CE Phoenix Version 1.0.8.20 - Stored XSS

Exploit Title: CE Phoenix Version 1.0.8.20 - Stored XSS Date: 2023-11-25 Exploit Author: tmrswrr Category : Webapps Vendor Homepage: https://phoenixcart.org/ Version: v3.0.1 Tested on: https://www.softaculous.com/apps/ecommerce/CEPhoenix POC: 1-Login admin panel , go to this url :...

KLiK Social Media Website 1.0 - 'Multiple' SQLi

Exploit Title: KLiK Social Media Website 1.0 - 'Multiple' SQLi Date: April 1st, 2022 Exploit Author: corpse Vendor Homepage: https://github.com/msaad1999/KLiK-SocialMediaWebsite Software Link: https://github.com/msaad1999/KLiK-SocialMediaWebsite Version: 1.0 Tested on: Debian 11 Parameter: poll G...

Thinfinity VirtualUI 2.5.26.2 - Information Disclosure

Exploit Title: Thinfinity VirtualUI 2.5.26.2 - Information Disclosure Date: 18/01/2022 Exploit Author: Daniel Morales Vendor: https://www.cybelesoft.com Software Link: https://www.cybelesoft.com/thinfinity/virtualui/ Version vulnerable: Thinfinity VirtualUI ?...

Pharmacy Point of Sale System 1.0 - 'Multiple' SQL Injection (SQLi)

Exploit Title: Pharmacy Point of Sale System 1.0 - 'Multiple' SQL Injection SQLi Date: 28.09.2021 Exploit Author: Murat Vendor Homepage: https://www.sourcecodester.com/php/14957/pharmacy-point-sale-system-using-php-and-sqlite-free-source-code.html Software Link:...

COMMAX WebViewer ActiveX Control 2.1.4.5 - 'Commax_WebViewer.ocx' Buffer Overflow

Exploit Title: COMMAX WebViewer ActiveX Control 2.1.4.5 - 'CommaxWebViewer.ocx' Buffer Overflow Date: 02.08.2021 Exploit Author: LiquidWorm Vendor Homepage: https://www.commax.com COMMAX WebViewer ActiveX Control 2.1.4.5 CommaxWebViewer.ocx Buffer Overflow Vendor: COMMAX Co., Ltd. Prodcut web pag...

Teachers Record Management System 1.0 - 'email' Stored Cross-site Scripting (XSS)

Exploit Title: Teachers Record Management System 1.0 – 'email' Stored Cross-site Scripting XSS Date: 05-10-2021 Exploit Author: nhattruong Vendor Homepage: https://phpgurukul.com Software Link: https://phpgurukul.com/teachers-record-management-system-using-php-and-mysql/ Version: 1.0 Tested on:...

Printable Staff ID Card Creator System 1.0 - 'email' SQL Injection

Exploit Title: Printable Staff ID Card Creator System 1.0 - SQLi & RCE via Arbitrary File Upload Date: 2021-05-16 Exploit Author : bwnz Software Link: https://www.sourcecodester.com/php/12802/php-staff-id-card-creation-and-printing-system.html Version: 1.0 Tested on: Ubuntu 20.04.2 LTS Printable...

DigitalPersona 4.5.0.2213 - 'DpHostW' Unquoted Service Path

Exploit Title: DigitalPersona 4.5.0.2213 - 'DpHostW' Unquoted Service Path Exploit Author : SamAlucard Exploit Date: 2020-11-08 Vendor : DigitalPersona U. are U. One Touch Version : DigitalPersona Pro 4.5.0.2213 Vendor Homepage : https://www.hidglobal.com/crossmatch Tested on OS: Windows 10 Home...

CuteNews 2.1.2 - Authenticated Arbitrary File Upload

Exploit Title: CuteNews 2.1.2 - Authenticated Arbitrary File Upload Date: 2020-05-12 Author: Vigov5 - SunCSR Team Vendor Homepage: https://cutephp.com Software Link: https://cutephp.com/click.php?cutenewslatest Version: v2.1.2 Tested on: Ubuntu 18.04 / Kali Linux Description:...

PHP Laravel Framework 5.5.40 / 5.6.x < 5.6.30 - token Unserialize Remote Command Execution (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'PHP Laravel Framework token Unserialize Remote Command Execution', 'Description' = %q This module exploits a vulnerability in the PHP Laravel...

