Online ID Generator 1.0 - Remote Code Execution (RCE)

Title: Online ID Generator 1.0 - Remote Code Execution RCE Author: nu11secur1ty Date: 08/31/2023 Vendor: https://www.youtube.com/watch?v=JdB9po5DTc Software: https://www.sourcecodester.com/sites/default/files/download/oretnom23/idgenerator0.zip Reference:...

KodExplorer v4.51.03 - Pwned-Admin File-Inclusion - Remote Code Execution (RCE)

Title: KodExplorer v4.51.03 - Pwned-Admin File-Inclusion - Remote Code Execution RCE Author: nu11secur1ty Date: 04.30.2023 Vendor: https://kodcloud.com/ Software: https://github.com/kalcaddle/KodExplorer/releases/tag/4.51.03 Reference: https://portswigger.net/web-security/file-upload Description:...

Icinga Web 2.10 - Arbitrary File Disclosure

!/usr/bin/env python3 Exploit Title: Icinga Web 2.10 - Arbitrary File Disclosure Date: 2023-03-19 Exploit Author: Jacob Ebben Vendor Homepage: https://icinga.com/ Software Link: https://github.com/Icinga/icingaweb2 Version: 2.8.6, 2.9.6, 2.10 Tested on: Icinga Web 2 Version 2.9.2 on Linux CVE:...

MyBB 1.8.32 - Remote Code Execution (RCE) (Authenticated)

Exploit Title: MyBB 1.8.32 - Chained LFI Remote Code Execution RCE Authenticated Date: 2023-01-19 Exploit Author: lUc1f3r11 https://github.com/FDlucifer Vendor Homepage: https://mybb.com/ Software Link: https://github.com/mybb/mybb/releases/tag/mybb1832 Version: MyBB 1.8.32 Tested on: Linux CVE :...

OpenBMCS 2.4 - SQLi (Authenticated)

Exploit Title: OpenBMCS 2.4 - SQLi Authenticated Exploit Author: LiquidWorm Date: 26/10/2021 OpenBMCS 2.4 Authenticated SQL Injection Vendor: OPEN BMCS Product web page: https://www.openbmcs.com Affected version: 2.4 Summary: Building Management & Controls System BMCS. No matter what the size of...

Anchor CMS 0.12.7 - 'markdown' Stored Cross-Site Scripting

Exploit Title: Anchor CMS 0.12.7 - 'markdown' Stored Cross-Site Scripting Date: 2021-10-01 Exploit Author: Ramazan Mert GÖKTEN Vendor Homepage: anchorcms.com Vulnerable Software: https://github.com/anchorcms/anchor-cms/releases/download/0.12.7/anchor-cms-0.12.7-bundled.zip Affected Version: 0.12....

Victor CMS 1.0 - 'user_firstname' Persistent Cross-Site Scripting

Exploit Title: Victor CMS 1.0 - 'userfirstname' Persistent Cross-Site Scripting Google Dork: N/A Date: 2020-06-28 Exploit Author: Anushree Priyadarshini Vendor Homepage: https://github.com/VictorAlagwu/CMSsite Software Link:https://github.com/VictorAlagwu/CMSsite/archive/master.zip Version: 1.0...

KeePass 2.44 - Denial of Service (PoC)

Exploit Title : KeePass 2.44 - Denial of Service PoC Product : KeePass Password Safe Version : Help About KeePass Help any local help area Drag&Drop HTML File Save the contents to html. Payload-1: DoS & Run Cmd //=0;i-- tryo+=x.c" + "harAti;catchereturn o;f"\"function fx,yvar i,o=\"\\\""+...

October CMS - Upload Protection Bypass Code Execution (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'October CMS Upload Protection Bypass Code Execution', 'Description' = %q This module exploits an Authenticated user with permission to upload and...

Ahsay Backup 7.x - 8.1.1.50 - XML External Entity Injection

Unauthenticated XML External Entity XXE in Ahsay Backup v7.x - v8.1.0.50. Date: 26-6-2019 Exploit Author: Wietse Boonstra Vendor Homepage: https://ahsay.com Software Link: http://ahsay-dn.ahsay.com/v8/81050/cbs-win.exe Version: 7.x %remote;%intern; %trick; On http://attacker/oob add the following...

