BoidCMS v2.0.0 - authenticated file upload vulnerability

!/usr/bin/python3 Exploit Title: BoidCMS v2.0.0 - authenticated file upload vulnerability Date: 08/21/2023 Exploit Author: 1337kid Vendor Homepage: https://boidcms.github.io// Software Link: https://boidcms.github.io/BoidCMS.zip Version: ' with open'shell.php','w' as f: f.writelinesphpcode ====...

Blood Donor Management System v1.0 - Stored XSS

Exploit Title: Blood Donor Management System v1.0 - Stored XSS Application: Blood Donor Management System Version: v1.0 Bugs: Stored XSS Technology: PHP Vendor Homepage: https://phpgurukul.com/ Software Link: https://phpgurukul.com/blood-donor-management-system-using-codeigniter/ Date: 15.08.2023...

ThingsBoard 3.3.1 'description' - Stored Cross-Site Scripting (XSS)

Exploit Title: ThingsBoard 3.3.1 'description' - Stored Cross-Site Scripting XSS Date: 03/08/2022 Exploit Author: Steffen Langenfeld & Sebastian Biehler Vendor Homepage: https://thingsboard.io/ Software Link: https://github.com/thingsboard/thingsboard/releases/tag/v3.3.1 Version: 3.3.1 Tested on:...

Omnia MPX 1.5.0+r1 - Path Traversal

Exploit Title: Omnia MPX 1.5.0+r1 - Path Traversal Date: 24/7/2022 Exploit Author: Momen Eldawakhly Cyber Guy Vendor Homepage: https://www.telosalliance.com/ Software Link: https://support.telosalliance.com/article/934ixoaz3l-mpx-node-release-notes-and-update-instructions Version: 1.5.0+r1 Tested...

TLR-2005KSH - Arbitrary File Delete

Exploit Title: TLR-2005KSH - Arbitrary File Delete Date: 2022-05-11 Exploit Author: Ahmed Alroky Author Company : AIactive Version: 1.0.0 Vendor home page : http://telesquare.co.kr/ Authentication Required: No Tested on: Windows CVE: CVE-2021-46424 Proof-of-Concept Request DELETE /cgi-bin/test2.t...

Online Hotel Reservation System 1.0 - 'person' time-based SQL Injection

Exploit Title: Online Hotel Reservation System 1.0 - 'person' time-based SQL Injection Exploit Author: Mesut Cetin Date: 2021-01-15 Vendor Homepage: https://www.sourcecodester.com/php/13492/online-hotel-reservation-system-phpmysqli.html Software Link:...

Cayin Digital Signage System xPost 2.5 - Remote Command Injection

Title: Cayin Digital Signage System xPost 2.5 - Remote Command Injection Author:LiquidWorm Date: 2020-06-04 Vendor: https://www.cayintech.com CVE: N/A !/usr/bin/env python3 Cayin Digital Signage System xPost 2.5 Pre-Auth SQLi Remote Code Execution Vendor: CAYIN Technology Co., Ltd. Product web...

Draytek VigorAP 1000C - Persistent Cross-Site Scripting

Title: Draytek VigorAP 1000C - Persistent Cross-Site Scripting Author: Vulnerability Laboratory Date: 2020-05-07 Vendor: https://www.draytek.com/ Software: https://www.draytek.com/products/vigorap-903/ CVE: N/A Document Title: =============== Draytek VigorAP - RADIUS Persistent XSS Vulnerability...

iOS IOUSBDeviceFamily 12.4.1 - 'IOInterruptEventSource' Heap Corruption (PoC)

Exploit Title: iOS IOUSBDeviceFamily 12.4.1 - 'IOInterruptEventSource' Heap Corruption PoC Date: 2019-10-29 Exploit Author: Sem Voigtlander, Joshua Hill and Raz Mashat Vendor Homepage: https://apple.com/ Software Link: https://support.apple.com/en-hk/HT210606 Version: iOS 13 Tested on: iOS 12.4.1...

WordPress Plugin Download Manager 2.9.93 - Cross-Site Scripting

Exploit Title: WordPress Download Manager Cross-site Scripting Discovery Date: 2019-04-13 Exploit Author: ThuraMoeMyint Author Link: https://twitter.com/mgthuramoemyint Vendor Homepage: https://www.wpdownloadmanager.com Software Link: https://wordpress.org/plugins/download-manager Version: 2.9.93...

