2123 matches found
Sql injection
rConfig 3.9.6 is affected by SQL Injection. A user must be authenticated to exploit the vulnerability. If --secure-file-priv in MySQL server is not set and the Mysql server is the same as rConfig, an attacker may successfully upload a webshell to the server and access it remotely...
CVE-2021-29004
CVE-2021-29004 affects rConfig 3.9.6 with a SQL Injection vulnerability. The vulnerability requires authentication to exploit; if the MySQL server is the same as rConfig and --secure-file-priv is not set, an attacker could upload a webshell and access it remotely. Public references indicate sever...
CVE-2021-29004
rConfig 3.9.6 is affected by SQL Injection. A user must be authenticated to exploit the vulnerability. If --secure-file-priv in MySQL server is not set and the Mysql server is the same as rConfig, an attacker may successfully upload a webshell to the server and access it remotely...
AF-ShellHunter - Auto Shell Lookup
AF-ShellHunter: Auto shell lookup AF-ShellHunter its a script designed to automate the search of WebShell's in AF Team How to pip3 install -r requirements.txt python3 shellhunter.py --help Basic Usage You can run shellhunter in two modes --url -u When scanning a single url --file -f Scanning...
Online Traffic Offense Management System 1.0 - Multiple Remote Code Execution Vulnerability
Exploit Title: Online Traffic Offense Management System 1.0 - Multiple RCE Unauthenticated Exploit Author: Hubert Wojciechowski Contact Author: email protected Vendor Homepage: https://www.sourcecodester.com Software Link:...
Online Traffic Offense Management System 1.0 - Multiple RCE (Unauthenticated)
Exploit Title: Online Traffic Offense Management System 1.0 - Multiple RCE Unauthenticated Date: 07/10/2021 Exploit Author: Hubert Wojciechowski Contact Author: [email protected] Vendor Homepage: https://www.sourcecodester.com Software Link:...
Church Management System 1.0 SQL Injection / Code Execution
Exploit Title: Church Management System 1.0 - Authentication Bypass via SQLi + RCE Date: 21.09.2021 Exploit Author: Janik Wehrli Vendor Homepage: https://www.sourcecodester.com/php/14949/church-management-system-cms-website-using-php-source-code.html Software Link:...
Budget and Expense Tracker System 1.0 - Remote Code Execution (Unauthenticated) Exploit
Exploit Title: Budget and Expense Tracker System 1.0 - Remote Code Execution RCE Unauthenticated Exploit Author: Abdullah Khawaja hax.3xploit Vendor Homepage: https://www.sourcecodester.com/php/14893/budget-and-expense-tracker-system-php-free-source-code.html Software Link:...
Online Food Ordering System 2.0 - Remote Code Execution (Unauthenticated) Exploit
Exploit Title: Online Food Ordering System 2.0 - Remote Code Execution RCE Unauthenticated Exploit Author: Abdullah Khawaja hax.3xploit Vendor Homepage: https://www.sourcecodester.com/php/14951/online-food-ordering-system-php-and-sqlite-database-free-source-code.html Software Link:...
Church Management System 1.0 - Remote Code Execution (Unauthenticated) Exploit
Exploit Title: Church Management System 1.0 - Remote Code Execution RCE Unauthenticated Exploit Author: Abdullah Khawaja Vendor Homepage: https://www.sourcecodester.com/php/14949/church-management-system-cms-website-using-php-source-code.html Software Link:...
Church Management System 1.0 - Remote Code Execution (RCE) (Unauthenticated)
Exploit Title: Church Management System 1.0 - Remote Code Execution RCE Unauthenticated Exploit Author: Abdullah Khawaja Date: 2021-09-20 Vendor Homepage: https://www.sourcecodester.com/php/14949/church-management-system-cms-website-using-php-source-code.html Software Link:...
Online Food Ordering System 2.0 - Remote Code Execution (RCE) (Unauthenticated)
Exploit Title: Online Food Ordering System 2.0 - Remote Code Execution RCE Unauthenticated Exploit Author: Abdullah Khawaja hax.3xploit Date: 2021-09-20 Vendor Homepage: https://www.sourcecodester.com/php/14951/online-food-ordering-system-php-and-sqlite-database-free-source-code.html Software Lin...
Church Management System 1.0 Shell Upload
Exploit Title: Church Management System CMS-Website - Unauthenticated RCE Exploit Author: Abdullah Khawaja Date: 2021-09-17 Vendor Homepage: https://www.sourcecodester.com/php/14949/church-management-system-cms-website-using-php-source-code.html Software Link:...
FBI and CISA warn of APT groups exploiting ADSelfService Plus
In a joint advisory the FBI, the United States Coast Guard Cyber Command CGCYBER, and the Cybersecurity and Infrastructure Security Agency CISA warn that advanced persistent threat APT cyber-actors may be exploiting a vulnerability in ManageEngines single sign-on SSO solution. The vulnerability...
Apartment Visitor Management System (AVMS) 1.0 - 'username' SQL Injection
Exploit Title: Apartment Visitor Management System AVMS 1.0 - 'username' SQL Injection Date: 2021-08-13 Exploit Author: mari0x00 Vendor Homepage: https://phpgurukul.com/apartment-visitors-management-system-using-php-and-mysql/ Software Link:...
File Upload Vulnerability in TongWEB Application Server
TongWEB Application Server is a standard, secure, highly available and feature-rich enterprise application server.TongWEB Application Server is vulnerable to file upload, which can be exploited to upload a WebShell and gain control of the server...
TongWEB application server is vulnerable to arbitrary file upload
TongWEB Application Server is a standard, secure, highly available and feature-rich enterprise application server.TongWEB Application Server is vulnerable to arbitrary file upload, which can be exploited by attackers to upload WEBSHELL and gain control of the server...
Apartment Visitor Management System (AVMS) 1.0 - SQL injection to Remote Code Execution 0day Exploit
Exploit Title: Apartment Visitor Management System AVMS 1.0 - SQLi to RCE Exploit Author: mari0x00 Vendor Homepage: https://phpgurukul.com/apartment-visitors-management-system-using-php-and-mysql/ Software Link: https://phpgurukul.com/?smdprocessdownload=1&downloadid=10395 Version: 1.0 Tested on:...
Patient Appointment Scheduler System 1.0 Shell Upload
Exploit Title: Patient Appointment Scheduler System 1.0 - Unauthenticated File Upload & Remote Code Execution RCE Date: 03/09/2021 Exploit Author: a-rey Vendor Homepage: https://www.sourcecodester.com/php/14928/patient-appointment-scheduler-system-using-php-free-source-code.html Software Link:...
Patient Appointment Scheduler System 1.0 - Unauthenticated File Upload & Remote Code Execution
Exploit Title: Patient Appointment Scheduler System 1.0 - Unauthenticated File Upload & Remote Code Execution RCE Exploit Author: a-rey Vendor Homepage: https://www.sourcecodester.com/php/14928/patient-appointment-scheduler-system-using-php-free-source-code.html Software Link:...