Microsoft Windows - UAC Protection Bypass (Via Slui File Handler Hijack) (PowerShell)

Interactive Version: function SluiHijackBypass Param ParameterMandatory=$True String$command, ValidateSet64,86 int$arch = 64 Create registry structure New-Item "HKCU:\Software\Classes\exefile\shell\open\command" -Force Set-ItemProperty -Path "HKCU:\Software\Classes\exefile\shell\open\command" -Na...

Linux/x86 - execve(/bin/sh) Shellcode (18 bytes)

Linux/x86 - execve/bin/sh Shellcode 18 bytes. Shellcode exploit for Linuxx86 platform / Linux/x86 - execve /bin/sh shellcode 18 bytes Author: Anurag Srivastava Tested on: i686 GNU/Linux Shellcode Length: 18 Disassembly of section .text: 08048060 : 8048060: 6a 0b push 0xb 8048062: 58 pop eax...

Parrot and DJI variants Drone OSes - Kernel Panic Exploit

!/usr/bin/env python3 Exploit Title: Parrot and DJI variants Drone OSes - Kernel Panic Exploit Author: Mohammed Idrees Banyamer Instagram: @banyamersecurity GitHub: https://github.com/mbanyamer Date: 2025-06-10 Tested on: Parrot QRD, Parrot Alpha-M, DJI QRD, DJI Alpha-M CVE: CVE-2025-37928 Type:...

WebFileSys 2.31.0 - Directory Path Traversal

Exploit Title: WebFileSys 2.31.0 - Directory Path Traversal in relPath Parameter Date: Nov 25, 2024 Exploit Author: Korn Chaisuwan, Charanin Thongudom, Pongtorn Angsuchotmetee Vendor Homepage: http://www.webfilesys.de/webfilesys-home/index.html Software Link:...

Typecho 1.3.0 - Stored Cross-Site Scripting (XSS)

Exploit Title: Typecho 1.3.0 - Stored Cross-Site Scripting XSS Google Dork: intext:"Powered by Typecho" inurl:/index.php Date: 18/08/2024 Exploit Author: Michele 'cyberaz0r' Di Bonaventura Vendor Homepage: https://typecho.org Software Link: https://github.com/typecho/typecho Version: 1.3.0 Tested...

iboss Secure Web Gateway - Stored Cross-Site Scripting (XSS)

Exploit Title: iboss Secure Web Gateway - Stored Cross-Site Scripting XSS Date: 4/4/2024 Exploit Author: modrnProph3t Vendor Homepage: https://www.iboss.com Version: userName=TEST&x=TEST&action=login&redirectUrl= 3. Insert XSS payload into the "redirectUrl" parameter Example of request with...

MCL-Net 4.3.5.8788 - Information Disclosure

Exploit Title: MCL-Net 4.3.5.8788 - Information Disclosure Date: 5/31/2023 Exploit Author: Victor A. Morales, GM Sectec Inc. Vendor Homepage: https://www.mcl-mobilityplatform.com/net.php Version: 4.3.5.8788 other versions may be affected Tested on: Microsoft Windows 10 Pro CVE: CVE-2023-34834...

Zenphoto 1.6 - Multiple stored XSS

Exploit Title: Zenphoto 1.6 - Multiple stored XSS Application: Zenphoto-1.6 xss poc Version: 1.6 Bugs: XSS Technology: PHP Vendor URL: https://www.zenphoto.org/news/zenphoto-1.6/ Software Link: https://github.com/zenphoto/zenphoto/archive/v1.6.zip Date of found: 01-05-2023 Author: Mirabbas Ağalar...

HPE Edgeline Infrastructure Manager 1.0 - Multiple Remote Vulnerabilities

Exploit Title: HPE Edgeline Infrastructure Manager 1.0 - Multiple Remote Vulnerabilities Date: 12-28-2020 Exploit Author: Jeremy Brown Vendor Homepage: https://support.hpe.com/hpsc/swd/public/detail?swItemId=MTXf62aaafe780a496dad6d28621a Software Link:...

SunOS 5.10 Generic_147148-26 - Local Privilege Escalation

Exploit: SunOS 5.10 Generic147148-26 - Local Privilege Escalation Date: 2020-01-15 Author: Marco Ivaldi Vendor: www.oracle.com Software Link: https://www.oracle.com/technetwork/server-storage/solaris10/downloads/latest-release/index.html CVE: CVE-2020-2696 / raptordtsessionipa.c - CDE dtsession L...

