Online Fire Reporting System OFRS - SQL Injection Authentication Bypass

Exploit Title: Online Fire Reporting System SQL Injection Authentication Bypass Date: 02/10/2024 Exploit Author: Diyar Saadi Vendor Homepage: https://phpgurukul.com/online-fire-reporting-system-using-php-and-mysql/ Software Link:...

Karaf v4.4.3 Console - RCE

!/usr/bin/python Exploit Title: Karaf v4.4.3 Console RCE Date: 2023-08-07 Exploit Author: Andrzej Olchawa, Milenko Starcik, VisionSpace Technologies GmbH Exploit Repository: https://github.com/visionspacetec/offsec-karaf-exploits.git Vendor Homepage: https://karaf.apache.org Software Link:...

KiTTY 0.76.1.13 - Command Injection

Exploit Title: KiTTY 0.76.1.13 - Command Injection Exploit Author: DEFCESCO Austin A. DeFrancesco Vendor Homepage: https://github.com/cyd01/KiTTY/= Software Link: https://github.com/cyd01/KiTTY/releases/download/v0.76.1.13/kitty-bin-0.76.1.13.zip Version: ≤ 0.76.1.13 Tested on: Microsoft Windows...

TP-LINK TL-WR740N - Multiple HTML Injection

Exploit Title: TP-LINK TL-WR740N - Multiple HTML Injection Vulnerabilities Date: 25/9/2023 Exploit Author: Shujaat Amin ZEROXINN Vendor Homepage: http://www.tp-link.com Version: TP-Link TL-WR740n 3.12.11 Build 110915 Rel.40896n Tested on: Windows 10...

Atcom 2.7.x.x - Authenticated Command Injection

Exploit Title: Atcom 2.7.x.x - Authenticated Command Injection Google Dork: N/A Date: 07/09/2023 Exploit Author: Mohammed Adel Vendor Homepage: https://www.atcom.cn/ Software Link: https://www.atcom.cn/html/yingwenban/Product/FastIPphone/2017/1023/135.html Version: All versions above 2.7.x.x Test...

Sielco PolyEco Digital FM Transmitter 2.0.6 - Radio Data System POST Manipulation

Exploit Title: Sielco PolyEco Digital FM Transmitter 2.0.6 - Radio Data System POST Manipulation Exploit Author: LiquidWorm Vendor: Sielco S.r.l Product web page: https://www.sielco.org Affected version: PolyEco1000 CPU:2.0.6 FPGA:10.19 PolyEco1000 CPU:1.9.4 FPGA:10.19 PolyEco1000 CPU:1.9.3...

Microsoft Windows 11 - 'cmd.exe' Denial of Service

Exploit Title: Microsoft Windows 11 - 'cmd.exe' Denial of Service Exploit Author: Milad Karimi Ex3ptionaL Date: 2023-03-30 Vendor Homepage: https://www.microsoft.com/en-us Software Link: https://www.microsoft.com/en-us Tested Version: N/A Tested on OS: Windows 11 Pro About App Microsoft Windows i...

RSA NetWitness Platform 12.2 - Incorrect Access Control / Code Execution

Exploit Title: RSA NetWitness Platform 12.2 - Incorrect Access Control / Code Execution + Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/RSANETWITNESSEDRAGENTINCORRECTACCESSCONTROLCVE-2022-47529.txt + twitter.com/hyp3rlinx...

Prowise Reflect v1.0.9 - Remote Keystroke Injection

Exploit Title: Prowise Reflect v1.0.9 - Remote Keystroke Injection Date: 30/10/2022 Exploit Author: Rik Lutz Vendor Homepage: https://www.prowise.com/ Version: V1.0.9 Tested on: Windows 10 Prowise Reflect software version 1.0.9 for Windows is vulnerable to a remote keystroke injection. Much like...

aaPanel 6.8.21 - Directory Traversal (Authenticated)

Exploit Title: aaPanel 6.8.21 - Directory Traversal Authenticated Date: 22.02.2022 Exploit Author: Fikrat Ghuliev Ghuliev Vendor Homepage: https://www.aapanel.com/ Software Link: https://www.aapanel.com Version: 6.8.21 Tested on: Ubuntu Application vulnerable to Directory Traversal and attacker c...

