47884 matches found
Comtrend AR-5387un router - Persistent XSS (Authenticated)
!/usr/bin/env python3 -- coding: utf-8 -- """ Exploit Title: Persistent XSS on Comtrend AR-5387un router Date: 19/10/2020 Exploit Author: OscarAkaElvis Vendor Homepage: https://www.comtrend.com/ Version: Comtrend AR-5387un router Tested on: Software/Firmware version A731-410JAZ-C04R02.A2pD035g.d2...
CloudMe 1.11.2 - Buffer Overflow ROP (DEP,ASLR)
Exploit Title: CloudMe 1.11.2 - Buffer Overflow ROP DEP,ASLR Exploit Author: Bobby Cooke boku CVE: CVE-2018-6892 Date: 2020-09-29 Vendor Homepage: https://www.cloudme.com/ Software Link: https://www.cloudme.com/downloads/CloudMe1112.exe Version: 1.11.2 Tested On: Windows 10 x64 - 10.0.19041 Build...
Mozilla FireFox (Windows 10 x64) - Full Chain Client Side Attack
// Axel '0vercl0k' Souchet - November 19 2019 // EDB Note: Download https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/47752.zip // 0:000 ? xul!sAutomationPrefIsSet - xul // Evaluate expression: 85724947 = 00000000051c0f13 const XulsAutomationPrefIsSet = 0x051c0f13n;...
WordPress Plugin Top Quark Architecture 2.10 - Arbitrary File Upload
Exploit Title: Wordpress Top Quark Architecture Version 2.10 Arbitrary File Upload Google Dork: inurl:wp-content/plugins/topquark/lib/js/fancyupload/showcase/batch/ Date: 11/06/2012 Exploit Author: Adrien Thierry Vendor Homepage: http://topquark.com/ Software Link:...
FormaLMS 2.4.4 - Authentication Bypass
Exploit Title: FormaLMS 2.4.4 - Authentication Bypass Google Dork: inurl:index.php?r=adm/ Date: 2021-11-10 Exploit Author: Cristian 'void' Giustini @ Hacktive Security Vendor Homepage: https://formalms.org Software Link: https://formalms.org Version: = 2.4.4 Tested on: Linux CVE : CVE-2021-43136...
Oracle Fatwire 6.3 - Multiple Vulnerabilities
Exploit Title: Oracle Fatwire 6.3 - Multiple Vulnerabilities Date: 29/07/2021 Exploit Author: J. Francisco Bolivar @Jfrancbit Vendor Homepage: https://www.oracle.com/index.html Version: 6.3 Tested on: CentOS 1. Xss Adt parameter is vulnerable to Xss:...
VestaCP 0.9.8 - File Upload CSRF
Exploit Title: VestaCP 0.9.8 - File Upload CSRF Exploit Author: Fady Othman Date: 16-03-2021 Vendor Homepage: https://vestacp.com/ Software Link: https://github.com/myvesta/vesta Version: Vesta Control Panel aka VestaCP through 0.9.8-27 and myVesta through 0.9.8-26-39 CVE ID: CVE-2021-28379 Patch...
Zenario CMS 8.8.53370 - 'id' Blind SQL Injection
Exploit Title: Zenario CMS 8.8.53370 - 'id' Blind SQL Injection Date: 05/02/2021 Exploit Author: Balaji Ayyasamy Vendor Homepage: https://zenar.io/ Software Link: https://github.com/TribalSystems/Zenario/releases/tag/8.8 Version: 8.8.53370 Tested on: Windows 10 Pro 19041 x6486 + XAMPP 7.4.14 CVE:...
Epson USB Display 1.6.0.0 - 'EMP_UDSA' Unquoted Service Path
Exploit Title: Epson USB Display 1.6.0.0 - 'EMPUDSA' Unquoted Service Path Discovery by: Hector Gerbacio Discovery Date: 2021-02-05 Vendor Homepage: https://epson.com.mx/ Tested Version: 1.6.0.0 Vulnerability Type: Unquoted Service Path Tested on OS: Windows 8.1 con Bing Step to discover Unquoted...
OXID eShop 6.3.4 - 'sorting' SQL Injection
Exploit Title: OXID eShop 6.3.4 - 'sorting' SQL Injection Date: 2019-07-29 Exploit Author: VulnSpy Vendor Homepage: https://www.oxid-esales.com/ Software Link: https://github.com/OXID-eSales/oxideshopce Version: Versions 6.x prior to 6.3.4 Tested on:...
