47904 matches found
GDidees CMS 3.9.1 - Local File Disclosure
Exploit Title: GDidees CMS 3.9.1 - Local File Disclosure Date : 03/27/2023 Exploit Author : Hadi Mene Vendor Homepage : https://www.gdidees.eu/ Software Link : https://www.gdidees.eu/cms-1-0.html Version : 3.9.1 and earlier Tested on : Debian 11 CVE : CVE-2023-27179 Summary: GDidees CMS v3.9.1 an...
Human Resource Information System 0.1 - Remote Code Execution (Unauthenticated)
Exploit Title: Human Resource Information System 0.1 - Remote Code Execution Unauthenticated Date: 04-05-2021 Exploit Author: Reza Afsahi Vendor Homepage: https://www.sourcecodester.com Software Link:...
LiteSpeed Web Server Enterprise 5.4.11 - Command Injection (Authenticated)
Exploit Title: LiteSpeed Web Server Enterprise 5.4.11 - Command Injection Authenticated Date: 05/20/2021 Exploit Author: cmOs - SunCSR Vendor Homepage: https://www.litespeedtech.com/ Software Link: https://www.litespeedtech.com/products Version: 5.4.11 Ubuntu/Kali Linux Step 1: Log in to the...
Employee Record System 1.0 - Unrestricted File Upload to Remote Code Execution
Exploit Title: Employee Record System 1.0 - Unrestricted File Upload to Remote Code Execution Exploit Author: Saeed Bala Ahmed r0b0tG4nG Date: 2021-01-05 Vendor Homepage: https://www.sourcecodester.com/php/14588/employee-record-system-phpmysqli-full-source-code.html Software Link:...
Responsive E-Learning System 1.0 - 'id' Sql Injection
Exploit Title: Responsive E-Learning System 1.0 – 'id' Sql Injection Date: 2020-12-24 Exploit Author: Kshitiz Rajmanitorpotterk Vendor Homepage: https://www.sourcecodester.com/php/5172/responsive-e-learning-system.html Software Link:...
Nextcloud 17 - Cross-Site Request Forgery
Exploit Title: Nextcloud 17 - Cross-Site Request Forgery Date: 08.11.2019 Exploit Author: Ozer Goker Vendor Homepage: https://nextcloud.com Software Link: https://nextcloud.com/install/instructions-server Version: 17 CVE: N/A Nextcloud offers the industry-leading, on-premises content collaboratio...
Microsoft Windows Kernel - Out-of-Bounds Read in nt!MiRelocateImage While Parsing Malformed PE File
We have encountered a Windows kernel crash in memcpy called by nt!MiRelocateImage while trying to load a malformed PE image into the process address space as a data file i.e. LoadLibraryExLOADLIBRARYASDATAFILE | LOADLIBRARYASIMAGERESOURCE. An example crash log generated after triggering the bug i...
Dolibarr ERP-CRM 10.0.1 - 'User-Agent' Cross-Site Scripting
Exploit Title: Dolibarr ERP/CRM 10.0.1 - User-Agent Http Header Cross Site Scripting Exploit Author: Metin Yunus Kandemir kandemir Vendor Homepage: https://www.dolibarr.org/ Software Link: https://www.dolibarr.org/downloads Version: 10.0.1 Category: Webapps Tested on: Xampp for Linux CVE:...
QNAP - Admin Shell via Bash Environment Variable Code Injection (Metasploit)
Exploit Title: QNAP admin shell via Bash Environment Variable Code Injection Date: 7 February 2015 Exploit Author: Patrick Pellegrino | [email protected] work / [email protected] other Employer homepage: http://www.securegroup.it Vendor...
JUX Real Estate 3.4.0 - SQL Injection
Exploit Title: JUX Real Estate 3.4.0 - SQL Injection Exploit Author: CraCkEr Date: 26/02/2025 Vendor: JoomlaUX Vendor Homepage: https://joomlaux.com/ Software Link: https://extensions.joomla.org/extension/jux-real-estate/ Demo Link: http://demo.joomlaux.com/jux-real-estate Tested on: Windows 11 P...
