47884 matches found
WordPress Plugin Typebot 1.4.3 - Stored Cross Site Scripting (XSS) (Authenticated)
Exploit Title: WordPress Plugin Typebot 1.4.3 - Stored Cross Site Scripting XSS Authenticated Date: 29/11/2021 Exploit Author: Mansi Singh Vendor Homepage: https://wordpress.org/plugins/typebot/ Software Link: https://wordpress.org/plugins/typebot/ Tested on Windows Reference:...
Sonicwall SonicOS 6.5.4 - 'Common Name' Cross-Site Scripting (XSS)
Exploit Title: Sonicwall SonicOS 6.5.4 - 'Common Name' Cross-Site Scripting XSS Date: 2021-10-18 Exploit Author: Vulnerability Lab Vendor Homepage: https://www.sonicguard.com/NSV-800.asp Version: 6.5.4 Document Title: =============== Sonicwall SonicOS 6.5.4 - Cross Site Scripting Web Vulnerabilit...
Payara Micro Community 5.2021.6 - Directory Traversal
Exploit Title: Payara Micro Community 5.2021.6 - Directory Traversal Date: 01/10/2021 Exploit Author: Yasser Khan N3Thunt3r Vendor Homepage: https://docs.payara.fish/community/docs/release-notes/release-notes-2021-6.html Software Link:...
Online Traffic Offense Management System 1.0 - 'id' SQL Injection (Authenticated)
Exploit Title: Online Traffic Offense Management System 1.0 - 'id' SQL Injection Authenticated Date: 19/08/2021 Exploit Author: Justin White Vendor Homepage: https://www.sourcecodester.com Software Link:...
Church Management System 1.0 - SQL Injection (Authentication Bypass) + Arbitrary File Upload + RCE
Exploit Title: Church Management System 1.0 - SQL Injection Authentication Bypass + Arbitrary File Upload + RCE Date: 05-07-2021 Exploit Author: Eleonora Guardini eleguardini93 at gmail dot com or eleonora.guardini at dedagroup dot com Vendor Homepage: https://www.sourcecodester.com Software Link...
House Rental and Property Listing 1.0 - Multiple Stored XSS
Exploit Title: House Rental and Property Listing 1.0 - Multiple Stored XSS Tested on: Windows 10 Exploit Author: Mohamed habib Smidi Craniums Date: 2020-12-28 Google Dork: N/A Vendor Homepage: https://www.sourcecodester.com/php/14649/house-rental-and-property-listing-php-full-source-code.html...
Anuko Time Tracker 1.19.23.5325 - CSV/Formula Injection
Exploit Title: Anuko Time Tracker 1.19.23.5325 - CSV/Formula Injection Date: 2020-10-17 Exploit Author: Mufaddal Masalawala Vendor Homepage: https://www.anuko.com/ Software Link: https://www.anuko.com/time-tracker/index.htm Version: 1.19.23.5325 Tested on: Kali Linux 2020.3 CVE: CVE-2020-15255...
Disk Sorter Enterprise 12.4.16 - 'Disk Sorter Enterprise' Unquoted Service Path
Exploit Title: Disk Sorter Enterprise 12.4.16 - 'Disk Sorter Enterprise' Unquoted Service Path Exploit Author: boku Date: 2020-02-10 Vendor Homepage: http://www.disksorter.com Software Link: http://www.disksorter.com/setups/disksorterentsetupv12.4.16.exe Version: 12.4.16 Tested On: Windows 10...
mintinstall 7.9.9 - Code Execution
Exploit Title: mintinstall aka Software Manager object injection Date: 10/02/2019 Exploit Author: Andhrimnirr Vendor Homepage: https://www.linuxmint.com/ Software Link: mintinstall aka Software Manager Version: 7.9.9 Tested on: Linux Mint CVE : CVE-2019-17080 import os import sys def...
thesystem App 1.0 - 'server_name' SQL Injection
Exploit Title: thesystem 1.0 - 'servername' SQL Injection Author: Sadik Cetin Discovery Date: 2019-09-26 Vendor Homepage: https://github.com/kostasmitroglou/thesystem Software Link: https://github.com/kostasmitroglou/thesystem Tested Version: 1.0 Tested on OS: Windows 10 CVE: N/A Description:...
