47904 matches found
Zyxel IKE Packet Decoder - Unauthenticated Remote Code Execution (Metasploit)
Exploit Title: Zyxel IKE Packet Decoder Unauthenticated Remote Code Execution Date: 2023-03-31 Exploit Author: sf Vendor Homepage: https://www.zyxel.com/ Software Link: https://www.zyxel.com/ Version: ATP Firmware version 4.60 to 5.35 inclusive, USG FLEX Firmware version 4.60 to 5.35 inclusive, V...
Rebar3 3.13.2 - Command Injection
Exploit Title: Rebar3 3.13.2 Command Injection Date: 2020-06-03 Exploit Author: Alexey Pronin Vendor Homepage: https://rebar3.org Software Link: https://github.com/erlang/rebar3 Versions affected: 3.0.0-beta.3 - 3.13.2 Tested on: Linux CVE: CVE-2020-13802 1. Description: ----------------------...
Milesight Routers UR5X, UR32L, UR32, UR35, UR41 - Credential Leakage Through Unprotected System Logs and Weak Password Encryption
!/usr/bin/env python3 -- coding: utf-8 -- """ Title: Credential Leakage Through Unprotected System Logs and Weak Password Encryption CVE: CVE-2023-43261 Script Author: Bipin Jitiya @win3zz Vendor: Milesight IoT - https://www.milesight-iot.com/ Formerly Xiamen Ursalink Technology Co., Ltd...
phpMyFAQ 3.1.7 - Reflected Cross-Site Scripting (XSS)
Exploit Title: phpMyFAQ 3.1.7 - Reflected Cross-Site Scripting XSS Date: 2024-10-26 Exploit Author: CodeSecLab Vendor Homepage: https://github.com/thorsten/phpMyFAQ Software Link: https://github.com/thorsten/phpMyFAQ Version: 3.1.7 Tested on: Ubuntu Windows CVE : CVE-2022-4407 PoC: Get:...
JetBrains TeamCity 2023.05.3 - Remote Code Execution (RCE)
Exploit Title: JetBrains TeamCity 2023.05.3 - Remote Code Execution RCE - Shodan Dork: http.title:TeamCity , http.favicon.hash:-1944119648 - Exploit Author: ByteHunter - Vendor: JetBrains - Email: [email protected] - vendor: JetBrains - Version: versions before 2023.05.4 - Tested on:...
PHP-Fusion CMS 9.03.90 - Cross-Site Request Forgery (Delete admin shoutbox message)
Exploit Title: PHP-Fusion CMS 9.03.90 - Cross-Site Request Forgery Delete admin shoutbox message Date: 2020-12-21 Exploit Author: Mohamed Oosman B S Vendor Homepage: https://www.php-fusion.co.uk/ Software Link: https://www.php-fusion.co.uk/phpfusion9downloads.php Version: 9.03.90 and below Tested...
User Registration & Login and User Management System With admin panel 2.1 - Persistent XSS
Exploit Title: User Registration & Login and User Management System With admin panel 2.1 - Persistent XSS Google Dork: N/A Date: 2020-08-07 Exploit Author: yusufmalikul Vendor Homepage: https://phpgurukul.com Software Link:...
Audio Playback Recorder 3.2.2 - Local Buffer Overflow (SEH)
Exploit Title: Audio Playback Recorder 3.2.2 - Local Buffer Overflow SEH Date: 2020-09-08 Author: Felipe Winsnes Software Link: https://archive.org/download/tucows288670AudioPlaybackRecorder/AudioRec.exe Version: 3.2.2 Tested on: Windows 7 x86 Blog: https://whitecr0wz.github.io/ Proof of the...
Limo Booking Software v1.0 - CORS
Title: Limo Booking Software v1.0 - CORS Author: nu11secur1ty Date: 09/08/2023 Vendor: https://www.phpjabbers.com/ Software: https://www.phpjabbers.com/limo-booking-software/sectionDemo Reference: https://portswigger.net/web-security/cors Description: The application implements an HTML5...
Media Library Assistant Wordpress Plugin - RCE and LFI
Exploit Title: Media Library Assistant Wordpress Plugin - RCE and LFI Date: 2023/09/05 CVE: CVE-2023-4634 Exploit Author: Florent MONTEL / Patrowl.io / @Pepitoh / Twitter @Pepitooh Exploitation path: https://patrowl.io/blog-wordpress-media-library-rce-cve-2023-4634/ Exploit:...
