47904 matches found
WordPress 5.7 - 'Media Library' XML External Entity Injection (XXE) (Authenticated)
Exploit Title: WordPress 5.7 - 'Media Library' XML External Entity Injection XXE Authenticated Date: 16/09/2021 Exploit Author: David Utón M3n0sD0n4ld Vendor Homepage: https://wordpress.com Affected Version: WordPress 5.6-5.7 & PHP8 Tested on: Linux Ubuntu 18.04.5 LTS CVE : CVE-2021-29447...
HP Display Assistant x64 Edition 3.20 - 'DTSRVC' Unquoted Service Path
Exploit Title: HP Display Assistant x64 Edition 3.20 - 'DTSRVC' Unquoted Service Path Date: 2020-11-08 Exploit Author: Julio Aviña Vendor Homepage: https://www.portrait.com/ Software Link: https://www.portrait.com/dtune/hwp/enu/ Software Version: 3.20 File Version: 1.0.0.1 Tested on: Windows 10 P...
ASUS AAHM 1.00.22 - 'asHmComSvc' Unquoted Service Path
Exploit Title: ASUS AAHM 1.00.22 - 'asHmComSvc' Unquoted Service Path Discovery by: Roberto Piña Discovery Date: 2020-03-11 Vendor Homepage: https://www.asus.com/ Software Link...
Pronestor Health Monitoring < 8.1.11.0 - Privilege Escalation
Summary The Pronestor service "PNHM" aka Health Monitoring or HealthMonitor before 8.1.12.0 has "BUILTIN\Users:IF" permissions for the "%PROGRAMFILESX86%\proNestor\Outlook add-in for Pronestor\PronestorHealthMonitor.exe" file, which allows local users to gain privileges via a Trojan horse...
Employee Management System 1.0 - `txtusername` and `txtpassword` SQL Injection (Admin Login)
Exploit Title: Employee Management System 1.0 - txtusername and txtpassword SQL Injection Admin Login Date: 2 Feb 2024 Exploit Author: Yevhenii Butenko Vendor Homepage: https://www.sourcecodester.com Software Link: https://www.sourcecodester.com/php/16999/employee-management-system.html Version:...
Swagger UI 4.1.3 - User Interface (UI) Misrepresentation of Critical Information
Exploit Title: Swagger UI 4.1.3 - User Interface UI Misrepresentation of Critical Information Date: 14 April, 2023 Exploit Author: Rafael Cintra Lopes Vendor Homepage: https://swagger.io/ Version: 4.1.3 CVE: CVE-2018-25031 Site: https://rafaelcintralopes.com.br/ Usage: python swagger-exploit.py...
OXID eShop 6.3.4 - 'sorting' SQL Injection
Exploit Title: OXID eShop 6.3.4 - 'sorting' SQL Injection Date: 2019-07-29 Exploit Author: VulnSpy Vendor Homepage: https://www.oxid-esales.com/ Software Link: https://github.com/OXID-eSales/oxideshopce Version: Versions 6.x prior to 6.3.4 Tested on:...
WordPress Plugin Top Quark Architecture 2.10 - Arbitrary File Upload
Exploit Title: Wordpress Top Quark Architecture Version 2.10 Arbitrary File Upload Google Dork: inurl:wp-content/plugins/topquark/lib/js/fancyupload/showcase/batch/ Date: 11/06/2012 Exploit Author: Adrien Thierry Vendor Homepage: http://topquark.com/ Software Link:...
Exim 4.63 - Remote Command Execution
Exim 4.63 RedHat/Centos/Debian Remote Root Exploit by Kingcope Modified perl version of metasploit module =for comment use this connect back shell as "trojanurl" and be sure to setup a netcat, ---snip--- $system = '/bin/sh'; $ARGC=@ARGV; if $ARGC!=2 print "Usage: $0 Host Port \n\n"; die "Ex: $0...
Shutter 0.1.1 - Multiple SQL Injections
|| || || -----------------------------------------\ == -- ----------- ---------------------------- ------------------/ ¡VIVA SPAIN!...¡GANAREMOS EL MUNDIAL!...o.O ¡PROUD TO BE SPANISH! ---------------------------------------------------------------------------------------------- | MULTIPLE SQL...
