409 matches found
Budgets And Expense Tracker System 1.0 Shell Upload
Exploit Title: Budget and Expense Tracker System 1.0 - Remote Code Execution RCE Unauthenticated Exploit Author: Abdullah Khawaja hax.3xploit Date: 2021-09-21 Vendor Homepage: https://www.sourcecodester.com/php/14893/budget-and-expense-tracker-system-php-free-source-code.html Software Link:...
Hotel Management System 1.0 - Cross-Site Scripting (XSS) Arbitrary File Upload Remote Code Execution (RCE)
Exploit Title: Hotel Management System 1.0 - Cross-Site Scripting XSS Arbitrary File Upload Remote Code Execution RCE Date: 2021-08-01 Exploit Author: Merbin Russel Vendor Homepage: https://phpgurukul.com/ Software Link: https://phpgurukul.com/?smdprocessdownload=1&downloadid=7204 Version: V1.0...
Church Management System 1.0 Shell Upload
Exploit Title: Church Management System 1.0 - Unrestricted File Upload to Remote Code Execution Authenticated Date: 07/03/2021 Exploit Author: Murat DEMIRCI @butterflyhunt3r Vendor Homepage: https://www.sourcecodester.com Software Link:...
CVE-2020-13873
A SQL Injection vulnerability in gettopicinfo in sys/CODOF/Forum/Topic.php in Codoforum before 4.9 allows remote attackers pre-authentication to bypass the admin page via a leaked password-reset token of the admin. As an admin, an attacker can upload a PHP shell and execute remote code on the...
CVE-2020-13873
A SQL Injection vulnerability in gettopicinfo in sys/CODOF/Forum/Topic.php in Codoforum before 4.9 allows remote attackers pre-authentication to bypass the admin page via a leaked password-reset token of the admin. As an admin, an attacker can upload a PHP shell and execute remote code on the...
Nagios XI 5.5.0-5.7.3 - Snmptrap Authenticated Remote Code Exection
This module exploits an OS command injection vulnerability in includes/components/nxti/index.php that enables an authenticated user with admin privileges to achieve remote code execution as the apache user. The module uploads a simple PHP shell via includes/components/nxti/index.php to...
Sentrifugo 3.2 Remote Code Execution
Exploit Title: Sentrifugo 3.2 - 'assets' Remote Code Execution Authenticated Google Dork: N/A Date: 2020.10.06 Exploit Author: Fatih Çelik Vendor Homepage: https://sourceforge.net/projects/sentrifugo/ Software Link: https://sourceforge.net/projects/sentrifugo/ Blog:...
Online Library Management System 1.0 - Arbitrary File Upload
Exploit Title: Online Library Management System 1.0 - Arbitrary File Upload Date: 22-10-2020 Exploit Author: Jyotsna Adhana Vendor Homepage: https://www.sourcecodester.com/php/14545/online-library-management-system-phpmysqli-full-source-code-2020.html Software Link:...
MedDream PACS Server 6.8.3.751 - Remote Code Execution (Unauthenticated)
!/usr/bin/python Exploit Title: MedDream PACS Server 6.8.3.751 - Remote Code Execution Unauthenticated Exploit Author: bzyo Twitter: @bzyo Date: 10-10-2020 Vulnerable Software: https://www.softneta.com/products/meddream-pacs-server/ Vendor Homepage: https://www.softneta.com Version: 6.8.3.751...
U.S. Dept Of Defense: Unrestricted File Upload Leads to XSS & Potential RCE
Summary: Unrestricted file upload at████████/request?openform. When the user wants to upload a file the app allows the user to upload a HTML file leading to stored XSS and creation of a simple php script. A user can upload the HTML file and trigger XSS and trigger potential RCE with php shell...
Online Discussion Forum Site 1.0 - Remote Code Execution
Online Discussion Forum Site version 1.0 suffers from a remote code execution vulnerability. Exploit Title: Online Discussion Forum Site 1.0 - Remote Code Execution Google Dork: N/A Date: 2020-05-24 Exploit Author: Selim Enes 'Enesdex' Karaduman Vendor Homepage:...
Online Discussion Forum Site 1.0 - Remote Code Execution Vulnerability
Exploit for php platform in category web applications Exploit Title: Online Discussion Forum Site 1.0 - Remote Code Execution Exploit Author: Selim Enes 'Enesdex' Karaduman Vendor Homepage: https://www.sourcecodester.com/php/14233/online-discussion-forum-site.html Software Link:...
Online Clothing Store 1.0 Arbitrary File Upload
Exploit Title: Online Clothing Store 1.0 - Arbitrary File Upload Date: 2020-05-05 Exploit Author: Sushant Kamble and Saurav Shukla Vendor Homepage: https://www.sourcecodester.com/php/14185/online-clothing-store.html Software Link:...
Stripo Inc: Unrestricted File Upload on https://my.stripo.email and https://stripo.email
Hi Stripo Inc, I found 2 Unrestricted File Upload Vulnerabilities on your website. First Vulnerability: Step to Reproduce 1. Create an account in "https://my.stripo.email" 2. Simply Download a php shell from internet and open with text editor. ex: r57 shell 3. Then save it as JPEG file. 4. Go bac...
FUDForum 3.0.9 - Remote Code Execution
FUDForum 3.0.9 - Remote Code Execution Exploit Title : FUDForum 3.0.9 - Remote Code Execution Date: 2019-10-26 Exploit Author: liquidsky JMcPeters Vulnerable Software: FUDForum 3.0.9 Vendor Homepage: https://sourceforge.net/projects/fudforum/ Version: 3.0.9 Software Link:...
FUDForum 3.0.9 - Remote Code Execution
Exploit Title : FUDForum 3.0.9 - Remote Code Execution Date: 2019-10-26 Exploit Author: liquidsky JMcPeters Vulnerable Software: FUDForum 3.0.9 Vendor Homepage: https://sourceforge.net/projects/fudforum/ Version: 3.0.9 Software Link:...
vBulletin 5.0 5.5.4 - updateAvatar Authenticated Remote Code Execution
vBulletin 5.0 5.5.4 - updateAvatar Authenticated Remote Code Execution ?php / --------------------------------------------------------------------- vBulletin = 5.5.4 updateAvatar Remote Code Execution Vulnerability ---------------------------------------------------------------------...
Norman Cryptominer Employs Sophisticated Obfuscation Tactics
A never-before-seen cryptomining variant, dubbed “Norman” after one of its executable files, has been spotted in the wild using various techniques to hide and avoid discovery. The levels of obfuscation are notable for their sheer depth, according to an analysis. Varonis uncovered an initial sampl...
CVE-2019-12831
In MyBB before 1.8.21, an attacker can abuse a default behavior of MySQL on many systems that leads to truncation of strings that are too long for a database column to create a PHP shell in the cache directory of a targeted forum via a crafted XML import, as demonstrated by truncation of...
CVE-2019-12831
In MyBB before 1.8.21, an attacker can abuse a default behavior of MySQL on many systems that leads to truncation of strings that are too long for a database column to create a PHP shell in the cache directory of a targeted forum via a crafted XML import, as demonstrated by truncation of...