ABRT - sosreport Privilege Escalation (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'ABRT sosreport Privilege Escalation', 'Description' = %q This module attempts to gain root privileges on RHEL systems with a vulnerable version o...

Cisco Catalyst 3850 Series Device Manager - Cross-Site Request Forgery

Product : Catalyst 3850 Series Device Manager Version : 3.6.10E Date: 01.08.2019 Vendor Homepage: https://www.cisco.com Exploit Author: Alperen Soydan Description : The application interface allows users to perform certain actions via HTTP requests without performing any validity checks to verify...

Spring Security OAuth - Open Redirector

Exploit Title: Open Redirector in spring-security-oauth2 Date: 17 June 2019 Exploit Author: Riemann Vendor Homepage: https://spring.io/projects/spring-security-oauth Software Link: https://spring.io Version: Spring Security OAuth versions 2.3 prior to 2.3.6...

DeepSound 1.0.4 - SQL Injection

=========================================================================================== Exploit Title: DeepSound 1.0.4 - SQL Inj. Dork: N/A Date: 15-05-2019 Exploit Author: Mehmet EMIROGLU Vendor Homepage: https://codecanyon.net/item/deepsound-the-ultimate-php-music-sharing-platform/23609470...

Joomla! Component Easy Shop 1.2.3 - Local File Inclusion

Exploit Title: Joomla! Component Easy Shop 1.2.3 - Local File Inclusion Dork: N/A Date: 2019-01-22 Exploit Author: Ihsan Sencan Vendor Homepage: https://joomtech.net/ Software D.: https://www.joomtech.net/products/easyshop?task=file.download&key=7bafaa65995fb3b1383328105df1e10f Software Link:...

Intel (Skylake / Kaby Lake) - 'PortSmash' CPU SMT Side-Channel

Summary This is a proof-of-concept exploit of the PortSmash microarchitecture attack, tracked by CVE-2018-5407. Setup Prerequisites A CPU featuring SMT e.g. Hyper-Threading is the only requirement. This exploit code should work out of the box on Skylake and Kaby Lake. For other SMT architectures,...

phpMyAdmin 4.6.2 - (Authenticated) Remote Code Execution

!/usr/bin/env python """cve-2016-5734.py: PhpMyAdmin 4.3.0 - 4.6.2 authorized user RCE exploit Details: Working only at PHP 4.3.0-5.4.6 versions, because of regex break with null byte fixed in PHP 5.4.7. CVE: CVE-2016-5734 Author: https://twitter.com/iamsecurity run: ./cve-2016-5734.py -u root...

MiniShare 1.4.1 - Remote Buffer Overflow (1)

/ MiniShare ---- EXTRA ---- Update the JMP ESP if you need. A wrong offset will crash minishare. Code tested working on MiniShare 1.4.1 and WinXP SP1 English, Win2k SP4 English, WinNT SP6 English Others MiniShare's versions aren't tested. Tip: If it crashes for you , try to play with Sleep... ---...

LiveHelperChat 4.61 - Stored Cross Site Scripting (XSS) via Operator Surname

Exploit Title: LiveHelperChat 4.61 - Stored Cross Site Scripting XSS via Operator Surname Date: 09/06/2025 Exploit Author: Manojkumar J TheWhiteEvil Linkedin: https://www.linkedin.com/in/manojkumar-j-7ba35b202/ Vendor Homepage: https://github.com/LiveHelperChat/livehelperchat/ Software Link:...

Firefox ESR 115.11 - PDF.js Arbitrary JavaScript execution

Exploit Title: Firefox ESR 115.11 - Arbitrary JavaScript execution in PDF.js Date: 2025-04-16 Exploit Author: Milad Karimi Ex3ptionaL Contact: [email protected] Zone-H: www.zone-h.org/archive/notifier=Ex3ptionaL MiRROR-H: https://mirror-h.org/search/hacker/49626/ Vendor Homepage:...

Zohocorp ManageEngine ADManager Plus 7210 - Elevation of Privilege

Exploit Title: ManageEngine ADManager Plus Build 7210 Elevation of Privilege Vulnerability Exploit Author: Metin Yunus Kandemir Vendor Homepage: https://www.manageengine.com/ Software Link: https://www.manageengine.com/products/ad-manager/ Details:...

