47904 matches found
YourFreeWorld Short Url & Url Tracker - SQL Injection
Short Url & Url Tracker id Remote SQL Injection Vulnerability Author: Hussin X Home : www.IQ-TY.com & www.TrYaG.cc script : http://www.yourfreeworld.com/script/shorturl.php DorK : inurl:"tr.php?id=" Short Url & Url Tracker Exploit :...
HTTP/2 2.0 - Denial Of Service (DOS)
!/usr/bin/env python3 """ Exploit Title: HTTP/2 2.0 - Denial Of Service DOS Google Dork: -NA- Date: 29th August 2025 Exploit Author: Madhusudhan Rajappa Vendor Homepage: -NA- Software Link: -NA- Version: HTTP/2.0 Tested on: -NA- CVE : CVE-2023-44487 """ import asyncio import ssl import time impor...
Discourse 3.1.1 - Unauthenticated Chat Message Access
!/usr/bin/env ruby Title : Discourse 3.1.1 - Unauthenticated Chat Message Access CVE-2023-45131 CVSS: 7.5 High Affected: Discourse 3.1.1 stable, 3.2.0.beta2 Author ibrahimsql @ https://twitter.com/ibrahmsql Date: 2023-12-14 require 'net/http' require 'uri' require 'json' require 'openssl' require...
RosarioSIS 7.6 - SQL Injection
Exploit Title: RosarioSIS 7.6 - SQL Injection Date: 2024-10-26 Exploit Author: CodeSecLab Vendor Homepage: https://gitlab.com/francoisjacquet/rosariosis Software Link: https://gitlab.com/francoisjacquet/rosariosis Version: 7.6 Tested on: Ubuntu Windows CVE : CVE-2021-44567 PoC: POST...
Aurba 501 - Authenticated RCE
Exploit Title: Remote Command Execution | Aurba 501 Date: 17-07-2024 Exploit Author: Hosein Vita Vendor Homepage: https://www.hpe.com Version: Aurba 501 CN12G5W0XX Tested on: Linux import requests from requests.auth import HTTPBasicAuth def getinputprompt, defaultvalue: userinput = inputprompt...
Wordpress Plugin Playlist for Youtube 1.32 - Stored Cross-Site Scripting (XSS)
Exploit Title: Wordpress Plugin Playlist for Youtube - Stored Cross-Site Scripting XSS Date: 22 March 2024 Exploit Author: Erdemstar Vendor: https://wordpress.com/ Version: 1.32 Proof Of Concept: 1. Click Add a new playlist and enter the XSS payload as below into the properties named "Name" or...
phpMyFAQ v3.1.12 - CSV Injection
Exploit Title: phpMyFAQ v3.1.12 - CSV Injection Application: phpMyFAQ Version: 3.1.12 Bugs: CSV Injection Technology: PHP Vendor URL: https://www.phpmyfaq.de/ Software Link: https://download.phpmyfaq.de/phpMyFAQ-3.1.12.zip Date of found: 21.04.2023 Author: Mirabbas Ağalarov Tested on: Windows 2...
Osprey Pump Controller 1.0.1 - Predictable Session Token / Session Hijack
Exploit Title: Osprey Pump Controller 1.0.1 - Predictable Session Token / Session Hijack Exploit Author: LiquidWorm Vendor: ProPump and Controls, Inc. Product web page: https://www.propumpservice.com | https://www.pumpstationparts.com Affected version: Software Build ID 20211018, Production...
Internet Download Manager v6.41 Build 3 - Remote Code Execution (RCE)
Exploit Title: Internet Download Manager v6.41 Build 3 - Remote Code Execution RCE Date: 15.11.2022 Exploit Author: M. Akil Gündoğan Contact: https://twitter.com/akilgundogan Vendor Homepage: https://www.internetdownloadmanager.com/ Software Link:...
Cmsimple 5.4 - Remote Code Execution (RCE) (Authenticated)
Exploit Title: Cmsimple 5.4 - Remote Code Execution RCE Authenticated Date: 29.09.2021 Exploit Author: pussycat0x Vendor Homepage: https://www.cmsimple.org/ Version: 5.4 Tested on: ubuntu-20.04.1 import argparse from bs4 import BeautifulSoup from argparse import ArgumentParser import requests...
