47884 matches found
Easy-Hide-IP 5.0.0.3 - 'EasyRedirect' Unquoted Service Path
Exploit Title: Easy-Hide-IP 5.0.0.3 - 'EasyRedirect' Unquoted Service Path Date: 2019-11-22 Exploit Author: Rene Cortes S Vendor Homepage: https://easy-hide-ip.com Software Link: https://easy-hide-ip.com Version: 5.0.0.3 Tested on: Windows 7 Professional Service Pack 1 Step to discover the unquot...
_GCafé 3.0 - 'gbClienService' Unquoted Service Path
Exploit Title: GCafé 3.0 - 'gbClienService' Unquoted Service Path Google Dork: N/A Date: 2019-11-09 Exploit Author: Doan Nguyen 4ll4u Vendor Homepage: https://gcafe.vn/ Software Link: https://gcafe.vn/post/view?slug=gcafe-3.0 Version: v3.0 Tested on: Windows 7, Win 10, WinXP CVE : N/A Description...
RiteCMS 3.0.0 - Reflected Cross Site Scripting (XSS)
Exploit Title: RiteCMS 3.0.0 – Reflected Cross-Site Scripting XSS Google Dork: N/A Date: 2024-08-12 Exploit Author: GURJOT SINGH Vendor Homepage: https://ritecms.com/ Software Link: https://github.com/handylulu/RiteCMS/releases/download/V3.0.0/ritecms.v3.0.0.zip Version: Steps: 1. Log in or...
XAMPP - Buffer Overflow POC
Exploit Title: XAMPP v3.3.0 — '.ini' Buffer Overflow Unicode + SEH Date: 2023-10-26 Author: Talson @Ripp3rdoc Software Link: https://sourceforge.net/projects/xampp/files/XAMPP%20Windows/8.0.28/xampp-windows-x64-8.0.28-0-VS16-installer.exe Version: 3.3.0 Tested on: Windows 11 CVE-2023-46517 \ / \ ...
TSPlus 16.0.0.0 - Remote Work Insecure Credential storage
Exploit Title: TSPlus 16.0.0.0 - Remote Work Insecure Credential storage Date: 2023-08-09 Exploit Author: Carlo Di Dato for Deloitte Risk Advisory Italia Vendor Homepage: https://tsplus.net/ Version: Up to 16.0.0.0 Tested on: Windows CVE : CVE-2023-31069 With TSPlus Remote Work v. 16.0.0.0 you ca...
Modbus Slave 7.3.1 - Buffer Overflow (DoS)
Exploit Title: Modbus Slave 7.3.1 - Buffer Overflow DoS Discovered by: Yehia Elghaly Discovered Date: 2021-11-19 Vendor Homepage: https://www.modbustools.com/ Software Link : https://www.modbustools.com/download/ModbusSlaveSetup32Bit.exe Tested Version: 7.3.1 Connect 5. - Paste the characters of...
Balbooa Joomla Forms Builder 2.0.6 - SQL Injection (Unauthenticated)
Exploit Title: Balbooa Joomla Forms Builder 2.0.6 - SQL Injection Unauthenticated Date: 24.10.2021 Exploit Author: blockomat2100 Vendor Homepage: https://www.balbooa.com/ Version: 2.0.6 Tested on: Docker An example request to trigger the SQL-Injection: POST /index.php?option=combaforms HTTP/1.1...
SOYAL 701 Server 9.0.1 - Insecure Permissions
Exploit Title: SOYAL 701 Server 9.0.1 - Insecure Permissions Date: 25.01.2021 Exploit Author: LiquidWorm Vendor Homepage: https://www.soyal.com.tw https://www.soyal.com Vendor: SOYAL Technology Co., Ltd Product web page: https://www.soyal.com.tw | https://www.soyal.com Affected version: 9.0.1...
SCO Openserver 5.0.7 - 'outputform' Command Injection
Exploit Title: SCO Openserver 5.0.7 - 'outputform' Command Injection Google Dork: inurl:/cgi-bin/manlist?section Discovered Date: 04/09/2020 Author: Ramikan Vendor Homepage: https://www.xinuos.com/products/ Software Link: https://www.sco.com/products/openserver507/-overview Affected Version: Test...
