Easywall 0.3.1 - Authenticated Remote Command Execution

Exploit Title: Easywall 0.3.1 - Authenticated Remote Command Execution Date: 30-11-2023 Exploit Author: Melvin Mejia Vendor Homepage: https://jpylypiw.github.io/easywall/ Software Link: https://github.com/jpylypiw/easywall Version: 0.3.1 Tested on: Ubuntu 22.04 import requests, json, urllib3...

Saflok - Key Derication Function Exploit

// Exploit Title: Saflok KDF // Date: 2023-10-29 // Exploit Author: a51199deefa2c2520cea24f746d899ce // Vendor Homepage: https://www.dormakaba.com/ // Version: System 6000 // Tested on: Dormakaba Saflok cards // CVE: N/A include include define MAGICTABLESIZE 192 define KEYLENGTH 6 define UIDLENGT...

Rail Pass Management System 1.0 - Time-Based SQL Injection

Exploit Title: Rail Pass Management System - 'searchdata' Time-Based SQL Injection Date: 02/10/2023 Exploit Author: Alperen Yozgat Vendor Homepage: https://phpgurukul.com/rail-pass-management-system-using-php-and-mysql/ Software Link: https://phpgurukul.com/?sdmprocessdownload=1&downloadid=17479...

Inosoft VisiWin 7 2022-2.1 - Insecure Folders Permissions

Exploit Title: Inosoft VisiWin 7 2022-2.1 - Insecure Folders Permissions Privilege Escalation Date: 2023-08-09 Exploit Author: Carlo Di Dato for Deloitte Risk Advisory Italia Vendor Homepage: https://www.inosoft.com/ Version: Up to 2022-2.1 Runtime RT7.3 RC3 20221209.5 Tested on: Windows CVE:...

Cmaps v8.0 - SQL injection

Exploit Title: Cmaps v8.0 - SQL injection - Date: 27.04.2023 - Exploit Author: Lucas Noki 0xPrototype - Vendor Homepage: https://github.com/vogtmh - Software Link: https://github.com/vogtmh/cmaps - Version: 8.0 - Tested on: Mac, Windows, Linux - CVE : CVE-2023-29809 Description: The vulnerability...

Razer Sila - Command Injection

Exploit Title: Razer Sila - Command Injection Google Dork: N/A Date: 4/9/2022 Exploit Author: Kevin Randall Vendor Homepage: https://www2.razer.com/ap-en/desktops-and-networking/razer-sila Software Link: https://www2.razer.com/ap-en/desktops-and-networking/razer-sila Version:...

Simple Traffic Offense System 1.0 - Stored Cross Site Scripting (XSS)

Exploit Title: Simple Traffic Offense System 1.0 - 'Multiple' Stored Cross Site Scripting XSS Date: 30-06-2021 Exploit Author: Barış Yıldızoğlu Vendor Homepage: https://www.sourcecodester.com/ Software Link: https://www.sourcecodester.com/sites/default/files/download/oretnom23/trafic.zip Version:...

Ubuntu 18.04 - 'lxd' Privilege Escalation

!/usr/bin/env bash ---------------------------------- Authors: Marcelo Vazquez S4vitar Victor Lasa vowkin ---------------------------------- Step 1: Download build-alpine = wget https://raw.githubusercontent.com/saghul/lxd-alpine-builder/master/build-alpine Attacker Machine Step 2: Build alpine =...

Linux Kernel 4.8.0-41-generic (Ubuntu) - Packet Socket Local Privilege Escalation

// A proof-of-concept local root exploit for CVE-2017-7308. // Includes a SMEP & SMAP bypass. // Tested on 4.8.0-41-generic Ubuntu kernel. // https://github.com/xairy/kernel-exploits/tree/master/CVE-2017-7308 // // Usage: // user@ubuntu:$ uname -a // Linux ubuntu 4.8.0-41-generic 4416.04.1-Ubuntu...

