Watchr 1.1.0.0 - Denial of Service Exploit

Exploit Title: Watchr 1.1.0.0 - Denial of Service PoC Author: 0xB9 Twitter: @0xB9Sec Contact: 0xB9atpm.me Software Link: https://www.microsoft.com/store/productId/9PN12GNX62VZ Version: 1.1.0.0 Tested on: Windows 10 Proof of Concept: Run the python script, it will create a new file "watchr.txt" Co...

Eco Search 1.0.2.0 - Denial of Service (PoC)

Eco Search 1.0.2.0 - Denial of Service PoC Exploit Title: Eco Search 1.0.2.0 - Denial of Service PoC Date: 1/18/2018 Author: 0xB9 Twitter: @0xB9Sec Contact: 0xB9atpm.me Software Link: https://www.microsoft.com/store/productId/9N05DCQP5C3W Version: 1.0.2.0 Tested on: Windows 10 Proof of Concept: R...

FastTube 1.0.1.0 - Denial of Service (PoC)

Exploit Title: FastTube 1.0.1.0 - Denial of Service PoC Date: 1/18/2018 Author: 0xB9 Twitter: @0xB9Sec Contact: 0xB9atpm.me Software Link: https://www.microsoft.com/store/productId/9MXS9JVDP25V Version: 1.0.1.0 Tested on: Windows 10 Proof of Concept: Run the python script, it will create a new fi...

Modern POS 1.3 - Arbitrary File Download

Modern POS 1.3 - Arbitrary File Download Exploit Title: Modern POS 1.3 - Arbitrary File Download Dork: N/A Date: 2019-01-13 Exploit Author: Ihsan Sencan Vendor Homepage: http://itsolution24.com/ Software Link:...

Live Call Support Widget 1.5 - Remote Code Execution / SQL Injection Vulnerabilities

Exploit for php platform in category web applications Exploit Title: Live Call Support 1.5 - Remote Code Execution / SQL Injection Exploit Author: Ihsan Sencan Vendor Homepage: http://ranksol.com/ Software Link:...

ThinkPHP 5.X - Remote Command Execution

Exploit Title: thinkphp 5.X RCE Date: 2019-1-14 Exploit Author: vrsystem Vendor Homepage: http://www.thinkphp.cn/ Software Link: http://www.thinkphp.cn/down.html Version: 5.x Tested on: windows 7/10 CVE : None https://github.com/SkyBlueEternal/thinkphp-RCE-POC-Collection...

Event Calendar 3.7.4 - id SQL Injection

Event Calendar 3.7.4 - id SQL Injection Exploit Title: Event Calendar 3.7.4 - SQL Injection Dork: N/A Date: 2019-01-10 Exploit Author: Ihsan Sencan Vendor Homepage: http://ezcode.pt/ Software Link: https://codecanyon.net/item/event-calendar-phpmysql-plugin/19246267 Version: 3.7.4 Category: Webapp...

Heatmiser Wifi Thermostat 1.7 - Cross-Site Request Forgery (Update Admin) Vulnerability

Exploit for hardware platform in category web applications Exploit Title: Heatmiser Wifi Thermostat 1.7 - Cross-Site Request Forgery Dork: intitle:"Heatmiser Wifi Thermostat" & you can use shodan Exploit Author: sajjadbnd Vendor Lnk: https://www.heatmiser.com/en/ Product Link:...

Embed Video Scripts - Persistent Cross-Site Scripting

Exploit Title: Embed Video Scripts - Cross-site Script stored Google Dork: N/A Date: 1 Jan 2019 Exploit Author: Deyaa Muhammad Author EMail: contact at deyaa.me Author Blog: http://deyaa.me POC Video: https://youtu.be/2CFJLwkxpT8 Vendor Homepage: https://codeawesome.in/embed/ Software Link:...

phpMoAdmin MongoDB GUI 1.1.5 - Cross-Site Request Forgery / Cross-Site Scripting

Exploit Title: phpMoAdmin 1.1.5 - MongoDB GUI | Multiple Vulnerabilities Date: 03.01.2019 Exploit Author: Ozer Goker Vendor Homepage: http://www.phpmoadmin.com Software Link: http://www.phpmoadmin.com/file/phpmoadmin.zip Version: 1.1.5 Introduction phpMoAdmin - MongoDB GUI MongoDB administration...

