47904 matches found
Realtek SDK - Miniigd UPnP SOAP Command Execution (Metasploit)
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'Realtek SDK Miniigd UPnP SOAP Command Execution', 'Description' = %q Different devices using the Realtek SDK with the miniigd daemon...
Oracle Database Server 9i/10g - 'XML' Local Buffer Overflow
/ Argeniss - Information Security http://www.argeniss.com infoatdotatdotc:\Unbreakable.txt' FROM DUAL; / Argeniss - Information Security http://www.argeniss.com infoatdotatdotcom Oracle version: 10g Release 1 Platform: Linux Shellcode opens a shell on port 4444 from www.metasploit.com. / DECLARE ...
Microsoft Windows - CSRSS Privilege Escalation (MS05-018)
include include include pragma comment lib,"Advapi32.lib" typedef struct CONSOLESTATEINFO / 0x00 / DWORD cbSize; / 0x04 / COORD ScreenBufferSize; / 0x08 / COORD WindowSize; / 0x0c / POINT WindowPosition; / 0x14 / COORD FontSize; / 0x18 / DWORD FontFamily; / 0x1c / DWORD FontWeight; / 0x20 / WCHAR...
Tigo Energy Cloud Connect Advanced (CCA) 4.0.1 - Command Injection
/ Title : Tigo Energy Cloud Connect Advanced CCA 4.0.1 - Command Injection Author : Byte Reaper CVE : CVE-2025-7769 / include include include include "argparse.h" include include include define FULLURL 2500 define POSTPAYLOAD 5500 const char baseurl = NULL; const char cookies = NULL; const char i...
AquilaCMS 1.409.20 - Remote Command Execution (RCE)
Exploit Title: AquilaCMS 1.409.20 - Remote Command Execution RCE Date: 2024-10-25 Exploit Author: Eui Chul Chung Vendor Homepage: https://www.aquila-cms.com/ Software Link: https://github.com/AquilaCMS/AquilaCMS Version: v1.409.20 CVE: CVE-2024-48572, CVE-2024-48573 import io import json import...
Leafpub 1.1.9 - Stored Cross-Site Scripting (XSS)
Leafpub 1.1.9 - Stored Cross-Site Scripting XSS Date: 2024-04-24 Exploit Author: Ahmet Ümit BAYRAM Vendor Homepage: https://github.com/Leafpub Software Link: https://github.com/Leafpub/leafpub Version: 1.1.9 Tested on: MacOS Steps to Reproduce - Please login from this address:...
Microweber CMS 1.2.15 - Account Takeover
Exploit Title: Microweber CMS 1.2.15 - Account Takeover Date: 2022-05-09 Exploit Author: Manojkumar J Vendor Homepage: https://github.com/microweber/microweber Software Link: https://github.com/microweber/microweber/releases/tag/v1.2.15 Version: =1.2.15 Tested on: Windows10 CVE : CVE-2022-1631...
WordPress Plugin Curtain 1.0.2 - Cross-site Request Forgery (CSRF)
Exploit Title: WordPress Plugin Curtain 1.0.2 - Cross-site Request Forgery CSRF Date: 24-03-2022 Exploit Author: Hassan Khan Yusufzai - Splint3r7 Vendor Homepage: https://wordpress.org/plugins/curtain/ Version: 1.0.2 Tested on: Firefox Summary: Cross site forgery vulnerability has been identified...
Thinfinity VirtualUI 2.5.26.2 - Information Disclosure
Exploit Title: Thinfinity VirtualUI 2.5.26.2 - Information Disclosure Date: 18/01/2022 Exploit Author: Daniel Morales Vendor: https://www.cybelesoft.com Software Link: https://www.cybelesoft.com/thinfinity/virtualui/ Version vulnerable: Thinfinity VirtualUI ?...
Pharmacy Point of Sale System 1.0 - 'Multiple' SQL Injection (SQLi)
Exploit Title: Pharmacy Point of Sale System 1.0 - 'Multiple' SQL Injection SQLi Date: 28.09.2021 Exploit Author: Murat Vendor Homepage: https://www.sourcecodester.com/php/14957/pharmacy-point-sale-system-using-php-and-sqlite-free-source-code.html Software Link:...
