47904 matches found
Apache Struts 2.5 < 2.5.12 - REST Plugin XStream Remote Code Execution
Exploit Title: Struts 2.5 - 2.5.12 REST Plugin XStream RCE Google Dork: filetype:action Date: 06/09/2017 Exploit Author: Warflop Vendor Homepage: https://struts.apache.org/ Software Link: http://mirror.nbtelecom.com.br/apache/struts/2.5.10/struts-2.5.10-all.zip Version: Struts 2.5 – Struts 2.5.12...
SuperStoreFinder - Multiple Vulnerabilities
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ .:. Exploit Title SuperStoreFinder - Multiple Vulnerabilities .:. Google Dorks .:. "designed and built by Joe Iz." "Super Store Finder is designed and built by Joe Iz from Highwarden Huntsman." inurl:/superstorefinder/index.php ....
i-Panel Administration System 2.0 - Reflected Cross-site Scripting (XSS)
Exploit Title: i-Panel Administration System 2.0 - Reflected Cross-site Scripting XSS Date: 04.10.2021 Exploit Author: Forster Chiu Vendor Homepage: https://www.hkurl.com Version: 2.0 Tested on: Chrome, Edge and Firefox CVE: CVE-2021-41878 Reference:...
Courier Management System 1.0 - 'First Name' Stored XSS
Exploit Title: Courier Management System 1.0 - 'First Name' Stored XSS Exploit Author: Zhaiyi Zeo Date: 2020-12-11 Google Dork: N/A Vendor Homepage: https://www.sourcecodester.com/php/14615/task-management-system-using-phpmysqli-source-code.html Software Link:...
GitLab 11.4.7 - RCE (Authenticated) (2)
Exploit Title: GitLab 11.4.7 RCE POC Date: 24th December 2020 Exploit Author: Norbert Hofmann Exploit Modifications: Sam Redmond, Tam Lai Yin Original Author: Mohin Paramasivam Software Link: https://gitlab.com/ Environment: GitLab 11.4.7, community edition CVE: CVE-2018-19571 + CVE-2018-19585...
Sony BRAVIA Digital Signage 1.7.8 - System API Information Disclosure
Exploit Title: Sony BRAVIA Digital Signage 1.7.8 - System API Information Disclosure Date: 20.09.2020 Exploit Author: LiquidWorm Vendor Homepage: https://pro-bravia.sony.net Version: 1.7.8 Sony BRAVIA Digital Signage 1.7.8 System API Information Disclosure Vendor: Sony Electronics Inc. Product we...
Employee and Visitor Gate Pass Logging System 1.0 - 'name' Stored Cross-Site Scripting (XSS)
Exploit Title: Employee and Visitor Gate Pass Logging System 1.0 - 'name' Stored Cross-Site Scripting XSS Date: 10.11.2021 Exploit Author: İlhami Selamet Vendor Homepage: https://www.sourcecodester.com/php/15026/employee-and-visitor-gate-pass-logging-system-php-source-code.html Software Link:...
WordPress Plugin LearnPress 3.2.6.7 - 'current_items' SQL Injection (Authenticated)
Exploit Title: WordPress Plugin LearnPress 3.2.6.7 - 'currentitems' SQL Injection Authenticated Date: 07-17-2021 Exploit Author: nhattruong or nhattruong.blog Vendor Homepage: https://thimpress.com/learnpress/ Software Link: https://wordpress.org/plugins/learnpress/ Version: /wp-admin 2. Login wi...
Bludit 3.9.2 - Auth Bruteforce Bypass
!/usr/bin/python3 Exploit Title: Bludit = 3.9.2 - Bruteforce Mitigation Bypass Author: ColdFusionX Mayank Deshmukh Author website: https://coldfusionx.github.io Date: 2020-10-19 Vendor Homepage: https://www.bludit.com/ Software Link: https://github.com/bludit/bludit/archive/3.9.2.tar.gz Version: ...
Rukovoditel 2.6.1 - RCE (1)
Exploit Title: Rukovoditel 2.6.1 - RCE Date: 2020-06-11 Exploit Author: coiffeur Write Up: https://therealcoiffeur.github.io/c1010 Vendor Homepage: https://www.rukovoditel.net/ Software Link: https://www.rukovoditel.net/download.php Version: v2.6.1 CVE: CVE-2020-11819 set -e function usage echo...