FusionInvoice 2023-1.0 - Stored XSS (Cross-Site Scripting)

Exploit Title: FusionInvoice 2023-1.0 - Stored XSS Cross-Site Scripting Date: 2023-05-24 Exploit Author: Andrea Intilangelo Vendor Homepage: https://www.squarepiginteractive.com Software Link: https://www.fusioninvoice.com/store Version: 2023-1.0 Tested on: Latest Version of Desktop Web Browsers...

IFSC Code Finder Project 1.0 - SQL injection (Unauthenticated)

Title: IFSC Code Finder Project 1.0 - SQL injection Unauthenticated Exploit Author: Yash Mahajan Date: 2021-10-07 Vendor Homepage: https://phpgurukul.com/ifsc-code-finder-project-using-php/ Version: 1 Software Link: https://phpgurukul.com/?smdprocessdownload=1&downloadid=14478 Tested On: Windows...

Storage Unit Rental Management System 1.0 - Remote Code Execution (RCE) (Unauthenticated)

Exploit Title: Storage Unit Rental Management System 1.0 - Remote Code Execution RCE Unauthenticated Date: 28.09.2021 Exploit Author: Fikrat Ghuliev Ghuliev Vendor Homepage: https://www.sourcecodester.com/php/14932/storage-unit-rental-management-system-using-php-free-source-code.html Software Lin...

Antminer Monitor 0.5.0 - Authentication Bypass

Exploit Title: Antminer Monitor 0.5.0 - Authentication Bypass Date: 09/06/2021 Dork:https://www.zoomeye.org/searchResult?q=%22antminer%20monitor%22 Exploit Author: CQR.company / Vulnz. Vendor Homepage: https://github.com/anselal/antminer-monitor,...

KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 - Command Injection (Authenticated)

Exploit Title: KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 - Command Injection Authenticated Date: 03.02.2021 Exploit Author: LiquidWorm Vendor Homepage: http://www.kzbtech.com http://www.jatontec.com https://www.neotel.mk Vendor: KZ Broadband Technologies, Ltd. | Jaton Technology, Ltd. Produ...

KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 - Hard coded Credentials Shell Access

Exploit Title: KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 - Hard coded Credentials Shell Access Date: 03.02.2021 Exploit Author: LiquidWorm Vendor Homepage: http://www.kzbtech.com http://www.jatontec.com https://www.neotel.mk Vendor: KZ Broadband Technologies, Ltd. | Jaton Technology, Ltd...

Responsive E-Learning System 1.0 - Stored Cross Site Scripting

Exploit Title: Responsive E-Learning System 1.0 – Stored Cross Site Scripting Date: 2020-12-24 Exploit Author: Kshitiz Rajmanitorpotterk Vendor Homepage: https://www.sourcecodester.com/php/5172/responsive-e-learning-system.html Software Link:...

Sentrifugo Version 3.2 - 'announcements' Remote Code Execution (Authenticated)

Exploit Title: Sentrifugo Version 3.2 - 'announcements' Remote Code Execution Authenticated Google Dork: N/A Date: 2020.10.06 Exploit Author: Fatih Çelik Vendor Homepage: https://sourceforge.net/projects/sentrifugo/ Software Link: https://sourceforge.net/projects/sentrifugo/ Blog:...

GeoVision (GeoHttpServer) Webcams - Remote File Disclosure

!/usr/bin/python import os import sys import socket import binascii ''' Title : GeoVision GeoHttpServer WebCams Remote File Disclosure Exploit CVE-ID : none Product : GeoVision System : GeoHttpServer Affected : 8.3.3.0 may be more Impact : Critical Remote : Yes Website link:...

WordPress adivaha Travel Plugin 2.3 - Reflected XSS

Exploit Title: WordPress adivaha Travel Plugin 2.3 - Reflected XSS Exploit Author: CraCkEr Date: 29/07/2023 Vendor: adivaha - Travel Tech Company Vendor Homepage: https://www.adivaha.com/ Software Link: https://wordpress.org/plugins/adiaha-hotel/ Demo: https://www.adivaha.com/demo/adivaha-online/...

