47904 matches found
WBiz Desk 1.2 - SQL Injection
Exploit Title: WBiz Desk 1.2 - SQL Injection Exploit Date: May 12, 2023. CVSS 3.1: 6.4 Medium CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N Tactic: Initial Access TA0001 Technique: Exploit Public-Facing Application T1190 Application Name: WBiz Desk Application Version: 1.2 Link:...
thrsrossi Millhouse-Project 1.414 - Remote Code Execution
sdsdsds ------WebKitFormBoundaryzlHN0BEvvaJsDgh8 Content-Disposition: form-data; name="files"; filename="" Content-Type: application/octet-stream ------WebKitFormBoundaryzlHN0BEvvaJsDgh8 Content-Disposition: form-data; name="category" 1 ------WebKitFormBoundaryzlHN0BEvvaJsDgh8 Content-Disposition...
Cameleon CMS 2.7.4 - Persistent Stored XSS in Post Title
Exploit Title: Authenticated Persistent XSS in Cameleon CMS 2.7.4 Google Dork: intext:"Camaleon CMS is a free and open-source tool and a fexible content management system CMS based on Ruby on Rails" Date: 2023-10-05 Exploit Author: Yasin Gergin Vendor Homepage: http://camaleon.tuzitio.com Softwar...
Optoma 1080PSTX Firmware C02 - Authentication Bypass
Exploit Title: Optoma 1080PSTX Firmware C02 - Authentication Bypass Date: 2023/05/09 Exploit Author: Anthony Cole Contact: http://twitter.com/acole76 Website: http://twitter.com/acole76 Vendor Homepage: http://optoma.com Version: Optoma 1080PSTX Firmware C02 Tested on: N/A CVE : CVE-2023-27823...
WordPress Plugin Backup Migration 1.2.8 - Unauthenticated Database Backup
Exploit Title: WordPress Plugin Backup Migration 1.2.8 - Unauthenticated Database Backup Google Dork: intitle:"Index of /wp-content/plugins/backup-backup" AND inurl:"plugins/backup-backup/" Date: 2023-05-10 Exploit Author: Wadeek Vendor Homepage: https://backupbliss.com/ Software Link:...
Prestashop 8.0.4 - CSV injection
Exploit Title: Prestashop 8.0.4 - CSV injection Application: prestashop Version: 8.0.4 Bugs: CSV Injection Technology: PHP Vendor URL: https://prestashop.com/ Software Link: https://prestashop.com/prestashop-edition-basic/ Date of found: 14.05.2023 Author: Mirabbas Ağalarov Tested on: Windows 2...
Best POS Management System v1.0 - Unauthenticated Remote Code Execution
Exploit Title: Best POS Management System v1.0 - Unauthenticated Remote Code Execution Google Dork: NA Date: 15/5/2023 Exploit Author: Mesut Cetin Vendor Homepage: https://www.sourcecodester.com/php/16127/best-pos-management-system-php.html Software Link:...
Hubstaff 1.6.14-61e5e22e - 'wow64log' DLL Search Order Hijacking
Exploit Title: Hubstaff 1.6.14-61e5e22e - 'wow64log' DLL Search Order Hijacking Date: 14/05/2023 Exploit Author: Ahsan Azad Vendor Homepage: https://hubstaff.com/ Software Link: https://app.hubstaff.com/download Version: 1.6.13, 1.6.14 Tested On: 64-bit operating system, x64-based processor...
Screen SFT DAB 600/C - Unauthenticated Information Disclosure (userManager.cgx)
Exploit Title: Screen SFT DAB 600/C - Unauthenticated Information Disclosure userManager.cgx Exploit Author: LiquidWorm Vendor: DB Elettronica Telecomunicazioni SpA Product web page: https://www.screen.it | https://www.dbbroadcast.com...
eScan Management Console 14.0.1400.2281 - SQL Injection (Authenticated)
Exploit Title: eScan Management Console 14.0.1400.2281 - SQL Injection Authenticated Date: 16/05/2023 Exploit Author: Sahil Ojha Vendor Homepage: https://www.escanav.com Software Link: https://cl.escanav.com/ewconsole.dll Version: 14.0.1400.2281 Tested on: Windows CVE : CVE-2023-31702 Step of...