Linux Kernel < 4.4.0/ < 4.8.0 (Ubuntu 14.04/16.04 / Linux Mint 17/18 / Zorin) - Local Privilege Escalation (KASLR / SMEP)

// A proof-of-concept local root exploit for CVE-2017-1000112. // Includes KASLR and SMEP bypasses. No SMAP bypass. // Tested on: // - Ubuntu trusty 4.4.0 kernels // - Ubuntu xenial 4.4.0 and 4.8.0 kernels // - Linux Mint rosa 4.4.0 kernels // - Linux Mint sarah 4.8.0 kernels // - Zorin OS 12.1...

Linux Kernel 4.15.x < 4.19.2 - 'map_write() CAP_SYS_ADMIN' Local Privilege Escalation (cron Method)

!/bin/sh EDB Note: Download https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/47164.zip wrapper for Jann Horn's exploit for CVE-2018-18955 uses crontab technique --- test@linux-mint-19-2:/kernel-exploits/CVE-2018-18955$ ./exploit.cron.sh Compiling... Writing payload...

TP-Link WR940N - (Authenticated) Remote Code

import urllib2 import base64 import hashlib from optparse import import sys import urllibbanner = "\n" "WR940N Authenticated Remote Code Exploit\n" "This exploit will open a bind shell on the remote target\n" "The port is 31337, you can change that in the code if you wish\n" "This exploit require...

Fritz!Box - Remote Command Execution

App : Fritz!Box Author : 0x4148 Fritz!Box is Networking/voice Over ip router produced by AVM it suffer from Unauthenticated remote command execution flaw Poc : https://ip/cgi-bin/webcm?getpage=../html/menus/menu2.html&var:lang=%26%20cat%20/var/flash/voip.cfg%20%26 0x4148rise...

KCFinder 2.51 - Local File Disclosure

--------------------------------------------------- Exploit Title: KCFinder Local File Disclosure Author: DaOne Vendor Homepage: http://kcfinder.sunhater.com/ Category: webapps/php Version: 2.51 + old versions Google dork: inurl:kcfinder/browse.php...

Microsoft Windows - CSRSS Privilege Escalation (MS05-018)

include include include pragma comment lib,"Advapi32.lib" typedef struct CONSOLESTATEINFO / 0x00 / DWORD cbSize; / 0x04 / COORD ScreenBufferSize; / 0x08 / COORD WindowSize; / 0x0c / POINT WindowPosition; / 0x14 / COORD FontSize; / 0x18 / DWORD FontFamily; / 0x1c / DWORD FontWeight; / 0x20 / WCHAR...

Leafpub 1.1.9 - Stored Cross-Site Scripting (XSS)

Leafpub 1.1.9 - Stored Cross-Site Scripting XSS Date: 2024-04-24 Exploit Author: Ahmet Ümit BAYRAM Vendor Homepage: https://github.com/Leafpub Software Link: https://github.com/Leafpub/leafpub Version: 1.1.9 Tested on: MacOS Steps to Reproduce - Please login from this address:...

Employee Task Management System v1.0 - SQL Injection on (task-details.php?task_id=?)

Exploit Title: Employee Task Management System v1.0 - SQL Injection on task-details.php?taskid=? Exploit Author: Muhammad Navaid Zafar Ansari Date: 17 February 2023 CVE Assigned: CVE-2023-0904 mitre.org, nvd.nist.org Vendor Homepage: https://www.sourcecodester.com Software Link: Employee Task...

Microweber CMS 1.2.15 - Account Takeover

Exploit Title: Microweber CMS 1.2.15 - Account Takeover Date: 2022-05-09 Exploit Author: Manojkumar J Vendor Homepage: https://github.com/microweber/microweber Software Link: https://github.com/microweber/microweber/releases/tag/v1.2.15 Version: =1.2.15 Tested on: Windows10 CVE : CVE-2022-1631...

WordPress Plugin Mortgage Calculators WP 1.52 - Stored Cross-Site Scripting (XSS) (Authenticated)

Exploit Title: WordPress Plugin Mortgage Calculators WP 1.52 - Stored Cross-Site Scripting XSS Authenticated Date: 25-10-2021 Exploit Author: Ceylan Bozogullarindan Vendor Homepage: https://lenderd.com/ Software Link: https://mortgagecalculatorsplugin.com/ Version: 1.52 Tested on: Linux CVE :...

