47884 matches found
XAMPP 8.2.4 - Unquoted Path
Exploit Title: XAMPP 8.2.4 - Unquoted Path Date: 07/2023 Exploit Author: Andrey Stoykov Version: 8.2.4 Software Link: https://sourceforge.net/projects/xampp/files/XAMPP%20Windows/8.2.4/xampp-windows-x64-8.2.4-0-VS16-installer.exe Tested on: Windows Server 2022 Blog: http://msecureltd.blogspot.com...
WinterCMS < 1.2.3 - Persistent Cross-Site Scripting
Exploit Title: WinterCMS alertdocument.cookie; //Post Request...
Cisco UCS-IMC Supervisor 2.2.0.0 - Authentication Bypass
Exploit Title: Cisco UCS-IMC Supervisor 2.2.0.0 - Authentication Bypass + Cisco IMC Supervisor - 2.2.1.0 + Date: 08/21/2019 + Affected Component: /app/ui/ClientServlet?apiName=GetUserInfo + Vendor:...
ProjeQtOr Project Management System v10.4.1 - Multiple XSS
Exploit Title: ProjeQtOr Project Management System V10.4.1 - Multiple XSS Version: V10.4.1 Bugs: Multiple XSS Technology: PHP Vendor URL: https://www.projeqtor.org Software Link: https://sourceforge.net/projects/projectorria/files/projeqtorV10.4.1.zip/download Date of found: 09.07.2023 Author:...
Pluck v4.7.18 - Remote Code Execution (RCE)
Exploit Title: Pluck v4.7.18 - Remote Code Execution RCE Application: pluck Version: 4.7.18 Bugs: RCE Technology: PHP Vendor URL: https://github.com/pluck-cms/pluck Software Link: https://github.com/pluck-cms/pluck Date of found: 10-07-2023 Author: Mirabbas Ağalarov Tested on: Linux import reques...
News Portal v4.0 - SQL Injection (Unauthorized)
Exploit Title: News Portal v4.0 - SQL Injection Unauthorized Date: 09/07/2023 Exploit Author: Hubert Wojciechowski Contact Author: [email protected] Vendor Homepage: https://phpgurukul.com/news-portal-project-in-php-and-mysql/c Software Link:...
Admidio v4.2.10 - Remote Code Execution (RCE)
Exploit Title: Admidio v4.2.10 - Remote Code Execution RCE Application: Admidio Version: 4.2.10 Bugs: RCE Technology: PHP Vendor URL: https://www.admidio.org/ Software Link: https://www.admidio.org/download.php Date of found: 10.07.2023 Author: Mirabbas Ağalarov Tested on: Linux 2. Technical...
MiniTool Partition Wizard ShadowMaker v.12.7 - Unquoted Service Path "MTSchedulerService"
Exploit Title: MiniTool Partition Wizard ShadowMaker v.12.7 - Unquoted Service Path Date: 06/07/2023 Exploit Author: Idan Malihi Vendor Homepage: https://www.minitool.com/ Software Link: https://www.minitool.com/download-center/ Version: 12.7 Tested on: Microsoft Windows 10 Pro CVE : CVE-2023-361...
BuildaGate5library v5 - Reflected Cross-Site Scripting (XSS)
Exploit Title: BuildaGate5library v5 - Reflected Cross-Site Scripting XSS Date: 06/07/2023 Exploit Author: Idan Malihi Vendor Homepage: None Version: 5 Tested on: Microsoft Windows 10 Pro CVE : CVE-2023-36163 PoC: An attacker just needs to find the vulnerable parameter mc= and inject the JS code...
AVG Anti Spyware 7.5 - Unquoted Service Path "AVG Anti-Spyware Guard"
Exploit Title: AVG Anti Spyware 7.5 - Unquoted Service Path Date: 06/07/2023 Exploit Author: Idan Malihi Vendor Homepage: https://www.avg.com Software Link: https://www.avg.com/en-ww/homepagepc Version: 7.5 Tested on: Microsoft Windows 10 Pro CVE : CVE-2023-36167 PoC C:\Userswmic service get...