SitemagicCMS 4.4.3 - Remote Code Execution (RCE)
Exploit Title: SitemagicCMS 4.4.3 Remote Code Execution RCE Application: SitemagicCMS Version: 4.4.3 Bugs: RCE Technology: PHP Vendor URL: https://sitemagic.org/Download.html Software Link: https://github.com/Jemt/SitemagicCMS Date of found: 14-05-2023 Author: Mirabbas Ağalarov Tested on: Linux 2...
Screen SFT DAB 600/C - Authentication Bypass Reset Board Config
!/usr/bin/env python3 Exploit Title: Screen SFT DAB 600/C - Authentication Bypass Reset Board Config Exploit Author: LiquidWorm Vendor: DB Elettronica Telecomunicazioni SpA Product web page: https://www.screen.it | https://www.dbbroadcast.com...
Trend Micro OfficeScan Client 10.0 - ACL Service LPE
Exploit Title: Trend Micro OfficeScan Client 10.0 - ACL Service LPE Date: 2023/05/04 Exploit Author: msd0pe Vendor Homepage: https://www.trendmicro.com My Github: https://github.com/msd0pe-1 Trend Micro OfficeScan Client: Versions = icacls "C:\Program Files x86\Trend Micro\OfficeScan Client"...
PodcastGenerator 3.2.9 - Multiple Stored Cross-Site Scripting (XSS)
Exploit Title: PodcastGenerator 3.2.9 - Multiple Stored Cross-Site Scripting XSS Application: PodcastGenerator Version: v3.2.9 Bugs: Stored Xss Technology: PHP Vendor URL: https://podcastgenerator.net/ Software Link: https://github.com/PodcastGenerator/PodcastGenerator Date of found: 14-05-2023...
Screen SFT DAB 600/C - Authentication Bypass Password Change
!/usr/bin/env python3 Exploit Title: Screen SFT DAB 600/C - Authentication Bypass Password Change Exploit Author: LiquidWorm Vendor: DB Elettronica Telecomunicazioni SpA Product web page: https://www.screen.it | https://www.dbbroadcast.com...
Screen SFT DAB 600/C - Authentication Bypass Erase Account
!/usr/bin/env python3 Exploit Title: Screen SFT DAB 600/C - Authentication Bypass Erase Account Exploit Author: LiquidWorm Vendor: DB Elettronica Telecomunicazioni SpA Product web page: https://www.screen.it | https://www.dbbroadcast.com...
Screen SFT DAB 600/C - Authentication Bypass Account Creation
!/usr/bin/env python3 Exploit Title: Screen SFT DAB 600/C - Authentication Bypass Account Creation Exploit Author: LiquidWorm Vendor: DB Elettronica Telecomunicazioni SpA Product web page: https://www.screen.it | https://www.dbbroadcast.com...
Screen SFT DAB 600/C - Authentication Bypass Admin Password Change
!/usr/bin/env python3 Exploit Title: Screen SFT DAB 600/C - Authentication Bypass Admin Password Change Exploit Author: LiquidWorm Vendor: DB Elettronica Telecomunicazioni SpA Product web page: https://www.screen.it | https://www.dbbroadcast.com...
TinyWebGallery v2.5 - Remote Code Execution (RCE)
Exploit Title: TinyWebGallery v2.5 - Remote Code Execution RCE Application: TinyWebGallery Version: v2.5 Bugs: RCE Technology: PHP Vendor URL: http://www.tinywebgallery.com/ Software Link: https://www.tinywebgallery.com/download.php?tinywebgallery=latest Date of found: 07-05-2023 Author: Mirabbas...
Epson Stylus SX510W Printer Remote Power Off - Denial of Service
Exploit Title: Epson Stylus SX510W Printer Remote Power Off - Denial of Service PoC Discovery by: Rafael Pedrero Discovery Date: 2020-05-16 Vendor Homepage: https://www.epson.es/ Software Link : https://www.epson.es/products/printers/inkjet-printers/for-home/epson-stylus-sx510w Tested Version:...
RockMongo 1.1.7 - Stored Cross-Site Scripting (XSS)
Exploit Title: RockMongo 1.1.7 - Stored Cross-Site Scripting XSS Discovery by: Rafael Pedrero Discovery Date: 2020-09-19 Vendor Homepage: https://github.com/iwind/rockmongo/ Software Link : https://github.com/iwind/rockmongo/ Tested Version: 1.1.7 Tested on: Windows 7 and 10 Vulnerability Type:...
