Alumni Management System 1.0 - Authentication Bypass

Exploit Title: Alumni Management System 1.0 - Authentication Bypass Date: 2020-10-16 Exploit Author: Ankita Pal Vendor Homepage: https://www.sourcecodester.com/php/14524/alumni-management-system-using-phpmysql-source-code.html Software Link:...

Product Key Explorer 4.2.0.0 - 'Name' Denial of Service (POC)

Exploit Title: Product Key Explorer 4.2.0.0 - 'Name' Denial of Service POC Discovery by: SajjadBnd Date: 2019-12-10 Vendor Homepage: http://www.nsauditor.com Software Link: http://www.nsauditor.com/downloads/productkeyexplorersetup.exe Tested Version: 4.2.0.0 Vulnerability Type: Denial of Service...

Cisco Small Business 220 Series - Multiple Vulnerabilities

!/usr/bin/python2.7 """ Subject Realtek Managed Switch Controller RTL83xx PoC 2019 bashis https://www.realtek.com/en/products/communications-network-ics/category/managed-switch-controller Brief description 1. Boa/Hydra suffer of exploitable stack overflow with a 'one byte read-write loop' w/o...

bludit Pages Editor 3.0.0 - Arbitrary File Upload

Exploit Title: bludit Pages Editor 3.0.0 - Arbitrary File Upload Date: 2018-10-02 Google Dork: N/A Exploit Author: BouSalman Vendor Homepage: https://www.bludit.com/ Software Link: N/A Version: 3.0.0 Tested on: Ubuntu 18.04 CVE : 2018-1000811 POST /admin/ajax/upload-files HTTP/1.1 Host:...

JFrog Artifactory < 7.25.4 - Blind SQL Injection

Exploit Title: artifactory low-privileged blind sql injection Google Dork: Date: Exploit Author: ardr Vendor Homepage:https://jfrog.com/help/r/jfrog-release-information/cve-2021-3860-artifactory-low-privileged-blind-sql-injection Software Link:...

mooDating 1.2 - Reflected Cross-site scripting (XSS)

Exploit Title: mooDating 1.2 - Reflected Cross-site scripting XSS Exploit Author: CraCkEr aka skalvin Date: 22/07/2023 Vendor: mooSocial Vendor Homepage: https://moodatingscript.com/ Software Link: https://demo.moodatingscript.com/home Version: 1.2 Tested on: Windows 10 Pro Impact: Manipulate the...

BigTree CMS 4.4.10 - Remote Code Execution

Exploit Title: BigTree CMS 4.4.10 - Remote Code Execution Google Dork: " BigTree CMS " Date: 2020-25-09 Exploit Author: SunCSR ThienNV and HoaVT - Sun Cyber Security Research Vendor Homepage: https://www.bigtreecms.org/ Software Link: https://www.bigtreecms.org/ Version: 4.4.10 Tested on: Windows...

Nanometrics Centaur 4.3.23 - Unauthenticated Remote Memory Leak

Exploit Title: Nanometrics Centaur 4.3.23 - Unauthenticated Remote Memory Leak Date: 2020-02-15 Author: byteGoblin Vendor: https://www.nanometrics.ca Product: https://www.nanometrics.ca/products/accelerometers/titan-sma Product:...

Ivanti Avalanche <v6.4.0.0 - Remote Code Execution

""" Exploit Title: Ivanti Avalanche IIIss'.formatself.namesize, self.valuesize, self.type, self.namesize, self.valuesize, self.name, self.value Create a header structure class HP: def initself, hdr, payload: self.hdr = hdr self.payload = payload self.pad = b'\x00' 16 - lenself.hdr + lenself.paylo...

Online Diagnostic Lab Management System 1.0 - Account Takeover (Unauthenticated)

Exploit Title: Online Diagnostic Lab Management System 1.0 - Account Takeover Unauthenticated Date: 11/01/2022 Exploit Author: Himash Vendor Homepage: https://www.sourcecodester.com/php/15129/online-diagnostic-lab-management-system-php-free-source-code.html Software Link:...

