47904 matches found
Malwarebytes 4.5 - Unquoted Service Path
Exploit Title: Malwarebytes 4.5 - Unquoted Service Path Date: 05/03/2022 Exploit Author: Hejap Zairy Vendor Homepage: https://www.malwarebytes.com/ Software Link: https://www.malwarebytes.com/mwb-download/ Version: 4.5.0 Tested: Windows 10 Pro x64 es C:\Users\Hejapsc qc MBAMService SC...
WordPress Plugin WP User Frontend 3.5.25 - SQLi (Authenticated)
Exploit Title: WordPress Plugin WP User Frontend 3.5.25 - SQLi Authenticated Date 20.02.2022 Exploit Author: Ron Jost Hacker5preme Vendor Homepage: https://wedevs.com/ Software Link: https://downloads.wordpress.org/plugin/wp-user-frontend.3.5.25.zip Version: 3.5.25 Tested on: Ubuntu 20.04 CVE:...
RiteCMS 3.1.0 - Arbitrary File Overwrite (Authenticated)
Exploit Title: RiteCMS 3.1.0 - Arbitrary File Overwrite Authenticated Date: 25/07/2021 Exploit Author: faisalfs10x https://github.com/faisalfs10x Vendor Homepage: https://ritecms.com/ Software Link: https://github.com/handylulu/RiteCMS/releases/download/V3.1.0/ritecms.v3.1.0.zip Version: Browse...
ConnectWise Control 19.2.24707 - Username Enumeration
Exploit Title: ConnectWise Control 19.2.24707 - Username Enumeration Date: 17/12/2021 Exploit Author: Luca Cuzzolin aka czz78 Vendor Homepage: https://www.connectwise.com/ Version: vulnerable = 19.2.24707 CVE : CVE-2019-16516 https://github.com/czz/ScreenConnect-UserEnum from multiprocessing impo...
Croogo 3.0.2 - Unrestricted File Upload
Exploit Title: Croogo 3.0.2 - Unrestricted File Upload Date: 06/12/2021 Exploit Author: Enes Özeser Vendor Homepage: https://croogo.org/ Software Link: https://downloads.croogo.org/v3.0.2.zip Version: 3.0.2 Tested on: Windows 10 Home Single Language 20H2 & WampServer 3.2.3 == 'setting-43'...
WibuKey Runtime 6.51 - 'WkSvW32.exe' Unquoted Service Path
Exploit Title: WibuKey Runtime 6.51 - 'WkSvW32.exe' Unquoted Service Path Discovery by: Brian Rodriguez Date: 13-06-2021 Vendor Homepage: https://www.wibu.com Software Links: https://www.wibu.com/us/support/user/downloads-user-software/file/download/5792.html Tested Version: 6.51 Vulnerability...
SOYAL Biometric Access Control System 5.0 - Master Code Disclosure
Exploit Title: SOYAL Biometric Access Control System 5.0 - Master Code Disclosure Date: 25.01.2021 Exploit Author: LiquidWorm Vendor Homepage: https://www.soyal.com.tw https://www.soyal.com Vendor: SOYAL Technology Co., Ltd Product web page: https://www.soyal.com.tw | https://www.soyal.com Affect...
Apartment Visitors Management System 1.0 - 'email' SQL Injection
Exploit Title: Apartment Visitors Management System 1.0 - 'email' SQL Injection Date: 20.01.2021 Exploit Author: CANKAT ÇAKMAK Vendor Homepage: https://phpgurukul.com/apartment-visitors-management-system-using-php-and-mysql/ Software Link:...
Cisco UCS Manager 2.2(1d) - Remote Command Execution
Exploit Title: Cisco UCS Manager 2.21d - Remote Command Execution Description: An unspecified CGI script in Cisco FX-OS before 1.1.2 on Firepower 9000 devices and Cisco Unified Computing System UCS Manager before 2.24b, 2.25 before 2.25a, and 3.0 before 3.02e allows remote attackers to execute...
HiSilicon Video Encoders - Unauthenticated file disclosure via path traversal
!/usr/bin/env bash Exploit Title: HiSilicon video encoders - unauthenticated file disclosure via path traversal Date: 2020-09-20 Exploit Author: Alexei Kojenov Vendor Homepage: https://www.szuray.com/ Software Link: N/A Version: up to 1.97 Tested on: Linux CVE: CVE-2020-24219 Vendors: URayTech...