Linux Kernel < 3.8.x - open-time Capability 'file_ns_capable()' Local Privilege Escalation
/ usernsrootsploit.c by / / Copyright c 2013 Andrew Lutomirski. All rights reserved. / / You may use, modify, and redistribute this code under the GPLv2. / define GNUSOURCE include include include include include include include include include include include include include ifndef CLONENEWUSER...
Kwintv - Local Buffer Overflow
/ kwintv local buffer overflow. gid=video33 Author: Cody Tubbs loophole of hhp. www.hhp-programming.net / [email protected] 12/17/2000 For SuSE 7.0 - x86. sgid "video"33 by default. bash-2.04$ id uid=1000loophole gid=501noc bash-2.04$ ./b 0 Ret-addr 0xbfffe1fc, offset: 0, allign: 0. sh-2.04$ id...
GL.iNet AR300M v4.3.7 Arbitrary File Read - CVE-2023-46455 Exploit
!/usr/bin/env python3 Exploit Title: GL.iNet = 4.3.7 Arbitrary File Write Google Dork: intitle:"GL.iNet Admin Panel" Date: XX/11/2023 Exploit Author: Michele 'cyberaz0r' Di Bonaventura Vendor Homepage: https://www.gli-net.com Software Link:...
Cacti 1.2.24 - Authenticated command injection when using SNMP options
Exploit Title: Cacti 1.2.24 - Authenticated command injection when using SNMP options Date: 2023-07-03 Exploit Author: Antonio Francesco Sardella Vendor Homepage: https://www.cacti.net/ Software Link: https://www.cacti.net/info/downloads Version: Cacti 1.2.24 Tested on: Cacti 1.2.24 installed on...
Uvdesk 1.1.4 - Stored XSS (Authenticated)
Exploit Title: Uvdesk 1.1.4 - Stored XSS Authenticated Date: 14/08/2023 Exploit Author: Hubert Wojciechowski Contact Author: [email protected] Vendor Homepage: https://www.uvdesk.com/ Software Link: https://github.com/MegaTKC/AeroCMS Version: 1.1.4 Testeted on: Windows 10 using XAMPP,...
ThingsBoard 3.3.1 'name' - Stored Cross-Site Scripting (XSS)
Exploit Title: ThingsBoard 3.3.1 'name' - Stored Cross-Site Scripting XSS Date: 03/08/2022 Exploit Author: Steffen Langenfeld & Sebastian Biehler Vendor Homepage: https://thingsboard.io/ Software Link: https://github.com/thingsboard/thingsboard/releases/tag/v3.3.1 Version: 3.3.1 CVE :...
Zucchetti Axess CLOKI Access Control 1.64 - Cross Site Request Forgery (CSRF)
Exploit Title: Zucchetti Axess CLOKI Access Control 1.64 - Cross Site Request Forgery CSRF Date: 13/12/2021 Exploit Author: LiquidWorm Vendor Homepage: https://www.axesstmc.com/cloki/ !-- Zucchetti Axess CLOKI Access Control 1.64 CSRF Disable Access Control Vendor: Zucchetti Axess S.p.A. Product...
Auerswald COMpact 8.0B - Multiple Backdoors
Exploit Title: Auerswald COMpact 8.0B - Multiple Backdoors Date: 06/12/2021 Exploit Author: RedTeam Pentesting GmbH Advisory: Auerswald COMpact Multiple Backdoors RedTeam Pentesting discovered several backdoors in the firmware for the Auerswald COMpact 5500R PBX. These backdoors allow attackers w...
TextPattern CMS 4.9.0-dev - Remote Command Execution (RCE) (Authenticated)
Exploit Title: TextPattern CMS 4.9.0-dev - Remote Command Execution RCE Authenticated Date: 07/04/2021 Exploit Author: Mevlüt Akçam Software Link: https://github.com/textpattern/textpattern Vendor Homepage: https://textpattern.com/ Version: 4.9.0-dev Tested on: 20.04.1-Ubuntu !/usr/bin/python3...
WordPress Plugin Database Backups 1.2.2.6 - 'Database Backup Download' CSRF
Exploit Title: WordPress Plugin Database Backups 1.2.2.6 - 'Database Backup Download' CSRF Date: 2/10/2021 Author: 0xB9 Software Link: https://wordpress.org/plugins/database-backups/ Version: 1.2.2.6 Tested on: Windows 10 CVE: CVE-2021-24174 1. Description: This plugin allows admins to create and...
