47904 matches found
Navigate CMS 2.8.7 - ''sidx' SQL Injection (Authenticated)
Exploit Title: Navigate CMS 2.8.7 - ''sidx' SQL Injection Authenticated Date: 2020-06-04 Exploit Author: Gus Ralph Vendor Homepage: https://www.navigatecms.com/en/home Software Link: https://sourceforge.net/projects/navigatecms/files/releases/navigate-2.8.7r1401.zip/download Version: 2.8.7 Tested...
Grandstream UCM6200 Series WebSocket 1.0.20.20 - 'user_password' SQL Injection
Exploit Title: Grandstream UCM6200 Series WebSocket 1.0.20.20 - 'userpassword' SQL Injection Date: 2020-03-30 Exploit Author: Jacob Baines Vendor Homepage: http://www.grandstream.com/ Software Link: http://www.grandstream.com/support/firmware/ucm62xx-official-firmware Version: 1.0.20.20 and below...
RICOH Aficio SP 5210SF Printer - 'entryNameIn' HTML Injection
Exploit Title: RICOH Aficio SP 5210SF Printer - 'entryNameIn' HTML Injection Discovery by: Olga Villagran Discovery Date: 2020-03-02 Vendor Homepage: https://www.ricoh.com/ Hardware Link: http://support.ricoh.com/bb/html/drute/rc3/model/sp52s/sp52s.htm?lang=es Product Version: RICOH Aficio SP...
CandidATS 2.1.0 - Cross-Site Request Forgery (Add Admin)
Title: CandidATS 2.1.0 - Cross-Site Request Forgery Add Admin Date: 2020-02-21 Exploit Author: J3rryBl4nks Vendor Homepage: https://sourceforge.net/u/auieo/profile/ Software Link: https://sourceforge.net/projects/candidats/files/Version 2.1.0 Tested on Ubuntu 19/Kali Rolling The Candid ATS Web...
WordPress Plugin Tutor.1.5.3 - Local File Inclusion
Tile: Wordpress Plugin tutor.1.5.3 - Local File Inclusion Author: mehran feizi Category: webapps Date: 2020-02-12 vendor home page: https://wordpress.org/plugins/tutor/ =================================================================== Vulnerable page: /instructors.php...
macOS/iOS ImageIO - Heap Corruption when Processing Malformed TIFF Image
The attached tiff image causes a crash in ImageIO on the latest macOS and iOS. To reproduce the issue, the attached code tester.m can be used. I've attached another code snippet to reproduce the issue on iOS as well. With tester.m compiled with ASAN, processing the attached tiff image should cras...
FTP Commander Pro 8.03 - Local Stack Overflow
Exploit Title: FTP Commander Pro 8.03 - Local Stack Overflow Date: 2019-12-12 Exploit Author: boku Discovered by: UNNON Original DoS: FTP Commander 8.02 - Overwrite SEH Original DoS Link: https://www.exploit-db.com/exploits/37810 Software Vendor: http://www.internet-soft.com/ Software Link:...
Inim Electronics Smartliving SmartLAN 6.x - Unauthenticated Server-Side Request Forgery
Exploit Title: Inim Electronics Smartliving SmartLAN 6.x - Unauthenticated Server-Side Request Forgery Author: LiquidWorm Date: 2019-12-09 Product web page: https://www.inim.biz Link: https://www.inim.biz/en/antintrusion-control-panels/home-automation/control-panel-smartliving? Version: 6.x...
delpino73 Blue-Smiley-Organizer 1.32 - 'datetime' SQL Injection
Exploit Title: delpino73 Blue-Smiley-Organizer 1.32 - 'datetime' SQL Injection Date: 2019-10-28 Exploit Author: Cakes Vendor Homepage: https://github.com/delpino73/Blue-Smiley-Organizer Software Link: https://github.com/delpino73/Blue-Smiley-Organizer.git Version: 1.32 Tested on: CentOS7 CVE : N/...
inoERP 4.15 - 'download' SQL Injection
Exploit Title: inoERP 4.15 - 'download' SQL Injection Date: 2019-09-13 Exploit Author: Semen Alexandrovich Lyhin Vendor Homepage: http://inoideas.org/ Version: 4.15 CVE: N/A A malicious query can be sent in base64 encoding to unserialize function. It can be deserialized without any sanitization...