Karenderia Multiple Restaurant System 5.3 - Local File Inclusion
=========================================================================================== Exploit Title: Karenderia CMS 5.1 - LFI Vuln. Dork: N/A Date: 04-07-2019 Exploit Author: Mehmet EMIROGLU Software Link: https://codecanyon.net/item/karenderia-multiple-restaurant-system/9118694 Version: v5...
dotProject 2.1.9 - SQL Injection
Exploit Title: dotProject 2.1.9 - Multiple Sql Injection Poc Exploit Author: Metin Yunus Kandemir kandemir Vendor Homepage: https://dotproject.net Software Link: https://github.com/dotproject/dotProject/archive/v2.1.9.zip Version: 2.1.9 Category: Webapps Tested on: Xampp for Windows Software...
Interspire Email Marketer 6.20 - 'surveys_submit.php' Remote Code Execution
Exploit Title: Interspire Email Marketer 6.20 - Remote Code Execution Date: May 2019 Exploit Author: Numan Türle Vendor Homepage: https://www.interspire.com Software Link: https://www.interspire.com/emailmarketer Version: 6.20 $widget foreach $widget as $widgetKey = $fields foreach $fields as...
Linux Kernel 2.4/2.6 (Fedora 11) - 'sock_sendpage()' Local Privilege Escalation (2)
This is the second version of Linux socksendpage NULL pointer dereference exploit. Now, it also works with Linux kernel versions which implements COW credentials e.g. Fedora 11. For SELinux enforced systems, it automatically searches in the SELinux policy rules for types with mmapzero permission ...
Microsoft Windows 10.0.17763.5458 - Kernel Privilege Escalation
Exploit Title : Microsoft Windows 10.0.17763.5458 - Kernel Privilege Escalation Exploit Author: E1 Coders CVE: CVE-2024-21338 require 'msf/core' class MetasploitModule 'CVE-2024-21338 Exploit', 'Description' = 'This module exploits a vulnerability in FooBar version 1.0. It may lead to...
CVE-2023-50071 - Multiple SQL Injection
Exploit Title: Customer Support System 1.0 - Multiple SQL injection vulnerabilities Date: 15/12/2023 Exploit Author: Geraldo Alcantara Vendor Homepage: https://www.sourcecodester.com/php/14587/customer-support-system-using-phpmysqli-source-code.html Software Link:...
SpamTitan 7.07 - Remote Code Execution (Authenticated)
Exploit Title: SpamTitan 7.07 - Remote Code Execution Authenticated Date: 2020-09-18 Exploit Author: Felipe Molina @felmoltor Vendor Homepage: https://www.titanhq.com/spamtitan/spamtitangateway/ Software Link: https://www.titanhq.com/signup/?producttype=spamtitangateway Version: 7.07 Tested on:...
OneTrust SDK 6.33.0 - Denial Of Service (DoS)
Exploit Title: OneTrust SDK 6.33.0 - Denial Of Service DoS - Date: 01/01/2025 - Exploit Author: Alameen Karim Merali - Vendor Homepage: OneTrust JavaScript API - Software Link: otBannerSdk.js v6.33.0 - Version: 6.33.0 - Tested on: Kali Linux - CVE ID: CVE-2024-57708 Vulnerability Summary A...
Pimcore 11.4.2 - Stored cross site scripting
Exploit Title: Authenticated Stored Cross-Site Scripting XSS Via Search Document Google Dork: N/A Date: 1/28/2025 Exploit Author: maeitsec Vendor Homepage: https://pimcore.com/ Software Link: https://github.com/pimcore/pimcore Version: Pimcore 10.5.x prior to 10.5.21 and 11.x prior to 11.1.1 Test...
Dell Security Management Server <1.9.0 - Local Privilege Escalation
Exploit Title: title Dell Security Management Server versions prior to 11.9.0 Exploit Author: author Amirhossein Bahramizadeh CVE : if applicable CVE-2023-32479 Dell Encryption, Dell Endpoint Security Suite Enterprise, and Dell Security Management Server versions prior to 11.9.0 contain privilege...
Tinycontrol LAN Controller v3 (LK3) 1.58a - Remote Admin Password Change
!/bin/bash : " Exploit Title: Tinycontrol LAN Controller v3 LK3 1.58a - Remote Admin Password Change Exploit Author: LiquidWorm Vendor: Tinycontrol Product web page: https://www.tinycontrol.pl Affected version: this with a calendar when - then. The device provides a user interface in the form of ...