Job Portal 1.0 - File Upload Restriction Bypass
/jobportal/applicant/ 2.- Select profile image and load a valid image. 3. Turn Burp/ZAP Intercept On 4. Select webshell - ex: shell.png 5. Alter request in the upload... Update 'filename' to desired extension. ex: shell.php Not neccesary change content type to 'image/png' Example exploitation...
Online Clinic Management System 2.2 - Multiple Stored Cross-Site Scripting (XSS)
Exploit Title: Online Clinic Management System 2.2 - Multiple Stored Cross-Site Scripting XSS Date: 27-06-2019 Exploit Author: Rafael Pedrero Vendor Homepage: https://bigprof.com Software Download Link : https://bigprof.com/appgini/applications/online-clinic-management-system Version : 2.2...
FLEX 1080 < 1085 Web 1.6.0 - Denial of Service
Exploit Title: FLEX 1080 1085 Web 1.6.0 - Denial of Service Date: 2023-05-06 Exploit Author: Mr Empy Vendor Homepage: https://www.tem.ind.br/ Software Link: https://www.tem.ind.br/?page=prod-detalhe&id=94 Version: 1.6.0 Tested on: Android CVE ID: CVE-2022-2591 !/usr/bin/env python3 import request...
TinyWebGallery v2.5 - Stored Cross-Site Scripting (XSS)
Exploit Title: TinyWebGallery v2.5 - Stored Cross-Site Scripting XSS Application: TinyWebGallery Version: v2.5 Bugs: Stored Xss Technology: PHP Vendor URL: http://www.tinywebgallery.com/ Software Link: https://www.tinywebgallery.com/download.php?tinywebgallery=latest Date of found: 07-05-2023...
File Thingie 2.5.7 - Remote Code Execution (RCE)
!/usr/bin/python Exploit Title: File Thingie 2.5.7 - Arbitary File Upload to RCE Google Dork: N/A Date: 27th of April, 2023 Exploit Author: Maurice Fielenbach grimlockx - Hexastrike Cybersecurity UG haftungsbeschränkt Software Link: https://github.com/leefish/filethingie Version: 2.5.7 Tested on:...
Ulicms-2023.1 sniffing-vicuna - Stored Cross-Site Scripting (XSS)
Exploit Title: Ulicms-2023.1 sniffing-vicuna - Stored Cross-Site Scripting XSS Application: Ulicms Version: 2023.1-sniffing-vicuna Bugs: Stored Xss Technology: PHP Vendor URL: https://en.ulicms.de/ Software Link:...
Jedox 2020.2.5 - Stored Cross-Site Scripting in Log-Module
Exploit Title: Jedox 2020.2.5 - Stored Cross-Site Scripting in Log-Module Date: 28/04/2023 Exploit Author: Team Syslifters / Christoph MAHRL, Aron MOLNAR, Patrick PIRKER and Michael WEDL Vendor Homepage: https://jedox.com Version: Jedox 2020.2 20.2.5 and older CVE : CVE-2022-47877 Introduction...
Jedox 2020.2.5 - Remote Code Execution via Configurable Storage Path
Exploit Title: Jedox 2020.2.5 - Remote Code Execution via Configurable Storage Path Date: 28/04/2023 Exploit Author: Team Syslifters / Christoph MAHRL, Aron MOLNAR, Patrick PIRKER and Michael WEDL Vendor Homepage: https://jedox.com Version: Jedox 2020.2 20.2.5 and older CVE : CVE-2022-47878...
EasyPHP Webserver 14.1 - Multiple Vulnerabilities (RCE and Path Traversal)
Exploit Title: EasyPHP Webserver 14.1 - Multiple Vulnerabilities RCE and Path Traversal Discovery by: Rafael Pedrero Discovery Date: 2022-02-06 Vendor Homepage: https://www.easyphp.org/ Software Link : https://www.easyphp.org/ Tested Version: 14.1 Tested on: Windows 7 and 10 Vulnerability Type:...
Online Pizza Ordering System v1.0 - Unauthenticated File Upload
Exploit Title: Online Pizza Ordering System 1.0 - Unauthenticated File Upload Date: 03/05/2023 Exploit Author: URGAN Vendor Homepage: https://www.sourcecodester.com/php/16166/online-pizza-ordering-system-php-free-source-code.html Software Link:...
