47904 matches found
Microsoft Edge (Chromium-based) Webview2 1.0.1661.34 - Spoofing
Title: Microsoft-Edge-Chromium-based-Webview2-1.0.1661.34-Spoofing-Vulnerability Author: nu11secur1ty Date: 04.10.2023 Vendor: https://developer.microsoft.com/en-us/ Software: https://developer.microsoft.com/en-us/microsoft-edge/webview2/ Reference:...
Online Computer and Laptop Store 1.0 - Remote Code Execution (RCE)
!/usr/bin/env python3 Exploit Title: Online Computer and Laptop Store 1.0 - Remote Code Execution RCE Date: 09/04/2023 Exploit Author: Matisse Beckandt Backendt Vendor Homepage:...
Microsoft Windows 11 - 'cmd.exe' Denial of Service
Exploit Title: Microsoft Windows 11 - 'cmd.exe' Denial of Service Exploit Author: Milad Karimi Ex3ptionaL Date: 2023-03-30 Vendor Homepage: https://www.microsoft.com/en-us Software Link: https://www.microsoft.com/en-us Tested Version: N/A Tested on OS: Windows 11 Pro About App Microsoft Windows i...
Icinga Web 2.10 - Arbitrary File Disclosure
!/usr/bin/env python3 Exploit Title: Icinga Web 2.10 - Arbitrary File Disclosure Date: 2023-03-19 Exploit Author: Jacob Ebben Vendor Homepage: https://icinga.com/ Software Link: https://github.com/Icinga/icingaweb2 Version: 2.8.6, 2.9.6, 2.10 Tested on: Icinga Web 2 Version 2.9.2 on Linux CVE:...
Palo Alto Cortex XSOAR 6.5.0 - Stored Cross-Site Scripting (XSS)
Exploit Title: Palo Alto Cortex XSOAR 6.5.0 - Stored Cross-Site Scripting XSS Exploit Author: omurugur Vendor Homepage: https://security.paloaltonetworks.com/CVE-2022-0020 Version: 6.5.0 - 6.2.0 - 6.1.0 Tested on: relevant os CVE : CVE-2022-0020 Author Web: https://www.justsecnow.com Author Socia...
Stonesoft VPN Client 6.2.0 / 6.8.0 - Local Privilege Escalation
Exploit Title: Stonesoft VPN Client 6.2.0 / 6.8.0 - Local Privilege Escalation Exploit Author : TOUHAMI KASBAOUI Vendor Homepage : https://www.forcepoint.com/ Software: Stonesoft VPN Windows Version : 6.2.0 / 6.8.0 Tested on : Windows 10 CVE : N/A Description local privilege escalation vertical...
Symantec Messaging Gateway 10.7.4 - Stored Cross-Site Scripting (XSS)
Exploit Title: Symantec Messaging Gateway 10.7.4 - Stored Cross-Site Scripting XSS Exploit Author: omurugur Vendor Homepage: https://support.broadcom.com/external/content/SecurityAdvisories/0/21117 Version: 10.7.4-10.7.13 Tested on: relevant os CVE : CVE-2022-25630 Author Web:...
X2CRM v6.6/6.9 - Reflected Cross-Site Scripting (XSS) (Authenticated)
Exploit Title: X2CRM v6.6/6.9 - Reflected Cross-Site Scripting XSS Authenticated Exploit Author: Betul Denizler Vendor Homepage: https://x2crm.com/ Software Link: https://sourceforge.net/projects/x2engine/ Version: X2CRM v6.6/6.9 Tested on: Ubuntu Mate 20.04 Vulnerable Parameter: model CVE: Use...
Online Appointment System V1.0 - Cross-Site Scripting (XSS)
Exploit Title: Online Appointment System V1.0 - Cross-Site Scripting XSS Date: 25/02/2023 Exploit Author: Sanjay Singh Vendor Homepage: https://www.sourcecodester.com Software Link: https://www.sourcecodester.com/php/14502/online-appointment-system-php-full-source-code-2020.html Tested on: Window...
RSA NetWitness Platform 12.2 - Incorrect Access Control / Code Execution
Exploit Title: RSA NetWitness Platform 12.2 - Incorrect Access Control / Code Execution + Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/RSANETWITNESSEDRAGENTINCORRECTACCESSCONTROLCVE-2022-47529.txt + twitter.com/hyp3rlinx...
