47884 matches found
Arris Router Firmware 9.1.103 - Remote Code Execution (RCE) (Authenticated)
Exploit Title: Arris Router Firmware 9.1.103 - Remote Code Execution RCE Authenticated Date: 17/11/2022 Exploit Author: Yerodin Richards Vendor Homepage: https://www.commscope.com/ Version: 9.1.103 Tested on: TG2482A, TG2492, SBG10 CVE : CVE-2022-45701 import requests import base64 routerhost =...
HospitalRun 1.0.0-beta - Local Root Exploit for macOS
Exploit Title: HospitalRun 1.0.0-beta - Local Root Exploit for macOS Written by Jean Pereira Date: 2023/03/04 Vendor Homepage: https://hospitalrun.io Software Link: https://github.com/HospitalRun/hospitalrun-frontend/releases/download/1.0.0-beta/HospitalRun.dmg Version: 1.0.0-beta Tested on: macO...
Art Gallery Management System Project in PHP v 1.0 - SQL injection
Exploit Title: Art Gallery Management System Project in PHP v 1.0 - SQL injection Date: 31-01-2023 Exploit Author: Yogesh Verma Vendor Homepage: https://y0gesh-verma.github.io/ Software Link: https://phpgurukul.com/art-gallery-management-system-using-php-and-mysql/,...
Best pos Management System v1.0 - Remote Code Execution (RCE) on File Upload
Exploit Title: Best pos Management System v1.0 - Remote Code Execution RCE on File Upload Google Dork: NA Date: 17/2/2023 Exploit Author: Ahmed Ismail @MrOz1l Vendor Homepage: https://www.sourcecodester.com/php/16127/best-pos-management-system-php.html Software Link:...
Osprey Pump Controller 1.0.1 - Unauthenticated File Disclosure
Exploit Title: Osprey Pump Controller 1.0.1 - Unauthenticated File Disclosure Exploit Author: LiquidWorm Vendor: ProPump and Controls, Inc. Product web page: https://www.propumpservice.com | https://www.pumpstationparts.com Affected version: Software Build ID 20211018, Production 10/18/2021 Mirag...
Employee Task Management System v1.0 - Broken Authentication
Exploit Title: Employee Task Management System v1.0 - Broken Authentication Exploit Author: Muhammad Navaid Zafar Ansari Date: 17 February 2023 CVE Assigned: CVE-2023-0905 mitre.org, nvd.nist.org Author: Muhammad Navaid Zafar Ansari Vendor Homepage: https://www.sourcecodester.com Software Link:...
POLR URL 2.3.0 - Shortener Admin Takeover
Exploit Title: POLR URL 2.3.0 - Shortener Admin Takeover Date: 2021-02-01 Exploit Author: p4kl0nc4t Vendor Homepage: - Software Link: https://github.com/cydrobolt/polr Version: 2.3.0 Tested on: Linux CVE : CVE-2021-21276 import json import requests payload = 'acctusername': 'admin', 'acctpassword...
LDAP Tool Box Self Service Password v1.5.2 - Account takeover
Exploit Title: LDAP Tool Box Self Service Password v1.5.2 - Account takeover Date: 02/17/2023 Exploit Author: Tahar BENNACEF aka tar.gz Software Link: https://github.com/ltb-project/self-service-password Version: 1.5.2 Tested on: Ubuntu Self Service Password is a PHP application that allows users...
FileZilla Client 3.63.1 - 'TextShaping.dl' DLL Hijacking
--------------------------------------------------------- Title: FileZilla Client 3.63.1 - 'TextShaping.dl' DLL Hijacking Date: 2023-02-14 Author: Bilal Qureshi Vendor: https://filezilla-project.org/ Version: 3.63.1 Tested on: Windows 10 Pro 64-bit 10.0, Build 19044...
Auto Dealer Management System v1.0 - SQL Injection in sell_vehicle.php
Exploit Title: Auto Dealer Management System v1.0 - SQL Injection in sellvehicle.php Author Name: Muhammad Navaid Zafar Ansari Date: 18 February 2023 CVE Assigned: CVE-2023-0913 mitre.org nvd.nist.org Vendor Homepage: https://www.sourcecodester.com Software Link: Auto Dealer Management System...
craftercms 4.x.x - CORS
Exploit Title: craftercms 4.x.x - CORS Author: nu11secur1ty Date: 03.07.2023 Vendor: https://docs.craftercms.org/en/4.0/index.html Software: https://github.com/craftercms/craftercms/tags = 4.x.x Reference: https://portswigger.net/web-security/cors Description: The application implements an HTML5...
