47904 matches found
WordPress Plugin DZS Zoomsounds 6.45 - Arbitrary File Read (Unauthenticated)
Exploit Title: WordPress Plugin DZS Zoomsounds 6.45 - Arbitrary File Read Unauthenticated Google Dork: inurl:/wp-content/plugins/dzs-zoomsounds/ Date: 2/12/2021 Exploit Author: Uriel Yochpaz Vendor Homepage: https://digitalzoomstudio.net/docs/wpzoomsounds/ Software Link: Version: 1.10, 1.20, 1.30...
WordPress Plugin Supsystic Contact Form 1.7.18 - 'label' Stored Cross-Site Scripting (XSS)
Exploit Title: WordPress Plugin Supsystic Contact Form 1.7.18 - 'label' Stored Cross-Site Scripting XSS Date: 10/27/2021 Exploit Author: Murat DEMIRCI @butterflyhunt3r Vendor Homepage: https://supsystic.com/ Software Link: https://wordpress.org/plugins/contact-form-by-supsystic/ Version: 1.7.18...
Wordpress Plugin EventON Calendar 3.0.5 - Reflected Cross-Site Scripting
Exploit Title: Wordpress Plugin EventON Calendar 3.0.5 - Reflected Cross-Site Scripting Date: 27.11.2020 Exploit Author: b3kc4t Mustafa GUNDOGDU Vendor Homepage: https://www.myeventon.com/ Version: 3.0.5 Tested on: Ubuntu 18.04 CVE : 2020-29395 Description Link:...
Ericom Access Server x64 9.2.0 - Server-Side Request Forgery
Exploit Title: Ericom Access Server x64 9.2.0 - Server-Side Request Forgery Date: 2020-08-22 Exploit Author: hyp3rlinx Vendor Homepage: www.ericom.com Version: Ericom Access Server x64 for AccessNow & Ericom Blaze v9.2.0 CVE: CVE-2020-24548 + Credits: John Page aka hyp3rlinx + Website:...
Nagios XI 5.5.6 - Magpie_debug.php Root Remote Code Execution (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "Nagios XI Magpiedebug.php Root Remote Code Execution", 'Description' = %q This module exploits two vulnerabilities in Nagios XI 5.5.6:...
ProcessMaker 3.5.4 - Local File inclusion
Exploit Title: ProcessMaker 3.5.4 - Local File inclusion Exploit Author: Ai Ho @j3ssiejjj Date: 16-04-2021 Vendor Homepage: https://www.processmaker.com/ Version: ProcessMaker = 3.5.4 References: https://github.com/jaeles-project/jaeles-signatures/blob/master/common/process-maker-lfi.yaml PoC: Wi...
Advanced Comment System 1.0 - 'ACS_path' Path Traversal
Exploit Title: Advanced Comment System 1.0 - 'ACSpath' Path Traversal Date: Fri, 11 Dec 2020 Exploit Author: Francisco Javier Santiago Vázquez aka "n0ipr0cs" Vendor Homepage: Advanced Comment System - ACS Version: v1.0 CVE: CVE-2020-35598...
LEPTON CMS 4.7.0 - 'URL' Persistent Cross-Site Scripting
Exploit Title: LEPTON CMS 4.7.0 - 'URL' Persistent Cross-Site Scripting Date: 19-11-2020 Exploit Author: Sagar Banwa Vendor Homepage: https://lepton-cms.org/ Software Link: https://lepton-cms.org/english/download/archive.php Version: 4.7.0 Tested on: Windows 10/Kali Linux CVE: CVE-2020-29240 Stor...
Scopia XT Desktop 8.3.915.4 - Cross-Site Request Forgery (change admin password)
Exploit Title: Scopia XT Desktop 8.3.915.4 - Cross-Site Request Forgery change admin password Google Dork: inurl:scopia+index.jsp Date: 2020-09-09 Exploit Author: v1n1v131r4 Vendor Homepage: https://avaya.com Software Link:...