YouPHPTube 7.4 - Remote Code Execution
Exploit Title: YouPHPTube &webSiteTitle=Zerodays.lol&databaseHost=&databaseName=&databasePass=&databasePort=&databaseUser="...
Pligg CMS 9.9.0 - Cross-Site Scripting / Local File Inclusion / SQL Injection
GulfTech Security Research July 30, 2008 Vendor : Pligg LLC URL : http://www.pligg.com/ Version : Pligg alertdocument.cookie; The above example link would display the end users cookie to them. Of course this can also be used to steal the cookie data as mentioned earlier in this advisory. Arbitrar...
Microsoft Defender for Endpoint (MDE) - Elevation of Privilege
!/bin/bash Exploit Title: Microsoft Defender for Endpoint MDE - Elevation of Privilege Date: 2025-05-27 Exploit Author: Rich Mirch Vendor Homepage: https://learn.microsoft.com/en-us/defender-endpoint/ Software Link:...
unzip-stream 0.3.1 - Arbitrary File Write
Exploit Title: unzip-stream 0.3.1 - Arbitrary File Write Date: 18th April, 2024 Exploit Author: Ardayfio Samuel Nii Aryee Software link: https://github.com/mhr3/unzip-stream Version: unzip-stream 0.3.1 Tested on: Ubuntu CVE: CVE-2024-42471 NB: Python's built-in zipfile module has limitations on t...
Hide My WP < 6.2.9 - Unauthenticated SQLi
Exploit Title: Wordpress Plugin Hide My WP 6.2.9 - Unauthenticated SQLi Publication Date: 2023-01-11 Original Researcher: Xenofon Vassilakopoulos Exploit Author: Xenofon Vassilakopoulos Submitter: Xenofon Vassilakopoulos Vendor Homepage: https://wpwave.com/ Version: Hide My WP v6.2.8 and prior...
Perch v3.2 - Stored XSS
Exploit Title: Perch v3.2 - Stored XSS Application: Perch Cms Version: v3.2 Bugs: XSS Technology: PHP Vendor URL: https://grabaperch.com/ Software Link: https://grabaperch.com/download Date of found: 21.07.2023 Author: Mirabbas Ağalarov Tested on: Linux 2. Technical Details & POC...
BuildaGate5library v5 - Reflected Cross-Site Scripting (XSS)
Exploit Title: BuildaGate5library v5 - Reflected Cross-Site Scripting XSS Date: 06/07/2023 Exploit Author: Idan Malihi Vendor Homepage: None Version: 5 Tested on: Microsoft Windows 10 Pro CVE : CVE-2023-36163 PoC: An attacker just needs to find the vulnerable parameter mc= and inject the JS code...
Multi-Vendor Online Groceries Management System 1.0 - 'id' Blind SQL Injection
Exploit Title: Multi-Vendor Online Groceries Management System 1.0 - 'id' Blind SQL Injection Date: 11/02/2022 Exploit Author: Saud Alenazi Vendor Homepage: https://www.sourcecodester.com/ Software Link:...
Online Food Ordering System 2.0 - Remote Code Execution (RCE) (Unauthenticated)
Exploit Title: Online Food Ordering System 2.0 - Remote Code Execution RCE Unauthenticated Exploit Author: Abdullah Khawaja hax.3xploit Date: 2021-09-20 Vendor Homepage: https://www.sourcecodester.com/php/14951/online-food-ordering-system-php-and-sqlite-database-free-source-code.html Software Lin...
Jenzabar 9.2.2 - 'query' Reflected XSS.
Exploit Title: Jenzabar 9.2.2 - 'query' Reflected XSS. Date: 2021–02–06 Exploit Author: y0ungdst Vendor Homepage: https://jenzabar.com Version: Jenzabar — v9.2.0-v9.2.1-v9.2.2 and maybe other versions Tested on: Windows 10 CVE : CVE-2021–26723 -Description: A Reflected Cross-site scripting XSS...
