47904 matches found
ABB Cylon FLXeon 9.3.4 - Remote Code Execution (Authenticated)
Exploit Title: ABB Cylon FLXeon 9.3.4 - Remote Code Execution Authenticated Vendor: ABB Ltd. Product web page: https://www.global.abb Affected version: FLXeon Series FBXi Series, FBTi Series, FBVi Series CBX Series FLX Series CBT Series CBV Series Firmware: =9.3.4 Summary: BACnet® Smart Building...
GeoVision GV-ASManager 6.1.0.0 - Broken Access Control
Exploit Title: Broken Access Control in GeoVision GV-ASManager Google Dork: inurl:"ASWeb/Login" Date: 02-FEB-2025 Exploit Author: Giorgi Dograshvili DRAGOWN Vendor Homepage: https://www.geovision.com.tw/ Software Link: https://www.geovision.com.tw/download/product/ Version: 6.1.0.0 or less Tested...
RosarioSIS 7.6 - SQL Injection
Exploit Title: RosarioSIS 7.6 - SQL Injection Date: 2024-10-26 Exploit Author: CodeSecLab Vendor Homepage: https://gitlab.com/francoisjacquet/rosariosis Software Link: https://gitlab.com/francoisjacquet/rosariosis Version: 7.6 Tested on: Ubuntu Windows CVE : CVE-2021-44567 PoC: POST...
WebFileSys 2.31.0 - Directory Path Traversal
Exploit Title: WebFileSys 2.31.0 - Directory Path Traversal in relPath Parameter Date: Nov 25, 2024 Exploit Author: Korn Chaisuwan, Charanin Thongudom, Pongtorn Angsuchotmetee Vendor Homepage: http://www.webfilesys.de/webfilesys-home/index.html Software Link:...
Nagios Log Server 2024R1.3.1 - API Key Exposure
Exploit Title: Nagios Log Server 2024R1.3.1 - API Key Exposure Date: 2025-04-08 Exploit Author: Seth Kraft, Alex Tisdale Vendor Homepage: https://www.nagios.com/ Vendor Changelog: https://www.nagios.com/changelog/log-server Software Link: https://www.nagios.com/products/log-server/download/...
Centron 19.04 - Remote Code Execution (RCE)
Exploit Title : Centron 19.04 - Remote Code Execution RCE Tested on Centreon API 19.04.0 Centreon 19.04 - Login Password Bruteforcer Written on 6 Nov 2019 Referencing API Authentication of the Centreon API document Author: st4rry centbruteon.py Centreon Download Link:...
CodeAstro Online Railway Reservation System 1.0 - Cross Site Scripting (XSS)
Exploit Title: CodeAstro Online Railway Reservation System 1.0 - Cross Site Scripting XSS Date: 2024-08-15 Exploit Author: Raj Nandi Vendor Homepage: https://codeastro.com/ Software Link: https://codeastro.com/online-railway-reservation-system-in-php-with-source-code/ Version: 1.0 Tested on: Any ...
PandoraFMS 7.0NG.772 - SQL Injection
Exploit Title: PandoraFMS 7.0NG.772 - SQL Injection Date: 21/11/2023 Exploit Author: Osama Yousef Vendor Homepage: https://pandorafms.com/ Software Link: https://github.com/pandorafms/pandorafms/releases/download/v772-LTS/pandorafmsagentlinux-7.0NG.772.tar.gz Version: v7.0NG.772 Tested on: Linux...
K7 Ultimate Security K7RKScan.sys 17.0.2019 - Denial Of Service (DoS)
Exploit Title: K7 Ultimate Security K7RKScan.sys 17.0.2019 - Denial Of Service DoS Date: 13.08.2024 Author: M. Akil Gündoğan Vendor Homepage: https://k7computing.com/ Version: v17.0.2019 Tested on: Windows 10 Pro x64 CVE ID: CVE-2024-36424 Vulnerability Description:...
Typecho 1.3.0 - Stored Cross-Site Scripting (XSS)
Exploit Title: Typecho 1.3.0 - Stored Cross-Site Scripting XSS Google Dork: intext:"Powered by Typecho" inurl:/index.php Date: 18/08/2024 Exploit Author: Michele 'cyberaz0r' Di Bonaventura Vendor Homepage: https://typecho.org Software Link: https://github.com/typecho/typecho Version: 1.3.0 Tested...
