47904 matches found
X2CRM 8.5 - Stored Cross-Site Scripting (XSS)
Exploit Title: X2CRM 8.5 - Stored Cross-Site Scripting XSS Date: 12 September 2024 Exploit Author: Okan Kurtulus Vendor Homepage: https://x2engine.com/ Software Link: https://github.com/X2Engine/X2CRM Version: X2CRM v8.5 Tested on: Ubuntu 22.04 CVE : CVE-2024-48120 1- Log in to the system with an...
Trend Micro OfficeScan Client 10.0 - ACL Service LPE
Exploit Title: Trend Micro OfficeScan Client 10.0 - ACL Service LPE Date: 2023/05/04 Exploit Author: msd0pe Vendor Homepage: https://www.trendmicro.com My Github: https://github.com/msd0pe-1 Trend Micro OfficeScan Client: Versions = icacls "C:\Program Files x86\Trend Micro\OfficeScan Client"...
Best POS Management System v1.0 - Unauthenticated Remote Code Execution
Exploit Title: Best POS Management System v1.0 - Unauthenticated Remote Code Execution Google Dork: NA Date: 15/5/2023 Exploit Author: Mesut Cetin Vendor Homepage: https://www.sourcecodester.com/php/16127/best-pos-management-system-php.html Software Link:...
Rukovoditel 3.3.1 - Remote Code Execution (RCE)
Exploit Title: Rukovoditel 3.3.1 - Remote Code Execution RCE Version: 3.3.1 Bugs: rce via jpeg file upload Technology: PHP Vendor URL: https://www.rukovoditel.net/ Software Link: https://www.rukovoditel.net/download.php Date of found: 12-03-2023 Author: Mirabbas Ağalarov Tested on: Linux 2...
PHP Restaurants 1.0 - SQLi (Unauthenticated)
Exploit Title: PHP Restaurants 1.0 - SQLi Unauthenticated Google Dork: None Date: 01/29/2022 Exploit Author: Nefrit ID Vendor Homepage: https://github.com/jcwebhole Software Link: https://github.com/jcwebhole/phprestaurants Version: 1.0 Tested on: Kali Linux & Windows 10 SQL injection is a code...
WordPress Plugin Popup 1.10.4 - Reflected Cross-Site Scripting (XSS)
Exploit Title: WordPress Plugin Popup 1.10.4 - Reflected Cross-Site Scripting XSS Date: 3/28/2021 Author: 0xB9 Software Link: https://wordpress.org/plugins/popup-by-supsystic/ Version: 1.10.4 Tested on: Windows 10 CVE: CVE-2021-24275 1. Description: The plugin did not sanitize the tab parameter o...
FatPipe Networks WARP/IPVPN/MPVPN 10.2.2 - Config Download (Unauthenticated)
Exploit Title: FatPipe Networks WARP/IPVPN/MPVPN 10.2.2 - Config Download Unauthenticated Date: 25.07.2021 Exploit Author: LiquidWorm Vendor Homepage: https://www.fatpipeinc.com FatPipe Networks WARP/IPVPN/MPVPN 10.2.2 Unauthenticated Config Download Vendor: FatPipe Networks Inc. Product web page...
ECOA Building Automation System - Arbitrary File Deletion
Exploit Title: ECOA Building Automation System - Arbitrary File Deletion Date: 25.06.2021 Exploit Author: Neurogenesia Vendor Homepage: http://www.ecoa.com.tw ECOA Building Automation System Arbitrary File Deletion Vendor: ECOA Technologies Corp. Product web page: http://www.ecoa.com.tw Affected...
WordPress Plugin Current Book 1.0.1 - 'Book Title' Persistent Cross-Site Scripting
Exploit Title: WordPress Plugin Current Book 1.0.1 - 'Book Title and Author field' Stored Cross-Site Scripting XSS Date: 14/07/2021 Exploit Author: Vikas Srivastava Vendor Homepage: Software Link: https://wordpress.org/plugins/current-book/ Version: 1.0.1 Category: Web Application How to Reproduc...
KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 - Factory Reset (Unauthenticated)
Exploit Title: KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 - Factory Reset Unauthenticated Date: 03.02.2021 Exploit Author: LiquidWorm Vendor Homepage: http://www.kzbtech.com http://www.jatontec.com https://www.neotel.mk Vendor: KZ Broadband Technologies, Ltd. | Jaton Technology, Ltd. Product...