Client Management System 1.0 - 'searchdata' SQL injection
Exploit Title: Client Management System 1.0 - 'searchdata' SQL injection Date: 26/10/2020 Exploit Author: Serkan Sancar Vendor Homepage: https://phpgurukul.com/client-management-system-using-php-mysql/ Software Link: https://phpgurukul.com/?smdprocessdownload=1&downloadid=10841 Version: 1.0 Teste...
Gym Management System 1.0 - 'id' SQL Injection
Exploit Title: Gym Management System 1.0 - 'id' SQL Injection Date: 22/10/2020 Exploit Author: Jyotsna Adhana Vendor Homepage: https://www.sourcecodester.com/php/14541/gym-management-system-using-phpmysqli-source-code.html Software Link:...
PHPLiteAdmin 1.9.3 - Remote PHP Code Injection
Exploit Title: phpliteadmin phpliteadmin.php1785: 'When you create a new database, the name you entered will be appended with the appropriate file extension .db, .db3, .sqlite, etc. if you do not include it yourself. The database will be created in the directory you specified as the $directory...
Microsoft Windows Kernel - 'win32k.sys NtSetWindowLongPtr' Local Privilege Escalation (MS16-135) (2)
/ Source: https://ricklarabee.blogspot.com/2017/01/virtual-memory-page-tables-and-one-bit.html Binary: https://github.com/rlarabee/exploits/raw/8b9eb646516d7f022a010f28018209f331c28975/cve-2016-7255/compiled/cve-2016-7255.exe Mirror:...
Online Traffic Offense Management System 1.0 - Multiple RCE (Unauthenticated)
Exploit Title: Online Traffic Offense Management System 1.0 - Multiple RCE Unauthenticated Date: 07/10/2021 Exploit Author: Hubert Wojciechowski Contact Author: [email protected] Vendor Homepage: https://www.sourcecodester.com Software Link:...
FLIR AX8 Thermal Camera 1.32.16 - Arbitrary File Disclosure
Exploit Title: FLIR AX8 Thermal Camera 1.32.16 - Arbitrary File Disclosure Auhor: Gjoko 'LiquidWorm' Krstic Date: 2018-10-14 Vendor: FLIR Systems, Inc. Product web page: https://www.flir.com Affected version: Firmware: 1.32.16, 1.17.13 OS: necov1.8-0-g7ffe5b3 Hardware: Flir Systems Neco Board...
Booked Scheduler 2.7.5 - Remote Command Execution (RCE) (Authenticated)
Exploit Title: Booked Scheduler 2.7.5 - Remote Command Execution RCE Authenticated Vulnerability founder: AkkuS Date: 13/12/2021 Exploit Author: 0sunday Vendor Homepage: https://www.bookedscheduler.com/ Software Link: N/A Version: Booked Scheduler 2.7.5 Tester on: Kali 2021.2 CVE: CVE-2019-9581...
ScadaBR 1.0 - Arbitrary File Upload (Authenticated) (2)
Exploit Title: ScadaBR 1.0 - Arbitrary File Upload Authenticated 2 Date: 04/21 Exploit Author: Fellipe Oliveira Vendor Homepage: https://www.scadabr.com.br/ Version: ScadaBR 1.0, ScadaBR 1.1CE and ScadaBR 1.0 for Linux Tested on: Debian9,10Ubuntu16.04 !/usr/bin/python import requests,sys,time if...
WordPress Plugin Easy Contact Form 1.1.7 - 'Name' Stored Cross-Site Scripting (XSS)
Exploit Title: WordPress Plugin Easy Contact Form 1.1.7 - 'Name' Stored Cross-Site Scripting XSS Date: 14/01/2021 Exploit Author: Rahul Ramakant Singh Vendor Homepage: https://ghozylab.com/plugins/ Software Link: https://demo.ghozylab.com/plugins/easy-contact-form-plugin/ Version: 1.1.7 Tested on...
Spiceworks 7.5 - HTTP Header Injection
Exploit Title: Spiceworks 7.5 - HTTP Header Injection Google Dork: inurl:/prousers/login Discovered Date: 15/09/2020 Exploit Author: Ramikan Vendor Homepage: https://www.spiceworks.com Affected Version: 7.5.7.0 may be others. Tested On Version: 7.5.7.0 CVE : CVE-2020-25901 Vulnerability: Host...