GitLab CE/EE < 16.7.2 - Password Reset

Exploit Title: GitLab CE/EE 16.7.2 - Password Reset Exploit Author: Sebastian Kriesten 0xB455 Twitter: https://twitter.com/0xB455 Date: 2024-01-12 Vendor Homepage: gitlab.com Vulnerability disclosure: https://about.gitlab.com/releases/2024/01/11/critical-security-release-gitlab-16-7-2-released/...

Linux Kernel 6.2 - Userspace Processes To Enable Mitigation

Exploit Title: Linux Kernel 6.2 - Userspace Processes To Enable Mitigation Exploit Author: nu11secur1ty CVE ID: CVE-2023-1998 Description Summary The Linux kernel allows userspace processes to enable mitigations by calling prctl with PRSETSPECULATIONCTRL which disables the speculation feature as...

Payment Terminal 3.1 - 'Multiple' Cross-Site Scripting (XSS)

Exploit Title: Payment Terminal 3.1 - 'Multiple' Cross-Site Scripting XSS Date: 2021-11-05 Exploit Author: Vulnerability Lab Vendor Homepage: https://www.criticalgears.com/ Software Link: https://www.criticalgears.com/product/authorize-net-payment-terminal/...

Huawei dg8045 - Authentication Bypass

Title: Huawei dg8045 - Authentication Bypass Date: 2020-06-24 Author: Abdalrahman Gamal Vendor Homepage: www.huawei.com Version: dg8045 Hardware Version: VER.A POC: The default password of this router is the last 8 characters of the device's serial number which exist in the back of the device. An...

Joomla JCK Editor 6.4.4 - 'parent' SQL Injection (2)

Exploit Title: Joomla JCK Editor 6.4.4 - 'parent' SQL Injection 2 Googke Dork: inurl:/plugins/editors/jckeditor/plugins/jtreelink/ Date: 05/03/2021 Exploit Author: Nicholas Ferreira Vendor Homepage: http://docs.arkextensions.com/downloads/jck-editor Version: 6.4.4 Tested on: Debian 10 CVE :...

Online Health Care System 1.0 - Multiple Cross Site Scripting (Stored)

Exploit Title: Online Health Care System 1.0 - Multiple Cross Site Scripting Stored Google Dork: N/A Date: 2020/10/24 Exploit Author: Akıner Kısa Vendor Homepage: https://www.sourcecodester.com/php/14526/online-health-care-system-php-full-source-code-2020.html Software Link:...

Complaint Management System 1.0 - 'cid' SQL Injection

Title: Complaint Management System 1.0 - 'cid' SQL Injection Exploit Author: Mohamed Elobeid 0b3!d Date: 2020-08-21 Vendor Homepage: https://www.sourcecodester.com/php/14206/complaint-management-system.html Software Link:...

Online Polling System 1.0 - Authentication Bypass

Exploit Title: Online Polling System 1.0 - Authentication Bypass Date: 2020-07-20 Author: AppleBois Version: NULL Software Link: https://www.sourcecodester.com/php/14330/online-polling-system.html Administration Control Panel || Authentication Bypass Unthenticated User perform SQL Injection bypas...

Joomla! Component vReview 1.9.11 - SQL Injection

Exploit Title: Joomla! Component vReview 1.9.11 - SQL Injection Dork: N/A Date: 2019-01-23 Exploit Author: Ihsan Sencan Vendor Homepage: http://wdmtech.com/ Software Link: https://extensions.joomla.org/extensions/extension/clients-a-communities/ratings-a-reviews/vreview/ Version: 1.9.11 Category:...

Sielco Analog FM Transmitter 2.12 - 'id' Cookie Brute Force Session Hijacking

Exploit Title: Sielco Analog FM Transmitter 2.12 - 'id' Cookie Brute Force Session Hijacking Exploit Author: LiquidWorm Vendor: Sielco S.r.l Product web page: https://www.sielco.org Affected version: 2.12 EXC5000GX 2.12 EXC120GX 2.11 EXC300GX 2.10 EXC1600GX 2.10 EXC2000GX 2.08 EXC1600GX 2.08...