Police Crime Record Management System 1.0 - 'Multiple' Stored Cross-Site Scripting (XSS)
Exploit Title: Police Crime Record Management System 1.0 - 'Multiple' Stored Cross-Site Scripting XSS Date: 12/08/2021 Exploit Author: Ömer Hasan Durmuş Software Link: https://www.sourcecodester.com/php/14894/police-crime-record-management-system.html Version: v1.0 Category: Webapps Tested on:...
Equipment Inventory System 1.0 - 'multiple' Stored XSS
Exploit Title: Equipment Inventory System 1.0 - 'multiple' Stored XSS Exploit Author: Jitendra Kumar Tripathi Vendor Homepage: https://www.sourcecodester.com/php/11327/equipment-inventory.html Software Link:...
AgataSoft PingMaster Pro 2.1 - Denial of Service (PoC)
Exploit Title: AgataSoft PingMaster Pro 2.1 - Denial of Service PoC Date: 2021-02-15 Exploit Author: Ismael Nava Vendor Homepage: http://agatasoft.com/ Software Link: http://agatasoft.com/PingMasterPro.exe Version: 2.1 Tested on: Windows 10 Home x64 STEPS Open the program AgataSoft PingMaster Pro...
Grav CMS 1.6.30 Admin Plugin 1.9.18 - 'Page Title' Persistent Cross-Site Scripting
Exploit Title: Grav CMS 1.6.30 Admin Plugin 1.9.18 - 'Page Title' Persistent Cross-Site Scripting Date: 13-12-2020 Exploit Author: Sagar Banwa Vendor Homepage: https://getgrav.org/ Software Link: https://getgrav.org/downloads Version: Grav v1.6.30 - Admin v1.9.18 Tested on: Windows 10/Kali Linux...
Alcatel-Lucent Omnivista 8770 - Remote Code Execution
Exploit Title: Alcatel-Lucent Omnivista 8770 - Remote Code Execution Google Dork: inurl:php-bin/webclient.php Date: 2019-12-01 Author: 0x1911 Vendor Homepage: https://www.al-enterprise.com/ Software Link:...
RedStar 3.0 Server - 'Shellshock' 'BEAM' / 'RSSMON' Command Injection
!/usr/bin/env python RedStar OS 3.0 Server BEAM & RSSMON shellshock exploit ======================================================== BEAM & RSSMON are Webmin based configuration utilities that ship with RSS server 3.0. These packages are the recommended GUI configuration components and listen on ...
Boa 0.93.15 - Administrator Password Overwrite Authentication Bypass
source: https://www.securityfocus.com/bid/25676/info Boa is prone to an authentication-bypass vulnerability because the application fails to ensure that passwords are not overwritten by specially crafted HTTP Requests. An attacker can exploit this issue to gain unauthorized access to the affected...
BSDi 3.0/4.0 - 'rcvtty[mh]' Local Privilege Escalation
/ BSDi3.0/4.0rcvttymh local exploit, by [email protected]. this exploit is for the rcvtty of the mh package, which is setgid=4tty on BSDi. this exploit gives you egid/group=4tty access. example: ------------------------------------------------- bash-2.02$ id uid=101v9 gid=100user groups=100user...
Ghost CMS 5.59.1 - Arbitrary File Read
!/usr/bin/env python3 -- coding: utf-8 -- """ Exploit Title: Ghost CMS 5.59.1 - Arbitrary File Read Date: 2023-09-20 Exploit Author: ibrahimsql https://github.com/ibrahmsql Vendor Homepage: https://ghost.org Software Link: https://github.com/TryGhost/Ghost Version: =2.28.1, zipfile, tempfile Usag...
Apache Tomcat 10.1.39 - Denial of Service (DoS)
Exploit Title: Apache Tomcat 10.1.39 - Denial of Service DOS Author: Abdualhadi khalifa CVE: CVE-2025-31650 import httpx import asyncio import random import urllib.parse import sys import socket from colorama import init, Fore, Style init class TomcatKiller: def initself: self.successcount = 0...
MinIO < 2024-01-31T20-20-33Z - Privilege Escalation
Exploit Title: MinIO 2024-01-31T20-20-33Z - Privilege Escalation Date: 2024-04-11 Exploit Author: Jenson Zhao Vendor Homepage: https://min.io/ Software Link: https://github.com/minio/minio/ Version: Up to excluding RELEASE.2024-01-31T20-20-33Z Tested on: Windows 10 CVE : CVE-2024-24747 Required...
