47904 matches found
Electrolink FM/DAB/TV Transmitter - Pre-Auth MPFS Image Remote Code Execution
Electrolink FM/DAB/TV Transmitter Pre-Auth MPFS Image Remote Code Execution Vendor: Electrolink s.r.l. Product web page: https://www.electrolink.com Affected version: 10W, 100W, 250W, Compact DAB Transmitter 500W, 1kW, 2kW Medium DAB Transmitter 2.5kW, 3kW, 4kW, 5kW High Power DAB Transmitter 100...
Juniper-SRX-Firewalls&EX-switches - (PreAuth-RCE) (PoC)
Exploit Title: juniper-SRX-Firewalls&EX-switches PreAuth-RCE PoC Description: This code serves as both a vulnerability detector and a proof of concept for CVE-2023-36845. It executes the phpinfo function on the login page of the target device, allowing to inspect the PHP configuration. also this...
Electrolink FM/DAB/TV Transmitter (controlloLogin.js) - Credentials Disclosure
Electrolink FM/DAB/TV Transmitter controlloLogin.js Credentials Disclosure Vendor: Electrolink s.r.l. Product web page: https://www.electrolink.com Affected version: 10W, 100W, 250W, Compact DAB Transmitter 500W, 1kW, 2kW Medium DAB Transmitter 2.5kW, 3kW, 4kW, 5kW High Power DAB Transmitter 100W...
Academy LMS 6.2 - Reflected XSS
Exploit Title: Academy LMS 6.2 - Reflected XSS Exploit Author: CraCkEr Date: 29/08/2023 Vendor: Creativeitem Vendor Homepage: https://creativeitem.com/ Software Link: https://demo.creativeitem.com/academy/ Tested on: Windows 10 Pro Impact: Manipulate the content of the site CVE: CVE-2023-4973 CWE...
RoyalTSX 6.0.1 - RTSZ File Handling Heap Memory Corruption PoC
RoyalTSX 6.0.1 RTSZ File Handling Heap Memory Corruption PoC Vendor: Royal Apps GmbH Web page: https://www.royalapps.com Affected version: 6.0.1.1000 macOS Summary: Royal TS is an ideal tool for system engineers and other IT professionals who need remote access to systems with different protocols...
Proxmox VE - TOTP Brute Force
Exploit Title: Proxmox VE TOTP Brute Force Date: 09/23/2023 Exploit Author: Cory Cline, Gabe Rust Vendor Homepage: https://www.proxmox.com/en/ Software Link: http://download.proxmox.com/iso/ Version: 5.4 - 7.4-1 Tested on: Debian CVE : CVE-2023-43320 import time import requests import urllib.pars...
Grocy <=4.0.2 - CSRF
Exploit Title: Grocy history.pushState'','', '/'; document.forms0.submit; If a user is logged into the Grocy Webapp at time of execution, a new user will be created in the app with the following credentials Username: hacker Password: test Note: In order for this to work, the target must have Crea...
101 News 1.0 - Multiple-SQLi
Title: 101 News-1.0 Multiple-SQLi Author: nu11secur1ty Date: 09/16/2023 Vendor: https://mayurik.com/ Software: https://www.sourcecodester.com/php/16067/best-online-news-portal-project-php-free-download.html Reference: https://portswigger.net/web-security/sql-injection Description: The searchtitle...
GoAhead Web Server 2.5 - 'goform/formTest' Multiple HTML Injection Vulnerabilities
Exploit Title: GoAhead Web Server 2.5 - 'goform/formTest' Multiple HTML Injection Vulnerabilities Date: 25/9/2023 Exploit Author: Syed Affan Ahmed ZEROXINN Vendor Homepage: https://www.embedthis.com/goahead/ Affected Version: 2.5 may be others. Tested On Version: 2.5 in ZTE AC3630...
Academy LMS 6.2 - SQL Injection
Exploit Title: Academy LMS 6.2 - SQL Injection Exploit Author: CraCkEr Date: 29/08/2023 Vendor: Creativeitem Vendor Homepage: https://creativeitem.com/ Software Link: https://demo.creativeitem.com/academy/ Tested on: Windows 10 Pro Impact: Database Access CVE: CVE-2023-4974 CWE: CWE-89 / CWE-74 /...