Alps HID Monitor Service 8.1.0.10 - 'ApHidMonitorService' Unquote Service Path
Exploit Title: Alps HID Monitor Service 8.1.0.10 - 'ApHidMonitorService' Unquote Service Path Date: 2019-11-07 Exploit Author: Héctor Gabriel Chimecatl Hernández Vendor Homepage: https://www.alps.com/e/ Software Link: https://www.alps.com/e/ Version: 8.1.0.10 Tested on: Windows 10 Home Single...
Pronestor Health Monitoring < 8.1.11.0 - Privilege Escalation
Summary The Pronestor service "PNHM" aka Health Monitoring or HealthMonitor before 8.1.12.0 has "BUILTIN\Users:IF" permissions for the "%PROGRAMFILESX86%\proNestor\Outlook add-in for Pronestor\PronestorHealthMonitor.exe" file, which allows local users to gain privileges via a Trojan horse...
Apache ActiveMQ 5.11.1/5.13.2 - Directory Traversal / Command Execution
I have recently been playing with Apache ActiveMQ, and came across a simple but interesting directory traversal flaw in the fileserver upload/download functionality. I have only been able to reproduce this on Windows, i.e. where "" is a path delimiter. An attacker could use this flaw to upload...
Gandia Integra Total 4.4.2236.1 - SQL Injection
/ Author : Byte Reaper CVE : CVE-2025-41373 Vulnerability : SQL Affected Path : /encuestas/integrawebv4/integra/html/view/hislistadoacciones.php?idestudio= Affected Versions : 2.1.2217.3 to v4.4.2236.1 Description: This endpoint concatenates the idestudio parameter directly into an SQL query...
SonicWall NetExtender 10.2.0.300 - Unquoted Service Path
Exploit Title: SonicWall NetExtender 10.2.0.300 - Unquoted Service Path Exploit Author: shinnai Software Link: https://www.sonicwall.com/products/remote-access/vpn-clients/ Version: 10.2.0.300 Tested On: Windows CVE: CVE-2020-5147...
Dolibarr ERP-CRM 10.0.1 - SQL Injection
Exploit Title: Dolibarr ERP/CRM - Multiple Sql Injection Exploit Author: Metin Yunus Kandemir kandemir Vendor Homepage: https://www.dolibarr.org/ Software Link: https://www.dolibarr.org/downloads Version: 10.0.1 Category: Webapps Tested on: Xampp for Linux Software Description : Dolibarr ERP & CR...
Motorola Bootloader - Kernel Cmdline Injection Secure Boot and Device Locking Bypass
Sources: https://alephsecurity.com/2017/08/30/untethered-initroot/ https://github.com/alephsecurity/initroot initroot: Motorola Bootloader Kernel Cmdline Injection Secure Boot & Device Locking Bypass CVE-2016-10277 By Roee Hay / Aleph Research, HCL Technologies Recap of the Vulnerability and the...
Microsoft Windows 10 1903/1809 - RPCSS Activation Kernel Security Callback Privilege Escalation
Windows: RPCSS Activation Kernel Security Callback EoP Platform: Windows 10 1903/1809 not tested earlier Class: Elevation of Privilege Security Boundary per Windows Security Service Criteria: User boundary Summary: The RPCSS Activation Kernel RPC server’s security callback can be bypassed resulti...
Exim 4.63 - Remote Command Execution
Exim 4.63 RedHat/Centos/Debian Remote Root Exploit by Kingcope Modified perl version of metasploit module =for comment use this connect back shell as "trojanurl" and be sure to setup a netcat, ---snip--- $system = '/bin/sh'; $ARGC=@ARGV; if $ARGC!=2 print "Usage: $0 Host Port \n\n"; die "Ex: $0...
TeamPass 3.0.0.21 - SQL Injection
Exploit Title: TeamPass SQL Injection Google Dork: intitle:"Teampass" + inurl:index.php?page=items Date: 02/23/2025 Exploit Author: Max Meyer - Rivendell Vendor Homepage: http://www.teampass.net Software Link: https://github.com/nilsteampassnet/TeamPass Version: 2.1.24 and prior Tested on:...