SmarterMail 16 - Arbitrary File Upload
Exploit Title: SmarterMail 16 - Arbitrary File Upload Google Dork: inurl:/interface/root Date: 2020-06-10 Exploit Author: vvhack.org Vendor Homepage: https://www.smartertools.com Software Link: https://www.smartertools.com Version: 16.x Tested on: Windows CVE : N/A !/usr/bin/python3 import...
OpenCATS 0.9.4 - Remote Code Execution (RCE)
Exploit Title: OpenCATS 0.9.4 - Remote Code Execution RCE Google Dork: intext:"Current Available Openings, Recently Posted Jobs" Date: 21/09/2021 Exploit Author: Nicholas Ferreira - https://github.com/Nickguitar Vendor Homepage: https://www.opencats.org/ Software Link:...
orangescrum 1.8.0 - 'Multiple' Cross-Site Scripting (XSS) (Authenticated)
Exploit Title: orangescrum 1.8.0 - 'Multiple' Cross-Site Scripting XSS Authenticated Date: 28/11/2021 Exploit Author: Hubert Wojciechowski Contact Author: [email protected] Company: https://redteam.pl Vendor Homepage: https://www.orangescrum.org/ Software Link: https://www.orangescrum.org/...
Online Covid Vaccination Scheduler System 1.0 - 'username' time-based blind SQL Injection
Exploit Title: Online Covid Vaccination Scheduler System 1.0 - 'username' time-based blind SQL Injection Date: 2021-07-07 Exploit Author: faisalfs10x https://github.com/faisalfs10x Vendor Homepage: https://www.sourcecodester.com/ Software Link:...
Synology DiskStation Manager - smart.cgi Remote Command Execution (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule \d+&minor=?\d+&build=?\d+ &junior=\d+&unique=synology\w+?^&+/x.freeze def initializeinfo = super updateinfo info, 'Name' = 'Synology DiskStation...
Splunk 9.0.5 - admin account take over
!/usr/bin/env python3 Exploit Title: Splunk 9.0.5 - admin account take over Author: Redway Security Discovery: Santiago Lopez CVE: CVE-2023-32707 Vendor Description: A low-privilege user who holds a role that has the edituser capability assigned to it can escalate their privileges to that of the...
Google Chrome 81.0.4044 V8 - Remote Code Execution
Exploit Title: Google Chrome 81.0.4044 V8 - Remote Code Execution Exploit Author: r4j0x00 Version: 83.0.4103.106 Description: Out of bounds write in V8 in Google Chrome prior to 83.0.4103.106 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE:...
Ahsay Backup 8.1.1.50 - Insecure File Upload and Code Execution (Authenticated)
Exploit Title: Ahsay Backup 8.1.1.50 - Insecure File Upload and Code Execution Authenticated Date: 26-6-2019 Exploit Author: Wietse Boonstra Vendor Homepage: https://ahsay.com Software Link: http://ahsay-dn.ahsay.com/v8/81150/cbs-win.exe Version: 7.x 8.1.1.50 Tested on: Windows / Linux CVE :...
Confluence Data Center 7.18.0 - Remote Code Execution (RCE)
Exploit Title: Confluence Data Center 7.18.0 - Remote Code Execution RCE Google Dork: N/A Date: 06/006/2022 Exploit Author: h3v0x Vendor Homepage: https://www.atlassian.com/ Software Link: https://www.atlassian.com/software/confluence/download-archives Version: All 7.4.17 versions before 7.18.1...
OpenPLC 3 - Remote Code Execution (Authenticated)
Exploit Title: OpenPLC 3 - Remote Code Execution Authenticated Date: 25/04/2021 Exploit Author: Fellipe Oliveira Vendor Homepage: https://www.openplcproject.com/ Software Link: https://github.com/thiagoralves/OpenPLCv3 Version: OpenPLC v3 Tested on: Ubuntu 16.04,Debian 9,Debian 10 Buster...
Zen Cart 1.5.7b - Remote Code Execution (Authenticated)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework This exploit write payload in database and trig to command a bug in an zencart v1.5.7b web application class MetasploitModule 'zencart authenticated remote code executio...
