47904 matches found
MWChat 6.7 - 'Start_Lobby.php' Remote File Inclusion
source: https://www.securityfocus.com/bid/13849/info MWChat is affected by a remote file include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary server-side script code on an affect...
TeamPass 3.0.0.21 - SQL Injection
Exploit Title: TeamPass SQL Injection Google Dork: intitle:"Teampass" + inurl:index.php?page=items Date: 02/23/2025 Exploit Author: Max Meyer - Rivendell Vendor Homepage: http://www.teampass.net Software Link: https://github.com/nilsteampassnet/TeamPass Version: 2.1.24 and prior Tested on:...
PHPJabbers Shuttle Booking Software 1.0 - Reflected XSS
Exploit Title: PHPJabbers Shuttle Booking Software 1.0 - Reflected XSS Exploit Author: CraCkEr Date: 20/07/2023 Vendor: PHPJabbers Vendor Homepage: https://www.phpjabbers.com/ Software Link: https://www.phpjabbers.com/shuttle-booking-software/ Version: 1.0 Tested on: Windows 10 Pro Impact:...
Microsoft Word 16.72.23040900 - Remote Code Execution (RCE)
Exploit Title: Microsoft Word 16.72.23040900 - Remote Code Execution RCE Author: nu11secur1ty Date: 04.14.2023 Vendor: https://www.microsoft.com/ Software: https://www.microsoft.com/en-us/microsoft-365/word?activetab=tabs%3afaqheaderregion3 Reference:...
Zenario CMS 8.8.53370 - 'id' Blind SQL Injection
Exploit Title: Zenario CMS 8.8.53370 - 'id' Blind SQL Injection Date: 05/02/2021 Exploit Author: Balaji Ayyasamy Vendor Homepage: https://zenar.io/ Software Link: https://github.com/TribalSystems/Zenario/releases/tag/8.8 Version: 8.8.53370 Tested on: Windows 10 Pro 19041 x6486 + XAMPP 7.4.14 CVE:...
Lot Reservation Management System 1.0 - Cross-Site Scripting (Stored)
Exploit Title: lot reservation management system 1.0 - Stored Cross Site Scripting Date: 2020-10-22 Exploit Author: Ankita Pal Vendor Homepage: https://www.sourcecodester.com/php/14530/lot-reservation-management-system-using-phpmysqli-source-code.html Software Link:...
SpinetiX Fusion Digital Signage 3.4.8 - Database Backup Disclosure
Exploit Title: SpinetiX Fusion Digital Signage 3.4.8 - Database Backup Disclosure Date: 2020-09-30 Exploit Author: LiquidWorm Vendor Homepage: https://www.spinetix.com Version: = 8.2.26 SpinetiX Fusion Digital Signage 3.4.8 Database Backup Disclosure Vendor: SpinetiX AG Product web page:...
Joomla! J2 JOBS 1.3.0 - 'sortby' Authenticated SQL Injection
Exploit Title: Joomla! J2 JOBS 1.3.0 - 'sortby' Authenticated SQL Injection Date: 2020-06-17 Exploit Author: Mehmet Kelepçe / Gais Cyber Security Vendor Homepage: https://joomsky.com/ Software Link: https://joomsky.com/products/js-jobs-pro.html Change Log Update :...
KiteService 1.2020.618.0 - Unquoted Service Path
Exploit Title: KiteService 1.2020.618.0 - Unquoted Service Path Discovery by: PoisonSk Discovery Date: 2020-06-23 Vendor Homepage: https://www.kite.com/ Software Link : https://www.kite.com/download/ Tested Version: 1.2020.618.0 Vulnerability Type: Unquoted Service Path Tested on OS: Microsoft...
Microsoft Excel 2016 1901 - XML External Entity Injection
Exploit Title: Microsoft Excel 2016 1901 - XML External Entity Injection Discovery by: hyp3rlinx Date: 2019-12-02 Vendor Homepage: www.microsoft.com Tested Version: 2016 v1901 CVE: N/A + Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source:...
Internet Explorer - Use-After-Free in JScript Arguments During toJSON Callback
There is a use-after-free issue in JSCript triggerable via Internet Explorer where the members of the 'arguments' object aren't tracked by the garbage collector during the 'toJSON' callback. Thus, during the 'toJSON' callback, it is possible to assign a variable to the 'arguments' object, have it...