AquilaCMS 1.409.20 - Remote Command Execution (RCE)
Exploit Title: AquilaCMS 1.409.20 - Remote Command Execution RCE Date: 2024-10-25 Exploit Author: Eui Chul Chung Vendor Homepage: https://www.aquila-cms.com/ Software Link: https://github.com/AquilaCMS/AquilaCMS Version: v1.409.20 CVE: CVE-2024-48572, CVE-2024-48573 import io import json import...
flatCore 1.5.5 - Arbitrary File Upload
Exploit Title: flatCore 1.5.5 - Arbitrary File Upload Date: 2024-10-26 Exploit Author: CodeSecLab Vendor Homepage: https://github.com/flatCore/flatCore-CMS Software Link: https://github.com/flatCore/flatCore-CMS Version: 1.5.5 Tested on: Ubuntu Windows CVE : CVE-2019-10652 PoC: 1 1. Access the...
Typecho 1.3.0 - Race Condition
Exploit Title: Typecho 1.3.0 - Race Condition Google Dork: intext:"Powered by Typecho" inurl:/index.php Date: 18/08/2024 Exploit Author: Michele 'cyberaz0r' Di Bonaventura Vendor Homepage: https://typecho.org Software Link: https://github.com/typecho/typecho Version: 1.3.0 Tested on: Typecho 1.3....
Cosy+ firmware 21.2s7 - Command Injection
Exploit Title: Cosy+ firmware 21.2s7 - Command Injection Google Dork: N/A Date: 2024-8-20 Exploit Author: CodeB0ss Contact: t.me/codeb0ss / [email protected] Version: 21.2s7 Tested on: Windows 11 Home Edition CVE: CVE-2024-33896 import socket import subprocess import time def...
Cisco Smart Software Manager On-Prem 8-202206 - Account Takeover
Exploit Title: Cisco Smart Software Manager On-Prem 8-202206 - Account Takeover Google Dork: N/A Date: 21/07/2024 Exploit Author: Mohammed Adel Vendor Homepage: https://www.cisco.com Software Link:...
Feng Office 3.11.1.2 - SQL Injection
Exploit Title: Feng Office 3.11.1.2 - SQL Injection Date: 7/2024 Exploit Author: Andrey Stoykov Version: 3.11.1.2 Tested on: Ubuntu 22.04 Blog: http://msecureltd.blogspot.com SQL Injection: 1. Login to application 2. Click on "Workspaces" 3. Copy full URL 4. Paste the HTTP GET request into text...
Anchor CMS 0.12.7 - Stored Cross Site Scripting (XSS)
Exploit Title: Anchor CMS 0.12.7 - Stored Cross Site Scripting XSS Date: 04/28/2024 Exploit Author: Ahmet Ümit BAYRAM Vendor Homepage: https://anchorcms.com/ Software Link: https://github.com/anchorcms/anchor-cms/archive/refs/tags/0.12.7.zip Version: latest Tested on: MacOS Log in to Anchor CMS...
Apache HugeGraph Server 1.2.0 - Remote Code Execution (RCE)
Exploit Title: Apache HugeGraph Server 1.2.0 - Remote Code Execution RCE Exploit Author: Yesith Alvarez Vendor Homepage: https://hugegraph.apache.org/docs/download/download/ Version: Apache HugeGraph 1.0.0 - 1.2.0 CVE : CVE-2024–27348 from requests import Request, Session import sys import json d...
Zohocorp ManageEngine ADManager Plus 7210 - Elevation of Privilege
Exploit Title: ManageEngine ADManager Plus Build 7210 Elevation of Privilege Vulnerability Exploit Author: Metin Yunus Kandemir Vendor Homepage: https://www.manageengine.com/ Software Link: https://www.manageengine.com/products/ad-manager/ Details:...
PZ Frontend Manager WordPress Plugin 1.0.5 - Cross Site Request Forgery (CSRF)
Exploit Title: PZ Frontend Manager WordPress Plugin 1.0.5 - Cross Site Request Forgery CSRF Date: 2024-07-01 Exploit Author: Vuln Seeker Cybersecurity Team Vendor Homepage: https://wordpress.org/plugins/pz-frontend-manager/ Version: = 1.0.5 Tested on: Firefox Contact me: [email protected] The...