Company's Recruitment Management System 1.0 - 'Multiple' SQL Injection (Unauthenticated)
Title: Company's Recruitment Management System 1.0 - 'Multiple' SQL Injection Unauthenticated Exploit Author: Yash Mahajan Date: 2021-10-09 Vendor Homepage: https://www.sourcecodester.com/php/14959/companys-recruitment-management-system-php-and-sqlite-free-source-code.html Version: 1 Software Lin...
Realtek Wireless LAN Utility 700.1631 - 'Realtek11nSU' Unquoted Service Path
Exploit Title: Realtek Wireless LAN Utility 700.1631 - 'Realtek11nSU' Unquoted Service Path Discovery by: Luis Martinez Discovery Date: 2021-03-14 Vendor Homepage: https://www.realtek.com/en/ Tested Version: 700.1631 Vulnerability Type: Unquoted Service Path Tested on OS: Windows 10 Pro x64 es St...
Pharmacy Store Management System 1.0 - 'id' SQL Injection
Exploit Title: Pharmacy Store Management System 1.0 - 'id' SQL Injection Google Dork: N/A Date: 1.12.2020 Exploit Author: Aydın Baran Ertemir Vendor Homepage: https://www.sourcecodester.com/php/13225/pharmacy-store-management-system.html Software Link:...
SolarWinds MSP PME Cache Service 1.1.14 - Insecure File Permissions
Title: SolarWinds MSP PME Cache Service 1.1.14 - Insecure File Permissions Author: Jens Regel, Schneider & Wulf EDV-Beratung GmbH & Co. KG Date: 2020-05-06 Vendor: https://www.solarwindsmsp.com/ CVE: CVE-2020-12608 GitHub: https://github.com/jensregel/Advisories/tree/master/CVE-2020-12608 CVSSv3:...
Mobatek MobaXterm 12.1 - Buffer Overflow (SEH)
Title: Mobatek MobaXterm 12.1 - Buffer Overflow SEH Author: Xavi Beltran Date: 2019-08-31 Vendor: xavibel.com Vedor Page: https://mobaxterm.mobatek.net/download.html Software Link: https://download.mobatek.net/1112019010310554/MobaXtermPortablev11.1.zip Exploit Development process:...
OpenBSD 4.2 - 'rtlabel_id2name()' Local Null Pointer Dereference Denial of Service
/ OpenBSD 4.2 rtlabelid2name SIOCGIFRTLABEL ioctl Null Pointer Dereference local Denial of Service Exploit by Hunger Advisory: http://marc.info/?l=openbsd-security-announce&m=120007327504064 FOR TESTING PURPOSES ONLY! $ uname -mrsv OpenBSD 4.2 GENERIC375 i386 $ id uid=1000hunger gid=1000hunger...
Grav CMS 1.7.48 - Remote Code Execution (RCE)
Exploit Title: Grav CMS 1.7.48 - Remote Code Execution RCE Date: 2025-08-07 Exploit Author: binneko https://github.com/binneko Vendor Homepage: https://getgrav.org/ Software Link: https://github.com/getgrav/grav/releases/tag/1.7.48 Version: Grav CMS v1.7.48 / Admin Plugin v1.10.48 Tested on: Debi...
Microsoft SharePoint Server 2019 (16.0.10383.20020) - Remote Code Execution (RCE)
Exploit Title: Microsoft SharePoint Server 2019 – Remote Code Execution RCE Google Dork: intitle:"Microsoft SharePoint" inurl:"/layouts/15/ToolPane.aspx" Date: 2025-08-07 Exploit Author: Agampreet Singh RedRoot Tool Maker – https://github.com/Agampreet-Singh/RedRoot Vendor Homepage:...
vm2 - sandbox escape
/ Exploit Title: vm2 Sandbox Escape vulnerability Date: 23/12/2023 Exploit Author: Calil Khalil & Adriel Mc Roberts Vendor Homepage: https://github.com/patriksimek/vm2 Software Link: https://github.com/patriksimek/vm2 Version: vm2 = 3.9.19 Tested on: Ubuntu 22.04 CVE : CVE-2023-37466 / const VM =...
