CVE-2020-21139

EC Cloud E-Commerce System v1.3 was discovered to contain a Cross-Site Request Forgery CSRF which allows attackers to arbitrarily add admin accounts via /admin.html?do=user&act=add...

Simple Attendance System 1.0 Authentication Bypass

Exploit Title: Simple Attendance System v1.0 - Unauthenticated Add Admin Account Exploit Author: Richard Jones Date: September 26, 2021 Vendor Homepage: https://www.sourcecodester.com/php/14948/simple-attendance-system-php-and-sqlite-free-source-code.html Software Link:...

Dental Clinic Appointment Reservation System 1.0 - Cross Site Request Forgery (Add Admin)

Exploit Title: Dental Clinic Appointment Reservation System 1.0 - Cross Site Request Forgery Add Admin Exploit Author: Reza Afsahi Vendor Homepage: https://www.sourcecodester.com/php/6848/appointment-reservation-system.html Software Link:...

Dental Clinic Appointment Reservation System 1.0 Cross Site Request Forgery

Exploit Title: Dental Clinic Appointment Reservation System 1.0 - Cross Site Request Forgery Add Admin Date: 15-05-2021 Exploit Author: Reza Afsahi Vendor Homepage: https://www.sourcecodester.com/php/6848/appointment-reservation-system.html Software Link:...

Dental Clinic Appointment Reservation System 1.0 - Cross Site Request Forgery (Add Admin)

Exploit Title: Dental Clinic Appointment Reservation System 1.0 - Cross Site Request Forgery Add Admin Date: 15-05-2021 Exploit Author: Reza Afsahi Vendor Homepage: https://www.sourcecodester.com/php/6848/appointment-reservation-system.html Software Link:...

STVS ProVision 5.9.10 Cross Site Request Forgery

STVS ProVision 5.9.10 Cross-Site Request Forgery Add Admin Vendor: STVS SA Product web page: http://www.stvs.ch Platform: Ruby Affected version: 5.9.10 build 2885-3a8219a 5.9.9 build 2882-7c3b787 5.9.7 build 2871-a450938 5.9.1 build 2771-1bbed11 5.9.0 build 2701-6123026 5.8.6 build 2557-84726f7 5...

STVS ProVision 5.9.10 - Cross-Site Request Forgery (Add Admin)

Exploit Title: STVS ProVision 5.9.10 - Cross-Site Request Forgery Add Admin Date: 19.01.2021 Exploit Author: LiquidWorm Vendor Homepage: http://www.stvs.ch STVS ProVision 5.9.10 Cross-Site Request Forgery Add Admin Vendor: STVS SA Product web page: http://www.stvs.ch Platform: Ruby Affected...

STVS ProVision 5.9.10 Cross-Site Request Forgery (Add Admin)

Summary STVS is a Swiss company specializing in development of software for digital video recording for surveillance cameras as well as the establishment of powerful and user-friendly IP video surveillance networks. Description The application interface allows users to perform certain actions via...

Selea Targa IP OCR-ANPR Camera - CSRF Add Admin

Exploit Title: Selea Targa IP OCR-ANPR Camera - CSRF Add Admin Date: 07.11.2020 Exploit Author: LiquidWorm Vendor Homepage: https://www.selea.com Selea Targa IP OCR-ANPR Camera CSRF Add Admin Exploit Vendor: Selea s.r.l. Product web page: https://www.selea.com Affected version: Model: iZero Targa...

Selea Targa IP OCR-ANPR Camera CSRF Add Admin Exploit

Summary IP camera with optical character recognition OCR software for automatic number plate recognition ANPR also equipped with ADR system that enables it to read the Hazard Identification Number HIN, also known as the Kemler Code and UN number of any vehicle captured in free-flow mode. TARGA is...

Garfield Petshop 2020-10-01 Cross Site Request Forgery

!/usr/bin/perl Garfield Petshop Add-Admin Exploit By Ramdan Yantu rysec.io \ bastardlabs.info From Gorontalo - Indonesia Mail: ramdanyantuatgmail.com Application by Gamma Advertisa Link: https://detapos.co/ | https://demo.detapos.co.id/petshop CVE: CVE-2020-26522 use strict; use warnings; use...