DocsGPT 0.12.0 - Remote Code Execution
Exploit Title: DocsGPT 0.12.0 - Remote Code Execution Date: 09/04/2025 Exploit Author: Shreyas Malhotra OSMSEC Vendor Homepage: https://github.com/arc53/docsgpt Software Link: https://github.com/arc53/DocsGPT/archive/refs/tags/0.12.0.zip Version: 0.8.1 through 0.12.0 Tested on: Debian Linux/Ubunt...
Intelight X-1L Traffic controller Maxtime 1.9.6 - Remote Code Execution (RCE)
Exploit Title: Intelight X-1L Traffic controller Maxtime 1.9.6 - Remote Code Execution RCE Google Dork: N/A Date: 07/09/2024 Exploit Author: Andrew Lemon/Red Threat https://redthreatsec.com Vendor Homepage: https://www.q-free.com Software Link: N/A Version: 1.9 Tested on: Intelight x-1 Linux...
ChurchCRM 5.9.1 - SQL Injection
Exploit Title: ChurchCRM 5.9.1 - SQL Injection Author: Sanan Qasimzada Date: 06.07.2024 Vendor: http://churchcrm.io/ Software: https://github.com/ChurchRM/CRM Reference: https://portswigger.net/web-security/sql-injection Description: In the manual insertion point 1 - parameter EID appears to be...
ResidenceCMS 2.10.1 - Stored Cross-Site Scripting (XSS)
Exploit Title: ResidenceCMS 2.10.1 - Stored Cross-Site Scripting XSS Date: 8-7-2024 Category: Web Application Exploit Author: Jeremia Geraldi Sihombing Version: 2.10.1 Tested on: Windows CVE: CVE-2024-39143 Description: ---------------- A stored cross-site scripting XSS vulnerability exists in...
Artica Proxy 4.50 - Remote Code Execution (RCE)
Exploit Title: Artica Proxy 4.50 - Remote Code Execution RCE Date: 23-04-2024 Exploit Author: Madan Vendor Homepage: https://artica-proxy.com/ Version: 4.40, 4.50 Tested on: relevant os CVE : CVE-2024-2054 you can also find the exploit on my github repo: https://github.com/Madan301/CVE-2024-2054...
UNA CMS 14.0.0-RC - PHP Object Injection
Exploit Title: UNA CMS = 14.0.0-RC4 BxBaseMenuSetAclLevel.php PHP Object Injection Vulnerability Author: Egidio Romano aka EgiX Software link.......: https://unacms.com - Software Links: https://unacms.com https://github.com/unacms/una - Affected Versions: All versions from 9.0.0-RC1 to 14.0.0-RC...
jQuery 3.3.1 - Prototype Pollution & XSS Exploit
Exploit Title: jQuery Prototype Pollution & XSS Exploit CVE-2019-11358 & CVE-2020-7656 Google Dork: N/A Date: 2025-02-13 Exploit Author: xOryus Vendor Homepage: https://jquery.com Software Link: https://code.jquery.com/jquery-3.3.1.min.js Version: 3.3.1 Tested on: Windows 10, Ubuntu 20.04, Chrome...
InfluxDB OSS 2.7.11 - Operator Token Privilege Escalation
Exploit Title: InfluxDB OSS Operator Privilege Escalation via BusinessLogic Flaw Date: 22/03/2024 Exploit Author: Andrea Pasin Xenom0rph97 Researcher Homepage: https://xenom0rph97.github.io/xeno/ GitHub Exploit repo: https://github.com/XenoM0rph97/CVE-2024-30896 Software Link:...
Jasmin Ransomware - Arbitrary File Download (Authenticated)
Exploit Title: Jasmin Ransomware - Authenticated Arbitrary File Download Google Dork: N/A Date: 22-03-2025 Exploit Author: bRpsd cyatlive.no Vendor Homepage: https://github.com/codesiddhant/Jasmin-Ransomware Software Link: https://github.com/codesiddhant/Jasmin-Ransomware Version: N/A Tested on:...
GeoVision GV-ASManager 6.1.0.0 - Information Disclosure
Exploit Title: Information Disclosure in GeoVision GV-ASManager Google Dork: inurl:"ASWeb/Login" Date: 02-FEB-2025 Exploit Author: Giorgi Dograshvili DRAGOWN Vendor Homepage: https://www.geovision.com.tw/ Software Link: https://www.geovision.com.tw/download/product/ Version: 6.1.0.0 or less Teste...