Centreon 19.04 - Remote Code Execution
!/usr/bin/python ''' Exploit Title: Centreon v19.04 authenticated Remote Code Execution Date: 28/06/2019 Exploit Author: Askar @mohammadaskar2 CVE : CVE-2019-13024 Vendor Homepage: https://www.centreon.com/ Software link: https://download.centreon.com Version: v19.04 Tested on: CentOS 7.6 / PHP...
TotalAV 5.15.69 - Unquoted Service Path
Exploit Title: TotalAV 5.15.69 - Unquoted Service Path Date: 22/09/2021 Exploit Author: Andrea Intilangelo Vendor Homepage: https://www.totalav.com Software Link: https://download.totalav.com/windows/beta-trial or https://install.protected.net/windows/cdn3/5.15.69/TotalAV.exe Version: 5.15.69...
Zyxel Armor X1 WAP6806 - Directory Traversal
Exploit Title: Zyxel Armor X1 WAP6806 - Directory Traversal Date: 2020-06-19 Exploit Author: Rajivarnan R Vendor Homepage: https://www.zyxel.com/ Software http://www.zyxelguard.com/WAP6806.asp Version: V1.00ABAL.6C0 CVE: 2020-14461 Tested on: Linux Mint / Windows 10 Vulnerabilities Discovered Dat...
VirtualBox 7.0.16 - Privilege Escalation
Exploit Title: VirtualBox 7.0.16 - Privilege Escalation Date: 2025-05-06 Exploit Author: Milad Karimi Ex3ptionaL Contact: [email protected] Zone-H: www.zone-h.org/archive/notifier=Ex3ptionaL Tested on: Win x64 CVE : CVE-2024-21111 include include include include include include include inclu...
Bus Pass Management System 1.0 - 'Search' SQL injection
Exploit Title: Bus Pass Management System 1.0 - 'Search' SQL injection Date: 23-11-2021 Exploit Author: Abhijeet Singh Vendor Homepage: https://phpgurukul.com/ Software Link: https://phpgurukul.com/bus-pass-management-system-using-php-and-mysql/ Version: v-1.0 Default Tested on: macOS...
Pandora FMS 7.0 NG 750 - 'Network Scan' SQL Injection (Authenticated)
Exploit Title: Pandora FMS 7.0 NG 750 - 'Network Scan' SQL Injection Authenticated Date: 12-21-2020 Exploit Author: Matthew Aberegg, Alex Prieto Vendor Homepage: https://pandorafms.com/ Patch Link: https://github.com/pandorafms/pandorafms/commit/d08e60f13a858fbd22ce6b83fa8ca391c608ec5c Software...
Global Registration Service 1.0.0.3 - 'GREGsvc.exe' Unquoted Service Path
Exploit Title: Global Registration Service 1.0.0.3 - 'GREGsvc.exe' Unquoted Service Path Discovery by: Emmanuel Lujan Discovery Date: 2020-11-26 Vendor Homepage: https://www.acer.com/ac/en/US/content/home Tested Version: 1.0.0.3 Vulnerability Type: Unquoted Service Path Tested on OS: Windows 7 Ho...
Oracle WebLogic Server 10.3.6.0.0 / 12.x - Remote Command Execution
import requests import sys urlin = sys.argv1 payloadurl = urlin + "/wls-wsat/CoordinatorPortType" payloadheader = 'content-type': 'text/xml' def payloadcommand commandin: htmlescapetable = "&": "&", '"': """, "'": "'", "": "", ""+"".joinhtmlescapetable.getc, c for c in commandin+"" payload1 = " \...
Microsoft Outlook Web Access for Exchange Server 2003 - 'redir.asp' Open Redirection
source: https://www.securityfocus.com/bid/31765/info Outlook Web Access is prone to a remote URI-redirection vulnerability because the application fails to properly sanitize user-supplied input. A successful exploit may aid in phishing attacks. OWA 6.5 SP 2 is vulnerable; other versions may also ...