Ulicms-2023.1 sniffing-vicuna - Remote Code Execution (RCE)
Exploit Title: Ulicms-2023.1 sniffing-vicuna - Remote Code Execution RCE Application: Ulicms Version: 2023.1-sniffing-vicuna Bugs: RCE Technology: PHP Vendor URL: https://en.ulicms.de/ Software Link: https://www.ulicms.de/content/files/Releases/2023.1/ulicms-2023.1-sniffing-vicuna-full.zip Date o...
Codigo Markdown Editor v1.0.1 (Electron) - Remote Code Execution
Exploit Title: Codigo Markdown Editor v1.0.1 Electron - Arbitrary Code Execution Date: 2023-05-03 Exploit Author: 8bitsec Vendor Homepage: https://alfonzm.github.io/codigo/ Software Link: https://github.com/alfonzm/codigo-app Version: 1.0.1 Tested on: Mac OS 13 Release Date:...
Ulicms-2023.1-sniffing-vicuna - Privilege escalation
Exploit Title: Ulicms 2023.1 sniffing-vicuna - Privilege escalation Application: Ulicms Version: 2023.1-sniffing-vicuna Bugs: Privilege escalation Technology: PHP Vendor URL: https://en.ulicms.de/ Software Link:...
Jedox 2022.4.2 - Disclosure of Database Credentials via Connection Checks
Exploit Title: Jedox 2022.4.2 - Disclosure of Database Credentials via Connection Checks Date: 28/04/2023 Exploit Author: Team Syslifters / Christoph MAHRL, Aron MOLNAR, Patrick PIRKER and Michael WEDL Vendor Homepage: https://jedox.com Version: Jedox 2022.4 22.4.2 and older CVE : CVE-2022-47880...
Jedox 2020.2.5 - Disclosure of Database Credentials via Improper Access Controls
Exploit Title: Jedox 2020.2.5 - Disclosure of Database Credentials via Improper Access Controls Date: 28/04/2023 Exploit Author: Team Syslifters / Christoph MAHRL, Aron MOLNAR, Patrick PIRKER and Michael WEDL Vendor Homepage: https://jedox.com Version: Jedox 2020.2 20.2.5 and older CVE :...
Jedox 2020.2.5 - Remote Code Execution via Executable Groovy-Scripts
Exploit Title: Jedox 2020.2.5 - Remote Code Execution via Executable Groovy-Scripts Date: 28/04/2023 Exploit Author: Syslifters - Christoph Mahrl, Aron Molnar, Patrick Pirker and Michael Wedl Vendor Homepage: https://jedox.com Version: Jedox 2020.2 20.2.5 and older CVE : CVE-2022-47876 Introducti...
Jedox 2022.4.2 - Code Execution via RPC Interfaces
Exploit Title: Jedox 2022.4.2 - Code Execution via RPC Interfaces Date: 28/04/2023 Exploit Author: Team Syslifters / Christoph MAHRL, Aron MOLNAR, Patrick PIRKER and Michael WEDL Vendor Homepage: https://jedox.com Version: Jedox 2022.4 22.4.2 and older CVE : CVE-2022-47879 Introduction...
Cmaps v8.0 - SQL injection
Exploit Title: Cmaps v8.0 - SQL injection - Date: 27.04.2023 - Exploit Author: Lucas Noki 0xPrototype - Vendor Homepage: https://github.com/vogtmh - Software Link: https://github.com/vogtmh/cmaps - Version: 8.0 - Tested on: Mac, Windows, Linux - CVE : CVE-2023-29809 Description: The vulnerability...
Wolf CMS 0.8.3.1 - Remote Code Execution (RCE)
Exploit Title: Wolf CMS 0.8.3.1 - Remote Code Execution RCE Date: 2023-05-02 Exploit Author: Ahmet Ümit BAYRAM Vendor Homepage: https://wolf-cms.readthedocs.io Software Link: https://github.com/wolfcms/wolfcms Version: 0.8.3.1 Tested on: Kali Linux Steps to Reproduce Firstly, go to the "Files" ta...