Fuel CMS 1.4.13 - 'col' Blind SQL Injection (Authenticated)
Exploit Title: Fuel CMS 1.4.13 - 'col' Blind SQL Injection Authenticated Date: 2021-04-11 Exploit Author: Rahad Chowdhury Vendor Homepage: https://www.getfuelcms.com/ Software Link: https://github.com/daylightstudio/FUEL-CMS/archive/1.4.13.zip Version: 1.4.13 Tested on: Kali Linux, PHP 7.4.16,...
Metasploit Framework 6.0.11 - msfvenom APK template command injection
Exploit Title: Metasploit Framework 6.0.11 - msfvenom APK template command injection Exploit Author: Justin Steven Vendor Homepage: https://www.metasploit.com/ Software Link: https://www.metasploit.com/ Version: Metasploit Framework 6.0.11 and Metasploit Pro 4.18.0 CVE : CVE-2020-7384 !/usr/bin/e...
Grafana 7.0.1 - Denial of Service (PoC)
Exploit Title: Grafana 7.0.1 - Denial of Service PoC Date: 2020-05-23 Exploit Author: mostwanted002 Vendor Homepage: https://grafana.com/ Software Link: https://grafana.com/grafana/download Version: 3.0.1 - 7.0.1 Tested on: Linux CVE : CVE-2020-13379 !/bin/bash if $1 != "" ; then curl -I...
Dolibarr ERP-CRM 10.0.1 - SQL Injection
Exploit Title: Dolibarr ERP/CRM - Multiple Sql Injection Exploit Author: Metin Yunus Kandemir kandemir Vendor Homepage: https://www.dolibarr.org/ Software Link: https://www.dolibarr.org/downloads Version: 10.0.1 Category: Webapps Tested on: Xampp for Linux Software Description : Dolibarr ERP & CR...
ManageEngine ServiceDesk Plus 7.6 - woID SQL Injection
Advisory Name: SQL injection in Manage Engine Service Desk Plus 7.6 Vulnerability Class: SQL injection Release Date: 03-18-2010 Affected Applications: Confirmed in version 7.6. Other versions may also be affected. Affected Platforms: Multiple Local / Remote: Remote Severity: High – CVSS: 9...
Simple Task List 1.0 - 'status' SQLi
Exploit Title: Simple Task List 1.0 - 'status' SQLi Date: 2023-11-15 Exploit Author: Ersin Erenler Vendor Homepage: https://code-projects.org/simple-task-list-in-php-with-source-code Software Link: https://download-media.code-projects.org/2020/12/SimpleTaskListInPHPWithSourceCode.zip Version: 1.0...
Microsoft Excel 365 MSO (Version 2302 Build 16.0.16130.20186) 64-bit - Remote Code Execution (RCE)
Exploit Title: Microsoft Excel 365 MSO Version 2302 Build 16.0.16130.20186 64-bit - Remote Code Execution RCE Exploit Author: nu11secur1ty Date: 03.16.2023 Vendor: https://www.microsoft.com/en-us/microsoft-365/excel Software: https://www.microsoft.com/en-us/microsoft-365/excel Reference:...
Accounting Journal Management System 1.0 - 'id' SQLi (Authenticated)
Exploit Title: Accounting Journal Management System 1.0 - 'id' SQLi Authenticated Exploit Author: Alperen Ergel Contact: @alpernae IG/TW Software Homepage: https://www.sourcecodester.com/php/15155/accounting-journal-management-system-trial-balance-php-free-source-code.html Version : 1.0 Tested on...
Webrun 3.6.0.42 - 'P_0' SQL Injection
Exploit Title: Webrun 3.6.0.42 - 'P0' SQL Injection Google Dork: intitle:"Webrun 3.6.0.42" Date: 23/11/2021 Exploit Author: Vinicius Alves Vendor Homepage: https://softwell.com.br/ Version: 3.6.0.42 Tested on: Kali Linux 2021.3 CVE: CVE-2021-43650 =-=-=-= Description =-=-=-= Webrun version 3.6.0....
Multilaser Router RE018 AC1200 - Cross-Site Request Forgery (Enable Remote Access)
Exploit Title: Multilaser Router RE018 AC1200 - Cross-Site Request Forgery Enable Remote Access Date: 14/04/2021 Exploit Author: Rodolfo Mariano Version: Firmware V02.03.01.45pt CVE: 2021-31152 Exploit Code: document.forms0.submit;...