KONGA 0.14.9 - Privilege Escalation
Exploit Title: KONGA 0.14.9 - Privilege Escalation Date: 10/11/2021 Exploit Author: Fabricio Salomao & Paulo Trindade @paulotrindadec Vendor Homepage: https://github.com/pantsel/konga Software Link: https://github.com/pantsel/konga/archive/refs/tags/0.14.9.zip Version: 0.14.9 Tested on: Linux -...
COMMAX Biometric Access Control System 1.0.0 - Authentication Bypass
Exploit Title: COMMAX Biometric Access Control System 1.0.0 - Authentication Bypass Date: 02.08.2021 Exploit Author: LiquidWorm Vendor Homepage: https://www.commax.com COMMAX Biometric Access Control System 1.0.0 Authentication Bypass Vendor: COMMAX Co., Ltd. Prodcut web page:...
Cockpit CMS 0.11.1 - 'Username Enumeration & Password Reset' NoSQL Injection
Exploit Title: Cockpit CMS 0.11.1 - 'Username Enumeration & Password Reset' NoSQL Injection Date: 06-08-2021 Exploit Author: Brian Ombongi Vendor Homepage: https://getcockpit.com/ Version: Cockpit 0.11.1 Tested on: Ubuntu 16.04.7 CVE : CVE-2020-35847 & CVE-2020-35848 !/usr/bin/python3 import json...
Pi-hole 4.3.2 - Remote Code Execution (Authenticated)
!/usr/bin/env python2 Exploit Title: Pi-hole 4.3.2 - Remote Code Execution Authenticated Date: 2020-08-04 Exploit Author: Luis Vacas @CyberVaca Vendor Homepage: https://pi-hole.net/ Software Link: https://github.com/pi-hole/pi-hole Version: = 4.3.2 Tested on: Ubuntu 19.10 CVE : CVE-2020-8816...
FTPDummy 4.80 - Local Buffer Overflow (SEH)
Exploit Title: FTPDummy 4.80 - Local Buffer Overflow SEH Date: 2020-07-22 Author: Felipe Winsnes Software Link: http://www.dummysoftware.com/ftpdummy.html Version: 4.80 Tested on: Windows 7 x86 Blog: https://whitecr0wz.github.io/ Proof of Concept: 1.- Run the python script, it will create the fil...
Listing Hub CMS 1.0 - 'pages.php id' SQL Injection
Exploit Title: Listing Hub CMS 1.0 - 'pages.php id' SQL Injection Google Dork: inurl:"pages.php?title=privacy-policy" Date: 14 Feb 2019 Exploit Author: Deyaa Muhammad Author EMail: contact at deyaa.me Author Blog: http://deyaa.me Vendor Homepage: https://themerig.com/ Software Link:...
Linux Kernel 2.6.22 < 3.9 - 'Dirty COW /proc/self/mem' Race Condition Privilege Escalation (/etc/passwd Method)
// EDB-Note: Compile: g++ -Wall -pedantic -O2 -std=c++11 -pthread -o dcow 40847.cpp -lutil // EDB-Note: Recommended way to run: ./dcow -s Will automatically do "echo 0 /proc/sys/vm/dirtywritebackcentisecs" // // ----------------------------------------------------------------- // Copyright C 2016...
Oracle 11g - Multiple Privilege Escalation Vulnerabilities
source: https://www.securityfocus.com/bid/38115/info Oracle Database is prone to multiple remote privilege-escalation issues because it fails to properly restrict access to certain packages. The attacker can exploit these issues to escalate their privileges to DBA or execute arbitrary operating...
RiteCMS 3.0.0 - Reflected Cross Site Scripting (XSS)
Exploit Title: RiteCMS 3.0.0 โ Reflected Cross-Site Scripting XSS Google Dork: N/A Date: 2024-08-12 Exploit Author: GURJOT SINGH Vendor Homepage: https://ritecms.com/ Software Link: https://github.com/handylulu/RiteCMS/releases/download/V3.0.0/ritecms.v3.0.0.zip Version: Steps: 1. Log in or...
LimeSurvey 5.2.4 - Remote Code Execution (RCE) (Authenticated)
Exploit Title: LimeSurvey 5.2.4 - Remote Code Execution RCE Authenticated Google Dork: inurl:limesurvey/index.php/admin/authentication/sa/login Date: 05/12/2021 Exploit Author: Y1LD1R1M Vendor Homepage: https://www.limesurvey.org/ Software Link:...