AnyDesk 5.5.2 - Remote Code Execution
Exploit Title: AnyDesk 5.5.2 - Remote Code Execution Date: 09/06/20 Exploit Author: scryh Vendor Homepage: https://anydesk.com/en Version: 5.5.2 Tested on: Linux Walkthrough: https://devel0pment.de/?p=1881 !/usr/bin/env python import struct import socket import sys ip = '192.168.x.x' port = 50001...
MyBB Timeline Plugin 1.0 - Persistent Cross-Site Scripting
Exploit Title: MyBB Timeline Plugin 1.0 - Cross-Site Scripting / CSRF Date: 1/21/2021 Author: 0xB9 Software Link: https://community.mybb.com/mods.php?action=view&pid=1428 Version: 1.0 Tested on: Windows 10 1. Description: MyBB Timeline replaces the default MyBB user profile. This introduces...
Cemetry Mapping and Information System 1.0 - Multiple SQL Injections
Exploit Title: Cemetry Mapping and Information System 1.0 - Multiple SQL Injections Exploit Author: Mesut Cetin Date: 2021-01-12 Vendor Homepage: https://www.sourcecodester.com/php/12779/cemetery-mapping-and-information-system-using-phpmysqli.html Software Link:...
Exagate Sysguard 6001 - Cross-Site Request Forgery (Add Admin)
Exploit Title: Exagate Sysguard 6001 - Cross-Site Request Forgery Add Admin Exploit Author: Metin Yunus Kandemir Vendor Homepage: https://www.exagate.com/ Software Link: https://www.exagate.com/sysguard-6001 Version: SYSGuard 6001 HTML CSRF PoC :...
ManageEngine Application Manager 14.2 - Privilege Escalation / Remote Command Execution (Metasploit)
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "ManageEngine Application Manager v14.2 - Privilege Escalation / Remote Command Execution", 'Description' = %q This module exploits sqli and comman...
Linux Kernel < 4.4.0-83 / < 4.8.0-58 (Ubuntu 14.04/16.04) - Local Privilege Escalation (KASLR / SMEP)
// A proof-of-concept local root exploit for CVE-2017-1000112. // Includes KASLR and SMEP bypasses. No SMAP bypass. // Tested on Ubuntu trusty 4.4.0- and Ubuntu xenial 4-8-0- kernels. // // EDB Note: Also included the work from...
Socat 1.4.0.2 - Not SETUID Local Format String
/ socatexp.c Socat Format String Vulnerability socat No System Group - http://www.nosystem.com.ar coki@servidor:$ make socatexp coki@servidor:$ ./socatexp socat shellcode address = 0xbfffffb9 .dtors address = 0x080740c4 2004/10/19 09:49:46 socat26197 E unknown syslog facility...
VIMESA VHF/FM Transmitter Blue Plus 9.7.1 (doreboot) - Remote Denial Of Service
VIMESA VHF/FM Transmitter Blue Plus 9.7.1 doreboot Remote Denial Of Service Vendor: Video Medios, S.A. VIMESA Product web page: https://www.vimesa.es Affected version: img:v9.7.1 Html:v2.4 RS485:v2.5 Summary: The transmitter Blue Plus is designed with all the latest technologies, such as high...
WordPress Plugin All-in-One Video Gallery plugin 2.4.9 - Local File Inclusion (LFI)
Exploit Title: WordPress Plugin All-in-One Video Gallery plugin 2.4.9 - Local File Inclusion LFI Exploit Author: Mohamed Magdy Abumusilm Aka m19o Software: All-in-One Video Gallery plugin Version: = 2.4.9 Tested on: Windows,linux Poc:...
Company's Recruitment Management System 1.0 - 'Add New user' Cross-Site Request Forgery (CSRF)
Exploit Title: Company's Recruitment Management System 1.0 - 'Add New user' Cross-Site Request Forgery CSRF Date: 18-10-2021 Exploit Author: Aniket Anil Deshmane Vendor Homepage: https://www.sourcecodester.com/php/14959/companys-recruitment-management-system-php-and-sqlite-free-source-code.html...