Open Game Panel - Remote Code Execution (RCE) (Authenticated)

Exploit Title: Open Game Panel - Remote Code Execution RCE Authenticated Google Dork: intext:"Open Game Panel 2021" Date: 08/14/2021 Exploit Author: prey Vendor Homepage: https://www.opengamepanel.org/ Software Link: https://github.com/OpenGamePanel/OGP-Website Version: before 14 Aug patch...

Schlix CMS 2.2.6-6 - Remote Code Execution (Authenticated)

Exploit Title: Schlix CMS 2.2.6-6 - Remote Code Execution Authenticated Date: 2021-05-06 Exploit Author: Eren Saraç Vendor Homepage: https://www.schlix.com/ Software Link: https://www.schlix.com/downloads/schlix-cms/schlix-cms-v2.2.6-6.zip Version: 2.2.6-6 Tested on: Windows & WampServer ==...

Under Construction Page with CPanel 1.0 - SQL injection

Exploit Title: Under Construction Page with CPanel 1.0 - SQL injection Date: 17-11-2020 Exploit Author: Mayur Parmarth3cyb3rc0p Vendor Homepage: http://egavilanmedia.com Software Link : http://egavilanmedia.com/under-construction-page-with-cpanel/ Version: 1.0 Tested on: PopOS SQL Injection: SQL...

QNAP QTS and Photo Station 6.0.3 - Remote Command Execution

Exploit Title: QNAP QTS and Photo Station 6.0.3 - Remote Command Execution Exploit Author: Yunus YILDIRIM Th3Gundy Team: CT-Zer0 @CRYPTTECH - https://www.crypttech.com Date: 2020-05-28 Vendor Homepage: https://www.qnap.com Version: QTS 4.4.1 | Photo Station 6.0.3 CVE: CVE-2019-7192, CVE-2019-7193...

Citrix StoreFront Server 7.15 - XML External Entity Injection

Exploit Title: Citrix StoreFront Server 7.15 - XML External Entity Injection Date: 2019-08-28 Exploit Author: Vahagn Vardanya Vendor Homepage:https://www.citrix.com/downloads/storefront/ Software Link: https://support.citrix.com/article/CTX251988 Version: Citrix StoreFront Server earlier than 190...

Microsoft Exchange 2003 - base64-MIME Remote Code Execution

Python 2.7 included with ImmunityDBG Exchange 2003 SP0 base64-MIME memory corruption NSA's ENGLISHMANSDENTIST Platform: Windows Server 2003 R2 Shout out to the Equation Group, NSA Tailored Access Operations Author: Charles Truscott @r0ss1n1 Shout out to Offensive Security, from Australia with Lov...

SPIP CMS < 2.0.23/ 2.1.22/3.0.9 - Privilege Escalation

!/usr/bin/env python Exploit Title: SPIP - CMS " exit baseurl = sys.argv1 login = sys.argv2 ma...

WP Rocket < 2.10.3 - Local File Inclusion (LFI)

Paulos Yibelo discovered and reported this Local File Inclusion vulnerability in WordPress WP Rocket Plugin. This could allow a malicious actor to include local files of the target website and show its output onto the screen. Files which store credentials, such as database credentials, could...

Servisnet Tessa - MQTT Credentials Dump (Unauthenticated) (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'metasploit/framework/credentialcollection' require 'metasploit/framework/loginscanner/mqtt' class MetasploitModule 'Servisnet Tessa - MQTT Credentials Dump...

Pinkie 2.15 - TFTP Remote Buffer Overflow (PoC)

Exploit Title: Pinkie 2.15 - TFTP Remote Buffer Overflow PoC Discovered by: Yehia Elghaly Discovered Date: 2021-11-19 Vendor Homepage: http://www.ipuptime.net/ Software Link : http://ipuptime.net/PinkieSetup.zip Tested Version: 2.15 Vulnerability Type: Buffer Overflow DoS Remote Tested on OS:...