Jenkins 2.63 - Sandbox bypass in pipeline: Groovy plug-in
Exploit Title: Jenkins 2.63 - Sandbox bypass in pipeline: Groovy plug-in Date: 8th October 2020 Exploit Author: dmw0ng Vendor Homepage: https://www.jenkins.io Software Link: http://archives.jenkins-ci.org/windows/jenkins-2.63.zip Version: Jenkins 2.63 Tested on: Ubuntu 18.04 / 20.04 CVE :...
FLIR AX8 Thermal Camera 1.32.16 - RTSP Stream Disclosure
Exploit Title: FLIR AX8 Thermal Camera 1.32.16 - RTSP Stream Disclosure Author: Gjoko 'LiquidWorm' Krstic @zeroscience Date: 2018-10-14 Vendor: FLIR Systems, Inc. Product web page: https://www.flir.com Affected version: Firmware: 1.32.16, 1.17.13, OS: necov1.8-0-g7ffe5b3, Hardware: Flir Systems...
Wavlink WN530HG4 - Password Disclosure
Exploit Title: Wavlink WN530HG4 - Password Disclosure Date: 2022-06-12 Exploit Author: Ahmed Alroky Author Company : AIactive Version: M30HG4.V5030.191116 Vendor home page : wavlink.com Authentication Required: No CVE : CVE-2022-34047 Tested on: Windows Exploit...
Loan Management System 1.0 - Multiple Cross Site Scripting (Stored)
Exploit Title: Loan Management System 1.0 - Multiple Cross Site Scripting Stored Google Dork: N/A Date: 2020/10/19 Exploit Author: Akıner Kısa Vendor Homepage: https://www.sourcecodester.com/php/14471/loan-management-system-using-phpmysql-source-code.html Software Link:...
NetPCLinker 1.0.0.0 - Buffer Overflow (SEH Egghunter)
Exploit Title: NetPCLinker 1.0.0.0 - Buffer Overflow SEH Egghunter Date: 2019-06-28 Exploit Author: Saeed reza Zamanian Vendor Homepage: https://sourceforge.net/projects/netpclinker/ Software Link: https://sourceforge.net/projects/netpclinker/files/ Version: 1.0.0.0 Tested on: Windows Vista SP1...
VirtualTablet Server 3.0.2 - Denial of Service (PoC)
Title: VirtualTablet Server 3.0.2 - Denial of Service PoC Author: Dolev Farhi Date: 2020-04-29 Vulnerable version: 3.0.2 14 Link: http://www.sunnysidesoft.com/ CVE: N/A from thrift import Thrift from thrift.transport import TSocket from thrift.transport import TTransport from thrift.protocol impo...
MikroTik RouterOS 6.45.6 - DNS Cache Poisoning
Exploit Title: MikroTik RouterOS 6.45.6 - DNS Cache Poisoning Date: 2019-10-30 Exploit Author: Jacob Baines Vendor Homepage: https://mikrotik.com/ Software Link: https://mikrotik.com/download Version: 6.45.6 Stable and below or 6.44.5 Long-term and below Tested on: Various x86 and MIPSBE RouterOS...
Elasticsearch - StackOverflow DoS
Exploit Author: TOUHAMI KASBAOUI Vendor Homepage: https://elastic.co/ Version: 8.5.3 / OpenSearch Tested on: Ubuntu 20.04 LTS CVE : CVE-2023-31419 Ref: https://github.com/sqrtZeroKnowledge/Elasticsearch-Exploit-CVE-2023-31419 import requests import random import string esurl =...
CMDBuild 3.3.2 - 'Multiple' Cross Site Scripting (XSS)
Exploit Title: CMDBuild 3.3.2 - 'Multiple' Cross Site Scripting XSS Date: 15/11/2021 Exploit Author: Hosein Vita Vendor Homepage: https://www.cmdbuild.org Software Link: https://www.cmdbuild.org/en/download/latest-version Version: CMDBuild 3.3.2 Tested on: Linux Summary: Multiple stored cross-sit...