Game Jackal Server v5 - Unquoted Service Path "GJServiceV5"
Exploit Title: Game Jackal Server v5 - Unquoted Service Path Date: 06/07/2023 Exploit Author: Idan Malihi Vendor Homepage: https://www.allradiosoft.ru Software Link: https://www.allradiosoft.ru/en/ss/index.htm Version: 5 Tested on: Microsoft Windows 10 Pro CVE : CVE-2023-36166 PoC C:\Userswmic...
Ateme TITAN File 3.9 - SSRF File Enumeration
Exploit Title: Ateme TITAN File 3.9 - SSRF File Enumeration Exploit Author: LiquidWorm Vendor: Ateme Product web page: https://www.ateme.com Affected version: 3.9.12.4 3.9.11.0 3.9.9.2 3.9.8.0 Summary: TITAN File is a multi-codec/format video transcoding software, for mezzanine, STB and ABR VOD,...
Netlify CMS 2.10.192 - Stored Cross-Site Scripting (XSS)
Exploit Title: Netlify CMS 2.10.192 - Stored Cross-Site Scripting XSS Exploit Author: tmrswrr Vendor Homepage: https://decapcms.org/docs/intro/ Software Link: https://github.com/decaporg/decap-cms Version: 2.10.192 Tested on: https://cms-demo.netlify.com Description: 1. Go to new post and write...
Frappe Framework (ERPNext) 13.4.0 - Remote Code Execution (Authenticated)
Exploit Title: Frappe Framework ERPNext 13.4.0 - Remote Code Execution Authenticated Exploit Author: Sander Ferdinand Date: 2023-06-07 Version: 13.4.0 Vendor Homepage: http://erpnext.org Software Link: https://github.com/frappe/frappe/ Tested on: Ubuntu 22.04 CVE : none Silly sandbox escape. Frap...
MiniTool Partition Wizard ShadowMaker v.12.7 - Unquoted Service Path "MTAgentService"
Exploit Title: MiniTool Partition Wizard ShadowMaker v.12.7 - Unquoted Service Path Date: 06/07/2023 Exploit Author: Idan Malihi Vendor Homepage: https://www.minitool.com/ Software Link: https://www.minitool.com/download-center/ Version: 12.7 Tested on: Microsoft Windows 10 Pro CVE : CVE-2023-361...
Spring Cloud 3.2.2 - Remote Command Execution (RCE)
Exploit Title: Spring Cloud 3.2.2 - Remote Command Execution RCE Date: 07/07/2023 Exploit Author: GatoGamer1155, 0bfxgh0st Vendor Homepage: https://spring.io/projects/spring-cloud-function/ Description: Exploit to execute commands exploiting CVE-2022-22963 Software Link:...
Faculty Evaluation System v1.0 - SQL Injection
Exploit Title: Faculty Evaluation System v1.0 - SQL Injection Date: 07/2023 Exploit Author: Andrey Stoykov Vendor Homepage: https://www.sourcecodester.com/php/14635/faculty-evaluation-system-using-phpmysqli-source-code.html Software Link:...
Microsoft Outlook Microsoft 365 MSO (Version 2306 Build 16.0.16529.20100) 32-bit - Remote Code Execution
Title: Microsoft Outlook Microsoft 365 MSO Version 2306 Build 16.0.16529.20100 32-bit - Remote Code Execution Author: nu11secur1ty Date: 07.07.2023 Vendor: https://www.microsoft.com/ Software: https://outlook.live.com/owa/ Reference:...
Windows 10 v21H1 - HTTP Protocol Stack Remote Code Execution
Title: Windows 10 v21H1 - HTTP Protocol Stack Remote Code Execution Author: nu11secur1ty Date: 01.14.2022 Vendor: https://www.microsoft.com/ Software: https://www.microsoft.com/en-us/download/details.aspx?id=48264 Reference: https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-219...
Gila CMS 1.10.9 - Remote Code Execution (RCE) (Authenticated)
Exploit Title: Gila CMS 1.10.9 - Remote Code Execution RCE Authenticated Date: 05-07-2023 Exploit Author: Omer Shaik unknownexploit Vendor Homepage: https://gilacms.com/ Software Link: https://github.com/GilaCMS/gila/ Version: Gila 1.10.9 Tested on: Linux import requests from termcolor import...