Frappe Framework (ERPNext) 13.4.0 - Remote Code Execution (Authenticated)

Exploit Title: Frappe Framework ERPNext 13.4.0 - Remote Code Execution Authenticated Exploit Author: Sander Ferdinand Date: 2023-06-07 Version: 13.4.0 Vendor Homepage: http://erpnext.org Software Link: https://github.com/frappe/frappe/ Tested on: Ubuntu 22.04 CVE : none Silly sandbox escape. Frap...

Screen SFT DAB 600/C - Unauthenticated Information Disclosure (userManager.cgx)

Exploit Title: Screen SFT DAB 600/C - Unauthenticated Information Disclosure userManager.cgx Exploit Author: LiquidWorm Vendor: DB Elettronica Telecomunicazioni SpA Product web page: https://www.screen.it | https://www.dbbroadcast.com...

Online Appointment System V1.0 - Cross-Site Scripting (XSS)

Exploit Title: Online Appointment System V1.0 - Cross-Site Scripting XSS Date: 25/02/2023 Exploit Author: Sanjay Singh Vendor Homepage: https://www.sourcecodester.com Software Link: https://www.sourcecodester.com/php/14502/online-appointment-system-php-full-source-code-2020.html Tested on: Window...

ESET Service 16.0.26.0 - 'Service ekrn' Unquoted Service Path

Exploit Title: ESET Service 16.0.26.0 - 'Service ekrn' Unquoted Service Path Exploit Author: Milad Karimi Ex3ptionaL Exploit Date: 2023-04-05 Vendor : https://www.eset.com Version : 16.0.26.0 Tested on OS: Microsoft Windows 11 pro x64 PoC : ============== C:\sc qc ekrn SC QueryServiceConfig SUCCE...

Internet Download Manager v6.41 Build 3 - Remote Code Execution (RCE)

Exploit Title: Internet Download Manager v6.41 Build 3 - Remote Code Execution RCE Date: 15.11.2022 Exploit Author: M. Akil Gündoğan Contact: https://twitter.com/akilgundogan Vendor Homepage: https://www.internetdownloadmanager.com/ Software Link:...

TOSHIBA DVD PLAYER Navi Support Service - 'TNaviSrv' Unquoted Service Path

Exploit Title: TOSHIBA DVD PLAYER Navi Support Service - 'TNaviSrv' Unquoted Service Path Exploit Author : SamAlucard Exploit Date: 2022-02-17 Vendor : TOSHIBA Version : TOSHIBA Navi Support Service 1.00.0000 Tested on OS: Windows 7 Pro Analyze PoC : ============== C:\Users\Administradorsc qc...

WordPress Plugin Popup 1.10.4 - Reflected Cross-Site Scripting (XSS)

Exploit Title: WordPress Plugin Popup 1.10.4 - Reflected Cross-Site Scripting XSS Date: 3/28/2021 Author: 0xB9 Software Link: https://wordpress.org/plugins/popup-by-supsystic/ Version: 1.10.4 Tested on: Windows 10 CVE: CVE-2021-24275 1. Description: The plugin did not sanitize the tab parameter o...

FatPipe Networks WARP/IPVPN/MPVPN 10.2.2 - Remote Privilege Escalation

Exploit Title: FatPipe Networks MPVPN 10.2.2 - Remote Privilege Escalation Date: 25.07.2021 Exploit Author: LiquidWorm Vendor Homepage: https://www.fatpipeinc.com !/usr/bin/env python3 FatPipe Networks WARP/IPVPN/MPVPN 10.2.2 Remote Privilege Escalation Vendor: FatPipe Networks Inc. Product web...

In4Suit ERP 3.2.74.1370 - 'txtLoginId' SQL injection

Exploit Title: In4Suit ERP 3.2.74.1370 - 'txtLoginId' SQL injection Date: 18/05/2021 Exploit Author: Gulab Mondal Vendor Homepage: https://www.in4velocity.com/in4suite-erp.html Version: In4Suite ERP 3.2.74.1370 Tested on: Windows CVE: CVE-2021-27828 ----------------------------------------- SQL...