Linux Kernel 4.4.0 (Ubuntu) - DCCP Double-Free (PoC)

// // EDB Note: More information http://seclists.org/oss-sec/2017/q1/471 // // A trigger for CVE-2017-6074, crashes kernel. // Tested on 4.4.0-62-generic 83-Ubuntu kernel. // https://github.com/xairy/kernel-exploits/tree/master/CVE-2017-6074 // // Andrey Konovalov define GNUSOURCE include include...

freeSSHd 1.0.9 - Denial of Service (DoS)

Exploit Title: freeSSHd 1.0.9 - Denial of Service DoS Date: 2024-01-13 Discovery by: Fernando Mengali Linkedin: https://www.linkedin.com/in/fernando-mengali/ Software Link: https://www.exploit-db.com/apps/be82447d556d60db55053d658b4822a8-freeSSHd.exe Version: 1.0.9 Tested on: Window XP Profession...

Sales Tracker Management System v1.0 - Multiple Vulnerabilities

Exploit Title: Sales Tracker Management System v1.0 – Multiple Vulnerabilities Google Dork: NA Date: 09-06-2023 EXPLOIT-AUTHOR: AFFAN AHMED Vendor Homepage: Software Link: Version: 1.0 Tested on: Windows 11 + XAMPP CVE : CVE-2023-3184 ============================== CREDENTIAL TO USE...

Jedox 2020.2.5 - Disclosure of Database Credentials via Improper Access Controls

Exploit Title: Jedox 2020.2.5 - Disclosure of Database Credentials via Improper Access Controls Date: 28/04/2023 Exploit Author: Team Syslifters / Christoph MAHRL, Aron MOLNAR, Patrick PIRKER and Michael WEDL Vendor Homepage: https://jedox.com Version: Jedox 2020.2 20.2.5 and older CVE :...

Ulicms-2023.1 sniffing-vicuna - Stored Cross-Site Scripting (XSS)

Exploit Title: Ulicms-2023.1 sniffing-vicuna - Stored Cross-Site Scripting XSS Application: Ulicms Version: 2023.1-sniffing-vicuna Bugs: Stored Xss Technology: PHP Vendor URL: https://en.ulicms.de/ Software Link:...

Dr. Fone 4.0.8 - 'net_updater32.exe' Unquoted Service Path

Exploit Title: Dr. Fone v4.0.8- 'netupdater32.exe' Unquoted Service Path Discovery Date: 2022-05-07 Discovery by: Esant1490 Vendor Homepage: https://drfone.wondershare.net Software Link : https://download.wondershare.net/drfonefull4008.exe Tested Version: 4.0.8 Tested on OS: Windows 10 Pro x64 en...

Delta Controls enteliTOUCH 3.40.3935 - Cross-Site Scripting (XSS)

Exploit Title: Delta Controls enteliTOUCH 3.40.3935 - Cross-Site Scripting XSS Exploit Author: LiquidWorm enteliTouch XSS input type="hidden" nam...

McAfee(R) Safe Connect VPN - Unquoted Service Path Elevation Of Privilege

Exploit Title: McAfee® Safe Connect VPN - Unquoted Service Path Elevation Of Privilege Date: 09/03/2022 Exploit Author: Saud Alenazi Vendor Homepage: https://www.mcafee.com/ Software Link: https://www.mcafee.com/en-us/vpn/mcafee-safe-connect.html Version: 2.13 Tested: Windows 10 x64 Contact:...

Wordpress Plugin Download Monitor WordPress V 4.4.4 - SQL Injection (Authenticated)

Exploit Title: Wordpress Plugin Download Monitor WordPress V 4.4.4 - SQL Injection Authenticated Date 28.01.2022 Exploit Author: Ron Jost Hacker5preme Vendor Homepage: https://www.download-monitor.com/ Software Link: https://downloads.wordpress.org/plugin/download-monitor.4.4.4.zip Version: 4.4.5...

Vodafone H-500-s 3.5.10 - WiFi Password Disclosure

Exploit Title: Vodafone H-500-s 3.5.10 - WiFi Password Disclosure Date: 01/01/2022 Exploit Author: Daniel Monzón stark0de Vendor Homepage: https://www.vodafone.es/ Software Link: N/A Version: Firmware version Vodafone-H-500-s-v3.5.10 Hardware model: Sercomm VFH500 The WiFi access point password...