Tiny Tiny RSS - Remote Code Execution
Exploit Title: Tiny Tiny RSS - Remote Code Execution Date: 21/09/2020 Exploit Author: Daniel Neagaru & Benjamin Nadarević Blog post: https://www.digeex.de/blog/tinytinyrss/ Software Link: https://git.tt-rss.org/fox/tt-rss Version: all before 2020-09-16 Commit with the fixes:...
SmartFoxServer 2X 2.17.0 - Credentials Disclosure
Exploit Title: SmartFoxServer 2X 2.17.0 - Credentials Disclosure Date: 29.01.2021 Exploit Author: LiquidWorm Vendor Homepage: https://www.smartfoxserver.com SmartFoxServer 2X 2.17.0 Credentials Disclosure Vendor: gotoAndPlay Product web page: https://www.smartfoxserver.com Affected version: Serve...
Joomla Plugin Simple Image Gallery Extended (SIGE) 3.5.3 - Multiple Vulnerabilities
Exploit Title: Joomla Plugin Simple Image Gallery Extended SIGE 3.5.3 - Multiple Vulnerabilities Exploit Author: Vulnerability-Lab Date: 2020-11-11 Vendor Homepage: https://kubik-rubik.de/sige-simple-image-gallery-extended Software Link: https://kubik-rubik.de/sige-simple-image-gallery-extended...
Joomla! Component ACYMAILING 3.9.0 - Unauthenticated Arbitrary File Upload
Exploit Title: Joomla! ACYMAILING 3.9.0 component - Unauthenticated Arbitrary File Upload Google Dork: inurl:"index.php?option=comacym" Date: 2020-03-16 Exploit Author: qw3rTyTy Vendor Homepage: https://www.acyba.com/ Software Link: https://www.acyba.com/acymailing/download.html Version: v6.9.1...
Voyager 1.3.0 - Directory Traversal
Exploit Title: Voyager 1.3.0 - Directory Traversal Google Dork: N/A Date: January 2020-01-06 Exploit Author: NgoAnhDuc Vendor Homepage: https://voyager.devdojo.com/ Software...
Codoforum 4.8.3 - Persistent Cross-Site Scripting
Exploit Title: Codoforum 4.8.3 - Persistent Cross-Site Scripting Google Dork: intext:"Powered by Codoforum" Date: 2020-01-03 Exploit Author: Prasanth c41m, Vyshnav Vizz Vendor Homepage: https://codoforum.com/index.php Software Link: https://codoforum.com/buy Version: Codoforum 4.8.3 Tested on:...
Product Key Explorer 4.2.0.0 - 'Key' Denial of Service (PoC)
Exploit Title: Product Key Explorer 4.2.0.0 - 'Key' Denial of Service POC Discovery by: SajjadBnd Date: 2019-12-10 Vendor Homepage: http://www.nsauditor.com Software Link: http://www.nsauditor.com/downloads/productkeyexplorersetup.exe Tested Version: 4.2.0.0 Vulnerability Type: Denial of Service...
Serv-U FTP Server - prepareinstallation Privilege Escalation (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Serv-U FTP Server prepareinstallation Privilege Escalation', 'Description' = %q This module attempts to gain root privileges on systems running...
Thunderbird ESR < 60.7.XXX - Type Confusion
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 X41 D-Sec GmbH Security Advisory: X41-2019-004 Type confusion in Thunderbird ============================= Severity Rating: Medium Confirmed Affected Versions: All versions affected Confirmed Patched Versions: Thunderbird ESR 60.7.XXX Vendor:...
Joomla! Component Easy Shop 1.2.3 - Local File Inclusion
Exploit Title: Joomla! Component Easy Shop 1.2.3 - Local File Inclusion Dork: N/A Date: 2019-01-22 Exploit Author: Ihsan Sencan Vendor Homepage: https://joomtech.net/ Software D.: https://www.joomtech.net/products/easyshop?task=file.download&key=7bafaa65995fb3b1383328105df1e10f Software Link:...