Online Reviewer System 1.0 - Remote Code Execution (RCE) (Unauthenticated)
Exploit Title: Online Reviewer System 1.0 - Remote Code Execution RCE Unauthenticated Exploit Author: Abdullah Khawaja Date: 2021-09-21 Vendor Homepage: https://www.sourcecodester.com/php/12937/online-reviewer-system-using-phppdo.html Software Link:...
NetGear D1500 V1.0.0.21_1.0.1PE - 'Wireless Repeater' Stored Cross-Site Scripting (XSS)
Exploit Title: NetGear D1500 V1.0.0.211.0.1PE - 'Wireless Repeater' Stored Cross-Site Scripting XSS Date: 21 Dec 2018 Exploit Author: Securityium Vendor Homepage: https://www.netgear.com/ Version: V1.0.0.211.0.1PE Tested on: NetGear D1500 Home Router Contact: [email protected] Version :...
IcoFX 2.6 - '.ico' Buffer Overflow SEH + DEP Bypass using JOP
Exploit Title: IcoFX 2.6 - '.ico' Buffer Overflow SEH + DEP Bypass using JOP Date: 2020-05-20 Exploit Author: Austin Babcock Vendor Homepage: https://icofx.ro/ Software Link: https://drive.google.com/file/d/1SONzNStAW3pAPU5IUvsYS3z0jYymEZn/view?usp=sharing Version: 2.6.0.0 Tested on: Windows 7...
Navigate CMS 2.8.7 - Authenticated Directory Traversal
Exploit Title: Navigate CMS 2.8.7 - Authenticated Directory Traversal Date: 2020-06-04 Exploit Author: Gus Ralph Vendor Homepage: https://www.navigatecms.com/en/home Software Link: https://sourceforge.net/projects/navigatecms/files/releases/navigate-2.8.7r1401.zip/download Version: 2.8.7 Tested o...
Schneider Electric U.Motion Builder 1.3.4 - Authenticated Command Injection
Exploit Title: Schneider Electric U.Motion Builder 1.3.4 - Authenticated Command Injection Date: 2018-08-01 Exploit Author: Cosmin Craciun Vendor Homepage: https://www.se.com Version: = 1.3.4 Tested on: Delivered Virtual Appliance running on Windows 10 x64 CVE : CVE-2018-7777 References:...
OLK Web Store 2020 - Cross-Site Request Forgery
Exploit Title: OLK Web Store 2020 - Cross-Site Request Forgery Google Dork: intext:"TopManage ® 2002 - 2020" Date: 2020-01-13 Exploit Author: Joel Aviad Ossi Vendor Homepage: http://www.topmanage.com/ Software Link: http://www.topmanage.com/microsites/olk-web-store/ Version: 2020 Tested on: N/A C...
PHP Ecommerce Script 2.0.6 - Cross-Site Scripting / SQL Injection
Exploit Title: PHP Ecommerce Script 2.0.6 - Cross Site Scripting / SQL Injection Exploit Author: Mr Winst0n Author E-mail: [email protected] Discovery Date: February 22, 2019 Vendor Homepage: http://www.phpscriptsmall.com/ Software Link :...
Joomla! Component vWishlist 1.0.1 - SQL Injection
Exploit Title: Joomla! Component vWishlist 1.0.1 - SQL Injection Dork: N/A Date: 2019-01-23 Exploit Author: Ihsan Sencan Vendor Homepage: http://wdmtech.com/ Software Link: https://extensions.joomla.org/extensions/extension/extension-specific/virtuemart-extensions/vwishlist/ Version: 1.0.1...
Linux Kernel 2.6.17 < 2.6.24.1 - 'vmsplice' Local Privilege Escalation (2)
/ jessicabielnakedinmybed.c Dovalim z knajpy a cumim ze Wojta zas nema co robit, kura. Gizdi, tutaj mate cosyk na hrani, kym aj totok vykeca. Stejnak je to stare jak cyp a aj jakesyk rozbite. Linux vmsplice Local Root Exploit By qaaz Linux 2.6.17 - 2.6.24.1 This is quite old code and I had to...
Chained Quiz 1.3.5 - Unauthenticated Insecure Direct Object Reference via Cookie
Exploit Title: Chained Quiz 1.3.5 - Unauthenticated Insecure Direct Object Reference via Cookie Date: 19-12-2025 Exploit Author: Karuppiah Sabari Kumar0xsabre Vendor Homepage: https://wordpress.org/plugins/chained-quiz/ Software Link: https://downloads.wordpress.org/plugin/chained-quiz.1.3.3.zip...