ImpressCMS 1.4.2 - Remote Code Execution (RCE)
Exploit Title: ImpressCMS 1.4.2 - Remote Code Execution RCE Exploit Author: Egidio Romano aka EgiX Date: 30/03/2022 Version: = 1.4.2 Venor: https://www.impresscms.org CVE: CVE-2021-26599 ?php / ---------------------------------------------------------- ImpressCMS = 1.4.2 SQL Injection to Remote...
ICE Hrm 29.0.0.OS - 'Account Takeover' Cross-Site Request Forgery (CSRF)
Exploit Title: ICE Hrm 29.0.0.OS - 'Account Takeover' Cross-Site Request Forgery CSRF Exploit Author: Piyush Patil & Rafal Lykowski Vendor Homepage: https://icehrm.com/ Version: 29.0.0.OS Tested on: Windows 10 and Kali Description ICE Hrm Version 29.0.0.OS is vulnerable to CSRF which allows...
Multilaser Router RE018 AC1200 - Cross-Site Request Forgery (Enable Remote Access)
Exploit Title: Multilaser Router RE018 AC1200 - Cross-Site Request Forgery Enable Remote Access Date: 14/04/2021 Exploit Author: Rodolfo Mariano Version: Firmware V02.03.01.45pt CVE: 2021-31152 Exploit Code: document.forms0.submit;...
Savsoft Quiz 5 - 'Skype ID' Stored XSS
Exploit Title: Savsoft Quiz 5 - 'Skype ID' Stored XSS Exploit Author: Dipak Panchalth3.d1p4k Vendor Homepage: https://savsoftquiz.com Software Link: https://github.com/savsofts/savsoftquizv5 Version: 5 Tested on Windows 10 Attack Vector: This vulnerability can results attacker to inject the XSS...
Joomla! J2 Store 3.3.11 - 'filter_order_Dir' Authenticated SQL Injection
Exploit Title: Joomla J2 Store 3.3.11 - 'filterorderDir' SQL Injection Authenticated Date: 2020-04-17 Exploit Author: Mehmet Kelepçe / Gais Cyber Security Vendor Homepage: https://www.j2store.org/ Software Link: https://www.j2store.org/download.html Reference:...
Sricam gSOAP 2.8 - Denial of Service
!/bin/bash Exploit Title: Sricam gSOAP 2.8 - Denial of Service Date: 25/01/2019 Vendor Status: Informed 24/10/2018 CVE ID: CVE-2019-6973 Exploit Author: Andrew Watson Contact: https://keybase.io/bitfu Software Version: Sricam gSOAP 2.8 Vendor Homepage: http://www.sricam.com/ Tested on: Sricam IP...
Microsoft Edge Chakra JIT - 'BailOutOnInvalidatedArrayHeadSegment' Check Bypass
/ The BailOutOnInvalidatedArrayHeadSegment check uses the JavascriptArray::GetArrayForArrayOrObjectWithArray method to check whether the given object is an array. If it's not an array, it will decide to skip the check which means that no bailout will happen. The...
ManageEngine ServiceDesk Plus 7.6 - woID SQL Injection
Advisory Name: SQL injection in Manage Engine Service Desk Plus 7.6 Vulnerability Class: SQL injection Release Date: 03-18-2010 Affected Applications: Confirmed in version 7.6. Other versions may also be affected. Affected Platforms: Multiple Local / Remote: Remote Severity: High – CVSS: 9...
SNMPv3 - HMAC Validation error Remote Authentication Bypass
snmpv3exp.sh exploit the vulnerability described in CVE-2008-0960, the HMAC check problem on multiple vendor Copyright c 2008 @ Mediaservice.net Srl. All rights reserved Wrote by Maurizio Agazzini http://lab.mediaservice.net/...
TikiWiki < 1.8.1 - Multiple Vulnerabilities
TikiWiki Multiple Vulnerabilities Vendor: TikiWiki Project Product: TikiWiki Version: = 1.8.1 Website: http://www.tikiwiki.org/ BID: 10100 CVE: CVE-2004-1923 CVE-2004-1924 CVE-2004-1925 CVE-2004-1926 CVE-2004-1927 CVE-2004-1928 OSVDB: 5181 5182 5183 5184 5185 5186 5187 5188 5189 5190 5191 5192 51...