Mikrotik Router Monitoring System 1.2.3 - 'community' SQL Injection

Exploit Title: Mikrotik Router Monitoring System 1.2.3 - 'community' SQL Injection Exploit Author: jul10l1r4 Julio Lira Google Dork: N/A Date: 2020-05-16 Vendor Homepage: https://mikrotik.com Software Link: https://mikrotik.com/download Version: = 1.2.3 Tested on: Debian 10 buster CVE: 2020-13118...

School File Management System 1.0 - 'username' SQL Injection

Exploit Title: School File Management System 1.0 - 'username' SQL Injection Date: 2020-05-04 Exploit Author: Tarun Sehgal Vendor Homepage: https://www.sourcecodester.com/php/14155/school-file-management-system.html Software Link:...

SOPlanning 1.45 - Cross-Site Request Forgery (Add User)

Exploit Title: SOPlanning 1.45 - Cross-Site Request Forgery Add User Date: 2020-02-14 Exploit Author: J3rryBl4nks Vendor Homepage: https://www.soplanning.org/en/ Software Link: https://sourceforge.net/projects/soplanning/files/soplanning/ Version 1.45 Tested on Windows 10/Kali Rolling The...

Blue Stacks App Player 2.4.44.62.57 - "BstHdLogRotatorSvc" Unquote Service Path

Exploit Title: Blue Stacks App Player 2.4.44.62.57 - "BstHdLogRotatorSvc" Unquote Service Path Date: 2019-11-09 Exploit Author: Diego Armando Buztamante Rico Vendor Homepage: www.bluestacks.com Software Link: www.bluestacks.com Version: 2.4.44.62.57 Tested on: Windows 8.1 Pro CVE: NA Description...

Thunderbird ESR < 60.7.XXX - Type Confusion

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 X41 D-Sec GmbH Security Advisory: X41-2019-004 Type confusion in Thunderbird ============================= Severity Rating: Medium Confirmed Affected Versions: All versions affected Confirmed Patched Versions: Thunderbird ESR 60.7.XXX Vendor:...

Linux/x86-64 - Polymorphic Setuid(0) & Execve(/bin/sh) Shellcode (31 bytes)

Linux/x86-64 - Polymorphic Setuid0 & Execve/bin/sh Shellcode 31 bytes. Shellcode exploit for Linx86-64 platform ;The MIT License MIT ;Copyright c 2017 Robert L. Taylor ;Permission is hereby granted, free of charge, to any person obtaining a ;copy of this software and associated documentation file...

OpenCMS 17.0 - Stored Cross Site Scripting (XSS)

Exploit Title: OpenCMS 17.0 - Stored Cross Site Scripting XSS Date: 24-11-2024 Exploit Author: Siddhartha Naik Vendor Homepage: http://www.opencms.org/en/ Software Link: http://www.opencms.org/en/modules/downloads/begindownload.html?id=dade528f-ec17-11ee-ab97-7fde8b0295e1 Affected Version: 17.0...

Secure Web Gateway 10.2.11 - Cross-Site Scripting (XSS)

Exploit Title: Secure Web Gateway 10.2.11 - Cross-Site Scripting XSS Product: Secure Web Gateway Affected Versions: 10.2.11, potentially other versions Fixed Versions: 10.2.17, 11.2.6, 12.0.1 Vulnerability Type: Cross-Site Scripting Security Risk: high Vendor URL:...

File Sanitizer for HP ProtectTools 5.0.1.3 - 'HPFSService' Unquoted Service Path

Exploit Title: File Sanitizer for HP ProtectTools 5.0.1.3 - 'HPFSService' Unquoted Service Path Exploit Author : SamAlucard Exploit Date: 2022-02-14 Vendor : Hewlett-PackardHP Version : File Sanitizer for HP ProtectTools 5.0.1.3 Vendor Homepage : http://www.hp.com Tested on OS: Windows 7 Pro...

Intel(R) Management Engine Components 6.0.0.1189 - 'LMS' Unquoted Service Path

Exploit Title: IntelR Management Engine Components 6.0.0.1189 - 'LMS' Unquoted Service Path Exploit Author : SamAlucard Exploit Date: 2022-02-17 Vendor : Intel Version : IntelR Management Engine Components 6.0.0.1189 Vendor Homepage : https://www.intel.com Tested on OS: Windows 7 Pro Analyze PoC ...