Osprey Pump Controller 1.0.1 - Unauthenticated Remote Code Execution Exploit
!/usr/bin/env python Exploit Title: Osprey Pump Controller 1.0.1 - Unauthenticated Remote Code Execution Exploit Exploit Author: LiquidWorm Vendor: ProPump and Controls, Inc. Product web page: https://www.propumpservice.com | https://www.pumpstationparts.com Affected version: Software Build ID...
Osprey Pump Controller 1.0.1 - Cross-Site Request Forgery
!-- Exploit Title: Osprey Pump Controller 1.0.1 - Cross-Site Request Forgery Exploit Author: LiquidWorm Vendor: ProPump and Controls, Inc. Product web page: https://www.propumpservice.com | https://www.pumpstationparts.com Affected version: Software Build ID 20211018, Production 10/18/2021 Mirage...
Osprey Pump Controller 1.0.1 - Administrator Backdoor Access
Exploit Title: Osprey Pump Controller 1.0.1 - Administrator Backdoor Access Exploit Author: LiquidWorm Vendor: ProPump and Controls, Inc. Product web page: https://www.propumpservice.com | https://www.pumpstationparts.com Affected version: Software Build ID 20211018, Production 10/18/2021 Mirage...
Auto Dealer Management System v1.0 - SQL Injection on manage_user.php
Exploit Title: Auto Dealer Management System v1.0 - SQL Injection on manageuser.php Exploit Author: Muhammad Navaid Zafar Ansari Date: 18 February 2023 CVE Assigned: CVE-2023-0915 mitre.org nvd.nist.org Vendor Homepage: https://www.sourcecodester.com Software Link: Auto Dealer Management System...
Simple Task Managing System v1.0 - SQL Injection (Unauthenticated)
Exploit Title: Simple Task Managing System v1.0 - SQL Injection Unauthenticated Date: 2022-01-09 Exploit Author: Hamdi Sevben Vendor Homepage: https://www.sourcecodester.com/php/15624/simple-task-managing-system-php-mysqli-free-source-code.html Software Link:...
WIMAX SWC-5100W Firmware V(1.11.0.1 :1.9.9.4) - Authenticated RCE
Exploit Title: WIMAX SWC-5100W Firmware V1.11.0.1 :1.9.9.4 - Authenticated RCE Vulnerability Name: Ballin' Mada Date: 4/3/2023 Exploit Author: Momen Eldawakhly Cyber Guy Vendor Homepage: http://www.seowonintech.co.kr/eng/main Version: Bootloader1.18.19.0 , HW 0.0.7.0, FW1.11.0.1 : 1.9.9.4 Tested...
Unified Remote 3.13.0 - Remote Code Execution (RCE)
Exploit Title: Unified Remote 3.13.0 - Remote Code Execution RCE Google Dork: NA Date: 03/03/2023 Exploit Author: H4rk3nz0 Vendor Homepage: https://www.unifiedremote.com/ Software Link: https://www.unifiedremote.com/download/windows Version: 3.13.0 Current Tested on: Windows CVE : NA Due to the u...
ABUS Security Camera TVIP 20000-21150 - LFI, RCE and SSH Root Access
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Exploit Title: ABUS Security Camera TVIP 20000-21150 - LFI, RCE and SSH Root Access Date: 2023-02-16 Exploit Author: [email protected] for NetworkSEC NWSSA-001-2023 Vendor Homepage: https://www.abus.com Version/Model: TVIP...
Kimai-1.30.10 - SameSite Cookie-Vulnerability session hijacking
Exploit Title: Kimai-1.30.10 - SameSite Cookie-Vulnerability session hijacking Author: nu11secur1ty Date: 02.23.2023 Vendor: https://www.kimai.org/ Software: https://github.com/kimai/kimai/releases/tag/1.30.10 Reference:...
bgERP v22.31 (Orlovets) - Cookie Session vulnerability & Cross-Site Scripting (XSS)
Title: bgERP v22.31 Orlovets - Cookie Session vulnerability & Cross-Site Scripting XSS Author: nu11secur1ty Date: 01.31.2023 Vendor: https://bgerp.com/Bg/Za-sistemata Software: https://github.com/bgerp/bgerp/releases/tag/v22.31 Reference:...