Solaris 10 (SPARC) - 'dtprintinfo' Local Privilege Escalation (2)

Exploit Title: Solaris 10 1/13 SPARC - 'dtprintinfo' Local Privilege Escalation 2 Date: 2021-02-01 Exploit Author: Marco Ivaldi Vendor Homepage: https://www.oracle.com/solaris/solaris10/ Version: Solaris 10 Tested on: Solaris 10 1/13 SPARC / raptordtprintcheckdirsparc2.c - Solaris/SPARC FMT LPE...

Secure Computing SnapGear Management Console SG560 3.1.5 - Arbitrary File Read

Title: Secure Computing SnapGear Management Console SG560 3.1.5 - Arbitrary File Read Author:LiquidWorm Date: 2020-06-04 Vendor: http://www.securecomputing.com CVE: N/A Secure Computing SnapGear Management Console SG560 v3.1.5 Arbitrary File Read/Write Vendor: Secure Computing Corp. Product web...

Smartwares HOME easy 1.0.9 - Client-Side Authentication Bypass

Exploit Title: Smartwares HOME easy 1.0.9 - Client-Side Authentication Bypass Author: LiquidWorm Date: 2019-11-05 Vendor: Smartwares Product web page: https://www.smartwares.eu Affected version: =1.0.9 Advisory ID: ZSL-2019-5540 Advisory URL:...

Wordpress 4.9.6 - Arbitrary File Deletion (Authenticated) (2)

Exploit Title: Wordpress 4.9.6 - Arbitrary File Deletion Authenticated 2 Date: 04/08/2021 Exploit Author: samguy Vulnerability Discovery By: Slavco Mihajloski & Karim El Ouerghemmi Vendor Homepage: https://wordpress.org Software Link: https://wordpress.org/wordpress-4.9.6.tar.gz Version: 4.9.6...

Exam Hall Management System 1.0 - Unrestricted File Upload (Unauthenticated)

Exploit Title: Exam Hall Management System 1.0 - Unrestricted File Upload Unauthenticated Date: 06/07/2021 Exploit Author: Thamer Almohammadi @Thamerz88 Vendor Homepage: https://www.sourcecodester.com Software Link:...

WordPress Plugin Supsystic Pricing Table 1.8.7 - Multiple Vulnerabilities

Exploit Title: WordPress Plugin Supsystic Pricing Table 1.8.7 - Multiple Vulnerabilities Date: 24/07/2020 Exploit Author: Erik David Martin Vendor Homepage: https://supsystic.com/ Software Link: https://downloads.wordpress.org/plugin/pricing-table-by-supsystic.1.8.7.zip Version: 1.8.7 and 1.8.6...

System Explorer 7.0.0 - 'SystemExplorerHelpService' Unquoted Service Path

Exploit Title: System Explorer 7.0.0 - 'SystemExplorerHelpService' Unquoted Service Path Date: 2020-10-14 Exploit Author: Mohammed Alshehri Vendor Homepage: http://systemexplorer.net/ Software Link: http://systemexplorer.net/download/SystemExplorerSetup.exe Version: Version 7.0.0 Tested on:...

EgavilanMedia User Registration & Login System with Admin Panel 1.0 - Stored Cross Site Scripting

Exploit Title: EgavilanMedia User Registration & Login System with Admin Panel 1.0 - Stored Cross Site Scripting Exploit Author: Soushikta Chowdhury Vendor Homepage: http://egavilanmedia.com Software Link: http://egavilanmedia.com/user-registration-and-login-system-with-admin-panel/ Version: 1.0...

Clinic Queuing System 1.0 - RCE

Exploit Title: Clinic Queuing System 1.0 RCE Date: 2024/1/7 Exploit Author: Juan Marco Sanchez Vendor Homepage: https://www.sourcecodester.com/ Software Link: https://www.sourcecodester.com/php/16439/clinic-queuing-system-using-php-and-sqlite3-source-code-free-download.html Version: 1.0 Tested on...

Lot Reservation Management System - Unauthenticated File Upload and Remote Code Execution

Exploit Title: Lot Reservation Management System Unauthenticated File Upload and Remote Code Execution Google Dork: N/A Date: 10th December 2023 Exploit Author: Elijah Mandila Syoyi Vendor Homepage:...