Cisco DCNM JBoss 10.4 - Credential Leakage

Exploit Title: Cisco DCNM JBoss 10.4 - Credential Leakage Date: 2020-01-06 Exploit Author: Harrison Neal Vendor Homepage: https://www.cisco.com/ Software Link: https://software.cisco.com/download/home/281722751/type/282088134/release/10.42 Version: 10.42 CVE: CVE-2019-15999 You'll need a few .jar...

TexasSoft CyberPlanet 6.4.131 - 'CCSrvProxy' Unquoted Service Path

Exploit Title: TexasSoft CyberPlanet 6.4.131 - 'CCSrvProxy' Unquoted Service Path Date: 2019-11-28 Exploit Author: Cristian Ayala G Vendor Homepage: https://tenaxsoft.com/index.html Software Link: https://tenaxsoft.com/descargas.html Version: 6.4.131 Tested on: Windows 10 Pro x64 Step to discover...

Adobe Acrobat Reader DC for Windows - Use of Uninitialized Pointer due to Malformed JBIG2Globals Stream

We have observed the following access violation exception in the latest version of Adobe Acrobat Reader DC for Windows, when opening a malformed PDF file: --- cut --- 88e4.30f4: Access violation - code c0000005 first chance First chance exceptions are reported before any exception handling. This...

WinRAR 5.80 (x64) - Denial of Service

Exploit Title: winrar 5.80 64bit - Denial of Service Date: 2019-10-19 Exploit Author: alblalawi Vendor Homepage: https://win-rar.com/fileadmin/winrar-versions/winrar-x64-58b2.exe Version: 5.80 Tested on: Microsoft Windows Version 10.0.18362.418 64bit 1- open winrar or any file.rar 2- help 3- help...

Easy File Sharing Web Server 7.2 - 'New User' Local Overflow (SEH)

!/usr/bin/python Exploit Title: Easy File Sharing Web Server 7.2 local SEH overflow Date: 9/23/2019 Exploit Author: x00pwn Vendor Homepage: http://www.sharing-file.com/ Software Link: http://www.sharing-file.com/efssetup.exe Version: 7.2 Tested on: Windows 7 Exploit summary: When adding a new use...

OTRS 5.0.x/6.0.x - Remote Command Execution (1)

Exploit Title: OTRS 5.0.x/6.0.x - Remote Command Execution 1 Date: 21-01-2018 Exploit Author: Bæln0rn Vendor Homepage: https://www.otrs.com/ Software Link: http://ftp.otrs.org/pub/otrs/ Version: 4.0.1 - 4.0.26, 5.0.0 - 5.0.24, 6.0.0 - 6.0.1 Tested on: OTRS 5.0.2/CentOS 7.2.1511 CVE : CVE-2017-169...

Google Android - get_user/put_user (Metasploit)

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' require 'rex' class MetasploitModule "Android getuser/putuser Exploit", 'Description' = %q This module exploits a missing check in the getuser and...

CCBILL CGI - 'ccbillx.c' 'whereami.cgi' Remote Code Execution

/ ===================================== CCBILL CGI Remote Exploit for /ccbill/whereami.cgi By: Knight420 7/07/03 spawns a shell with netcat and attempts to connect into the server on port 6666 to gain access of the webserver uid C COPYRIGHT Blue Ballz , 2003 all rights reserved...

WordPress Plugin Duplicator < 1.5.7.1 - Unauthenticated Sensitive Data Exposure to Account Takeover

Exploit Title: WordPress Plugin Duplicator 1.5.7.1 - Unauthenticated Sensitive Data Exposure to Account Takeover Google Dork: inurl:"plugins/duplicator/" Date: 2023-12-04 Exploit Author: Dmitrii Ignatyev Vendor Homepage:...

WP Statistics Plugin 13.1.5 current_page_id - Time based SQL injection (Unauthenticated)

Exploit Title: WP Statistics Plugin = 13.1.5 currentpageid - Time based SQL injection Unauthenticated Date: 13/02/2022 Exploit Author: psychoSherlock Vendor Homepage: https://wp-statistics.com/ Software Link: https://downloads.wordpress.org/plugin/wp-statistics.13.1.5.zip Version: 13.1.5 and prio...