CSZ CMS 1.2.9 - 'Multiple' Arbitrary File Deletion
Exploit Title: CSZ CMS 1.2.9 - 'Multiple' Arbitrary File Deletion Date: 2021-07-20 Exploit Author: faisalfs10x https://github.com/faisalfs10x Vendor Homepage: https://www.cszcms.com Software Link: https://sourceforge.net/projects/cszcms/files/latest/download Version: 1.2.9 Tested on: Windows 10,...
fuel CMS 1.4.1 - Remote Code Execution (1)
Exploit Title: fuel CMS 1.4.1 - Remote Code Execution 1 Date: 2019-07-19 Exploit Author: 0xd0ff9 Vendor Homepage: https://www.getfuelcms.com/ Software Link: https://github.com/daylightstudio/FUEL-CMS/releases/tag/1.4.1 Version: = 0 and n 1: start = haystack.findneedle, start+1 n -= 1 return start...
Viessmann Vitogate 300 2.1.3.0 - Remote Code Execution (RCE)
Exploit Title: Viessmann Vitogate 300 = 2.1.3.0 - Remote Code Execution RCE - Shodan Dork: http.title:'Vitogate 300' - Exploit Author: ByteHunter - Email: [email protected] - Version: versions up to 2.1.3.0 - Tested on: 2.1.1.0 - CVE : CVE-2023-5702 & CVE-2023-5222 import argparse import...
PHPGurukul Hostel Management System 2.1 - Cross-site request forgery (CSRF) to Cross-site Scripting (XSS)
Exploit Title: PHPGurukul Hostel Management System 2.1 - Cross-site request forgery CSRF to Cross-site Scripting XSS Date: 2021-10-27 Exploit Author: Anubhav Singh Vendor Homepage: https://phpgurukul.com/ Software Link: https://phpgurukul.com/hostel-management-system/ Version: V 2.1 Vulnerable...
Bakeshop Online Ordering System 1.0 - 'Owner' Persistent Cross-site scripting
Exploit Title: Bakeshop Online Ordering System 1.0 - 'Owner' Persistent Cross-site scripting Date: 26-11-2020 Exploit Author: Parshwa Bhavsar Vendor Homepage: https://www.sourcecodester.com/ Software Link:...
Anuko Time Tracker 1.19.23.5311 - Password Reset leading to Account Takeover
Exploit Title: Anuko Time Tracker 1.19.23.5311 - Password Reset Vulnerability leading to Account Takeover Date: 2020-11-11 Exploit Author: Mufaddal Masalawala Vendor Homepage: https://www.anuko.com/ Software Link: https://www.anuko.com/time-tracker/index.htm Version: 1.19.23.5311 Tested on: Kali...
Navigate CMS 2.8.7 - Cross-Site Request Forgery (Add Admin)
Exploit Title: Navigate CMS 2.8.7 - Cross-Site Request Forgery Add Admin Date: 2020-06-04 Exploit Author: Gus Ralph Vendor Homepage: https://www.navigatecms.com/en/home Software Link: https://sourceforge.net/projects/navigatecms/files/releases/navigate-2.8.7r1401.zip/download Version: 2.8.7 Teste...
Microsoft Windows 10 (1903/1909) - 'SMBGhost' SMB3.1.1 'SMB2_COMPRESSION_CAPABILITIES' Local Privilege Escalation
CVE-2020-0796 Windows SMBv3 LPE Exploit Authors Daniel Garcรญa Gutiรฉrrez @danigargu Manuel Blanco Parajรณn @dialluvioso References https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0796 https://www.synacktiv.com/posts/exploit/im-smbghost-daba-dee-daba-da.html...
GHIA CamIP 1.2 for iOS - 'Password' Denial of Service (PoC)
Exploit Title: GHIA CamIP 1.2 for iOS - 'Password' Denial of Service PoC Discovery by: Ivan Marmolejo Discovery Date: 2019-11-27 Vendor Homepage: https://apps.apple.com/mx/app/ghia-camip/id1342090963 Software Link: App Store for iOS devices Tested Version: 1.2 Vulnerability Type: Denial of Servic...