SugarCRM Enterprise 9.0.0 - Cross-Site Scripting
Exploit Title: 0Day UnauthenticatedXSS SugarCRM Enterprise Google Dork: N/A Date: 11.08.2019 Exploit Author: Ilca Lucian Florin Vendor Homepage: https://www.sugarcrm.com Version: 9.0.0 Tested on: Windows 7 / Internet Explorer 11 / Google Chrome 76 CVE : 2019-14974 The application fails to sanitiz...
Active Auction Pro 7.1 - 'default.asp?catid' SQL Injection
Title : Active Auction Remote SQL Injection Vulnerability Author : CyberGhost Demo Page : http://www.activewebsoftwares.com/demoactiveauction Script Page : http://www.activewebsoftwares.com/productinfo.aspx?productid=1 Vuln. Username :...
Feng Office 3.11.1.2 - SQL Injection
Exploit Title: Feng Office 3.11.1.2 - SQL Injection Date: 7/2024 Exploit Author: Andrey Stoykov Version: 3.11.1.2 Tested on: Ubuntu 22.04 Blog: http://msecureltd.blogspot.com SQL Injection: 1. Login to application 2. Click on "Workspaces" 3. Copy full URL 4. Paste the HTTP GET request into text...
Alkacon OpenCMS 15.0 - Multiple Cross-Site Scripting (XSS)
Exploit Title: Alkacon OpenCMS 15.0 - Multiple Cross-Site Scripting XSS Date: 1/07/2023 Exploit Author: tmrswrr Vendor Homepage: http://www.opencms.org Software Link: https://github.com/alkacon/opencms-core Version: v15.0 POC: 1 Login in demo page , go to this url...
Liferay Portal 6.2.5 - Insecure Permissions
Exploit Title: Liferay Portal 6.2.5 - Insecure Permissions Google Dork: -inurl:/html/js/editor/ckeditor/editor/filemanager/browser/ Date: 2021/05 Exploit Author: fu2x2000 Version: Liferay Portal 6.2.5 or later CVE : CVE-2021-33990 import requests import json print " Search this on Google Dork for...
Router ZTE-H108NS - Authentication Bypass
Exploit Title: Router ZTE-H108NS - Authentication Bypass Date: 19-11-2022 Exploit Author: George Tsimpidas Vendor: https://www.zte.com.cn/global/ Firmware: H108NSV1.0.7uZRDGR2A68 CVE: N/A Tested on: Debian 5.18.5 Description : When specific http methods are listed within a security constraint, th...
SysGauge 7.9.18 - ' SysGauge Server' Unquoted Service Path
Exploit Title: SysGauge 7.9.18 - ' SysGauge Server' Unquoted Service Path Discovery by: Brian Rodriguez Date: 14-06-2021 Vendor Homepage: https://www.sysgauge.com Software Link: https://www.sysgauge.com/setups/sysgaugesrvsetupv7.9.18.exe Tested Version: 7.9.18 Vulnerability Type: Unquoted Service...
Interview Management System 1.0 - Stored XSS in Add New Question
Exploit Title: Interview Management System 1.0 - Stored XSS in Add New Question Exploit Author: Saeed Bala Ahmed r0b0tG4nG Date: 2020-12-09 Google Dork: N/A Vendor Homepage: https://www.sourcecodester.com/php/14585/interview-management-system-phpmysqli-full-source-code.html Software Link:...
Content Management System 1.0 - 'First Name' Stored XSS
Exploit Title:Content Management System 1.0 - 'First Name' Stored XSS Exploit Author: Zhayi Zeo Date: 2020-12-14 Vendor Homepage: https://www.sourcecodester.com/php/14625/content-management-system-using-phpmysqli-source-code.html Software Link:...