Cerberus FTP Web Service 11 - 'svg' Stored Cross-Site Scripting (XSS)
Exploit Title: Cerberus FTP web Service 11 - 'svg' Stored Cross-Site Scripting XSS Date: 08/06/2021 Exploit Author: Mohammad Hossein Kaviyany Vendor Homepage: www.cerberusftp.com Software Link: https://www.cerberusftp.com/download/ Version:11.0 releases prior to 11.0.4, 10.0 releases prior to...
Laravel 8.4.2 debug mode - Remote code execution
Exploit Title: Laravel 8.4.2 debug mode - Remote code execution Date: 1.14.2021 Exploit Author: SunCSR Team Vendor Homepage: https://laravel.com/ References: https://www.ambionics.io/blog/laravel-debug-rce https://viblo.asia/p/6J3ZgN8PKmB Version: = 8.4.2 Tested on: Ubuntu 18.04 + nginx + php 7.4...
PostgreSQL 9.3-11.7 - Remote Code Execution (RCE) (Authenticated)
Exploit Title: PostgreSQL 9.3-11.7 - Remote Code Execution RCE Authenticated Date: 2022-03-29 Exploit Author: b4keSn4ke Github: https://github.com/b4keSn4ke Vendor Homepage: https://www.postgresql.org/ Software Link: https://www.postgresql.org/download/linux/debian/ Version: 9.3 - 11.7 Tested on:...
Pluck CMS 4.7.16 - Remote Code Execution (RCE) (Authenticated)
Exploit Title: Pluck CMS 4.7.16 - Remote Code Execution RCE Authenticated Date: 13.03.2022 Exploit Author: Ashish Koli Shikari Vendor Homepage: https://github.com/pluck-cms/pluck Version: 4.7.16 Tested on Ubuntu 20.04.3 LTS CVE: CVE-2022-26965 Usage : python3 exploit.py Example: python3 exploit.p...
Wondershare MirrorGo 2.0.11.346 - Insecure File Permissions
Exploit Title: Wondershare MirrorGo 2.0.11.346 - Insecure File Permissions Discovery by: Luis Martinez Discovery Date: 2022-02-23 Vendor Homepage: https://www.wondershare.com/ Software Link : https://download.wondershare.com/mirrorgofull8050.exe Tested Version: 2.0.11.346 Vulnerability Type: Loca...
Simple Client Management System 1.0 - SQLi (Authentication Bypass)
Exploit Title: Simple Client Management System 1.0 - SQLi Authentication Bypass Exploit Author: Sentinal920 Date: 5-11-2021 Category: Web application Vendor Homepage: https://www.sourcecodester.com/php/15027/simple-client-management-system-php-source-code.html Software Link:...
TextPattern CMS 4.8.7 - Stored Cross-Site Scripting (XSS)
Exploit Title: TextPattern CMS 4.8.7 - Stored Cross-Site Scripting XSS Date: 2021/09/06 Exploit Author: Mert Daş [email protected] Software Link: https://textpattern.com/filedownload/113/textpattern-4.8.7.zip Software web: https://textpattern.com/ Tested on: Server: Xampp TextPattern is pron...
PEEL Shopping 9.3.0 - 'address' Stored Cross-Site Scripting
Exploit Title: PEEL Shopping 9.3.0 - 'address' Stored Cross-Site Scripting Date: 2021-02-11 Exploit Author: Anmol K Sachan Vendor Homepage: https://www.peel.fr/ Software Link: https://sourceforge.net/projects/peel-shopping/ Software: : PEEL SHOPPING 9.3.0 Vulnerability Type: Stored Cross-site...
STVS ProVision 5.9.10 - Cross-Site Request Forgery (Add Admin)
Exploit Title: STVS ProVision 5.9.10 - Cross-Site Request Forgery Add Admin Date: 19.01.2021 Exploit Author: LiquidWorm Vendor Homepage: http://www.stvs.ch STVS ProVision 5.9.10 Cross-Site Request Forgery Add Admin Vendor: STVS SA Product web page: http://www.stvs.ch Platform: Ruby Affected...
iDS6 DSSPro Digital Signage System 6.2 - Improper Access Control Privilege Escalation
Exploit Title: iDS6 DSSPro Digital Signage System 6.2 - Improper Access Control Privilege Escalation Date: 2020-07-16 Exploit Author: LiquidWorm Vendor Homepage: http://www.yerootech.com Version: 6.2 iDS6 DSSPro Digital Signage System 6.2 Improper Access Control Privilege Escalation Vendor:...