OpenVPN 2.2.29 - 'Shellshock' Remote Command Injection
Exploit Title: ShellShock OpenVPN Exploit Date: Fri Oct 3 15:48:08 EDT 2014 Exploit Author: hobbily AKA @fj33r Version: 2.2.29 Tested on: Debian Linux CVE : CVE-2014-6271 Probably should of submitted this the day I tweeted it. server.conf port 1194 proto udp dev tun client-cert-not-required...
Pimcore 11.4.2 - Stored cross site scripting
Exploit Title: Authenticated Stored Cross-Site Scripting XSS Via Search Document Google Dork: N/A Date: 1/28/2025 Exploit Author: maeitsec Vendor Homepage: https://pimcore.com/ Software Link: https://github.com/pimcore/pimcore Version: Pimcore 10.5.x prior to 10.5.21 and 11.x prior to 11.1.1 Test...
Employee Management System 1.0 - `txtfullname` and `txtphone` SQL Injection
Exploit Title: Employee Management System 1.0 - txtfullname and txtphone SQL Injection Date: 2 Feb 2024 Exploit Author: Yevhenii Butenko Vendor Homepage: https://www.sourcecodester.com Software Link: https://www.sourcecodester.com/php/16999/employee-management-system.html Version: 1.0 Tested on:...
WP Rocket < 2.10.3 - Local File Inclusion (LFI)
Paulos Yibelo discovered and reported this Local File Inclusion vulnerability in WordPress WP Rocket Plugin. This could allow a malicious actor to include local files of the target website and show its output onto the screen. Files which store credentials, such as database credentials, could...
Clcknshop 1.0.0 - SQL Injection
Exploit Title: Clcknshop 1.0.0 - SQL Injection Exploit Author: CraCkEr Date: 16/08/2023 Vendor: Infosoftbd Solutions Vendor Homepage: https://infosoftbd.com/ Software Link: https://infosoftbd.com/multitenancy-e-commerce-solution/ Demo: https://kidszone.clckn.shop/ Version: 1.0.0 Tested on: Window...
Axigen < 10.3.3.47, 10.2.3.12 - Reflected XSS
Exploit Title: Axigen if xhr1.readyState === XMLHttpRequest.DONE hcookie = new URLxhr1.responseURL.search.split"="1; xhr2.open'PATCH', /api/v1/conversations/MQ/?h=$hcookie, true; xh...
Pallets Werkzeug 0.15.4 - Path Traversal
Exploit Title: Pallets Werkzeug 0.15.4 - Path Traversal Date: 06 July 2021 Original Author: Emre รVรNร Exploit Author: faisalfs10x https://github.com/faisalfs10x Vendor Homepage: https://palletsprojects.com/ Software Link: https://github.com/pallets/werkzeug Version: Prior to 0.15.5 Tested on:...
Odoo 12.0 - Local File Inclusion
Exploit Title: Odoo 12.0 - Local File Inclusion Date: 2019-06-14 Exploit Author: Emre รVรNร Vendor Homepage: https://www.odoo.com/ Software Link: https://www.odoo.com/trTR/page/download Version: v12.0 Tested on: Windows/Linux https://github.com/EmreOvunc/Odoo-12.0-LFI-Vulnerabilities...
Omron PLC 1.0.0 - Denial of Service (PoC)
Exploit Title: Omron PLC 1.0.0 - Denial of Service PoC Google Dork: n/a Date: 2019-12-06 Exploit Author: n0b0dy Vendor Homepage: https://automation.omron.com, ia.omron.com Software Link: n/a Version: 1.0.0 Tested on: PLC f/w rev.: CJ2M v2.01 CWE-412 : Unrestricted Externally Accessible Lock CVE :...
ownCloud 10.3.0 stable - Cross-Site Request Forgery
Exploit Title: ownCloud 10.3.0 stable - Cross-Site Request Forgery Date: 2019-10-31 Exploit Author: Ozer Goker Vendor Homepage: https://owncloud.org Software Link: https://owncloud.org/download/ Version: 10.3 CVE: N/A Introduction Your personal cloud collaboration platform With over 50 million...
Total.js CMS 12 - Widget JavaScript Code Injection (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Total.js CMS 12 Widget JavaScript Code Injection', 'Description' = %q This module exploits a vulnerability in Total.js CMS. The issue is that a...