Piwigo v13.7.0 - Stored Cross-Site Scripting (XSS) (Authenticated)
Exploit Title: Piwigo v13.7.0 - Stored Cross-Site Scripting XSS Authenticated Date: 25 June 2023 Exploit Author: Okan Kurtulus Vendor Homepage: https://piwigo.org Version: 13.7.0 Tested on: Ubuntu 22.04 CVE : N/A Proof of Concept: 1– Install the system through the website and log in with any user...
Microsoft Edge 114.0.1823.67 (64-bit) - Information Disclosure
Title:Microsoft Edge 114.0.1823.67 64-bit - Information Disclosure Author: nu11secur1ty Date: 07.06.2023 Vendor: https://www.microsoft.com/ Software: https://www.microsoft.com/en-us/edge?form=MA13FJ&exp=e415 Reference: https://portswigger.net/web-security/information-disclosure,...
Lost and Found Information System v1.0 - SQL Injection
Exploit Title: Lost and Found Information System v1.0 - SQL Injection Date: 2023-06-30 country: Iran Exploit Author: Amirhossein Bahramizadeh Category : webapps Dork : /php-lfis/admin/?page=systeminfo/contactinformation Tested on: Windows/Linux CVE : CVE-2023-33592 import requests URL of the...
Beauty Salon Management System v1.0 - SQLi
Exploit Title: Beauty Salon Management System v1.0 - SQLi Date of found: 04/07/2023 Exploit Author: Fatih Nacar Version: V1.0 Tested on: Windows 10 Vendor Homepage: https://www.campcodes.com Software Link: https://www.campcodes.com/projects/beauty-salon-management-system-in-php-and-mysqli/ CWE:...
Car Rental Script 1.8 - Stored Cross-site scripting (XSS)
Exploit Title: Car Rental Script 1.8 - Stored Cross-site scripting XSS Date: 30/07/2023 Exploit Author: CraCkEr Vendor: GZ Scripts Vendor Homepage: https://gzscripts.com/ Software Link: https://gzscripts.com/car-rental-php-script.html Version: 1.8 Tested on: Windows 10 Pro Impact: Manipulate the...
Prestashop 8.0.4 - Cross-Site Scripting (XSS)
Exploit Title: Prestashop 8.0.4 - Cross-Site Scripting XSS Application: prestashop Version: 8.0.4 Bugs: Stored XSS Technology: PHP Vendor URL: https://prestashop.com/ Software Link: https://prestashop.com/prestashop-edition-basic/ Date of found: 30.06.2023 Author: Mirabbas Ağalarov Tested on: Lin...
WP AutoComplete 1.0.4 - Unauthenticated SQLi
Exploit Title: WP AutoComplete 1.0.4 - Unauthenticated SQLi Date: 30/06/2023 Exploit Author: Matin nouriyan matitanium Version: = 1.0.4 CVE: CVE-2022-4297 Vendor Homepage: https://wordpress.org/support/plugin/wp-autosearch/ Tested on: Kali linux --------------------------------------- The WP...
Vacation Rental 1.8 - Stored Cross-Site Scripting (XSS)
Exploit Title: Vacation Rental 1.8 - Stored Cross-Site Scripting XSS Date: 30/06/2023 Exploit Author: CraCkEr Vendor: GZ Scripts Vendor Homepage: https://gzscripts.com/ Software Link: https://gzscripts.com/vacation-rental-website.html Version: 1.8 Tested on: Windows 10 Pro Impact: Manipulate the...
WebsiteBaker v2.13.3 - Stored XSS
Exploit Title: WebsiteBaker v2.13.3 - Stored XSS Application: WebsiteBaker Version: 2.13.3 Bugs: Stored XSS Technology: PHP Vendor URL: https://websitebaker.org/pages/en/home.php Software Link: https://wiki.websitebaker.org/doku.php/en/downloads Date of found: 26.06.2023 Author: Mirabbas Ağalarov...
WBCE CMS 1.6.1 - Open Redirect & CSRF
Exploit Title: WBCE CMS 1.6.1 - Open Redirect & CSRF Version: 1.6.1 Bugs: Open Redirect + CSRF = CSS KEYLOGGING Technology: PHP Vendor URL: https://wbce-cms.org/ Software Link: https://github.com/WBCE/WBCECMS/releases/tag/1.6.1 Date of found: 03-07-2023 Author: Mirabbas Ağalarov Tested on: Linux ...
