Aztech DSL5005EN Authentication Bypass

Aztech DSL5005EN authentication bypass exploit that changes the administrative password. Exploit Title: Aztech DSL5005EN Router - 'sysAccess.asp' Admin Password Change Unauthenticated Date: 2025-02-26 Exploit Author: Amir Hossein Jamshidi Vendor Homepage: https://www.aztech.com Version: DSL5005EN...

Color Prediction Game v1.0 - SQL Injection Vulnerability

Exploit Title: Color Prediction Game v1.0 - SQL Injection Exploit Author: Ahmet Ümit BAYRAM Vendor: https://www.codester.com/items/44411/color-prediction-game-php-script Tested on: Kali Linux & MacOS CVE: N/A Request POST /loginNow.php HTTP/1.1 Host: localhost Cookie:...

mPDF 7.0 - Local File Inclusion Exploit

Exploit Title: mPDF 7.0 - Local File Inclusion Exploit Author: Musyoka Ian Vendor Homepage: https://mpdf.github.io/ Software Link: https://mpdf.github.io/ Version: CuteNews Tested on: Ubuntu 20.04, mPDF 7.0.x CVE: N/A !/usr/bin/env python3 from urllib.parse import quote from cmd import Cmd from...

Network Video Recorder NVR304-16EP - Reflected Cross-Site Scripting (XSS) (Unauthenticated)

Exploit Title: Network Video Recorder NVR304-16EP - Reflected Cross-Site Scripting XSS Unauthenticated Author: Luis Martinez Discovery Date: 2022-02-13 Vendor Homepage: https://www.uniview.com/Products/NVR/Easy/NVR304-S-P/Product%20features Datasheet of NVR304-S-P:...

Virtual Airlines Manager 2.6.2 - (notam) SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: Virtual Airlines Manager 2.6.2 - 'notam' SQL Injection Exploit Author: Pankaj Kumar Thakur Vendor Homepage: http://virtualairlinesmanager.net/ Dork: inurl:notamid= Affected Version: 2.6.2 Tested on: Ubuntu CVE : N/A Vulnerable...

RemShutdown 2.9.0.0 Denial Of Service

Exploit Title: RemShutdown 2.9.0.0 - 'Name' Denial of Service PoC Exploit Author : Ismail Tasdelen Exploit Date: 2020-01-06 Vendor Homepage : http://www.nsauditor.com/ Link Software : http://www.nsauditor.com/downloads/remshutdownsetup.exe Tested on OS: Windows 10 CVE : N/A ''' Proof of Concept...

Microsoft Windows 10 BasicRender.sys - Denial of Service Exploit

Exploit Title: Microsoft Windows 10 BasicRender.sys - Denial of Service PoC Exploit author: vportal Vendor homepage: http://www.microsoft.com Version: Windows 10 1803 x86 Tested on: Windows 10 1803 x86 CVE: N/A A Null pointer deference exists in the WARPGPUCMDSYNC function of the BasicRender.sys...

thejshen Globitek CMS 1.4 - (id) SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: thejshen Globitek CMS 1.4 - 'id' SQL Injection Exploit Author: Cakes Vendor Homepage: https://github.com/thejshen/contentManagementSystem Software Link: https://github.com/thejshen/contentManagementSystem.git Version: 1.4 Tested...

Intelbras Router WRN150 1.0.18 Cross Site Request Forgery

Exploit Title: Intelbras Router WRN150 1.0.18 - Cross-Site Request Forgery Date: 2019-10-25 Exploit Author: Prof. Joas Antonio Vendor Homepage: https://www.intelbras.com/pt-br/ Software Link: http://en.intelbras.com.br/node/25896 Version: 1.0.18 Tested on: Windows CVE : N/A PoC1:...

AUO SunVeillance Monitoring System 1.1.9e Incorrect Access Control

Exploit Title: AUO SunVeillance Monitoring System 1.1.9e - Incorrect Access Control Date: 2019-10-24 Exploit Author: Luca.Chiou Vendor Homepage: https://www.auo.com/zh-TW Version: AUO SunVeillance Monitoring System all versions prior to v1.1.9e Tested on: It is a proprietary devices:...

