Epic Games Rocket League 1.95 - Stack Buffer Overrun

Exploit Title: Epic Games Rocket League 1.95 - Stack Buffer Overrun Date: 25.04.2021 Exploit Author: LiquidWorm Vendor Homepage: https://www.epicgames.com https://www.rocketleague.com Epic Games Rocket League 1.95 AK::MemoryMgr::GetPoolName Stack Buffer Overrun Vendor: Epic Games Inc. | Psyonix,...

Nagios XI 5.7.5 - Multiple Persistent Cross-Site Scripting

Exploit Title: Nagios XI 5.7.5 - Multiple Persistent Cross-Site Scripting Date: 1-20-2021 Exploit Author: Matthew Aberegg Vendor Homepage: https://www.nagios.com/products/nagios-xi/ Vendor Changelog: https://www.nagios.com/downloads/nagios-xi/change-log/ Software Link:...

10-Strike Network Inventory Explorer 8.65 - Buffer Overflow (SEH)

Exploit Title: 10-Strike Network Inventory Explorer 8.65 - Buffer Overflow SEH Date: 2020-09-02 Exploit Author: Sectechs Vendor Homepage: https://www.10-strike.com Version: 8.65 Tested on: Windows 7 x86 SP1 import os import sys import struct import socket crash ="A" 209 jmp short 8...

TP-Link Archer A7/C7 - Unauthenticated LAN Remote Code Execution (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'openssl' class MetasploitModule 'TP-Link Archer A7/C7 Unauthenticated LAN Remote Code Execution', 'Description' = %q This module exploits a command injection...

OpenSMTPD 6.6.1 - Remote Code Execution

Exploit Title: OpenSMTPD 6.6.1 - Remote Code Execution Date: 2020-01-29 Exploit Author: 1F98D Original Author: Qualys Security Advisory Vendor Homepage: https://www.opensmtpd.org/ Software Link: https://github.com/OpenSMTPD/OpenSMTPD/releases/tag/6.6.1p1 Version: OpenSMTPD '.formatsys.argv0...

Cisco Adaptive Security Appliance - Path Traversal

''' Cisco Adaptive Security Appliance - Path Traversal CVE-2018-0296 A security vulnerability in Cisco ASA that would allow an attacker to view sensitive system information without authentication by using directory traversal techniques. Vulnerable Products This vulnerability affects Cisco ASA...

Apache Struts 2.3.5 < 2.3.31 / 2.5 < 2.5.10 - 'Jakarta' Multipart Parser OGNL Injection (Metasploit)

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule 'Apache Struts Jakarta Multipart Parser OGNL Injection', 'Description' = %q This module exploits a remote code execution...

Seagate Central Storage 2015.0916 - Unauthenticated Remote Command Execution (Metasploit)

Exploit Title: Seagate Central Storage 2015.0916 - Unauthenticated Remote Command Execution Metasploit Date: Dec 9 2019 Exploit Author: Ege Balci Vendor Homepage: https://www.seagate.com/de/de/support/external-hard-drives/network-storage/seagate-central/ Version: 2015.0916 CVE : 2020-6627 This...

Scratch Desktop 3.17 - Remote Code Execution

Exploit Title: Scratch Desktop 3.17 - Cross-Site Scripting/Remote Code Execution XSS/RCE Google Dork: 'inurl:"/projects/editor/?tutorial=getStarted" -mit.edu' not foolproof on versioning Date: 2021-06-18 Exploit Author: Stig Magnus Baugstø Vendor Homepage: https://scratch.mit.edu/ Software Link:...

Cemetry Mapping and Information System 1.0 - 'user_email' Sql Injection (Authentication Bypass)

Exploit Title: Cemetry Mapping and Information System 1.0 - 'useremail' Sql Injection Authentication Bypass Exploit Author: Marco Catalano Date: 2021-01-25 Vendor Homepage: https://www.sourcecodester.com/php/12779/cemetery-mapping-and-information-system-using-phpmysqli.html Software Link:...