Microsoft 365 MSO (Version 2305 Build 16.0.16501.20074) 32-bit - Remote Code Execution (RCE)
Title:Microsoft 365 MSO Version 2305 Build 16.0.16501.20074 32-bit - Remote Code Execution RCE Author: nu11secur1ty Date: 06.27.2023 Vendor: https://www.microsoft.com/ Software: https://www.microsoft.com/en-us/microsoft-365/excel Reference: https://portswigger.net/daily-swig/rce CVE-2023-33137...
Rukovoditel 3.4.1 - Multiple Stored XSS
Exploit Title: Rukovoditel 3.4.1 - Multiple Stored XSS Version: 3.4.1 Bugs: Multiple Stored XSS Technology: PHP Vendor URL: https://www.rukovoditel.net/ Software Link: https://www.rukovoditel.net/download.php Date of found: 24-06-2023 Author: Mirabbas Ağalarov Tested on: Linux 2. Technical Detail...
TP-Link TL-WR940N V4 - Buffer OverFlow
Exploit Title: TP-Link TL-WR940N V4 - Buffer OverFlow Date: 2023-06-30 country: Iran Exploit Author: Amirhossein Bahramizadeh Category : hardware Dork : /userRpm/WanDynamicIpV6CfgRpm Tested on: Windows/Linux CVE : CVE-2023-36355 import requests Replace the IP address with the router's IP routerip...
D-Link DAP-1325 - Broken Access Control
Exploit Title: D-Link DAP-1325 - Broken Access Control Date: 27-06-2023 Exploit Author: ieduardogoncalves Contact : twitter.com/0x00dia Vendor : www.dlink.com Version: Hardware version: A1 Firmware version: 1.01 Tested on:All Platforms 1 Description Security vulnerability known as "Unauthenticate...
WebsiteBaker v2.13.3 - Directory Traversal
Exploit Title: WebsiteBaker v2.13.3 - Directory Traversal Application: WebsiteBaker Version: 2.13.3 Bugs: Directory Traversal Technology: PHP Vendor URL: https://websitebaker.org/pages/en/home.php Software Link: https://wiki.websitebaker.org/doku.php/en/downloads Date of found: 26.06.2023 Author:...
GZ Forum Script 1.8 - Stored Cross-Site Scripting (XSS)
Exploit Title: GZ Forum Script 1.8 - Stored Cross-Site Scripting XSS Date: 30/06/2023 Exploit Author: CraCkEr Vendor: GZ Scripts Vendor Homepage: https://gzscripts.com/ Software Link: https://gzscripts.com/gz-forum-script.html Version: 1.8 Tested on: Windows 10 Pro Impact: Manipulate the content ...
Sales of Cashier Goods v1.0 - Cross Site Scripting (XSS)
Exploit Title: Sales of Cashier Goods v1.0 - Cross Site Scripting XSS Date: 2023-06-23 country: Iran Exploit Author: Amirhossein Bahramizadeh Category : webapps Dork : /print.php?nmmember= Vendor Homepage:...
Microsoft 365 MSO (Version 2305 Build 16.0.16501.20074) 64-bit - Remote Code Execution (RCE)
Title: Microsoft 365 MSO Version 2305 Build 16.0.16501.20074 64-bit - Remote Code Execution RCE Author: nu11secur1ty Date: 04.17.2023 Vendor: https://www.microsoft.com/ Software: https://www.microsoft.com/en-us/microsoft-365/ Reference:...
Alkacon OpenCMS 15.0 - Multiple Cross-Site Scripting (XSS)
Exploit Title: Alkacon OpenCMS 15.0 - Multiple Cross-Site Scripting XSS Date: 1/07/2023 Exploit Author: tmrswrr Vendor Homepage: http://www.opencms.org Software Link: https://github.com/alkacon/opencms-core Version: v15.0 POC: 1 Login in demo page , go to this url...
Time Slot Booking Calendar 1.8 - Stored Cross-Site Scripting (XSS)
Exploit Title: Time Slot Booking Calendar 1.8 - Stored XSS Date: 29/06/2023 Exploit Author: CraCkEr Vendor: GZ Scripts Vendor Homepage: https://gzscripts.com/ Software Link: https://gzscripts.com/time-slot-booking-calendar-php.html Version: 1.8 Tested on: Windows 10 Pro Impact: Manipulate the...
