47904 matches found
PHPJabbers Night Club Booking 1.0 - Reflected XSS
Exploit Title: PHPJabbers Night Club Booking 1.0 - Reflected XSS Exploit Author: CraCkEr Date: 21/07/2023 Vendor: PHPJabbers Vendor Homepage: https://www.phpjabbers.com/ Software Link: https://www.phpjabbers.com/night-club-booking-software/ Version: 1.0 Tested on: Windows 10 Pro Impact: Manipulat...
PHPJabbers Service Booking Script 1.0 - Reflected XSS
Exploit Title: PHPJabbers Service Booking Script 1.0 - Reflected XSS Exploit Author: CraCkEr Date: 21/07/2023 Vendor: PHPJabbers Vendor Homepage: https://www.phpjabbers.com/ Software Link: https://www.phpjabbers.com/service-booking-script/ Version: 1.0 Tested on: Windows 10 Pro Impact: Manipulate...
PHPJabbers Shuttle Booking Software 1.0 - Reflected XSS
Exploit Title: PHPJabbers Shuttle Booking Software 1.0 - Reflected XSS Exploit Author: CraCkEr Date: 20/07/2023 Vendor: PHPJabbers Vendor Homepage: https://www.phpjabbers.com/ Software Link: https://www.phpjabbers.com/shuttle-booking-software/ Version: 1.0 Tested on: Windows 10 Pro Impact:...
WordPress adivaha Travel Plugin 2.3 - SQL Injection
Exploit Title: WordPress adivaha Travel Plugin 2.3 - SQL Injection Exploit Author: CraCkEr Date: 29/07/2023 Vendor: adivaha - Travel Tech Company Vendor Homepage: https://www.adivaha.com/ Software Link: https://wordpress.org/plugins/adiaha-hotel/ Demo: https://www.adivaha.com/demo/adivaha-online/...
Academy LMS 6.0 - Reflected XSS
Exploit Title: Academy LMS 6.0 - Reflected XSS Exploit Author: CraCkEr Date: 22/07/2023 Vendor: Creativeitem Vendor Homepage: https://creativeitem.com/ Software Link: https://demo.creativeitem.com/academy/ Version: 6.0 Tested on: Windows 10 Pro Impact: Manipulate the content of the site CVE:...
PHPJabbers Rental Property Booking 2.0 - Reflected XSS
Exploit Title: PHPJabbers Rental Property Booking 2.0 - Reflected XSS Exploit Author: CraCkEr Date: 22/07/2023 Vendor: PHPJabbers Vendor Homepage: https://www.phpjabbers.com/ Software Link: https://www.phpjabbers.com/rental-property-booking-calendar/ Version: 2.0 Tested on: Windows 10 Pro Impact:...
PHPJabbers Cleaning Business 1.0 - Reflected XSS
Exploit Title: PHPJabbers Cleaning Business 1.0 - Reflected XSS Exploit Author: CraCkEr Date: 21/07/2023 Vendor: PHPJabbers Vendor Homepage: https://www.phpjabbers.com/ Software Link: https://www.phpjabbers.com/cleaning-business-software/ Version: 1.0 Tested on: Windows 10 Pro Impact: Manipulate...
PHPJabbers Taxi Booking 2.0 - Reflected XSS
Exploit Title: PHPJabbers Taxi Booking 2.0 - Reflected XSS Exploit Author: CraCkEr Date: 22/07/2023 Vendor: PHPJabbers Vendor Homepage: https://www.phpjabbers.com/ Software Link: https://www.phpjabbers.com/taxi-booking-script/ Version: 2.0 Tested on: Windows 10 Pro Impact: Manipulate the content ...
WordPress adivaha Travel Plugin 2.3 - Reflected XSS
Exploit Title: WordPress adivaha Travel Plugin 2.3 - Reflected XSS Exploit Author: CraCkEr Date: 29/07/2023 Vendor: adivaha - Travel Tech Company Vendor Homepage: https://www.adivaha.com/ Software Link: https://wordpress.org/plugins/adiaha-hotel/ Demo: https://www.adivaha.com/demo/adivaha-online/...