Savsoft Quiz 5 - 'Skype ID' Stored XSS
Exploit Title: Savsoft Quiz 5 - 'Skype ID' Stored XSS Exploit Author: Dipak Panchalth3.d1p4k Vendor Homepage: https://savsoftquiz.com Software Link: https://github.com/savsofts/savsoftquizv5 Version: 5 Tested on Windows 10 Attack Vector: This vulnerability can results attacker to inject the XSS...
WonderCMS 3.1.3 - Authenticated Remote Code Execution
Exploit Title: WonderCMS 3.1.3 - Authenticated Remote Code Execution Date: 2020-11-27 Exploit Author: zetc0de Vendor Homepage: https://www.wondercms.com/ Software Link: https://github.com/robiso/wondercms/releases/download/3.1.3/WonderCMS-3.1.3.zip Version: 3.1.3 Tested on: Ubuntu 16.04 CVE :...
WordPress Core < 5.2.3 - Viewing Unauthenticated/Password/Private Posts
So far we know that adding ?static=1 to a wordpress URL should leak its secret content Here are a few ways to manipulate the returned entries: - order with asc or desc - orderby - m with m=YYYY, m=YYYYMM or m=YYYYMMDD date format In this case, simply reversing the order of the returned elements...
Apache Tomcat 6/7/8/9 - Information Disclosure
Exploit Title:Apache Tomcat CVE-2016-6816 Security Bypass Vulnerability Date: 4th March 2017 Exploit Author: justpentest Vendor Homepage: tomcat.apache.org Version: Apache Tomcat 9.0.0.M1 through 9.0.0.M11, 8.5.0 through 8.5.6, 8.0.0.RC1 through 8.0.38, 7.0.0 through 7.0.72 and 6.0.0 through 6.0....
GOM Player 2.3.90.5360 - Remote Code Execution (RCE)
Exploit Title: GOM Player 2.3.90.5360 - Remote Code Execution RCE Date: 26.08.2023 Author: M. Akil Gündoğan Contact: https://twitter.com/akilgundogan Vendor Homepage: https://www.gomlab.com/gomplayer-media-player/ Software Link: https://cdn.gomlab.com/gretech/player/GOMPLAYERGLOBALSETUPNEW.EXE...
CoreFTP Server build 725 - Directory Traversal (Authenticated)
Exploit Title: CoreFTP Server build 725 - Directory Traversal Authenticated Date: 08/01/2022 Exploit Author: LiamInfosec Vendor Homepage: http://coreftp.com/ Version: build 725 and below Tested on: Windows 10 CVE : CVE-2022-22836 Description: CoreFTP Server before 727 allows directory traversal f...
HTTPDebuggerPro 9.11 - Unquoted Service Path
Exploit Title: HTTPDebuggerPro 9.11 - Unquoted Service Path Exploit Author: Aryan Chehreghani Date: 23/11/2021 Vendor Homepage: https://www.httpdebugger.com Software Link: https://www.httpdebugger.com/download.html Version: 9.11 Tested on: Windows 10 x64 SERVICENAME: HTTPDebuggerPro TYPE : 10...
Dnsmasq < 2.78 - Information Leak
''' Sources: https://raw.githubusercontent.com/google/security-research-pocs/master/vulnerabilities/dnsmasq/CVE-2017-14494.py https://security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html Sadly, there are no easy docker setup instructions available. Setup a simple network with...
Engineers Online Portal 1.0 - 'multiple' Authentication Bypass
Exploit Title: Engineers Online Portal 1.0 - 'multiple' Authentication Bypass Exploit Author: Alon Leviev Date: 22-10-2021 Category: Web application Vendor Homepage: https://www.sourcecodester.com/php/13115/engineers-online-portal-php.html Software Link:...
Dolibarr ERP-CRM 14.0.2 - Stored Cross-Site Scripting (XSS) / Privilege Escalation
Exploit Title: Dolibarr ERP-CRM 14.0.2 - Stored Cross-Site Scripting XSS / Privilege Escalation Exploit Author: Oscar Gutierrez m4xp0w3r Date: 18/10/2021 Vendor Homepage: https://www.dolibarr.org/ Software Link: https://github.com/Dolibarr Tested on: Ubuntu, LAAMP Vendor: Dolibarr Version: v14.0....
