Exploit for CVE-2023-0099

CVE-2023-0099-exploit Exploit Title: simple urls 4. kno...

Exploit for Cross-site Scripting in Axigen Axigen_Mobile_Webmail

Exploit Title: Axigen if xhr1.readyState === XMLHttpRe...

Marky 0.0.1 - XSS to Remote Command Execution Vulnerability

Exploit Title: Marky 0.0.1 - XSS to RCE Exploit Author: TaurusOmar CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Risk: High 8.8 Vendor Homepage: https://github.com/vesparny/marky Version: 0.0.1 Tested on: Linux, MacOs, Windows Software Description: Marky is an editor for markdown with a friendly...

RemoteClinic 2.0 - (Multiple) Stored Cross-Site Scripting (XSS) Vulnerability

Exploit Title: RemoteClinic 2.0 - 'Multiple' Stored Cross-Site Scripting XSS Exploit Author: Saud Ahmad Vendor Homepage: https://remoteclinic.io/ Software Link: https://github.com/remoteclinic/RemoteClinic Version: 2.0 Tested on: Windows 10 CVE : CVE-2021-30030, CVE-2021-30034, CVE-2021-30039,...

Novel Boutique House-plus 3.5.1 - Arbitrary File Download Vulnerability

Exploit Title: Novel Boutique House-plus 3.5.1 - Arbitrary File Download Exploit Author: tuyiqiang Vendor Homepage: https://xiongxyang.gitee.io/ Software Link: https://gitee.com/noveldevteam/novel-plus,https://github.com/201206030/novel-plus Version: all Tested on: linux Vulnerable code:...

Development Kamel KCFinder 1.7 Shell Upload Vulnerability

Exploit Title : Development Kamel - KCFinder Shell Upload Vulnerability + Date : 25/03/2021 + Exploit Author : RAYAN ALi + Home : http://kamel.tech/ + Discovered By : RAYAN + Vendor Homepage : http://kamel.tech/ + Exploit: + http://localhost/resources/admin/Editor/kcfinder/browse.php?type=files +...

MagpieRSS 0.72 - (url) Command Injection and Server Side Request Forgery Vulnerability

Exploit Title: MagpieRSS 0.72 - 'url' Command Injection and Server Side Request Forgery Exploit Author: bl4ckh4ck5 Vendor Homepage: http://magpierss.sourceforge.net/ Software Link: https://sourceforge.net/projects/magpierss/files/magpierss/magpierss-0.72/magpierss-0.72.tar.gz/download Version:...

rConfig 3.9.6 - (path) Local File Inclusion (Authenticated) Vulnerability

Exploit Title: rConfig 3.9.6 - 'path' Local File Inclusion Authenticated Exploit Author: 5a65726f Vendor Homepage: https://www.rconfig.com Software Link: https://www.rconfig.com/downloads/rconfig-3.9.6.zip Version: rConfig v3.9.6 Install scripts :...

Zenario CMS 8.8.53370 - (id) Blind SQL Injection Vulnerability

Exploit Title: Zenario CMS 8.8.53370 - 'id' Blind SQL Injection Exploit Author: Balaji Ayyasamy Vendor Homepage: https://zenar.io/ Software Link: https://github.com/TribalSystems/Zenario/releases/tag/8.8 Version: 8.8.53370 Tested on: Windows 10 Pro 19041 x6486 + XAMPP 7.4.14 Reference -...

WordPress SuperStoreFinder / SuperInteractiveMaps 6.3 SQL Injection Vulnerability

?php Title : SuperStoreFinder & SuperInteractiveMaps Wordpress Plugin SQL Injection Researcher : Eagle Eye Exploit Name : SSF & SIM SQL Injection Request type : POST Plugin Author : Joe lz Plugin Website : https://superstorefinder.net/ Version Affected : All version include latest 6.3 Tested on :...