Microsoft Windows - '.LNK' Shortcut File Code Execution
!/usr/bin/python -- coding: utf-8 -- Title : CVE-2017-8464 | LNK Remote Code Execution Vulnerability CVE : 2017-8464 Authors : ykoster, nixawk Notice : Only for educational purposes. Support : python2 import struct def generateSHELLLINKHEADER: | | | | | | | | | | | | | | | | | | | | | | | | | | |...
TikiWiki < 1.8.1 - Multiple Vulnerabilities
TikiWiki Multiple Vulnerabilities Vendor: TikiWiki Project Product: TikiWiki Version: = 1.8.1 Website: http://www.tikiwiki.org/ BID: 10100 CVE: CVE-2004-1923 CVE-2004-1924 CVE-2004-1925 CVE-2004-1926 CVE-2004-1927 CVE-2004-1928 OSVDB: 5181 5182 5183 5184 5185 5186 5187 5188 5189 5190 5191 5192 51...
NEWS-BUZZ News Management System 1.0 - SQL Injection
Exploit Title: NEWS-BUZZ News Management System 1.0 - SQL Injection Google Dork: N/A Exploit Author: egsec Date: 2024-11-03 Vendor Homepage: https://code-projects.org Software Link: https://code-projects.org/content-management-system-in-php-with-source-code-2/ Version: 1.0 Tested on: Windows 11 P...
OVOO Movie Portal CMS v3.3.3 - SQL Injection
Exploit Title: OVOO Movie Portal CMS v3.3.3 - SQL Injection Date: 2023-08-12 Exploit Author: Ahmet Ümit BAYRAM Vendor: https://codecanyon.net/item/ovoomovie-video-streaming-cms-with-unlimited-tvseries/20180569 Tested on: Kali Linux & MacOS CVE: N/A Request POST /filtermovies/1 HTTP/2 Host:...
Online Diagnostic Lab Management System 1.0 - SQL Injection (Unauthenticated)
Exploit Title: Online Diagnostic Lab Management System 1.0 - SQL Injection Unauthenticated Date: 11/01/2022 Exploit Author: Himash Vendor Homepage: https://www.sourcecodester.com/php/15129/online-diagnostic-lab-management-system-php-free-source-code.html Software Link:...
Mantis Bug Tracker 2.24.3 - 'access' SQL Injection
Exploit Title: Mantis Bug Tracker 2.24.3 - 'access' SQL Injection Date: 30/12/2020 Exploit Author: EthicalHCOP Vendor Homepage: https://www.mantisbt.org/ Version: 2.24.3 CVE: CVE-2020-28413 import requests, sys, time from lxml import etree proxies = "http": "http://127.0.0.1:8080", "https":...
Artworks Gallery 1.0 - Arbitrary File Upload RCE (Authenticated) via Edit Profile
Exploit Title: Artworks Gallery 1.0 - Arbitrary File Upload RCE Authenticated via Edit Profile Date: November 17th, 2020 Exploit Author: Shahrukh Iqbal Mirza @shahrukhiqbal24 Vendor Homepage: Source Code & Projects https://code-projects.org Software Link:...
Sricam gSOAP 2.8 - Denial of Service
!/bin/bash Exploit Title: Sricam gSOAP 2.8 - Denial of Service Date: 25/01/2019 Vendor Status: Informed 24/10/2018 CVE ID: CVE-2019-6973 Exploit Author: Andrew Watson Contact: https://keybase.io/bitfu Software Version: Sricam gSOAP 2.8 Vendor Homepage: http://www.sricam.com/ Tested on: Sricam IP...
ASUS HID Access Service 1.0.94.0 - 'AsHidSrv.exe' Unquoted Service Path
Exploit Title: ASUS HID Access Service 1.0.94.0 - 'AsHidSrv.exe' Unquoted Service Path Date: 2020-05-19 Exploit Author: Alejandra Sánchez Vendor Homepage: www.asus.com Version: 1.0.94.0 Tested on: Windows 10 Pro x64 es Description: ATK Hotkey 1.0.94.0 suffers from an unquoted search path issue...
