47884 matches found
WooCommerce v7.1.0 - Remote Code Execution(RCE)
Title: Wordpress Plugin WooCommerce v7.1.0 - Remote Code ExecutionRCE Date: 2022-12-07 Author: Milad Karimi Vendor Homepage: https://wordpress.org/plugins/woocommerce Software Link: https://wordpress.org/plugins/woocommerce Tested on: windows 10 , firefox Version: 7.1.0 CVE : N/A Description:...
WordPress Plugin WP User Frontend 3.5.25 - SQLi (Authenticated)
Exploit Title: WordPress Plugin WP User Frontend 3.5.25 - SQLi Authenticated Date 20.02.2022 Exploit Author: Ron Jost Hacker5preme Vendor Homepage: https://wedevs.com/ Software Link: https://downloads.wordpress.org/plugin/wp-user-frontend.3.5.25.zip Version: 3.5.25 Tested on: Ubuntu 20.04 CVE:...
Online Traffic Offense Management System 1.0 - Multiple XSS (Unauthenticated)
Exploit Title: Online Traffic Offense Management System 1.0 - Multiple XSS Unauthenticated Date: 07/10/2021 Exploit Author: Hubert Wojciechowski Contact Author: [email protected] Vendor Homepage: https://www.sourcecodester.com Software Link:...
Dairy Farm Shop Management System 1.0 - SQL Injection Authentication Bypass
Exploit Title: Dairy Farm Shop Management System 1.0 - SQL Injection Authentication Bypass Date: 2021-09-30 Exploit Author: sanjay singh Vendor Homepage: https://phpgurukul.com/ Software Link: https://phpgurukul.com/dairy-farm-shop-management-system-using-php-and-mysql/ Version: v1.0 Tested on:...
Podcast Generator 3.1 - 'Long Description' Persistent Cross-Site Scripting (XSS)
Exploit Title: Podcast Generator 3.1 - 'Long Description' Persistent Cross-Site Scripting XSS Date: 13/05/2021 Exploit Author: Ayşenur KARAASLAN Vendor Homepage: https://podcastgenerator.net/demoV2/ Software Link: https://podcastgenerator.net/download and...
OpenEMR 4.1.0 - 'u' SQL Injection
Exploit Title: OpenEMR 4.1.0 - 'u' SQL Injection Date: 2021-04-03 Exploit Author: Michael Ikua Vendor Homepage: https://www.open-emr.org/ Software Link: https://github.com/openemr/openemr/archive/refs/tags/v410.zip Version: 4.1.0 Original Advisory:...
Jenzabar 9.2.2 - 'query' Reflected XSS.
Exploit Title: Jenzabar 9.2.2 - 'query' Reflected XSS. Date: 2021–02–06 Exploit Author: y0ungdst Vendor Homepage: https://jenzabar.com Version: Jenzabar — v9.2.0-v9.2.1-v9.2.2 and maybe other versions Tested on: Windows 10 CVE : CVE-2021–26723 -Description: A Reflected Cross-site scripting XSS...
LiteManager 4.5.0 - 'romservice' Unquoted Serive Path
Exploit Title : LiteManager 4.5.0 - 'romservice' Unquoted Serive Path Date : 2019-10-15 Exploit Author : Cakes Vendor: LiteManager Team Version : LiteManager 4.5.0 Software: http://html.tucows.com/preview/1594042/LiteManager-Free?q=remote+support Tested on Windows 10 CVE : N/A c:\sc qc romservice...
WordPress Core 4.7.0/4.7.1 - Content Injection (Ruby)
Exploit Title: WP Content Injection Date: 31 Jan' 2017 Exploit Author: Harsh Jaiswal Vendor Homepage: http://wordpress.org Version: Wordpress 4.7 - 4.7.1 Patched in 4.7.2 Tested on: Backbox ubuntu Linux Based on https://blog.sucuri.net/2017/02/content-injection-vulnerability-wordpress-rest-api.ht...
UPS Network Management Card 4 - Path Traversal
Exploit Title: UPS Network Management Card 4 - Path Traversal Google Dork: inurl:nmc inurl:logon.htm Date: 2023-12-19 Exploit Author: Víctor García Vendor Homepage: https://www.apc.com/ Version: 4 Tested on: Kali Linux CVE: N/A PoC: curl -k...