CMS Made Simple 2.2.14 - Persistent Cross-Site Scripting (Authenticated)
Exploit Title: CMS Made Simple 2.2.14 - Persistent Cross-Site Scripting Authenticated Google Dork: - Date: 2020-09-29 Exploit Author: Roel van Beurden Vendor Homepage: https://www.cmsmadesimple.org/ Software Link: http://s3.amazonaws.com/cmsms/downloads/14793/cmsms-2.2.14-install.zip Version:...
Watcharr 1.43.0 - Remote Code Execution (RCE)
Exploit Title : Watcharr 1.43.0 - Remote Code Execution RCE CVE-2024-48827 exploit by Suphawith Phusanbai Affected Watcharr version 1.43.0 and below. import argparse import requests import json import jwt from pyfiglet import Figlet f = Figletfont='slant',width=100 printf.renderText'CVE-2024-4882...
A-PDF All to MP3 Converter 2.0.0 - DEP Bypass via HeapCreate + HeapAlloc
!/usr/bin/python Exploit Title: A-PDF All to MP3 Converter 2.0.0 - DEP Bypass with HeapCreate + HeapAlloc + somememorycopyfunction ROP chain Date: 16 November 2023 Exploit Author: George Washington Vendor Homepage: http://www.a-pdf.com/all-to-mp3/download.htm Software Link:...
Perch v3.2 - Remote Code Execution (RCE)
Exploit Title: Perch v3.2 - Remote Code Execution RCE Application: Perch Cms Version: v3.2 Bugs: RCE Technology: PHP Vendor URL: https://grabaperch.com/ Software Link: https://grabaperch.com/download Date of found: 21.07.2023 Author: Mirabbas Ağalarov Tested on: Linux 2. Technical Details & POC...
Backdrop Cms v1.25.1 - Stored Cross-Site Scripting (XSS)
Exploit Title: Backdrop Cms v1.25.1 - Stored Cross-Site Scripting XSS Application: Backdrop Cms Version: v1.25.1 Bugs: Stored Xss Technology: PHP Vendor URL: https://backdropcms.org/ Software Link: https://github.com/backdrop/backdrop/releases/download/1.25.1/backdrop.zip Date of found: 12-07-202...
projectSend r1605 - CSV injection
Exploit Title: projectSend r1605 - CSV injection Version: r1605 Bugs: CSV Injection Technology: PHP Vendor URL: https://www.projectsend.org/ Software Link: https://www.projectsend.org/ Date of found: 11-06-2023 Author: Mirabbas Ağalarov Tested on: Windows 2. Technical Details & POC...
Anevia Flamingo XL 3.6.20 - Authenticated Root Remote Code Execution
Exploit Title: Anevia Flamingo XL 3.6.20 - Authenticated Root Remote Code Execution Exploit Author: LiquidWorm Vendor: Ateme Product web page: https://www.ateme.com Affected version: 3.6.20, 3.2.9 Hardware revision 1.1, 1.0 SoapLive 2.4.1, 2.0.3 SoapSystem 1.3.1 Summary: Flamingo XL, a new modula...
Multi-Vendor Online Groceries Management System 1.0 - Remote Code Execution
Exploit Title: Multi-Vendor Online Groceries Management System 1.0 - Remote Code Execution RCE Date: 4/23/2023 Author: Or4nG.M4n Vendor Homepage: https://www.sourcecodester.com/ Software Link:...
Magnolia CMS 6.2.19 - Stored Cross-Site Scripting (XSS)
Exploit Title: Magnolia CMS 6.2.19 - Stored Cross-Site Scripting XSS Date: 08/05/2022 Exploit Author: Giulio Garzia 'Ozozuz' Vendor Homepage: https://www.magnolia-cms.com/ Software Link:...
Ametys CMS v4.4.1 - Cross Site Scripting (XSS)
Exploit Title: Ametys CMS v4.4.1 - Cross Site Scripting XSS Exploit Author: Vulnerability-Lab Date: 21/01/2022 Document Title: =============== Ametys v4.4.1 CMS - Cross Site Scripting Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2275...