Simple College Website 1.0 - 'name' Sql Injection (Authentication Bypass)
Exploit Title: Simple College Website 1.0 - 'name' Sql Injection Authentication Bypass Exploit Author: Marco Catalano @stunn4 Date: 2021-01-25 Vendor Homepage: https://www.sourcecodester.com/php/7772/simple-college-website-using-php-and-mysql.html Software Link:...
Local Service Search Engine Management System 1.0 - SQLi Authentication Bypass
Exploit Title: Local Service Search Engine Management System 1.0 - SQLi Authentication Bypass Date: 21/11/2020 Exploit Author: Aditya Wakhlu Vendor Homepage: https://www.sourcecodester.com/php/14607/local-service-search-engine-management-system-using-phpmysqli-source-code.html Software Link:...
CMS Made Simple 2.2.14 - Arbitrary File Upload (Authenticated)
!/usr/bin/python3 -- coding: utf-8 -- Exploit Title: CMS Made Simple 2.2.14 - Arbitrary File Upload Authenticated Google Dork: N/A Date: 2020-08-31 Exploit Author: Luis Noriega @nogagmx Vendor Homepage: https://www.cmsmadesimple.org/ Software Link:...
Microsoft Windows 10 1903/1809 - RPCSS Activation Kernel Security Callback Privilege Escalation
Windows: RPCSS Activation Kernel Security Callback EoP Platform: Windows 10 1903/1809 not tested earlier Class: Elevation of Privilege Security Boundary per Windows Security Service Criteria: User boundary Summary: The RPCSS Activation Kernel RPC server’s security callback can be bypassed resulti...
Scriptcase 9.7 - Remote Code Execution (RCE)
Exploit Title: Scriptcasr 9.7 arbitrary file upload getshell Date: 2022-04-08 Exploit Author: luckyt0mat0 Vendor Homepage: https://www.scriptcase.net/ Software Link: https://www.scriptcase.net/download/ Version: 9.7 Tested on: Windows Server 2019 Proof of Concept: POST...
Quick.CMS 6.7 - Cross Site Request Forgery (CSRF) to Cross Site Scripting (XSS) (Authenticated)
Exploit Title: Quick.CMS 6.7 - Cross Site request forgery CSRF to Cross-site Scripting XSS Authenticated Date: 21/04/2021 Exploit Author: Rahad Chowdhury Vendor Homepage: https://opensolution.org/ Software Link: https://opensolution.org/download/home.html?sFile=Quick.Cmsv6.7-en.zip Version: 6.7...
Atlassian Jira Server Data Center 8.16.0 - Reflected Cross-Site Scripting (XSS)
Exploit Title: Atlassian Jira Server/Data Center 8.16.0 - Reflected Cross-Site Scripting XSS Date: 06/05/2021 Exploit Author: CAPTAINHOOK Vendor Homepage: https://www.atlassian.com/ Software Link: https://www.atlassian.com/software/jira/download/data-center Version: versions 8.5.14, 8.6.0 ≤ versi...
CKEditor 3 - Server-Side Request Forgery (SSRF)
Exploit Title: CKEditor 3 - Server-Side Request Forgery SSRF Google Dorks : inurl /editor/filemanager/connectors/uploadtest.html Date: 12-6-2021 Exploit Author: Blackangel Software Link: https://ckeditor.com/ Version:all version under 4 1,2,3 Tested on: windows 7 Steps of Exploit:- 1-using google...
Barco WePresent - file_transfer.cgi Command Injection (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "Barco WePresent filetransfer.cgi Command Injection", 'Description' = %q This module exploits an unauthenticated remote command injection...
Alps HID Monitor Service 8.1.0.10 - 'ApHidMonitorService' Unquote Service Path
Exploit Title: Alps HID Monitor Service 8.1.0.10 - 'ApHidMonitorService' Unquote Service Path Date: 2019-11-07 Exploit Author: Héctor Gabriel Chimecatl Hernández Vendor Homepage: https://www.alps.com/e/ Software Link: https://www.alps.com/e/ Version: 8.1.0.10 Tested on: Windows 10 Home Single...
GoAhead Web Server 2.5 < 3.6.5 - HTTPd 'LD_PRELOAD' Remote Code Execution
!/usr/bin/python GoAhead httpd/2.5 to 3.6.5 LDPRELOAD remote code execution exploit EDB Note: Payloads https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/43360.zip EDB Note: Source https://www.elttam.com.au/blog/goahead/ EDB Note: Source...