Hide My WP < 6.2.9 - Unauthenticated SQLi
Exploit Title: Wordpress Plugin Hide My WP 6.2.9 - Unauthenticated SQLi Publication Date: 2023-01-11 Original Researcher: Xenofon Vassilakopoulos Exploit Author: Xenofon Vassilakopoulos Submitter: Xenofon Vassilakopoulos Vendor Homepage: https://wpwave.com/ Version: Hide My WP v6.2.8 and prior...
Zoo Management System 1.0 - Unauthenticated RCE
Exploit Title: Zoo Management System 1.0 - Unauthenticated RCE Date: 16.10.2023 Exploit Author: Çağatay Ceyhan Vendor Homepage: https://www.sourcecodester.com/php/15347/zoo-management-system-source-code-php-mysql-database.htmlgooglevignette Software Link:...
Adlisting Classified Ads 2.14.0 - WebPage Content Information Disclosure
Exploit Title: Adlisting Classified Ads 2.14.0 - WebPage Content Information Disclosure Exploit Author: CraCkEr Date: 25/07/2023 Vendor: Templatecookie Vendor Homepage: https://templatecookie.com/ Software Link: https://templatecookie.com/demo/adlisting-classified-ads-script Version: 2.14.0 Teste...
Admidio v4.2.10 - Remote Code Execution (RCE)
Exploit Title: Admidio v4.2.10 - Remote Code Execution RCE Application: Admidio Version: 4.2.10 Bugs: RCE Technology: PHP Vendor URL: https://www.admidio.org/ Software Link: https://www.admidio.org/download.php Date of found: 10.07.2023 Author: Mirabbas Ağalarov Tested on: Linux 2. Technical...
PyLoad 0.5.0 - Pre-auth Remote Code Execution (RCE)
Exploit Title: PyLoad 0.5.0 - Pre-auth Remote Code Execution RCE Date: 06-10-2023 Credits: bAu @bauh0lz Exploit Author: Gabriel Lima 0xGabe Vendor Homepage: https://pyload.net/ Software Link: https://github.com/pyload/pyload Version: 0.5.0 Tested on: Ubuntu 20.04.6 CVE: CVE-2023-0297 import...
Sielco PolyEco Digital FM Transmitter 2.0.6 - Authorization Bypass Factory Reset
Exploit Title: Sielco PolyEco Digital FM Transmitter 2.0.6 - Authorization Bypass Factory Reset Exploit Author: LiquidWorm Vendor: Sielco S.r.l Product web page: https://www.sielco.org Affected version: PolyEco1000 CPU:2.0.6 FPGA:10.19 PolyEco1000 CPU:1.9.4 FPGA:10.19 PolyEco1000 CPU:1.9.3...
m1k1o's Blog v.10 - Remote Code Execution (RCE) (Authenticated)
Exploit Title: m1k1o's Blog v.10 - Remote Code Execution RCE Authenticated Date: 2022-01-06 Exploit Author: Malte V Vendor Homepage: https://github.com/m1k1o/blog Software Link: https://github.com/m1k1o/blog/archive/refs/tags/v1.3.zip Version: 1.3 and below Tested on: Linux CVE : CVE-2022-23626...
DLINK DIR850 - Insecure Access Control
Exploit Title: DLINK DIR850 - Insecure Access Control Product: Dlink Model: DIR850 Date: 14/1/2022 CVE : CVE-2021-46378 Exploit Author: Ahmed Alroky Hardware version: b1 Firmware version: ET850-1.08TRb03 Vendor home page: https://www.dlink.com/ Exploit : Visit http:///config.dat...
Multi-Vendor Online Groceries Management System 1.0 - 'id' Blind SQL Injection
Exploit Title: Multi-Vendor Online Groceries Management System 1.0 - 'id' Blind SQL Injection Date: 11/02/2022 Exploit Author: Saud Alenazi Vendor Homepage: https://www.sourcecodester.com/ Software Link:...
Cypress Solutions CTM-200/CTM-ONE - Hard-coded Credentials Remote Root (Telnet/SSH)
Exploit Title: Cypress Solutions CTM-200/CTM-ONE - Hard-coded Credentials Remote Root Telnet/SSH Date: 21.09.2021 Exploit Author: LiquidWorm Vendor Homepage: https://www.cypress.bc.ca !/usr/bin/env python3 Cypress Solutions CTM-200/CTM-ONE Hard-coded Credentials Remote Root Telnet/SSH Vendor:...