Bank Locker Management System - SQL Injection
Exploit Title: Bank Locker Management System - SQL Injection Application: Bank Locker Management System Date: 12.09.2023 Bugs: SQL Injection Exploit Author: SoSPiro Vendor Homepage: https://phpgurukul.com/ Software Link: https://phpgurukul.com/bank-locker-management-system-using-php-and-mysql/...
CSZ CMS 1.2.9 - 'Multiple' Blind SQLi(Authenticated)
Exploit Title: CSZ CMS 1.2.9 - 'Multiple' Blind SQLiAuthenticated Date: 2021-04-14 Exploit Author: Rahad Chowdhury Vendor Homepage: https://www.cszcms.com/ Software Link: https://sourceforge.net/projects/cszcms/files/install/CSZCMS-V1.2.9.zip Version: 1.2.9 Tested on: Windows 10, Kali Linux, PHP...
Home Owners Collection Management System 1.0 - Account Takeover (Unauthenticated)
Exploit Title: Home Owners Collection Management System 1.0 - Account Takeover Unauthenticated Date: 9/02/2022 Exploit Author: Saud Alenazi Vendor Homepage: https://www.sourcecodester.com/ Software Link:...
Wordpress Plugin 404 to 301 2.0.2 - SQL-Injection (Authenticated)
Exploit Title: Wordpress Plugin 404 to 301 2.0.2 - SQL-Injection Authenticated Date 30.01.2022 Exploit Author: Ron Jost Hacker5preme Vendor Homepage: https://de.wordpress.org/plugins/404-to-301/ Software Link: https://downloads.wordpress.org/plugin/404-to-301.2.0.2.zip Version: = 2.0.2 Tested on:...
Apache James Server 2.3.2 - Remote Command Execution (RCE) (Authenticated) (2)
Exploit Title: Apache James Server 2.3.2 - Remote Command Execution RCE Authenticated 2 Date: 27/09/2021 Exploit Author: shinris3n Vendor Homepage: http://james.apache.org/server/ Software Link: http://ftp.ps.pl/pub/apache/james/server/apache-james-2.3.2.zip Version: Apache James Server 2.3.2...
Men Salon Management System 1.0 - Multiple Vulnerabilities
Exploit Title: Men Salon Management System 1.0 - Multiple Vulnerabilities Date: 2021-09-09 Exploit Author: Aryan Chehreghani Vendor Homepage: https://phpgurukul.com Software Link: https://phpgurukul.com/men-salon-management-system-using-php-and-mysql Version: 1.0 Tested on: Windows 10 - XAMPP...
ECOA Building Automation System - Weak Default Credentials
Exploit Title: ECOA Building Automation System - Weak Default Credentials Date: 25.06.2021 Exploit Author: Neurogenesia Vendor Homepage: http://www.ecoa.com.tw ECOA Building Automation System Weak Default Credentials Vendor: ECOA Technologies Corp. Product web page: http://www.ecoa.com.tw Affecte...
Teachers Record Management System 1.0 - 'email' Stored Cross-site Scripting (XSS)
Exploit Title: Teachers Record Management System 1.0 – 'email' Stored Cross-site Scripting XSS Date: 05-10-2021 Exploit Author: nhattruong Vendor Homepage: https://phpgurukul.com Software Link: https://phpgurukul.com/teachers-record-management-system-using-php-and-mysql/ Version: 1.0 Tested on:...
RemoteClinic 2.0 - 'Multiple' Stored Cross-Site Scripting (XSS)
Exploit Title: RemoteClinic 2.0 - 'Multiple' Stored Cross-Site Scripting XSS Date: 13/04/2021 Exploit Author: Saud Ahmad Vendor Homepage: https://remoteclinic.io/ Software Link: https://github.com/remoteclinic/RemoteClinic Version: 2.0 Tested on: Windows 10 CVE : CVE-2021-30030, CVE-2021-30034,...
Tileserver-gl 3.0.0 - 'key' Reflected Cross-Site Scripting (XSS)
Exploit Title: Tileserver-gl 3.0.0 - 'key' Reflected Cross-Site Scripting XSS Date: 15/04/2021 Exploit Author: Akash Chathoth Vendor Homepage: http://tileserver.org/ Software Link: https://github.com/maptiler/tileserver-gl Version: versions alertdocument.domain...