Ricoh Printer - Directory and File Exposure
Exploit Title: Ricoh Printer Directory and File Exposure Date: 9/15/2023 Exploit Author: Thomas Heverin Heverin Hacker Vendor Homepage: https://www.ricoh.com/products/printers-and-copiers Software Link: https://replit.com/@HeverinHacker/Ricoh-Printer-Directory-and-File-Findermain.py Version: Rico...
Typora v1.7.4 - OS Command Injection
Exploit Title: Typora v1.7.4 - OS Command Injection Discovered by: Ahmet Ümit BAYRAM Discovered Date: 13.09.2023 Vendor Homepage: http://www.typora.io Software Link: https://download.typora.io/windows/typora-setup-ia32.exe Tested Version: v1.7.4 latest Tested on: Windows 2019 Server 64bit Steps t...
Fundraising Script 1.0 - SQLi
Title: Fundraising Script-1.0 SQLi Author: nu11secur1ty Date: 09/13/2023 Vendor: https://www.phpjabbers.com/ Software: https://www.phpjabbers.com/fundraising-script/sectionDemo Reference: https://portswigger.net/web-security/sql-injection Description: The cid parameter appears to be vulnerable to...
PHP Shopping Cart 4.2 - Multiple-SQLi
Title: PHP Shopping Cart-4.2 Multiple-SQLi Author: nu11secur1ty Date: 09/13/2023 Vendor: https://www.phpjabbers.com/ Software:https://www.phpjabbers.com/php-shopping-cart-script/sectionPricing Reference: https://portswigger.net/web-security/sql-injection Description: The id parameter appears to b...
Equipment Rental Script-1.0 - SQLi
Title: Equipment Rental Script-1.0 - SQLi Author: nu11secur1ty Date: 09/12/2023 Vendor: https://www.phpjabbers.com/ Software: https://www.phpjabbers.com/equipment-rental-script/sectionDemo Reference: https://portswigger.net/web-security/sql-injection Description: The packageid parameter appears t...
Blood Bank & Donor Management System using v2.2 - Stored XSS
Exploit Title: Blood Bank & Donor Management System using v2.2 - Stored XSS Application: Blood Donor Management System Version: v2.2 Bugs: Stored XSS Technology: PHP Vendor Homepage: https://phpgurukul.com/ Software Link: https://phpgurukul.com/blood-bank-donor-management-system-free-download/...
Bank Locker Management System - SQL Injection
Exploit Title: Bank Locker Management System - SQL Injection Application: Bank Locker Management System Date: 12.09.2023 Bugs: SQL Injection Exploit Author: SoSPiro Vendor Homepage: https://phpgurukul.com/ Software Link: https://phpgurukul.com/bank-locker-management-system-using-php-and-mysql/...
7 Sticky Notes v1.9 - OS Command Injection
Exploit Title: 7 Sticky Notes v1.9 - OS Command Injection Discovered by: Ahmet Ümit BAYRAM Discovered Date: 12.09.2023 Vendor Homepage: http://www.7stickynotes.com Software Link: http://www.7stickynotes.com/download/Setup7StickyNotesv19.exe Tested Version: 1.9 latest Tested on: Windows 2019 Serve...
Wordpress Plugin Masterstudy LMS - 3.0.17 - Unauthenticated Instructor Account Creation
Exploit Title: Wordpress Plugin Masterstudy LMS - 3.0.17 - Unauthenticated Instructor Account Creation Google Dork: inurl:/user-public-account Date: 2023-09-04 Exploit Author: Revan Arifio Vendor Homepage: https:/.org/plugins/masterstudy-lms-learning-management-system/ Version: | | \ / | | / /| |...
Tinycontrol LAN Controller v3 (LK3) 1.58a - Remote Denial Of Service
Exploit Title: Tinycontrol LAN Controller v3 LK3 1.58a - Remote Denial Of Service Exploit Author: LiquidWorm Vendor: Tinycontrol Product web page: https://www.tinycontrol.pl Affected version: this with a calendar when - then. The device provides a user interface in the form of a web page. The...