Webedition CMS v2.9.8.8 - Stored XSS
Exploit Title: Webedition CMS v2.9.8.8 - Stored XSS Application: Webedition CMS Version: v2.9.8.8 Bugs: Stored Xss Technology: PHP Vendor URL: https://www.webedition.org/ Software Link: https://download.webedition.org/releases/OnlineInstaller.tgz?p=1 Date of found: 03.08.2023 Author: Mirabbas...
Webutler v3.2 - Remote Code Execution (RCE)
Exploit Title: Webutler v3.2 - Remote Code Execution RCE Application: webutler Cms Version: v3.2 Bugs: RCE Technology: PHP Vendor URL: https://webutler.de/en Software Link: http://webutler.de/download/webutlerv3.2.zip Date of found: 03.08.2023 Author: Mirabbas Ağalarov Tested on: Linux 2. Technic...
Webedition CMS v2.9.8.8 - Remote Code Execution (RCE)
Exploit Title: Webedition CMS v2.9.8.8 - Remote Code Execution RCE Application: webedition Cms Version: v2.9.8.8 Bugs: RCE Technology: PHP Vendor URL: https://www.webedition.org/ Software Link: https://download.webedition.org/releases/OnlineInstaller.tgz?p=1 Date of found: 03.08.2023 Author:...
Shelly PRO 4PM v0.11.0 - Authentication Bypass
!/bin/bash Exploit Title: Shelly PRO 4PM v0.11.0 - Authentication Bypass Google Dork: NA Date: 2nd August 2023 Exploit Author: The Security Team exploitsecurity.io Exploit Blog: https://www.exploitsecurity.io/post/cve-2023-33383-authentication-bypass-via-an-out-of-bounds-read-vulnerability Vendor...
Campcodes Online Matrimonial Website System v3.3 - Code Execution via malicious SVG file upload
Exploit Title: Online Matrimonial Website System v3.3 - Code Execution via malicious SVG file upload Date: 3-8-2023 Category: Web Application Exploit Author: Rajdip Dey Sarkar Version: 3.3 Tested on: Windows/Kali CVE: CVE-2023-39115 Description: ---------------- An arbitrary file upload...
WordPress Plugin Forminator 1.24.6 - Unauthenticated Remote Command Execution
Exploit Title: WordPress Plugin Forminator 1.24.6 - Unauthenticated Remote Command Execution Date: 2023-07-20 Exploit Author: Mehmet Kelepçe Vendor Homepage: https://wpmudev.com/project/forminator-pro/ Software Link: https://wordpress.org/plugins/forminator/ Version: 1.24.6 Tested on: PHP - Mysql...
ReyeeOS 1.204.1614 - MITM Remote Code Execution (RCE)
Exploit Title: ReyeeOS 1.204.1614 - MITM Remote Code Execution RCE Google Dork: None Date: July 31, 2023 Exploit Author: Riyan Firmansyah of Seclab Vendor Homepage: https://ruijienetworks.com Software Link: https://www.ruijienetworks.com/support/documents/slideEW1200G-PRO-Firmware-B11P204 Version...
WordPress Plugin Ninja Forms 3.6.25 - Reflected XSS
Exploit Title: WordPress Plugin Ninja Forms 3.6.25 - Reflected XSS Authenticated Google Dork: inurl:/wp-content/plugins/ninja-forms/readme.txt Date: 2023-07-27 Exploit Author: Mehran Seifalinia Vendor Homepage: https://ninjaforms.com/ Software Link:...
Joomla JLex Review 6.0.1 - Reflected XSS
Exploit Title: Joomla JLex Review 6.0.1 - Reflected XSS Exploit Author: CraCkEr Date: 01/08/2023 Vendor: JLexArt Vendor Homepage: https://jlexart.com/ Software Link: https://extensions.joomla.org/extension/jlex-review/ Demo: https://jlexreview.jlexart.com/ Version: 6.0.1 Tested on: Windows 10 Pro...
Ozeki SMS Gateway 10.3.208 - Arbitrary File Read (Unauthenticated)
Exploit Title: Ozeki 10 SMS Gateway 10.3.208 - Arbitrary File Read Unauthenticated Date: 01.08.2023 Exploit Author: Ahmet Ümit BAYRAM Vendor Homepage: https://ozeki-sms-gateway.com Software Link: https://ozeki-sms-gateway.com/attachments/702/installwindows1689352737OzekiSMSGateway10.3.208.zip...