TSplus 16.0.2.14 - Remote Access Insecure Files and Folders Permissions

Exploit Title: TSplus 16.0.2.14 - Remote Access Insecure Files and Folders Permissions Date: 2023-08-09 Exploit Author: Carlo Di Dato for Deloitte Risk Advisory Italia Vendor Homepage: https://tsplus.net/ Version: Up to 16.0.2.14 Tested on: Windows CVE : CVE-2023-31067 TSplus Remote Access v...

Microsoft SharePoint Enterprise Server 2016 - Spoofing

// Exploit Title: Microsoft SharePoint Enterprise Server 2016 - Spoofing // Date: 2023-06-20 // country: Iran // Exploit Author: Amirhossein Bahramizadeh // Category : Remote // Vendor Homepage: // Microsoft SharePoint Foundation 2013 Service Pack 1 // Microsoft SharePoint Server Subscription...

Pentaho BA Server EE 9.3.0.0-428 - Remote Code Execution (RCE) (Unauthenticated)

Exploit Title: Pentaho BA Server EE 9.3.0.0-428 - Remote Code Execution RCE Unauthenticated Author: dwbzn Date: 2022-04-04 Vendor: https://www.hitachivantara.com/ Software Link: https://www.hitachivantara.com/en-us/products/lumada-dataops/data-integration-analytics/download-pentaho.html Version:...

WordPress Plugin cab-fare-calculator 1.0.3 - Local File Inclusion

Exploit Title: WordPress Plugin cab-fare-calculator 1.0.3 - Local File Inclusion Google Dork: inurl:/wp-content/plugins/cab-fare-calculator/ Date: 24-03-2022 Exploit Author: Hassan Khan Yusufzai - Splint3r7 Vendor Homepage: https://wordpress.org/plugins/cab-fare-calculator/ Version: 1.0.3 Tested...

Huawei DG8045 Router 1.0 - Credential Disclosure

Title: Huawei DG8045 Router 1.0 - Credential Disclosure Date: 2020-06-24 Author: Abdalrahman Gamal Vendor Homepage: www.huawei.com Version: dg8045 HardwareVersion: VER.A CVE: N/A POC: The default password of this router is the last 8 characters of the device's serial number which exist in the bac...

Employees Daily Task Management System 1.0 - 'multiple' Cross Site Scripting (XSS)

Exploit Title: Employees Daily Task Management System 1.0 - 'multiple' Cross Site Scripting XSS Exploit Author: able403 Date: 08/12/2021 Vendor Homepage: https://www.sourcecodester.com/php/15030/employee-daily-task-management-system-php-and-sqlite-source-code.html Software Link:...

WordPress Plugin Media-Tags 3.2.0.2 - Stored Cross-Site Scripting (XSS)

Exploit Title: WordPress Plugin Media-Tags 3.2.0.2 - Stored Cross-Site Scripting XSS Date: 25-10-2021 Exploit Author: Akash Rajendra Patil Vendor Homepage: https://wordpress.org/plugins/media-tags/ Software Link: www.codehooligans.com/projects/wordpress/media-tags/ Version: 3.2.0.2 Tested on...

Online Motorcycle (Bike) Rental System 1.0 - Blind Time-Based SQL Injection (Unauthenticated)

Exploit Title: Online Motorcycle Bike Rental System 1.0 - Blind Time-Based SQL Injection Unauthenticated Exploit Author: Chase ComardelleCASO Date: October 18, 2021 Vendor Homepage: https://www.sourcecodester.com/php/14989/online-motorcycle-bike-rental-system-phpoop-source-code.html Software Link...

Dlink DSL2750U - 'Reboot' Command Injection

Exploit Title: Dlink DSL2750U - 'Reboot' Command Injection Date: 17-06-2021 Exploit Author: Mohammed Hadi HadiMed Vendor Homepage: https://me.dlink.com/consumer Software Link: https://dlinkmea.com/index.php/product/details?det=c0lvN0JoeVVhSXh4TVhjTnd1OUpUUT09 Version: ME1.16 Tested on: firmware...