GOM Player 2.3.90.5360 - Buffer Overflow (PoC)
Exploit Title: GOM Player 2.3.90.5360 - Buffer Overflow PoC Discovered by: Ahmet Ümit BAYRAM Discovered Date: 30.08.2023 Vendor Homepage: https://www.gomlab.com Software Link: https://cdn.gomlab.com/gretech/player/GOMPLAYERGLOBALSETUPNEW.EXE Tested Version: 2.3.90.5360 latest Tested on: Windows 1...
OutSystems Service Studio 11.53.30 - DLL Hijacking
Exploit Title: OutSystems Service Studio 11.53.30 - DLL Hijacking Date: 2023-08-09 Exploit Author: Carlo Di Dato for Deloitte Risk Advisory Italia Vendor Homepage: https://www.outsystems.com/ Version: Up to 11.53.30 Build 61739 Tested on: Windows CVE : CVE-2022-47636 A DLL hijacking vulnerability...
Air Cargo Management System v1.0 - SQLi
Title: Air Cargo Management System v1.0 - SQLi Author: nu11secur1ty Date: 02.18.2022 Vendor: https://www.sourcecodester.com/users/tips23 Software: https://www.sourcecodester.com/php/15188/air-cargo-management-system-php-oop-free-source-code.html Reference:...
VestaCP 0.9.8 - 'v_interface' Add IP Stored XSS
Title: VestaCP 0.9.8 - 'vinterface' Add IP Stored XSS Date: 07.03.2021 Author: Numan Türle Vendor Homepage: https://vestacp.com Software Link: https://myvestacp.com alert1&vshared=on&vowner=admin&vname=&vnat=&ok=Add...
GLPI 9.5.3 - 'fromtype' Unsafe Reflection
Exploit Title: GLPI 9.5.3 - 'fromtype' Unsafe Reflection Date: 2021-02-13 Exploit Author: Vadym Soroka @Iterasec https://iterasec.com Vendor Homepage: https://glpi-project.org Software Link: https://github.com/glpi-project/glpi/releases Version: =9.5.3 Tested on:v9.5.3, 2021-02-13 Technical...
Covid-19 Contact Tracing System 1.0 - Remote Code Execution (Unauthenticated)
Exploit Title: Covid-19 Contact Tracing System 1.0 - Remote Code Execution Unauthenticated Date: 28-02-2021 Exploit Author: Christian Vierschilling Vendor Homepage: https://www.sourcecodester.com Software Link:...
PaperStream IP (TWAIN) 1.42.0.5685 - Local Privilege Escalation
Exploit Title: PaperStream IP TWAIN 1.42.0.5685 - Local Privilege Escalation Exploit Author: 1F98D Original Author: securifera Date: 12 May 2020 Vendor Hompage: https://www.fujitsu.com/global/support/products/computing/peripheral/scanners/fi/software/fi6x30-fi6x40-ps-ip-twain32.html CVE:...
TP-Link WDR4300 - Remote Code Execution (Authenticated)
Exploit Title: TP-Link WDR4300 - Remote Code Execution Authenticated Date: 2020-08-28 Exploit Author: Patrik Lantz Vendor Homepage: https://www.tp-link.com/se/home-networking/wifi-router/tl-wdr4300/ Version: TL-WDR4300, N750 Wireless Dual Band Gigabit Router Tested on: Firmware version 3.13.33 an...
Microsoft Windows - AppX Deployment Service Local Privilege Escalation (3)
CVE-2019-0841 BYPASS 2 There is a second bypass for CVE-2019-0841. This can be triggered as following: Delete all files and subfolders within "c:\users%username%\appdata\local\packages\Microsoft.MicrosoftEdge8wekyb3d8bbwe" atleast the ones we can delete as user Try to launch edge. It will crash...
Apache Tomcat 11.0.3 - Remote Code Execution
Exploit Title: Apache Tomcat Path Equivalence - Remote Code Execution Exploit Author: Al Baradi Joy CVE: CVE-2025-24813 Date: 2025-04-06 Vendor Homepage: https://tomcat.apache.org/ Software Link: https://tomcat.apache.org/download-90.cgi Version: Apache Tomcat 11.0.3 / 10.1.35 / 9.0.98 Tested on:...
