1376 matches found
Wordpress Plugin Background Image Cropper v1.2 - Remote Code Execution
Exploit Title: Wordpress Plugin Background Image Cropper v1.2 - Remote Code Execution Date: 2024-04-16 Author: Milad Karimi Ex3ptionaL Contact: [email protected] Zone-H: www.zone-h.org/archive/notifier=Ex3ptionaL Vendor Homepage: https://wordpress.org Software Link:...
FlatPress 1.3 Shell Upload
Exploit Title: FlatPress v1.3 - Remote Command Execution Discovered by: Ahmet Ümit BAYRAM Discovered Date: 19.04.2024 Vendor Homepage: https://www.flatpress.org Software Link: https://github.com/flatpressblog/flatpress/archive/1.3.zip Tested Version: 1.3 latest Tested on: MacOS import requests...
Savsoft Quiz v6.0 Enterprise - Stored XSS Vulnerability
Exploit Title: Savsoft Quiz v6.0 Enterprise - Persistent Cross-Site Scripting Exploit Author: Eren Sen Vendor: SAVSOFT QUIZ Vendor Homepage: https://savsoftquiz.com Software Link: https://savsoftquiz.com/web/index.php/online-demo/ Version: 6.0 CVE-ID: N/A Tested on: Kali Linux / Windows 10...
Online Fire Reporting System OFRS - SQL Injection Authentication Bypass
Exploit Title: Online Fire Reporting System SQL Injection Authentication Bypass Date: 02/10/2024 Exploit Author: Diyar Saadi Vendor Homepage: https://phpgurukul.com/online-fire-reporting-system-using-php-and-mysql/ Software Link:...
WBCE CMS Version 1.6.1 - Remote Command Execution (Authenticated)
Exploit Title: WBCE CMS Version : 1.6.1 Remote Command Execution Date: 30/11/2023 Exploit Author: tmrswrr Vendor Homepage: https://wbce-cms.org/ Software Link: https://github.com/WBCE/WBCECMS/archive/refs/tags/1.6.1.zip Version: 1.6.1 Tested on: https://www.softaculous.com/apps/cms/WBCECMS POC: 1...
Seo Panel 4.7.0 Cross Site Scripting
Exploit Title: Seo Panel 4.7.0 Reflected XSS Exploit Author: Arzu DEMÝREZ Date: 05.03-2024 Vendor Homepage: https://www.seopanel.org/ Software Link: https://github.com/seopanel/Seo-Panel/releases/tag/4.7.0 Version: Seo Panel 4.7.0 -Description: A cross-site scripting XSS issue in the SEO admin...
Computer Laboratory Management System 1.0 Insecure Direct Object Reference
Vulnerability Details: Application Name: Computer Laboratory Management System Software Link: https://www.sourcecodester.com/php/17268/computer-laboratory-management-system-using-php-and-mysql.html Vendor Homepage: https://www.sourcecodester.com/users/tips23 BuG: Insecure Direct Object References...
Petrol Pump Management Software v1.0 - Remote Code Execution (RCE)
Exploit Title: Petrol Pump Management Software v1.0 - Remote Code Execution RCE Date: 02/04/2024 Exploit Author: Sandeep Vishwakarma Vendor Homepage: https://www.sourcecodester.com Software Link:https://www.sourcecodester.com/php/17180/petrol-pump-management-software-free-download.html Version:...
Event Management 1.0 SQL Injection
Exploit Title: Event Management - SQL Injection Application: Event Management Date: 19.02.2024 Bugs: SQL Injection Exploit Author: SoSPiro Vendor Homepage: https://github.com/PuneethReddyHC Software Link: https://github.com/PuneethReddyHC/event-management Version:1.0 Attack Type: Remote Tested on...
Workout Journal App 1.0 Cross Site Scripting
Exploit Title: Workout Journal App 1.0 - Stored XSS Date: 12.01.2024 Exploit Author: MURAT CAGRI ALIS Vendor Homepage: https://www.sourcecodester.com Software Link: https://www.sourcecodester.com/php/17088/workout-journal-app-using-php-and-mysql-source-code.html Version: 1.0 Tested on: Windows /...