Chikitsa Patient Management System 2.0.2 - 'plugin' Remote Code Execution (RCE) (Authenticated)
Exploit Title: Chikitsa Patient Management System 2.0.2 - Remote Code Execution RCE Authenticated Date: 03/12/2021 Exploit Author: 0z09e https://twitter.com/0z09e Vendor Homepage: https://sourceforge.net/u/dharashah/profile/ Software Link:...
Simple Issue Tracker System 1.0 - SQLi Authentication Bypass
Exploit Title: Simple Issue Tracker System 1.0 - SQLi Authentication Bypass Date: 11.10.2021 Exploit Author: Bekir Bugra TURKOGLU Vendor Homepage: https://www.sourcecodester.com/php/14938/simple-issue-tracker-system-project-using-php-and-sqlite-free-download.html Software Link:...
Dairy Farm Shop Management System 1.0 - SQL Injection Authentication Bypass
Exploit Title: Dairy Farm Shop Management System 1.0 - SQL Injection Authentication Bypass Date: 2021-09-30 Exploit Author: sanjay singh Vendor Homepage: https://phpgurukul.com/ Software Link: https://phpgurukul.com/dairy-farm-shop-management-system-using-php-and-mysql/ Version: v1.0 Tested on:...
Microsoft Windows cmd.exe - Stack Buffer Overflow
Title: Microsoft Windows cmd.exe - Stack Buffer Overflow Author: John Page aka hyp3rlinx Date: 15/09/2021 Source: http://hyp3rlinx.altervista.org/advisories/MICROSOFT-WINDOWS-CMD.EXE-STACK-BUFFER-OVERFLOW.txt ISR: ApparitionSec Vendor www.microsoft.com Product cmd.exe is the default command-line...
H8 SSRMS - 'id' IDOR
Exploit Title: H8 SSRMS - 'id' IDOR Date: 01/31/2021 Exploit Author: Mohammed Farhan Vendor Homepage: https://www.height8tech.com/ Version: H8 SSRMS Tested on: Windows 10 Vulnerability Details ====================== Login to the application Navigate to Payment Section and Click on Print button. I...
Privacy Drive v3.17.0 - 'pdsvc.exe' Unquoted Service Path
Exploit Title: Privacy Drive v3.17.0 - 'pdsvc.exe' Unquoted Service Path Date: 2020-8-20 Exploit Author: Mohammed Alshehri Vendor Homepage: https://www.cybertronsoft.com/ Software Link: https://www.cybertronsoft.com/download/privacy-drive-setup.exe Version: Version 3.17.0 Build 1456 Tested on:...
LiteManager 4.5.0 - 'romservice' Unquoted Serive Path
Exploit Title : LiteManager 4.5.0 - 'romservice' Unquoted Serive Path Date : 2019-10-15 Exploit Author : Cakes Vendor: LiteManager Team Version : LiteManager 4.5.0 Software: http://html.tucows.com/preview/1594042/LiteManager-Free?q=remote+support Tested on Windows 10 CVE : N/A c:\sc qc romservice...
Streamripper 2.6 - 'Song Pattern' Buffer Overflow
!/usr/bin/python Exploit Title: StreamRipper32 Buffer Overflow Date: 07/2019 Exploit Author: Andrey Stoykov OSCP Tested On: Win7 SP1 x64 Software Link: http://streamripper.sourceforge.net/sr32/StreamRipper3226.exe Version: 2.6 Steps To Reproduce: Double click on "Add" in the "Station/Song Section...
WordPress Core 4.7.0/4.7.1 - Content Injection (Ruby)
Exploit Title: WP Content Injection Date: 31 Jan' 2017 Exploit Author: Harsh Jaiswal Vendor Homepage: http://wordpress.org Version: Wordpress 4.7 - 4.7.1 Patched in 4.7.2 Tested on: Backbox ubuntu Linux Based on https://blog.sucuri.net/2017/02/content-injection-vulnerability-wordpress-rest-api.ht...
osCommerce 2.3.4 - Multiple Vulnerabilities
Title: osCommerce 2.3.4 - Multiple vulnerabilities Date: 10.07.14 Affected versions: = 2.3.4 latest atm Vendor: oscommerce.com Tested on: Apache 2.2.22 at Debian Contact: smash at devilteam.pl Cross Site Scripting 1. Reflected XSS - Send Email Vulnerable parameters - customersemailaddress &...