Drupal 7.0 < 7.31 - 'Drupalgeddon' SQL Injection (Add Admin User)
!/usr/bin/python Drupal 7.x SQL Injection SA-CORE-2014-005 https://www.drupal.org/SA-CORE-2014-005 Inspired by yukyuk's P.o.C https://www.reddit.com/user/fyukyuk Tested on Drupal 7.31 with BackBox 3.x This material is intended for educational purposes only and the author can not be held liable fo...
pNews 1.1.0 - 'nbs' Remote File Inclusion
PowerNews v1.1.0 nbs Remote File Inclusion Affected Software .: PowerNews v1.1.0 Download..: http://sourceforge.net/project/showfiles.php?groupid=35550 Class .............: Remote File Inclusion Risk ..............: high Found by ..........: CvIr.System Contact ...........: CvIr.Systematgmail.com...
dotProject 2.0 - '/modules/projects/vw_files.php?dPconfig[root_dir]' Remote File Inclusion
source: https://www.securityfocus.com/bid/16648/info Dotproject is prone to multiple remote file-include vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit these issues to include an arbitrary remote file...
GestioIP 3.5.7 - Reflected Cross-Site Scripting (Reflected XSS)
Exploit Title: GestioIP 3.5.7 - Reflected Cross-Site Scripting Reflected XSS Exploit Author: m4xth0r Maximiliano Belino Author website: https://maxibelino.github.io/ Author email max.cybersecurity at belino.com GitHub disclosure link: https://github.com/maxibelino/CVEs/tree/main/CVE-2024-50859...
Rejetto HTTP File Server 2.3m - Remote Code Execution (RCE)
Exploit Title: Rejetto HTTP File Server 2.3m - Remote Code Execution RCE Fofa Dork: "HttpFileServer" && server=="HFS 2.3m" Date: 2024-09-22 Exploit Author: VeryLazyTech GitHub: https://github.com/verylazytech/CVE-2024-23692 Vendor Homepage: http://rejetto.com/hfs/ Software Link:...
Cameleon CMS 2.7.4 - Persistent Stored XSS in Post Title
Exploit Title: Authenticated Persistent XSS in Cameleon CMS 2.7.4 Google Dork: intext:"Camaleon CMS is a free and open-source tool and a fexible content management system CMS based on Ruby on Rails" Date: 2023-10-05 Exploit Author: Yasin Gergin Vendor Homepage: http://camaleon.tuzitio.com Softwar...
bgERP v22.31 (Orlovets) - Cookie Session vulnerability & Cross-Site Scripting (XSS)
Title: bgERP v22.31 Orlovets - Cookie Session vulnerability & Cross-Site Scripting XSS Author: nu11secur1ty Date: 01.31.2023 Vendor: https://bgerp.com/Bg/Za-sistemata Software: https://github.com/bgerp/bgerp/releases/tag/v22.31 Reference:...
Wondershare MobileTrans 3.5.9 - 'ElevationService' Unquoted Service Path
Exploit Title: Wondershare MobileTrans 3.5.9 - 'ElevationService' Unquoted Service Path Discovery by: Luis Martinez Discovery Date: 2022-02-17 Vendor Homepage: https://www.wondershare.com/ Software Link : https://download.wondershare.com/mobiletransfull5793.exe Tested Version: 3.5.9 Vulnerability...
Antminer Monitor 0.5.0 - Authentication Bypass
Exploit Title: Antminer Monitor 0.5.0 - Authentication Bypass Date: 09/06/2021 Dork:https://www.zoomeye.org/searchResult?q=%22antminer%20monitor%22 Exploit Author: CQR.company / Vulnz. Vendor Homepage: https://github.com/anselal/antminer-monitor,...
Laundry Booking Management System 1.0 - 'Multiple' SQL Injection
Exploit Title: Laundry Booking Management System 1.0 - 'Multiple' SQL Injection Date: 2021-08-19 Exploit Author: Azumah Foresight Xorlali Vendor Homepage: https://www.sourcecodester.com/php/14400/laundry-booking-management-system-php-source-code.html Software Link:...
