47904 matches found
MaxOn ERP Software 8.x-9.x - 'nomor' SQL Injection
Exploit Title: MaxOn ERP Software 8.x-9.x - 'nomor' SQL Injection Dork: N/A Date: 2018-10-15 Exploit Author: Ihsan Sencan Vendor Homepage: http://www.talagasoft.com Software Link: http://demo.maxonerp.com/ Software Download: https://datapacket.dl.sourceforge.net/project/maxon/maxon.rar Version:...
Remote Mouse GUI 3.008 - Local Privilege Escalation
Exploit Title: Remote Mouse GUI 3.008 - Local Privilege Escalation Exploit Author: Salman Asad @deathflash1411 a.k.a LeoBreaker Date: 17.06.2021 Version: Remote Mouse 3.008 Tested on: Windows 10 Pro Version 21H1 Reference: https://deathflash1411.github.io/blog/cve-2021-35448 CVE: CVE-2021-35448...
Simple Student Information System 1.0 - SQL Injection (Authentication Bypass)
Exploit Title: Simple Student Information System 1.0 - SQL Injection Authentication Bypass Date: 13 April 2021 Exploit Author: Galuh Muhammad Iman Akbar GaluhID Vendor Homepage: https://www.sourcecodester.com/php/11400/simple-student-information-system-ajax-live-search.html Software Link:...
Online Marriage Registration System 1.0 - Persistent Cross-Site Scripting
Exploit Title: Online Marriage Registration System 1.0 - Persistent Cross-Site Scripting Google Dork: N/A Date: 2020-05-26 Exploit Author: that faceless coderInveteck Global Vendor Homepage: https://phpgurukul.com/ Software Link:...
WordPress Plugin Poll, Survey, Questionnaire and Voting system 1.5.2 - 'date_answers' Blind SQL Injection
Exploit Title: WordPress Plugin Poll, Survey, Questionnaire and Voting system 1.5.2 - 'dateanswers' Blind SQL Injection Date: 09/06/2021 Exploit Author: inspired - Toby Jackson Blog Post: https://in-spired.xyz/wpdevart-polls-blind-sql-injection/ Vendor Homepage:...
WordPress Plugin Duplicator 1.4.7 - Information Disclosure
Exploit Title: WordPress Plugin Duplicator 1.4.7 - Information Disclosure Google Dork: N/A Date: 07.27.2022 Exploit Author: SecuriTrust Vendor Homepage: https://snapcreek.com/ Software Link: https://wordpress.org/plugins/duplicator/ Version: = 1.4.7 Tested on: Linux, Windows CVE : CVE-2022-2552...
Workspace ONE Intelligent Hub 20.3.8.0 - 'VMware Hub Health Monitoring Service' Unquoted Service Path
Exploit Title: Workspace ONE Intelligent Hub 20.3.8.0 - 'VMware Hub Health Monitoring Service' Unquoted Service Path Discovery by: Ismael Nava Discovery Date: 06-16-2021 Vendor Homepage: https://www.vmware.com/mx/products/workspace-one/intelligent-hub.html Software Links : https://getwsone.com/...
Library Management System 2.0 - Auth Bypass SQL Injection
Exploit Title: Library Management System 2.0 - Auth Bypass SQL Injection Date: 2020-12-09 Exploit Author: Manish Solanki Vendor Homepage: https://www.sourcecodester.com/php/6849/library-management-system.html Software Link:...
Altova MobileTogether Server 7.3 - XML External Entity Injection (XXE)
Exploit Title: Altova MobileTogether Server 7.3 - XML External Entity Injection XXE Date: 2021-08-10 Exploit Author: RedTeam Pentesting GmbH Vendor Homepage: https://www.altova.com/mobiletogether-server Version: 7.3 CVE: 2021-37425 Advisory: XML External Entity Expansion in MobileTogether Server...
HaPe PKH 1.1 - Arbitrary File Upload
Exploit Title: HaPe PKH 1.1 - Arbitrary File Upload Dork: N/A Date: 2018-10-12 Exploit Author: Ihsan Sencan Vendor Homepage: http://www.sitejo.id Software Link: https://sourceforge.net/projects/hape-pkh/files/latest/download Version: 1.1 Category: Webapps Tested on: WiN7x64/KaLiLinuXx64 CVE: N/A...