Bus Pass Management System 1.0 - Stored Cross-Site Scripting (XSS)
Exploit Title: Bus Pass Management System 1.0 - Stored Cross-Site Scripting XSS Date: 2021-09-17 Exploit Author: Matteo Conti - https://deltaspike.io Vendor Homepage: https://phpgurukul.com/ Software Link:...
Control Web Panel 7 (CWP7) v0.9.8.1147 - Remote Code Execution (RCE)
// Exploit Title: Control Web Panel 7 CWP7 v0.9.8.1147 - Remote Code Execution RCE // Date: 2023-02-02 // Exploit Author: Mayank Deshmukh // Vendor Homepage: https://centos-webpanel.com/ // Affected Versions: version 0.9.8.1147 // Tested on: Kali Linux // CVE : CVE-2022-44877 // Github POC:...
projectSend r1605 - Remote Code Exectution RCE
Exploit Title: projectSend r1605 - Remote Code Exectution RCE Application: projectSend Version: r1605 Bugs: rce via file extension manipulation Technology: PHP Vendor URL: https://www.projectsend.org/ Software Link: https://www.projectsend.org/ Date of found: 26-01-2023 Author: Mirabbas Ağalarov...
XWorm Trojan 2.1 - Null Pointer Derefernce DoS
Exploit Author: XWorm Trojan 2.1 - Null Pointer Derefernce DoS Exploit Author: TOUHAMI KASBAOUI Vendor Homepage: https://blog.cyble.com/2022/08/19/evilcoder-project-selling-multiple-dangerous-tools-online/ Software Link: N/A Version: 2.1 Tested on: Windows 10 CVE : N/A...
Answerdev 1.0.3 - Account Takeover
Exploit Title: Answerdev 1.0.3 - Account Takeover Date: Reported on Jan 24th 2023 Exploit Author: Eduardo Pérez-Malumbres Cervera @blueudp Vendor Homepage: https://answer.dev/ Software Link: https://github.com/answerdev/answer Version: 1.0.3 Tested on: Ubuntu 22.04 / Debian 11 CVE : CVE-2023-0744...
Online Eyewear Shop 1.0 - SQL Injection (Unauthenticated)
Exploit Title: Online Eyewear Shop 1.0 - SQL Injection Unauthenticated Date: 2023-01-02 Exploit Author: Muhammad Navaid Zafar Ansari Vendor Homepage: https://www.sourcecodester.com/php/16089/online-eyewear-shop-website-using-php-and-mysql-free-download.html Software Link:...
GNU screen v4.9.0 - Privilege Escalation
Exploit Title: GNU screen v4.9.0 - Privilege Escalation Date: 03.02.2023 Exploit Author: Manuel Andreas Vendor Homepage: https://www.gnu.org/software/screen/ Software Link: https://ftp.gnu.org/gnu/screen/screen-4.9.0.tar.gz Version: 4.9.0 Tested on: Arch Linux CVE : CVE-2023-24626 import os impor...
BTCPay Server v1.7.4 - HTML Injection
Exploit Title: BTCPay Server v1.7.4 - HTML Injection Date: 01/26/2023 Exploit Author: Manojkumar J TheWhiteEvil Vendor Homepage: https://github.com/btcpayserver/btcpayserver Software Link: https://github.com/btcpayserver/btcpayserver/releases/tag/v1.7.5 Version: clickhere 3. Click remove/delete A...
Binwalk v2.3.2 - Remote Command Execution (RCE)
Exploit Title: Binwalk v2.3.2 - Remote Command Execution RCE Exploit Author: Etienne Lacoche CVE-ID: CVE-2022-4510 import os import inspect import argparse print"" print"" print"------------------CVE-2022-4510----------------" print"" print"--------Binwalk Remote Command Execution--------"...