Seowon Intech WiMAX SWC-9100 Router - '/cgi-bin/reboot.cgi' Remote Reboot (Denial of Service)
source: https://www.securityfocus.com/bid/65306/info WiMAX SWC-9100 Mobile Router is prone to a security-bypass vulnerability and a command-injection vulnerability. Exploiting these issues could allow an attacker to bypass certain security restrictions or execute arbitrary commands in the context...
Oracle Fatwire 6.3 - Multiple Vulnerabilities
Exploit Title: Oracle Fatwire 6.3 - Multiple Vulnerabilities Date: 29/07/2021 Exploit Author: J. Francisco Bolivar @Jfrancbit Vendor Homepage: https://www.oracle.com/index.html Version: 6.3 Tested on: CentOS 1. Xss Adt parameter is vulnerable to Xss:...
mooSocial 3.1.8 - Cross-Site Scripting (XSS) on User Login Page
Exploit Title: mooSocial 3.1.8 - Cross-Site Scripting XSS on User Login Page Date: 26 September 2023 Exploit Author: Astik Rawat ahrixia Vendor Homepage: https://moosocial.com Software Link: https://travel.moosocial.com/ Version: 3.1.8 Tested on: Windows 11 CVE : CVE-2023-43325 Description: A Cro...
MiniTool Partition Wizard - Unquoted Service Path
Exploit Title: MiniTool Partition Wizard - Unquoted Service Path Date: 07/04/2022 Exploit Author: Saud Alenazi Vendor Homepage: https://www.minitool.com/ Software Link: https://www.minitool.com/download-center/ Version: 12.0 Tested: Windows 10 Pro x64 es PoC : C:\Users\saudhsc qc MTSchedulerServi...
ImpressCMS 1.4.2 - Remote Code Execution (RCE)
Exploit Title: ImpressCMS 1.4.2 - Remote Code Execution RCE Exploit Author: Egidio Romano aka EgiX Date: 30/03/2022 Version: = 1.4.2 Venor: https://www.impresscms.org CVE: CVE-2021-26599 ?php / ---------------------------------------------------------- ImpressCMS = 1.4.2 SQL Injection to Remote...
Wordpress Plugin iQ Block Country 1.2.13 - Arbitrary File Deletion via Zip Slip (Authenticated)
Exploit Title: Wordpress Plugin iQ Block Country 1.2.13 - Arbitrary File Deletion via Zip Slip Authenticated Date: 02-17-2022 Exploit Author: Ceylan Bozoğullarından Blog Post: https://bozogullarindan.com/en/2022/01/wordpress-iq-block-country-1.2.13-admin-arbitray-file-deletion-via-zip-slip/...
ICE Hrm 29.0.0.OS - 'Account Takeover' Cross-Site Request Forgery (CSRF)
Exploit Title: ICE Hrm 29.0.0.OS - 'Account Takeover' Cross-Site Request Forgery CSRF Exploit Author: Piyush Patil & Rafal Lykowski Vendor Homepage: https://icehrm.com/ Version: 29.0.0.OS Tested on: Windows 10 and Kali Description ICE Hrm Version 29.0.0.OS is vulnerable to CSRF which allows...
Comtrend AR-5387un router - Persistent XSS (Authenticated)
!/usr/bin/env python3 -- coding: utf-8 -- """ Exploit Title: Persistent XSS on Comtrend AR-5387un router Date: 19/10/2020 Exploit Author: OscarAkaElvis Vendor Homepage: https://www.comtrend.com/ Version: Comtrend AR-5387un router Tested on: Software/Firmware version A731-410JAZ-C04R02.A2pD035g.d2...
CloudMe 1.11.2 - Buffer Overflow ROP (DEP,ASLR)
Exploit Title: CloudMe 1.11.2 - Buffer Overflow ROP DEP,ASLR Exploit Author: Bobby Cooke boku CVE: CVE-2018-6892 Date: 2020-09-29 Vendor Homepage: https://www.cloudme.com/ Software Link: https://www.cloudme.com/downloads/CloudMe1112.exe Version: 1.11.2 Tested On: Windows 10 x64 - 10.0.19041 Build...