Gitea 1.7.5 - Remote Code Execution
Exploit Title: Gitea 1.7.5 - Remote Code Execution Date: 2020-05-11 Exploit Author: 1F98D Original Author: LoRexxar Software Link: https://gitea.io/en-us/ Version: Gitea before 1.7.6 and 1.8.x before 1.8-RC3 Tested on: Debian 9.11 x64 CVE: CVE-2019-11229 References:...
Alkacon OpenCMS 10.5.x - Cross-Site Scripting (2)
Exploit Title: Alkacon OpenCMS 10.5.x - Multiple XSS in Alkacon OpenCms Site Management Google Dork: N/A Date: 18/07/2019 Exploit Author: Aetsu Vendor Homepage: http://www.opencms.org Software Link: https://github.com/alkacon/opencms-core Version: 10.5.x Tested on: 10.5.5 / 10.5.4 CVE :...
Wordpress Plugin Catch Themes Demo Import 1.6.1 - Remote Code Execution (RCE) (Authenticated)
Exploit Title: Wordpress Plugin Catch Themes Demo Import 1.6.1 - Remote Code Execution RCE Authenticated Date 07.12.2021 Exploit Author: Ron Jost Hacker5preme Vendor Homepage: https://wordpress.org/plugins/catch-themes-demo-import/ Software Link:...
PHP 7.2 - 'imagecolormatch()' Out of Band Heap Write
&c= Example: GET/POST /exploit.php?f=0x7fe83d1bb480&c=id++/dev/shm/titi Target: PHP 7.2.x Tested on: PHP 7.2.12 / buf = unsigned long safeemallocsizeofunsigned long, 5 im2-colorsTotal, 0; for x=0; xsx; x++ for y=0; ysy; y++ color = im2-pixelsyx; rgb = im1-tpixelsyx; bp = buf + color 5; bp++++; bp...
Vishesh Auto Index 3.1 - 'fid' SQL Injection
Exploit Title: Vishesh Auto Index 3.1 - 'fid' SQL Injection Dork: N/A Date: 2018-10-15 Exploit Author: Ihsan Sencan Vendor Homepage: http://www.vishesh.cf/ Software Link: https://sourceforge.net/projects/vishesh-wap-auto-index/files/latest/download Version: 3.1 Category: Webapps Tested on:...
GNU gdbserver 9.2 - Remote Command Execution (RCE)
Exploit Title: GNU gdbserver 9.2 - Remote Command Execution RCE Date: 2021-11-21 Exploit Author: Roberto Gesteira Miñarro 7Rocky Vendor Homepage: https://www.gnu.org/software/gdb/ Software Link: https://www.gnu.org/software/gdb/download/ Version: GNU gdbserver Ubuntu 9.2-0ubuntu120.04 9.2 Tested...
ImportExportTools NG 10.0.4 - HTML Injection
Exploit Title: ImportExportTools NG 10.0.4 - HTML Injection Date: 2021-11-05 Exploit Author: Vulnerability Lab Vendor Homepage: https://github.com/thundernest/import-export-tools-ng Software Link: https://addons.thunderbird.net/en-US/thunderbird/addon/importexporttools-ng/ Version: 10.0.4 Tested...
AlchemyCMS 4.1 - Cross-Site Scripting
Exploit Title: AlchemyCMS 4.1 - Cross-Site Scripting Date: 2018-10-14 Exploit Author: Ismail Tasdelen Vendor Homepage: https://alchemy-cms.com/ Software Link : https://github.com/AlchemyCMS/alchemycms Software : AlchemyCMS Version : 4.1-stable Vulernability Type : Cross-site Scripting Vulenrabili...
Linux Kernel < 4.4.0-116 (Ubuntu 16.04.4) - Local Privilege Escalation
/ Ubuntu 16.04.4 kernel priv esc all credits to @bleidl - vnik / // Tested on: // 4.4.0-116-generic 140-Ubuntu SMP Mon Feb 12 21:23:04 UTC 2018 x8664 // if different kernel adjust CRED offset + check kernel stack size include include include include include include include include include include...
Microsoft ASP.NET - Auto-Decryptor File Download (MS10-070)
!/usr/bin/ruby -w aspxadchotextattack.rb Copyright c 2010 AmpliaSECURITY. All rights reserved http://www.ampliasecurity.com Agustin Azubel - [email protected] MS10-070 ASPX proof of concept Decrypt data using an auto decryptor bundled in the aspx framework Encrypt data using Rizzo-Duong...