Selea Targa IP OCR-ANPR Camera - 'files_list' Remote Stored XSS
Exploit Title: Selea Targa IP OCR-ANPR Camera - 'fileslist' Remote Stored XSS Date: 07.11.2020 Exploit Author: LiquidWorm Vendor Homepage: https://www.selea.com Selea Targa IP OCR-ANPR Camera Remote Stored XSS Vendor: Selea s.r.l. Product web page: https://www.selea.com Affected version: Model:...
Online Hotel Reservation System 1.0 - 'id' Time-based SQL Injection
Exploit Title: Online Hotel Reservation System 1.0 - 'id' Time-based SQL Injection Exploit Author: Mesut Cetin Date: 2021-01-14 Vendor Homepage: https://www.sourcecodester.com/php/13492/online-hotel-reservation-system-phpmysqli.html Software Link:...
Newgen Correspondence Management System (corms) eGov 12.0 - IDOR
Exploit Title: Newgen Correspondence Management System corms eGov 12.0 - IDOR Date: 29 Dec 2020 Exploit Author: ALI AL SINAN Vendor Homepage: https://newgensoft.com Software Link: https://newgensoft.com/solutions/industries/government/e-gov-office/ Version: eGov 12.0 Tested on: JBoss EAP 7 CVE :...
Bolt CMS 3.7.0 - Authenticated Remote Code Execution
Exploit Title: Bolt CMS 3.7.0 - Authenticated Remote Code Execution Date: 2020-04-05 Exploit Author: r3m0t3nu11 Vendor Homepage: https://bolt.cm/ Software Link: https://bolt.cm/ Version: up to date and 6.x Tested on: Linux CVE : not-yet-0day !/usr/bin/python import requests import sys import...
Citrix NetScaler ADC/Gateway 14.1 - Memory Disclosure
Exploit Title: Citrix NetScaler ADC/Gateway 14.1 - Memory Disclosure Exploit Author: Yesith Alvarez Vendor Homepage: hhttps://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX693420 CVE: CVE-2025-5777 Link: https://github.com/yealvarez/CVE/blob/main/CVE-2025-5777/exploit.py impor...
LiveHelperChat 4.61 - Stored Cross Site Scripting (XSS) via Facebook Integration Page Name Field
Exploit Title: LiveHelperChat 4.61 - Stored Cross Site Scripting XSS via Facebook Integration Page Name Field Date: 09/06/2025 Exploit Author: Manojkumar J TheWhiteEvil Linkedin: https://www.linkedin.com/in/manojkumar-j-7ba35b202/ Vendor Homepage: https://github.com/LiveHelperChat/livehelperchat/...
TitanFTP 2.0.1.2102 - Path traversal to Remote Code Execution (RCE)
Exploit Title: TitanFTP 2.0.1.2102 - Path traversal to Remote Code Execution RCE Date: 02.14.2023 Exploit Author: Andreas Finstad Vendor Homepage: https://titanftp.com/ Version: 2.0.1.2102 Tested on: Windows 2022 Server CVE : CVE-2023-22629 Exploit and description here: https://f20.be/blog/titanf...
WebHMI 4.1 - Stored Cross Site Scripting (XSS) (Authenticated)
Exploit Title: WebHMI 4.1 - Stored Cross Site Scripting XSS Authenticated Date: 04/01/2022 Exploit Author: Antonio Cuomo arkantolo Vendor Homepage: https://webhmi.com.ua/en/ Version: WebHMI Firmware 4.1.1.7662 Tested on: WebHMI Firmware 4.1.1.7662 Steps to Reproduce 1. Login to admin account 2. A...
WordPress Plugin AAWP 3.16 - 'tab' Reflected Cross Site Scripting (XSS) (Authenticated)
Exploit Title: WordPress Plugin AAWP 3.16 - 'tab' Reflected Cross Site Scripting XSS Authenticated Date: 04/01/2022 Exploit Author: Andrea Bocchetti Vendor Homepage: https://getaawp.com/ Software Link: https://getaawp.com/ Version: 3.16 Tested on: Windows 10 - Chrome, WordPress 5.8.2 Proof of...