Craft CMS Logs Plugin 3.0.3 - Path Traversal (Authenticated)
Exploit Title: Craft CMS Logs Plugin 3.0.3 - Path Traversal Authenticated Date: 2022.01.26 Exploit Author: Steffen Rogge Vendor Homepage: https://github.com/ethercreative/logs Software Link: https://plugins.craftcms.com/logs Version: =3.0.4 impact: Medium found: 2021-07-06 SEC Consult Vulnerabili...
Affiliate Pro 1.7 - 'Multiple' Cross Site Scripting (XSS)
Exploit Title: Affiliate Pro 1.7 - 'Multiple' Cross Site Scripting XSS Exploit Author: Vulnerability-Lab Date: 05/01/2022 Document Title: =============== Affiliate Pro v1.7 - Multiple Cross Site Vulnerabilities References Source: ====================...
MilleGPG5 5.7.2 Luglio 2021 - Local Privilege Escalation
Exploit Title: MilleGPG5 5.7.2 Luglio 2021 x64 - Local Privilege Escalation Date: 2021-07-19 Author: Alessandro 'mindsflee' Salzano Vendor Homepage: https://millegpg.it/ Software Homepage: https://millegpg.it/ Software Link: https://www.millegpg.it/download/MilleGPGInstall.exe Version: 5.7.2 Test...
Oracle Business Intelligence Enterprise Edition 5.5.0.0.0 / 12.2.1.3.0 / 12.2.1.4.0 - 'getPreviewImage' Directory Traversal/Local File Inclusion
Exploit Title: Oracle Business Intelligence Enterprise Edition 5.5.0.0.0 / 12.2.1.3.0 / 12.2.1.4.0 - 'getPreviewImage' Directory Traversal/Local File Inclusion Date: 2020-10-27 Exploit Author: Ivo Palazzolo @palaziv Reference: https://www.oracle.com/security-alerts/cpuoct2020.html Vendor Homepage...
Joplin 1.0.245 - Arbitrary Code Execution (PoC)
Exploit Title: Joplin 1.0.245 - Arbitrary Code Execution PoC Date: 2020-09-21 Exploit Author: Ademar Nowasky Junior @nowaskyjr Vendor Homepage: https://joplinapp.org/ Software Link: https://github.com/laurent22/joplin/releases/download/v1.0.245/Joplin-Setup-1.0.245.exe Version: 1.0.190 to 1.0.245...
forma.lms 5.6.40 - Cross-Site Request Forgery (Change Admin Email)
Exploit Title: forma.lms 5.6.40 - Cross-Site Request Forgery Change Admin Email Date: 2020-05-21 Exploit Author: Daniel Ortiz Vendor Homepage: https://sourceforge.net/projects/forma/ Tested on: XAMPP for Linux 64bit 5.6.40-0 1 - Description - Vulnerable form: Edit Profile - Details: The validatio...
LibreOffice < 6.2.6 Macro - Python Code Execution (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'LibreOffice Macro Python Code Execution', 'Description' = %q LibreOffice comes bundled with sample macros written in Python and allows the abilit...
Academy LMS 6.2 - Reflected XSS
Exploit Title: Academy LMS 6.2 - Reflected XSS Exploit Author: CraCkEr Date: 29/08/2023 Vendor: Creativeitem Vendor Homepage: https://creativeitem.com/ Software Link: https://demo.creativeitem.com/academy/ Tested on: Windows 10 Pro Impact: Manipulate the content of the site CVE: CVE-2023-4973 CWE...
Wp2Fac - OS Command Injection
Exploit Title: Wp2Fac v1.0 - OS Command Injection Date: 2023-08-27 Exploit Author: Ahmet Ümit BAYRAM Vendor: https://github.com/metinyesil/wp2fac Tested on: Kali Linux & Windows 11 CVE: N/A import requests def sendpostrequesthost, revshell: url = f'http://host/send.php' headers = 'User-Agent':...
CSZ CMS 1.3.0 - Stored Cross-Site Scripting ('Photo URL' and 'YouTube URL' )
Exploit Title: CSZ CMS 1.3.0 - Stored Cross-Site Scripting 'Photo URL' and 'YouTube URL' Date: 2023/08/18 CVE: CVE-2023-38910 Exploit Author: Daniel González Vendor Homepage: https://www.cszcms.com/ Software Link: https://github.com/cskaza/cszcms Version: 1.3.0 Tested on: CSZ CMS 1.3.0 Descriptio...