GL.iNet AR300M v3.216 Remote Code Execution - CVE-2023-46456 Exploit
!/usr/bin/env python3 Exploit Title: GL.iNet = 3.216 Remote Code Execution via OpenVPN Client Google Dork: intitle:"GL.iNet Admin Panel" Date: XX/11/2023 Exploit Author: Michele 'cyberaz0r' Di Bonaventura Vendor Homepage: https://www.gli-net.com Software Link:...
Wordpress Seotheme - Remote Code Execution Unauthenticated
Exploit Title: Wordpress Seotheme - Remote Code Execution Unauthenticated Date: 2023-09-20 Author: Milad Karimi Ex3ptionaL Category : webapps Tested on: windows 10 , firefox import sys , requests, re from multiprocessing.dummy import Pool from colorama import Fore from colorama import init...
TASKHUB-2.8.8 - XSS-Reflected
Title: TASKHUB-2.8.8-XSS-Reflected Author: nu11secur1ty Date: 09/22/2023 Vendor: https://codecanyon.net/user/infinitietech Software: https://codecanyon.net/item/taskhub-project-management-finance-crm-tool/25685874 Reference: https://portswigger.net/web-security/cross-site-scripting Description: T...
Dingtian-DT-R002 3.1.276A - Authentication Bypass
Exploit Title: Dingtian-DT-R002 3.1.276A - Authentication Bypass Google Dork: NA Date: 13th July 2022 Exploit Author: Victor Hanna Trustwave SpiderLabs Author Github Page: https://9lyph.github.io/CVE-2022-29593/ Vendor Homepage: https://www.dingtian-tech.com/enus/relay4.html Software Link:...
Telesquare TLR-2855KS6 - Arbitrary File Creation
Exploit Title: Telesquare TLR-2855KS6 - Arbitrary File Creation Date: 7/4/2022 Exploit Author: Momen Eldawakhly Cyber Guy Vendor Homepage: http://www.telesquare.co.kr/ Version: TLR-2855KS6 Tested on: Linux Firefox CVE : CVE-2021-46418 Proof of Concept PUT /cgi-bin/testingcve.txt HTTP/1.1 Host:...
Exam Reviewer Management System 1.0 - ‘id’ SQL Injection
Exploit Title: Exam Reviewer Management System 1.0 - ‘id’ SQL Injection Date: 2022-02-18 Exploit Author: Juli Agarwal@agarwaljuli Vendor Homepage: https://www.sourcecodester.com/php/15160/simple-exam-reviewer-management-system-phpoop-free-source-code.html Software Link:...
Hospitals Patient Records Management System 1.0 - 'room_list' Stored Cross Site Scripting (XSS)
Exploit Title: Hospitals Patient Records Management System 1.0 - 'roomlist' Stored Cross Site Scripting XSS Exploit Author: Sant268 Vendor Homepage: https://www.sourcecodester.com/ Software Link:...
WordPress Plugin AccessPress Social Icons 1.8.2 - 'icon title' Stored Cross-Site Scripting (XSS)
Exploit Title: WordPress Plugin AccessPress Social Icons 1.8.2 - 'icon title' Stored Cross-Site Scripting XSS Date: 11/12/2021 Exploit Author: Murat DEMIRCI @butterflyhunt3r Vendor Homepage: https://accesspressthemes.com/ Software Link: https://wordpress.org/plugins/accesspress-social-icons/...
Ericsson Network Location MPS GMPC21 - Privilege Escalation (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Ericsson Network Location MPS - Privilege Escalation Meow Variant', 'Description' = %q This module exploits privilege escalation vulnerability in...
Men Salon Management System 1.0 - SQL Injection Authentication Bypass
Exploit Title: Men Salon Management System 1.0 - SQL Injection Authentication Bypass Date: 2021-07-30 Exploit Author: Akshay Khanna ConfusedBot Vendor Homepage: https://phpgurukul.com/men-salon-management-system-using-php-and-mysql/ Software Link:...
ASUS DisplayWidget Software 3.4.0.036 - 'ASUSDisplayWidgetService' Unquoted Service Path
Exploit Title: ASUS DisplayWidget Software 3.4.0.036 - 'ASUSDisplayWidgetService' Unquoted Service Path Date: 2021-06-21 Exploit Author: Julio Aviña Vendor Homepage: https://www.asus.com/ Software Link: https://dlcdnets.asus.com/pub/ASUS/LCD%20Monitors/MB16ACE/ASUSDisplayWidget3.4.0.036.exe.zip...
