Online Clinic Management System 2.2 - HTML Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: Online Clinic Management System 2.2 - HTML Injection Exploit Author: Cemal Cihad ÇİFTÇİ Vendor Homepage: https://bigprof.com Software Download Link : https://bigprof.com/appgini/applications/online-clinic-management-system...

SpotAuditor 5.3.2 Denial Of Service

Exploit Title: SpotAuditor 5.3.2 - 'Key' Denial of Service Exploit Author : ZwX Exploit Date: 2019-11-28 Vendor Homepage : http://www.nsauditor.com/ Link Software : http://spotauditor.nsauditor.com/downloads/spotauditorsetup.exe Tested on OS: Windows 7 Social: twitter.com/ZwX2a ''' Proof of Conce...

Technicolor TD5130.2 - Remote Command Execution

Technicolor TD5130.2 - Remote Command Execution Exploit Title: Technicolor TD5130.2 - Remote Command Execution Date: 2019-11-12 Exploit Author: João Teles Vendor Homepage: https://www.technicolor.com/ Version: TD5130v2 Firmware Version: OIFwV20 CVE : CVE-2019-18396 --------------------------- POS...

FUDForum 3.0.9 - Remote Code Execution

FUDForum 3.0.9 - Remote Code Execution Exploit Title : FUDForum 3.0.9 - Remote Code Execution Date: 2019-10-26 Exploit Author: liquidsky JMcPeters Vulnerable Software: FUDForum 3.0.9 Vendor Homepage: https://sourceforge.net/projects/fudforum/ Version: 3.0.9 Software Link:...

eMerge E3 Access Controller 4.6.07 - Remote Code Execution Exploit

Exploit Title: eMerge E3 Access Controller 4.6.07 - Remote Code Execution Exploit Author: LiquidWorm Vendor Homepage: http://linear-solutions.com/nscfamily/e3-series/ Software Link: http://linear-solutions.com/nscfamily/e3-series/ Version: 4.6.07 Tested on: NA CVE : CVE-2019-7265 Advisory:...

Control Center PRO 6.2.9 - Local Stack Based Buffer Overflow (SEH) Exploit

Exploit Title: Control Center PRO 6.2.9 - Local Stack Based BufferOverflow SEH Exploit Author: Samir sanchez garnica @sasaga92 Vendor Homepage: http://www.webgateinc.com/wgi/eng/products/list.php?ecidx1=P610 Software Link:...

ChaosPro 2.0 - Buffer Overflow (SEH)

ChaosPro 2.0 - Buffer Overflow SEH Exploit Title: ChaosPro 2.0 - Buffer Overflow SEH Date: 2019-10-27 Exploit Author: Chase Hatch SYANiDE Vendor Homepage: http://www.chaospro.de/ Software link: http://www.chaospro.de/cpro20.zip Version: 2.0 Tested on: Windows XP Pro OEM !/usr/bin/env python2 impo...

Intelbras Router WRN150 1.0.18 Cross Site Request Forgery

Exploit Title: Intelbras Router WRN150 1.0.18 - Cross-Site Request Forgery Date: 2019-10-25 Exploit Author: Prof. Joas Antonio Vendor Homepage: https://www.intelbras.com/pt-br/ Software Link: http://en.intelbras.com.br/node/25896 Version: 1.0.18 Tested on: Windows CVE : N/A PoC1:...

ChaosPro 2.0 - Buffer Overflow (SEH)

Exploit Title: ChaosPro 2.0 - Buffer Overflow SEH Date: 2019-10-27 Exploit Author: Chase Hatch SYANiDE Vendor Homepage: http://www.chaospro.de/ Software link: http://www.chaospro.de/cpro20.zip Version: 2.0 Tested on: Windows XP Pro OEM !/usr/bin/env python2 import os, sys sploit = "A" 5000 Crash!...

Intelbras Router WRN150 1.0.18 - Persistent Cross-Site Scripting Vulnerability

Exploit for hardware platform in category web applications Exploit Title: Intelbras Router WRN150 1.0.18 - Persistent Cross-Site Scripting Exploit Author: Prof. Joas Antonio Vendor Homepage: https://www.intelbras.com/pt-br/ Software Link: http://en.intelbras.com.br/node/25896 Version: 1.0.18 Test...