WordPress Plugin AAWP 3.16 - 'tab' Reflected Cross Site Scripting (XSS) (Authenticated)

Exploit Title: WordPress Plugin AAWP 3.16 - 'tab' Reflected Cross Site Scripting XSS Authenticated Date: 04/01/2022 Exploit Author: Andrea Bocchetti Vendor Homepage: https://getaawp.com/ Software Link: https://getaawp.com/ Version: 3.16 Tested on: Windows 10 - Chrome, WordPress 5.8.2 Proof of...

Police Crime Record Management System 1.0 - 'Multiple' Stored Cross-Site Scripting (XSS)

Exploit Title: Police Crime Record Management System 1.0 - 'Multiple' Stored Cross-Site Scripting XSS Date: 12/08/2021 Exploit Author: Ömer Hasan Durmuş Software Link: https://www.sourcecodester.com/php/14894/police-crime-record-management-system.html Version: v1.0 Category: Webapps Tested on:...

Equipment Inventory System 1.0 - 'multiple' Stored XSS

Exploit Title: Equipment Inventory System 1.0 - 'multiple' Stored XSS Exploit Author: Jitendra Kumar Tripathi Vendor Homepage: https://www.sourcecodester.com/php/11327/equipment-inventory.html Software Link:...

Selea Targa IP OCR-ANPR Camera - 'files_list' Remote Stored XSS

Exploit Title: Selea Targa IP OCR-ANPR Camera - 'fileslist' Remote Stored XSS Date: 07.11.2020 Exploit Author: LiquidWorm Vendor Homepage: https://www.selea.com Selea Targa IP OCR-ANPR Camera Remote Stored XSS Vendor: Selea s.r.l. Product web page: https://www.selea.com Affected version: Model:...

Grav CMS 1.6.30 Admin Plugin 1.9.18 - 'Page Title' Persistent Cross-Site Scripting

Exploit Title: Grav CMS 1.6.30 Admin Plugin 1.9.18 - 'Page Title' Persistent Cross-Site Scripting Date: 13-12-2020 Exploit Author: Sagar Banwa Vendor Homepage: https://getgrav.org/ Software Link: https://getgrav.org/downloads Version: Grav v1.6.30 - Admin v1.9.18 Tested on: Windows 10/Kali Linux...

Nagios XI 5.6.12 - 'export-rrd.php' Remote Code Execution

Exploit Title: Nagios XI 5.6.12 - 'export-rrd.php' Remote Code Execution Date: 2020-04-11 Exploit Author: Basim Alabdullah Vendor homepage: https://www.nagios.com Version: 5.6.12 Software link: https://www.nagios.com/downloads/nagios-xi/ Tested on: CentOS REDHAT 7.7.1908 core Authenticated Remote...

Bolt CMS 3.7.0 - Authenticated Remote Code Execution

Exploit Title: Bolt CMS 3.7.0 - Authenticated Remote Code Execution Date: 2020-04-05 Exploit Author: r3m0t3nu11 Vendor Homepage: https://bolt.cm/ Software Link: https://bolt.cm/ Version: up to date and 6.x Tested on: Linux CVE : not-yet-0day !/usr/bin/python import requests import sys import...

Solstice Pod 6.2 - API Session Key Extraction via API Endpoint

Exploit Title: Solstice Pod API Session Key Extraction via API Endpoint Google Dork: N/A Date: 1/17/2025 Exploit Author: The Baldwin School Ethical Hackers Vendor Homepage: https://www.mersive.com/ Software Link: https://documentation.mersive.com/en/solstice/about-solstice.html Versions: 5.5, 6.2...

VeeVPN 1.6.1 - Unquoted Service Path

Exploit Title: VeeVPN 1.6.1 - 'VeePNService' Unquoted Service Path Date: 2024-12-27 Exploit Author: Doğukan Orhan Vendor Homepage: https://veepn.com/ Version: 1.6.1 Tested on: Windows 10 Pro x64 Step to discover Unquoted Service Path: C:\Users\PCwmic service where 'name like "%VeePNService%"' get...

Wordpress Plugin 404 to 301 2.0.2 - SQL-Injection (Authenticated)

Exploit Title: Wordpress Plugin 404 to 301 2.0.2 - SQL-Injection Authenticated Date 30.01.2022 Exploit Author: Ron Jost Hacker5preme Vendor Homepage: https://de.wordpress.org/plugins/404-to-301/ Software Link: https://downloads.wordpress.org/plugin/404-to-301.2.0.2.zip Version: = 2.0.2 Tested on:...