WeBid 1.0.6 - SQL Injection
Exploit Title: WeBid 1.0.6 SQL Injection Vulnerability Google Dork: "Powered by WeBid" Date: 1/9/13 Exploit Author: Life Wasted Vendor Homepage: http://www.webidsupport.com/ Version: Tested on 1.0.6, but could affect other version Tested On: Linux, Windows Vulnerable Code: Line 53 of the...
comments-like-dislike < 1.2.0 - Authenticated (Subscriber+) Plugin Setting Reset
Exploit Title: POC-CVE-2023-3244 Date: 9/12/2023 Exploit Author: Diaa Hanna Software Link: download link if available Version: = 1.2.0 comments-like-dislike Tested on: 1.1.6 comments-like-dislike CVE : CVE-2023-3244 References https://nvd.nist.gov/vuln/detail/CVE-2023-3244 The Comments Like Disli...
SyncBreeze 15.2.24 - 'login' Denial of Service
Exploit Title: SyncBreeze 15.2.24 -'login' Denial of Service Date: 30/08/2023 Exploit Author: mohamed youssef Vendor Homepage: https://www.syncbreeze.com/ Software Link: https://www.syncbreeze.com/setups/syncbreezesetupv15.4.32.exe Version: 15.2.24 Tested on: windows 10 64-bit import socket impor...
WordPress Plugin Delightful Downloads Jquery File Tree 1.6.6 - Path Traversal
Exploit Title: WordPress Plugin Delightful Downloads Jquery File Tree 1.6.6 - Path Traversal Date: 19/03/2021 Exploit Author: Nicholas Ferreira Vendor Homepage: https://github.com/A5hleyRich/delightful-downloads Version: =1.6.6 Tested on: Debian 11 CVE : CVE-2017-1000170 PHP version exploit: 7.3....
Local Services Search Engine Management System (LSSMES) 1.0 - 'name' Persistent Cross-Site Scripting (XSS)
Exploit Title: Local Services Search Engine Management System LSSMES 1.0 - 'name' Persistent Cross-Site Scripting XSS Date: 2021-03-03 Exploit Author: Tushar Vaidya Vendor Homepage: https://phpgurukul.com/local-services-search-engine-management-system-using-php-and-mysql/ Software Link:...
Popcorn Time 6.2 - 'Update service' Unquoted Service Path
Exploit Title: Popcorn Time 6.2 - 'Update service' Unquoted Service Path Date: 2020-04-24 Vendor Homepage: https://getpopcorntime.is Exploit Authors: Uriel Yochpaz & Jonatan Schor Software Link: https://dl.getpopcorntime.is/PopcornTime-latest.exe Version: 6.2.1.14 and probably prior versions Test...
Algo 8028 Control Panel - Remote Code Execution (RCE) (Authenticated)
Exploit Title: Algo 8028 Control Panel - Remote Code Execution RCE Authenticated Google Dork: intitle:"Algo 8028 Control Panel" Shodan: title:"Algo 8028 Control Panel" Date: 2022-06-07 Exploit Author: Filip Carlsson Vendor Homepage: https://www.algosolutions.com/ Software Link:...
PHP Unit 4.8.28 - Remote Code Execution (RCE) (Unauthenticated)
Exploit Title: PHP Unit 4.8.28 - Remote Code Execution RCE Unauthenticated Date: 2022/01/30 Exploit Author: souzo Vendor Homepage: phpunit.de Version: 4.8.28 Tested on: Unit CVE : CVE-2017-9841 import requests from sys import argv phpfiles = "/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php",...
Employee Record Management System 1.2 - 'empid' SQL injection (Unauthenticated)
Title: Employee Record Management System 1.2 - 'empid' SQL injection Unauthenticated Exploit Author: Anubhav Singh Date: 2021-10-31 Vendor Homepage: https://phpgurukul.com/employee-record-management-system-in-php-and-mysql/ Version: 1.2 Software Link:...
Panasonic Sanyo CCTV Network Camera 2.03-0x - Cross-Site Request Forgery (Change Password)
Exploit Title: Panasonic Sanyo CCTV Network Camera 2.03-0x - 'Disable Authentication / Change Password' CSRF Date: 13.07.2021 Exploit Author: LiquidWorm Vendor Homepage: https://www.panasonic.com !-- Panasonic Sanyo CCTV Network Camera 2.03-0x CSRF Disable Authentication / Change Password Vendor:...