Microsoft Edge (Chromium-based) 135.0.7049.114/.115 - Information Disclosure
Titles: Microsoft Edge Chromium-based 135.0.7049.114/.115 - Information Disclosure Date: 08/02/2025 Vendor: Microsoft Software: https://www.microsoft.com/bg-bg/edge/download?form=MA13FJ Reference: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49741 Description CVE-2025-49741...
GOM Player 2.3.90.5360 - Remote Code Execution (RCE)
Exploit Title: GOM Player 2.3.90.5360 - Remote Code Execution RCE Date: 26.08.2023 Author: M. Akil Gündoğan Contact: https://twitter.com/akilgundogan Vendor Homepage: https://www.gomlab.com/gomplayer-media-player/ Software Link: https://cdn.gomlab.com/gretech/player/GOMPLAYERGLOBALSETUPNEW.EXE...
Online Diagnostic Lab Management System 1.0 - SQL Injection (Unauthenticated)
Exploit Title: Online Diagnostic Lab Management System 1.0 - SQL Injection Unauthenticated Date: 11/01/2022 Exploit Author: Himash Vendor Homepage: https://www.sourcecodester.com/php/15129/online-diagnostic-lab-management-system-php-free-source-code.html Software Link:...
BeyondTrust Remote Support 6.0 - Reflected Cross-Site Scripting (XSS) (Unauthenticated)
Exploit Title: BeyondTrust Remote Support 6.0 - Reflected Cross-Site Scripting XSS Unauthenticated Google Dork: intext:"BeyondTrust" "Redistribution Prohibited" Date: 30/12/2021 Exploit Author: Malcrove Vendor Homepage: https://www.beyondtrust.com/ Version: v6.0 and earlier versions Summary:...
Openlitespeed Web Server 1.7.8 - Command Injection (Authenticated) (1)
Exploit Title: Openlitespeed WebServer 1.7.8 - Command Injection Authenticated Date: 26/1/2021 Exploit Author: cmOs - SunCSR Vendor Homepage: https://openlitespeed.org/ Software Link: https://openlitespeed.org/kb/install-from-binary/ Version: 1.7.8 Tested on Windows 10 Step 1: Log in to the...
Cisco RV110W 1.2.1.7 - 'vpn_account' Denial of Service (PoC)
Exploit Title: Cisco RV110W 1.2.1.7 - 'vpnaccount' Denial of Service PoC Date: 2021-01 Exploit Author: Shizhi He Vendor Homepage: https://www.cisco.com/ Software Link: https://software.cisco.com/download/home/283879340/type/282487380/release/1.2.1.7 Version: V1.2.1.7 Tested on: RV110W V1.2.1.7 CV...
RarmaRadio 2.72.5 - Denial of Service (PoC)
Exploit Title: RarmaRadio 2.72.5 - Denial of Service PoC Date: 2020-05-12 Exploit Author: Ismael Nava Vendor Homepage: http://www.raimersoft.com/ Software Link: https://www.raimersoft.com/rarmaradio.html Version: 2.75.5 Tested on: Windows 10 Home x64 CVE : n/a STEPS Open the program TapinRadio In...
WinGate 9.4.1.5998 - Insecure Folder Permissions
Exploit Title: WinGate 9.4.1.5998 - Insecure Folder Permissions Date: 2020-06-05 Exploit Author: hyp3rlinx Vendor Homepage: https://www.wingate.com Version: 9.4.1.5998 CVE: CVE-2020-13866 + Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source:...
Apache Tomcat 6/7/8/9 - Information Disclosure
Exploit Title:Apache Tomcat CVE-2016-6816 Security Bypass Vulnerability Date: 4th March 2017 Exploit Author: justpentest Vendor Homepage: tomcat.apache.org Version: Apache Tomcat 9.0.0.M1 through 9.0.0.M11, 8.5.0 through 8.5.6, 8.0.0.RC1 through 8.0.38, 7.0.0 through 7.0.72 and 6.0.0 through 6.0....
ISC BIND 9 - Denial of Service
import socket import struct TARGET = '192.168.200.10', 53 QA = 1 QTSIG = 250 DNSMESSAGEHEADERLEN = 12 def buildbindnukequestion="\x06google\x03com\x00", udpsize=512: queryA = "\x8f\x65\x00\x00\x00\x01\x00\x00\x00\x00\x00\x01" + question + int16QA + "\x00\x01" sweetspot = udpsize -...
