3592 matches found
Bolt CMS 3.7.0 Authenticated Remote Code Execution Exploit
This Metasploit module exploits multiple vulnerabilities in Bolt CMS version 3.7.0 and 3.6.x in order to execute arbitrary commands as the user running Bolt. Valid credentials for a Bolt CMS user are required. This module has been successfully tested against Bolt CMS 3.7.0 running on CentOS 7. Th...
Online Student Enrollment System 1.0 - Unauthenticated Arbitrary File Upload Vulnerability
Exploit for php platform in category web applications Exploit Title: Online Student Enrollment System 1.0 - Unauthenticated Arbitrary File Upload Exploit Author: BKpatron Vendor Homepage: https://www.campcodes.com/projects/php/4745/online-student-enrollment-system-in-php-mysqli/ Software Link:...
FileRun 2019.05.21 - Reflected Cross-Site Scripting Vulnerability
Exploit for multiple platform in category web applications Exploit Title: FileRun 2019.05.21 - Reflected Cross-Site Scripting Exploit Author: Emre ÖVÜNÇ Vendor Homepage: https://www.filerun.com/ Software Link: https://filerun.com/download Version: v2019.05.21 Tested on: Windows/Linux CVE:...
NeonLMS Learning Management System PHP Laravel Script 4.6 File Download Vulnerability
NeonLMS Learning Management System PHP Laravel Script version 4.6 suffers from an arbitrary file download vulnerability. Exploit Title: NeonLMS - Learning Management System PHP Laravel Script - 'Arbitrary' File Download Exploit Author: th3d1gger Vendor Homepage: https://www.neonlms.com/ Software...
NeonLMS Learning Management System PHP Laravel Script 4.6 Shell Upload Vulnerability
Exploit for php platform in category web applications Exploit Title: NeonLMS - Learning Management System PHP Laravel Script -Authenticated Arbitrary File Upload Exploit Author: th3d1gger Vendor Homepage: https://www.neonlms.com/ Software Link:...
Hostel Management System 2.0 - (id) SQL Injection (Unauthenticated)
Exploit for php platform in category web applications Exploit Title: Hostel Management System 2.0 - 'id' SQL Injection Unauthenticated Exploit Author: Selim Enes 'Enesdex' Karaduman Vendor Homepage: https://phpgurukul.com/hostel-management-system/ Software Link:...
AirControl 1.4.2 - PreAuth Remote Code Execution Exploit
Exploit for hardware platform in category web applications Exploit Title: AirControl 1.4.2 - PreAuth Remote Code Execution Exploit Author: 0xd0ff9 vs j3ssie Vendor Homepage: https://www.ui.com/ Software Link: https://www.ui.com/download/!utilities Version: AirControl = 1.4.2 Signature:...
Kuicms PHP EE 2.0 - Persistent Cross-Site Scripting Vulnerability
Exploit for php platform in category web applications Exploit Title: Kuicms Php EE 2.0 - Persistent Cross-Site Scripting Vendor Homepage: https://kuicms.com Software Link: https://kuicms.com/kuicms.zip Version: Kuicms Php EE 2.0 Tested on: Windows CVE : N/A Vulnerable Request: POST...
Joomla XCloner Backup 3.5.3 Plugin - Local File Inclusion (Authenticated) Vulnerability
Exploit for php platform in category web applications Exploit Title: Joomla! Plugin XCloner Backup 3.5.3 - Local File Inclusion Authenticated Exploit Author: Mehmet Kelepçe / Gais Cyber Security Exploit-Db Author ID: 8763 Reference:...
Victor CMS 1.0 - (comment_author) Persistent Cross-Site Scripting Vulnerability
Exploit for php platform in category web applications Exploit Title: Victor CMS 1.0 - 'commentauthor' Persistent Cross-Site Scripting Exploit Author: Kishan Lal Choudhary Vendor Homepage: https://github.com/VictorAlagwu/CMSsite Software Link:...
Monstra CMS 3.0.4 - Authenticated Arbitrary File Upload Vulnerability
Exploit for php platform in category web applications Exploit Title: Monstra CMS 3.0.4 - Authenticated Arbitrary File Upload Exploit Author: Kishan Lal Choudhary Vendor Homepage: https://monstra.org Software Link: https://bitbucket.org/awilum/monstra/downloads/monstra-3.0.4.zip Version: 3.0.4...
Cisco Digital Network Architecture Center 1.3.1.4 - Persistent Cross-Site Scripting Vulnerability
Exploit for java platform in category web applications Exploit Title: Cisco Digital Network Architecture Center 1.3.1.4 - Persistent Cross-Site Scripting Exploit Author: Dylan Garnaud & Benoit Malaboeuf - Pentesters from Orange Cyberdefense France Vendor Homepage:...
WebTareas 2.0p8 Cross Site Scripting Vulnerability
Exploit for php platform in category web applications Exploit Title: WebTareas v2.0p8 - Login Portal - Reflected Cross Site Scripting XSS Exploit Author: Bobby Cooke Vendor Homepage: http://webtareas.sf.net/ Software Link:...
IBM Data Risk Manager 2.0.3 Default Password Exploit
This Metasploit module abuses a known default password in IBM Data Risk Manager. The a3user has the default password idrm and allows an attacker to log in to the virtual appliance via SSH. This can be escalate to full root access, as a3user has sudo access with the default password. At the time o...
IBM Data Risk Manager 2.0.3 Remote Code Execution Exploit
IBM Data Risk Manager IDRM contains three vulnerabilities that can be chained by an unauthenticated attacker to achieve remote code execution as root. The first is an unauthenticated bypass, followed by a command injection as the server user, and finally abuse of an insecure default password. Thi...
Booked Scheduler 2.7.7 - Authenticated Directory Traversal Vulnerability
Exploit for php platform in category web applications Exploit Title: Booked Scheduler 2.7.7 - Authenticated Directory Traversal Author: Besim ALTINOK Vendor Homepage: https://www.bookedscheduler.com Software Link: https://sourceforge.net/projects/phpscheduleit/ Version: v2.7.7 Tested on: Xampp...
FlashGet 1.9.6 Buffer Overflow PoC Exploit
!/usr/bin/python Exploit Title: FlashGet 1.9.6 0day Remote Buffer Overflow Author: Milad Karimi Testen on: Kali Linux Software Link: http://www.flashget.com/en/download.htm?uid=undefined Version: 1.9.6 CVE : N/A from time import sleep from socket import res = '220 WELCOME!! :x\r\n', '331 Password...
IBM Data Risk Manager 2.0.3 Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'IBM Data Risk Manager Unauthenticated Remote Code Execution', 'Description' = %q IBM Data Risk Manager IDRM contains three vulnerabilities that c...
IBM Data Risk Manager 2.0.3 Default Password
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'IBM Data Risk Manager a3user Default Password', 'Description' = %q This module abuses a known default password in IBM Data Risk Manager. The...
FlashGet 1.9.6 Buffer Overflow Proof Of Concept
!/usr/bin/python Exploit Title: FlashGet 1.9.6 0day Remote Buffer Overflow Date: 2020.05.02 Author: Milad Karimi Testen on: Kali Linux Software Link: http://www.flashget.com/en/download.htm?uid=undefined Version: 1.9.6 CVE : N/A from time import sleep from socket import res = '220 WELCOME!!...