completedPoCs

Enhanced PoC Dataset for Security Research This repository hos...

CVE-2024-4739 MXsecurity License Generation Function Disclosure

The lack of access restriction to a resource from unauthorized users makes MXsecurity software versions v1.1.0 and prior vulnerable. By acquiring a valid authenticator, an attacker can pose as an authorized user and successfully access the resource...

Electrolink FM/DAB/TV Transmitter Vertical Privilege Escalation

Summary Since 1990 Electrolink has been dealing with design and manufacturing of advanced technologies for radio and television broadcasting. The most comprehensive products range includes: FM Transmitters, DAB Transmitters, TV Transmitters for analogue and digital multistandard operation, Bandpa...

Electrolink FM/DAB/TV Transmitter (controlloLogin.js) Credentials Disclosure

Summary Since 1990 Electrolink has been dealing with design and manufacturing of advanced technologies for radio and television broadcasting. The most comprehensive products range includes: FM Transmitters, DAB Transmitters, TV Transmitters for analogue and digital multistandard operation, Bandpa...

EuroTel ETL3100 Transmitter Authorization Bypass (IDOR)

Summary RF Technology For Television Broadcasting Applications. The Series ETL3100 Radio Transmitter provides all the necessary features defined by the FM and DAB standards. Two bands are provided to easily complain with analog and digital DAB standard. The Series ETL3100 Television Transmitter...

Active Super Shop 1.5.2 HTML Injection

==================================================================================================================================== | Title : Active super shop v1.5.2 HTML inject Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 64.0.2...

Active Matrimonial CMS 1.6 HTML Injection

==================================================================================================================================== | Title : Active Matrimonial CMS v 1.6 HTML inject Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 64.0.2...

MiniDVBLinux 5.4 Remote Root Command Injection Vulnerability

Summary MiniDVBLinuxTM Distribution MLD. MLD offers a simple way to convert a standard PC into a Multi Media Centre based on the Video Disk Recorder VDR by Klaus Schmidinger. Features of this Linux based Digital Video Recorder: Watch TV, Timer controlled recordings, Time Shift, DVD and MP3 Replay...

USR IOT 4G LTE Industrial Cellular VPN Router 1.0.36 Remote Root Backdoor

Summary USR-G806 is a industrial 4G wireless LTE router which provides a solution for users to connect own device to 4G network via WiFi interface or Ethernet interface. USR-G806 adopts high performance embedded CPU which can support 580MHz working frequency and can be widely used in Smart Grid,...

Longjing Technology BEMS API 1.21 Remote Arbitrary File Download

Summary Battery Energy Management System. Description The application suffers from an unauthenticated arbitrary file download vulnerability. Input passed through the fileName parameter through downloads endpoint is not properly verified before being used to download files. This can be exploited t...

NuCom 11N Wireless Router v5.07.90 Remote Privilege Escalation

Summary The NC routers upgrades your network to the next generation of WiFi. With combined wireless speeds of up to 1750 Mbps, the device provides better speeds and wireless range. Includes 2 FXS ports for any VoIP service. If you prefer a wired connection, the NC routers have gigabit ports to...

Exploit for Cross-site Scripting in Peel Peel_Shopping

PoC exploit for CVE-YYYY-NNNN, a Stored XSS vulnerability in PEE...

STVS ProVision 5.9.10 Authenticated Reflected Cross-Site Scripting

Summary STVS is a Swiss company specializing in development of software for digital video recording for surveillance cameras as well as the establishment of powerful and user-friendly IP video surveillance networks. Description Input passed to the POST parameter 'files' is not properly sanitised...

STVS ProVision 5.9.10 (archive.rb) Authenticated File Disclosure Vulnerability

Summary STVS is a Swiss company specializing in development of software for digital video recording for surveillance cameras as well as the establishment of powerful and user-friendly IP video surveillance networks. Description The NVR software ProVision suffers from an authenticated arbitrary fi...

SpinetiX Fusion Digital Signage 3.4.8 Username Enumeration Weakness

Summary At SpinetiX we inspire businesses to unlock the potential of their story. We believe in the power of digital signage as a dynamic new storytelling platform to engage with people. For more than 13 years, we have been constantly innovating to deliver cutting-edge digital signage solutions...

B-swiss 3 Digital Signage System 3.6.5 Database Disclosure

Summary Intelligent digital signage made easy. To go beyond the possibilities offered, b-swiss allows you to create the communication solution for your specific needs and your graphic charter. You benefit from our experience and know-how in the realization of your digital signage project...

QiHang Media Web (QH.aspx) Digital Signage 3.0.9 Cookie User Password Disclosure

Summary Digital Signage Software. Description The application suffers from a cleartext transmission/storage of sensitive information in a cookie. This allows a remote attacker to intercept the HTTP Cookie authentication credentials via a man-in-the-middle attack. QiHang Media Web QH.aspx Digital...

Furukawa Electric ConsciusMAP 2.8.1 Java Deserialization Remote Code Execution

Summary Apros Evoluation / Furukawa / ConsciusMap is the Tecnored provisioning system for FTTH networks. Complete administration of your entire external FTTH network plant, including from the ONUs installed in each end customer, to the wiring and junction boxes. Unify all the management of your...

WordPress Event-Registration 5.43 Arbitrary File Upload

Exploit Title : WordPress Event-Registration Plugins 5.43 Arbitrary File Upload Author Discovered By : KingSkrupellos Team : Cyberizm Digital Security Army Date : 30/03/2020 Vendor Homepage : wp-event-organiser.com Software Links : captainform.com/wordpress-event-registration-plugin/...

WordPress StatTraq 1.3.0 SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title : WordPress StatTraq 1.3.0 SQL Injection Author Discovered By : KingSkrupellos Team : Cyberizm Digital Security Army Software Download Link : downloads.wordpress.org/plugin/wp-stattraq.zip Software Version : 1.3.0 WordPress Versi...