OctoBot WebInterface 0.4.3 - Remote Code Execution (RCE)

Exploit Title: OctoBot WebInterface 0.4.3 - Remote Code Execution RCE Date: 9/2/2021 Exploit Author: Samy Younsi, Thomas Knudsen Vendor Homepage: https://www.octobot.online/ Software Link: https://github.com/Drakkar-Software/OctoBot Version: 0.4.0beta3 - 0.4.3 Tested on: Linux Ubuntu, CentOs CVE ...

Sync Breeze 13.6.18 - 'Multiple' Unquoted Service Path

Exploit Title: Sync Breeze 13.6.18 - 'Multiple' Unquoted Service Path Discovery by: Brian Rodriguez Date: 16-06-2021 Vendor Homepage: https://www.syncbreeze.com/ Software Links: https://www.syncbreeze.com/setupsx64/syncbreezesrvsetupv13.6.18x64.exe...

WifiHotSpot 1.0.0.0 - 'WifiHotSpotService.exe' Unquoted Service Path

Exploit Title: WifiHotSpot 1.0.0.0 - 'WifiHotSpotService.exe' Unquoted Service Path Discovery by: Erick Galindo Discovery Date: 2020-05-06 Vendor Homepage: https://www.gearboxcomputers.com/downloads/wifihotspot.exe Tested Version: 1.0.0.0 Vulnerability Type: Unquoted Service Path Tested on OS:...

Mara CMS 7.5 - Remote Code Execution (Authenticated)

Exploit Title: Mara CMS 7.5 - Remote Code Execution Authenticated Google Dork: N/A Date: 2020-08-31 Exploit Author: Michele Cisternino 0blio Vendor Homepage: https://sourceforge.net/projects/maracms/ Software Link: https://sourceforge.net/projects/maracms/files/MaraCMS75.zip/download Version: 7.5...

Spidermonkey - IonMonkey Leaks JS_OPTIMIZED_OUT Magic Value to Script

IonMonkey can, during a bailout, leak an internal JSOPTIMIZEDOUT magic value to the running script. This magic value can then be used to achieve memory corruption. Prerequisites Magic Values Spidermonkey represents JavaScript values with the C++ type JS::Value 1, which is a NaN-boxed value that c...

Codiad 2.4.3 - Multiple Vulnerabilities

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= INDEPENDENT SECURITY RESEARCHER PENETRATION TESTING SECURITY -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Exploit Title: Codiad 2.4.3 - Cross Site Scripting - Local File Inclusion Vulnerability's Date: 19/12/2014 Url Vendor: http://codiad.com/ Vendor Name: Codiad...

Femitter FTP Server 1.x - (Authenticated) Multiple Vulnerabilities

/ Femitter Server FTP 1.x Multiple Vulnerability ---------------------------------------------------- Arbitrary: ---------- The vulnerability is caused due to an input validation error when processing FTP requests. This can be exploited to read, modify, or delete arbitrary files from the affected...

PX4 Military UAV Autopilot 1.12.3 - Denial of Service (DoS)

Exploit Title: PX4 Military UAV Autopilot 1.12.3 - Denial of Service DoS Author: Mohammed Idrees Banyamer @banyamersecurity GitHub: https://github.com/mbanyamer Date: 2025-06-21 Tested on: Ubuntu 20.04 LTS + PX4 SITL jMAVSim CVE: CVE-2025-5640 Type: Denial of Service DoS via Buffer Overflow...

WEBIGniter v28.7.23 - Stored Cross Site Scripting (XSS)

Exploit Title: WEBIGniter v28.7.23 Stored Cross Site Scripting XSS Exploit Author: Sagar Banwa Date: 19/10/2023 Vendor: https://webigniter.net/ Software: https://webigniter.net/demo Reference: https://portswigger.net/web-security/cross-site-scripting Tested on: Windows 10/Kali Linux CVE :...

Guild Wars 2 - Insecure Folder Permissions

Exploit Title: Guild Wars 2 - Insecure Folder Permissions Date: 2020-10-09 Exploit Author: George Tsimpidas Software Link : https://account.arena.net/welcome Version Build : 106915 Tested on: Microsoft Windows 10 Home 10.0.18362 N/A Build 18362 Category: local Vulnerability Description: Guild War...