MAGIX Music Editor 3.1 Buffer Overflow

Exploit Title: MAGIX Music Editor 3.1 - Buffer Overflow SEH Exploit Author: bzyo Twitter: @bzyo Date: 2018-12-24 Vulnerable Software: MAGIX Music Editor 3.1 Vendor Homepage: https://www.magix.com/us/ Version: 3.1 Software Link: https://www.magix.com/us/music/mp3-deluxe/ Music Editor Software is...

WordPress Audio Record 1.0 Shell Upload

Exploit Title: WordPress Plugin Audio Record 1.0 - Arbitrary File Upload Date: 2018-12-24 Software Link: https://wordpress.org/plugins/audio-record/ Exploit Author: Kaimi Website: https://kaimi.io Version: 1.0 Category: webapps Unrestricted file upload in record upload process allowing arbitrary...

WSTMart 2.0.8 - Cross-Site Request Forgery (Add Admin) Vulnerability

Exploit for php platform in category web applications Exploit Title: WSTMart 2.0.8 - Cross-Site Request Forgery Add Admin Exploit Author: linfeng Vendor Homepage:https://github.com/wstmall/wstmart/ Software Link:http://www.wstmart.net/ Version: WSTMart 2.0.8181212 CVE :CVE-2018-19138 0x02 CSRF Po...

XMPlay 3.8.3 - '.m3u' Local Stack Overflow Code Execution

!/usr/bin/env python -- coding: utf-8 -- Exploit Title: XMPlay 3.8.3 - '.m3u' Code Execution PoC Date: 2018-12-19 Exploit Author: s7acktrac3 Vendor Homepage: https://www.xmplay.com/ Software Link: https://support.xmplay.com/filesview.php?fileid=676 Version: 3.8.3 latest Tested on: Windows XP SP3...

MiniShare 1.4.1 - 'HEAD/POST' Remote Buffer Overflow

Not only the GET method is vulnerable to BOF CVE-2004-2271. HEAD and POST methods are also vulnerable. The difference is minimal, both are exploited in the same way. Only 1 byte difference: GET = 3, HEAD and POST = 4 length ------------------------------------------------------------------- EAX...

Facebook And Google Reviews System For Businesses 1.1 - SQL Injection

Exploit Title: Facebook And Google Reviews System For Businesses 1.1 - SQL Injection Dork: N/A Date: 2018-12-14 Exploit Author: Ihsan Sencan Vendor Homepage: https://codecanyon.net/item/facebook-and-google-reviews-system-for-businesses/22793559 Version: 1.1 Category: Webapps Tested on:...

ThinkPHP 5.x Remote Code Execution

Exploit Title: ThinkPHP 5.x v5.0.23,v5.1.31 Remote Code Execution Date: 2018-12-11 Exploit Author: VulnSpy Vendor Homepage: https://thinkphp.cn Software Link: https://github.com/top-think/framework/ Version: v5.x below v5.0.23,v5.1.31 CVE: N/A Exploit...

HotelDruid 2.3.0 - id_utente_mod SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: SQL Injection in HotelDruid version 2.3 Google Dork: N/A Exploit Author: Sainadh Jamalpur Vendor Homepage: http://www.hoteldruid.com Software Link: https://sourceforge.net/projects/hoteldruid/ Version: 2.3 REQUIRED Tested on:...

Apache Superset 0.23 Remote Code Execution

Exploit Title: Apache Superset 0.23 - Remote Code Execution Date: 2018-05-17 Exploit Author: David May [email protected] Vendor Homepage: https://superset.apache.org/ Software Link: https://github.com/apache/incubator-superset Version: Any before 0.23 Tested on: Ubuntu 18.04 CVE-ID:...

Fleetco Fleet Maintenance Management 1.2 - Remote Code Execution Exploit

Exploit for php platform in category web applications Exploit Title: Fleetco Fleet Maintenance Management 1.2 - Remote Code Execution Exploit Author: Özkan Mustafa Akkuş AkkuS Contact: https://pentest.com.tr Vendor Homepage: https://www.fleetco.space Software Link:...