Touchbase.io 1.10 - Stored Cross Site Scripting
Exploit Title: Touchbase.io 1.10 - Stored Cross Site Scripting Date: 2020-11-11 Exploit Author: Simran Sankhala Vendor Homepage: https://touchbase.ai/ Software Link: https://touchbase.ai/ Version: 1.1.0 Tested on: Windows 10 Proof Of Concept: touchbase.ai application allows stored XSS, via the 'A...
AppXSvc - Privilege Escalation
----------------------------------------------------------------------------- Exploit Title: AppXSvc - Arbitrary File Security Descriptor Overwrite EoP Date: Sep 4 2019 Exploit Author: Gabor Seljan Vendor Homepage: https://www.microsoft.com/ Version: 17763.1.amd64fre.rs5release.180914-1434 Tested...
jQuery 3.3.1 - Prototype Pollution & XSS Exploit
Exploit Title: jQuery Prototype Pollution & XSS Exploit CVE-2019-11358 & CVE-2020-7656 Google Dork: N/A Date: 2025-02-13 Exploit Author: xOryus Vendor Homepage: https://jquery.com Software Link: https://code.jquery.com/jquery-3.3.1.min.js Version: 3.3.1 Tested on: Windows 10, Ubuntu 20.04, Chrome...
WordPress Plugin Weblizar 8.9 - Backdoor
Exploit Title: WordPress Plugin Weblizar 8.9 - Backdoor Google Dork: 'wp-json/am-member/license' Exploit Author: Sobhan Mahmoodi Vendor Homepage: https://weblizar.com/plugins/school-management/ Version: 8.9 Tested on: windows/linux Vulnerable code: addaction 'restapiinit', function...
Linux Kernel 2.6.19 < 5.9 - 'Netfilter Local Privilege Escalation
/ CVE-2021-22555: Turning \x00\x00 into 10000$ by Andy Nguyen theflow@ theflow@theflow:$ gcc -m32 -static -o exploit exploit.c theflow@theflow:$ ./exploit + Linux Privilege Escalation by theflow@ - 2021 + STAGE 0: Initialization Setting up namespace sandbox... Initializing sockets and message...
Academic Timetable Final Build 7.0a-7.0b - 'id' SQL Injection
Exploit Title: Academic Timetable Final Build 7.0a-7.0b - 'id' SQL Injection Dork: N/A Date: 2018-10-13 Exploit Author: Ihsan Sencan Vendor Homepage: http://geoffpartridge.net/ Software Link: https://sourceforge.net/projects/timetableacademic/files/latest/download Version: 7.0a-7.0b Category:...
Expense Management System - 'description' Stored Cross Site Scripting
Exploit Title: Expense Management System - 'description' Stored Cross Site Scripting Date: 02/12/2020 Exploit Author: Nikhil Kumar Vendor Homepage: http://egavilanmedia.com/ Software Link: http://egavilanmedia.com/expense-management-system/ Tested On: Ubuntu Vunerable Parameter: "description="...
Eibiz i-Media Server Digital Signage 3.8.0 - Privilege Escalation
Exploit Title: Eibiz i-Media Server Digital Signage 3.8.0 - Privilege Escalation Date: 2020-08-28 Exploit Author: LiquidWorm Vendor Homepage: http://www.eibiz.co.th Version: 3.8.0 Tested on: Windows CVE : N/A !/usr/bin/env python3 -- coding: utf-8 -- Eibiz i-Media Server Digital Signage 3.8.0...
Navigate CMS 2.8.5 - Arbitrary File Download
Exploit Title: Navigate CMS 2.8.5 - Arbitrary File Download Dork: N/A Date: 2018-10-13 Exploit Author: Ihsan Sencan Vendor Homepage: https://www.navigatecms.com/ Software Link: http://master.dl.sourceforge.net/project/navigatecms/releases/navigate-2.8.5r1355.zip Version: 2.8.5 Category: Webapps...