YetiShare File Hosting Script 5.1.0 - 'url' Server-Side Request Forgery
Title: YetiShare File Hosting Script 5.1.0 - 'url' Server-Side Request Forgery Date: 09.01.2021 Author: Numan Türle Vendor Homepage: https://mfscripts.com Software Link: https://yetishare.com Version: v5.1.0 Tested on: YetiShare - File Hosting Script v5.1.0, Php Version : 7.4 Summary ---------...
Macs Framework 1.14f CMS - Persistent Cross-Site Scripting
Title: Macs Framework 1.14f CMS - Persistent Cross-Site Scripting Author: Vulnerability Laboratory Date: 2020-04-15 Software Link: https://sourceforge.net/projects/macs-framework/files/latest/download CVE: N/A Document Title: =============== Macs Framework v1.14f CMS - Multiple Web Vulnerabilitie...
QNAP NetBak Replicator 4.5.6.0607 - 'QVssService' Unquoted Service Path
Exploit Title: QNAP NetBak Replicator 4.5.6.0607 - 'QVssService' Unquoted Service Path Discovery Date: 2019-11-05 Exploit Author: Ivan Marmolejo Vendor Homepage: https://www.qnap.com/en/ Software Link: https://www.qnap.com/en/download Version: 4.5.6.0607 Vulnerability Type: Local Tested on: Windo...
WordPress Frontend Login and Registration Blocks Plugin 1.0.7 - Privilege Escalation
Exploit Title: WordPress Frontend Login and Registration Blocks Plugin 1.0.7 - Privilege Escalation Google Dork: inurl:/wp-content/plugins/frontend-login-and-registration-blocks/ Date: 2025-05-12 Exploit Author: Md Shoriful Islam RootHarpy Vendor Homepage:...
FoxCMS 1.2.5 - Remote Code Execution (RCE)
Date: 2025-04-17 Exploit Title: Exploit Author: VeryLazyTech Vendor Homepage: https://www.foxcms.org/ Software Link: https://www.foxcms.cn/ Version: FoxCMS v.1.2.5 Tested on: Ubuntu 22.04, Windows Server 2019 CVE: CVE-2025-29306 Website: https://www.verylazytech.com !/bin/bash banner cat " exit 1...
File Manager Advanced Shortcode 2.3.2 - Unauthenticated Remote Code Execution (RCE)
Exploit Title: File Manager Advanced Shortcode 2.3.2 - Unauthenticated Remote Code Execution RCE Date: 05/31/2023 Exploit Author: Mateus Machado Tesser Vendor Homepage: https://advancedfilemanager.com/ Version: File Manager Advanced Shortcode 2.3.2 Tested on: Wordpress 6.1 / Linux Ubuntu 5.15 CVE...
TLR-2005KSH - Arbitrary File Upload
Exploit Title: TLR-2005KSH - Arbitrary File Upload Date: 2022-05-11 Shodan Dork: title:"Login to TLR-2021" Exploit Author: Ahmed Alroky Author Company : Aiactive Version: 1.0.0 Vendor home page : http://telesquare.co.kr/ Authentication Required: No Tested on: Windows CVE: CVE-2021-45428...
WordPress Plugin Survey & Poll 1.5.7.3 - 'sss_params' SQL Injection (2)
Exploit Title: WordPress Plugin Survey & Poll 1.5.7.3 - 'sssparams' SQL Injection 2 Date: 2021-09-07 Exploit Author: Mohin Paramasivam Shad0wQu35t Vendor Homepage: http://modalsurvey.pantherius.com/ Software Link: https://downloads.wordpress.org/plugin/wp-survey-and-poll.zip Version: 1.5.7.3 Test...
WordPress Plugin WP24 Domain Check 1.6.2 - 'fieldnameDomain' Stored Cross Site Scripting
Exploit Title: WordPress Plugin WP24 Domain Check 1.6.2 - 'fieldnameDomain' Stored Cross Site Scripting Date: 2021-01-03 Exploit Author: Mehmet Kelepçe / Gais Cyber Security Vendor Homepage: https://wordpress.org/plugins/wp24-domain-check/ Software Link:...