NoteBurner 2.35 - Denial Of Service (DoS) (PoC)
Exploit Title: NoteBurner 2.35 - Denial Of Service DoS PoC Date: 25.07.2021 Vendor Homepage:https://www.noteburner.com/ Software Link: https://anonfiles.com/13h9Hb82ub/noteburnerexe Exploit Author: Achilles Tested Version: 2.35 Tested on: Windows 7 x64 1.- Run python code : 2.- Open EVIL.txt and...
School File Management System 1.0 - 'username' SQL Injection
Exploit Title: School File Management System 1.0 - 'username' SQL Injection Date: 2020-05-04 Exploit Author: Tarun Sehgal Vendor Homepage: https://www.sourcecodester.com/php/14155/school-file-management-system.html Software Link:...
Edimax Technology EW-7438RPn-v3 Mini 1.27 - Remote Code Execution
Exploit Title: Edimax Technology EW-7438RPn-v3 Mini 1.27 - Remote Code Execution Date: 2020-04-13 Exploit Author: Wadeek Hardware Version: EW-7438RPn-v3 Mini Firmware Version: 1.23 / 1.27 Vendor Homepage:...
rConfig 3.9.4 - 'searchField' Unauthenticated Root Remote Code Execution
Exploit Title: rConfig 3.9.4 - 'searchField' Unauthenticated Root Remote Code Execution Exploit Author: vikingfr Greetz : Orange Cyberdefense - team CSR-SO https://cyberdefense.orange.com Date: 2020-03-12 CVE-2019-19509 + CVE-2019-19585 + CVE-2020-10220 Exploit link :...
Karakuzu ERP Management Web 5.7.0 - 'k_adi_duz' SQL Injection
Exploit Title: Karakuzu ERP Management Web 5.7.0 - 'kadiduz' SQL Injection Discovery Date: 2019-09-20 Exploit Author: Hakan TAŞKÖPRÜ Vendor Homepage: http://karakuzu.info/ Effected Version = 5.7.0 Vulnerability 1: Unauthenticated SQL Injection ==================================================...
Spring Security OAuth - Open Redirector
Exploit Title: Open Redirector in spring-security-oauth2 Date: 17 June 2019 Exploit Author: Riemann Vendor Homepage: https://spring.io/projects/spring-security-oauth Software Link: https://spring.io Version: Spring Security OAuth versions 2.3 prior to 2.3.6...
Solaris 7/8/9 (SPARC) - 'dtprintinfo' Local Privilege Escalation (1)
/ raptordtprintnamesparc.c - dtprintinfo 0day, Solaris/SPARC Copyright c 2004-2019 Marco Ivaldi 0day buffer overflow in the dtprintinfo1 CDE Print Viewer, leading to local root. Many thanks to Dave Aitel for discovering this vulnerability and for his interesting research activities on...
Linux Kernel 2.6.27 < 2.6.36 (RedHat x86-64) - 'compat' Local Privilege Escalation
/ Ac1dB1tch3z Vs Linux Kernel x8664 0day Today is a sad day.. R.I.P. Tue, 29 Apr 2008 / Tue, 7 Sep 2010 a bit of history: MCASTMSFILTER Compat mode bug found... upon commit! 2 year life on this one author David L Stevens Tue, 29 Apr 2008 10:23:22 +0000 03:23 -0700 committer David S. Miller Tue, 2...
NoteMark < 0.13.0 - Stored XSS
Exploit Title: Stored XSS in NoteMark Date: 07/29/2024 Exploit Author: Alessio Romano sfoffo Vendor Homepage: https://notemark.docs.enchantedcode.co.uk/ Version: 0.13.0 and below Tested on: Linux References: https://notes.sfoffo.com/contributions/2024-contributions/cve-2024-41819,...
FusionInvoice 2023-1.0 - Stored XSS (Cross-Site Scripting)
Exploit Title: FusionInvoice 2023-1.0 - Stored XSS Cross-Site Scripting Date: 2023-05-24 Exploit Author: Andrea Intilangelo Vendor Homepage: https://www.squarepiginteractive.com Software Link: https://www.fusioninvoice.com/store Version: 2023-1.0 Tested on: Latest Version of Desktop Web Browsers...
WebTareas 2.4 - SQL Injection (Unauthorised)
Exploit Title: WebTareas 2.4 - SQL Injection Unauthorised Date: 15/10/2022 Exploit Author: Hubert Wojciechowski Contact Author: [email protected] Vendor Homepage: https://sourceforge.net/projects/webtareas/ Software Link: https://sourceforge.net/projects/webtareas/ Version: 2.4 Testeted on:...