Prestashop 1.7.7.0 - 'id_product' Time Based Blind SQL Injection

Exploit Title: Prestashop 1.7.7.0 - 'idproduct' Time Based Blind SQL Injection Date: 08-01-2021 Exploit Author: Jaimin Gondaliya Vendor Homepage: https://www.prestashop.com Software Link: https://www.prestashop.com/en/download Version: Prestashop CMS - 1.7.7.0 Tested on: Windows 10 Parameter:...

ReQuest Serious Play Media Player 3.0 - Directory Traversal File Disclosure

Exploit Title: ReQuest Serious Play Media Player 3.0 - Directory Traversal File Disclosure Vulnerability Exploit Author: LiquidWorm Software Link: http://request.com/ Version: 3.0.0 ReQuest Serious Play Media Player 3.0 Directory Traversal File Disclosure Vulnerability Vendor: ReQuest Serious Pla...

Battle.Net 1.27.1.12428 - Insecure File Permissions

Exploit Title: Battle.Net 1.27.1.12428 - Insecure File Permissions Date: 2020-10-09 Exploit Author: George Tsimpidas Software Link : https://www.blizzard.com/en-gb/download/ Battle Net Desktop Version Patch: 1.27.1.12428 Tested on: Microsoft Windows 10 Home 10.0.18362 N/A Build 18362 Category:...

Simple Online Food Ordering System 1.0 - 'id' SQL Injection (Unauthenticated)

Exploit Title: Simple Online Food Ordering System 1.0 - 'id' SQL Injection Unauthenticated Google Dork: N/A Date: 2020-09-22 Exploit Author: Eren 'Aporlorxl23' Şimşek Vendor Homepage: https://www.sourcecodester.com/php/14460/simple-online-food-ordering-system-using-phpmysql.html Software Link:...

Joomla! paGO Commerce 2.5.9.0 - SQL Injection (Authenticated)

Exploit Title: Joomla! paGO Commerce 2.5.9.0 - SQL Injection Authenticated Date: 2020-08-21 Exploit Author: Mehmet Kelepçe / Gais Cyber Security Author ID: 8763 Vendor Homepage: https://www.corephp.com/ Software Link: https://www.corephp.com/joomla-products/pago-commerce Version: 2.5.9.0 Tested o...

EyouCMS 1.4.6 - Persistent Cross-Site Scripting

Exploit Title: EyouCMS 1.4.6 - Persistent Cross-Site Scripting Date: 2020-05-28 Exploit Author: China Banking and Insurance Information Technology Management Co.,Ltd. Vendor Homepage: https://eyoucms.com Software Link: https://qiniu.eyoucms.com/EyouCMS-V1.4.6-UTF8-SP2.zip Version: EyouCMS V1.4.6...

FusionPBX - Operator Panel exec.php Command Execution (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'FusionPBX Operator Panel exec.php Command Execution', 'Description' = %q This module exploits an authenticated command injection vulnerability in...

WordPress Plugin WooCommerce Product Feed 2.2.18 - Cross-Site Scripting

Exploit Title: WordPress Plugin WooCommerce Product Feed = 2.2.18 - Cross-Site Scripting Date: 30 August 2019 Exploit Author: Damian Ebelties https://zerodays.lol/ Vendor Homepage: https://wordpress.org/plugins/webappick-product-feed-for-woocommerce/ Version: = 2.2.18 Tested on: Ubuntu 18.04.1 CV...

BlogEngine.NET 3.3.6 - Directory Traversal / Remote Code Execution

Exploit Title: BlogEngine.NET = 3.3.6 Directory Traversal RCE Date: 02-11-2019 Exploit Author: Dustin Cobb Vendor Homepage: https://github.com/rxtur/BlogEngine.NET/ Software Link: https://github.com/rxtur/BlogEngine.NET/releases/download/v3.3.6.0/3360.zip Version: = 3.3.6 Tested on: Windows 2016...

Linux Kernel (Ubuntu / Fedora / RedHat) - 'Overlayfs' Local Privilege Escalation (Metasploit)

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require "msf/core" class MetasploitModule 'Overlayfs Privilege Escalation', 'Description' = %q This module attempts to exploit two different CVEs related to overlayfs...