Syncplify.me Server! 5.0.37 - 'SMWebRestServicev5' Unquoted Service Path
Exploit Title: Syncplify.me Server! 5.0.37 - 'SMWebRestServicev5' Unquoted Service Path Date: 2020-11-08 Exploit Author: Julio Aviña Vendor Homepage: https://www.syncplify.me/ Software Link: https://download.syncplify.me/SMServerSetup.exe Version: 5.0.37 Tested on: Windows 10 Pro x64 es...
HP WMI Service 1.4.8.0 - 'HPWMISVC.exe' Unquoted Service Path
Exploit Title: HP WMI Service 1.4.8.0 - 'HPWMISVC.exe' Unquoted Service Path Discovery by: Jocelyn Arenas Discovery Date: 2020-11-07 Vendor Homepage: https://www8.hp.com/mx/es/home.html Tested Version: 1.4.8.0 Vulnerability Type: Unquoted Service Path Tested on OS: Windows 10 Home x64 es Step to...
Exploit - EPSON 1.124 - 'seksmdb.exe' Unquoted Service Path
Exploit Title: EPSON 1.124 - 'seksmdb.exe' Unquoted Service Path Discovery by: İsmail Önder Kaya Discovery Date: 2020-10-27 Vendor Homepage: https://www.epson.co.uk/support?productID=10820&os=22driversandmanuals Tested Version: 1.124 Vulnerability Type: Unquoted Service Path Tested on OS: Windows...
Textpattern CMS 4.6.2 - Cross-site Request Forgery
Exploit Title: Textpattern CMS 4.6.2 - Cross-site Request Forgery Exploit Author: Alperen Ergel Contact: @alprenae Software Homepage: https://textpattern.com/ Version : 4.6.2 Tested on: windows 10 / xammp Category: WebApp Google Dork: intext:"Published with Textpattern CMS" Date: 2020-10-29...
Zoo Management System 1.0 - Authentication Bypass
Exploit Title: Zoo Management System 1.0 - Authentication Bypass Date: 02/10/2020 Exploit Author: Jyotsna Adhana Vendor Homepage: https://phpgurukul.com/zoo-management-system-using-php-and-mysql/ Software Link: https://phpgurukul.com/?smdprocessdownload=1&downloadid=12723 Version: 1.0 Tested On:...
McAfee Agent 5.7.6 - Insecure Storage of Sensitive Information
Exploit Title: McAfee Agent 5.7.6 - Insecure Storage of Sensitive Information Date: 24 June 2025 Exploit Author: Keenan Scott Vendor Homepage: hxxps://www.mcafee.com/ Software Download: N/A Unable to find Version: Arguments CmdletBinding param string$DbSource =...
Kmaleon 1.1.0.205 - 'tipocomb' SQL Injection (Authenticated)
Exploit Title: Kmaleon 1.1.0.205 - 'tipocomb' SQL Injection Authenticated Google Dork: intitle: "Inicio de Sesión - Kmaleon" Date: 2021-11-05 Exploit Author: Amel BOUZIANE-LEBLOND Vendor Homepage: https://www.levelprograms.com Software Link: https://www.levelprograms.com/kmaleon-abogados/ Version...
WordPress 5.0.0 - Image Remote Code Execution
Exploit Title: WordPress 5.0.0 - Image Remote Code Execution Date: 2020-02-01 Exploit Authors: OUSSAMA RAHALI aka V0lck3r Discovery Author : RIPSTECH Technology Version: WordPress 5.0.0 and :/ ' printusage url = sys.argv1 username = sys.argv2 password = sys.argv3 wptheme = sys.argv4 wpscan result...
Joomla! 3.4.6 - 'configuration.php' Remote Code Execution
Exploit Title: Joomla 3.4.6 - 'configuration.php' Remote Code Execution Google Dork: N/A Date: 2019-10-02 Exploit Author: Alessandro Groppo @Hacktive Security Vendor Homepage: https//www.joomla.it/ Software Link: https://downloads.joomla.org/it/cms/joomla3/3-4-6 Version: 3.0.0 -- 3.4.6 Tested on:...
Ovidentia 8.4.3 - SQL Injection
------------------------------------------------------- Exploit Title: Ovidentia CMS - SQL Injection Authenticated Date: 06/05/2019 CVE: CVE-2019-13978 Exploit Author: Fernando Pinheiro n3k00n3 Victor Flores UserX Vendor Homepage: https://www.ovidentia.org/ Version: 8.4.3 Tested on: Mac,linux -...