Adiscon LogAnalyzer v.4.1.13 - Cross Site Scripting
Exploit Title: Adiscon LogAnalyzer v.4.1.13 - Cross Site Scripting Date: 2023.Aug.01 Exploit Author: Pedro ISSDU TW Vendor Homepage: https://loganalyzer.adiscon.com/ Software Link: https://loganalyzer.adiscon.com/download/ Version: v4.1.13 and before Tested on: Linux CVE : CVE-2023-36306 There ar...
JLex GuestBook 1.6.4 - Reflected XSS
Exploit Title: JLex GuestBook 1.6.4 - Reflected XSS Exploit Author: CraCkEr Date: 01/08/2023 Vendor: JLexArt Vendor Homepage: https://jlexart.com/ Software Link: https://extensions.joomla.org/extension/contacts-and-feedback/guest-book/jlex-guestbook/ Demo: https://jlexguestbook.jlexart.com/...
Joomla iProperty Real Estate 4.1.1 - Reflected XSS
Exploit Title: Joomla iProperty Real Estate 4.1.1 - Reflected XSS Exploit Author: CraCkEr Date: 29/07/2023 Vendor: The Thinkery LLC Vendor Homepage: http://thethinkery.net Software Link: https://extensions.joomla.org/extension/vertical-markets/real-estate/iproperty/ Demo:...
Uvdesk v1.1.3 - File Upload Remote Code Execution (RCE) (Authenticated)
Exploit Title: Uvdesk v1.1.3 - File Upload Remote Code Execution RCE Authenticated Date: 28/07/2023 Exploit Author: Daniel Barros @cupc4k3d - Hakai Offensive Security Vendor Homepage: https://www.uvdesk.com Software Link: https://github.com/uvdesk/community-skeleton Version: 1.1.3 Example: python...
General Device Manager 2.5.2.2 - Buffer Overflow (SEH)
Exploit Title: General Device Manager 2.5.2.2 - Buffer Overflow SEH Date: 30.07.2023 Software Link: https://download.xm030.cn/d/MDAwMDA2NTQ= Software Link 2: https://www.maxiguvenlik.com/uploads/importfiles/GeneralDeviceManager.zip Exploit Author: Ahmet Ümit BAYRAM Tested Version: 2.5.2.2 Tested...
Joomla Solidres 2.13.3 - Reflected XSS
Exploit Title: Joomla Solidres 2.13.3 - Reflected XSS Exploit Author: CraCkEr Date: 28/07/2023 Vendor: Solidres Team Vendor Homepage: http://solidres.com/ Software Link: https://extensions.joomla.org/extension/vertical-markets/booking-a-reservations/solidres/ Demo: http://demo.solidres.com/joomla...
copyparty 1.8.2 - Directory Traversal
Exploit Title: copyparty 1.8.2 - Directory Traversal Date: 14/07/2023 Exploit Author: Vartamtzidis Theodoros @TheHackyDog Vendor Homepage: https://github.com/9001/copyparty/ Software Link: https://github.com/9001/copyparty/releases/tag/v1.8.2 Version: =1.8.2 Tested on: Debian Linux CVE :...
copyparty v1.8.6 - Reflected Cross Site Scripting (XSS)
Exploit Title: copyparty v1.8.6 - Reflected Cross Site Scripting XSS Date: 23/07/2023 Exploit Author: Vartamtezidis Theodoros @TheHackyDog Vendor Homepage: https://github.com/9001/copyparty/ Software Link: https://github.com/9001/copyparty/releases/tag/v1.8.6 Version: =1.8.6 Tested on: Debian Lin...
GreenShot 1.2.10 - Insecure Deserialization Arbitrary Code Execution
Exploit Title: GreenShot 1.2.10 - Insecure Deserialization Arbitrary Code Execution Date: 26/07/2023 Exploit Author: p4r4bellum Vendor Homepage: https://getgreenshot.org Software Link: https://getgreenshot.org/downloads/ Version: 1.2.6.10 Tested on: windows 10.0.19045 N/A build 19045 CVE :...
WordPress Plugin AN_Gradebook 5.0.1 - SQLi
!/usr/bin/python3 Exploit Title: WordPress Plugin ANGradebook = 5.0.1 - Subscriber+ SQLi Date: 2023-07-26 Exploit Author: Lukas Kinneberg Github: https://github.com/lukinneberg/CVE-2023-2636 Vendor Homepage: https://wordpress.org/plugins/an-gradebook/ Software Link:...