Online Voting System 1.0 - Remote Code Execution (Authenticated)

Exploit Title: Online Voting System 1.0 - Remote Code Execution Authenticated Exploit Author: Salman Asad @deathflash1411 a.k.a LeoBreaker Date 30.06.2021 Vendor Homepage: https://www.sourcecodester.com/ Software Link: https://www.sourcecodester.com/php/4808/voting-system-php.html Version 1.0...

Oriol Espinal CMS 1.0 - 'id' SQL Injection

Exploit Title: Oriol Espinal CMS 1.0 - 'id' SQL Injection Google Dork: inurl:/eotoolsshare/ Date: 2020-06-03 Exploit Author: TSAR Vendor Homepage: http://www.oriolespinal.es/eowd Software Link: http://www.oriolespinal.es/eotools Version: ALL VERSION UP TO LATEST Tested on: MACOS 10.11.2 CVE : NOt...

Pi-Hole - heisenbergCompensator Blocklist OS Command Execution (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Pi-Hole heisenbergCompensator Blocklist OS Command Execution', 'Description' = %q This exploits a command execution in Pi-Hole MSFLICENSE, 'Autho...

PHP-Fusion 9.03.50 - 'Edit Profile' Arbitrary File Upload

Exploit Title: PHP-Fusion 9.03.50 - 'Edit Profile' Arbitrary File Upload Date: 2020-04-24 Author: Besim ALTINOK Vendor Homepage: https://www.php-fusion.co.uk/home.php Software Link: https://sourceforge.net/projects/php-fusion/files/PHP-Fusion%20Archives/9.x/PHP-Fusion%209.03.50.zip/download...

Linux 5.3 - Privilege Escalation via io_uring Offload of sendmsg() onto Kernel Thread with Kernel Creds

Since commit 0fa03c624d8f "iouring: add support for sendmsg", first in v5.3, iouring has support for asynchronously calling sendmsg. Unprivileged userspace tasks can submit IORINGOPSENDMSG submission queue entries, which cause sendmsg to be called either in syscall context in the original task, o...

eBay Magento 1.9.2.1 - PHP FPM XML eXternal Entity Injection

============================================= - Release date: 29.10.2015 - Discovered by: Dawid Golunski - Severity: High/Critical - eBay Magento ref.: APPSEC-1045 ============================================= I. VULNERABILITY ------------------------- eBay Magento CE = 1.9.2.1 XML eXternal Entit...

Sendy 1.1.9.1 - SQL Injection

Exploit Title: Sendy 1.1.9.1 - SQL Injection Vulnerability Date: 2014-04-10 Exploit Author: marduk369 Vendor Homepage: http://sendy.co/ Software Link: http://sendy.co/ Version: 1.1.9.1 root@kali: sqlmap -u 'http://server1/send-to?i=1&c=10' --cookie="version=1.1.9.1; PHPSESSID=phpsessid value;...

Savsoft Quiz v6.0 Enterprise - Stored XSS

Exploit Title: Savsoft Quiz v6.0 Enterprise - Persistent Cross-Site Scripting Date: 2024-01-03 Exploit Author: Eren Sen Vendor: SAVSOFT QUIZ Vendor Homepage: https://savsoftquiz.com Software Link: https://savsoftquiz.com/web/index.php/online-demo/ Version: 6.0 CVE-ID: N/A Tested on: Kali Linux /...

WordPress Plugin Admin Bar & Dashboard Access Control Version: 1.2.8 - "Dashboard Redirect" field Stored Cross-Site Scripting (XSS)

Exploit Title: WordPress Plugin Admin Bar & Dashboard Access Control Version: 1.2.8 - "Dashboard Redirect" field Stored Cross-Site Scripting XSS Google Dork: NA Date: 28/10/2023 Exploit Author: Rachit Arora Vendor Homepage: Software Link:...

WordPress Plugin AN_Gradebook 5.0.1 - SQLi

!/usr/bin/python3 Exploit Title: WordPress Plugin ANGradebook = 5.0.1 - Subscriber+ SQLi Date: 2023-07-26 Exploit Author: Lukas Kinneberg Github: https://github.com/lukinneberg/CVE-2023-2636 Vendor Homepage: https://wordpress.org/plugins/an-gradebook/ Software Link:...