PlaceOS 1.2109.1 - Open Redirection

Exploit Title: PlaceOS 1.2109.1 - Open Redirection Date: 29-09-2021 Exploit Author: Hamza Khedr @ Accenture Austalia AARO Team Vendor Homepage: https://place.technology/ Software Link: https://github.com/PlaceOS Version: 1.29.10 Tested on: Ubuntu 20.04 CVE: CVE-2021-41826 PoC:...

RemoteClinic 2.0 - 'Multiple' Stored Cross-Site Scripting (XSS)

Exploit Title: RemoteClinic 2.0 - 'Multiple' Stored Cross-Site Scripting XSS Date: 13/04/2021 Exploit Author: Saud Ahmad Vendor Homepage: https://remoteclinic.io/ Software Link: https://github.com/remoteclinic/RemoteClinic Version: 2.0 Tested on: Windows 10 CVE : CVE-2021-30030, CVE-2021-30034,...

KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 - Config Download (Unauthenticated)

Exploit Title: KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 - Config Download Unauthenticated Date: 03.02.2021 Exploit Author: LiquidWorm Vendor Homepage: http://www.kzbtech.com http://www.jatontec.com https://www.neotel.mk Vendor: KZ Broadband Technologies, Ltd. | Jaton Technology, Ltd. Produ...

SEO Panel 4.8.0 - 'order_col' Blind SQL Injection (1)

Exploit Title: SEO Panel 4.8.0 - 'ordercol' Blind SQL Injection 1 Date: 17/02/2021 Exploit Author: Piyush Patil Vendor Homepage: https://www.seopanel.org/ Software Link: https://github.com/seopanel/Seo-Panel/releases/tag/4.8.0 Version: 4.8.0 Reference -...

Newgen Correspondence Management System (corms) eGov 12.0 - IDOR

Exploit Title: Newgen Correspondence Management System corms eGov 12.0 - IDOR Date: 29 Dec 2020 Exploit Author: ALI AL SINAN Vendor Homepage: https://newgensoft.com Software Link: https://newgensoft.com/solutions/industries/government/e-gov-office/ Version: eGov 12.0 Tested on: JBoss EAP 7 CVE :...

HiSilicon Video Encoders - Full admin access via backdoor password

!/usr/bin/env bash Exploit Title: HiSilicon video encoders - full admin access via backdoor password Date: 2020-09-20 Exploit Author: Alexei Kojenov Vendor Homepage: multiple vendors Software Link: N/A Version: vendor-specific Tested on: Linux CVE: CVE-2020-24215 Vendors: URayTech, J-Tech Digital...

Joomla! Component vBizz 1.0.7 - Remote Code Execution

Exploit Title: Joomla! Component vBizz 1.0.7 - Remote Code Execution Dork: N/A Date: 2019-01-23 Exploit Author: Ihsan Sencan Vendor Homepage: http://wdmtech.com/ Software Link: https://extensions.joomla.org/extensions/extension/marketing/crm/vbizz/ Version: 1.0.7 Category: Webapps Tested on:...

Microsoft Windows 7 - 'WebDAV' Local Privilege Escalation (MS16-016) (2)

Exploit Title: WebDAV Elevation of Privilege Vulnerability MS16-2 Date: 8/5/2016 Exploit Author: hex0r Version:WebDAV on Windows 7 84x CVE : CVE-2016-0051 Intro: Credits go to koczkatama for coding a PoC, however if you run this exploit from shell connection, not a remote desktop, the result will...

Freefloat FTP Server 1.0 - Remote Buffer Overflow

Exploit Title: Freefloat FTP Server 1.0 - Remote Buffer Overflow Date: 22 may 2025 Notification vendor: No reported Discovery by: Fernando Mengali LinkedIn: https://www.linkedin.com/in/fernando-mengali-273504142/ Version: 1.0 Tested on: Windows XP SP3 English - Version 5.1 Build...

TP-Link VN020 F3v(T) TT_V6.2.1021 - Denial Of Service (DOS)

Exploit Title: TP-Link VN020 F3vT TTV6.2.1021 - Denial Of Service DOS Date: 10/22/2024 Exploit Author: Mohamed Maatallah Vendor Homepage: https://www.tp-link.com Version: TTV6.2.1021 VN020-F3vT Tested on: VN020-F3vT Router Hardware Version 1.0 CVE: CVE-2024-12342 Description: Two critical...