Joomla VirtueMart Shopping Cart 4.0.12 - Reflected XSS
Exploit Title: Joomla VirtueMart Shopping-Cart 4.0.12 - Reflected XSS Exploit Author: CraCkEr Date: 24/07/2023 Vendor: VirtueMart Team Vendor Homepage: https://www.virtuemart.net/ Software Link: https://demo.virtuemart.net/ Joomla Extension Link:...
Joomla HikaShop 4.7.4 - Reflected XSS
Exploit Title: Joomla HikaShop 4.7.4 - Reflected XSS Exploit Author: CraCkEr Date: 24/07/2023 Vendor: Hikari Software Team Vendor Homepage: https://www.hikashop.com/ Software Link: https://demo.hikashop.com/index.php/en/ Joomla Extension Link:...
mooDating 1.2 - Reflected Cross-site scripting (XSS)
Exploit Title: mooDating 1.2 - Reflected Cross-site scripting XSS Exploit Author: CraCkEr aka skalvin Date: 22/07/2023 Vendor: mooSocial Vendor Homepage: https://moodatingscript.com/ Software Link: https://demo.moodatingscript.com/home Version: 1.2 Tested on: Windows 10 Pro Impact: Manipulate the...
Zomplog 3.9 - Cross-site scripting (XSS)
Exploit Title: Zomplog 3.9 - Cross-site scripting XSS Application: Zomplog Version: v3.9 Bugs: XSS Technology: PHP Vendor URL: http://zomp.nl/zomplog/ Software Link: http://zomp.nl/zomplog/downloads/zomplog/zomplog3.9.zip Date of found: 22.07.2023 Author: Mirabbas Ağalarov Tested on: Linux 2...
Perch v3.2 - Persistent Cross Site Scripting (XSS)
Exploit Title: Perch v3.2 - Persistent Cross Site Scripting XSS Google Dork: N/A Date: 23-July-2023 Exploit Author: Dinesh Mohanty Vendor Homepage: https://grabaperch.com/ Software Link: https://grabaperch.com/download Version: v3.2 Tested on: Windows CVE : Requested Description: Stored Cross Sit...
Availability Booking Calendar v1.0 - Multiple Cross-site scripting (XSS)
Exploit Title: Availability Booking Calendar v1.0 - Multiple Cross-site scripting XSS Date: 07/2023 Exploit Author: Andrey Stoykov Tested on: Ubuntu 20.04 Blog: http://msecureltd.blogspot.com XSS 1: Steps to Reproduce: 1. Browse to Bookings 2. Select All Bookings 3. Edit booking and select Promo...
RosarioSIS 10.8.4 - CSV Injection
Exploit Title: RosarioSIS 10.8.4 - CSV Injection Google Dork:NA Exploit Author: Ranjeet Jaiswal Vendor Homepage: https://www.rosariosis.org/ Software Link: https://gitlab.com/francoisjacquet/rosariosis/-/archive/v10.8.4/rosariosis-v10.8.4.zip Affected Version: 10.8.4 Category: WebApps Tested on:...
October CMS v3.4.4 - Stored Cross-Site Scripting (XSS) (Authenticated)
Exploit Title: October CMS v3.4.4 - Stored Cross-Site Scripting XSS Authenticated Date: 29 June 2023 Exploit Author: Okan Kurtulus Vendor Homepage: https://octobercms.com Version: v3.4.4 Tested on: Ubuntu 22.04 CVE : N/A Proof of Concept: 1– Install the system through the website and log in with...
mRemoteNG v1.77.3.1784-NB - Cleartext Storage of Sensitive Information in Memory
Exploit Title: mRemoteNG v1.77.3.1784-NB - Cleartext Storage of Sensitive Information in Memory Google Dork: - Date: 21.07.2023 Exploit Author: Maximilian Barz Vendor Homepage: https://mremoteng.org/ Software Link: https://mremoteng.org/download Version: mRemoteNG = v1.77.3.1784-NB Tested on:...