WibuKey Runtime 6.51 - 'WkSvW32.exe' Unquoted Service Path
Exploit Title: WibuKey Runtime 6.51 - 'WkSvW32.exe' Unquoted Service Path Discovery by: Brian Rodriguez Date: 13-06-2021 Vendor Homepage: https://www.wibu.com Software Links: https://www.wibu.com/us/support/user/downloads-user-software/file/download/5792.html Tested Version: 6.51 Vulnerability...
TemaTres 3.0 - Cross-Site Request Forgery (Add Admin)
Exploit Title: TemaTres 3.0 — Cross-Site Request Forgery Add Admin Author: Pablo Santiago Date: 2019-11-14 Vendor Homepage: https://www.vocabularyserver.com/ Source: https://sourceforge.net/projects/tematres/files/TemaTres%203.0/tematres3.0.zip/download Version: 3.0 CVE : 2019–14345...
Microsoft IIS 6.0 - WebDAV 'ScStoragePathFromUrl' Remote Buffer Overflow
''' Description:Buffer overflow in the ScStoragePathFromUrl function in the WebDAV service in Internet Information Services IIS 6.0 in Microsoft Windows Server 2003 R2 allows remote attackers to execute arbitrary code via a long header beginning with "If: http://" in a PROPFIND request, as...
OpenEMR 4.1.1 - 'ofc_upload_image.php' Arbitrary File Upload
?php / OpenEMR 4.1.1 ofcuploadimage.php Arbitrary File Upload Vulnerability Vendor: OpenEMR Product web page: http://www.open-emr.org Affected version: 4.1.1 Summary: OpenEMR is a Free and Open Source electronic health records and medical practice management application that can run on Windows,...
Calibre-web 0.6.21 - Stored XSS
Exploit Title: Stored XSS in Calibre-web Date: 07/05/2024 Exploit Authors: Pentest-Tools.com Catalin Iovita & Alexandru Postolache Vendor Homepage: https://github.com/janeczku/calibre-web/ Version: 0.6.21 - Romesa Tested on: Linux 5.15.0-107, Python 3.10.12, lxml 4.9.4 CVE: CVE-2024-39123...
Oracle Database 12c Release 1 - Unquoted Service Path
Exploit Title: Oracle Database 12c Release 1 - Unquoted Service Path Date: 2024-07-31 Exploit Author: Milad Karimi Ex3ptionaL Contact: [email protected] Zone-H: www.zone-h.org/archive/notifier=Ex3ptionaL MiRROR-H: https://mirror-h.org/search/hacker/49626/ Vendor Homepage:...
Magnolia CMS 6.2.19 - Stored Cross-Site Scripting (XSS)
Exploit Title: Magnolia CMS 6.2.19 - Stored Cross-Site Scripting XSS Date: 08/05/2022 Exploit Author: Giulio Garzia 'Ozozuz' Vendor Homepage: https://www.magnolia-cms.com/ Software Link:...
Audio Conversion Wizard v2.01 - Buffer Overflow
Exploit Title: Audio Conversion Wizard v2.01 - Buffer Overflow Exploit Author: Hejap Zairy Date: 03.07.2022 Software Link: https://www.litexmedia.com/acwizard.exe Tested Version: v2.01 Tested on: Windows 10 64bit 1.- Run python code : 0day-HejapZairy.py 2.- Open 0dayHejap.txt and copy All content...
Backup Key Recovery 2.2.7 - Denial of Service (PoC)
Exploit Title: Backup Key Recovery 2.2.7 - Denial of Service PoC Date: 07/06/2021 Author: Erick Galindo Vendor Homepage: http://www.nsauditor.com Software http://www.nsauditor.com/downloads/backeyrecoverysetup.exe Version: 2.2.7.0 Tested on: Windows 10 Pro x64 es Proof of Concept: 1.- Copy printe...
H8 SSRMS - 'id' IDOR
Exploit Title: H8 SSRMS - 'id' IDOR Date: 01/31/2021 Exploit Author: Mohammed Farhan Vendor Homepage: https://www.height8tech.com/ Version: H8 SSRMS Tested on: Windows 10 Vulnerability Details ====================== Login to the application Navigate to Payment Section and Click on Print button. I...
