Instagram Clone 1.0 - Arbitrary File Upload

Exploit Title: Instagram Clone 1.0 - Arbitrary File Upload Dork: N/A Date: 2018-10-30 Exploit Author: Ihsan Sencan Vendor Homepage: https://www.sourcecodester.com/users/justinwilliam Software Link: https://www.sourcecodester.com/sites/default/files/download/justinwilliam/instagram3.zip Version: 1...

E-Negosyo System 1.0 - SQL Injection

Exploit Title: E-Negosyo System 1.0 - SQL Injection Dork: N/A Date: 2018-10-29 Exploit Author: Ihsan Sencan Vendor Homepage: https://www.sourcecodester.com/users/janobe Software Link: https://www.sourcecodester.com/sites/default/files/download/janobe/bsenordering9-23-18.zip Version: 1.0 Category:...

MPS Box 0.1.8.0 - uuid SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: MPS Box 0.1.8.0 - 'uuid' SQL Injection Exploit Author: Ihsan Sencan Vendor Homepage: http://www.mpsbox.com/ Software Link: https://sourceforge.net/projects/mpsbox/files/latest/download Version: 0.1.8.0 Category: Webapps Tested o...

Learning With Texts 1.6.2 SQL Injection

Exploit Title: Learning with Texts 1.6.2 - 'start' SQL Injection Dork: N/A Date: 2018-10-18 Exploit Author: Ihsan Sencan Vendor Homepage: http://lwt.sourceforge.net/ Software Link: https://sourceforge.net/projects/lwt/files/latest/download Version: 1.6.2 Category: Webapps Tested on:...

Time and Expense Management System 3.0 - Cross-Site Request Forgery (Add Admin)

Time and Expense Management System 3.0 - Cross-Site Request Forgery Add Admin Exploit Title: Time and Expense Management System 3.0 - Cross-Site Request Forgery Add Admin Dork: N/A Date: 2018-10-17 Exploit Author: Ihsan Sencan Vendor Homepage: http://www.initechs.com/ Software Link:...

Academic Timetable Final Build 7.0a-7.0b - 'id' SQL Injection

Exploit Title: Academic Timetable Final Build 7.0a-7.0b - 'id' SQL Injection Dork: N/A Date: 2018-10-13 Exploit Author: Ihsan Sencan Vendor Homepage: http://geoffpartridge.net/ Software Link: https://sourceforge.net/projects/timetableacademic/files/latest/download Version: 7.0a-7.0b Category:...

HaPe PKH 1.1 - Arbitrary File Upload

HaPe PKH 1.1 - Arbitrary File Upload Exploit Title: HaPe PKH 1.1 - Arbitrary File Upload Dork: N/A Date: 2018-10-12 Exploit Author: Ihsan Sencan Vendor Homepage: http://www.sitejo.id Software Link: https://sourceforge.net/projects/hape-pkh/files/latest/download Version: 1.1 Category: Webapps Test...

Mikrotik RouterOS Remote Root

/ Exploit Title: RouterOS Remote Rooting Date: 10/07/2018 Exploit Author: Jacob Baines Vendor Homepage: www.mikrotik.com Software Link: https://mikrotik.com/download Version: Longterm: 6.30.1 - 6.40.7 Stable: 6.29 - 6.42 Beta: 6.29rc1 - 6.43rc3 Tested on: RouterOS Various CVE : CVE-2018-14847 By...

H2 Database 1.4.196 - Remote Code Execution

H2 Database 1.4.196 - Remote Code Execution Exploit Title: H2 Database 1.4.196 - Remote Code Execution Google Dork: N/A Date: 2018-09-24 Exploit Author: h4ckNinja Vendor Homepage: https://www.h2database.com/ Software Link: http://www.h2database.com/h2-2018-03-18.zip Version: 1.4.196 and 1.4.197...

Fork CMS 5.4.0 - Cross-Site Scripting Vulnerability

Exploit for php platform in category web applications Exploit Title: Fork CMS 5.4.0 - Cross-Site Scripting Exploit Author: Ismail Tasdelen Vendor Homepage: https://www.fork-cms.com/ Software Link : https://github.com/forkcms/forkcms Software : Fork 5.4.0 Product Version: 5.4.0 Vulernability Type ...