Microsoft Windows - Local Privilege Escalation (MS15-010)

// ex.cpp / Windows XP/2K3/VISTA/2K8/7 WMSYSTIMER Kernel EoP CVE-2015-0003 March 2015 Public Release: May 24, 2015 Tested on: x86: Win 7 SP1 | Win 2k3 SP2 | Win XP SP3 x64: Win 2k8 SP1 | Win 2k8 R2 SP1 Author: Skylake - skylake mail com / include "ex.h" ZwAllocateVirtualMemory...

RsGallery2 < 1.11.2 - 'rsgallery.html.php' File Inclusion

RsGallery2 for Joomla --------------------------------------------------------------------------- Discovered: marriottvn Remote : Yes Level : High --------------------------------------------------------------------------- Affected software description : Application : RsGallery2 version : latest...

Microsoft SharePoint 2019 - NTLM Authentication

Titles: Microsoft SharePoint 2019 NTLM Authentication Author: nu11secur1ty Date: 06/27/25 Vendor: Microsoft Software: https://www.microsoft.com/en-us/download/details.aspx?id=57462 Reference: https://www.networkdatapedia.com/post/ntlm-autSharePoint 2019 NTLM Authentication...

MagnusSolution magnusbilling 7.3.0 - Command Injection

Exploit Title: MagnusSolution magnusbilling 7.3.0 - Command Injection Date: 2024-10-26 Exploit Author: CodeSecLab Vendor Homepage: https://github.com/magnussolution/magnusbilling7 Software Link: https://github.com/magnussolution/magnusbilling7 Version: 7.3.0 Tested on: Centos CVE : CVE-2023-30258...

Apache OFBiz 18.12.12 - Directory Traversal

Exploit Title: Apache OFBiz 18.12.12 - Directory Traversal Google Dork: N/A Date: 2024-05-16 Exploit Author: Abdualhadi khalifa https://twitter.com/absholily Vendor Homepage: https://ofbiz.apache.org/ Software Link: https://ofbiz.apache.org/download.html Version: below example.createBlogPost...

Elber Signum DVB-S/S2 IRD For Radio Networks 1.999 - Authentication Bypass

Elber Signum DVB-S/S2 IRD For Radio Networks 1.999 Authentication Bypass Vendor: Elber S.r.l. Product web page: https://www.elber.it Affected version: 1.999 Revision 1243 1.317 Revision 602 1.220 Revision 1250 1.220 Revision 12481249 1.220 Revision 597 1.217 Revision 1242 1.214 Revision 1023 1.19...

Boss Mini 1.4.0 - local file inclusion

Exploit Title: Boss Mini 1.4.0 - local file inclusion Date: 07/12/2023 Exploit Author: nltt0 https://github.com/nltt-br CVE: CVE-2023-3643 ''' / \ | | / | | / / | | \ --. | | / | |/ | ' \ / |/ / | --. \ | /\ | | | | | | | | | | \ // / /,||,|| ||, |/|// / | |/ ''' from requests import...

WebCatalog 48.4 - Arbitrary Protocol Execution

Exploit Title: WebCatalog 48.4 - Arbitrary Protocol Execution Date: 9/27/2023 Exploit Author: ItsSixtyN3in Vendor Homepage: https://webcatalog.io/en/ Software Link: https://cdn-2.webcatalog.io/webcatalog/WebCatalog%20Setup%2052.3.0.exe Version: 48.4.0 Tested on: Windows CVE : CVE-2023-42222...

File Thingie 2.5.7 - Remote Code Execution (RCE)

!/usr/bin/python Exploit Title: File Thingie 2.5.7 - Arbitary File Upload to RCE Google Dork: N/A Date: 27th of April, 2023 Exploit Author: Maurice Fielenbach grimlockx - Hexastrike Cybersecurity UG haftungsbeschränkt Software Link: https://github.com/leefish/filethingie Version: 2.5.7 Tested on:...

Apache APISIX 2.12.1 - Remote Code Execution (RCE)

Exploit Title: Apache APISIX 2.12.1 - Remote Code Execution RCE Date: 2022-03-16 Exploit Author: Ven3xy Vendor Homepage: https://apisix.apache.org/ Version: Apache APISIX 1.3 – 2.12.1 Tested on: CentOS 7 CVE : CVE-2022-24112 import requests import sys class color: HEADER = '\03395m' IMPORTANT =...