Selea Targa IP OCR-ANPR Camera - Directory Traversal File Disclosure (Unauthenticated)
Exploit Title: Selea Targa IP OCR-ANPR Camera - Directory Traversal File Disclosure Unauthenticated Date: 07.11.2020 Exploit Author: LiquidWorm Vendor Homepage: https://www.selea.com Selea Targa IP OCR-ANPR Camera Unauthenticated Directory Traversal File Disclosure Vendor: Selea s.r.l. Product we...
GigToDo 1.3 - Cross-Site Scripting
Exploit Title: GigToDo - Freelance Marketplace Script v1.3 Persistent XSS Injection Google Dork: - Date: 2019/07/28 Author: m0ze Vendor Homepage: https://www.gigtodoscript.com Software Link: https://codecanyon.net/item/gigtodo-freelance-marketplace-script/23855397 Version: = 1.3 Tested on:...
A-PDF All to MP3 Converter 2.0.0 - DEP Bypass via HeapCreate + HeapAlloc
!/usr/bin/python Exploit Title: A-PDF All to MP3 Converter 2.0.0 - DEP Bypass with HeapCreate + HeapAlloc + somememorycopyfunction ROP chain Date: 16 November 2023 Exploit Author: George Washington Vendor Homepage: http://www.a-pdf.com/all-to-mp3/download.htm Software Link:...
Textpattern CMS v4.8.8 - Stored Cross-Site Scripting (XSS) (Authenticated)
Exploit Title: Textpattern CMS v4.8.8 - Stored Cross-Site Scripting XSS Authenticated Date: 2023-06-13 Exploit Author: tmrswrr Vendor Homepage: https://textpattern.com/ Software Link: https://textpattern.com/filedownload/118/textpattern-4.8.8.zip Version: v4.8.8 Tested :...
Pandora FMS v7.0NG.742 - Remote Code Execution (RCE) (Authenticated)
Exploit Title: Pandora FMS v7.0NG.742 - Remote Code Execution RCE Authenticated Date: 05/20/2022 Exploit Author: UNICORD NicPWNs & Dev-Yeoj Vendor Homepage: https://pandorafms.com/ Software Link:...
Hotel Druid 3.0.3 - Remote Code Execution (RCE)
Exploit Title: Hotel Druid 3.0.3 - Remote Code Execution RCE Date: 05/01/2022 Exploit Author: 0z09e https://twitter.com/0z09e Vendor Homepage: https://www.hoteldruid.com/ Software Link: https://www.hoteldruid.com/download/hoteldruid3.0.3.tar.gz Version: 3.0.3 CVE : CVE-2022-22909 !/usr/bin/python...
ConnectWise Control 19.2.24707 - Username Enumeration
Exploit Title: ConnectWise Control 19.2.24707 - Username Enumeration Date: 17/12/2021 Exploit Author: Luca Cuzzolin aka czz78 Vendor Homepage: https://www.connectwise.com/ Version: vulnerable = 19.2.24707 CVE : CVE-2019-16516 https://github.com/czz/ScreenConnect-UserEnum from multiprocessing impo...
RiteCMS 3.1.0 - Arbitrary File Overwrite (Authenticated)
Exploit Title: RiteCMS 3.1.0 - Arbitrary File Overwrite Authenticated Date: 25/07/2021 Exploit Author: faisalfs10x https://github.com/faisalfs10x Vendor Homepage: https://ritecms.com/ Software Link: https://github.com/handylulu/RiteCMS/releases/download/V3.1.0/ritecms.v3.1.0.zip Version: Browse...
GeoVision Geowebserver 5.3.3 - Local FIle Inclusion
Exploit Title: GeoVision Geowebserver 5.3.3 - LFI / XSS / HHI / RCE DynamicDNS Network to find: DIPMAP.COM / GVDIP.COM Date: 6-16-21 Vendor Notified Exploit Author: Ken 's1ngular1ty' Pyle Vendor Homepage: https://www.geovision.com.tw/cybersecurity.php Version: test HTTP/1.1 Absolute exploitation ...
ForgeRock Access Manager 14.6.3 - Remote Code Execution (RCE) (Unauthenticated)
Exploit Title: ForgeRock Access Manager/OpenAM 14.6.3 - Remote Code Execution RCE Unauthenticated Date: 2021-07-14 Exploit Author: Photubias – tijldotdeneutatHowestdotbe for www.ic4.be Vendor Advisory: 1 https://backstage.forgerock.com/knowledge/kb/article/a47894244 Vendor Homepage:...