Joomla! Component Swap Factory 2.2.1 - SQL Injection

Joomla! Component Swap Factory 2.2.1 - SQL Injection Exploit Title: Joomla! Component Swap Factory 2.2.1 - SQL Injection Dork: N/A Date: 2018-09-24 Vendor Homepage: https://thephpfactory.com/ Software Link:...

Joomla! Questions 1.4.3 SQL Injection

Exploit Title: Joomla! Component Questions 1.4.3 - SQL Injection Dork: N/A Date: 2018-09-24 Vendor Homepage: https://extensiondeveloper.com/ Software Link: https://extensions.joomla.org/extensions/extension/communication/question-a-answers/questions/ Version: 1.4.3 Category: Webapps Tested on:...

Joomla! Component Questions 1.4.3 - SQL Injection

Exploit Title: Joomla! Component Questions 1.4.3 - SQL Injection Dork: N/A Date: 2018-09-24 Vendor Homepage: https://extensiondeveloper.com/ Software Link: https://extensions.joomla.org/extensions/extension/communication/question-a-answers/questions/ Version: 1.4.3 Category: Webapps Tested on:...

Staubli Jacquard Industrial System JC6 Shellshock Vulnerability

Staubli Jacquard Industrial System JC6 suffers from a bash environment variable handling code injection vulnerability. Exploit Title: Staubli Jacquard Industrial System | GNU Bash Environment Variable Handling Code Injection Shellshock Exploit Author: t4rkd3vilz Vendor Homepage:...

Apache Syncope 2.0.7 - Remote Code Execution

Exploit Title: Apache Syncope 2.0.7 - Remote Code Execution Date: 2018-09-12 Exploit Author: Che-Chun Kuo Vendor Homepage: https://syncope.apache.org/ Software Link: http://archive.apache.org/dist/syncope/ Version: 2.0.7 Tested on: Windows Advisory: https://syncope.apache.org/security CVE:...

osCommerce 2.3.4.1 Cross Site Request Forgery Vulnerability

Exploit for php platform in category web applications Exploit Title: osCommerce Add Admin User CSRF Vulnerability Exploit Author: Hesam Bazvand Contact: email protected Download Link: https://www.oscommerce.com/Products&Download=oscom2341 Tested on: Windows 10 / Kali Linux Category: WebApps...

phpMyAdmin 4.7.x - Cross-Site Request Forgery

Exploit Title: phpMyAdmin 4.7.x - Cross-Site Request Forgery Date: 2018-08-28 Exploit Author: VulnSpy Vendor Homepage: https://www.phpmyadmin.net/ Software Link: https://www.phpmyadmin.net/downloads/ Version: Versions 4.7.x prior to 4.7.7 Tested on: php7 mysql5 CVE: CVE-2017-1000499 -- Original...

RICOH MP C4504ex Printer - Cross-Site Request Forgery (Add Admin)

Exploit Title: RICOH MP C4504ex Printer - Cross-Site Request Forgery Add Admin Date: 2018-08-21 Exploit Author: Ismail Tasdelen Vendor Homepage: https://www.ricoh.com/ Hardware Link :...

WordPress Plugin Gift Voucher 1.0.5 - (Authenticated) 'template_id' SQL Injection

Exploit Title: WordPress Plugin Gift Voucher 1.0.5 - 'templateid' SQL Injection Google Dork: intext:"/wp-content/plugins/gift-voucher/" Date: 2018-08-23 Exploit Author: Renos Nikolaou Software Link: https://wordpress.org/plugins/gift-voucher/ Vendor Homepage: http://www.codemenschen.at/ Version:...

UltraISO 9.7.1.3519 - Denial Of Service (PoC)

Exploit Title : UltraISO 9.7.1.3519 - Denial Of Service PoC Exploit Author : Ali Alipour WebSite : Alipour.it Date: 2018-08-22 Vendor Homepage : https://www.ultraiso.com Software Link Download : https://www.ultraiso.com/download.html Tested on : Windows 10 - 64-bit Steps to Reproduce Run the pyth...