Rukovoditel Project Management CRM 2.3 - 'path' SQL Injection
Exploit Title: Rukovoditel Project Management CRM 2.3 - 'path' SQL Injection Dork: N/A Date: 2018-10-15 Exploit Author: Ihsan Sencan Vendor Homepage: https://www.rukovoditel.net/ Software Link: https://www.rukovoditel.net/download.php Version: 2.3 Category: Webapps Tested on: WiN7x64/KaLiLinuXx64...
pluck v4.7.18 - Stored Cross-Site Scripting (XSS)
Exploit Title: pluck v4.7.18 - Stored Cross-Site Scripting XSS Application: pluck Version: 4.7.18 Bugs: XSS Technology: PHP Vendor URL: https://github.com/pluck-cms/pluck Software Link: https://github.com/pluck-cms/pluck Date of found: 01-05-2023 Author: Mirabbas AÄŸalarov Tested on: Linux 2...
IObit Uninstaller 9.1.0.8 - 'IObitUnSvr' Unquoted Service Path
Title: IObit Uninstaller 9.1.0.8 - 'IObitUnSvr' Unquoted Service Path Author: Sainadh Jamalpur Date: 2019-10-22 Vendor Homepage: https://www.iobit.com Software Link: https://www.iobit.com/en/advanceduninstaller.php Version : 9.1.0.8 Tested on: Windows 10 64bitEN CVE : N/A 1. Description: Unquoted...
Snes9K 0.0.9z - Buffer Overflow (SEH)
Exploit Title: Snes9K 0.0.9z - Buffer Overflow SEH Date: 2018-10-13 Exploit Author: Abdullah Alıç Vendor Homepage: https://sourceforge.net/projects/snes9k/ Software Link: https://sourceforge.net/projects/snes9k/files/latest/download Version: 0.0.9z Tested on: Windows XP Professional sp3ENG...
zlog 1.2.15 - Buffer Overflow
Exploit Title: zlog 1.2.15 - Buffer Overflow Date: 10/23/2021 Exploit Author: LIWEI Vendor Homepage: https://github.com/HardySimpson/zlog Software Link: https://github.com/HardySimpson/zlog Version: v1.2.15 Tested on: ubuntu 18.04.2 1.- compile the zlogv1.2.15 code to a library. 2.- Use the...
memono Notepad Version 4.2 - Denial of Service (PoC)
Exploit Title: memono Notepad Version 4.2 - Denial of Service PoC Date: 06-09-2021 Author: Geovanni Ruiz Download Link: https://apps.apple.com/es/app/memono-bloc-de-notas/id906470619 Version: 4.2 Category: DoS iOS Vulnerability Color Notes is vulnerable to a DoS condition when a long list of...
HotelDruid 2.2.4 - 'anno' SQL Injection
Exploit Title: HotelDruid 2.2.4 - 'anno' SQL Injection Dork: N/A Date: 2018-10-13 Exploit Author: Ihsan Sencan Vendor Homepage: http://www.hoteldruid.com/ Software Link: http://www.hoteldruid.com/en/download.html Version: 2.2.4 Category: Webapps Tested on: WiN7x64/KaLiLinuXx64 CVE: N/A POC: 1...
CAMALEON CMS 2.4 - Cross-Site Scripting
Exploit Title: CAMALEON CMS 2.4 - Cross-Site Scripting Date: 2018-10-11 Exploit Author: Ismail Tasdelen Vendor Homepage: http://camaleon.tuzitio.com/ Software Link : https://github.com/owen2345/camaleon-cms Software : CAMALEON CMS Version : 2.4 Vulernability Type : Cross-site Scripting...
DZCP (deV!L`z Clanportal) Gamebase Addon - SQL Injection
======================================================================================== | Title : deV!Lz Clanportal Gamebase Addon SQL Injection Vulnerability | Author Easy Laster | Download : http://www.modsbar.de/Addons/464/gamebase-addon/ | Script : deV!Lz Clanportal Gamebase Addon | Price :...
Microsoft SharePoint Server 2019 - Remote Code Execution
Exploit Title: Microsoft SharePoint Server 2019 - Remote Code Execution Google Dork: inurl:quicklinks.aspx Date: 2020-08-14 Exploit Author: West Shepherd Vendor Homepage: https://www.microsoft.com Version: SharePoint Enterprise Server 2013 Service Pack 1, SharePoint Enterprise Server 2016 ,...
Xlight FTP 3.9.3.1 - Buffer Overflow (PoC)
Exploit Title: Xlight FTP 3.9.3.1 - 'Buffer Overflow' PoC Discovered by: Yehia Elghaly Discovered Date: 2021-11-12 Vendor Homepage: https://www.xlightftpd.com/ Software Link: https://www.xlightftpd.com/download/setup.exe Tested Version: 3.9.3.1 Vulnerability Type: Buffer Overflow Local Tested on...