KodExplorer v4.51.03 - Pwned-Admin File-Inclusion - Remote Code Execution (RCE)
Title: KodExplorer v4.51.03 - Pwned-Admin File-Inclusion - Remote Code Execution RCE Author: nu11secur1ty Date: 04.30.2023 Vendor: https://kodcloud.com/ Software: https://github.com/kalcaddle/KodExplorer/releases/tag/4.51.03 Reference: https://portswigger.net/web-security/file-upload Description:...
pluck v4.7.18 - Stored Cross-Site Scripting (XSS)
Exploit Title: pluck v4.7.18 - Stored Cross-Site Scripting XSS Application: pluck Version: 4.7.18 Bugs: XSS Technology: PHP Vendor URL: https://github.com/pluck-cms/pluck Software Link: https://github.com/pluck-cms/pluck Date of found: 01-05-2023 Author: Mirabbas Ağalarov Tested on: Linux 2...
Jedox 2022.4.2 - Remote Code Execution via Directory Traversal
Exploit Title: Jedox 2022.4.2 - Remote Code Execution via Directory Traversal Date: 28/04/2023 Exploit Author: Team Syslifters / Christoph MAHRL, Aron MOLNAR, Patrick PIRKER and Michael WEDL Vendor Homepage: https://jedox.com Version: Jedox 2022.4 22.4.2 and older CVE : CVE-2022-47875 Introductio...
PHPJabbers Simple CMS V5.0 - Stored Cross-Site Scripting (XSS)
Exploit Title: PHPJabbers Simple CMS V5.0 - Stored Cross-Site Scripting XSS Date: 2023-04-29 Exploit Author: Ahmet Ümit BAYRAM Vendor Homepage: https://www.phpjabbers.com/faq.php Software Link: https://www.phpjabbers.com/simple-cms/ Version: 5.0 Tested on: Kali Linux Steps to Reproduce - Please...
FS-S3900-24T4S - Privilege Escalation
Exploit Title: FS-S3900-24T4S Privilege Escalation Date: 29/04/2023 Exploit Author: Daniele Linguaglossa & Alberto Bruscino Vendor Homepage: https://www.fs.com/ Software Link: not available Version: latest Tested on: latest CVE : CVE-2023-30350 import sys import telnetlib def exploitargs: printar...
GLPI 9.5.7 - Username Enumeration
Exploit Title: GLPI 9.5.7 - Username Enumeration Date: 04/29/2023 Author: Rafael B. Vendor Homepage: https://glpi-project.org/pt-br/ Affected Versions: GLPI version 9.1 = 9.5.7 Software: https://github.com/glpi-project/glpi/releases/download/9.5.7/glpi-9.5.7.tgz import requests from bs4 import...
Companymaps v8.0 - Stored Cross Site Scripting (XSS)
Exploit Title: Companymaps V8.0 - Stored Cross Site Scripting XSS Date: 27.04.2023 Exploit Author: Lucas Noki 0xPrototype Vendor Homepage: https://github.com/vogtmh Software Link: https://github.com/vogtmh/cmaps Version: 8.0 Tested on: Mac, Windows, Linux CVE : CVE-2023-29983 Steps to reproduce: ...
PHPJabbers Simple CMS 5.0 - SQL Injection
Exploit Title: PHPJabbers Simple CMS 5.0 - SQL Injection Date: 2023-04-29 Exploit Author: Ahmet Ümit BAYRAM Vendor Homepage: https://www.phpjabbers.com/faq.php Software Link: https://www.phpjabbers.com/simple-cms/ Version: 5.0 Tested on: Kali Linux Request GET...
projectSend r1605 - Private file download
Exploit Title: projectSend r1605 - Private file download Application: projectSend Version: r1605 Bugs: IDOR Technology: PHP Vendor URL: https://www.projectsend.org/ Software Link: https://www.projectsend.org/ Date of found: 24-01-2023 Author: Mirabbas Ağalarov Tested on: Linux Technical Details &...
phpMyFAQ v3.1.12 - CSV Injection
Exploit Title: phpMyFAQ v3.1.12 - CSV Injection Application: phpMyFAQ Version: 3.1.12 Bugs: CSV Injection Technology: PHP Vendor URL: https://www.phpmyfaq.de/ Software Link: https://download.phpmyfaq.de/phpMyFAQ-3.1.12.zip Date of found: 21.04.2023 Author: Mirabbas Ağalarov Tested on: Windows 2...