Cisco UCS Manager 2.2(1d) - Remote Command Execution
Exploit Title: Cisco UCS Manager 2.21d - Remote Command Execution Description: An unspecified CGI script in Cisco FX-OS before 1.1.2 on Firepower 9000 devices and Cisco Unified Computing System UCS Manager before 2.24b, 2.25 before 2.25a, and 3.0 before 3.02e allows remote attackers to execute...
Privacy Drive v3.17.0 - 'pdsvc.exe' Unquoted Service Path
Exploit Title: Privacy Drive v3.17.0 - 'pdsvc.exe' Unquoted Service Path Date: 2020-8-20 Exploit Author: Mohammed Alshehri Vendor Homepage: https://www.cybertronsoft.com/ Software Link: https://www.cybertronsoft.com/download/privacy-drive-setup.exe Version: Version 3.17.0 Build 1456 Tested on:...
CMS Made Simple 2.2.14 - Persistent Cross-Site Scripting (Authenticated)
Exploit Title: CMS Made Simple 2.2.14 - Persistent Cross-Site Scripting Authenticated Google Dork: - Date: 2020-09-29 Exploit Author: Roel van Beurden Vendor Homepage: https://www.cmsmadesimple.org/ Software Link: http://s3.amazonaws.com/cmsms/downloads/14793/cmsms-2.2.14-install.zip Version:...
Sony Playstation 4 (PS4) < 7.02 / FreeBSD 9 / FreeBSD 12 - 'ip6_setpktopt' Kernel Local Privilege Escalation (PoC)
/ FreeBSD 12.0-RELEASE x64 Kernel Exploit Usage: $ clang -o exploit exploit.c -lpthread $ ./exploit / include include include include include include include include define KERNEL include undef KERNEL define WANTFILE include include include include include define WANTSOCKET include include define...
Sudo 1.8.25p - 'pwfeedback' Buffer Overflow (PoC)
Title: Sudo 1.8.25p - Buffer Overflow Date: 2020-01-30 Author: Joe Vennix Software: Sudo Versions: Sudo versions prior to 1.8.26 CVE: CVE-2019-18634 Reference: https://www.sudo.ws/alerts/pwfeedback.html Sudo's pwfeedback option can be used to provide visual feedback when the user is inputting the...
Online Course Registration 2.0 - Remote Code Execution
Exploit Title: Online Course Registration 2.0 - Remote Code Execution Exploit Author: Metin Yunus Kandemir Vendor Homepage: https://phpgurukul.com/ Software Link: https://phpgurukul.com/online-course-registration-free-download/ Version: v2.0 Category: Webapps Tested on: Xampp for Windows...
iMessage - Decoding NSSharedKeyDictionary can read ObjC Object at Attacker Controlled Address
During processing of incoming iMessages, attacker controlled data is deserialized using the NSUnarchiver API. One of the classes that is allowed to be decoded from the incoming data is NSDictionary. However, due to the logic of NSUnarchiver, all subclasses of NSDictionary that also implement secu...
AUO SunVeillance Monitoring System 1.1.9e - 'MailAdd' SQL Injection
Exploit Title: AUO SunVeillance Monitoring System 1.1.9e - 'MailAdd' SQL Injection Date: 2019-10-24 Exploit Author: Luca.Chiou Vendor Homepage: https://www.auo.com/zh-TW Version: AUO SunVeillance Monitoring System all versions prior to v1.1.9e Tested on: It is a proprietary devices:...
WordPress Plugin Arforms 3.7.1 - Directory Traversal
Exploit Title: WordPress Arforms 3.7.1 - Directory Traversal Date: 2019-09-27 Exploit Author: Ahmad Almorabea Updated version of the exploit can be found always at : http://almorabea.net/cve-2019-16902.txt Software Link: https://www.arformsplugin.com/documentation/changelog/ Version: 3.7.1 CVE ID...
ASX to MP3 converter 3.1.3.7 - '.asx' Local Stack Overflow (DEP)
Exploit Title: ASX to MP3 converter 3.1.3.7 - '.asx' Local Stack Overflow DEP Google Dork: N/A Date: 2019-10-06 Exploit Author: max7253 Vendor Homepage: http://www.mini-stream.net/ Software Link: https://www.exploit-db.com/apps/f4da5b43ca4b035aae55dfa68daa67c9-ASXtoMP3Converter.exe Version:...