WEBIGniter v28.7.23 File Upload - Remote Code Execution
Title: WEBIGniter v28.7.23 File Upload - Remote Code Execution Author: nu11secur1ty Date: 09/04/2023 Vendor: https://webigniter.net/ Software: https://webigniter.net/demo Reference: https://portswigger.net/web-security/file-upload Description: The media function suffers from file upload...
Microsoft Windows 11 - 'apds.dll' DLL hijacking (Forced)
--------------------------------------------------------- Title: Microsoft Windows 11 - 'apds.dll' DLL hijacking Forced Date: 2023-09-01 Author: Moein Shahabi Vendor: https://www.microsoft.com Version: Windows 11 Pro 10.0.22621 Tested on: Windows 11x64 eng...
Media Library Assistant Wordpress Plugin - RCE and LFI
Exploit Title: Media Library Assistant Wordpress Plugin - RCE and LFI Date: 2023/09/05 CVE: CVE-2023-4634 Exploit Author: Florent MONTEL / Patrowl.io / @Pepitoh / Twitter @Pepitooh Exploitation path: https://patrowl.io/blog-wordpress-media-library-rce-cve-2023-4634/ Exploit:...
Minio 2022-07-29T19-40-48Z - Path traversal
Exploit Title: Minio 2022-07-29T19-40-48Z - Path traversal Date: 2023-09-02 Exploit Author: Jenson Zhao Vendor Homepage: https://min.io/ Software Link: https://github.com/minio/minio/ Version: Up to excluding 2022-07-29T19-40-48Z Tested on: Windows 10 CVE : CVE-2022-35919 Required before executio...
Coppermine Gallery 1.6.25 - RCE
Exploit Title: coppermine-gallery 1.6.25 RCE Application: coppermine-gallery Version: v1.6.25 Bugs: RCE Technology: PHP Vendor URL: https://coppermine-gallery.net/ Software Link: https://github.com/coppermine-gallery/cpg1.6.x/archive/refs/tags/v1.6.25.zip Date of found: 05.09.2023 Author: Mirabba...
Clcknshop 1.0.0 - SQL Injection
Exploit Title: Clcknshop 1.0.0 - SQL Injection Exploit Author: CraCkEr Date: 16/08/2023 Vendor: Infosoftbd Solutions Vendor Homepage: https://infosoftbd.com/ Software Link: https://infosoftbd.com/multitenancy-e-commerce-solution/ Demo: https://kidszone.clckn.shop/ Version: 1.0.0 Tested on: Window...
Tinycontrol LAN Controller v3 (LK3) 1.58a - Remote Admin Password Change
!/bin/bash : " Exploit Title: Tinycontrol LAN Controller v3 LK3 1.58a - Remote Admin Password Change Exploit Author: LiquidWorm Vendor: Tinycontrol Product web page: https://www.tinycontrol.pl Affected version: this with a calendar when - then. The device provides a user interface in the form of ...
GLPI GZIP(Py3) 9.4.5 - RCE
!/usr/bin/env python3 Exploit Title: GLPI GZIPPy3 9.4.5 - RCE Date: 08-30-2021 Exploit Authors: Brian Peters & n3rada Vendor Homepage: https://glpi-project.org/ Software Link: https://github.com/glpi-project/glpi/releases Version: 0.8.5-9.4.5 Tested on: Exploit ran on Kali 2021. GLPI Ran on Windo...
Ruijie Reyee Mesh Router - MITM Remote Code Execution (RCE)
Exploit Title: Ruijie Reyee Wireless Router firmware version B11P204 - MITM Remote Code Execution RCE Date: April 15, 2023 Exploit Author: Mochammad Riyan Firmansyah of SecLab Indonesia Vendor Homepage: https://ruijienetworks.com Software Link:...
Shuttle-Booking-Software v1.0 - Multiple-SQLi
Title: Shuttle-Booking-Software v1.0 - Multiple-SQLi Author: nu11secur1ty Date: 09/10/2023 Vendor: https://www.phpjabbers.com/ Software: https://www.phpjabbers.com/shuttle-booking-software/sectionPricing Reference: https://portswigger.net/web-security/sql-injection Description: The locationid...