RATES SYSTEM 1.0 - 'Multiple' SQL Injections
Exploit Title: RATES SYSTEM 1.0 - 'Multiple' SQL Injections Date: 11-08-2021 Exploit Author: Halit AKAYDIN hLtAkydn Software Link: https://www.sourcecodester.com/php/14904/rates-system.html Version: V1.0 Category: Webapps Tested on: Linux/Windows Description: PHP Dashboards is prone to an...
RarmaRadio 2.72.5 - Denial of Service (PoC)
Exploit Title: RarmaRadio 2.72.5 - Denial of Service PoC Date: 2020-05-12 Exploit Author: Ismael Nava Vendor Homepage: http://www.raimersoft.com/ Software Link: https://www.raimersoft.com/rarmaradio.html Version: 2.75.5 Tested on: Windows 10 Home x64 CVE : n/a STEPS Open the program TapinRadio In...
WinGate 9.4.1.5998 - Insecure Folder Permissions
Exploit Title: WinGate 9.4.1.5998 - Insecure Folder Permissions Date: 2020-06-05 Exploit Author: hyp3rlinx Vendor Homepage: https://www.wingate.com Version: 9.4.1.5998 CVE: CVE-2020-13866 + Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source:...
Hisilicon HiIpcam V100R003 Remote ADSL - Credentials Disclosure
!/usr/bin/perl -w Hisilicon HiIpcam V100R003 Remote ADSL Credentials Disclosure Copyright 2019 c Todor Donev Hisilicon HiIpcam V100R003 Remote ADSL Credentials Disclosure ============================================================= Exploit Author: Todor Donev 2019 Disclaimer: This or previous...
Microsoft Edge Chakra JIT - 'BailOutOnInvalidatedArrayHeadSegment' Check Bypass
/ The BailOutOnInvalidatedArrayHeadSegment check uses the JavascriptArray::GetArrayForArrayOrObjectWithArray method to check whether the given object is an array. If it's not an array, it will decide to skip the check which means that no bailout will happen. The...
SPA-Cart eCommerce CMS 1.9.0.3 - SQL Injection
Exploit Title: SPA-Cart eCommerce CMS 1.9.0.3 - SQL Injection Exploit Author: CraCkEr Date: 20/08/2023 Vendor: SPA-Cart Vendor Homepage: https://spa-cart.com/ Software Link: https://demo.spa-cart.com/ Version: 1.9.0.3 Tested on: Windows 10 Pro Impact: Database Access CVE: CVE-2023-4548 CWE: CWE-8...
binutils 2.37 - Objdump Segmentation Fault
Exploit Title: binutils 2.37 - Objdump Segmentation Fault Date: 2021-11-03 Exploit Author: p3tryx Vendor Homepage: https://www.gnu.org/software/binutils/ Version: binutils 2.37 Tested on: Ubuntu 18.04 CVE : CVE-2021-43149 Payload file %223"\972\00\0083=Q333A11111111411111333333A $$$\FF$\80 1114...
Engineers Online Portal 1.0 - File Upload Remote Code Execution (RCE)
Exploit Title: Engineers Online Portal 1.0 - File Upload Remote Code Execution RCE Date: 10/23/2021 Exploit Author: SadKris Venor Homepage: https://www.sourcecodester.com/ Software Link: https://www.sourcecodester.com/php/13115/engineers-online-portal-php.html Version: 1.0 Tested on: XAMPP, Windo...
MariaDB 10.2 - 'wsrep_provider' OS Command Execution
Exploit Title: MariaDB 10.2 /MySQL - 'wsrepprovider' OS Command Execution Date: 03/18/2021 Exploit Author: Central InfoSec Version: MariaDB 10.2 before 10.2.37, 10.3 before 10.3.28, 10.4 before 10.4.18, and 10.5 before 10.5.9; Percona Server through 2021-03-03; and the wsrep patch through...