WordPress Plugin Ninja Tables 4.1.7 - Stored Cross-Site Scripting (XSS)

Exploit Title: WordPress Plugin Ninja Tables 4.1.7 - Stored Cross-Site Scripting XSS Date: 25-10-2021 Exploit Author: Akash Rajendra Patil Vendor Homepage: https://wordpress.org/plugins/ninja-tables/ Software Link: https://wpmanageninja.com/downloads/ninja-tables-pro-add-on/ Version: 4.1.7 Tested...

Argus Surveillance DVR 4.0 - Unquoted Service Path

Exploit Title: Argus Surveillance DVR 4.0 - Unquoted Service Path Exploit Author: Salman Asad @deathflash1411 a.k.a LeoBreaker Date: 03.09.2021 Version: Argus Surveillance DVR 4.0 Tested on: Windows 10 Note: "Start as service on Windows Startup" must be enabled in Program Options Proof of Concept...

CMS Made Simple 2.1.6 - 'cntnt01detailtemplate' Server-Side Template Injection

Exploit Title: CMS Made Simple 2.1.6 - 'cntnt01detailtemplate' Server-Side Template Injection Google Dork: N/A Date: 11/10/2017 Exploit Author: Gurkirat Singh Vendor Homepage: http://www.cmsmadesimple.org/ Software Link: N/A Version: 2.1.6 Tested on: Linux CVE : CVE-2017-16783 POC :...

DiskBoss 7.7.14 - 'Input Directory' Local Buffer Overflow (PoC)

Exploit Title: DiskBoss 7.7.14 - 'Input Directory' Local Buffer Overflow PoC Vendor Homepage: https://www.diskboss.com/ Software Link Download: https://github.com/x00x00x00x00/diskboss7.7.14/raw/master/diskbosssetupv7.7.14.exe Exploit Author: Paras Bhatia Discovery Date: 2020-04-01 Vulnerable...

Torrent 3GP Converter 1.51 - Stack Overflow (SEH)

Exploit Title: Torrent 3GP Converter 1.51 - Stack Overflow SEH Exploit Author: boku Date: 2020-01-24 Software Vendor: torrentrockyou Vendor Homepage: http://www.torrentrockyou.com Software Link: http://www.torrentrockyou.com/download/tr3gpconverter.exe Version: Torrent 3GP Converter Version 1.51...

OpenBSD - Dynamic Loader chpass Privilege Escalation (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'OpenBSD Dynamic Loader chpass Privilege Escalation', 'Description' = %q This module exploits a vulnerability in the OpenBSD ld.so dynamic loader...

Apache Pluto 3.0.0 / 3.0.1 - Persistent Cross-Site Scripting

Exploit Title: Stored XSS Date: 25-04-2019 Exploit Author: Dhiraj Mishra Vendor Homepage: https://portals.apache.org/pluto Software Link: https://portals.apache.org/pluto/download.html Version: 3.0.0, 3.0.1 Tested on: Ubuntu 16.04 LTS CVE: CVE-2019-0186 References:...

SimplePress CMS 1.0.7 - SQL Injection

Exploit Title: SimplePress CMS 1.0.7 - SQL Injection Dork: N/A Date: 2019-01-24 Exploit Author: Ihsan Sencan Vendor Homepage: https://sourceforge.net/projects/simplepresscms/ Software Link: https://ayera.dl.sourceforge.net/project/simplepresscms/1.0%20alpha/1.0.7alpha.zip Version: 1.0.7 Category:...

Moodle 2.x/3.x - SQL Injection

Exploit: Moodle SQL Injection via Object Injection Through User Preferences Date: April 6th, 2017 Exploit Author: Marko Belzetski Contact: [email protected] Vendor Homepage: https://moodle.org/ Version: 3.2 to 3.2.1, 3.1 to 3.1.4, 3.0 to 3.0.8, 2.7.0 to 2.7.18 and other unsupported versio...