Simplephpscripts Simple CMS 2.1 - 'Multiple' SQL Injection

Exploit Title: Simplephpscripts Simple CMS 2.1 - 'Multiple' SQL Injection Date: 2021-10-19 Exploit Author: Vulnerability Lab Vendor Homepage: https://simplephpscripts.com/simple-cms-php Version: 2.1 Tested on: Linux Document Title: =============== Simplephpscripts Simple CMS v2.1 - SQL Injection...

KevinLAB BEMS 1.0 - Authentication Bypass

Exploit Title: KevinLAB BEMS 1.0 - Unauthenticated SQL Injection / Authentication Bypass Date: 05.07.2021 Exploit Author: LiquidWorm Vendor Homepage: http://www.kevinlab.com Vendor: KevinLAB Inc. Product web page: http://www.kevinlab.com Affected version: 4ST L-BEMS 1.0.0 Building Energy Manageme...

VX Search 13.5.28 - 'Multiple' Unquoted Service Path

Exploit Title: VX Search 13.5.28 - 'Multiple' Unquoted Service Path Discovery by: Brian Rodriguez Date: 16-06-2021 Vendor Homepage: https://www.vxsearch.com Software Links: https://www.vxsearch.com/setupsx64/vxsearchsrvsetupv13.5.28x64.exe...

Print Job Accounting 4.4.10 - 'OkiJaSvc' Unquoted Service Path

Exploit Title: Print Job Accounting 4.4.10 - 'OkiJaSvc' Unquoted Service Path Discovery by: Brian Rodriguez Date: 07-03-2021 Vendor Homepage: https://www.oki.com Software Links:...

WiFi Mouse 1.7.8.5 - Remote Code Execution

Exploit Title: WiFi Mouse 1.7.8.5 - Remote Code Execution Date: 25-02-2021 Author: H4rk3nz0 Vendor Homepage: http://necta.us/ Software Link: http://wifimouse.necta.us/download Version: 1.7.8.5 Tested on: Windows Enterprise Build 17763 Desktop Server software used by mobile app has PIN option whic...

ReQuest Serious Play F3 Media Server 7.0.3 - Remote Code Execution (Unauthenticated)

Exploit Title: ReQuest Serious Play F3 Media Server 7.0.3 - Remote Code Execution Unauthenticated Exploit Author: LiquidWorm Software Link: http://request.com/ Version: 3.0.0 !/usr/bin/env python3 -- coding: utf-8 -- ReQuest Serious Play F3 Media Server 7.0.3 Unauthenticated Remote Code Execution...

InTouch Machine Edition 8.1 SP1 - 'Atributos' Denial of Service (PoC)

Exploit Title: InTouch Machine Edition 8.1 SP1 - 'Atributos' Denial of Service PoC Discovery by: chuyreds Discovery Date: 12019-11-16 Vendor Homepage: https://on.wonderware.com/ Software Link : https://on.wonderware.com/intouch-machine-edition Tested Version: 8.1 SP1 Vulnerability Type: Denial of...

DASAN Zhone ZNID GPON 2426A EU - Multiple Cross-Site Scripting

Multiple Cross-Site Scripting XSS in the web interface of DASAN Zhone ZNID GPON 2426A EU version S3.1.285 application allows a remote attacker to execute arbitrary JavaScript via manipulation of an unsanitized GET parameters. Exploit Title: Multiple Cross-Site Scripting XSS in DASAN Zhone ZNID GP...

Apache Tomcat < 9.0.1 (Beta) / < 8.5.23 / < 8.0.47 / < 7.0.8 - JSP Upload Bypass / Remote Code Execution (1)

E-DB Note: https://www.alphabot.com/security/blog/2017/java/Apache-Tomcat-RCE-CVE-2017-12617.html When running on Windows with HTTP PUTs enabled e.g. via setting the readonly initialisation parameter of the Default to false it was possible to upload a JSP file to the server via a specially crafte...

Grandstream GSD3710 1.0.11.13 - Stack Overflow

!/usr/bin/env python3 Exploit Title: Grandstream GSD3710 1.0.11.13 - Stack Overflow Date: 2025-05-29 Exploit Author: Pepelux Vendor Homepage: https://www.grandstream.com/ Version: Grandstream GSD3710 - firmware:1.0.11.13 and lower Tested on: Linux and MacOS CVE: CVE-2022-2025 """ Author: Jose Lui...