SpinetiX Fusion Digital Signage 3.4.8 - Cross-Site Request Forgery (Add Admin)

Exploit Title: SpinetiX Fusion Digital Signage 3.4.8 - Cross-Site Request Forgery Add Admin Date: 2020-09-30 Exploit Author: LiquidWorm Vendor Homepage: https://www.spinetix.com Version: = 8.2.26 SpinetiX Fusion Digital Signage 3.4.8 CSRF Add Admin Exploit Vendor: SpinetiX AG Product web page:...

SpinetiX Fusion Digital Signage 3.4.8 Cross Site Request Forgery

SpinetiX Fusion Digital Signage 3.4.8 CSRF Add Admin Exploit Vendor: SpinetiX AG Product web page: https://www.spinetix.com Affected version: history.pushState'', '', '/index.php?r=settings/settings' form action="http://192.168.1.1/fusion/index.php?r=users/create...

SpinetiX Fusion Digital Signage 3.4.8 CSRF Add Admin Exploit

Summary At SpinetiX we inspire businesses to unlock the potential of their story. We believe in the power of digital signage as a dynamic new storytelling platform to engage with people. For more than 13 years, we have been constantly innovating to deliver cutting-edge digital signage solutions...

CloudMe 1.11.2 Buffer Overflow

Exploit Title: CloudMe 1.11.2 - Turing Complete Add-Admin ROP DEP,ASLR Exploit Author: Bobby Cooke boku CVE: CVE-2018-6892 Date: September 29th, 2020 Vendor Homepage: https://www.cloudme.com/ Software Link: https://www.cloudme.com/downloads/CloudMe1112.exe Version: 1.11.2 Tested On: Windows 10 x6...

Eibiz i-Media Server Digital Signage 3.8.0 Authentication Bypass

!/usr/bin/env python3 -- coding: utf-8 -- Eibiz i-Media Server Digital Signage 3.8.0 createUser Authentication Bypass Add Admin Vendor: EIBIZ Co.,Ltd. Product web page: http://www.eibiz.co.th Affected version: =3.8.0 Summary: EIBIZ develop advertising platform for out of home media in that time t...

GetSimple CMS Plugin Multi User 1.8.2 - Cross-Site Request Forgery (Add Admin) Vulneraility

Exploit for php platform in category web applications Exploit Title: GetSimple CMS Plugin Multi User v1.8.2 - Cross-Site Request Forgery Add Admin Exploit Author: Bobby Cooke boku & Adeeb Shah @hyd3sec Vendor Homepage: http://get-simple.info/extend/plugin/multi-user/133/ Software Link:...

GetSimple CMS Plugin Multi User 1.8.2 - Cross-Site Request Forgery (Add Admin)

Exploit Title: GetSimple CMS Plugin Multi User v1.8.2 - Cross-Site Request Forgery Add Admin Exploit Author: Bobby Cooke boku & Adeeb Shah @hyd3sec Date: August 2020-08-12 Vendor Homepage: http://get-simple.info/extend/plugin/multi-user/133/ Software Link:...

All-Dynamics Digital Signage System 2.0.2 - Cross-Site Request Forgery (Add Admin)

Exploit Title: All-Dynamics Digital Signage System 2.0.2 - Cross-Site Request Forgery Add Admin Discovery by: LiquidWorm Discovery Date: 2020-08-05 Vendor Homepage: https://www.all-dynamics.de !-- All-Dynamics Software enlogic:show Digital Signage System 2.0.2 CSRF Add Admin Vendor: All-Dynamics...

UBICOD Medivision Digital Signage 1.5.1 - Cross-Site Request Forgery (Add Admin)

Title: UBICOD Medivision Digital Signage 1.5.1 - Cross-Site Request Forgery Add Admin Date: 2020-07-23 Author: LiquidWorm Product web page: http://www.medivision.co.kr CVE: N/A input type="hidden" name="aai...