Kardex Mlog MCC 5.7.12 - RCE (Remote Code Execution)
!/usr/bin/env python3 Exploit Title: Kardex Mlog MCC 5.7.12 - RCE Remote Code Execution Date: 12/13/2022 Exploit Author: Patrick Hener Vendor Homepage: https://www.kardex.com/en/mlog-control-center Version: 5.7.12+0-a203c2a213-master Tested on: Windows Server 2016 CVE : CVE-2023-22855 Writeup:...
Responsive FileManager 9.9.5 - Remote Code Execution (RCE)
Exploit Title: Responsive FileManager 9.9.5 - Remote Code Execution RCE Date: 02-Feb-2023 Exploit Author: Galoget Latorre @galoget Vendor Homepage: https://responsivefilemanager.com Software Link: https://github.com/trippo/ResponsiveFilemanager/releases/download/v9.9.5/responsivefilemanager.zip...
Provide Server v.14.4 XSS - CSRF & Remote Code Execution (RCE)
Exploit Title: Provide Server v.14.4 XSS - CSRF & Remote Code Execution RCE Date: 2023-02-10 Exploit Author: Andreas Finstad Version: 14.4.1.29 Tested on: Windows Server 2022 CVE : CVE-2023-23286 POC: https://f20.be/blog/provide-server-14-4...
ERPNext 12.29 - Cross-Site Scripting (XSS)
Exploit Title: ERPNext 12.29 - Cross-Site Scripting XSS Date: 7 Feb 2023 Exploit Author: Patrick Dean Ramos / Nathu Nandwani / Junnair Manla Github - https://github.com/patrickdeanramos/CVE-2022-28598 Vendor Homepage: https://erpnext.com/ Version: 12.29 CVE-2022-28598 Summary: Stored cross-site...
CKEditor 5 35.4.0 - Cross-Site Scripting (XSS)
Exploit Title: CKEditor 5 35.4.0 - Cross-Site Scripting XSS Google Dork: N/A Date: February 09, 2023 Exploit Author: Manish Pathak Vendor Homepage: https://cksource.com/ Software Link: https://ckeditor.com/ckeditor-5/download/ Version: 35.4.0 Tested on: Linux / Web CVE : CVE-2022-48110 CKSource...
Dell EMC Networking PC5500 firmware versions 4.1.0.22 and Cisco Sx / SMB - Information Disclosure
Exploit Title: Dell EMC Networking PC5500 firmware versions 4.1.0.22 and Cisco Sx / SMB - Information Disclosure DSA-2020-042: Dell Networking Security Update for an Information Disclosure Vulnerability | Dell US...
ImageMagick 7.1.0-49 - DoS
Exploit Title: ImageMagick 7.1.0-49 - DoS Author: nu11secur1ty Date: 02.07.2023 Vendor: https://imagemagick.org/ Software: https://imagemagick.en.uptodown.com/windows/download/82953605 Reference: https://portswigger.net/daily-swig/denial-of-service CVE-ID: CVE-2022-44267 Description: ImageMagick...
Calendar Event Multi View 1.4.07 - Unauthenticated Arbitrary Event Creation to Cross-Site Scripting (XSS)
Exploit Title: Calendar Event Multi View 1.4.07 - Unauthenticated Arbitrary Event Creation to Cross-Site Scripting XSS Date: 2022-05-25 Exploit Author: Mostafa Farzaneh WPScan page: https://wpscan.com/vulnerability/95f92062-08ce-478a-a2bc-6d026adf657c Vendor Homepage:...
PostgreSQL 9.6.1 - Remote Code Execution (RCE) (Authenticated)
Exploit Title: PostgreSQL 9.6.1 - Remote Code Execution RCE Authenticated Date: 2023-02-01 Exploit Author: Paulo Trindade @paulotrindadec, Bruno Stabelini @Bruno Stabelini, Diego Farias @fulcrum and Weslley Shaimon Github: https://github.com/paulotrindadec/CVE-2019-9193 Version: PostgreSQL 9.6.1 ...
Secure Web Gateway 10.2.11 - Cross-Site Scripting (XSS)
Exploit Title: Secure Web Gateway 10.2.11 - Cross-Site Scripting XSS Product: Secure Web Gateway Affected Versions: 10.2.11, potentially other versions Fixed Versions: 10.2.17, 11.2.6, 12.0.1 Vulnerability Type: Cross-Site Scripting Security Risk: high Vendor URL:...