PortableKanban 4.3.6578.38136 - Encrypted Password Retrieval

Exploit Title: PortableKanban 4.3.6578.38136 - Encrypted Password Retrieval Date: 9 Jan 2021 Exploit Author: rootabeta Vendor Homepage: The original page, https://dmitryivanov.net/, cannot be found at this time of writing. The vulnerable software can be downloaded from...

RM Downloader 2.50.60 2006.06.23 - 'Load' Local Buffer Overflow (EggHunter) (SEH) (PoC)

Exploit Title: RM Downloader 2.50.60 2006.06.23 - 'Load' Local Buffer Overflow EggHunter SEH PoC Exploit Author: Paras Bhatia Discovery Date: 2020-06-29 Vulnerable Software: RM Downloader Software Link Download: https://github.com/x00x00x00x00/RMDownloader2.50.60/raw/master/RMDownloader.exe...

OpenTFTP 1.66 - Local Privilege Escalation

Exploit Title: OpenTFTP 1.66 - Local Privilege Escalation Exploit Author: boku Date: 2020-02-12 Vendor Homepage: https://sourceforge.net/projects/tftp-server/ Software Link: https://sourceforge.net/projects/tftp-server/files/tftp%20server%20single%20port/OpenTFTPServerSPInstallerV1.66.exe/downloa...

NETGATE Data Backup 3.0.620 - 'NGDatBckpSrv' Unquoted Service Path

Exploit Title: NETGATE Data Backup 3.0.620 - 'NGDatBckpSrv' Unquoted Service Path Exploit Author : ZwX Exploit Date: 2019-12-04 Vendor Homepage : http://www.netgate.sk/ Link Software : http://www.netgate.sk/download/download.php?id=5 Tested on OS: Windows 7 Analyze PoC : ==============...

SMPlayer 19.5.0 - Denial of Service (PoC)

Title : SMPlayer 19.5.0 - Denial of Service PoC Tested on : Windows 7 64 bit Vulnerable Software: SMPlayer v 19.5.0 Exploit Author: Malav Vyas Vendor Homepage: https://smplayer.info Version : 19.5.0 Software Link : https://smplayer.info/en/downloads POC run this python file, which will generate...

Microsoft Windows Kernel - win32k.sys TTF Font Processing Pool Corruption in win32k!ulClearTypeFilter

We have encountered a Windows kernel crash in the win32k.sys driver while processing a corrupted TTF font file. An example crash log excerpt generated after triggering the bug is shown below: --- cut --- Fatal System Error: 0x00000050...

Android 7 - 9 VideoPlayer - 'ihevcd_parse_pps' Out-of-Bounds Write

CVE-2019-2107 - looks scary. Still remember Stagefright and PNG bugs vulns .... With CVE-2019-2107 the decoder/codec runs under mediacodec user and with properly "crafted" video with tiles enabled - pspps-i1tilesenabledflag you can possibly do RCE. The codec affected is HVEC a.k.a H.265 and MPEG-...

SPIP - 'connect' PHP Injection (Metasploit)

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3 'SPIP connect Parameter PHP Injection'...

CMSimple 5.15 - Remote Code Execution (RCE) (Authenticated)

Exploit Title: CMSimple 5.15 - Remote Command Execution Date: 04/28/2024 Exploit Author: Ahmet Ümit BAYRAM Vendor Homepage: https://www.cmsimple.org Software Link: https://www.cmsimple.org/downloadscmsimple50/CMSimple5-15.zip Version: latest Tested on: MacOS Log in to SimpleCMS. Go to Settings CM...

Siklu MultiHaul TG series < 2.0.0 - unauthenticated credential disclosure

Exploit Title: Siklu MultiHaul TG series - unauthenticated credential disclosure Date: 28-02-2024 Exploit Author: semaja2 Vendor Homepage: https://siklu.com/ Software Link: https://partners.siklu.com/home/frontdoor Version: 2.0.0 Tested on: 2.0.0 CVE : None assigned Instructions 1. Perform IPv6...

Petrol Pump Management Software v1.0 - 'Address' Stored Cross Site Scripting

Exploit Title: Petrol Pump Management Software v1.0 - 'Address' Stored Cross Site Scripting Date: 01-03-2024 Exploit Author: Shubham Pandey Vendor Homepage: https://www.sourcecodester.com Software Link: https://www.sourcecodester.com/php/17180/petrol-pump-management-software-free-download.html...

