School Faculty Scheduling System 1.0 - Stored Cross Site Scripting POC

Exploit Title: School Faculty Scheduling System 1.0 - Stored Cross Site Scripting Date: 21/10/2020 Exploit Author: Jyotsna Adhana Vendor Homepage: https://www.sourcecodester.com/php/14535/school-faculty-scheduling-system-using-phpmysqli-source-code.html Software Link:...

Visitor Management System In PHP 1.0 SQL Injection

Title: Visitor Management System in PHP 1.0 - Authenticated SQL Injection Exploit Author: Rahul Ramkumar Date: 2020-09-16 Vendor Homepage: https://projectworlds.in Software Link: https://projectworlds.in/wp-content/uploads/2020/07/Visitor-Management-System-in-PHP.zip Version: 1.0 Tested On: Windo...

Mobile Shop System v1.0 - SQL Injection Authentication Bypass

Title: Mobile Shop System v1.0 - SQLi lead to authentication bypass Exploit Author: Moaaz Taha 0xStorm Date: 2020-09-08 Vendor Homepage: https://www.sourcecodester.com/php/14412/mobile-shop-system-php-mysql.html Software Link:...

Microsoft Excel Remote Code Execution Vulnerability (CNVD-2021-08825)

Microsoft Excel is a spreadsheet processing software in the Office suite from Microsoft USA. A security vulnerability exists in Microsoft Excel's handling of memory objects, which allows remote attackers to exploit the vulnerability by submitting a special file request that can be tricked into...

Tourism Management System 1.0 - Arbitrary File Upload

Exploit Title: Tourism Management System 1.0 - Arbitrary File Upload Date: 2020-10-19 Exploit Author: Ankita Pal & Saurav Shukla Vendor Homepage: https://phpgurukul.com/tourism-management-system-free-download/ Software Link: https://phpgurukul.com/?smdprocessdownload=1&downloadid=7204 Version: V1...

berliCRM 1.0.24 - 'src_record' SQL Injection

Exploit Title: berliCRM 1.0.24 - 'srcrecord' SQL Injection Google Dork: N/A Date: 2020-10-11 Exploit Author: Ahmet Ümit BAYRAM Vendor Homepage: https://www.berlicrm.de Software Link: https://github.com/berliCRM/berlicrm/archive/1.0.24.zip Version: 1.0.24 Tested on: Kali Linux CVE : N/A ==========...

Exploit for CVE-2019-13272

No description...

SEO Panel 4.6.0 - Remote Code Execution (1)

Exploit Title: SEO Panel 4.6.0 - Remote Code Execution Google Dork: N/A Date: 2020-10-03 Exploit Author: Kiko Andreu kikoas1995 & Daniel Monzón stark0de Vendor Homepage: https://seopanel.org/ Software Link: https://www.seopanel.org/spdownload/4.6.0 Version: 4.6.0 Tested on: Kali Linux x64 5.4.0 C...

MonoCMS Blog 1.0 - Arbitrary File Deletion (Authenticated)

Exploit Title: MonoCMS Blog 1.0 - Arbitrary File Deletion Authenticated Date: 2020-09-20 Exploit Author: Shahrukh Iqbal Mirza @shahrukhiqbal24 Vendor Homepage: https://monocms.com/download Software Link: https://monocms.com/download Version: 1.0 Tested On: Windows 10 XAMPP CVE: N/A Proof of...

Exploit for CVE-2020-1472

CVE-2020-1472-Easy This is definitely not something you would...

BloodX CMS 1.0 - Authentication Bypass

Exploit Title: BloodX CMS 1.0 - Authentication Bypass Google Dork: N/A Date: 2020-09-02 Exploit Author: BKpatron Vendor Homepage: https://github.com/diveshlunker/BloodX Software Link: https://github.com/diveshlunker/BloodX/archive/master.zip Version: v1.0 Tested on: Win 10 CVE: N/A my website:...

moziloCMS 2.0 - Persistent Cross-Site Scripting (Authenticated)

Exploit Title: moziloCMS 2.0 - Persistent Cross-Site Scripting Authenticated Date: 2020-08-31 Exploit Author: Abdulkadir Kaya Vendor Homepage: https://www.mozilo.de/ Version: 2.0 Tested on: Windows & WampServer 1- Go to following url. http://HOST/PATH/admin/ 2- Login the admin panel. 3- Go to...

moziloCMS 2.0 Cross Site Scripting

Exploit Title: moziloCMS 2.0 - Persistent Cross-Site Scripting Authenticated Date: 2020-08-31 Exploit Author: Abdulkadir Kaya Vendor Homepage: https://www.mozilo.de/ Version: 2.0 Tested on: Windows & WampServer 1- Go to following url. http://HOST/PATH/admin/ 2- Login the admin panel. 3- Go to...

Critical Slack Bug Allows Access to Private Channels, Conversations

A critical vulnerability in the popular Slack collaboration app would allow remote code-execution RCE. Attackers could gain full remote control over the Slack desktop app with a successful exploit — and thus access to private channels, conversations, passwords, tokens and keys, and various...

Bulk Change <= 1.0 - Authenticated Reflected Cross-Site Scripting

The Bulk Change page under Tools Bulk Posts Change has an 's' GET parameter echoed to a text input tag value without being sanitised, leading to a cross-site scripting issue. /wp-admin/tools.php?page=bulk-change%2Fbulk-change.php&perpage=10&dosearch=Search+...&changeposttype&bctpaction&s="alertXS...

vBulletin 5.6.2 Persistent Cross Site Scripting

Exploit Title: vBulletin 5.6.2 Stored XSS Date:15.08.2020 Author: Vincent666 ibn Winnie Software Link: https://www.vbulletin.com/en/features/ Tested on: Windows 10 Web Browser: Mozilla Firefox Blog : https://pentest-vincent.blogspot.com/ PoC:...

Exploit for Code Injection in Vbulletin

vBulletin RCE 5.x Get Email + SMTP CVE-2019-16759 This tool...

Quiz and Survey Master < 7.0.1 - Arbitrary File Upload

This flaw made it possible for unauthenticated attackers to upload arbitrary files and achieve remote code execution. Set-up quiz that accepts file uploads, then upload file and change content-type to one set as approved. history.pushState'', '', '/' function submitRequest var xhr = new...

Ultimate Member < 2.1.7 - Unauthenticated Open Redirect

The Ultimate Member WordPress plugin was vulnerable to an Unauthenticated Open Redirect vulnerability, affecting the registration and login pages where the "redirectto" GET parameter was used. https://www.example.com/register/?redirectto=https://www.evil.com/...

Exploit for Improper Input Validation in Google Android

CVE-2020-0041 This repository contains LPE code for exploitin...