Kubio AI Page Builder 2.5.1 - Local File Inclusion (LFI)

Exploit Title: Kubio AI Page Builder = 2.5.1 - Local File Inclusion LFI Date: 2025-04-04 Exploit Author: Sheikh Mohammad Hasan https://github.com/4m3rr0r Vendor Homepage: https://wordpress.org/plugins/kubio/ Software Link: https://downloads.wordpress.org/plugin/kubio.2.5.1.zip Reference:...

FluxBB 1.5.11 - Stored Cross-Site Scripting (XSS)

Exploit Title: FluxBB 1.5.11 Stored xss Date: 3/8/2025 Exploit Author: Chokri Hammedi Vendor Homepage: www.fluxbb.org Software Link: https://www.softaculous.com/apps/forums/FluxBB Version: FluxBB 1.5.11 Tested on: Windows XP 1. login to admin panel 2. go to /adminforums.php 3. click on "add forum...

BWL Advanced FAQ Manager 2.0.3 - Authenticated SQL Injection

Exploit Title: BWL Advanced FAQ Manager 2.0.3 - Authenticated SQL Injection Date: 14 Apr 2024 Exploit Author: Ivan Spiridonov xbz0n Software Link: https://codecanyon.net/item/bwl-advanced-faq-manager/5007135 Version: 2.0.3 Tested on: Ubuntu 20.04 CVE: CVE-2024-32136 SQL Injection SQL injection is...

TitanFTP 2.0.1.2102 - Path traversal to Remote Code Execution (RCE)

Exploit Title: TitanFTP 2.0.1.2102 - Path traversal to Remote Code Execution RCE Date: 02.14.2023 Exploit Author: Andreas Finstad Vendor Homepage: https://titanftp.com/ Version: 2.0.1.2102 Tested on: Windows 2022 Server CVE : CVE-2023-22629 Exploit and description here: https://f20.be/blog/titanf...

Best pos Management System v1.0 - Remote Code Execution (RCE) on File Upload

Exploit Title: Best pos Management System v1.0 - Remote Code Execution RCE on File Upload Google Dork: NA Date: 17/2/2023 Exploit Author: Ahmed Ismail @MrOz1l Vendor Homepage: https://www.sourcecodester.com/php/16127/best-pos-management-system-php.html Software Link:...

WebHMI 4.1 - Stored Cross Site Scripting (XSS) (Authenticated)

Exploit Title: WebHMI 4.1 - Stored Cross Site Scripting XSS Authenticated Date: 04/01/2022 Exploit Author: Antonio Cuomo arkantolo Vendor Homepage: https://webhmi.com.ua/en/ Version: WebHMI Firmware 4.1.1.7662 Tested on: WebHMI Firmware 4.1.1.7662 Steps to Reproduce 1. Login to admin account 2. A...

Online Enrollment Management System 1.0 - Authentication Bypass

Exploit Title: Online Enrollment Management System 1.0 - Authentication Bypass Date: 07.10.2021 Exploit Author: Amine ismail @aminei Vendor Homepage: https://www.sourcecodester.com/php/12914/online-enrollment-management-system-paypal-payments-phpmysqli.html Software Link:...

AgataSoft PingMaster Pro 2.1 - Denial of Service (PoC)

Exploit Title: AgataSoft PingMaster Pro 2.1 - Denial of Service PoC Date: 2021-02-15 Exploit Author: Ismael Nava Vendor Homepage: http://agatasoft.com/ Software Link: http://agatasoft.com/PingMasterPro.exe Version: 2.1 Tested on: Windows 10 Home x64 STEPS Open the program AgataSoft PingMaster Pro...

OpenCart 3.0.36 - ATO via Cross Site Request Forgery

Exploit Title: OpenCart 3.0.36 - ATO via Cross Site Request Forgery Date: 01-09-2021 Exploit Author: Mahendra Purbia Mah3Sec Vendor Homepage: https://www.opencart.com Software Link: https://www.opencart.com/index.php?route=cms/download Version: OpenCart CMS - 3.0.3.6 Tested on: Kali Linux...

Yachtcontrol Webapplication 1.0 - Unauthenticated Remote Code Execution

Exploit Title: Yachtcontrol Webapplication 1.0 - Unauthenticated Remote Code Execution Google Dork: N/A Date: 2019-12-06 Exploit Author: Hodorsec Vendor Homepage: http://www.yachtcontrol.nl/en/ Version: 1.0 Software Link: http://download.yachtcontrol.nl/klant/Software/ &...