Suprema BioStar 2 v2.8.16 - SQL Injection
Exploit Title: Suprema BioStar 2 v2.8.16 - SQL Injection Date: 26/03/2023 Exploit Author: Yuriy Vander Tsarenko https://www.linkedin.com/in/yuriy-tsarenko-a1453aa4/ Vendor Homepage: https://www.supremainc.com/ Software Link:...
Online-Pizza-Ordering -1.0 - Remote Code Execution (RCE)
Exploit Title: Online-Pizza-Ordering -1.0 - Remote Code Execution RCE Author: nu11secur1ty Date: 03.30.2023 Vendor: https://github.com/oretnom23 Software: https://www.sourcecodester.com/php/16166/online-pizza-ordering-system-php-free-source-code.html Reference:...
ZCBS/ZBBS/ZPBS v4.14k - Reflected Cross-Site Scripting (XSS)
Exploit Title: ZCBS/ZBBS/ZPBS v4.14k - Reflected Cross-Site Scripting XSS Date: 2023-03-30 CVE: CVE-2023-26692 Exploit Author: Abdulaziz Saad @b4zb0z Vendor Homepage: https://www.zcbs.nl Version: 4.14k Tested on: LAMP, Ubuntu Google Dork: inurl:objecten.pl?ident=3D --- Vulnerability : $GET'ident'...
Medicine Tracker System v1.0 - Sql Injection
Exploit Title: Medicine Tracker System v1.0 - Sql Injection Exploit Author: Sanjay Singh Vendor Homepage: https://www.sourcecodester.com Software Link: https://www.sourcecodester.com/sites/default/files/download/oretnom23/php-mts0.zip Version: V1.0.0 Tested on: Windows/Linux Proof of Concept: 1-...
ENTAB ERP 1.0 - Username PII leak
Exploit Title: ENTAB ERP 1.0 - Username PII leak Date: 17.05.2022 Exploit Author: Deb Prasad Banerjee Vendor Homepage: https://www.entab.in Version: Entab ERP 1.0 Tested on: Windows IIS CVE: CVE-2022-30076 Vulnerability Name: Broken Access control via Rate Limits Description: In the entab softwar...
ActFax 10.10 - Unquoted Path Services
Exploit Title: ActFax 10.10 - Unquoted Path Services Date: 22/03/2023 Exploit Author: Birkan ALHAN @taftss Vendor Homepage: https://www.actfax.com Software Link: https://www.actfax.com/en/download.html Version: Version 10.10, Build 0551 2023-02-01 Tested on: Windows 10 21H2 OS Build 19044.2728...
Joomla! v4.2.8 - Unauthenticated information disclosure
!/usr/bin/env ruby Exploit Title: Joomla! v4.2.8 - Unauthenticated information disclosure Exploit author: noraj Alexandre ZANNI for ACCEIS https://www.acceis.fr Author website: https://pwn.by/noraj/ Exploit source: https://github.com/Acceis/exploit-CVE-2023-23752 Date: 2023-03-24 Vendor Homepage:...
WebsiteBaker v2.13.3 - Cross-Site Scripting (XSS)
Exploit Title: WebsiteBaker v2.13.3 - Cross-Site Scripting XSS Application: WebsiteBaker Version: 2.13.3 Bugs: Stored XSS Technology: PHP Vendor URL: https://websitebaker.org/pages/en/home.php Software Link: https://wiki.websitebaker.org/doku.php/en/downloads Date of found: 02.04.2023 Author:...
X2CRM v6.6/6.9 - Stored Cross-Site Scripting (XSS) (Authenticated)
Exploit Title: X2CRM v6.6/6.9 - Stored Cross-Site Scripting XSS Authenticated Exploit Author: Betul Denizler Vendor Homepage: https://x2crm.com/ Software Link: https://sourceforge.net/projects/x2engine/ Version: X2CRM v6.6/6.9 Tested on: Ubuntu Mate 20.04 Vulnerable Parameter: Actionssubject CVE:...
pfsenseCE v2.6.0 - Anti-brute force protection bypass
!/usr/bin/python3 Exploit Title: pfsenseCE v2.6.0 - Anti-brute force protection bypass Google Dork: intitle:"pfSense - Login" Date: 2023-04-07 Exploit Author: FabDotNET Fabien MAISONNETTE Vendor Homepage: https://www.pfsense.org/ Software Link:...