MedDream PACS Server 6.8.3.751 - Remote Code Execution (Unauthenticated)
!/usr/bin/python Exploit Title: MedDream PACS Server 6.8.3.751 - Remote Code Execution Unauthenticated Exploit Author: bzyo Twitter: @bzyo Date: 10-10-2020 Vulnerable Software: https://www.softneta.com/products/meddream-pacs-server/ Vendor Homepage: https://www.softneta.com Version: 6.8.3.751...
Microsoft Internet Explorer 8 - Fixed Col Span ID (Full ASLR + DEP + EMET 5.1 Bypass) (MS12-037)
function strtointstr return str.charCodeAt10x10000 + str.charCodeAt0; var free = "EEEE"; while free.length 500 free += free; var string1 = "AAAA"; while string1.length 500 string1 += string1; var string2 = "BBBB"; while string2.length 500 string2 += string2; var fr = new Array; var al = new Array...
Joomla! Component FacileForms 1.4.4 - Remote File Inclusion
Title: Joomla Component ComFacileforms ================================================================ + Author : Dr.Kacak + Special Thankz : KnocKout and all my friends + System 0VerfL0verZ ================================================================= Script : Joomla Google Dork :...
AEGON LIFE v1.0 Life Insurance Management System - Unauthenticated Remote Code Execution (RCE)
Exploit Title: Life Insurance Management System- Unauthenticated Remote Code Execution RCE Exploit Author: Aslam Anwar Mahimkar Date: 18-05-2024 Category: Web application Vendor Homepage: https://projectworlds.in/ Software Link: https://projectworlds.in/life-insurance-management-system-in-php/...
Axigen < 10.5.7 - Persistent Cross-Site Scripting
Exploit Title: Axigen alert1 PoC of the POST request: POST /?h=1bb40e85937506a7186a125bd8c5d7ef&page=glset HTTP/1.1 Host: localhost:9443 Cookie: eula=true;...
Curfew e-Pass Management System 1.0 - FromDate SQL Injection
Exploit Title: Curfew e-Pass Management System 1.0 - FromDate SQL Injection Date: 28/9/2023 Exploit Author: Puja Dey Vendor Homepage: https://phpgurukul.com Software Link: https://phpgurukul.com/curfew-e-pass-management-system-using-php-and-mysql/ Version: 1.0 Tested on: Windows 10/Wamp 1 login...
Schneider Electric SpaceLogic C-Bus Home Controller (5200WHC2) - Remote Code Execution
Exploit Title: Schneider Electric SpaceLogic C-Bus Home Controller 5200WHC2 - Remote Code Execution Exploit Author: LiquidWorm SpaceLogic.ps1 Schneider Electric SpaceLogic C-Bus Home Controller 5200WHC2 Remote Root Exploit Vendor: Schneider Electric SE Product web page: https://www.se.com...
WordPress Plugin Visual Slide Box Builder 3.2.9 - SQLi
Title: WordPress Plugin Visual Slide Box Builder 3.2.9 - SQLi Author: nu11secur1ty Date: 07.11.2022 Vendor: https://wphive.com/ Software: https://wphive.com/plugins/wp-visual-slidebox-builder/?pluginversion=3.2.9 Reference:...
ICL ScadaFlex II SCADA Controllers SC-1/SC-2 1.03.07 - Remote File CRUD
Exploit Title: CL ScadaFlex II SCADA Controllers SC-1/SC-2 1.03.07 Remote File CRUD Exploit Author: LiquidWorm !/usr/bin/env python3 -- coding: utf-8 -- ICL ScadaFlex II SCADA Controllers SC-1/SC-2 1.03.07 Remote File CRUD Vendor: Industrial Control Links, Inc. Product web page:...
Servisnet Tessa - Privilege Escalation (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Servisnet Tessa - Privilege Escalation Metasploit', 'Description' = %q This module exploits privilege escalation in Servisnet Tessa, triggered by...
WordPress Plugin litespeed cache 3.6 - 'server_ip' Cross-Site Scripting
Exploit Title: WordPress Plugin litespeed-cache 3.6 - 'serverip' Cross-Site Scripting Date: 20-12-2020 Software Link: https://downloads.wordpress.org/plugin/litespeed-cache.3.6.zip Version: litespeed-cache Tested on: Windows 10 x64 Description: A Stored Cross-site scripting XSS was discovered in...