraj Mauviel (@0xm3m) # Vendor: oretnom23 # Vendor Homepage: https://www.sourcecodester.com/php/16513/ac-repair-and-services-system-using-php-and-mysql-source-code-free-download.html # Software Link: https://www.sourcecodester.com/sites/default/files/download/oretnom23/php-acrss.zip # Version: v1.0 # Tested on: Mac OSX, XAMPP, Apache, MySQL ------------------------------------------------------------------------------------------------------------------------------------------- Source Code(/php-acrss/admin/user/manage_user.php): <?php if(isset…

# Exploit Title: Academy LMS 6.0 - Reflected XSS # Exploit Author: CraCkEr # Date: 22/07/2023 # Vendor: Creativeitem # Vendor Homepage: https://creativeitem.com/ # Software Link: https://demo.creativeitem.com/academy/ # Version: 6.0 # Tested on: Windows 10 Pro # Impact: Manipulate the content of the site # CVE: CVE-2023-4119 ## Greetings The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL , MoizSid09, indoushka CryptoJob (Twitter) twitter.com/0x0CryptoJob ## Description The attacker can send to victim a link containing a malicious URL in an email or instant message can perform a wide variety of actions, such as stealing the victim's session token or login cr…

# Exploit Title: Academy LMS 6.1 - Arbitrary File Upload # Exploit Author: CraCkEr # Date: 05/08/2023 # Vendor: Creativeitem # Vendor Homepage: https://academylms.net/ # Software Link: https://demo.academylms.net/ # Version: 6.1 # Tested on: Windows 10 Pro # Impact: Allows User to upload files to the web server # CWE: CWE-79 - CWE-74 - CWE-707 ## Description Allows Attacker to upload malicious files onto the server, such as Stored XSS ## Steps to Reproduce: 1. Login as a [Normal User] 2. In [User Dashboard], go to [Profile Settings] on this Path: https://website/dashboard/#/settings 3. Upload any Image into the [avatar] 4. Capture the POST Request with [Burp Proxy I…

# Exploit Title: Academy LMS 6.2 - SQL Injection # Exploit Author: CraCkEr # Date: 29/08/2023 # Vendor: Creativeitem # Vendor Homepage: https://creativeitem.com/ # Software Link: https://demo.creativeitem.com/academy/ # Tested on: Windows 10 Pro # Impact: Database Access # CVE: CVE-2023-4974 # CWE: CWE-89 / CWE-74 / CWE-707 ## Greetings The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL , MoizSid09, indoushka CryptoJob (Twitter) twitter.com/0x0CryptoJob ## Description SQL injection attacks can allow unauthorized access to sensitive data, modification of data and crash the application or make it unavailable, leading to lost revenue and damage to a company's …

# Exploit Title: Academy-LMS 4.3 - Stored XSS # Date: 19/12/2020 # Vendor page: https://academy-lms.com/ # Version: 4.3 # Tested on Win10 and Google Chrome # Exploit Author: Vinicius Alves # XSS Payload: </script><svg onload=alert();> 1) Access LMS and log in to admin panel 2) Access courses page 3) Open course manager and SEO menu 4) Paste the XSS Payload tag and Submit 5) Access the course page on frontend 6) Trigged!

# Exploit Title: Accela Civic Platform 21.1 - 'contactSeqNumber' Insecure Direct Object References (IDOR) # Software Link: https://www.accela.com/civic-platform/ # Version: <= 21.1 # Author: Abdulazeez Alaseeri # Tested on: JBoss server/windows # Type: Web App # Date: 07/06/2021 # CVE: CVE-2021-34369 ================================================================ Accela Civic Platform Insecure Direct Object References <= 21.1 ================================================================ This vulnerability allows authenticated attackers to view other user's data by manpulating the value of contactSeqNumber ======================================================…

# Exploit Title: Accela Civic Platform 21.1 - 'servProvCode' Cross-Site-Scripting (XSS) # Exploit Author: Abdulazeez Alaseeri # Software Link: https://www.accela.com/civic-platform/ # Version: <= 21.1 # Tested on: JBoss server/windows # Type: Web App # Date: 06/07/2021 # CVE: CVE-2021-33904 ================================================================ Accela Civic Platform Cross-Site-Scripting <= 21.1 ================================================================ ================================================================ Request Heeaders start ================================================================ GET /security/hostSignon.do?hostSignOn=true…

# Exploit Title: Accela Civic Platform 21.1 - 'successURL' Cross-Site-Scripting (XSS) # Software Link: https://www.accela.com/civic-platform/ # Version: <= 21.1 # Author: Abdulazeez Alaseeri # Tested on: JBoss server/windows # Type: Web App # Date: 07/06/2021 # CVE-2021-34370 ================================================================ Accela Civic Platform Cross-Site-Scripting and Open Redirect <= 21.1 ================================================================ ================================================================ Request Heeaders start ================================================================ GET /ssoAdapter/logoutAction.do?servPro…

# Exploit Title: Accounting Journal Management System 1.0 - 'id' SQLi (Authenticated) # Exploit Author: Alperen Ergel # Contact: @alpernae (IG/TW) # Software Homepage: https://www.sourcecodester.com/php/15155/accounting-journal-management-system-trial-balance-php-free-source-code.html # Version : 1.0 # Tested on: windows 10 xammp | Kali linux # Category: WebApp # Google Dork: N/A # Date: 09.02.2022 ######## Description ######## # # # Authenticate and get update user settings will be appear the # id paramater put your payload at there it'll be work # # # ######## Proof of Concept ######## ========>>> REQUEST <<<========= GET /ajms/admin/?page=user…