AVCON6 systems management platform - OGNL Remote Command Execution

Exploit Title: AVCON6 systems management platform - OGNL - Remote root command execution Date: 10/09/2018 Exploit Author: Nassim Asrir Contact: [email protected] | https://www.linkedin.com/in/nassim-asrir-b73a57122/ CVE: N\A Tested On: Windows 1064bit / 61.0b12 64-bit Thanks to: Otmane Aarab...

XooDigital - 'p' SQL Injection

Exploit Title: XooDigital - 'p' SQL Injection Date: 26.03.2019 Exploit Author: Ahmet Ümit BAYRAM Vendor Homepage: https://xooscripts.com/product/digital-download-protection-script.html Demo Site: http://xooscripts.com/demos/xoodigital/ Version: Lastest Tested on: Kali Linux CVE: N/A ----- PoC :...

Jettweb PHP Hazır Haber Sitesi Scripti V2 - SQL Injection (Authentication Bypass)

Jettweb PHP Hazır Haber Sitesi Scripti V2 - SQL Injection Authentication Bypass Exploit Title: Jettweb PHP Hazır Haber Sitesi Scripti V2 - Authentication Bypass Date: 25.03.2019 Exploit Author: Ahmet Ümit BAYRAM Vendor Homepage: https://jettweb.net/u-6-php-hazir-haber-sitesi-scripti-v2.html Demo...

Netartmedia PHP Business Directory 4.2 - SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: Netartmedia PHP Business Directory 4.2 - SQL Injection Exploit Author: Ahmet Ümit BAYRAM Vendor Homepage: https://www.phpbusinessdirectory.com/ Demo Site: https://www.bizwebdirectory.com/ Version: 4.2 Tested on: Kali Linux CVE:...

Netartmedia PHP Business Directory 4.2 SQL Injection

Exploit Title: Netartmedia PHP Business Directory 4.2 - SQL Injection Date: 19.03.2019 Exploit Author: Ahmet Ümit BAYRAM Vendor Homepage: https://www.phpbusinessdirectory.com/ Demo Site: https://www.bizwebdirectory.com/ Version: 4.2 Tested on: Kali Linux CVE: N/A ----- PoC SQLi ----- Request:...

CMSsite 1.0 SQL Injection

Exploit Title: CMSsite 1.0 - SQL injection Exploit Author : Majid kalantari [email protected] Date: 2019-01-27 Vendor Homepage : https://github.com/VictorAlagwu/CMSsite Software link: https://github.com/VictorAlagwu/CMSsite/archive/master.zip Version: 1.0 Tested on: Windows 10 CVE: N/A...

PHP Mass Mail 1.0 - Arbitrary File Upload Vulnerability

Exploit for php platform in category web applications Exploit Title: PHP Mass Mail 1.0 - Arbitrary File Upload Exploit Author: Ihsan Sencan Vendor Homepage: https://phpmassmail.sourceforge.io/ Software Link: https://netix.dl.sourceforge.net/project/phpmassmail/phpmassmail/1.0.0/phpmassmail.zip...

The Don 1.0.1 - 'login' SQL Injection

Exploit Title: The Don 1.0.1 - 'login' SQL Injection Dork: N/A Date: 2018-11-11 Exploit Author: Ihsan Sencan Vendor Homepage: https://thedon.sourceforge.io/ Software Link: https://netix.dl.sourceforge.net/project/thedon/thedon-1.0b.rar Version: 1.0.1 Category: Webapps Tested on:...

The Don 1.0.1 - login SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: The Don 1.0.1 - 'login' SQL Injection Exploit Author: Ihsan Sencan Vendor Homepage: https://thedon.sourceforge.io/ Software Link: https://netix.dl.sourceforge.net/project/thedon/thedon-1.0b.rar Version: 1.0.1 Category: Webapps...

Blue Server 1.1 - Denial of Service Exploit

Exploit for windows platform in category dos / poc Exploit Title: Blue Server 1.1 - Denial of Service PoC Exploit Author: Ihsan Sencan Vendor Homepage: http://www.mafiatic.org/ Software Link: https://master.dl.sourceforge.net/project/blueserver/Blue-Server-1.1.exe Version: 1.1 Category: Dos Teste...