AEGON LIFE v1.0 Life Insurance Management System - SQL injection vulnerability.

Exploit Title: Life Insurance Management System- SQL injection vulnerability. Exploit Author: Aslam Anwar Mahimkar Date: 18-05-2024 Category: Web application Vendor Homepage: https://projectworlds.in/ Software Link: https://projectworlds.in/life-insurance-management-system-in-php/ Version: AEGON...

AEGON LIFE 1.0 SQL Injection

Exploit Title: Life Insurance Management System- SQL injection vulnerability. Exploit Author: Aslam Anwar Mahimkar Date: 18-05-2024 Category: Web application Vendor Homepage: https://projectworlds.in/ Software Link: https://projectworlds.in/life-insurance-management-system-in-php/ Version: AEGON...

Real Estate Management System v1.0 - Remote Code Execution via File Upload Vulnerability

Exploit Title: Real Estate Management System v1.0 - Remote Code Execution via File Upload Exploit Author: Diyar Saadi Vendor Homepage: https://codeastro.com Version: V1.0 Tested on: Windows 11 + XAMPP 8.0.30 + Burp Suite Professional v2023.12.1.3 Description This Vulnerability allow the attacker ...

Campcodes Online Matrimonial Website System v3.3 - Code Execution via malicious SVG file upload

Exploit Title: Online Matrimonial Website System v3.3 - Code Execution via malicious SVG file upload Category: Web Application Exploit Author: Rajdip Dey Sarkar Version: 3.3 Tested on: Windows/Kali CVE: CVE-2023-39115 Description: ---------------- An arbitrary file upload vulnerability in Campcod...

Campcodes Online Matrimonial Website System 3.3 Cross Site Scripting

Exploit Title: Vulnerability in Campcodes Online Matrimonial Website System v3.3 allows code execution via malicious SVG file upload Date: 3-8-2023 Vendor Homepage: http://campcodes.com Category: Web Application Exploit Author: Rajdip Dey Sarkar Version: 3.3 Tested on: Windows/Kali CVE:...

Mars: ████ ' can change any account email and cannot retrieve his account and access it ' at ███

The security vulnerability described a method to change the email address of any user account, preventing the original user from accessing their account. The vulnerability involved manipulating the user profile update functionality to modify the email address. Despite an error message when...

HackerOne: Any one can view collaborater email address via path /reports/<id>/participants

The vulnerability allowed anyone to view the email address of collaborators invited to vulnerability reports through the program's API. Access to collaborator email addresses was not properly restricted...

VIAVIWEB Wallpaper Admin 1.0 - Multiple Vulnerabilities

Exploit Title: VIAVIWEB Wallpaper Admin 1.0 - Multiple Vulnerabilities Google Dork: intext:"Wallpaper Admin" "LOGIN" "password" "Username" Exploit Author: Edd13Mora Vendor Homepage: www.viaviweb.com Version: N/A Tested on: Windows 11 - Kali Linux ------------------ SQLI on the Login page...

VIAVIWEB Wallpaper Admin SQL Injection / Shell Upload Vulnerabilities

Exploit Title: VIAVIWEB Wallpaper Admin - Multiple vulnrabilities Google Dork: intext:"Wallpaper Admin" "LOGIN" "password" "Username" Exploit Author: Edd13Mora Vendor Homepage: www.viaviweb.com Version: N/A Tested on: Windows 11 - Kali Linux ------------------ SQLI on the Login page...

VIAVIWEB Wallpaper Admin SQL Injection / Shell Upload

Exploit Title: VIAVIWEB Wallpaper Admin - Multiple vulnrabilities Google Dork: intext:"Wallpaper Admin" "LOGIN" "password" "Username" Date: 18/09/2022 Exploit Author: Edd13Mora Vendor Homepage: www.viaviweb.com Version: N/A Tested on: Windows 11 - Kali Linux ------------------ SQLI on the Login...