# Exploit Title: Express Accounts Accounting 7.02 - Persistent Cross-Site Scripting # Exploit Author: Debashis Pal # Date: 2019-10-16 # Vendor Homepage: https://www.nchsoftware.com # Source: https://www.nchsoftware.com/accounting/index.html # Version: Express Accounts Accounting v7.02 # CVE : N/A # Tested on: Windows 7 SP1(32bit) # About Express Accounts Accounting v7.02 ========================================= Express Accounts is professional business accounting software, perfect for small businesses. # Vulnerability ================ Persistent Cross site scripting (XSS). # PoC ====== 1. Login as authenticated unprivileged user to Express Accounts Accounting v7.…

# Exploit Title: Accu-Time Systems MAXIMUS 1.0 - Telnet Remote Buffer Overflow (DoS) # Discovered by: Yehia Elghaly # Discovered Date: 22/12/2021 # Vendor Homepage: https://www.accu-time.com/ # Software Link : https://www.accu-time.com/maximus-employee-time-clock-3/ # Tested Version: 1.0 # Vulnerability Type: Buffer Overflow (DoS) Remote # Tested on OS: linux # Description: Accu-Time Systems MAXIMUS 1.0 Telnet Remote Buffer Overflow # Steps to reproduce: # 1. - Accu-Time Systems MAXIMUS 1.0 Telnet listening on port 23 # 2. - Run the Script from remote PC/IP # 3. - Telnet Crashed #!/usr/bin/env python3 import socket import sys print("#################################…

# Exploit Title: Acer Updater Service 1.2.3500.0 - 'UpdaterService.exe' Unquoted Service Path # Discovery by: Emmanuel Lujan # Discovery Date: 2020-11-26 # Vendor Homepage: https://www.acer.com/ac/en/US/content/home # Tested Version: 1.2.3500.0 # Vulnerability Type: Unquoted Service Path # Tested on OS: Windows 7 Home Premium x64 # Step to discover Unquoted Service Path: C:\>wmic service get name, pathname, displayname, startmode | findstr /i "Auto" | findstr /i /v "C:\Windows\\" | findstr /i /v """ Live Updater Service Live Upd ater Service C:\Program Files\Acer\Acer Updater\Updater Serv…

# Exploit Title: Acronis Cyber Backup 12.5 Build 16341 - Unauthenticated SSRF # Date: 2020-07-30 # Author: Julien Ahrens # Vendor Homepage: https://www.acronis.com # Version: 12.5 Build 16341 # CVE: CVE-2020-16171 VERSIONS AFFECTED ==================== Acronis Cyber Backup v12.5 Build 16327 and probably below. VULNERABILITY DETAILS ======================== All API endpoints running on port 9877 under "/api/ams/" whereof some are reachable without authentication, do accept an additional custom header called "Shard": def get_ams_address(headers): if 'Shard' in headers: [...] return headers.get('Shard') # Mobile agent >= ABC5.0 The value of this h…

Acronis Cyber Infrastructure default password remote code execution Disclosed 07/24/2024 Created 10/03/2024 Description Acronis Cyber Infrastructure (ACI) is an IT infrastructure solution that provides storage, compute, and network resources. Businesses and Service Providers are using it for data storage, backup storage, creating and managing virtual machines and software-defined networks, running cloud-native applications in production environments. This module exploits a default password vulnerability in ACI which allow an attacker to access the ACI PostgreSQL database and gain administrative access to the ACI Web Portal. This opens the door for the attac…

# Exploit Title: Acronis True Image OEM 19.0.5128 - 'afcdpsrv' Unquoted Service Path # Date: 2019-11-11 # Author: Alejandra Sánchez # Vendor Homepage: https://www.acronis.com # Software: ftp://supportdownload:supportdownload@ftp.kingston.com/AcronisTrueImageOEM_5128.exe # Version: 19.0.5128 # Tested on: Windows 10 # Description: # Acronis True Image OEM 19.0.5128 suffers from an unquoted search path issue impacting the service 'afcdpsrv'. This could potentially allow an # authorized but non-privileged local user to execute arbitrary code with elevated privileges on the system. A successful attempt would require # the local user to be able to insert their code in the sy…

# Exploit Title: ActFax 10.10 - Unquoted Path Services # Date: 22/03/2023 # Exploit Author: Birkan ALHAN (@taftss) # Vendor Homepage: https://www.actfax.com # Software Link: https://www.actfax.com/en/download.html # Version: Version 10.10, Build 0551 (2023-02-01) # Tested on: Windows 10 21H2 OS Build 19044.2728 #Discover to Unquoted Services Path: C:\Users\taftss>sc qc ActiveFaxServiceNT [SC] QueryServiceConfig SUCCESS SERVICE_NAME: ActiveFaxServiceNT TYPE : 10 WIN32_OWN_PROCESS START_TYPE : 2 AUTO_START ERROR_CONTROL : 1 NORMAL BINARY_PATH_NAME : C:\Program Files\ActiveFax\Server\ActSrvNT.exe LOAD_ORDER_GROUP : TAG : 0 DISPLAY_NAME : ActiveFax-Server-Service DEPEND…

# Exploit Title: ACTi NVR3 Standard or Professional Server 3.0.12.42 - Denial of Service (PoC) # # Date: 2020-08-04 # # Exploit Author: MegaMagnus # # Vendor Homepage: https://www.acti.com/ # # Software Link: https://www.acti.com/DownloadCenter # # Version: V.3.0.12.42 , V.2.3.04.07 # # Tested on: Windows 7, Windows 10 # # CVE: CVE-2020-15956 # # This i…