Employee Management System 1.0 - (admin_id) SQL injection Vulnerability
Exploit Title: Employee Management System 1.0 - 'adminid' SQLi Exploit Author: Shubham Pandey Vendor Homepage: https://www.sourcecodester.com Software Link: https://www.sourcecodester.com/php/17217/employee-management-system-php-and-mysql-free-download.html Version: 1.0 Tested on: Windows, Linux...
Quick.CMS 6.7 SQL Injection
Exploit Title: Quick.CMS 6.7 SQL Injection Login Bypass Google Dork: N/A Date: 02-03-2024 Exploit Author: ./H4X.Forensics - Diyar Vendor Homepage: https://www.opensolution.org Software Link: https://opensolution.org/download/home.html?sFile=Quick.Cmsv6.7-en.zip Version: 6.7 Tested on: Windows CVE...
Gibbon LMS 26.0.00 PHP Deserialization / Code Execution
Exploit Title: Gibbon LMS has a PHP Deserialization vulnerability on the v26.0.00 version Date: 22.01.2024 Exploit Author: SecondX.io Research TeamAli Maharramli,Fikrat Guliev,Islam Rzayev Vendor Homepage: https://gibbonedu.org/ Software Link: https://github.com/GibbonEdu/core Version: v26.0.00...
Atlassian Confluence < 8.5.3 - Remote Code Execution
Exploit Title: CVE-2023-22527: Atlassian Confluence RCE Vulnerability Date: 25/1/2024 Exploit Author: MaanVader Vendor Homepage: https://www.atlassian.com/software/confluence Software Link: https://www.atlassian.com/software/confluence Version: 8.0.x, 8.1.x, 8.2.x, 8.3.x, 8.4.x, 8.5.0-8.5.3 Teste...
KiTTY 0.76.1.13 - 'Start Duplicated Session Username' Buffer Overflow
Exploit Title: KiTTY 0.76.1.13 - 'Start Duplicated Session Username' Buffer Overflow Exploit Author: DEFCESCO Austin A. DeFrancesco Vendor Homepage: https://github.com/cyd01/KiTTY/= Software Link: https://github.com/cyd01/KiTTY/releases/download/v0.76.1.13/kitty-bin-0.76.1.13.zip Version: ≤...
Customer Support System 1.0 - Multiple SQL injection Vulnerability
Exploit Title: Customer Support System 1.0 - Multiple SQL injection vulnerabilities Exploit Author: Geraldo Alcantara Vendor Homepage: https://www.sourcecodester.com/php/14587/customer-support-system-using-phpmysqli-source-code.html Software Link:...
Customer Support System 1.0 SQL Injection
Exploit Title: Customer Support System 1.0 - Multiple SQL injection vulnerabilities Date: 15/12/2023 Exploit Author: Geraldo Alcantara Vendor Homepage: https://www.sourcecodester.com/php/14587/customer-support-system-using-phpmysqli-source-code.html Software Link:...
elFinder Web file manager Version - 2.1.53 Remote Command Execution
Exploit Title: elFinder Web file manager Version: 2.1.53 Remote Command Execution Date: 23/11/2023 Exploit Author: tmrswrr Google Dork: intitle:"elFinder 2.1.53" Vendor Homepage: https://studio-42.github.io/elFinder/ Software Link: https://github.com/Studio-42/elFinder/archive/refs/tags/2.1.53.zi...
GL.iNet AR300M v4.3.7 Arbitrary File Read - CVE-2023-46455 Exploit
!/usr/bin/env python3 Exploit Title: GL.iNet = 4.3.7 Arbitrary File Write Google Dork: intitle:"GL.iNet Admin Panel" Date: XX/11/2023 Exploit Author: Michele 'cyberaz0r' Di Bonaventura Vendor Homepage: https://www.gli-net.com Software Link:...
A-PDF All to MP3 Converter 2.0.0 - DEP Bypass via HeapCreate + HeapAlloc
!/usr/bin/python Exploit Title: A-PDF All to MP3 Converter 2.0.0 - DEP Bypass with HeapCreate + HeapAlloc + somememorycopyfunction ROP chain Date: 16 November 2023 Exploit Author: George Washington Vendor Homepage: http://www.a-pdf.com/all-to-mp3/download.htm Software Link:...