WordPress SeatReg 1.23.0 Open Redirect

Exploit Title: WordPress Plugin ‘SeatReg’ - Unauthenticated Open Redirect Date: 01-08-2022 Exploit Author: Mariam Tariq - HunterSherlock Vendor Homepage: https://wordpress.org/plugins/seatreg/ Version: 1.23.0 Tested on: Firefox Contact me: [email protected] Description: An Open Redirection...

CMS Made Simple 2.2.15 Cross Site Scripting

Exploit Title: CMS Made Simple 2.2.15 - Stored Cross-Site Scripting via SVG File Upload Authenticated Date: 04/12/2020 Exploit Author: Eshan Singh Vendor Homepage: https://www.cmsmadesimple.org/ Software Link: https://www.cmsmadesimple.org/downloads Version: cmsms v2.2.15 Tested on: Windows/Kali...

CMS Made Simple 2.2.14 Shell Upload

Exploit Title: CMS Made Simple 2.2.14 - Arbitrary File Upload Authenticated Google Dork: - Date: 2020-07-29 Exploit Author: Roel van Beurden Vendor Homepage: https://www.cmsmadesimple.org/ Software Link: http://s3.amazonaws.com/cmsms/downloads/14793/cmsms-2.2.14-install.zip Version: 2.2.14 Tested...

Online Shopping Alphaware 1.0 Arbitrary File Upload

Exploit Title: Online Shopping Alphaware 1.0 - Arbitrary File Upload Authenticated Date: 2020-8-4 Exploit Author: Edo Maland Vendor Homepage: https://www.sourcecodester.com/php/14368/online-shopping-alphaware-phpmysql.html Software Link:...

Online Shopping Alphaware 1.0 Arbitrary File Upload Vulnerability

Exploit for php platform in category web applications Exploit Title: Online Shopping Alphaware 1.0 - Arbitrary File Upload Authenticated Exploit Author: Edo Maland Vendor Homepage: https://www.sourcecodester.com/php/14368/online-shopping-alphaware-phpmysql.html Software Link:...

Blinder - A Python Library To Automate Time-Based Blind SQL Injection

Blidner is a small python library to automate time-based blind SQL injection by using a pre defined queries as a functions to automate a rapid PoC development. Installation You can install Blinder using the following command: pip install blinder Or by downloading the source and importing it...

Ticket-Booking 1.4 - Authentication Bypass Vulnerability

Exploit for php platform in category web applications Exploit Title: Ticket-Booking 1.4 - Authentication Bypass Author: Cakes Vendor Homepage: https://github.com/ABHIJEET-MUNESHWAR/Ticket-Booking Software Link: https://github.com/ABHIJEET-MUNESHWAR/Ticket-Booking/archive/master.zip Tested Version...

College-Management-System 1.2 - Authentication Bypass Vulnerability

Exploit for php platform in category web applications Exploit Title: College-Management-System 1.2 - Authentication Bypass Author: Cakes Vendor Homepage: https://github.com/ajinkyabodade/College-Management-System Software Link:...

Ticket-Booking 1.4 Authentication Bypass

Exploit Title: Ticket-Booking 1.4 - Authentication Bypass Author: Cakes Discovery Date: 2019-09-14 Vendor Homepage: https://github.com/ABHIJEET-MUNESHWAR/Ticket-Booking Software Link: https://github.com/ABHIJEET-MUNESHWAR/Ticket-Booking/archive/master.zip Tested Version: 1.4 Tested on OS: CentOS ...

Ticket-Booking 1.4 - Authentication Bypass

Exploit Title: Ticket-Booking 1.4 - Authentication Bypass Author: Cakes Discovery Date: 2019-09-14 Vendor Homepage: https://github.com/ABHIJEET-MUNESHWAR/Ticket-Booking Software Link: https://github.com/ABHIJEET-MUNESHWAR/Ticket-Booking/archive/master.zip Tested Version: 1.4 Tested on OS: CentOS ...