Sony XAV-AX5500 1.13 - Firmware Update Validation Remote Code Execution (RCE)
Exploit Title: Sony XAV-AX5500 Firmware Update Validation Remote Code Execution Date: 11-Feb-2025 Exploit Author: lkushinada Vendor Homepage: https://www.sony.com/et/electronics/in-car-receivers-players/xav-ax5500 Software Link: https://archive.org/details/xav-ax-5500-v-113 Version: 1.13 Tested o...
Nagios Xi 5.6.6 - Authenticated Remote Code Execution (RCE)
Exploit Title: Nagiosxi authenticated Remote Code Execution Date: 17/02/2024 Exploit Author: Calil Khalil Vendor Homepage: https://www.nagios.com/products/nagios-xi/ Version: Nagios Xi 5.6.6 Tested on: Ubuntu CVE : CVE-2019-15949 python3 exp.py -t https:/// -b // -u user -p 'password' -lh -lp -k...
WordPress User Registration & Membership Plugin 4.1.1 - Unauthenticated Privilege Escalation
Exploit Title: WordPress User Registration & Membership Plugin = 4.1.1 - Unauthenticated Privilege Escalation Exploit Author: Al Baradi Joy Date: 2025-04-07 Vendor Homepage: https://wordpress.org/plugins/user-registration/ Software Link:...
Apache Tomcat 11.0.3 - Remote Code Execution
Exploit Title: Apache Tomcat Path Equivalence - Remote Code Execution Exploit Author: Al Baradi Joy CVE: CVE-2025-24813 Date: 2025-04-06 Vendor Homepage: https://tomcat.apache.org/ Software Link: https://tomcat.apache.org/download-90.cgi Version: Apache Tomcat 11.0.3 / 10.1.35 / 9.0.98 Tested on:...
YesWiki 4.5.1 - Unauthenticated Path Traversal
Exploit Title: YesWiki 4.5.2 - Unauthenticated Path Traversal Exploit Author: Al Baradi Joy Exploit Date: April 6, 2025 CVE ID: CVE-2025-31131 Vendor Homepage: https://yeswiki.net/ Software Link: https://github.com/YesWiki/yeswiki Affected Version: 4.5.2 Tested On: YesWiki 4.5.1 on Ubuntu 22.04...
XWiki Platform 15.10.10 - Remote Code Execution
Exploit Title: XWiki Platform - Remote Code Execution Exploit Author: Al Baradi Joy Exploit Date: April 6, 2025 CVE ID: CVE-2025-24893 Vendor Homepage: https://www.xwiki.org/ Software Link: https://github.com/xwiki/xwiki-platform Version: Affected versions up to and including XWiki 15.10.10 Teste...
Watcharr 1.43.0 - Remote Code Execution (RCE)
Exploit Title : Watcharr 1.43.0 - Remote Code Execution RCE CVE-2024-48827 exploit by Suphawith Phusanbai Affected Watcharr version 1.43.0 and below. import argparse import requests import json import jwt from pyfiglet import Figlet f = Figletfont='slant',width=100 printf.renderText'CVE-2024-4882...
Palo Alto Networks Expedition 1.2.90.1 - Admin Account Takeover
Exploit Title: Palo Alto Networks Expedition 1.2.90.1 - Admin Account Takeover Shodan Dork: html:"expedition project" FOFA Dork: "expedition project" && iconhash="1499876150" Exploit Author: ByteHunter Email: [email protected] Vulnerable Versions: 1.2 1.2.92 Tested on: 1.2.90.1 & 1.2.75 CVE ...
WBCE CMS 1.6.3 - Authenticated Remote Code Execution (RCE)
Exploit Title: WBCE CMS " exit 1 fi if -z "$which nc" ; then echo "! Netcat is not installed." exit 1 fi ip=$1 port=$2 rm -rf shellModule.zip rm -rf shellModule mkdir shellModule echo Crafting Payload cat shellModule/info.php ?php / @category modules @package Reverse Shell @author Swammers8 @link...
Reservit Hotel 2.1 - Stored Cross-Site Scripting (XSS)
Exploit Title: Reservit Hotel Content 3. Add the following payload to the Button text French field sane save: " style=animation-name:rotation onanimationstart=alert/XSS/// 4. The XSS will trigger upon saving and when any user will access the content dashboard again References:...
