47904 matches found
Dreamer CMS v4.0.0 - SQL Injection
Exploit Title: Dreamer CMS v4.0.0 - SQL Injection Date: 2022/10/02 Exploit Author: lvren Vendor Homepage: http://cms.iteachyou.cc/ Software Link: https://gitee.com/isoftforce/dreamercms/repository/archive/v4.0.0.zip Version: v4.0.0 CVE: CVE-2022-43128 Proof Of Concept: POST /admin/search/doSearch...
Eve-ng 5.0.1-13 - Stored Cross-Site Scripting (XSS)
Exploit Title: Eve-ng 5.0.1-13 - Stored Cross-Site Scripting XSS Google Dork: N/A Date: 12/6/2022 Exploit Author: @casp3r0x0 hassan ali al-khafaji Vendor Homepage: https://www.eve-ng.net/ Software Link: https://www.eve-ng.net/index.php/download/ Version: Free EVE Community Edition Version 5.0.1-1...
Shoplazza 1.1 - Stored Cross-Site Scripting (XSS)
Exploit Title: Shoplazza 1.1 - Stored Cross-Site Scripting XSS Exploit Author: Andrey Stoykov Software Link: https://github.com/Shoplazza/LifeStyle Version: 1.1 Tested on: Ubuntu 20.04 Stored XSS 1: To reproduce do the following: 1. Login as normal user account 2. Browse "Blog Posts" - "Manage...
Concrete5 CME v9.1.3 - Xpath injection
Exploit Title: Concrete5 CME v9.1.3 - Xpath injection Author: nu11secur1ty Date: 11.28.2022 Vendor: https://www.concretecms.org/ Software: https://www.concretecms.org/download Reference: https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/concretecms.org/2022/concretecms-9.1.3...
CrowdStrike Falcon AGENT 6.44.15806 - Uninstall without Installation Token
Exploit Title: CrowdStrike Falcon AGENT 6.44.15806 - Uninstall without Installation Token Date: 30/11/2022 Exploit Author: Walter Oberacher, Raffaele Nacca, Davide Bianchin, Fortunato Lodari, Luca Bernardi Deda Cloud Cybersecurity Team Vendor Homepage: https://www.crowdstrike.com/ Author Homepage...
Virtual Reception v1.0 - Web Server Directory Traversal
Exploit Title: Virtual Reception v1.0 - Web Server Directory Traversal Exploit Author: Spinae Vendor Homepage: https://www.virtualreception.nl/ Version: win7sp1rtm.101119-1850 6.1.7601.1.0.65792 running on an Intel NUC5i5RY Tested on: all CVE-ID: CVE-2023-25289 We discovered the web server of the...
Device Manager Express 7.8.20002.47752 - Remote Code Execution (RCE)
Exploit Title: Device Manager Express 7.8.20002.47752 - Remote Code Execution RCE Date: 02-12-22 Exploit Author: 0xEF Vendor Homepage: https://www.audiocodes.com Software Link: https://ln5.sync.com/dl/82774fdd0/jwqwt632-s65tncqu-iwrtm7g3-iidti637 Version: = 7.8.20002.47752 Tested on: Windows 10 &...
Lavasoft web companion 4.1.0.409 - 'DCIservice' Unquoted Service Path
Exploit Title: Lavasoft web companion 4.1.0.409 - 'DCIservice' Unquoted Service Path Author: P4p4 M4n3 Discovery Date: 25-11-2022 Vendor Homepage: https://webcompanion.com/en/ Version 4.1.0.409 Tested on: Microsoft Windows Server 2019 Datacenter x64 Description: Lavasoft 4.1.0.409 install...
Covenant v0.5 - Remote Code Execution (RCE)
Exploit Title: Covenant v0.5 - Remote Code Execution RCE Exploit Author: xThaz Author website: https://xthaz.fr/ Date: 2022-09-11 Vendor Homepage: https://cobbr.io/Covenant.html Software Link: https://github.com/cobbr/Covenant Version: v0.1.3 - v0.5 Tested on: Windows 11 compiled covenant Windows...
Zillya Total Security 3.0.2367.0 - Local Privilege Escalation
Exploit Title: Zillya Total Security 3.0.2367.0 - Local Privilege Escalation Date: 02.12.2022 Author: M. Akil Gündoğan Contact: https://twitter.com/akilgundogan Vendor Homepage: https://zillya.com/ Software Link: https://download.zillya.com/ZTS3.exe / https://download.zillya.com/ZIS3.exe Version:...