Linux PAM Environment - Variable Injection Local Privilege Escalation
Exploit Title: Linux PAM Environment - Variable Injection Local Privilege Escalation Exploit Author: @İbrahimsql Exploit Author's github: https://github.com/ibrahmsql Description: PAM pamenv.so module allows environment variable injection via /.pamenvironment leading to privilege escalation throu...
Angular-Base64-Upload Library 0.1.20 - Remote Code Execution (RCE)
Exploit Title: Angular-Base64-Upload Library 0.1.20 - Remote Code Execution RCE Date: 10 October 2024 Discovered by : Ravindu Wickramasinghe | rvz @rvizx9 Exploit Author: Ravindu Wickramasinghe | rvz @rvizx9 Vendor Homepage: https://www.npmjs.com/package/angular-base64-upload Software Link:...
ProSSHD 1.2 - Denial of Service (DOS)
Exploit Title: ProSSHD 1.2 20090726 - Denial of Service DoS Google Dork: N/A Date: 13 january 2024 Exploit Author: Fernando Mengali Vendor Homepage: https://prosshd.com/ Software Link: N/A Version: 1.2 20090726 Tested on: Windows XP CVE: CVE-2024-0725 $sis="$^O"; if $sis eq "windows" $cmd="cls";...
FileZilla Client 3.63.1 - 'TextShaping.dl' DLL Hijacking
--------------------------------------------------------- Title: FileZilla Client 3.63.1 - 'TextShaping.dl' DLL Hijacking Date: 2023-02-14 Author: Bilal Qureshi Vendor: https://filezilla-project.org/ Version: 3.63.1 Tested on: Windows 10 Pro 64-bit 10.0, Build 19044...
Mobile Mouse 3.6.0.4 - Remote Code Execution (RCE)
Exploit Title: Mobile Mouse 3.6.0.4 - Remote Code Execution RCE Date: Aug 09, 2022 Exploit Author: Chokri Hammedi Vendor Homepage: https://mobilemouse.com/ Software Link: https://www.mobilemouse.com/downloads/setup.exe Version: 3.6.0.4 Tested on: Windows 10 Enterprise LTSC Build 17763 !/usr/bin/e...
Akka HTTP 10.1.14 - Denial of Service
Exploit Title: Akka HTTP Denial of Service via Nested Header Comments Date: 18/4/2022 Exploit Author: cxosmo Vendor Homepage: https://akka.io Software Link: https://github.com/akka/akka-http Version: Akka HTTP 10.1.x 10.1.15 & 10.2.x 10.2.7 Tested on: Akka HTTP 10.2.4, Ubuntu CVE : CVE-2021-42697...
Compro Technology IP Camera - ' index_MJpeg.cgi' Stream Disclosure
Exploit Title: Compro Technology IP Camera - ' indexMJpeg.cgi' Stream Disclosure Date: 2021-09-30 Exploit Author: icekam,xiao13,Rainbow,tfsec Software Link: http://www.comprotech.com.hk/ Version: Compro IP70 2.087130218, IP570 2.087130520, IP60, TN540 CVE : CVE-2021-40381 Has an unauthorized acce...
EgavilanMedia PHPCRUD 1.0 - 'Full Name' Stored Cross Site Scripting
Exploit Title: EgavilanMedia PHPCRUD 1.0 - 'Full Name' Stored Cross Site Scripting Exploit Author: Mahendra Purbia Vendor Homepage: http://egavilanmedia.com Software Link: https://egavilanmedia.com/crud-operation-with-php-mysql-bootstrap-and-dompdf/ Version: 1.0 Tested on: Windows 10 Vulnerable...
Customer Support System 1.0 - "First Name" & "Last Name" Stored XSS
Exploit Title: Customer Support System 1.0 - "First Name" & "Last Name" Stored XSS Exploit Author: Saeed Bala Ahmed r0b0tG4nG Date: 2020-12-11 Google Dork: N/A Vendor Homepage: https://www.sourcecodester.com/php/14587/customer-support-system-using-phpmysqli-source-code.html Software Link:...
QiHang Media Web Digital Signage 3.0.9 - Remote Code Execution (Unauthenticated)
Exploit Title: QiHang Media Web Digital Signage 3.0.9 - Remote Code Execution Unauthenticated Date: 2020-08-12 Exploit Author: LiquidWorm Vendor Homepage: http://www.howfor.com Tested on: Microsoft Windows Server 2012 R2 Datacenter CVE : N/A...