COMMAX WebViewer ActiveX Control 2.1.4.5 - 'Commax_WebViewer.ocx' Buffer Overflow
Exploit Title: COMMAX WebViewer ActiveX Control 2.1.4.5 - 'CommaxWebViewer.ocx' Buffer Overflow Date: 02.08.2021 Exploit Author: LiquidWorm Vendor Homepage: https://www.commax.com COMMAX WebViewer ActiveX Control 2.1.4.5 CommaxWebViewer.ocx Buffer Overflow Vendor: COMMAX Co., Ltd. Prodcut web pag...
WordPress Plugin WPGraphQL 1.3.5 - Denial of Service
Exploit Title: WordPress Plugin WPGraphQL 1.3.5 - Denial of Service Author: Dolev Farhi Date: 2021-04-12 Vendor Homepage: https://www.wpgraphql.com/ Version: 1.3.5 Tested on: Ubuntu """ This attack uses duplication of fields amplified by GraphQL batched queries, resulting in server OOM and MySQL...
KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 - Config Download (Unauthenticated)
Exploit Title: KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 - Config Download Unauthenticated Date: 03.02.2021 Exploit Author: LiquidWorm Vendor Homepage: http://www.kzbtech.com http://www.jatontec.com https://www.neotel.mk Vendor: KZ Broadband Technologies, Ltd. | Jaton Technology, Ltd. Produ...
LiveZilla Server 8.0.1.0 - 'Accept-Language' Reflected XSS
Exploit Title: LiveZilla Server 8.0.1.0 - 'Accept-Language' Reflected XSS Google Dork: inurl: inurl:/mobile/index.php intitle:LiveZilla Date: 18 Mars 2021 Exploit Author: Clément Cruchet Vendor Homepage: https://www.livezilla.net Software Link: https://www.livezilla.net/downloads/en/ Version:...
b2evolution 6.11.6 - 'plugin name' Stored XSS
Exploit Title: b2evolution 6.11.6 - 'plugin name' Stored XSS Date: 09/02/2021 Exploit Author: Soham Bakore, Nakul Ratti Vendor Homepage: https://b2evolution.net/ Software Link: https://b2evolution.net/downloads/6-11-6-stable?download=12405 Version: 6.11.6 Tested on: latest version of Chrome,...
Spotweb 1.4.9 - 'search' SQL Injection
Exploit Title: Spotweb 1.4.9 - 'search' SQL Injection Google Dork: N/A Date: 20 December 2020 Exploit Author: BouSalman Vendor Homepage: https://github.com/spotweb/spotweb Software Link: N/A Version: 1.4.9 Tested on: Ubuntu 18.04 CVE: CVE-2020-35545 GET...
SmartBlog 2.0.1 - 'id_post' Blind SQL injection
Exploit Title: SmartBlog 2.0.1 - 'idpost' Blind SQL injection Date: 2020-11-05 Exploit Author: C0wnuts Vendor Homepage: https://github.com/smartdatasoft/smartblog Version: 2.0.1 Tested on: Linux Description : A blind SQL injection is present in the "idpost" parameter of the "details" controller. ...
Nagios XI 5.6.12 - 'export-rrd.php' Remote Code Execution
Exploit Title: Nagios XI 5.6.12 - 'export-rrd.php' Remote Code Execution Date: 2020-04-11 Exploit Author: Basim Alabdullah Vendor homepage: https://www.nagios.com Version: 5.6.12 Software link: https://www.nagios.com/downloads/nagios-xi/ Tested on: CentOS REDHAT 7.7.1908 core Authenticated Remote...
YouPHPTube 7.2 - 'userCreate.json.php' SQL Injection
Exploit Title: YouPHPTube 7.3 SQL Injection Google Dork: / Date: 19.08.2019 Exploit Author: Fabian Mosch, r-tec IT Security GmbH Vendor Homepage: https://www.youphptube.com/ Software Link: https://github.com/YouPHPTube/YouPHPTube Version: 7.3 Tested on: Linux/Windows CVE : CVE-2019-14430 The...
TP-Link WR940N - (Authenticated) Remote Code
import urllib2 import base64 import hashlib from optparse import import sys import urllibbanner = "\n" "WR940N Authenticated Remote Code Exploit\n" "This exploit will open a bind shell on the remote target\n" "The port is 31337, you can change that in the code if you wish\n" "This exploit require...