Web Based Quiz System 1.0 - 'name' Persistent Cross-Site Scripting

Exploit Title: Web Based Quiz System 1.0 - 'name' Persistent/Stored Cross-Site Scripting Date: 2021-03-02 Exploit Author: P.Naveen Kumar Vendor Homepage: https://www.sourcecodester.com Software Download Link :...

iDS6 DSSPro Digital Signage System 6.2 - CAPTCHA Security Bypass

Exploit Title: iDS6 DSSPro Digital Signage System 6.2 - CAPTCHA Security Bypass Date: 2020-07-16 Exploit Author: LiquidWorm Vendor Homepage: http://www.yerootech.com Version: 6.2 iDS6 DSSPro Digital Signage System 6.2 CAPTCHA Security Bypass Vendor: Guangzhou Yeroo Tech Co., Ltd. Product web page...

Integria IMS 5.0.86 - Arbitrary File Upload

Exploit Title: Integria IMS 5.0.86 - Arbitrary File Upload Date: 2019-08-16 Exploit Author: Greg.Priest Vendor Homepage: https://integriaims.com/ Software Link: https://sourceforge.net/projects/integria/files/5.0.86/ Version: Integria IMS 5.0.86 Tested on: Windows CVE : N/A...

Roundcube Webmail 1.6.6 - Stored Cross Site Scripting (XSS)

Exploit Title: Roundcube Webmail 1.6.6 - Stored Cross Site Scripting XSS Google Dork: Exploit Author: AmirZargham Vendor Homepage: Roundcube - Free and Open Source Webmail Software Software Link: Releases · roundcube/roundcubemail Version: Roundcube client version earlier than 1.5.6 or from 1.6 t...

AEGON LIFE v1.0 Life Insurance Management System - Stored cross-site scripting (XSS)

Exploit Title: Life Insurance Management Stored System- cross-site scripting XSS Exploit Author: Aslam Anwar Mahimkar Date: 18-05-2024 Category: Web application Vendor Homepage: https://projectworlds.in/ Software Link: https://projectworlds.in/life-insurance-management-system-in-php/ Version: AEG...

Atlassian Confluence Data Center and Server - Authentication Bypass (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Atlassian Confluence Data Center and Server Authentication Bypass via Broken Access Control', 'Description' = %q This module exploits a broken...

Shuttle-Booking-Software v1.0 - Multiple-SQLi

Title: Shuttle-Booking-Software v1.0 - Multiple-SQLi Author: nu11secur1ty Date: 09/10/2023 Vendor: https://www.phpjabbers.com/ Software: https://www.phpjabbers.com/shuttle-booking-software/sectionPricing Reference: https://portswigger.net/web-security/sql-injection Description: The locationid...

October CMS v3.4.4 - Stored Cross-Site Scripting (XSS) (Authenticated)

Exploit Title: October CMS v3.4.4 - Stored Cross-Site Scripting XSS Authenticated Date: 29 June 2023 Exploit Author: Okan Kurtulus Vendor Homepage: https://octobercms.com Version: v3.4.4 Tested on: Ubuntu 22.04 CVE : N/A Proof of Concept: 1– Install the system through the website and log in with...

MySQL User-Defined (Linux) x32 / x86_64 - 'sys_exec' Local Privilege Escalation (2)

Exploit Title: MySQL User-Defined Linux x32 / x8664 - 'sysexec' Local Privilege Escalation 2 Date: 29/08/2021 Exploit Author: ninpwn Vendor Homepage: https://www.mysql.com Software Link: www.mysql.com Version: MySQL 4.x/5.x Tested on: Debian GNU/Linux 9 / mysql Ver 14.14 Distrib 5.7.30, for Linux...

Atlassian Jira 8.15.0 - Information Disclosure (Username Enumeration)

Exploit Title: Atlassian Jira 8.15.0 - Information Disclosure Username Enumeration Date: 31/05/2021 Exploit Author: Mohammed Aloraimi Vendor Homepage: https://www.atlassian.com/ Software Link: https://www.atlassian.com/software/jira Vulnerable versions: version 8.11.x to 8.15.0 Tested on: Kali...

Epic Games Rocket League 1.95 - Stack Buffer Overrun

Exploit Title: Epic Games Rocket League 1.95 - Stack Buffer Overrun Date: 25.04.2021 Exploit Author: LiquidWorm Vendor Homepage: https://www.epicgames.com https://www.rocketleague.com Epic Games Rocket League 1.95 AK::MemoryMgr::GetPoolName Stack Buffer Overrun Vendor: Epic Games Inc. | Psyonix,...