Atcom 2.7.x.x - Authenticated Command Injection
Exploit Title: Atcom 2.7.x.x - Authenticated Command Injection Google Dork: N/A Date: 07/09/2023 Exploit Author: Mohammed Adel Vendor Homepage: https://www.atcom.cn/ Software Link: https://www.atcom.cn/html/yingwenban/Product/FastIPphone/2017/1023/135.html Version: All versions above 2.7.x.x Test...
Splunk 9.0.5 - admin account take over
!/usr/bin/env python3 Exploit Title: Splunk 9.0.5 - admin account take over Author: Redway Security Discovery: Santiago Lopez CVE: CVE-2023-32707 Vendor Description: A low-privilege user who holds a role that has the edituser capability assigned to it can escalate their privileges to that of the...
Wordpress Sonaar Music Plugin 4.7 - Stored XSS
Exploit Title: Wordpress Sonaar Music Plugin 4.7 - Stored XSS Date: 2023-09-05 Exploit Author: Furkan Karaarslan Category : Webapps Vendor Homepage: http://127.0.0.1/wp/wordpress/wp-comments-post.php Version: 4.7 REQUIRED Tested on: Windows/Linux...
Webedition CMS v2.9.8.8 - Blind SSRF
Exploit Title: Webedition CMS v2.9.8.8 - Blind SSRF Application: Webedition CMS Version: v2.9.8.8 Bugs: Blind SSRF Technology: PHP Vendor URL: https://www.webedition.org/ Software Link: https://download.webedition.org/releases/OnlineInstaller.tgz?p=1 Date of found: 07.09.2023 Author: Mirabbas...
Cacti 1.2.24 - Authenticated command injection when using SNMP options
Exploit Title: Cacti 1.2.24 - Authenticated command injection when using SNMP options Date: 2023-07-03 Exploit Author: Antonio Francesco Sardella Vendor Homepage: https://www.cacti.net/ Software Link: https://www.cacti.net/info/downloads Version: Cacti 1.2.24 Tested on: Cacti 1.2.24 installed on...
BoidCMS v2.0.0 - authenticated file upload vulnerability
!/usr/bin/python3 Exploit Title: BoidCMS v2.0.0 - authenticated file upload vulnerability Date: 08/21/2023 Exploit Author: 1337kid Vendor Homepage: https://boidcms.github.io// Software Link: https://boidcms.github.io/BoidCMS.zip Version: ' with open'shell.php','w' as f: f.writelinesphpcode ====...
Limo Booking Software v1.0 - CORS
Title: Limo Booking Software v1.0 - CORS Author: nu11secur1ty Date: 09/08/2023 Vendor: https://www.phpjabbers.com/ Software: https://www.phpjabbers.com/limo-booking-software/sectionDemo Reference: https://portswigger.net/web-security/cors Description: The application implements an HTML5...
OpenPLC WebServer 3 - Denial of Service
Exploit Title: OpenPLC WebServer 3 - Denial of Service Date: 10.09.2023 Exploit Author: Kai Feng Vendor Homepage: https://autonomylogic.com/ Software Link: https://github.com/thiagoralves/OpenPLCv3.git Version: Version 3 and 2 Tested on: Ubuntu 20.04 import requests import sys import time import...
Tinycontrol LAN Controller v3 (LK3) 1.58a - Remote Credentials Extraction
!/usr/bin/env python Exploit Title: Tinycontrol LAN Controller v3 LK3 - Remote Credentials Extraction Exploit Author: LiquidWorm Vendor: Tinycontrol Product web page: https://www.tinycontrol.pl Affected version: this with a calendar when - then. The device provides a user interface in the form of...
Online ID Generator 1.0 - Remote Code Execution (RCE)
Title: Online ID Generator 1.0 - Remote Code Execution RCE Author: nu11secur1ty Date: 08/31/2023 Vendor: https://www.youtube.com/watch?v=JdB9po5DTc Software: https://www.sourcecodester.com/sites/default/files/download/oretnom23/idgenerator0.zip Reference:...