TPC-110W - Missing Authentication for Critical Function

include include include include include include int mainint argc, char argv int sock; struct sockaddrin servaddr; char command512; sock = socketAFINET, SOCKSTREAM, 0; if sock 0 perror"socket"; exit1; memset&servaddr, '0', sizeofservaddr; servaddr.sinfamily = AFINET; servaddr.sinport = htons8888; ...

Electrolink FM/DAB/TV Transmitter - Unauthenticated Remote DoS

Electrolink FM/DAB/TV Transmitter Unauthenticated Remote DoS Vendor: Electrolink s.r.l. Product web page: https://www.electrolink.com Affected version: 10W, 100W, 250W, Compact DAB Transmitter 500W, 1kW, 2kW Medium DAB Transmitter 2.5kW, 3kW, 4kW, 5kW High Power DAB Transmitter 100W, 500W, 1kW, 2...

GoAhead Web Server 2.5 - 'goform/formTest' Multiple HTML Injection Vulnerabilities

Exploit Title: GoAhead Web Server 2.5 - 'goform/formTest' Multiple HTML Injection Vulnerabilities Date: 25/9/2023 Exploit Author: Syed Affan Ahmed ZEROXINN Vendor Homepage: https://www.embedthis.com/goahead/ Affected Version: 2.5 may be others. Tested On Version: 2.5 in ZTE AC3630...

RWS WorldServer 11.7.3 - Session Token Enumeration

Exploit Title: RWS WorldServer 11.7.3 - Session Token Enumeration Session tokens in RWS WorldServer have a low entropy and can be enumerated, leading to unauthorised access to user sessions. Details ======= Product: WorldServer Affected Versions: 11.7.3 and earlier versions Fixed Version: 11.8.0...

Landa Driving School Management System 2.0.1 - Arbitrary File Upload

Exploit Title: Landa Driving School Management System 2.0.1 - Arbitrary File Upload Version 2.0.1 Google Dork: N/A Date: 17/01/2022 Exploit Author: Sohel Yousef - [email protected] Software Link: https://codecanyon.net/item/landa-driving-school-management-system/23220151 Landa Driving Schoo...

Nyron 1.0 - SQLi (Unauthenticated)

Exploit Title: Nyron 1.0 - SQLi Unauthenticated Google Dork: inurl:"winlib.aspx" Date: 01/18/2021 Exploit Author: Miguel Santareno Vendor Homepage: http://www.wecul.pt/ Software Link: http://www.wecul.pt/solucoes/bibliotecas/ Version: 3. Research: https://miguelsantareno.github.io/edp.pdf...

Online Admission System 1.0 - Remote Code Execution (RCE) (Unauthenticated)

Exploit Title: Online Admission System 1.0 - Remote Code Execution RCE Unauthenticated Date: 23/12/2021 Exploit Author: Jeremiasz Pluta Vendor Homepage: https://github.com/rskoolrash/Online-Admission-System Software Link: https://github.com/rskoolrash/Online-Admission-System Tested on: LAMP Stack...

Vianeos OctoPUS 5 - 'login_user' SQLi

Exploit Title: Vianeos OctoPUS 5 - 'loginuser' SQLi Date: 01/07/2021 Exploit Author: Audencia Business SCHOOL Vendor Homepage: http://www.vianeos.com/en/home-vianeos/ Software Link: http://www.vianeos.com/en/octopus/ Version: V5 Tested on: Fedora / Apache2 / MariaDB Octopus V5 SQLi The "loginuser...

Online News Portal 1.0 - 'Multiple' Stored Cross-Site Scripting

Exploit Title: Online News Portal 1.0 - 'Multiple' Stored Cross-Site Scripting Exploit Author: Richard Jones Date: 2021-03-18 Vendor Homepage: https://www.sourcecodester.com/php/14741/online-news-portal-using-phpmysqli-free-download-source-code.html Software Link:...