Frigate 3.36 - Denial of Service (PoC)
Exploit Title: Frigate 3.36 - Denial of Service PoC Date: 2020-04-05 Exploit Author: inter Vendor Homepage: http://www.Frigate3.com/ Software Link Download: http://www.Frigate3.com/download/Frigate3Stdv36.exe Vulnerable Software: Firgate Version: 3.36 Vulnerability Type: Denial of Service DoS Loc...
Easy RM to MP3 Converter 2.7.3.700 - 'Input' Local Buffer Overflow (SEH)
Exploit Title: Easy RM to MP3 Converter 2.7.3.700 - 'Input' Local Buffer Overflow SEH Date: 2020-03-26 Author: Felipe Winsnes Software Link: https://www.exploit-db.com/apps/707414955696c57b71c7f160c720bed5-EasyRMtoMP3Converter.exe Version: 2.7.3.700 Tested on: Windows 7 x86 Proof of Concept: 1.-...
CA Unified Infrastructure Management Nimsoft 7.80 - Remote Buffer Overflow
Exploit Title: CA Unified Infrastructure Management Nimsoft 7.80 - Remote Buffer Overflow Exploit Author: wetw0rk Exploit Version: Public POC Vendor Homepage: https://docops.ca.com/ca-unified-infrastructure-management/9-0-2/en Software Version : 7.80 Tested on: Windows 10 Pro x64, Windows Server...
Microsoft Outlook VCF cards - Denial of Service (PoC)
Exploit Title: Microsoft Outlook VCF cards - Denial of Service PoC Date: 2020-01-04 Exploit Author: hyp3rlinx Vendor Homepage: www.microsoft.com + Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source:...
Anviz CrossChex 4.3.12 - Local Buffer Overflow
Exploit Title: Anviz CrossChex 4.3.12 - Local Buffer Overflow Date: 2019-11-30 Exploit Author: Luis Catarino & Pedro Rodrigues Vendor Homepage: https://www.anviz.com/ Software Link: https://www.anviz.com/download.html Version: Crosschex Standard x86 = V4.3.12 Tested on: 4.3.8.0, 4.3.12 CVE : N/A...
Emerson PAC Machine Edition 9.70 Build 8595 - 'FxControlRuntime' Unquoted Service Path
Exploit Title: Emerson PAC Machine Edition 9.70 Build 8595 - 'FxControlRuntime' Unquoted Service Path Discovery by: Luis Martinez Discovery Date: 2019-11-17 Vendor Homepage: https://www.emerson.com/en-us Software Link : https://www.opertek.com/descargar-software/?prc=326 Tested Version: 9.70 Buil...
Microsoft DirectWrite / AFDKO - Interpreter Stack Underflow in OpenType Font Handling Due to Missing CHKUFLOW
-----===== Background =====----- AFDKO Adobe Font Development Kit for OpenType is a set of tools for examining, modifying and building fonts. The core part of this toolset is a font handling library written in C, which provides interfaces for reading and writing Type 1, OpenType, TrueType to some...
PHP 7.2.2 - 'php_stream_url_wrap_http_ex' Buffer Overflow
Description: ------------ The latest PHP distributions contain a memory corruption bug while parsing malformed HTTP response packets. Vulnerable code at: phpstreamurlwraphttpex /home/weilei/php-7.2.2/ext/standard/httpfopenwrapper.c:723 if tmplinetmplinelen - 1 == '\n' --tmplinelen; if...
Linux Kernel 4.13 (Debian 9) - Local Privilege Escalation
/ disablemapminadd.c / / / include include include include include include include / offsets might differ, kernel was custom compiled you can read vmlinux and caculate the offset when testing / / define OFFSETKERNELBASE 0x000000 / define MMAPMINADDR 0x1101de8 define DACMMAPMINADDR 0xe8e810 / get...