Snes9K 0.09z - 'Port Number' Buffer Overflow (SEH)
Exploit Title: Snes9K 0.09z - 'Port Number' Buffer Overflow SEH Date: 2020-07-20 Exploit Author: MasterVlad Vendor Homepage: https://sourceforge.net/projects/snes9k/ Software Link: https://www.exploit-db.com/apps/ef5249b64ce34575c12970b334a08c17-snes9k009z.zip Version: 0.09z Vulnerability Type:...
SNMPv3 - HMAC Validation error Remote Authentication Bypass
snmpv3exp.sh exploit the vulnerability described in CVE-2008-0960, the HMAC check problem on multiple vendor Copyright c 2008 @ Mediaservice.net Srl. All rights reserved Wrote by Maurizio Agazzini http://lab.mediaservice.net/...
GLPI GZIP(Py3) 9.4.5 - RCE
!/usr/bin/env python3 Exploit Title: GLPI GZIPPy3 9.4.5 - RCE Date: 08-30-2021 Exploit Authors: Brian Peters & n3rada Vendor Homepage: https://glpi-project.org/ Software Link: https://github.com/glpi-project/glpi/releases Version: 0.8.5-9.4.5 Tested on: Exploit ran on Kali 2021. GLPI Ran on Windo...
Simple Client Management System 1.0 - 'multiple' Stored Cross-Site Scripting (XSS)
Exploit Title: Simple Client Management System 1.0 - 'multiple' Stored Cross-Site Scripting XSS Exploit Author: Sentinal920 Date: 5-11-2021 Category: Web application Vendor Homepage: https://www.sourcecodester.com/php/15027/simple-client-management-system-php-source-code.html Software Link:...
PHP Melody 3.0 - 'Multiple' Cross-Site Scripting (XSS)
Exploit Title: PHP Melody 3.0 - 'Multiple' Cross-Site Scripting XSS Date: 2021-10-20 Exploit Author: Vulnerability Lab Vendor Homepage: https://www.phpsugar.com/phpmelody.html Version: v3 Tested on: Linux Document Title: =============== PHP Melody v3.0 - Multiple Cross Site Web Vulnerabilities...
User Management System 1.0 - 'uid' SQL Injection
Exploit Title: User Management System 1.0 - 'uid' SQL Injection Google Dork: N/A Date: 29/1/2021 Exploit Author: Zeyad Azima Vendor Homepage: https://phpgurukul.com/ Software Link: https://phpgurukul.com/user-management-system-in-php-using-stored-procedure/ Version: V1 Tested on: Windows Identify...
LimeSurvey 4.3.10 - 'Survey Menu' Persistent Cross-Site Scripting
Exploit Title: LimeSurvey 4.3.10 - 'Survey Menu' Persistent Cross-Site Scripting Date: 2020-08-23 Exploit Author: Matthew Aberegg Vendor Homepage: https://www.limesurvey.org Version: LimeSurvey 4.3.10+200812 Tested on: Ubuntu 18.04.4 Patch Link:...
Apache Solr 8.2.0 - Remote Code Execution
Title: Apache Solr 8.2.0 - Remote Code Execution Date: 2019-11-01 Author: @l3xwong Vendor: https://lucene.apache.org/solr/ Software Link: https://lucene.apache.org/solr/downloads.html CVE: N/A github: https://github.com/AleWong/Apache-Solr-RCE-via-Velocity-template usage: python3 script.py ip por...
Microsoft Windows 10 - UAC Protection Bypass Via Microsoft Windows Store (WSReset.exe) and Registry (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Windows 10 UAC Protection Bypass Via Windows Store WSReset.exe and Registry', 'Description' = %q This module exploits a flaw in the WSReset.exe...
LibreNMS - addhost Command Injection (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'LibreNMS addhost Command Injection', 'Description' = %q This module exploits a command injection vulnerability in the open source network...
IdeaBox 1.1 - 'gorumDir' Remote File Inclusion
$$$$$$$$$$$$$$$ DEVIL TEAM THE BEST POLISH TEAM $$$$$$$$$$$$$$$ $$ $$ IdeaBox = 1.1 gorumDir Remote File Include Vulnerability $$ script site: http://ideabox.phpoutsourcing.com/ $$ $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ $$ $$ Find by: Kacper a.k.a Rahim $$ $$ Contact:...