Microsoft Excel 365 MSO (Version 2302 Build 16.0.16130.20186) 64-bit - Remote Code Execution (RCE)
Exploit Title: Microsoft Excel 365 MSO Version 2302 Build 16.0.16130.20186 64-bit - Remote Code Execution RCE Exploit Author: nu11secur1ty Date: 03.16.2023 Vendor: https://www.microsoft.com/en-us/microsoft-365/excel Software: https://www.microsoft.com/en-us/microsoft-365/excel Reference:...
Lucee Scheduled Job v1.0 - Command Execution
Exploit Title: Lucee Scheduled Job v1.0 - Command Execution Date: 3-23-2012 Exploit Author: Alexander Philiotis Vendor Homepage: https://www.lucee.org/ Software Link: https://download.lucee.org/ Version: All versions with scheduled jobs enabled Tested on: Linux - Debian, Lubuntu & Windows 10 Ref ...
Restaurant Management System 1.0 - SQL Injection
Exploit Title: Restaurant Management System 1.0 - SQL Injection Date: 2023-03-20 Exploit Author: calfcrusher [email protected] Vendor Homepage: https://www.sourcecodester.com/users/lewa Software Link: https://www.sourcecodester.com/php/11815/restaurant-management-system.html Version: 1.0...
Adobe Connect 11.4.5 - Local File Disclosure
Title: Adobe Connect 11.4.5 - Local File Disclosure Author: h4shur date:2021.01.16-2023.02.17 CVE: CVE-2023-22232 Vendor Homepage: https://www.adobe.com Software Link: https://www.adobe.com/products/adobeconnect.html Version: 11.4.5 and earlier, 12.1.5 and earlier User interaction: None Tested...
dotclear 2.25.3 - Remote Code Execution (RCE) (Authenticated)
Exploit Title: dotclear 2.25.3 - Remote Code Execution RCE Authenticated Application: dotclear Version: 2.25.3 Bugs: Remote Code Execution RCE Authenticated via file upload Technology: PHP Vendor URL: https://dotclear.org/ Software Link: https://dotclear.org/download Date of found: 08.04.2023...
ESET Service 16.0.26.0 - 'Service ekrn' Unquoted Service Path
Exploit Title: ESET Service 16.0.26.0 - 'Service ekrn' Unquoted Service Path Exploit Author: Milad Karimi Ex3ptionaL Exploit Date: 2023-04-05 Vendor : https://www.eset.com Version : 16.0.26.0 Tested on OS: Microsoft Windows 11 pro x64 PoC : ============== C:\sc qc ekrn SC QueryServiceConfig SUCCE...
Pentaho BA Server EE 9.3.0.0-428 - Remote Code Execution (RCE) (Unauthenticated)
Exploit Title: Pentaho BA Server EE 9.3.0.0-428 - Remote Code Execution RCE Unauthenticated Author: dwbzn Date: 2022-04-04 Vendor: https://www.hitachivantara.com/ Software Link: https://www.hitachivantara.com/en-us/products/lumada-dataops/data-integration-analytics/download-pentaho.html Version:...
FortiRecorder 6.4.3 - Denial of Service
Exploit Title: FortiRecorder 6.4.3 - Denial of Service Google Dork: N/A Date: 13/03/2023 Exploit Author: Mohammed Adel Vendor Homepage: https://www.fortinet.com/ Software Link: https://www.fortinet.com/products/network-based-video-security/forticam-fortirecorder Version: 6.4.3 and below && 6.0.11...
Altenergy Power Control Software C1.2.5 - OS command injection
Exploit Title: Altenergy Power Control Software C1.2.5 - OS command injection Google Dork: intitle:"Altenergy Power Control Software" Date: 15/3/2023 Exploit Author: Ahmed Alroky Vendor Homepage: https://apsystems.com/ Version: C1.2.5 Tested on: Windows 10 CVE : CVE-2023-28343 import requests...
Goanywhere Encryption helper 7.1.1 - Remote Code Execution (RCE)
// Exploit Title: Goanywhere Encryption helper 7.1.1 - Remote Code Execution RCE // Google Dork: title:"GoAnywhere" // Date: 3/26/2023 // Exploit Author: Youssef Muhammad // Vendor Homepage: https://www.goanywhere.com/ // Software Link:...