LG-ERICSSON LN202-003H HomeHub Router Remote Configuration Disclosure

!/usr/bin/perl -w LG-ERICSSON LN202-003H HomeHub Router Remote Configuration Disclosure Copyright 2019 c Todor Donev Disclaimer: This or previous programs are for Educational purpose ONLY. Do not use it without permission. The usual disclaimer applies, especially the fact that Todor Donev is not...

WordPress Theme Zoner Real Estate - 4.1.1 Persistent Cross-Site Scripting

WordPress Theme Zoner Real Estate - 4.1.1 Persistent Cross-Site Scripting Exploit Title: WordPress Theme Zoner Real Estate - 4.1.1 Persistent Cross-Site Scripting Google Dork: inurl:/wp-content/themes/zoner/ Date: 2019-09-24 Exploit Author: m0ze Vendor Homepage: https://fruitfulcode.com/ Software...

File Sharing Wizard 1.5.0 - POST SEH Overflow Exploit

import socket from struct import Exploit Title: File sharing wizard 'post' remote SEH overflow Date: 9/23/2019 Exploit Author: x00pwn Software Link: https://file-sharing-wizard.soft112.com/ Version: 1.5.0 Tested on: Windows 7 CVE : CVE-2019-16724 File-sharing-wizard-seh...

YzmCMS 5.3 Host Header Injection

Exploit Title: YzmCMS 5.3 - 'Host' Header Injection Exploit Author: Debashis Pal Vendor Homepage: http://www.yzmcms.com/ Source: https://github.com/yzmcms/yzmcms Version: YzmCMS V5.3 CVE : N/A Tested on: Windows 7 SP164bit,XAMPP: 7.3.9 About YzmCMS ============== YzmCMS is a lightweight open sour...

File Sharing Wizard 1.5.0 - POST SEH Overflow

import socket from struct import Exploit Title: File sharing wizard 'post' remote SEH overflow Date: 9/23/2019 Exploit Author: x00pwn Software Link: https://file-sharing-wizard.soft112.com/ Version: 1.5.0 Tested on: Windows 7 CVE : CVE-2019-16724 File-sharing-wizard-seh...

DIGIT CENTRIS 4 ERP - (datum1) SQL Injection

Exploit for php platform in category web applications Exploit Title: DIGIT CENTRIS 4 ERP - 'datum1' SQL Injection Exploit Author: n1x MS-WEB Vendor Homepage: http://www.digit-rs.com/ Product Homepage: http://digit-rs.com/centris.html Version: Every version CVE : N/A Vulnerable parameters: datum1,...

Inteno IOPSYS Gateway 3DES Key Extraction Improper Access

Exploit Title: Inteno IOPSYS Gateway 3DES Key Extraction - Improper Access Restrictions Date: 2019-06-29 Exploit Author: Gerard Fuguet [email protected] Vendor Homepage: https://www.intenogroup.com/ Version: EG200-WU7P1UADAMO3.16.4-1902261650 Fixed Version: EG200-WU7P1UADAMO3.16.8-1908200937...

Wolters Kluwer TeamMate 3.1 - Cross-Site Request Forgery

Hello, Please find the below vulnerability details, --------------------------------------------------------------------------------------------------------------------------------- Exploit Title: Wolters Kluwer TeamMate+ – Cross-Site Request Forgery CSRF vulnerability Date: 02/09/2019 Exploit...

Alkacon OpenCMS 10.5.x - Local File inclusion

Alkacon OpenCMS 10.5.x - Local File inclusion Exploit Title: Alkacon OpenCMS 10.5.x - Multiple LFI in Alkacon OpenCms Site Management Google Dork: N/A Date: 18/07/2019 Exploit Author: Aetsu Vendor Homepage: http://www.opencms.org Software Link: https://github.com/alkacon/opencms-core Version:...

SQL Server Password Changer 1.90 - Denial of Service Exploit

Exploit Title: SQL Server Password Changer v1.90 Denial of Service Exploit Vendor Homepage:https://www.top-password.com/ Exploit Author: Velayutham Selvaraj & Praveen Thiyagarayam TwinTech Solutions Tested Version: v2.10 Tested on: Windows 8 x64 Windows 7 x64 1.- Run python code :Outlook Password...