Billing Management System 2.0 SQL Injection

Exploit Title: Billing Management System 2.0 - Union based SQL injection Authenticated Date: 2021-05-16 Exploit Author: Mohammad Koochaki Vendor Homepage: https://www.sourcecodester.com/php/14380/billing-management-system-php-mysql-updated.html Software Link:...

CVE-2021-26969

A remote authenticated authenticated xml external entity xxe vulnerability was discovered in Aruba AirWave Management Platform versions: Prior to 8.2.12.0. Due to improper restrictions on XML entities a vulnerability exists in the web-based management interface of AirWave. A successful exploit...

Exploit for Path Traversal in Intelbras Tip200_Firmware

PoC exploit for CVE-2020-13886, a Local File Include LFI vulnerability in Intelbras TIP 200/200 LITE/TIP 300 devices. The exploit targets the /cgi-bin/cgiServer.exx?page= parameter, allowing an attacker to read sensitive files on the device. The poc.py script takes two user inputs: the URL...

CVE-2021-1207

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper...

TotoLink A3002RU 命令注入漏洞

Totolink TOTOLINK A3002RU is a wireless router product from Totolink Taiwan, China. A command injection vulnerability exists in the TOTOLINK A3002RU-V2.0.0 B20190814.1034, which could allow a remote, authenticated user to modify the system's "run command". An attacker can use this vulnerability t...

Online Student's Management System 1.0 Shell Upload

Exploit Title: Online Student's Management System 1.0 - Remote Code Execution Authenticated Google Dork: N/A Date: 2020/10/18 Exploit Author: Akıner Kısa Vendor Homepage: https://www.sourcecodester.com/php/14490/online-students-management-system-php-full-source-code-2020.html Software Link:...

Exploit for Server-Side Request Forgery in Ibm Datapower_Gateway

datapower-redis-rce-exploit CVE-2020-5014 A POC for IBM Data...

CVE-2020-20634

Elementor 2.9.5 and below WordPress plugin allows authenticated users to activate its safe mode feature. This can be exploited to disable all security plugins on the blog...

Add From Server <= 3.3.3 - Authenticated Path Traversal to Arbitrary File Access

An authenticated attacker with low permission can read arbitrary files on server using Path Traversal. The plugin author states that this is by design and that the plugin should not be used. Please refer to the references. http://example.com/wp-admin/upload.php?page=add-from-server&adirectory=/...

WordPress Form Maker 5.4.1 - SQL Injection

WordPress Form Maker plugin versions 5.4.1 and below suffer from a remote SQL injection vulnerability. Exploit Title: WordPress Plugin Form Maker 5.4.1 - 's' SQL Injection Authenticated Exploit Author: SunCSR Sun Cyber Security Research Date: 2020 - 5 - 22 Vender Homepage: https://help.10web.io/...

Umbraco-RCE

Umbraco RCE exploit / PoC Umbraco CMS 7.12.4 - Authenticat...

Ahsay Backup 7.x / 8.x File Upload / Remote Code Execution

Exploit Title: Authenticated insecure file upload and code execution flaw in Ahsay Backup v7.x - v8.1.1.50. POC Date: 26-6-2019 Exploit Author: Wietse Boonstra Vendor Homepage: https://ahsay.com Software Link: http://ahsay-dn.ahsay.com/v8/81150/cbs-win.exe Version: 7.x 8.1.1.50 Tested on: Windows...

CVE-2019-13155

An issue was discovered in TRENDnet TEW-827DRU firmware before 2.05B11. There is a command injection in apply.cgi exploitable with authentication via the IP Address in Add Virtual Server...

WordPress Insert Or Embed Articulate Content 4.2997 Remote Code Execution

Exploit Title: Authenticated code execution in insert-or-embed-articulate-content-into-wordpress Wordpress plugin Description: It is possible to upload and execute a PHP file using the plugin option to upload a zip archive Date: june 2019 Exploit Author: xulchibalraa Vendor Homepage:...

CVE-2019-11539

In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4, 8.3RX before 8.3R7.1, 8.2RX before 8.2R12.1, and 8.1RX before 8.1R15.1 and Pulse Policy Secure version 9.0RX before 9.0R3.2, 5.4RX before 5.4R7.1, 5.3RX before 5.3R12.1, 5.2RX before 5.2R12.1, and 5.1RX before 5.1R15.1, the admin...

phpMyAdmin Authenticated Remote Code Execution Exploit

phpMyAdmin v4.8.0 and v4.8.1 are vulnerable to local file inclusion, which can be exploited post-authentication to execute PHP code by application. The module has been tested with phpMyAdmin v4.8.1. This module requires Metasploit: https://metasploit.com/download Current source:...

CVE-2017-16524

Web Viewer 1.0.0.193 on Samsung SRN-1670D devices suffers from an Unrestricted file upload vulnerability: 'networksslupload.php' allows remote authenticated attackers to upload and execute arbitrary PHP code via a filename with a .php extension, which is then accessed via a direct request to the...

XXE Injection in HP Release Control

Hello! I'll give you additional information concerning advisory HP Release Control Authenticated XXE Exploit http://1337day.com/exploit/description/22267. Three different vulnerabilities were used in this exploit for successful attack. For my attack it's needed to use only one vulnerability exact...

Code injection

Direct static code injection vulnerability in admin/settings.php in MyBlog 0.9.8 and earlier allows remote authenticated admin users to inject arbitrary PHP code via the content parameter, which can be executed by accessing index.php. NOTE: a separate vulnerability could be leveraged to make this...