Car Rental Management System 1.0 - SQL injection + Arbitrary File Upload

Exploit Title: Car Rental Management System 1.0 - SQL injection + Arbitrary File Upload Date: 09-11-2020 Exploit Author: Fortunato Lodari fox at thebrain dot net Vendor Homepage: https://www.sourcecodester.com/php/14544/car-rental-management-system-using-phpmysqli-source-code.html Software Link:...

Seat Reservation System 1.0 - Unauthenticated SQL Injection

Title: Seat Reservation System 1.0 - Unauthenticated SQL Injection Exploit Author: Rahul Ramkumar Date: 2020-09-16 Vendor Homepage: www.sourcecodester.com Software Link: https://www.sourcecodester.com/sites/default/files/download/oretnom23/seat-reservation-system-using-php0.zip Version: 1.0 Teste...

Quick Player 1.3 - '.m3l' Buffer Overflow (Unicode & SEH)

Exploit Title: Quick Player 1.3 - '.m3l' Buffer Overflow Unicode & SEH Date: 2020-06-05 Author: Felipe Winsnes Software Link: http://download.cnet.com/Quick-Player/3640-21684-10871418.html Version: 1.3 Tested on: Windows 7 Proof of Concept: 1.- Run the python script "poc.py", it will create a new...

Online Job Portal 1.0 - Cross Site Request Forgery (Add User)

Exploit Title: Online Job Portal 1.0 - Cross Site Request Forgery Add User Dork: N/A Date: 2020-02-06 Exploit Author: Ihsan Sencan Vendor Homepage: https://www.sourcecodester.com/php/13850/online-job-portal-phppdo.html Software Link:...

Restaurant Management System 1.0 - Remote Code Execution

Exploit Title: Restaurant Management System 1.0 - Remote Code Execution Date: 2019-10-16 Exploit Author: Ibad Shah Vendor Homepage: https://www.sourcecodester.com/users/lewa Software Link: https://www.sourcecodester.com/php/11815/restaurant-management-system.html Version: N/A Tested on: Apache...

Joomla! 3.7.0 - 'com_fields' SQL Injection

Exploit Title: Joomla 3.7.0 - Sql Injection Date: 05-19-2017 Exploit Author: Mateus Lino Reference: https://blog.sucuri.net/2017/05/sql-injection-vulnerability-joomla-3-7.html Vendor Homepage: https://www.joomla.org/ Version: = 3.7.0 Tested on: Win, Kali Linux x64, Ubuntu, Manjaro and Arch Linux...

Linksys E-series - Remote Code Execution

!/usr/bin/php ?php / Exploit for 0day linksys unauthenticated remote code execution vulnerability. As exploited by TheMoon worm; Discovered in the wild on Feb 13, 2013 by Johannes Ullrich. I was hoping this would stay under-wraps until a firmware patch could be released, but it appears the cat is...

PHPMyManga 0.8.1 - 'template.php' Multiple File Inclusions

+------------------------------------------------------------------------------------------- + PhpMyManga +------------------------------------------------------------------------------------------- + Details: + Input passed to the 'actionsPage' or 'formPage' parameter in template.php is not...

Mambo Component CopperminePhotoGalery - Remote File Inclusion

CopperminePhotoGallery Component Found By k1tk4t Indonesia This bug allows a remote atacker to execute commands via RFI file: cpg.php bug: require $mosConfigabsolutepath."/administrator/components/comcpg/config.cpg.php"; path: add in cpg.php defined 'VALIDMOS' or die 'hacking attemp.' ; dork:...

Helpdeskz v2.0.2 - Stored XSS

Exploit Title: Stored XSS Vulnerability via File Name Google Dork: N/A Date: 08 Aug 2024 Exploit Author: Md. Sadikul Islam Vendor Homepage: https://www.helpdeskz.com/ Software Link: https://github.com/helpdesk-z/helpdeskz-dev/archive/2.0.2.zip Version: v2.0.2 Tested on: Kali Linux / Firefox...

Purei CMS 1.0 - SQL Injection

Exploit Title: Purei CMS 1.0 - SQL Injection Date: 27-03-2024 Exploit Author: Number 7 Vendor Homepage: purei.com Version: 1.0 Tested on: Linux Introduction: An SQL injection vulnerability permits attackers to modify backend SQL statements through manipulation of user input. Such an injection...