Exploit for OS Command Injection in Netgate Pfblockerng

CVE-2022-31814 Updated Exploit - pfBlockerNG = 2.1.426 U...

Exploit for Code Injection in Get-Simple Getsimple_Cms

CVE-2022-41544 Exploit Script This repository contains a scri...

Exploit for Code Injection in Get-Simple Getsimple_Cms

CVE-2022-41544 Exploit Script This repository contains a scri...

Prison Management System 1.0 Shell Upload Vulnerability

Exploit Title: Prison Management System 1.0 - Unuthenticated RCE Exploit Author: Muhammet Ali Dak Vendor Homepage: https://www.sourcecodester.com/sql/17287/prison-management-system.html Software Link: https://www.sourcecodester.com/download-code?nid=17287&title=Prison+Management+System+Using+PHP...

AEGON LIFE 1.0 Remote Code Execution

Exploit Title: Life Insurance Management System- Unauthenticated Remote Code Execution RCE Exploit Author: Aslam Anwar Mahimkar Date: 18-05-2024 Category: Web application Vendor Homepage: https://projectworlds.in/ Software Link: https://projectworlds.in/life-insurance-management-system-in-php/...

Quick Cart 6.7 Shell Upload Vulnerability

Quick Cart version 6.7 suffers from a remote shell upload vulnerability provided you have administrative privileges. Title : Authenticated Remote Code Execution & Shell Upload Product : Quick Cart Vendor : https://opensolution.org/ Affected Version : 6.7 Researcher : Eagle Eye Tested on : Window ...

Quick CMS 6.7 Shell Upload Vulnerability

Title : Authenticated Shell Upload Product : Quick CMS Vendor : https://opensolution.org/ Affected Version : 6.7 Researcher : Eagle Eye Tested on : Window & Linux Report : Already contact the vendor but no response Affected path : admin.php , core/common-admin.php, database/config.php Affected...

Quick CMS 6.7 Shell Upload

Title : Authenticated Shell Upload Product : Quick CMS Vendor : https://opensolution.org/ Affected Version : 6.7 Researcher : Eagle Eye Tested on : Window & Linux Date : 11/06/2024 Report : Already contact the vendor but no response Affected path : admin.php , core/common-admin.php,...

Quick Cart 6.7 Shell Upload

Title : Authenticated Remote Code Execution & Shell Upload Product : Quick Cart Vendor : https://opensolution.org/ Affected Version : 6.7 Researcher : Eagle Eye Tested on : Window & Linux Date : 11/06/2024 Affected path : admin.php , core/common-admin.php, database/config.php Affected function :...

CMSimple 5.15 Remote Shell Upload

Exploit Title: CMSimple 5.15 - Remote Command Execution Date: 04/28/2024 Exploit Author: Ahmet Ümit BAYRAM Vendor Homepage: https://www.cmsimple.org Software Link: https://www.cmsimple.org/downloadscmsimple50/CMSimple5-15.zip Version: latest Tested on: MacOS Log in to SimpleCMS. Go to Settings CM...

appRain CMF 4.0.5 Shell Upload

Exploit Title: appRain CMF 4.0.5 - Remote Code Execution RCE Authenticated Date: 04/28/2024 Exploit Author: Ahmet Ümit BAYRAM Vendor Homepage: https://www.apprain.org Software Link: https://github.com/apprain/apprain/archive/refs/tags/v4.0.5.zip Version: latest Tested on: MacOS import requests...

POMS PHP 1.0 SQL Injection / Shell Upload

Titles: POMS-PHP-by oretnom23 -v1.0-FU-SQLi-RCE-HAT.TRICK 1. SQLi Bypass Authentication 2. File Upload 3. RCE Latest update from the vendor: 5 hours 32 minutes ago Author: nu11secur1ty Date: 05/07/2024 Vendor: https://github.com/oretnom23 Software:...

CVE-2023-31090

Unrestricted Upload of File with Dangerous Type vulnerability in Unlimited Elements Unlimited Elements For Elementor Free Widgets, Addons, Templates allows Upload a Web Shell to a Web Server.This issue affects Unlimited Elements For Elementor Free Widgets, Addons, Templates: from n/a through 1.5....

SofaWiki 3.9.2 Shell Upload

Exploit Title: SofaWiki 3.9.2 - Remote Command Execution RCE Authenticated Discovered by: Ahmet Ümit BAYRAM Discovered Date: 18.04.2024 Vendor Homepage: https://www.sofawiki.com Software Link: https://www.sofawiki.com/site/files/snapshot.zip Tested Version: v3.9.2 latest Tested on: MacOS import...

LRMS PHP 1.0 SQL Injection / Shell Upload

Titles: LRMS-PHP-by-oretnom23-v1.0 hat-trick 1. Multiple-SQLi 2. File Upload 3. SQLi Bypass Authentication: Latest update from the vendor: 5 hours 32 minutes ago Author: nu11secur1ty Date: 04/17/2024 Vendor: https://github.com/oretnom23 Software:...

FlatPress 1.3 Shell Upload

Exploit Title: FlatPress v1.3 - Remote Command Execution Discovered by: Ahmet Ümit BAYRAM Discovered Date: 19.04.2024 Vendor Homepage: https://www.flatpress.org Software Link: https://github.com/flatpressblog/flatpress/archive/1.3.zip Tested Version: 1.3 latest Tested on: MacOS import requests...

WordPress Background Image Cropper 1.2 Shell Upload

Exploit Title: Wordpress Plugin Background Image Cropper v1.2 - Remote Code Execution Date: 2024-04-16 Author: Milad Karimi Ex3ptionaL Contact: [email protected] Zone-H: www.zone-h.org/archive/notifier=Ex3ptionaL Vendor Homepage: https://wordpress.org Software Link:...

BMC Software Compuware iStrobe Web 安全漏洞

BMC Software Compuware iStrobe Web is a product from BMC Software designed for use on workstations in conjunction with the Strobe MVS Application Performance Measurement System. A security vulnerability exists in BMC Software Compuware iStrobe Web version 20.13 that stems from a remote shell uplo...

Gasmark Pro 1.0 Shell Upload

Title: GASMARK PRO-1.0 File Upload RCE Author: nu11secur1ty Date: 03/17/2024 Vendor: https://www.mayurik.com/ Software: https://www.sourcecodester.com/php/15586/gas-agency-management-system-project-php-free-download-source-code.html Reference: https://portswigger.net/web-security/file-upload...

Membership Management System 1.0 SQL Injection / Shell Upload

from requeststoolbelt.multipart.encoder import MultipartEncoder import requests import string import random import os ======================================================================================================== Application: Membership Management System Bugs: SQL injection + Insecure...