Monstra 3.0.4 - Stored Cross-Site Scripting (XSS)

Exploit Title: Monstra 3.0.4 - Stored Cross-Site Scripting XSS Date: 2023-06-13 Exploit Author: tmrswrr Vendor Homepage: https://monstra.org/ Software Link: https://monstra.org/monstra-3.0.4.zip Version: 3.0.4 Tested : https://www.softaculous.com/softaculous/demos/Monstra --- Description --- 1...

WordPress Plugin Modern Events Calendar V 6.1 - SQL Injection (Unauthenticated)

Exploit Title: WordPress Plugin Modern Events Calendar V 6.1 - SQL Injection Unauthenticated Date 26.01.2022 Exploit Author: Ron Jost Hacker5preme Vendor Homepage: https://webnus.net/modern-events-calendar/ Software Link: https://downloads.wordpress.org/plugin/modern-events-calendar-lite.6.1.0.zi...

WordPress Plugin TaxoPress 3.0.7.1 - Stored Cross-Site Scripting (XSS) (Authenticated)

Exploit Title: WordPress Plugin TaxoPress 3.0.7.1 - Stored Cross-Site Scripting XSS Authenticated Date: 23-10-2021 Exploit Author: Akash Rajendra Patil Vendor Homepage: Software Link: https://wordpress.org/plugins/simple-tags/ Tested on Windows CVE: CVE-2021-24444...

Online Voting System 1.0 - Authentication Bypass (SQLi)

Exploit Title: Online Voting System 1.0 - Authentication Bypass SQLi Exploit Author: Salman Asad @deathflash1411 a.k.a LeoBreaker Date 30.06.2021 Vendor Homepage: https://www.sourcecodester.com/ Software Link: https://www.sourcecodester.com/php/4808/voting-system-php.html Version 1.0 Tested on:...

Sonlogger 4.2.3.3 - SuperAdmin Account Creation / Information Disclosure

Exploit Title: Sonlogger 4.2.3.3 - SuperAdmin Account Creation / Information Disclosure Date: 04-02-2021 Exploit Author: Berkan Er Vendor Homepage: https://www.sonlogger.com/ Version: 4.2.3.3 Tested on: Windows 10 Enterprise x64 Version 1803 A remote attacker can be create an user with SuperAdmin...

WordPress Plugin Supsystic Data Tables Generator 1.9.96 - Multiple Vulnerabilities

Exploit Title: WordPress Plugin Supsystic Data Tables Generator 1.9.96 - Multiple Vulnerabilities Date: 24/07/2020 Exploit Author: Erik David Martin Vendor Homepage: https://supsystic.com/ Software Link: https://downloads.wordpress.org/plugin/data-tables-generator-by-supsystic.1.9.96.zip Category...

Saltstack 3000.1 - Remote Code Execution

Exploit Title: Saltstack 3000.1 - Remote Code Execution Date: 2020-05-04 Exploit Author: Jasper Lievisse Adriaanse Vendor Homepage: https://www.saltstack.com/ Version: 3000.2, 2019.2.4, 2017., 2018. Tested on: Debian 10 with Salt 2019.2.0 CVE : CVE-2020-11651 and CVE-2020-11652 Discription:...

IBM RICOH 6400 Printer - HTML Injection

Exploit Title: IBM RICOH 6400 Printer - HTML Injection Date: 2020-01-02 Exploit Author: Ismail Tasdelen Vendor Homepage: https://www.ibm.com/il-en Hardware Link: https://www-01.ibm.com/common/ssi/cgi-bin/ssialias?infotype=AN&subtype=CA&htmlfid=649/ENUSA02-1405&appname=USN Firmware Version: 1.1.26...

Linear eMerge E3 1.00-06 - Remote Code Execution

Title: Linear eMerge E3 1.00-06 - Remote Code Execution Author: LiquidWorm Date: 2019-11-13 Vendor Homepage: http://linear-solutions.com/nscfamily/e3-series/ Software Link: http://linear-solutions.com/nscfamily/e3-series/ Affected version: =2.3.0a Advisory:...

Moodle Filepicker 3.5.2 - Server Side Request Forgery

Exploit Title: Server Side Request Forgery in Moodle Filepicker Google Dork: / Date: 2019-07-25 Exploit Author: Fabian Mosch & Nick Theisinger r-tec IT Security GmbH Vendor Homepage: https://moodle.org/ Software Link: https://github.com/moodle/moodle Version: Moodle Versions 3.4, 3.3, 3.3.3, 3.2 ...