Palo Alto Networks PanOS - appweb3 Stack Buffer Overflow
Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=908 Palo Alto Networks have published a fix for this issue: http://securityadvisories.paloaltonetworks.com/Home/Detail/68 PanOS uses a modified version of the appweb3 embedded webserver, it's used for a variety of tasks and is...
Adobe ColdFusion APSB13-03 - Remote Multiple Vulnerabilities (Metasploit)
This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' require 'digest/sha1' require 'openssl' class Metasploit...
PostgreSQL for Linux Payload Execution
PostgreSQL for Linux Payload Execution. CVE-2007-3280. Remote exploit for linux platform $Id$ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use...
lighttpd 1.4.31 - Denial of Service (PoC)
!/bin/bash Exploit Title: simple lighttpd 1.4.31 DOS POC Date: 11/21/2012 Exploit Author: [email protected] Vendor Homepage: http://www.lighttpd.net Software Link: http://download.lighttpd.net/lighttpd/releases-1.4.x/lighttpd-1.4.31.tar.gz Version: 1.4.31 Tested on: Debian Linux, Gentoo Linux, Arch...
PolicyKit polkit-1 < 0.101 - Local Privilege Escalation
/ polkit-pwnage.c ============================== = PolicyKit Pwnage = = by zx2c4 = = Sept 2, 2011 = ============================== Howdy folks, This exploits CVE-2011-1485, a race condition in PolicyKit. davidz25 explains: --begin-- Briefly, the problem is that the UID for the parent process of...
Samba 2.2.8 (OSX/PPC) - 'trans2open' Remote Overflow (Metasploit)
$Id: trans2open.rb 9571 2010-06-21 16:53:52Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/...
ITechBids 6.0 - 'item_id' SQL Injection
ITechBids v.6.0 Gold Edition Sql Injection Exploit AUTHOR:SoSo H H Iraqi-Cracker Script Site: http://itechscripts.com/ Price:$125.00 Exploit in: detail.php?itemid==SQL Example:...
MidiCart ASP - 'Item_Show.asp?ID2006quant' SQL Injection
source: https://www.securityfocus.com/bid/21273/info MidiCart ASP is prone to an SQL injection vulnerability because it fails to properly sanitize user-supplied input before using it in an SQL query. A successful exploit could allow an attacker to compromise the application, access or modify data...
Comersus Backoffice 4.x/5.0/6.0 - '/comersus/database/comersus.mdb' Direct Request Database Disclosure
source: https://www.securityfocus.com/bid/15251/info Comersus BackOfficePlus and BackOfficeLite are prone to multiple input validation and information disclosure vulnerabilities. The applications are prone to SQL injection attacks, information disclosure and multiple cross-site scripting attacks...
IMAP4rev1 10.190 - Authentication Stack Overflow
!/usr/bin/perl Successfully tested on IMAP4rev1 v10.190 Written by: [email protected] / anno 2000 This is nothing new - just wrote it for fun. $shellcode = "\xeb\x35\x5e\x80\x46\x01\x30\x80\x46\x02\x30\x80". "\x46\x03\x30\x80\x46\x05\x30\x80\x46\x06\x30\x89"...
OctoPrint 1.11.2 - File Upload
Exploit Title: OctoPrint 1.11.2 - File Upload Date: 2025-09-28 Exploit Author: prabhatverma.addada Vendor Homepage: https://octoprint.org Software Link: https://github.com/OctoPrint/OctoPrint Affected Versions: = 1.11.2 Patched Versions: 1.11.3 CVE: CVE-2025-58180 CVSS per advisory: 7.5 Platform:...
Dooblou WiFi File Explorer 1.13.3 - Multiple Vulnerabilities
Exploit Title: Dooblou WiFi File Explorer 1.13.3 - Multiple Vulnerabilities References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2317 Release Date: ============= 2023-07-04 Vulnerability Laboratory ID VL-ID: ==================================== 2317 Common...