Backup and Staging by WP Time Capsule 1.22.21 - Unauthenticated Arbitrary File Upload
Exploit Title: WordPress Backup and Staging Plugin ≤ 1.21.16 - Arbitrary File Upload to RCE Original Author: Patchstack hypothetical Exploit Author: Al Baradi Joy Exploit Date: April 5, 2025 Vendor Homepage: https://wp-timecapsule.com/ Software Link: https://wordpress.org/plugins/wp-time-capsule/...
DataEase 2.4.0 - Database Configuration Information Exposure
Exploit Title: DataEase 2.4.0 - Database Configuration Information Exposure Shodan Dork: http.html:"dataease" FOFA Dork: body="dataease" && title=="DataEase" Exploit Author: ByteHunter Email: [email protected] vulnerable Versions: 2.4.0-2.5.0 Tested on: 2.4.0 CVE : CVE-2024-30269 import...
Microchip TimeProvider 4100 Grandmaster (Data plot modules) 2.4.6 - SQL Injection
Exploit Title: Microchip TimeProvider 4100 Grandmaster Data plot modules 2.4.6 - SQL Injection Exploit Author: Armando Huesca Prida, Marco Negro Discovered By: Armando Huesca Prida, Marco Negro, Antonio Carriero, Vito Pistillo, Davide Renna, Manuel Leone, Massimiliano Brolli Date of Disclosure:...
Exclusive Addons for Elementor 2.6.9 - Stored Cross-Site Scripting (XSS)
Exploit Title: Exclusive Addons for Elementor ≤ 2.6.9 - Authenticated Stored Cross-Site Scripting XSS Original Author: Wordfence Security Team Exploit Author: Al Baradi Joy Exploit Date: March 13, 2024 Vendor Homepage: https://exclusiveaddons.com/ Software Link:...
Royal Elementor Addons and Templates 1.3.78 - Unauthenticated Arbitrary File Upload
Exploit Title: WordPress Plugin Royal Elementor Addons = 1.3.78 - Unauthenticated Arbitrary File Upload RCE Date: 2025-04-04 Exploit Author: Sheikh Mohammad Hasan https://github.com/4m3rr0r Vendor Homepage: https://royal-elementor-addons.com Software Link:...
Kubio AI Page Builder 2.5.1 - Local File Inclusion (LFI)
Exploit Title: Kubio AI Page Builder = 2.5.1 - Local File Inclusion LFI Date: 2025-04-04 Exploit Author: Sheikh Mohammad Hasan https://github.com/4m3rr0r Vendor Homepage: https://wordpress.org/plugins/kubio/ Software Link: https://downloads.wordpress.org/plugin/kubio.2.5.1.zip Reference:...
Next.js Middleware 15.2.2 - Authorization Bypass
Exploit Title: Next.js Middleware Bypass Vulnerability CVE-2025-29927 Date: 2025-03-26 Exploit Author: kOaDT Vendor Homepage: https://nextjs.org/ Software Link: https://github.com/vercel/next.js Version: 13.0.0 - 13.5.8 / 14.0.0 - 14.2.24 / 15.0.0 - 15.2.2 / 11.1.4 - 12.3.4 Tested on: Ubuntu...
IBM Security Verify Access 10.0.0 - Open Redirect during OAuth Flow
Exploit Title : IBM Security Verify Access 10.0.0 - Open Redirect during OAuth Flow ======== ================================================ 0. Overview 1. Detailed Description 2. Proof Of Concept 3. Solution 4. Disclosure Timeline 5. References 6. Credits 7. Legal Notices ========...
Angular-Base64-Upload Library 0.1.20 - Remote Code Execution (RCE)
Exploit Title: Angular-Base64-Upload Library 0.1.20 - Remote Code Execution RCE Date: 10 October 2024 Discovered by : Ravindu Wickramasinghe | rvz @rvizx9 Exploit Author: Ravindu Wickramasinghe | rvz @rvizx9 Vendor Homepage: https://www.npmjs.com/package/angular-base64-upload Software Link:...
Microchip TimeProvider 4100 Grandmaster (Banner Config Modules) 2.4.6 - Stored Cross-Site Scripting (XSS)
Exploit Title: Microchip TimeProvider 4100 Grandmaster Banner Config Modules 2.4.6 - Stored Cross-Site Scripting XSS Exploit Author: Armando Huesca Prida Discovered By: Armando Huesca Prida, Marco Negro, Antonio Carriero, Vito Pistillo, Davide Renna, Manuel Leone, Massimiliano Brolli Date of...