POS Codekop v2.0 - Authenticated Remote Code Execution (RCE)
Exploit Title: POS Codekop v2.0 - Authenticated Remote Code Execution RCE Date: 25-05-2023 Exploit Author: yuyudhn Vendor Homepage: https://www.codekop.com/ Software Link: https://github.com/fauzan1892/pos-kasir-php Version: 2.0 Tested on: Linux CVE: CVE-2023-36348 Vulnerability description: The...
spip v4.1.10 - Spoofing Admin account
Exploit Title: spip v4.1.10 - Spoofing Admin account Author: nu11secur1ty Date: 06.29.2023 Vendor: https://www.spip.net/enrubrique25.html Software: https://files.spip.net/spip/archives/spip-v4.1.10.zip Reference: https://www.crowdstrike.com/cybersecurity-101/spoofing-attacks/ Description: The...
PodcastGenerator 3.2.9 - Blind SSRF via XML Injection
Exploit Title: PodcastGenerator 3.2.9 - Blind SSRF via XML Injection Application: PodcastGenerator Version: v3.2.9 Bugs: Blind SSRF via XML Injection Technology: PHP Vendor URL: https://podcastgenerator.net/ Software Link: https://github.com/PodcastGenerator/PodcastGenerator Date of found:...
FuguHub 8.1 - Remote Code Execution
Exploit Title: FuguHub 8.1 - Remote Code Execution Date: 6/24/2023 Exploit Author: redfire359 Vendor Homepage: https://fuguhub.com/ Software Link: https://fuguhub.com/download.lsp Version: 8.1 Tested on: Ubuntu 22.04.1 CVE : CVE-2023-24078 import requests from bs4 import BeautifulSoup import...
Xenforo Version 2.2.13 - Authenticated Stored XSS
Exploit Title: Xenforo Version 2.2.13 - Authenticated Stored XSS Date: 2023-06-24 Exploit Author: Furkan Karaarslan Category : Webapps Vendor Homepage: https://x.com/admin.php?smilies Version: 2.2.12 REQUIRED Tested on: Windows/Linux CVE :...
Microsoft SharePoint Enterprise Server 2016 - Spoofing
// Exploit Title: Microsoft SharePoint Enterprise Server 2016 - Spoofing // Date: 2023-06-20 // country: Iran // Exploit Author: Amirhossein Bahramizadeh // Category : Remote // Vendor Homepage: // Microsoft SharePoint Foundation 2013 Service Pack 1 // Microsoft SharePoint Server Subscription...
Windows 11 22h2 - Kernel Privilege Elevation
// Exploit Title: Windows 11 22h2 - Kernel Privilege Elevation // Date: 2023-06-20 // country: Iran // Exploit Author: Amirhossein Bahramizadeh // Category : webapps // Vendor Homepage: // Tested on: Windows/Linux // CVE : CVE-2023-28293 include include // The vulnerable driver file name const ch...
Azure Apache Ambari 2302250400 - Spoofing
Exploit Title: Azure Apache Ambari 2302250400 - Spoofing Date: 2023-06-23 country: Iran Exploit Author: Amirhossein Bahramizadeh Category : Remote Vendor Homepage: Microsoft Apache Ambari Microsoft azure Hdinsights Tested on: Windows/Linux CVE : CVE-2023-23408 import requests Set the URL and...
PrestaShop Winbiz Payment module - Improper Limitation of a Pathname to a Restricted Directory
Exploit Title: PrestaShop Winbiz Payment module - Improper Limitation of a Pathname to a Restricted Directory Date: 2023-06-20 Dork: /modules/winbizpayment/downloads/download.php country: Iran Exploit Author: Amirhossein Bahramizadeh Category : webapps Vendor Homepage:...
NCH Express Invoice - Clear Text Password Storage and Account Takeover
Exploit Title: NCH Express Invoice - Clear Text Password Storage and Account Takeover Google Dork:: intitle:ExpressInvoice - Login Date: 07/Apr/2020 Exploit Author: Tejas Nitin Pingulkar https://cvewalkthrough.com/ Vendor Homepage: https://www.nchsoftware.com/ Software Link:...