Network Video Recorder NVR304-16EP - Reflected Cross-Site Scripting (XSS) (Unauthenticated)

Exploit Title: Network Video Recorder NVR304-16EP - Reflected Cross-Site Scripting XSS Unauthenticated Author: Luis Martinez Discovery Date: 2022-02-13 Vendor Homepage: https://www.uniview.com/Products/NVR/Easy/NVR304-S-P/Product%20features Datasheet of NVR304-S-P:...

EyesOfNetwork 5.3 - RCE & PrivEsc

Exploit Title: EyesOfNetwork 5.3 - RCE & PrivEsc Date: 10/01/2021 Exploit Author: Audencia Business SCHOOL Red Team Vendor Homepage: https://www.eyesofnetwork.com/en Software Link: http://download.eyesofnetwork.com/EyesOfNetwork-5.3-x8664-bin.iso Version: 5.3 Authentified Romote Code Execution fl...

Xeroneit Library Management System 3.1 - "Add Book Category " Stored XSS

Exploit Title: Xeroneit Library Management System 3.1 - "Add Book Category " Stored XSS Exploit Author: Kislay Kumar Date: 2020-12-18 Vendor Homepage: https://xeroneit.net/ Software Link: https://xeroneit.net/portfolio/library-management-system-lms Affected Version: Version 3.1 Tested on: Kali...

Joomla Plugin Simple Image Gallery Extended (SIGE) 3.5.3 - Multiple Vulnerabilities

Exploit Title: Joomla Plugin Simple Image Gallery Extended SIGE 3.5.3 - Multiple Vulnerabilities Exploit Author: Vulnerability-Lab Date: 2020-11-11 Vendor Homepage: https://kubik-rubik.de/sige-simple-image-gallery-extended Software Link: https://kubik-rubik.de/sige-simple-image-gallery-extended...

Online Course Registration 1.0 - Unauthenticated Remote Code Execution

Exploit Title: Online Course Registration 1.0 - Unauthenticated Remote Code Execution Exploit Author: Bobby Cooke Credit to BKpatron for similar Auth Bypass on admin page - exploit-db.com/exploits/48559 Date: 2020-07-15 Vendor Homepage: Vendor Homepage:...

Online Healthcare Patient Record Management System 1.0 - Authentication Bypass

Exploit Title: Online Healthcare Patient Record Management System 1.0 - Authentication Bypass Google Dork: N/A Date: 2020-05-18 Exploit Author: Daniel Monzón stark0de Vendor Homepage: https://www.sourcecodester.com Software Link:...

SeedDMS 5.1.18 - Persistent Cross-Site Scripting

Title: SeedDMS 5.1.18 - Persistent Cross-Site Scripting Author: Vulnerability Laboratory Date: 2020-04-15 Vendor: https://www.seeddms.org Software Link: https://www.seeddms.org/index.php?id=7 CVE: N/A Document Title: =============== SeedDMS v5.1.18 - Multiple Persistent Web Vulnerabilities...

rConfig 3.9.4 - 'searchField' Unauthenticated Root Remote Code Execution

Exploit Title: rConfig 3.9.4 - 'searchField' Unauthenticated Root Remote Code Execution Exploit Author: vikingfr Greetz : Orange Cyberdefense - team CSR-SO https://cyberdefense.orange.com Date: 2020-03-12 CVE-2019-19509 + CVE-2019-19585 + CVE-2020-10220 Exploit link :...

Joomla! Component ACYMAILING 3.9.0 - Unauthenticated Arbitrary File Upload

Exploit Title: Joomla! ACYMAILING 3.9.0 component - Unauthenticated Arbitrary File Upload Google Dork: inurl:"index.php?option=comacym" Date: 2020-03-16 Exploit Author: qw3rTyTy Vendor Homepage: https://www.acyba.com/ Software Link: https://www.acyba.com/acymailing/download.html Version: v6.9.1...

Joplin Desktop 1.0.184 - Cross-Site Scripting

Exploit Title: Joplin Desktop 1.0.184 - Cross-Site Scripting Exploit Author: Javier Olmedo Date: 2020-02-27 Vendor: Laurent Cozic Software Link: https://github.com/laurent22/joplin/archive/v1.0.184.zip Affected Version: 1.0.184 and before Patched Version: 1.0.185 Category: Remote Platform: Window...