Linux Kernel 2.6.39 < 3.2.2 (Gentoo / Ubuntu x86/x64) - 'Mempodipper' Local Privilege Escalation (1)

/ Exploit code is here: http://git.zx2c4.com/CVE-2012-0056/plain/mempodipper.c Blog post about it is here: http://blog.zx2c4.com/749 EDB-Note: Updated version can be found here: https://www.exploit-db.com/exploits/35161/ Exploit Title: Mempodipper - Linux Local Root for =2.6.39, 32-bit and 64-bit...

ABB Cylon FLXeon 9.3.4 - System Logs Information Disclosure

Exploit Tiltle: ABB Cylon FLXeon 9.3.4 - System Logs Information Disclosure Vendor: ABB Ltd. Product web page: https://www.global.abb Affected version: FLXeon Series FBXi Series, FBTi Series, FBVi Series CBX Series FLX Series CBT Series CBV Series Firmware: =9.3.4 Summary: BACnet® Smart Building...

Simple Student Attendance System v1.0 - Time Based Blind SQL Injection

Exploit Title: Simple Student Attendance System - Time Based Blind SQL Injection Date: 26 December 2023 Exploit Author: Gnanaraj Mauviel @0xm3m Vendor: oretnom23 Vendor Homepage: https://www.sourcecodester.com/php/17018/simple-student-attendance-system-using-php-and-mysql.html Software Link:...

Easywall 0.3.1 - Authenticated Remote Command Execution

Exploit Title: Easywall 0.3.1 - Authenticated Remote Command Execution Date: 30-11-2023 Exploit Author: Melvin Mejia Vendor Homepage: https://jpylypiw.github.io/easywall/ Software Link: https://github.com/jpylypiw/easywall Version: 0.3.1 Tested on: Ubuntu 22.04 import requests, json, urllib3...

Rail Pass Management System 1.0 - Time-Based SQL Injection

Exploit Title: Rail Pass Management System - 'searchdata' Time-Based SQL Injection Date: 02/10/2023 Exploit Author: Alperen Yozgat Vendor Homepage: https://phpgurukul.com/rail-pass-management-system-using-php-and-mysql/ Software Link: https://phpgurukul.com/?sdmprocessdownload=1&downloadid=17479...

Emagic Data Center Management Suite v6.0 - OS Command Injection

!/bin/bash Exploit Title: Emagic Data Center Management Suite v6.0 - OS Command Injection Date: 03-08-2023 Exploit Author: Shubham Pandey & thewhiteh4t Vendor Homepage: https://www.esds.co.in/enlight360 Version: 6.0.0 Tested on: Kali Linux CVE : CVE-2023-37569 URL=$1 LHOST=$2 LPORT=$3 echo "" ech...

Cisco UCS-IMC Supervisor 2.2.0.0 - Authentication Bypass

Exploit Title: Cisco UCS-IMC Supervisor 2.2.0.0 - Authentication Bypass + Cisco IMC Supervisor - 2.2.1.0 + Date: 08/21/2019 + Affected Component: /app/ui/ClientServlet?apiName=GetUserInfo + Vendor:...

Razer Sila - Command Injection

Exploit Title: Razer Sila - Command Injection Google Dork: N/A Date: 4/9/2022 Exploit Author: Kevin Randall Vendor Homepage: https://www2.razer.com/ap-en/desktops-and-networking/razer-sila Software Link: https://www2.razer.com/ap-en/desktops-and-networking/razer-sila Version:...

PolicyKit-1 0.105-31 - Privilege Escalation

Exploit Title: PolicyKit-1 0.105-31 - Privilege Escalation Exploit Author: Lance Biggerstaff Original Author: ryaagard https://github.com/ryaagard Date: 27-01-2022 Github Repo: https://github.com/ryaagard/CVE-2021-4034 References: https://www.qualys.com/2022/01/25/cve-2021-4034/pwnkit.txt...

Directory Management System 1.0 - SQL Injection Authentication Bypass

Exploit Title: Directory Management System 1.0 - SQL Injection Authentication Bypass Date: 2021-10-01 Exploit Author: SUDONINJA Vendor Homepage: https://phpgurukul.com/ Software Link: https://phpgurukul.com/directory-management-system-using-php-and-mysql/ Version: v1.0 Tested on: Windows 10...