Online Ordering System 1.0 - Arbitrary File Upload to Remote Code Execution Vulnerability

Exploit Title: Online Ordering System 1.0 - Arbitrary File Upload to Remote Code Execution Exploit Author: Suraj Bhosale Vendor Homepage: https://www.sourcecodester.com Software Link: https://www.sourcecodester.com/php/5125/online-ordering-system-using-phpmysql.html Version: 1.0 Tested on Windows...

Textpattern CMS 4.9.0-dev - (Excerpt) Persistent Cross-Site Scripting Vulnerability

Exploit Title: Textpattern CMS 4.9.0-dev - 'Excerpt' Persistent Cross-Site Scripting XSS Date: 2021-03-04 Exploit Author: Tushar Vaidya Vendor Homepage: https://textpattern.com Software Link: https://textpattern.com/start Version: v 4.9.0-dev Tested on: Windows Steps-To-Reproduce: 1. Login into...

Local Services Search Engine Management System (LSSMES) 1.0 - (name) XSS Vulnerability

Exploit Title: Local Services Search Engine Management System LSSMES 1.0 - 'name' Persistent Cross-Site Scripting XSS Exploit Author: Tushar Vaidya Vendor Homepage: https://phpgurukul.com/local-services-search-engine-management-system-using-php-and-mysql/ Software Link:...

Yeastar TG400 GSM Gateway 91.3.0.3 Path Traversal Vulnerability

Path Traversal on Yeastar TG400 GSM Gateway - 91.3.0.3 This is a Proof of Concept for CVE-2021-27328 Example to get firmware decrypting password http://192.168.43.246/cgi/WebCGI?1404=../../../../../../../../../../bin/firmwaredetect to get /etc/paswd...

LayerBB 1.1.4 - (search_query) SQL Injection Vulnerability

Exploit Title: LayerBB 1.1.4 - 'searchquery' SQL Injection Exploit Author: Görkem Haşin Version: 1.1.4 Tested on: Linux/Windows POST /search.php HTTP/1.1 Host: Target Payload: searchquery=Lffd' AND 8460=SELECT CASE WHEN 8460=8460 THEN 8460 ELSE SELECT 1560 UNION SELECT 2122 END--...

docsify 4.11.6 Cross Site Scripting Vulnerability

docsify versions 4.11.6 and below suffer from a cross site scripting vulnerability. This vulnerability exists due to an incomplete fix for CVE-2020-7680. -------------------------------------------------------------- docsify = 4.11.6 DOM-based Cross-Site Scripting Vulnerability...

BlackCat CMS 1.3.6 - (Display name) XSS Vulnerability

Exploit Title: BlackCat CMS 1.3.6 - 'Display name' Cross Site Scripting XSS Exploit Author: Kamaljeet Kumar - TATA Advanced Systems Limited Vendor Homepage: https://blackcat-cms.org/ Software Link: https://blackcat-cms.org/page/download.php Version: BlackCat CMS - 1.3.6 Tested on: Windows Steps t...

GetSimple CMS Plugin Multi User 1.8.2 - Cross-Site Request Forgery (Add Admin) Vulneraility

Exploit for php platform in category web applications Exploit Title: GetSimple CMS Plugin Multi User v1.8.2 - Cross-Site Request Forgery Add Admin Exploit Author: Bobby Cooke boku & Adeeb Shah @hyd3sec Vendor Homepage: http://get-simple.info/extend/plugin/multi-user/133/ Software Link:...

Online Shopping Alphaware 1.0 Insecure Direct Object Reference Vulnerability

Exploit for php platform in category web applications Exploit Title: Online Shopping Alphaware 1.0 - 'Summary' Insecure Direct Object Reference Authenticated Exploit Author: Edo Maland Vendor Homepage: https://www.sourcecodester.com/php/14368/online-shopping-alphaware-phpmysql.html Software Link:...

Online Shopping Alphaware 1.0 Cross Site Request Forgery Vulnerability

Exploit for php platform in category web applications Exploit Title: Online Shopping Alphaware 1.0 - Cross-Site Request Forgery Account Takeover Exploit Author: Edo Maland Vendor Homepage: https://www.sourcecodester.com/php/14368/online-shopping-alphaware-phpmysql.html Software Link:...