Google Chrome 109.0.5414.74 - Code Execution via missing lib file (Ubuntu)
Exploit Title: Google Chrome 109.0.5414.74 - Code Execution via missing lib file Ubuntu Product: Google Chrome Discovered by: Rafay Baloch and Muhammad Samak Version: 109.0.5414.74 Impact: Moderate Company: Cyber Citadel Website: https://www.cybercitadel.com Tested-on : Ubuntu 22.04.1 Description...
Rukovoditel 3.3.1 - Remote Code Execution (RCE)
Exploit Title: Rukovoditel 3.3.1 - Remote Code Execution RCE Version: 3.3.1 Bugs: rce via jpeg file upload Technology: PHP Vendor URL: https://www.rukovoditel.net/ Software Link: https://www.rukovoditel.net/download.php Date of found: 12-03-2023 Author: Mirabbas AÄźalarov Tested on: Linux 2...
ChurchCRM 4.5.1 - Authenticated SQL Injection
Exploit Title: ChurchCRM 4.5.1 - Authenticated SQL Injection Date: 11-03-2023 Exploit Author: Arvandy Blog Post: https://github.com/arvandy/CVE/blob/main/CVE-2023-24787/CVE-2023-24787.md Software Link: https://github.com/ChurchCRM/CRM/releases Vendor Homepage: http://churchcrm.io/ Version: 4.5.1...
Schneider Electric v1.0 - Directory traversal & Broken Authentication
Exploit Title: Schneider Electric v1.0 - Directory traversal & Broken Authentication Google Dork: inurl:/scada-vis Date: 3/11/2023 Exploit Author: parsa rezaie khiabanloo Vendor Homepage: https://www.se.com/ Version: all-versions Tested on: Windows/Linux/Android Attacker can using these dorks and...
NotrinosERP 0.7 - Authenticated Blind SQL Injection
Exploit Title: NotrinosERP 0.7 - Authenticated Blind SQL Injection Date: 11-03-2023 Exploit Author: Arvandy Blog Post: https://github.com/arvandy/CVE/blob/main/CVE-2023-24788/CVE-2023-24788.md Software Link: https://github.com/notrinos/NotrinosERP/releases/tag/0.7 Vendor Homepage:...
Wondershare Dr Fone 12.9.6 - Privilege Escalation
Exploit Title: Wondershare Dr Fone 12.9.6 - Privilege Escalation Date: 14 March 2023 Exploit Author: Thurein Soe Vendor Homepage: https://drfone.wondershare.com Software Link: https://mega.nz/file/ZFd1TZIRe2WfCXryaH08C3VNGZH1yAIG6DU01p-MrDooq529I Version: Dr Fone version 12.9.6 Tested on: Window ...
Tenda N300 F3 12.01.01.48 - Malformed HTTP Request Header Processing
!/usr/bin/python3 Exploit Title: Tenda N300 F3 12.01.01.48 - Malformed HTTP Request Header Processing Shodan Dork: http.favicon.hash:-2145085239 http.title:"Tenda | LOGIN" Date: 09/03/2023 Exploit Author: @h454nsec Github: https://github.com/H454NSec/CVE-2020-35391 Vendor Homepage:...
MAC 1200R - Directory Traversal
Exploit Title: MAC 1200R - Directory Traversal Google Dork: "MAC1200R" && port="8888" Date: 2023/03/09 Exploit Author: Chunlei Shang, Jiangsu Public Information Co., Ltd. Vendor Homepage: https://www.mercurycom.com.cn/ Software Link: https://www.mercurycom.com.cn/product-1-1.html Version: all...
Docker based datastores for IBM Instana 241-2 243-0 - No Authentication
Exploit Title: Docker based datastores for IBM Instana 241-2 243-0 - No Authentication Google Dork: if applicable Date: 06 March 2023 Exploit Author: Shahid Parvez zippon Vendor Homepage: https://www.instana.com/trial/ and https://www.ibm.com/docs/en/instana-observability Software Link:...
Franklin Fueling Systems TS-550 - Exploit and Default Password
Exploit Title: Franklin Fueling Systems TS-550 - Exploit and Default Password Date: 3/11/2023 Exploit Author: parsa rezaie khiabanloo Vendor Homepage: Franklin Fueling Systems http://www.franklinfueling.com/ Version: TS-550 Tested on: Linux/Androidtermux Step 1 : attacker can using these dorks an...