CSZCMS v1.3.0 - SQL Injection (Authenticated)

Title: CSZCMS v1.3.0 - SQL Injection Authenticated Author: Abdulaziz Almetairy Date: 27/01/2024 Vendor: https://www.cszcms.com/ Software: https://sourceforge.net/projects/cszcms/files/install/CSZCMS-V1.3.0.zip/download Reference: https://github.com/oh-az Tested on: Windows 11, MySQL, Apache 1 - L...

WEBIGniter v28.7.23 File Upload - Remote Code Execution

Title: WEBIGniter v28.7.23 File Upload - Remote Code Execution Author: nu11secur1ty Date: 09/04/2023 Vendor: https://webigniter.net/ Software: https://webigniter.net/demo Reference: https://portswigger.net/web-security/file-upload Description: The media function suffers from file upload...

Microsoft Office 365 Version 18.2305.1222.0 - Elevation of Privilege + RCE.

Title: Microsoft Office 365 Version 18.2305.1222.0 - Elevation of Privilege + RCE. Author: nu11secur1ty Date: 07.18.2023 Vendor: https://www.microsoft.com/ Software: https://www.microsoft.com/en-us/microsoft-365/microsoft-office Reference: https://portswigger.net/web-security/access-control...

OpenClinic GA 5.194.18 - Local Privilege Escalation

Exploit Title: OpenClinic GA 5.194.18 - Local Privilege Escalation Date: 2021-07-24 Author: Alessandro Salzano Vendor Homepage: https://sourceforge.net/projects/open-clinic/ Software Homepage: https://sourceforge.net/projects/open-clinic/ Software Link:...

Dolibarr ERP 11.0.4 - File Upload Restrictions Bypass (Authenticated RCE)

Exploit Title: Dolibarr ERP/CRM 11.0.4 - File Upload Restrictions Bypass Authenticated RCE Date: 16/06/2020 Exploit Author: Andrea Gonzalez Vendor Homepage: https://www.dolibarr.org/ Software Link: https://github.com/Dolibarr/dolibarr Version: Prior to 11.0.5 Tested on: Debian 9.12 CVE :...

Profiling System for Human Resource Management 1.0 - Remote Code Execution (Unauthenticated)

Exploit Title: Profiling System for Human Resource Management 1.0 - Remote Code Execution Unauthenticated Date: 19-03-2021 Exploit Author: Christian Vierschilling Vendor Homepage: https://www.sourcecodester.com Software Link:...

Monitoring System (Dashboard) 1.0 - 'uname' SQL Injection

Exploit Title: Monitoring System Dashboard 1.0 - 'uname' SQL Injection Exploit Author: Richard Jones Date: 2021-01-26 Vendor Homepage: https://www.sourcecodester.com/php/11741/monitoring-system-dashboard.html Software Link:...

Dahua DVR 2.608.0000.0/2.608.GV00.0 - Authentication Bypass (Metasploit)

Dahua DVR Authentication Bypass - CVE-2013-6117 --Summary-- Dahua web-enabled DVRs and rebranded versions do not enforce authentication on their administrative services. Zhejiang Dahua Technology Co., Ltd. http://www.dahuasecurity.com --Affects-- Dahua web-enabled DVRs Dahua-rebranded web-enabled...

Windows TCP/IP - RCE Checker and Denial of Service

!/usr/bin/env python3 -- coding: utf-8 -- Exploit Title: Windows IPv6 CVE-2024-38063 Checker and Denial-Of-Service Date: 2024-08-07 Exploit Author: Photubias Vendor Homepage: https://microsoft.com Vendor Advisory: 1 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38063 Version:...

Devika v1 - Path Traversal via 'snapshot_path'

Exploit Title: Devika v1 - Path Traversal via 'snapshotpath' Parameter Google Dork: N/A Date: 2024-06-29 Exploit Author: Alperen Ergel Contact: @alpernae IG/X Vendor Homepage: https://devikaai.co/ Software Link: https://github.com/stitionai/devika Version: v1 Tested on: Windows 11 Home Edition CV...