GOM Player 2.3.90.5360 - Buffer Overflow (PoC)
Exploit Title: GOM Player 2.3.90.5360 - Buffer Overflow PoC Discovered by: Ahmet Ümit BAYRAM Discovered Date: 30.08.2023 Vendor Homepage: https://www.gomlab.com Software Link: https://cdn.gomlab.com/gretech/player/GOMPLAYERGLOBALSETUPNEW.EXE Tested Version: 2.3.90.5360 latest Tested on: Windows 1...
Wp2Fac - OS Command Injection
Exploit Title: Wp2Fac v1.0 - OS Command Injection Date: 2023-08-27 Exploit Author: Ahmet Ümit BAYRAM Vendor: https://github.com/metinyesil/wp2fac Tested on: Kali Linux & Windows 11 CVE: N/A import requests def sendpostrequesthost, revshell: url = f'http://host/send.php' headers = 'User-Agent':...
Drupal 10.1.2 - web-cache-poisoning-External-service-interaction
Title: drupal-10.1.2 web-cache-poisoning-External-service-interaction Author: nu11secur1ty Date: 08/30/2023 Vendor: https://www.drupal.org/ Software: https://www.drupal.org/download Reference: https://portswigger.net/kb/issues/00300210external-service-interaction-http Description: It is possible ...
Techview LA-5570 Wireless Gateway Home Automation Controller - Multiple Vulnerabilities
Exploit Title: Techview LA-5570 Wireless Gateway Home Automation Controller - Multiple Vulnerabilities Google Dork: N/A Date: 25/08/2023 Exploit Author: The Security Team exploitsecurity.io Vendor Homepage: https://www.jaycar.com.au/wireless-gateway-home-automation-controller/p/LA5570 Software...
Jorani v1.0.3-(c)2014-2023 - XSS Reflected & Information Disclosure
Title: Jorani v1.0.3-c2014-2023 - XSS Reflected & Information Disclosure Author: nu11secur1ty Date: 08/27/2023 Vendor: https://jorani.org/ Software: https://demo.jorani.org/session/login Reference: https://portswigger.net/web-security/cross-site-scripting Reference:...
Wordpress Plugin Elementor 3.5.5 - Iframe Injection
Exploit Title: Wordpress Plugin Elementor 3.5.5 - Iframe Injection Date: 28.08.2023 Exploit Author: Miguel Santareno Vendor Homepage: https://elementor.com/ Version: 3.5.5 Tested on: Google and Firefox latest version CVE : CVE-2022-4953 1. Description The plugin does not filter out user-controlle...
GOM Player 2.3.90.5360 - Remote Code Execution (RCE)
Exploit Title: GOM Player 2.3.90.5360 - Remote Code Execution RCE Date: 26.08.2023 Author: M. Akil Gündoğan Contact: https://twitter.com/akilgundogan Vendor Homepage: https://www.gomlab.com/gomplayer-media-player/ Software Link: https://cdn.gomlab.com/gretech/player/GOMPLAYERGLOBALSETUPNEW.EXE...
SPA-Cart eCommerce CMS 1.9.0.3 - SQL Injection
Exploit Title: SPA-Cart eCommerce CMS 1.9.0.3 - SQL Injection Exploit Author: CraCkEr Date: 20/08/2023 Vendor: SPA-Cart Vendor Homepage: https://spa-cart.com/ Software Link: https://demo.spa-cart.com/ Version: 1.9.0.3 Tested on: Windows 10 Pro Impact: Database Access CVE: CVE-2023-4548 CWE: CWE-8...
Axigen < 10.3.3.47, 10.2.3.12 - Reflected XSS
Exploit Title: Axigen if xhr1.readyState === XMLHttpRequest.DONE hcookie = new URLxhr1.responseURL.search.split"="1; xhr2.open'PATCH', /api/v1/conversations/MQ/?h=$hcookie, true; xh...
SyncBreeze 15.2.24 - 'login' Denial of Service
Exploit Title: SyncBreeze 15.2.24 -'login' Denial of Service Date: 30/08/2023 Exploit Author: mohamed youssef Vendor Homepage: https://www.syncbreeze.com/ Software Link: https://www.syncbreeze.com/setups/syncbreezesetupv15.4.32.exe Version: 15.2.24 Tested on: windows 10 64-bit import socket impor...