TOSHIBA DVD PLAYER Navi Support Service - 'TNaviSrv' Unquoted Service Path
Exploit Title: TOSHIBA DVD PLAYER Navi Support Service - 'TNaviSrv' Unquoted Service Path Exploit Author : SamAlucard Exploit Date: 2022-02-17 Vendor : TOSHIBA Version : TOSHIBA Navi Support Service 1.00.0000 Tested on OS: Windows 7 Pro Analyze PoC : ============== C:\Users\Administradorsc qc...
IFSC Code Finder Project 1.0 - SQL injection (Unauthenticated)
Title: IFSC Code Finder Project 1.0 - SQL injection Unauthenticated Exploit Author: Yash Mahajan Date: 2021-10-07 Vendor Homepage: https://phpgurukul.com/ifsc-code-finder-project-using-php/ Version: 1 Software Link: https://phpgurukul.com/?smdprocessdownload=1&downloadid=14478 Tested On: Windows...
Storage Unit Rental Management System 1.0 - Remote Code Execution (RCE) (Unauthenticated)
Exploit Title: Storage Unit Rental Management System 1.0 - Remote Code Execution RCE Unauthenticated Date: 28.09.2021 Exploit Author: Fikrat Ghuliev Ghuliev Vendor Homepage: https://www.sourcecodester.com/php/14932/storage-unit-rental-management-system-using-php-free-source-code.html Software Lin...
e107 CMS 2.3.0 - Remote Code Execution (RCE) (Authenticated)
Exploit Title: e107 CMS 2.3.0 - Remote Code Execution RCE Authenticated Date: 21-09-2021 Exploit Author: Halit AKAYDIN hLtAkydn Vendor Homepage: https://e107.org/ Software Link: https://e107.org/download Version: 2.3.0 Category: Webapps Tested on: Linux/Windows e107 is a free website content...
EyesOfNetwork 5.3 - RCE & PrivEsc
Exploit Title: EyesOfNetwork 5.3 - RCE & PrivEsc Date: 10/01/2021 Exploit Author: Audencia Business SCHOOL Red Team Vendor Homepage: https://www.eyesofnetwork.com/en Software Link: http://download.eyesofnetwork.com/EyesOfNetwork-5.3-x8664-bin.iso Version: 5.3 Authentified Romote Code Execution fl...
Responsive E-Learning System 1.0 - Stored Cross Site Scripting
Exploit Title: Responsive E-Learning System 1.0 – Stored Cross Site Scripting Date: 2020-12-24 Exploit Author: Kshitiz Rajmanitorpotterk Vendor Homepage: https://www.sourcecodester.com/php/5172/responsive-e-learning-system.html Software Link:...
Easy CD & DVD Cover Creator 4.13 - Denial of Service (PoC)
Exploit Title: Easy CD & DVD Cover Creator 4.13 - Denial of Service PoC Date: 22.12.2020 Software Link: http://www.tucows.com/download/windows/files/ezcdsetup.exe Exploit Author: Achilles Tested Version: 4.13 Tested on: Windows 7 x64 Sp1 1.- Run python code :Creator.py 2.- Open EVIL.txt and copy...
SeedDMS 5.1.18 - Persistent Cross-Site Scripting
Title: SeedDMS 5.1.18 - Persistent Cross-Site Scripting Author: Vulnerability Laboratory Date: 2020-04-15 Vendor: https://www.seeddms.org Software Link: https://www.seeddms.org/index.php?id=7 CVE: N/A Document Title: =============== SeedDMS v5.1.18 - Multiple Persistent Web Vulnerabilities...
Pandora FMS 7.0NG - 'net_tools.php' Remote Code Execution
Exploit Title: Pandora FMS 7.0NG - 'nettools.php' Remote Code Execution Build: PC170324 - MR 0 Date: 2020-03-30 Exploit Author: Basim Alabdullah Vendor homepage: http://pandorafms.org/ Version: 7.0 Software link: https://pandorafms.org/features/free-download-monitoring-software/ Tested on: CentOS...