Simple Attendance System 1.0 - Unauthenticated Blind SQLi
Exploit Title: Simple Attendance System 1.0 - Unauthenticated Blind SQLi Exploit Author: t//\1 Date: September 21, 2021 Vendor Homepage: https://www.sourcecodester.com/php/14948/simple-attendance-system-php-and-sqlite-free-source-code.html Tested on: Linux Version: v1.0 Exploit Description: The...
Gerapy 0.9.7 - Remote Code Execution (RCE) (Authenticated)
Exploit Title: Gerapy 0.9.7 - Remote Code Execution RCE Authenticated Date: 03/01/2022 Exploit Author: Jeremiasz Pluta Vendor Homepage: https://github.com/Gerapy/Gerapy Version: All versions of Gerapy prior to 0.9.8 CVE: CVE-2021-43857 Tested on: Gerapy 0.9.6 Vulnerability: Gerapy prior to versio...
GetSimple CMS 3.3.16 - Persistent Cross-Site Scripting
Exploit Title: GetSimple CMS 3.3.16 - Reflected XSS to RCE Exploit Author: Bobby Cooke boku Discovery Credits: Bobby Cooke boku & Adeeb Shah @hyd3sec Date: March 29th, 2021 CVE ID: CVE-2020-23839 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-23839 Vendor Homepage: http://get-simple.in...
SugarCRM 6.5.26 - Cross-Site Scripting
Exploit Title: SugarCRM 6.5.26 - Cross-Site Scripting Date: 2018-09-29 Exploit Author: Purplemet Security Author Website: https://www.purplemet.com/ Vendor Homepage: https://www.sugarcrm.com/ Software Link: https://sourceforge.net/projects/sugarcrm/ Version: 6.5.26 Tested on: Ubuntu 16.04 CVE :...
HaPe PKH 1.1 - 'id' SQL Injection
Exploit Title: HaPe PKH 1.1 - 'id' SQL Injection Dork: N/A Date: 2018-10-12 Exploit Author: Ihsan Sencan Vendor Homepage: http://www.sitejo.id Software Link: https://sourceforge.net/projects/hape-pkh/files/latest/download Version: 1.1 Category: Webapps Tested on: WiN7x64/KaLiLinuXx64 CVE: N/A POC...
cPanel 5.0 - 'Guestbook.cgi' Remote Command Execution (2)
source: https://www.securityfocus.com/bid/6882/info A remote command execution vulnerability has been discovered in the cPanel CGI Application. This issue occurs due to insufficient sanitization of externally supplied data to the 'guestbook.cgi' script. An attacker may exploit this vulnerability ...
Froxlor 0.10.29.1 - SQL Injection (Authenticated)
Exploit Title: Froxlor 0.10.29.1 - SQL Injection Authenticated Exploit Author: Martin Cernac Date: 2021-11-05 Vendor: Froxlor https://froxlor.org/ Software Link: https://froxlor.org/download.php Affected Version: 0.10.28, 0.10.29, 0.10.29.1 Patched Version: 0.10.30 Category: Web Application Teste...
Hasura GraphQL 1.3.3 - Denial of Service
Exploit Title: Hasura GraphQL 1.3.3 - Denial of Service Software: Hasura GraphQL Software Link: https://github.com/hasura/graphql-engine Version: 1.3.3 Author: Dolev Farhi Date: 4/19/2021 Tested on: Ubuntu import sys import requests import threading HASURASCHEME = 'http' HASURAHOST = '192.168.1.1...
Rukovoditel 2.6.1 - Cross-Site Request Forgery (Change password)
Exploit Title: Rukovoditel 2.6.1 - Cross-Site Request Forgery Change password Date: 2020-12-14 Exploit Author: KeopssGroup0day,Inc Vendor Homepage: https://www.rukovoditel.net/ Software Link: https://www.rukovoditel.net/download.php Version: v2.6.1 Tested on: Kali Linux...
Customer Support System 1.0 - Cross-Site Request Forgery
Exploit Title: Customer Support System 1.0 - Cross-Site Request Forgery Admin Account Takeover Date: 2020-11-11 Exploit Author: Ahmed Abbas Vendor Homepage: https://www.sourcecodester.com/php/14587/customer-support-system-using-phpmysqli-source-code.html Software Link:...