CMSimple_XH 1.7.4 - Remote Code Execution (RCE) (Authenticated)

Exploit Title: CMSimpleXH 1.7.4 - Remote Code Execution RCE Authenticated Date: 01-10-2021 Exploit Author: Halit AKAYDIN hLtAkydn Vendor Homepage: https://www.cmsimple-xh.org/ Software Link: https://www.cmsimple-xh.org/?Downloads Version: 1.7.4 Category: Webapps Tested on: Linux/Windows CMSimpleX...

b2evolution 7.2.2 - 'edit account details' Cross-Site Request Forgery (CSRF)

Exploit Title: b2evolution 7.2.2 - 'edit account details' Cross-Site Request Forgery CSRF Exploit Author: Alperen Ergel @alpernae Vendor Homepage: https://b2evolution.net/ Software Link: https://b2evolution.net/downloads/7-2-2 Version : 7.2.2 Tested on: Kali Linux Category: WebApp Description...

Selea CarPlateServer (CPS) 4.0.1.6 - Remote Program Execution

Exploit Title: Selea CarPlateServer CPS 4.0.1.6 - Remote Program Execution Date: 08.11.2020 Exploit Author: LiquidWorm Vendor Homepage: https://www.selea.com Selea CarPlateServer CPS v4.0.1.6 Remote Program Execution Vendor: Selea s.r.l. Product web page: https://www.selea.com Affected version:...

Genexis Platinum-4410 2.1 - Authentication Bypass

Exploit Title: Genexis Platinum-4410 2.1 - Authentication Bypass Date: 20220-01-08 Exploit Author: Husinul Sanub Author Contact: https://www.linkedin.com/in/husinul-sanub-658239106/ Vulnerable Product: Genexis Platinum-4410 v2.1 Home Gateway Router https://genexis.co.in/product/ont/ Firmware...

nostromo 1.9.6 - Remote Code Execution

Exploit Title: nostromo 1.9.6 - Remote Code Execution Date: 2019-12-31 Exploit Author: Kr0ff Vendor Homepage: Software Link: http://www.nazgul.ch/dev/nostromo-1.9.6.tar.gz Version: 1.9.6 Tested on: Debian CVE : CVE-2019-16278 cve201916278.py !/usr/bin/env python import sys import socket art = """...

Microsoft Windows cryptoapi - SymCrypt Modular Inverse Algorithm Denial of Service

There's a bug in the SymCrypt multi-precision arithmetic routines that can cause an infinite loop when calculating the modular inverse on specific bit patterns with bcryptprimitives!SymCryptFdefModInvGeneric. I've been able to construct an X.509 certificate that triggers the bug. I've found that...

Inteno IOPSYS Gateway - Improper Access Restrictions

Exploit Title: Inteno IOPSYS Gateway 3DES Key Extraction - Improper Access Restrictions Date: 2019-06-29 Exploit Author: Gerard Fuguet [email protected] Vendor Homepage: https://www.intenogroup.com/ Version: EG200-WU7P1UADAMO3.16.4-1902261650 Fixed Version: EG200-WU7P1UADAMO3.16.8-1908200937...

Ubuntu 18.04 - 'lxd' Privilege Escalation

!/usr/bin/env bash ---------------------------------- Authors: Marcelo Vazquez S4vitar Victor Lasa vowkin ---------------------------------- Step 1: Download build-alpine = wget https://raw.githubusercontent.com/saghul/lxd-alpine-builder/master/build-alpine Attacker Machine Step 2: Build alpine =...

JForum 2.1.8 BookMarks - Cross-Site Request Forgery / Cross-Site Scripting

JForum 2.1.8 bookmarks CSRF & XSS Advisory Information Advisory ID: NGENUITY-2010-004 Date published: 2010-06-06 Vulnerability Information Class: Cross-Site Request Forgery CSRF Software Description Per jforum.net "JForum is a powerful and robust discussion board system implemented in Java^tm . I...

Lantronix Provisioning Manager 7.10.3 - XML External Entity Injection (XXE)

/ Exploit Title: Lantronix Provisioning Manager 7.10.3 - XML External Entity Injection XXE Google Dork: N/A Date: 2025-08-17 Exploit Author: Byte Reaper Vendor Homepage: https://www.lantronix.com/ Software Link: https://www.lantronix.com/products/lantronix-provisioning-manager/ Version:...