Apache OFBiz 17.12.03 - Cross-Site Request Forgery (Account Takeover)
Exploit Title: Apache OFBiz 17.12.03 - Cross-Site Request Forgery Account Takeover Exploit Author: Faiz Ahmed Zaidi Vendor Homepage: https://ofbiz.apache.org/security.html Software Link: https://ofbiz.apache.org/download.htmlsecurity Version: Before 17.12.03 Tested on: Linux and Windows CVE :...
Roundcube 1.6.10 - Remote Code Execution (RCE)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Roundcube ≤ 1.6.10 Post-Auth RCE via PHP Object Deserialization', 'Description' = %q Roundcube Webmail before 1.5.10 and 1.6.x before 1.6.11 allo...
WordPress Plugin WP Super Cache 1.7.1 - Remote Code Execution (Authenticated)
Exploit Title: WordPress Plugin WP Super Cache 1.7.1 - Remote Code Execution Authenticated Google Dork: inurl:/wp-content/plugins/wp-super-cache/ Date: 2021-03-13 Exploit Author: m0ze Version: Cache Location option. Direct access to the wp-cache-config.php file is not prohibited, so this...
WordPress Plugin BBPress 2.5 - Unauthenticated Privilege Escalation
Exploit Title: Wordpress Plugin BBPress 2.5 - Unauthenticated Privilege Escalation Date: 2020-05-29 Exploit Author: Raphael Karger Software Link: https://codex.bbpress.org/releases/ Version: BBPress 2.5 CVE: CVE-2020-13693 import argparse import requests import bs4 import urllib3...
Mini Mouse 9.3.0 - Local File inclusion
Exploit Title: Mini Mouse 9.3.0 - Local File inclusion / Path Traversal Author: gosh Date: 05-04-2021 Vendor Homepage: http://yodinfo.com Software Link: https://apps.apple.com/us/app/mini-mouse-remote-control/id914250948 Version: 9.3.0 Tested on: iPhone; iOS 14.4.2 GET /op=getdeviceinfo HTTP/1.1...
Alphaware E-Commerce System 1.0 - Unauthenicated Remote Code Execution (File Upload + SQL injection)
Exploit Title: Alphaware E-Commerce System 1.0 - Unauthenicated Remote Code Execution File Upload + SQL injection Date: 15-03-2021 Exploit Author: Christian Vierschilling Vendor Homepage: https://www.sourcecodester.com Software Link:...
Seowon SlC 130 Router - Remote Code Execution
Exploit Title: Seowon SlC 130 Router - Remote Code Execution Author: maj0rmil4d - Ali Jalalat Author website: https://secureguy.ir Date: 2020-08-20 Vendor Homepage: seowonintech.co.kr Software Link: http://www.seowonintech.co.kr/en/product/detail.asp?num=150&bigkind=B05&middlekind=B0529 CVE:...
Adaware Web Companion version 4.8.2078.3950 - 'WCAssistantService' Unquoted Service Path
Exploit Title: Adaware Web Companion version 4.8.2078.3950 - 'WCAssistantService' Unquoted Service Path Date: 2019-11-06 Exploit Author: Mariela L Martínez Hdez Vendor Homepage: https://webcompanion.com/en/ Software Link: https://webcompanion.com/en/ Version: Adaware Web Companion version...
WordPress Plugin W3 Total Cache - Unauthenticated Arbitrary File Read (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'WordPress W3 Total Cache File Read Vulnerability', 'Description' = %q This module exploits an unauthenticated directory traversal vulnerability i...
BearShare Lite 5.2.5 - 'Advanced Search'Buffer Overflow in (PoC)
Title: BearShare Lite 5.2.5 - 'Advanced Search'Buffer Overflow in PoC Date: 2020-09-29 Author: Christian Vierschilling Vendor Homepage: http://www.bearshareofficial.com/ Software Link: http://www.oldversion.com.de/windows/bearshare-lite-5-2-5 Versions: 5.1.0 - 5.2.5 Tested on: Windows 10 x64 EN/D...
Wordpress Plugin Maintenance Mode by SeedProd 5.1.1 - Persistent Cross-Site Scripting
Exploit Title: Wordpress Plugin Maintenance Mode by SeedProd 5.1.1 - Persistent Cross-Site Scripting Date: 2020-06-22 Vendor Homepage: https://www.seedprod.com/ Vendor Changelog: https://wordpress.org/plugins/coming-soon/developers Exploit Author: Jinson Varghese Behanan @JinsonCyberSec Author...