OpenSSL - Padding Oracle in AES-NI CBC MAC Check
Source: http://web-in-security.blogspot.ca/2016/05/curious-padding-oracle-in-openssl-cve.html TLS-Attacker: https://github.com/RUB-NDS/TLS-Attacker https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/39768.zip You can use TLS-Attacker to build a proof of concept and...
vBulletin 5.6.3 - 'group' Cross Site Scripting
Exploit Title: vBulletin 5.6.3 - 'group' Cross Site Scripting Date: 05.09.2020 Author: Vincent666 ibn Winnie Software Link: https://www.vbulletin.com/en/features/ Tested on: Windows 10 Web Browser: Mozilla Firefox & Opera Google Dorks: "Powered by vBulletin® Version 5.6.3" Blog:...
Complaints Report Management System 1.0 - 'username' SQL Injection / Remote Code Execution
Exploit Title: Complaints Report Management System 1.0 - 'username' SQL Injection / Remote Code Execution Date: 3-11-2020 Exploit Author: mosaaed Vendor Homepage: https://www.sourcecodester.com/php/14566/complaints-report-management-system-using-phpmysqli-source-code.html Software Link:...
TextPattern CMS 4.8.3 - Remote Code Execution (Authenticated)
!/usr/bin/python3 Exploit Title: TextPattern = 4.8.3 - Authenticated Remote Code Execution via Unrestricted File Upload Google Dork: N/A Date: 16/10/2020 Exploit Author: Michele '0blio' Cisternino Vendor Homepage: https://textpattern.com/ Software Link: https://github.com/textpattern/textpattern...
SuperMicro IPMI WebInterface 03.40 - Cross-Site Request Forgery (Add Admin)
Exploit Title: SuperMicro IPMI WebInterface 03.40 - Cross-Site Request Forgery Add Admin Exploit Author: Metin Yunus Kandemir Date: 2020-07-15 Vendor Homepage: https://www.supermicro.com/ Version: X10DRH-iT motherboards with BIOS 2.0a and IPMI firmware 03.40 CVE: CVE-2020-15046 Source:...
AbsoluteTelnet 11.24 - 'Username' Denial of Service (PoC)
Exploit Title: AbsoluteTelnet 11.24 - 'Username' Denial of Service PoC Discovered by: Yehia Elghaly Discovered Date: 2021-11-10 Vendor Homepage: https://www.celestialsoftware.net/ Software Link: https://www.celestialsoftware.net/telnet/AbsoluteTelnet32.11.24.exe Tested Version: 11.24 Vulnerabilit...
WebsiteBaker 2.13.0 - Remote Code Execution (RCE) (Authenticated)
Exploit Title: WebsiteBaker 2.13.0 - Remote Code Execution RCE Authenticated Date: 18-09-2021 Exploit Author: Halit AKAYDIN hLtAkydn Vendor Homepage: https://websitebaker.org/ Software Link: http://wiki.websitebaker.org/doku.php/en/downloads Version: 2.13.0 Category: Webapps Tested on:...
Knockpy 4.1.1 - CSV Injection
Exploit Title: Knockpy 4.1.1 - CSV Injection Author: Dolev Farhi Date: 2020-12-29 Vendor Homepage: https://github.com/guelfoweb/knock Version : 4.1.1 Tested on: Debian 9.13 Knockpy, as part of its subdomain brute forcing flow of a remote domain, issues a HEAD request to the server to fetch detail...
WebDamn User Registration & Login System with User Panel - SQLi Auth Bypass
Exploit Title: WebDamn User Registration & Login System with User Panel - SQLi Auth Bypass Date: 18-11-2020 Exploit Author: Aakash Madaan Vendor Homepage: https://webdamn.com/ Software Link : https://webdamn.com/user-management-system-with-php-mysql/ Version: N/A Default Tested on: Windows 10...
Pure-FTPd - External Authentication Bash Environment Variable Code Injection (Metasploit)
This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit4 'Pure-FTPd External Authentication Bash Environment Variable Code Injection', 'Description' = %q This module exploits the code injecti...
