WordPress Elementor 3.6.2 Shell Upload

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Wordpress Plugin Elementor Authenticated Upload Remote Code Execution', 'Description' = %q The WordPress plugin Elementor versions 3.6.0 - 3.6.2,...

Sourcecodester Multi Restaurant Table Reservation System 1.0 - SQL Injection

Sourcecodester Multi Restaurant Table Reservation System 1.0 contains a SQL injection vulnerability via the file view-chair-list.php. It does not perform input validation on the tableid parameter, which allows unauthenticated SQL injection. An attacker can send malicious input in the GET request ...

WiFi Mouse 1.7.8.5 - Remote Code Execution Exploit (2)

Exploit Title: WiFi Mouse 1.7.8.5 - Remote Code Execution Author: H4rk3nz0 Vendor Homepage: http://necta.us/ Software Link: http://wifimouse.necta.us/download Version: 1.7.8.5 Tested on: Windows Enterprise Build 17763 ​ Python 3 port done by RedHatAugust Original exploit:...

vulhub

This repository is an offensive tool for web application security training and testing. It is a collection of vulnerable web applications and tools for testing and training purposes. The repository contains a variety of vulnerable applications, including web servers, databases, and other web-base...

Textpattern CMS <= 4.8.8 Multiple Vulnerabilities

Textpattern CMS is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:textpattern:textpattern";...

Rockwell Automation Allen-Bradley CompactLogix Reflective Cross-Site Scripting (CVE-2016-2279)

Cross-site scripting XSS vulnerability in the web server in Rockwell Automation Allen-Bradley CompactLogix 1769-L before 28.011+ allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. This plugin only works with Tenable.ot. Please visit...

OpenBMCS 2.4 Authenticated SQL Injection

Summary Building Management & Controls System BMCS. No matter what the size of your business, the OpenBMCS software has the ability to expand to hundreds of controllers. Our product can control and monitor anything from a garage door to a complete campus wide network, with everything you need on...

Exploit for Uncontrolled Resource Consumption in Siemens 6Bk1602-0Aa12-0Tp0_Firmware

!Log4jlogohttps://user-images.githubusercontent.com/726...

Exploit for Code Injection in Exiftool_Project Exiftool

Gitlab-Exiftool-RCE Original repos : https://github.com/CsEnox...

Exploit for SQL Injection in Engineers_Online_Portal_Project Engineers_Online_Portal

CVE-2021-42665 CVE-2021-42665 - SQL Injection authentication b...

Exploit for Cross-site Scripting in Engineers_Online_Portal_Project Engineers_Online_Portal

CVE-2021-42664 CVE-2021-42664 - Stored Cross-Site Scripting vu...

Exploit for Cross-site Scripting in Online_Event_Booking_And_Reservation_System_Project Online_Event_Booking_And_Reservation_System

CVE-2021-42662 CVE-2021-42662 - Stored Cross-Site Scripting vu...

Exploit for Cross-site Scripting in Online_Event_Booking_And_Reservation_System_Project Online_Event_Booking_And_Reservation_System

CVE-2021-42662 CVE-2021-42662 - Stored Cross-Site Scripting vu...

Exploit for Server-Side Request Forgery in Redhat Keycloak

Keycloak-12.0.1-CVE-2020-10770 Keycloak 12.0.1 - 'requestu...

Exploit for OS Command Injection in Genexis Platinum_4410_Firmware

CVE-2021-29003 https://hackerworld.home.blog/2021/03/19/rce-in...

Online Leave Management System 1.0 SQL Injection

Exploit Title: OLMS - PHP by: oretnom23 v1.0 SQL-Injection-Bypass-Authentication in /leavesystem/classes/Login.php. Author: nu11secur1ty Testing and Debugging: nu11secur1ty Date: 08.31.2021 Vendor: https://www.sourcecodester.com/php/14910/online-leave-management-system-php-free-source-code.html...

MySQL User-Defined (Linux) x32 / x86_64 - (sys_exec) Local Privilege Escalation Exploit (2)

Exploit Title: MySQL User-Defined Linux x32 / x8664 - 'sysexec' Local Privilege Escalation 2 Exploit Author: ninpwn Vendor Homepage: https://www.mysql.com Software Link: www.mysql.com Version: MySQL 4.x/5.x Tested on: Debian GNU/Linux 9 / mysql Ver 14.14 Distrib 5.7.30, for Linux x8664 using...

MySQL User-Defined (Linux) x32 / x86_64 sys_exec Local Privilege Escalation

Exploit Title: MySQL User-Defined Linux x32 / x8664 - 'sysexec' Local Privilege Escalation 2 Date: 29/08/2021 Exploit Author: ninpwn Vendor Homepage: https://www.mysql.com Software Link: www.mysql.com Version: MySQL 4.x/5.x Tested on: Debian GNU/Linux 9 / mysql Ver 14.14 Distrib 5.7.30, for Linux...

crossfire-server 1.9.0 - &#039;SetUp()&#039; Remote Buffer Overflow

Exploit Title: crossfire-server 1.9.0 - 'SetUp' Remote Buffer Overflow Exploit Author: Khaled Salem @Khaled0x07 Software Link: https://www.exploit-db.com/apps/43240af83a4414d2dcc19fff3af31a63-crossfire-1.9.0.tar.gz Version: 1.9.0 Tested on: Kali Linux 2020.4 CVE : CVE-2006-1236 !/bin/python impor...

Longjing Technology BEMS API 1.21 Remote Arbitrary File Download

Summary Battery Energy Management System. Description The application suffers from an unauthenticated arbitrary file download vulnerability. Input passed through the fileName parameter through downloads endpoint is not properly verified before being used to download files. This can be exploited t...