IdeaBox 1.1 - 'gorumDir' Remote File Inclusion
$$$$$$$$$$$$$$$ DEVIL TEAM THE BEST POLISH TEAM $$$$$$$$$$$$$$$ $$ $$ IdeaBox = 1.1 gorumDir Remote File Include Vulnerability $$ script site: http://ideabox.phpoutsourcing.com/ $$ $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ $$ $$ Find by: Kacper a.k.a Rahim $$ $$ Contact:...
Wordpress Plugin iQ Block Country 1.2.13 - Arbitrary File Deletion via Zip Slip (Authenticated)
Exploit Title: Wordpress Plugin iQ Block Country 1.2.13 - Arbitrary File Deletion via Zip Slip Authenticated Date: 02-17-2022 Exploit Author: Ceylan Bozoğullarından Blog Post: https://bozogullarindan.com/en/2022/01/wordpress-iq-block-country-1.2.13-admin-arbitray-file-deletion-via-zip-slip/...
Quick.CMS 6.7 - Cross Site Request Forgery (CSRF) to Cross Site Scripting (XSS) (Authenticated)
Exploit Title: Quick.CMS 6.7 - Cross Site request forgery CSRF to Cross-site Scripting XSS Authenticated Date: 21/04/2021 Exploit Author: Rahad Chowdhury Vendor Homepage: https://opensolution.org/ Software Link: https://opensolution.org/download/home.html?sFile=Quick.Cmsv6.7-en.zip Version: 6.7...
WordPress 5.7 - 'Media Library' XML External Entity Injection (XXE) (Authenticated)
Exploit Title: WordPress 5.7 - 'Media Library' XML External Entity Injection XXE Authenticated Date: 16/09/2021 Exploit Author: David Utón M3n0sD0n4ld Vendor Homepage: https://wordpress.com Affected Version: WordPress 5.6-5.7 & PHP8 Tested on: Linux Ubuntu 18.04.5 LTS CVE : CVE-2021-29447...
Snes9K 0.09z - 'Port Number' Buffer Overflow (SEH)
Exploit Title: Snes9K 0.09z - 'Port Number' Buffer Overflow SEH Date: 2020-07-20 Exploit Author: MasterVlad Vendor Homepage: https://sourceforge.net/projects/snes9k/ Software Link: https://www.exploit-db.com/apps/ef5249b64ce34575c12970b334a08c17-snes9k009z.zip Version: 0.09z Vulnerability Type:...
Barco WePresent - file_transfer.cgi Command Injection (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "Barco WePresent filetransfer.cgi Command Injection", 'Description' = %q This module exploits an unauthenticated remote command injection...
Apache Solr 8.2.0 - Remote Code Execution
Title: Apache Solr 8.2.0 - Remote Code Execution Date: 2019-11-01 Author: @l3xwong Vendor: https://lucene.apache.org/solr/ Software Link: https://lucene.apache.org/solr/downloads.html CVE: N/A github: https://github.com/AleWong/Apache-Solr-RCE-via-Velocity-template usage: python3 script.py ip por...
Simple Task List 1.0 - 'status' SQLi
Exploit Title: Simple Task List 1.0 - 'status' SQLi Date: 2023-11-15 Exploit Author: Ersin Erenler Vendor Homepage: https://code-projects.org/simple-task-list-in-php-with-source-code Software Link: https://download-media.code-projects.org/2020/12/SimpleTaskListInPHPWithSourceCode.zip Version: 1.0...
PHPJabbers Shuttle Booking Software 1.0 - Reflected XSS
Exploit Title: PHPJabbers Shuttle Booking Software 1.0 - Reflected XSS Exploit Author: CraCkEr Date: 20/07/2023 Vendor: PHPJabbers Vendor Homepage: https://www.phpjabbers.com/ Software Link: https://www.phpjabbers.com/shuttle-booking-software/ Version: 1.0 Tested on: Windows 10 Pro Impact:...
Clinic Management System 1.0 - SQL injection to Remote Code Execution
Exploit Title: Clinic Management System 1.0 - SQL injection to Remote Code Execution Date:21/10/2021 Exploit Author: Pablo Santiago Vendor Homepage: https://www.sourcecodester.com/php/14243/open-source-clinic-management-system-php-full-source-code.html Software Link:...