BRAdmin Professional 3.75 - 'BRA_Scheduler' Unquoted Service Path
Exploit Title: BRAdmin Professional 3.75 - 'BRAScheduler' Unquoted Service Path Date: 2021-03-17 Exploit Author: Metin Yunus Kandemir Vendor Homepage: https://global.brother/ Software Link:...
e107 CMS 2.3.0 - CSRF
Exploit Title: e107 CMS 2.3.0 - CSRF Date: 04/03/2021 Exploit Author: Tadjmen Vendor Homepage: https://e107.org Software Link: https://e107.org/download Version: 2.3.0 Tested on: Windows 10 CVE : CVE-2021-27885 CSRF vulnerability on e107 CMS Bug Description Hi. I found a CSRF on the e107 CMS...
WordPress Plugin WP-PostRatings 1.86 - 'postratings_image' Cross-Site Scripting
Exploit Title: WordPress Plugin WP-PostRatings 1.86 - 'postratingsimage' Cross-Site Scripting Date: 20-12-2018 Software Link: https://wordpress.org/plugins/wp-postratings/ Exploit Author: Park Won Seok Version: wp-postratings.1.86 Tested on: Windows 10 x64 description: A Stored Cross-site scripti...
FLEX 1085 Web 1.6.0 - HTML Injection
Exploit Title: FLEX 1085 Web 1.6.0 - HTML Injection Date: 2021-11-21 Exploit Author: Mr Empy Vendor Homepage: https://www.tem.ind.br/ Software Link: https://www.tem.ind.br/?page=prod-detalhe&id=94 Version: 1.6.0 Tested on: Android Title: ================ FLEX 1085 Web - HTML Injection Summary:...
Ericsson Network Location MPS GMPC21 - Remote Code Execution (RCE) (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Ericsson Network Location MPS - Restrictions Bypass RCE Meow Variant', 'Description' = %q This module exploits an arbitrary command execution...
PRTG Network Monitor 20.4.63.1412 - 'maps' Stored XSS
Exploit Title: PRTG Network Monitor 20.4.63.1412 - 'maps' Stored XSS Date: 2/12/2020 Exploit Author: Amin Rawah Vendor Homepage: https://www.paessler.com/prtg Software Link: https://www.paessler.com/prtg Version: 20.4.63.1412 x64 Tested on: Windows CVE : CVE-2020-14073 Description: Since there is...
Wing FTP Server 6.3.8 - Remote Code Execution (Authenticated)
Exploit Title: Wing FTP Server 6.3.8 - Remote Code Execution Authenticated Date: 2020-06-26 Exploit Author: v1n1v131r4 Vendor Homepage: https://www.wftpserver.com/ Software Link: https://www.wftpserver.com/download.htm Version: 6.3.8 Tested on: Windows 10 CVE : -- Wing FTP Server have a web conso...
vBulletin 5.x - Remote Command Execution (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'vBulletin 5.x 0day pre-quth RCE exploit', 'Description' = %q vBulletin 5.x 0day pre-auth RCE exploit. This should work on all versions from 5.0.0...
WordPress Core 5.0.0 - Crop-image Shell Upload (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'WordPress Crop-image Shell Upload', 'Description' = %q This module exploits a path traversal and a local file inclusion vulnerability on WordPres...
Achat 0.150 beta7 - Remote Buffer Overflow
!/usr/bin/python Author KAhara MAnhara Achat 0.150 beta7 - Buffer Overflow Tested on Windows 7 32bit import socket import sys, time msfvenom -a x86 --platform Windows -p windows/exec CMD=calc.exe -e x86/unicodemixed -b...
Wipro Holmes Orchestrator 20.4.1 - Log File Disclosure
Exploit Title: Wipro Holmes Orchestrator 20.4.1 - Log File Disclosure Date: 09/08/2021 Exploit Author: Rizal Muhammed @ub3rsick Vendor Homepage: https://www.wipro.com/holmes/ Version: Wipro Holmes Orchestrator v20.4.1 Tested on: Windows CVE : CVE-2021-38283 import requests as rq import argparse...