Rocket LMS 1.9 - Persistent Cross Site Scripting (XSS)

Title: Rocket LMS 1.9 - Persistent Cross Site Scripting XSS Date: 04/16/2024 Exploit Author: Sergio Medeiros Vendor Homepage: https://codecanyon.net/item/rocket-lms-learning-management-academy-script/33120735 Software Link: https://lms.rocket-soft.org Version: 1.9 Tested on Firefox and Chrome...

Quick CMS v6.7 en 2023 - 'password' SQLi

Title: Quick CMS v6.7 en 2023 - 'password' SQLi Author: nu11secur1ty Date: 03/19/2024 Vendor: https://opensolution.org/ Software: https://opensolution.org/download/home.html?sFile=Quick.Cmsv6.7-en.zip Reference: https://portswigger.net/web-security/sql-injection Description: The password paramete...

Bang Resto v1.0 - Stored Cross-Site Scripting (XSS)

Exploit Title: Bang Resto v1.0 - Stored Cross-Site Scripting XSS Date: 2023-04-02 Exploit Author: Rahad Chowdhury Vendor Homepage: https://www.hockeycomputindo.com/2021/05/restaurant-pos-source-code-free.html Software Link: https://github.com/mesinkasir/bangresto/archive/refs/heads/main.zip...

ApacheOfBiz 17.12.01 - Remote Command Execution (RCE)

Exploit Title: ApacheOfBiz 17.12.01 - Remote Command Execution RCE via Unsafe Deserialization of XMLRPC arguments Date: 2021-08-04 Exploit Author: Álvaro Muñoz, Adrián Díaz s4dbrd Vendor Homepage: https://ofbiz.apache.org/index.html Software Link:...

AppXSvc 17763 - Arbitrary File Overwrite (DoS)

Exploit Title: AppXSvc 17763 - Arbitrary File Overwrite DoS Date: 2019-10-28 Exploit Author: Gabor Seljan Vendor Homepage: https://www.microsoft.com/ Version: 17763.1.amd64fre.rs5release.180914-1434 Tested on: Windows 10 Version 1809 for x64-based Systems CVE: CVE-2019-1476 Summary: AppXSvc...

OpenNetAdmin 18.1.1 - Remote Code Execution

Exploit Title: OpenNetAdmin 18.1.1 - Remote Code Execution Date: 2019-11-19 Exploit Author: mattpascoe Vendor Homepage: http://opennetadmin.com/ Software Link: https://github.com/opennetadmin/ona Version: v18.1.1 Tested on: Linux Exploit Title: OpenNetAdmin v18.1.1 RCE Date: 2019-11-19 Exploit...

Bludit - Directory Traversal Image File Upload (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "Bludit Directory Traversal Image File Upload Vulnerability", 'Description' = %q This module exploits a vulnerability in Bludit. A remote user cou...

pkexec - Race Condition Privilege Escalation

/ Exploit Title: pkexec Race condition CVE-2011-1485 exploit Author: xi4oyu Tested on: rhel 6 CVE : 2011-1485 Linux pkexec exploit by xi4oyu , thx [email protected] Have fun ¡Á U can reach us @ http://www.wooyun.org : / include include include include include include include include include include...

Prison Management System - SQL Injection Authentication Bypass

Exploit : Prison Management System Using PHP -SQL Injection Authentication Bypass Date: 15/03/2024 Exploit Author: Sanjay Singh Vendor Homepage: https://www.sourcecodester.com Software Link:https://www.sourcecodester.com/sql/17287/prison-management-system.html Tested on: Windows ,XAMPP CVE :...

HNAS SMU 14.8.7825 - Information Disclosure

Exploit Title: Hitachi NAS HNAS System Management Unit SMU 14.8.7825 - Information Disclosure CVE: CVE-2023-6538 Date: 2023-12-13 Exploit Author: Arslan Masood @arszilla Vendor: https://www.hitachivantara.com/ Version: --id --sso " Create --host argument: parser.addargument "--host", required=Tru...

WordPress File Upload Plugin < 4.23.3 - Stored XSS

Exploit Title: WordPress File Upload 4.23.3 Stored XSS CVE 2023-4811 Date: 18 December 2023 Exploit Author: Faiyaz Ahmad Vendor Homepage: https://wordpress.com/ Version: 4.23.3 CVE : CVE 2023-4811 Proof Of Concept: 1. Login to the wordpress account 2. Add the following shortcode to a post in "Fil...