ServiceNow - Username Enumeration
Exploit Title: ServiceNow - Username Enumeration Google Dork: NA Date: 12 February 2022 Exploit Author: Victor Hanna Trustwave SpiderLabs Author Github Page: https://9lyph.github.io/CVE-2021-45901/ Vendor Homepage: https://www.servicenow.com/ Software Link:...
Codiad 2.8.4 - Remote Code Execution (Authenticated) (3)
Exploit Title: Codiad 2.8.4 - Remote Code Execution Authenticated 3 Date: 24.05.2021 Exploit Author: Ron Jost Hacker5preme Vendor Homepage: http://codiad.com/ Software Link: https://github.com/Codiad/Codiad/releases/tag/v.2.8.4 Version: 2.8.4 Tested on Xubuntu 20.04 CVE: CVE-2018-19423 '''...
GitLab 11.4.7 - Remote Code Execution (Authenticated) (1)
Exploit Title: Gitlab 11.4.7 - Remote Code Execution Date: 14-12-2020 Exploit Author: Fortunato Lodari fox at thebrain dot net, foxlox Vendor Homepage: https://about.gitlab.com/ POC: https://liveoverflow.com/gitlab-11-4-7-remote-code-execution-real-world-ctf-2018/ Tested On: Debian 10 +...
VestaCP 0.9.8-26 - 'LoginAs' Insufficient Session Validation
Exploit Title: VestaCP 0.9.8-26 - 'LoginAs' Insufficient Session Validation Date: 2020-11-26 Exploit Author: Vulnerability-Lab Vendor Homepage: https://vestacp.com/ Software Link: https://vestacp.com/install/ Version: 0.9.8-26 Document Title: =============== VestaCP v0.9.8-26 - LoginAs Token...
Rumble Mail Server 0.51.3135 - 'rumble_win32.exe' Unquoted Service Path
Exploit Title: Rumble Mail Server 0.51.3135 - 'rumblewin32.exe' Unquoted Service Path Date: 2020-9-3 Exploit Author: Mohammed Alshehri Vendor Homepage: http://rumble.sf.net/ Software Link: https://sourceforge.net/projects/rumble/files/Windows%20binaries/rumble0.51.3135-setup.exe Version: Version...
TP-Link Devices - 'setDefaultHostname' Stored Cross-site Scripting (Unauthenticated)
Exploit Title: TP-Link Devices - 'setDefaultHostname' Stored Cross-site Scripting Unauthenticated Date: 24-07-2020 Exploit Author: Smriti Gaba, Kaustubh Padwad Vendor Homepage: https://www.tp-link.com Version: Multiple ============================================================== Unauthenticated...
Configuration Tool 1.6.53 - 'OpLclSrv' Unquoted Service Path
Exploit Title: Configuration Tool 1.6.53 - 'OpLclSrv' Unquoted Service Path Discovery by: Brian Rodriguez Date: 07-03-2021 Vendor Homepage: https://www.oki.com Software Links:...
b2evolution 6.11.6 - 'redirect_to' Open Redirect
Exploit Title: b2evolution 6.11.6 - 'redirectto' Open Redirect Date: 10/02/2021 Exploit Author: Soham Bakore, Nakul Ratti Vendor Homepage: https://b2evolution.net/ Software Link: https://b2evolution.net/downloads/6-11-6-stable?download=12405 Version: 6.11.6 Tested on: latest version of Chrome,...
Frigate 2.02 - Denial Of Service (PoC)
Exploit Title: Frigate 2.02 - Denial Of Service PoC Vendor Homepage: http://www.frigate3.com/ Software Link Download: http://www.frigate3.com/download/Frigate2.exe Exploit Author: Paras Bhatia Discovery Date: 2020-06-22 Vulnerable Software: Frigate Version: 2.02 Vulnerability Type: Denial of...
SonLogger 4.2.3.3 - Unauthenticated Arbitrary File Upload (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'SonLogger Arbitrary File Upload Exploit', 'Description' = %q This module exploits an unauthenticated arbitrary file upload via insecure POST...