Joomla! J2 Store 3.3.11 - 'filter_order_Dir' Authenticated SQL Injection
Exploit Title: Joomla J2 Store 3.3.11 - 'filterorderDir' SQL Injection Authenticated Date: 2020-04-17 Exploit Author: Mehmet Kelepçe / Gais Cyber Security Vendor Homepage: https://www.j2store.org/ Software Link: https://www.j2store.org/download.html Reference:...
Mozilla FireFox (Windows 10 x64) - Full Chain Client Side Attack
// Axel '0vercl0k' Souchet - November 19 2019 // EDB Note: Download https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/47752.zip // 0:000 ? xul!sAutomationPrefIsSet - xul // Evaluate expression: 85724947 = 00000000051c0f13 const XulsAutomationPrefIsSet = 0x051c0f13n;...
Motorola Bootloader - Kernel Cmdline Injection Secure Boot and Device Locking Bypass
Sources: https://alephsecurity.com/2017/08/30/untethered-initroot/ https://github.com/alephsecurity/initroot initroot: Motorola Bootloader Kernel Cmdline Injection Secure Boot & Device Locking Bypass CVE-2016-10277 By Roee Hay / Aleph Research, HCL Technologies Recap of the Vulnerability and the...
Clinic Management System 1.0 - SQL injection to Remote Code Execution
Exploit Title: Clinic Management System 1.0 - SQL injection to Remote Code Execution Date:21/10/2021 Exploit Author: Pablo Santiago Vendor Homepage: https://www.sourcecodester.com/php/14243/open-source-clinic-management-system-php-full-source-code.html Software Link:...
OpenSIS 8.0 'modname' - Directory Traversal
Exploit Title: OpenSIS 8.0 'modname' - Directory/Path Traversal Date: 09-02-2021 Exploit Author: Eric Salario Vendor Homepage: http://www.os4ed.com/ Software Link: https://opensis.com/download Version: 8.0 Tested on: Windows, Linux CVE: CVE-2021-40651 The 'modname' parameter in the 'Modules.php' ...
Acer Updater Service 1.2.3500.0 - 'UpdaterService.exe' Unquoted Service Path
Exploit Title: Acer Updater Service 1.2.3500.0 - 'UpdaterService.exe' Unquoted Service Path Discovery by: Emmanuel Lujan Discovery Date: 2020-11-26 Vendor Homepage: https://www.acer.com/ac/en/US/content/home Tested Version: 1.2.3500.0 Vulnerability Type: Unquoted Service Path Tested on OS: Window...
Cisco RV110W 1.2.1.7 - 'vpn_account' Denial of Service (PoC)
Exploit Title: Cisco RV110W 1.2.1.7 - 'vpnaccount' Denial of Service PoC Date: 2021-01 Exploit Author: Shizhi He Vendor Homepage: https://www.cisco.com/ Software Link: https://software.cisco.com/download/home/283879340/type/282487380/release/1.2.1.7 Version: V1.2.1.7 Tested on: RV110W V1.2.1.7 CV...
PDW File Browser 1.3 - Remote Code Execution
Exploit Title: PDW File Browser 1.3 - Remote Code Execution Date: 24-10-2020 Exploit Author: David Bimmel Researchers: David Bimmel, Joost Vondeling, Ramòn Janssen Vendor Homepage: n/a Software Link: https://github.com/GuidoNeele/PDW-File-Browser Version: … ? Once you have uploaded your webshell...
Apache ActiveMQ 5.11.1/5.13.2 - Directory Traversal / Command Execution
I have recently been playing with Apache ActiveMQ, and came across a simple but interesting directory traversal flaw in the fileserver upload/download functionality. I have only been able to reproduce this on Windows, i.e. where "" is a path delimiter. An attacker could use this flaw to upload...
BeyondTrust Remote Support 6.0 - Reflected Cross-Site Scripting (XSS) (Unauthenticated)
Exploit Title: BeyondTrust Remote Support 6.0 - Reflected Cross-Site Scripting XSS Unauthenticated Google Dork: intext:"BeyondTrust" "Redistribution Prohibited" Date: 30/12/2021 Exploit Author: Malcrove Vendor Homepage: https://www.beyondtrust.com/ Version: v6.0 and earlier versions Summary:...