SolarWinds Serv-U 15.4.2 HF1 - Directory Traversal

Exploit Title: SolarWinds Serv-U 15.4.2 HF1 - Directory Traversal Date: 2025-05-28 Exploit Author: @ibrahimsql Exploit Author's github: https://github.com/ibrahimsql Vendor Homepage: https://www.solarwinds.com/serv-u-managed-file-transfer-server Software Link:...

Ruijie Switch PSG-5124 26293 - Remote Code Execution (RCE)

Exploit Title: Ruijie Switch PSG-5124 26293 - Remote Code Execution RCE - Shodan Dork: http.htmlhash:-1402735717 - Fofa Dork: body="img/freeloginge.gif" && body="./img/loginbg.gif" - Exploit Author: ByteHunter - Email: [email protected] - Version: PSG-5124LINK SOFTWARE RELEASE:26293 - Tested...

Color Prediction Game v1.0 - SQL Injection

Exploit Title: Color Prediction Game v1.0 - SQL Injection Date: 2023-08-12 Exploit Author: Ahmet Ümit BAYRAM Vendor: https://www.codester.com/items/44411/color-prediction-game-php-script Tested on: Kali Linux & MacOS CVE: N/A Request POST /loginNow.php HTTP/1.1 Host: localhost Cookie:...

Ulicms-2023.1 sniffing-vicuna - Remote Code Execution (RCE)

Exploit Title: Ulicms-2023.1 sniffing-vicuna - Remote Code Execution RCE Application: Ulicms Version: 2023.1-sniffing-vicuna Bugs: RCE Technology: PHP Vendor URL: https://en.ulicms.de/ Software Link: https://www.ulicms.de/content/files/Releases/2023.1/ulicms-2023.1-sniffing-vicuna-full.zip Date o...

Purchase Order Management System 1.0 - Remote File Upload

Exploit Title: Purchase Order Management System 1.0 - Remote File Upload Date: 2021-09-14 Exploit Author: Aryan Chehreghani Vendor Homepage: https://www.sourcecodester.com Software Link: https://www.sourcecodester.com/php/14935/purchase-order-management-system-using-php-free-source-code.html...

WordPress Plugin WP Statistics 13.0.7 - Time-Based Blind SQL Injection (Unauthenticated)

Exploit Title: WordPress Plugin WP Statistics 13.0.7 - Time-Based Blind SQL Injection Unauthenticated Date: 20/05/2021 Exploit Author: Mansoor R @time4ster CVSS Score: 7.5 High CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Version Affected: 13.0 to 13.0.7 Vendor URL:...

MonoCMS Blog 1.0 - Arbitrary File Deletion (Authenticated)

Exploit Title: MonoCMS Blog 1.0 - Arbitrary File Deletion Authenticated Date: 2020-09-20 Exploit Author: Shahrukh Iqbal Mirza @shahrukhiqbal24 Vendor Homepage: https://monocms.com/download Software Link: https://monocms.com/download Version: 1.0 Tested On: Windows 10 XAMPP CVE: N/A Proof of...

LSoft ListServ < 16.5-2018a - Cross-Site Scripting

Exploit Title: LSoft ListServ 2. http://127.0.0.1/scripts/wa.exe?OK= References: 1. http://www.lsoft.com/manuals/16.5/LISTSERV16.5-2018aWhatsNew.pdf 2. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15501...

TANDBERG Video Communication Server 4.2.1/4.3.0 - Multiple Remote Vulnerabilities

source: https://www.securityfocus.com/bid/39389/info TANDBERG Video Communication Server is prone to multiple remote vulnerabilities, including: 1. A file-disclosure vulnerability. 2. A security vulnerability that may allow attackers to conduct server impersonation and man-in-middle attacks. 3. A...

Easynews 4.4.1 - 'admin.php' Authentication Bypass

+------------------------------------------------------------------------------------------- + Easynews +------------------------------------------------------------------------------------------- + Details: + Easynews doesn't properly check to ensure an administrator has been logged in with...