MobileTrans 4.0.11 - Weak Service Privilege Escalation
Exploit Title :MobileTrans 4.0.11 - Weak Service Privilege Escalation Date: 20 May 2023 Exploit Author: Thurein Soe Vendor Homepage: https://mobiletrans.wondershare.com/ Software Link: https://mega.nz/file/0Et0ybRSl69LRlvwrwmqDfPGKlHaJ5LmbeKJuwH0xYKD8nSVg Version: MobileTrans version 4.0.11 Teste...
Stackposts Social Marketing Tool v1.0 - SQL Injection
Exploit Title: Stackposts Social Marketing Tool v1.0 - SQL Injection Date: 2023-05-17 Exploit Author: Ahmet Ümit BAYRAM Vendor: https://codecanyon.net/item/stackposts-social-marketing-tool/21747459 Demo Site: https://demo.stackposts.com Tested on: Kali Linux CVE: N/A Request POST /spmo/auth/login...
Cyberfox Web Browser 52.9.1 - Denial of Service (PoC)
Exploit Title: Cyberfox Web Browser 52.9.1 - Denial of Service PoC Date: 2021-09-26 Exploit Author: Aryan Chehreghani Vendor Homepage: https://cyberfox.8pecxstudios.com Software Link: https://www.techspot.com/downloads/6568-cyberfox-web-browser.html Version: v52.9.1 Possibly all versions Tested o...
Police Crime Record Management Project 1.0 - Time Based SQLi
Exploit Title: Police Crime Record Management Project 1.0 - Time Based SQLi Exploit Author: t//\1 Date: 23/09/2021 Vendor Homepage: https://www.sourcecodester.com/php/14894/police-crime-record-management-system.html Tested on: Linux Version: 1.0 Exploit Description: The application is prone to an...
Bus Pass Management System 1.0 - 'viewid' Insecure direct object references (IDOR)
Exploit Title: Bus Pass Management System 1.0 - 'viewid' Insecure direct object references IDOR Date: 2021-09-05 Exploit Author: sudoninja Vendor Homepage: https://phpgurukul.com/bus-pass-management-system-using-php-and-mysql Software Link:...
Gitlab 13.10.2 - Remote Code Execution (Authenticated)
Exploit Title: Gitlab 13.10.2 - Remote Code Execution Authenticated Date: 04/06/2021 Exploit Author: enox Vendor Homepage: https://about.gitlab.com/ Software Link: https://gitlab.com/ Version: 13.10.3 Tested On: Ubuntu 20.04 Environment: Gitlab 13.10.2 CE Credits:...
Online Ordering System 1.0 - Blind SQL Injection (Unauthenticated)
Exploit Title: Online Ordering System 1.0 - Blind SQL Injection Unauthenticated Date: 2021-03-04 Exploit Author: Suraj Bhosale Vendor Homepage: https://www.sourcecodester.com Software Link: https://www.sourcecodester.com/php/5125/online-ordering-system-using-phpmysql.html Version: v1.0 Vulnerable...
Life Insurance Management System 1.0 - Multiple Stored XSS
Exploit Title: Life Insurance Management System 1.0 - Multiple Stored XSS Date: 4/1/2021 Exploit Author: Arnav Tripathy Vendor Homepage: https://www.sourcecodester.com Software Link: https://www.sourcecodester.com/php/14665/life-insurance-management-system-php-full-source-code.html Version: 1.0...
WinAVR Version 20100110 - Insecure Folder Permissions
Exploit Title: WinAVR Version 20100110 - Insecure Folder Permissions Date: 2020-12-11 Exploit Author: Mohammed Alshehri Vendor Homepage: https://sourceforge.net/projects/winavr/ Software Link: https://sourceforge.net/projects/winavr/files/WinAVR/20100110/WinAVR-20100110-install.exe Version: Versi...
dirsearch 0.4.1 - CSV Injection
Exploit Title: dirsearch 0.4.1 - CSV Injection Author: Dolev Farhi Date: 2021-01-05 Vendor Homepage: https://github.com/maurosoria/dirsearch Version : 0.4.1 Tested on: Debian 9.13 dirsearch, when used with the --csv-report flag, writes the results of crawled endpoints which redirect, to a csv fil...