μTorrent (uTorrent) Classic/Web - JSON-RPC Remote Code Execution / Information Disclosure
By default, utorrent create an HTTP RPC server on port 10000 uTorrent classic or 19575 uTorrent web. There are numerous problems with these RPC servers that can be exploited by any website using XMLHTTPRequest. To be clear, visiting any website is enough to compromise these applications. uTorrent...
Microsoft Windows 2003 SP2 - 'ERRATICGOPHER' SMB Remote Code Execution
!/usr/bin/env python -- coding: utf-8 -- By Victor Portal vportal for educational porpouse only This exploit is the python version of the ErraticGopher exploit probably with some modifications. ErraticGopher exploits a memory corruption seems to be a Heap Overflow in the Windows DCE-RPC Call...
Adobe ColdFusion - Directory Traversal
Working GET request courtesy of carnal0wnage: http://server/CFIDE/administrator/enter.cfm?locale=../../../../../../../../../../ColdFusion8/lib/password.properties%00en LLsecurity added another admin page filename: "/CFIDE/administrator/enter.cfm" !/usr/bin/python CVE-2010-2861 - Adobe ColdFusion...
Gibbon LMS < v26.0.00 - Authenticated RCE
Exploit Title: Gibbon LMS has a PHP Deserialization vulnerability on the v26.0.00 version Date: 22.01.2024 Exploit Author: SecondX.io Research TeamAli Maharramli,Fikrat Guliev,Islam Rzayev Vendor Homepage: https://gibbonedu.org/ Software Link: https://github.com/GibbonEdu/core Version: v26.0.00...
Sielco Analog FM Transmitter 2.12 - Cross-Site Request Forgery
!-- Exploit Title: Sielco Analog FM Transmitter 2.12 - Cross-Site Request Forgery Exploit Author: LiquidWorm Sielco Analog FM Transmitter 2.12 Cross-Site Request Forgery Vendor: Sielco S.r.l Product web page: https://www.sielco.org Affected version: 2.12 EXC5000GX 2.12 EXC120GX 2.11 EXC300GX 2.10...
WordPress Plugin Advanced Uploader 4.2 - Arbitrary File Upload (Authenticated)
Exploit Title: WordPress Plugin Advanced Uploader 4.2 - Arbitrary File Upload Authenticated Google Dork: - Date: 2022-03-13 Exploit Author: Roel van Beurden Vendor Homepage: - Software Link: https://downloads.wordpress.org/plugin/advanced-uploader.4.2.zip Version: =4.2 Tested on: WordPress 5.9 on...
Engineers Online Portal 1.0 - 'id' SQL Injection
Exploit Title: Engineers Online Portal 1.0 - 'id' SQL Injection Exploit Author: Alon Leviev Date: 22-10-2021 Category: Web application Vendor Homepage: https://www.sourcecodester.com/php/13115/engineers-online-portal-php.html Software Link:...
Billing System Project 1.0 - Remote Code Execution (RCE) (Unauthenticated)
Exploit Title: Billing System Project 1.0 - Remote Code Execution RCE Unauthenticated Date: 06.07.2021 Exploit Author: Talha DEMİRSOY Software Link: https://www.sourcecodester.com/php/14831/billing-system-project-php-source-code-free-download.html Version: V 1.0 Tested on: Linux & Windows import...
Responsive FileManager 9.13.4 - 'path' Path Traversal
Exploit Title: Responsive FileManager 9.13.4 - 'path' Path Traversal Date: 12/12/2018 PoC Date: 04/01/2020 Auto Exploit Exploit Author: SunCSR Sun Cyber Security Research Google Dork: intitle:"Responsive FileManager 9.x.x" Vendor Homepage: http://responsivefilemanager.com/ Software Link:...
Fastweb Fastgate 0.00.81 - Remote Code Execution
Exploit Title: Fastweb Fastgate 0.00.81 - Remote Code Execution Date: 2019-11-13 Exploit Author: Riccardo Gasparini Vendor Homepage: https://www.fastweb.it/ Software Link: http://59.0.121.191:8080/ACS-server/file/0.00.81FW200Askey only from Fastweb ISP network Version: 0.00.81 Tested on: Linux CV...