Keeper Security desktop 16.10.2 & Browser Extension 16.5.4 - Password Dumping
Exploit Title: Keeper Security desktop 16.10.2 & Browser Extension 16.5.4 - Password Dumping Google Dork: NA Date: 22-07-2023 Exploit Author: H4rk3nz0 Vendor Homepage: https://www.keepersecurity.com/enGB/ Software Link: https://www.keepersecurity.com/enGB/get-keeper.html Version: Desktop App...
zomplog 3.9 - Remote Code Execution (RCE)
Exploit Title: zomplog 3.9 - Remote Code Execution RCE Application: zomplog Version: v3.9 Bugs: RCE Technology: PHP Vendor URL: http://zomp.nl/zomplog/ Software Link: http://zomp.nl/zomplog/downloads/zomplog/zomplog3.9.zip Date of found: 22.07.2023 Author: Mirabbas Ağalarov Tested on: Linux impor...
Perch v3.2 - Stored XSS
Exploit Title: Perch v3.2 - Stored XSS Application: Perch Cms Version: v3.2 Bugs: XSS Technology: PHP Vendor URL: https://grabaperch.com/ Software Link: https://grabaperch.com/download Date of found: 21.07.2023 Author: Mirabbas Ağalarov Tested on: Linux 2. Technical Details & POC...
Perch v3.2 - Remote Code Execution (RCE)
Exploit Title: Perch v3.2 - Remote Code Execution RCE Application: Perch Cms Version: v3.2 Bugs: RCE Technology: PHP Vendor URL: https://grabaperch.com/ Software Link: https://grabaperch.com/download Date of found: 21.07.2023 Author: Mirabbas Ağalarov Tested on: Linux 2. Technical Details & POC...
RaidenFTPD 2.4.4005 - Buffer Overflow (SEH)
Exploit Title: RaidenFTPD 2.4.4005 - Buffer Overflow SEH Date: 18/07/2023 Exploit Author: Andre Nogueira Vendor Homepage: https://www.raidenftpd.com/en/ Software Link: http://www.raidenmaild.com/download/raidenftpd2.exe Version: RaidenFTPD 2.4.4005 Tested on: Microsoft Windows 10 Build 19045 1.-...
Aures Booking & POS Terminal - Local Privilege Escalation
Exploit Title: Aures Booking & POS Terminal - Local Privilege Escalation References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2323 Release Date: ============= 2023-07-17 Vulnerability Laboratory ID VL-ID: ==================================== 2323 Common...
PaulPrinting CMS - Multiple Cross Site Web Vulnerabilities
Exploit Title: PaulPrinting CMS - Multiple Cross Site Web Vulnerabilities References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2285 Release Date: ============= 2023-07-19 Vulnerability Laboratory ID VL-ID: ==================================== 2285 Common...
Dooblou WiFi File Explorer 1.13.3 - Multiple Vulnerabilities
Exploit Title: Dooblou WiFi File Explorer 1.13.3 - Multiple Vulnerabilities References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2317 Release Date: ============= 2023-07-04 Vulnerability Laboratory ID VL-ID: ==================================== 2317 Common...
Webile v1.0.1 - Multiple Cross Site Scripting
Exploit Title: Webile v1.0.1 - Multiple Cross Site Scripting References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2321 Release Date: ============= 2023-07-03 Vulnerability Laboratory ID VL-ID: ==================================== 2321 Common Vulnerability...
PaulPrinting CMS - (Search Delivery) Cross Site Scripting
Exploit Title: PaulPrinting CMS - Search Delivery Cross Site Scripting References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2286 Release Date: ============= 2023-07-17 Vulnerability Laboratory ID VL-ID: ==================================== 2286 Common...
RWS WorldServer 11.7.3 - Session Token Enumeration
Exploit Title: RWS WorldServer 11.7.3 - Session Token Enumeration Session tokens in RWS WorldServer have a low entropy and can be enumerated, leading to unauthorised access to user sessions. Details ======= Product: WorldServer Affected Versions: 11.7.3 and earlier versions Fixed Version: 11.8.0...
Boom CMS v8.0.7 - Cross Site Scripting
Exploit Title: Boom CMS v8.0.7 - Cross Site Scripting References Source: https://www.vulnerability-lab.com/getcontent.php?id=2274 Release Date: 2023-07-03 Vulnerability Laboratory ID VL-ID: 2274 Product & Service Introduction: =============================== Boom is a fully featured, easy to use...