Snitz Forum v1.0 - Blind SQL Injection
Exploit Title: Snitz Forum v1.0 - Blind SQL Injection Date: 13/03/2023 Exploit Author: Emiliano Febbi Vendor Homepage: https://forum.snitz.com/ Software Link: https://sourceforge.net/projects/sf2k/files/ Version: ALL VERSION Tested on: Windows 10 code . . / ///I . / // 0day PoC...
IBM Aspera Faspex 4.4.1 - YAML deserialization (RCE)
Exploit Title: IBM Aspera Faspex 4.4.1 - YAML deserialization RCE Date: 02/02/2023 Exploit Author: Maurice Lambert Vendor Homepage: https://www.ibm.com/ Software Link: https://www.ibm.com/docs/en/aspera-faspex/5.0?topic=welcome-faspex Version: 4.4.1 Tested on: Linux CVE : CVE-2022-47986 """ This...
WIMAX SWC-5100W Firmware V(1.11.0.1 :1.9.9.4) - Authenticated RCE
Exploit Title: WIMAX SWC-5100W Firmware V1.11.0.1 :1.9.9.4 - Authenticated RCE Vulnerability Name: Ballin' Mada Date: 4/3/2023 Exploit Author: Momen Eldawakhly Cyber Guy Vendor Homepage: http://www.seowonintech.co.kr/eng/main Version: Bootloader1.18.19.0 , HW 0.0.7.0, FW1.11.0.1 : 1.9.9.4 Tested...
atrocore 1.5.25 User interaction - Unauthenticated File upload - RCE
Exploit Title: atrocore 1.5.25 User interaction - Unauthenticated File upload - RCE Author: nu11secur1ty Date: 02.16.2023 Vendor: https://atropim.com/ Software: https://github.com/atrocore/atrocore/releases/tag/1.5.25 Reference: https://portswigger.net/web-security/file-upload Description: The...
Best pos Management System v1.0 - SQL Injection
Exploit Title: Best pos Management System v1.0 - SQL Injection Google Dork: NA Date: 14/2/2023 Exploit Author: Ahmed Ismail @MrOz1l Vendor Homepage: https://www.sourcecodester.com/php/16127/best-pos-management-system-php.html Software Link:...
Intern Record System v1.0 - SQL Injection (Unauthenticated)
Exploit Title: Intern Record System v1.0 - SQL Injection Unauthenticated Date: 2022-06-09 Exploit Author: Hamdi Sevben Vendor Homepage: https://code-projects.org/intern-record-system-in-php-with-source-code/ Software Link:...
Dompdf 1.2.1 - Remote Code Execution (RCE)
!/usr/bin/python3 Exploit Title: Dompdf 1.2.1 - Remote Code Execution RCE Date: 16 February 2023 Exploit Author: Ravindu Wickramasinghe @rvizx9 Vendor Homepage: https://dompdf.github.io/ Software Link: https://github.com/dompdf/dompdf Version: 1.2.1 Tested on: Kali linux CVE : CVE-2022-28368 Gith...
Art Gallery Management System Project in PHP v 1.0 - SQL injection
Exploit Title: Art Gallery Management System Project in PHP v 1.0 - SQL injection Date: 31-01-2023 Exploit Author: Yogesh Verma Vendor Homepage: https://y0gesh-verma.github.io/ Software Link: https://phpgurukul.com/art-gallery-management-system-using-php-and-mysql/,...
Auto Dealer Management System v1.0 - SQL Injection
Exploit Title: Auto Dealer Management System v1.0 - SQL Injection Author Name: Muhammad Navaid Zafar Ansari Date: 18 February 2023 CVE Assigned: CVE-2023-0912 mitre.org nvd.nist.org Vendor Homepage: https://www.sourcecodester.com Software Link: Auto Dealer Management System Version: v 1.0 Tested...
Osprey Pump Controller v1.0.1 - Unauthenticated Reflected XSS
Exploit Title: Osprey Pump Controller v1.0.1 - Unauthenticated Reflected XSS Exploit Author: LiquidWorm Vendor: ProPump and Controls, Inc. Product web page: https://www.propumpservice.com | https://www.pumpstationparts.com Affected version: Software Build ID 20211018, Production 10/18/2021 Mirage...