ImageMagick 7.1.0-49 - Arbitrary File Read
Exploit Title: ImageMagick 7.1.0-49 - Arbitrary File Read Google Dork: N/A Date: 06/02/2023 Exploit Author: Cristian 'void' Giustini Vendor Homepage: https://imagemagick.org/ Software Link: https://imagemagick.org/ Version: = 7.1.0-49 Tested on: 7.1.0-49 and 6.9.11-60 CVE : CVE-2022-44268 CVE...
itech TrainSmart r1044 - SQL injection
Exploit Title: itech TrainSmart r1044 - SQL injection Date: 03.02.2023 Exploit Author: Adrian Bondocea Software Link: https://sourceforge.net/p/trainsmart/code/HEAD/tree/code/ Version: TrainSmart r1044 Tested on: Linux CVE : CVE-2021-36520 SQL injection vulnerability in itech TrainSmart r1044...
D-Link DIR-846 - Remote Command Execution (RCE) vulnerability
Exploit Title: D-Link DIR-846 - Remote Command Execution RCE vulnerability Google Dork: NA Date: 30/01/2023 Exploit Author: Françoa Taffarel Vendor Homepage:...
SOUND4 LinkAndShare Transmitter 1.1.2 - Format String Stack Buffer Overflow
Exploit Title: SOUND4 LinkAndShare Transmitter 1.1.2 - Format String Stack Buffer Overflow Exploit Author: LiquidWorm Vendor: SOUND4 Ltd. Product web page: https://www.sound4.com | https://www.sound4.biz Affected version: 1.1.2 Summary: The SOUND4 Link&Share L&S is a simple and open protocol that...
Liferay Portal 6.2.5 - Insecure Permissions
Exploit Title: Liferay Portal 6.2.5 - Insecure Permissions Google Dork: -inurl:/html/js/editor/ckeditor/editor/filemanager/browser/ Date: 2021/05 Exploit Author: fu2x2000 Version: Liferay Portal 6.2.5 or later CVE : CVE-2021-33990 import requests import json print " Search this on Google Dork for...
zstore 6.6.0 - Cross-Site Scripting (XSS)
Exploit Title: zstore 6.6.0 - Cross-Site Scripting XSS Development: nu11secur1ty Date: 01.29.2023 Vendor: https://zippy.com.ua/ Software: https://github.com/leon-mbs/zstore/releases/tag/6.5.4 Reproduce: https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/zippy/zstore-6.5.4...
PhotoShow 3.0 - Remote Code Execution
Exploit Title: PhotoShow 3.0 - Remote Code Execution Date: January 11, 2023 Exploit Author: LSCP Responsible Disclosure Lab Detailed Bug Description: https://lscp.llc/index.php/2021/07/19/how-white-box-hacking-works-remote-code-execution-and-stored-xss-in-photoshow-3-0/ Vendor Homepage:...
Apache Tomcat 10.1 - Denial Of Service
Exploit Title: Apache Tomcat 10.1 - Denial Of Service Google Dork: N/A Date: 13/07/2022 Exploit Author: Cristian 'void' Giustini Vendor Homepage: https://tomcat.apache.org/ Software Link: https://tomcat.apache.org/download-10.cgi Version: = 10.1 Tested on: Apache Tomcat 10.0 Docker CVE :...
Froxlor 2.0.3 Stable - Remote Code Execution (RCE)
!/usr/bin/python3 Exploit Title: Froxlor 2.0.3 Stable - Remote Code Execution RCE Date: 2023-01-08 Exploit Author: Askar @mohammadaskar2 CVE: CVE-2023-0315 Vendor Homepage: https://froxlor.org/ Version: v2.0.3 Tested on: Ubuntu 20.04 / PHP 8.2 import telnetlib import requests import socket import...
GLPI Cartography Plugin v6.0.0 - Unauthenticated Remote Code Execution (RCE)
Exploit Title: GLPI Cartography Plugin v6.0.0 - Unauthenticated Remote Code Execution RCE Date of found: 11 Jun 2022 Application: GLPI Cartography...