News Portal v4.0 - SQL Injection (Unauthorized)

Exploit Title: News Portal v4.0 - SQL Injection Unauthorized Date: 09/07/2023 Exploit Author: Hubert Wojciechowski Contact Author: [email protected] Vendor Homepage: https://phpgurukul.com/news-portal-project-in-php-and-mysql/c Software Link:...

Xerte 3.10.3 - Directory Traversal (Authenticated)

Exploit Title: Xerte 3.10.3 - Directory Traversal Authenticated Date: 05/03/2021 Exploit Author: Rik Lutz Vendor Homepage: https://xerte.org.uk Software Link: https://github.com/thexerteproject/xerteonlinetoolkits/archive/refs/heads/3.9.zip Version: up until 3.10.3 Tested on: Windows 10 XAMP CVE ...

Eclipse Mosquitto MQTT broker 2.0.9 - 'mosquitto' Unquoted Service Path

Exploit Title: Eclipse Mosquitto MQTT broker 2.0.9 - 'mosquitto' Unquoted Service Path Discovery by: Riadh Bouchahoua Discovery Date: 19-03-2021 Vendor Homepage: https://mosquitto.org/ Software Links : https://mosquitto.org/download/ Tested Version: 2.0.9 Vulnerability Type: Unquoted Service Path...

Extreme Networks Aerohive HiveOS 11.0 - Remote Denial of Service (PoC)

Exploit title : Extreme Networks Aerohive HiveOS 11.0 - Remote Denial of Service PoC Exploit Author : LiquidWorm Date : 2020-05-06 Vendor: Extreme Networks Product web page: https://www.extremenetworks.com Datasheet: https://www.aerohive.com/wp-content/uploads/AerohiveDatasheetHiveOS.pdf Affected...

SharePoint Workflows - XOML Injection (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'SharePoint Workflows XOML Injection', 'Description' = %q This module exploits a vulnerability within SharePoint and its .NET backend that allows ...

qdPM < 9.1 - Remote Code Execution

!/usr/bin/python ------------------------------------------------------------------------------------- Title: qdPM Webshell Upload + RCE Exploit qdPMv9.1 and below CVE-2020-7246 Author: Tobin Shields @TobinShields Description: This is an exploit to automatically upload a PHP web shell to the qdPM...

Microsoft Windows 7/8.1/2008 R2/2012 R2/2016 R2 - 'EternalBlue' SMB Remote Code Execution (MS17-010)

!/usr/bin/python from impacket import smb, smbconnection from mysmb import MYSMB from struct import pack, unpack, unpackfrom import sys import socket import time ''' MS17-010 exploit for Windows 2000 and later by sleepya EDB Note: mysmb.py can be found here...

TVT TD-2308SS-B DVR - Directory Traversal

Exploit Title: TVT TD-2308SS-B DVR directory traversal Shodan Dork: "Cross Web Server" Date: 01 Dec 2013 Disclosure date: 10 Sep 2013 Exploit Author: Cesar Neira Vendor Homepage: http://en.tvt.net.cn/ Affected Firmware Versions: 3.1.43.B 3.1.43.P 3.1.6.P-1.0.2.1-03 3.1.75.B-1.0.2.1-00...

GLiNet - Router Authentication Bypass

DZONERZY Security Research GLiNet: Router Authentication Bypass ======================================================================== Contents ======================================================================== 1. Overview 2. Detailed Description 3. Exploit 4. Timeline...

GYM MS - GYM Management System - Cross Site Scripting (Stored)

Exploit Title: GYM MS - GYM Management System - Cross Site Scripting Stored Date: 29/09/2023 Vendor Homepage: https://phpgurukul.com/gym-management-system-using-php-and-mysql/ Software Link: https://phpgurukul.com/projects/GYM-Management-System-using-PHP.zip Version: 1.0 Last Update: 31 August 20...