Xoops 2.5.4 - Blind SQL Injection
------------------------------------------ Xoops 2.5.4 Blind SQL Injection ------------------------------------------ Dork: "Powered by XOOPS 2.5.4" Download: http://sourceforge.net/projects/xoops/ Date: 10/12/2011 Author: blkhtc0rp Mail: blkhtc0rpatyahoodotcom Tested on: Freebsd 8 and Debian...
compop.ca 3.5.3 - Arbitrary code Execution
Exploit Title: compop.ca 3.5.3 - Arbitrary code Execution Google Dork: Terms of Use inurl:compop.vip Date: 22/12/2024 Exploit Author: dmlino Vendor Homepage: https://www.compop.ca/ Version: 3.5.3 CVE : CVE-2024-48445 The restaurant management system implements authentication using a Unix timestam...
GL-iNet MT6000 4.5.5 - Arbitrary File Download
Exploit Title: GL-iNet MT6000 4.5.5 - Arbitrary File Download CVE: CVE-2024-27356 Google Dork: intitle:"GL.iNet Admin Panel" Date: 2/26/2024 Exploit Author: Bandar Alharbi aggressor Vendor Homepage: www.gl-inet.com Tested Software Link:...
Admidio v4.2.10 - Remote Code Execution (RCE)
Exploit Title: Admidio v4.2.10 - Remote Code Execution RCE Application: Admidio Version: 4.2.10 Bugs: RCE Technology: PHP Vendor URL: https://www.admidio.org/ Software Link: https://www.admidio.org/download.php Date of found: 10.07.2023 Author: Mirabbas Ağalarov Tested on: Linux 2. Technical...
projectSend r1605 - Stored XSS
Exploit Title: projectSend r1605 - Stored XSS Application: projectSend Version: r1605 Bugs: Stored Xss Technology: PHP Vendor URL: https://www.projectsend.org/ Software Link: https://www.projectsend.org/ Date of found: 11-06-2023 Author: Mirabbas Ağalarov Tested on: Linux 2. Technical Details & P...
Enrollment System Project v1.0 - SQL Injection Authentication Bypass (SQLI)
Exploit Title: Enrollment System Project v1.0 - SQL Injection Authentication Bypass SQLI Date of found: 18/05/2023 Exploit Author: VIVEK CHOUDHARY @sudovivek Version: V1.0 Tested on: Windows 10 Vendor Homepage: https://www.sourcecodester.com Software Link:...
unilogies/bumsys v1.0.3 beta - Unrestricted File Upload
Exploit Title: - unilogies/bumsys v1.0.3-beta - Unrestricted File Upload Google Dork : NA Date: 19-01-2023 Exploit Author: AFFAN AHMED Vendor Homepage: https://github.com/unilogies/bumsys Software Link: https://github.com/unilogies/bumsys/archive/refs/tags/v1.0.3-beta.zip Version: 1.0.3-beta Test...
Sielco PolyEco Digital FM Transmitter 2.0.6 - Authorization Bypass Factory Reset
Exploit Title: Sielco PolyEco Digital FM Transmitter 2.0.6 - Authorization Bypass Factory Reset Exploit Author: LiquidWorm Vendor: Sielco S.r.l Product web page: https://www.sielco.org Affected version: PolyEco1000 CPU:2.0.6 FPGA:10.19 PolyEco1000 CPU:1.9.4 FPGA:10.19 PolyEco1000 CPU:1.9.3...
Best pos Management System v1.0 - SQL Injection
Exploit Title: Best pos Management System v1.0 - SQL Injection Google Dork: NA Date: 14/2/2023 Exploit Author: Ahmed Ismail @MrOz1l Vendor Homepage: https://www.sourcecodester.com/php/16127/best-pos-management-system-php.html Software Link:...
Pandora FMS v7.0NG.742 - Remote Code Execution (RCE) (Authenticated)
Exploit Title: Pandora FMS v7.0NG.742 - Remote Code Execution RCE Authenticated Date: 05/20/2022 Exploit Author: UNICORD NicPWNs & Dev-Yeoj Vendor Homepage: https://pandorafms.com/ Software Link:...