Wing FTP Server 6.2.5 - Privilege Escalation
Exploit Title: Wing FTP Server 6.2.5 - Privilege Escalation Google Dork: intitle:"Wing FTP Server - Web" Date: 2020-03-03 Exploit Author: Cary Hooper Vendor Homepage: https://www.wftpserver.com Software Link: https://www.wftpserver.com/download/wftpserver-linux-64bit.tar.gz Version: v6.2.5 and...
Dairy Farm Shop Management System 1.0 - 'username' SQL Injection
Exploit Title: Dairy Farm Shop Management System 1.0 - 'username' SQL Injection Google Dork: N/A Date: 2020-01-03 Exploit Author: Chris Inzinga Vendor Homepage: https://phpgurukul.com/ Software Link: https://phpgurukul.com/dairy-farm-shop-management-system-using-php-and-mysql/ Version: v1.0 Teste...
WordPress Plugin Sell Downloads 1.0.86 - Cross-Site Scripting
Exploit Title: WordPress Plugin Sell Downloads 1.0.86 - Cross Site Scripting Exploit Author: Mr Winst0n Author E-mail: [email protected] Discovery Date: September 09,2019 Vendor Homepage: https://wordpress.dwbooster.com/content-tools/sell-downloads Software Link :...
macOS < 10.14.3 / iOS < 12.1.3 - Arbitrary mach Port Name Deallocation in XPC Services due to Invalid mach Message Parsing in _xpc_serializer_unpack
/ xpcserializerunpack in libxpc parses mach messages which contain xpc messages. There are two reasons for an xpc mach message to contain descriptors: if the message body is large, then it's sent as a MACHMSGOOLDESCRIPTOR. Also if the message contains other port resources eg memory entry ports th...
Jax Calendar 1.34 - Remote Admin Access
Exploit Title: Jax Calendar 1.34 Remote Admin Access Exploit Date: December 30th, 2009 Author: Sora Software Link: http://www.jtr.de/scripting/php Version: 1.34 Tested on: Windows Vista and Linux Backtrack 3 ---------------------------- Jax Calendar 1.34 Remote Admin Access Exploit Author: Sora...
MamboLaiThai ExtCalThai 0.9.1 - 'admin_events.php?CONFIG_EXT[LANGUAGES_DIR]' Remote File Inclusion
source: https://www.securityfocus.com/bid/20487/info ExtCalThai is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues may allow an attacker to compromise the application and the underlying system; other attac...
Remote Keyboard Desktop 1.0.1 - Remote Code Execution (RCE)
Exploit Title: Remote Keyboard Desktop 1.0.1 - Remote Code Execution RCE Date: 05/17/2025 Exploit Author: Chokri Hammedi Vendor Homepage: https://remotecontrolio.web.app/ Software Link: https://apps.microsoft.com/detail/9n0jw8v5sc9m?hl=neutral&gl=US&ocid=pdpshare Version: 1.0.1 Tested on: Windows...
tar-fs 3.0.0 - Arbitrary File Write/Overwrite
Exploit Title: tar-fs 3.0.0 - Arbitrary File Write/Overwrite Date: 17th April, 2024 Exploit Author: Ardayfio Samuel Nii Aryee Software link: https://github.com/mafintosh/tar-fs Version: tar-fs 3.0.0 Tested on: Ubuntu CVE: CVE-2024-12905 Run the command: Example: python3 exploit.py authorizedkeys...
Serendipity 2.5.0 - Remote Code Execution (RCE)
Exploit Title: Serendipity 2.5.0 - Remote Code Execution RCE Discovered by: Ahmet Ümit BAYRAM Discovered Date: 26.04.2024 Vendor Homepage: https://docs.s9y.org/ Software Link:https://www.s9y.org/latest Tested Version: v2.5.0 latest Tested on: MacOS import requests import time import random import...
FoF Pretty Mail 1.1.2 - Server Side Template Injection (SSTI)
Exploit Title: FoF Pretty Mail 1.1.2 - Server Side Template Injection SSTI Date: 03/28/2024 Exploit Author: Chokri Hammedi Vendor Homepage: https://flarum.org/ Software Link: https://github.com/FriendsOfFlarum/pretty-mail Version: 1.1.2 Tested on: Windows XP CVE: N/A Description: The FoF Pretty...
Hikvision Hybrid SAN Ds-a71024 Firmware - Multiple Remote Code Execution
Exploit Title: Hikvision Hybrid SAN Ds-a71024 Firmware - Multiple Remote Code Execution Date: 16 July 2023 Exploit Author: Thurein Soe CVE : CVE-2022-28171 Vendor Homepage: https://www.hikvision.com Software Link: N/A Refence Link: https://cve.report/CVE-2022-28171 Version: Filmora 12: Ds-a71024...
Osprey Pump Controller 1.0.1 - (eventFileSelected) Command Injection
Exploit Title: Osprey Pump Controller 1.0.1 - eventFileSelected Command Injection Exploit Author: LiquidWorm Vendor: ProPump and Controls, Inc. Product web page: https://www.propumpservice.com | https://www.pumpstationparts.com Affected version: Software Build ID 20211018, Production 10/18/2021...
Centos Web Panel 7 v0.9.8.1147 - Unauthenticated Remote Code Execution (RCE)
Exploit Title: Centos Web Panel 7 v0.9.8.1147 - Unauthenticated Remote Code Execution RCE + Centos Web Panel 7 - 0.9.8.1147 + Affected Component ip:2031/login/index.php?login=$whoami + Discoverer: Numan Türle @ Gais Cyber Security + Author: Numan Türle + Vendor: https://centos-webpanel.com/ -...
Telesquare SDT-CW3B1 1.1.0 - OS Command Injection
!/usr/bin/python3 Exploit Title: Telesquare SDT-CW3B1 1.1.0 - OS Command Injection Date: 24th May 2022 Exploit Author: Bryan Leong Vendor Homepage: http://telesquare.co.kr/ CVE : CVE-2021-46422 Authentication Required: No import requests import argparse import sys from xml.etree import ElementTre...
Navigate CMS 2.9.4 - Server-Side Request Forgery (SSRF) (Authenticated)
!/usr/bin/env python3 Exploit Title: Navigate CMS 2.9.4 - Server-Side Request Forgery SSRF Authenticated Exploit Author: cheshireca7 Vendor Homepage: https://www.navigatecms.com/ Software Link: https://sourceforge.net/projects/navigatecms/files/releases/navigate-2.9.4r1561.zip/download Version:...
WordPress Plugin Popup Maker 1.16.5 - Stored Cross-Site Scripting (Authenticated)
Exploit Title: WordPress Plugin Popup Maker Popup Settings Triggers Add New Cookie Add Cookie Time overwrite the default '1 month' with XSS payload Click 'Add' what triggers the XSS payload Payload examples: alert'XSS';...
Gadget Works Online Ordering System 1.0 - 'Category' Persistent Cross-Site Scripting (XSS)
Exploit Title: Gadget Works Online Ordering System 1.0 - 'Category' Persistent Cross-Site Scripting XSS Date: 24-05-2021 Exploit Author: Vinay H C Vendor Homepage: https://www.sourcecodester.com/ Software Link:...
Kimai 1.14 - CSV Injection
Exploit Title: Kimai 1.14 - CSV Injection Date: 26/04/2021 Exploit Author: Mohammed Aloraimi Vendor Homepage: https://www.kimai.org/ Software Link: https://github.com/kevinpapst/kimai2 Version: 1.14 Payload: @SUM1+9cmd|' /C calc'!A0 Tested on: Win10x64 Proof Of Concept: CSV Injection aka Excel...
Montiorr 1.7.6m - Persistent Cross-Site Scripting
Exploit Title: Montiorr 1.7.6m - Persistent Cross-Site Scripting Date: 25/4/2021 Exploit Author: Ahmad Shakla Software Link: https://github.com/Monitorr/Monitorr Tested on: Kali GNU/Linux 2020.2 Detailed Bug Description :...
PNPSCADA 2.200816204020 - 'interf' SQL Injection (Authenticated)
Exploit Title: PNPSCADA 2.200816204020 - 'interf' SQL Injection Authenticated Google Dork: - Date: 2020-08-17 Exploit Author: İsmail ERKEK Vendor Homepage: http://wiki.pnpscada.com/forumHome.jsp Version: 2.200816204020 Tested on: - 1. Description: ---------------------- PNPSCADA 2.200816204020...