LISTSERV 17 - Insecure Direct Object Reference (IDOR)
Exploit Title: LISTSERV 17 - Insecure Direct Object Reference IDOR Google Dork: inurl:/scripts/wa.exe Date: 12/02/2022 Exploit Author: Shaunt Der-Grigorian Vendor Homepage: https://www.lsoft.com/ Software Link: https://www.lsoft.com/download/listserv.asp Version: 17 Tested on: Windows Server 2019...
4images 1.9 - Remote Command Execution (RCE)
Exploit Title: 4images 1.9 - Remote Command Execution RCE Exploit Author: Andrey Stoykov Software Link: https://www.4homepages.de/download-4images Version: 1.9 Tested on: Ubuntu 20.04 To reproduce do the following: 1. Login as administrator user 2. Browse to "General" - " Edit Templates" - "Selec...
Ecommerse v1.0 - Cross-Site Scripting (XSS)
Title: Ecommerse v1.0 - Cross-Site Scripting XSS Author: nu11secur1ty Date: 11.23.2022 Vendor: https://github.com/winston-dsouza Software: https://github.com/winston-dsouza/ecommerce-website Reference:...
Router ZTE-H108NS - Stack Buffer Overflow (DoS)
Exploit Title: ZTE-H108NS - Stack Buffer Overflow DoS Date: 19-11-2022 Exploit Author: George Tsimpidas Vendor: https://www.zte.com.cn/global/ Firmware: H108NSV1.0.7uZRDGR2A68 Usage: python zte-exploit.py CVE: N/A Tested on: Debian 5.18.5 !/usr/bin/python3 import sys import socket from time impor...
WPForms 1.7.8 - Cross-Site Scripting (XSS)
Exploit Title: WPForms 1.7.8 - Cross-Site Scripting XSS Date: 2022-12-05 Author: Milad karimi Software Link: https://wordpress.org/plugins/wpforms-lite Version: 1.7.8 Tested on: Windows 10 CVE: N/A 1. Description: This plugin creates a WPForms from any post types. The slider import search feature...
LISTSERV 17 - Reflected Cross Site Scripting (XSS)
Exploit Title: LISTSERV 17 - Reflected Cross Site Scripting XSS Google Dork: inurl:/scripts/wa.exe Date: 12/01/2022 Exploit Author: Shaunt Der-Grigorian Vendor Homepage: https://www.lsoft.com/ Software Link: https://www.lsoft.com/download/listserv.asp Version: 17 Tested on: Windows Server 2019 CV...
Uniview NVR301-04S2-P4 - Reflected Cross-Site Scripting (XSS)
Exploit Title: Uniview NVR301-04S2-P4 - Reflected Cross-Site Scripting XSS Author: Bleron Rrustemi Discovery Date: 2022-11-15 Vendor Homepage: https://www.uniview.com/tr/Products/NVR/Easy/NVR301-04S2-P4/ Datasheet:: https://www.uniview.com/download.do?id=1761643 Device Firmware:...
Revenue Collection System v1.0 - Remote Code Execution (RCE)
Exploit Title: Revenue Collection System v1.0 - Remote Code Execution RCE Exploit Author: Joe Pollock Date: November 16, 2022 Vendor Homepage: https://www.sourcecodester.com/php/14904/rates-system.html Software Link: https://www.sourcecodester.com/sites/default/files/download/oretnom23/rates.zip...
Helmet Store Showroom v1.0 - SQL Injection
Exploit Title: Helmet Store Showroom v1.0 - SQL Injection Exploit Author: Ameer Hamza Date: November 15, 2022 Vendor Homepage: https://www.sourcecodester.com/php/15851/helmet-store-showroom-site-php-and-mysql-free-source-code.html Software Link:...
Inbit Messenger v4.9.0 - Unauthenticated Remote Command Execution (RCE)
Exploit Title: Inbit Messenger v4.9.0 - Unauthenticated Remote Command Execution RCE Date: 11/08/2022 Exploit Author: a-rey Vendor Homepage: http://www.inbit.com/support.html Software Link: http://www.softsea.com/review/Inbit-Messenger-Basic-Edition.html Version: v4.6.0 - v4.9.0 Tested on: Window...
Internet Download Manager v6.41 Build 3 - Remote Code Execution (RCE)
Exploit Title: Internet Download Manager v6.41 Build 3 - Remote Code Execution RCE Date: 15.11.2022 Exploit Author: M. Akil Gündoğan Contact: https://twitter.com/akilgundogan Vendor Homepage: https://www.internetdownloadmanager.com/ Software Link:...
DSL-124 Wireless N300 ADSL2+ - Backup File Disclosure
Exploit Title: DSL-124 Wireless N300 ADSL2+ - Backup File Disclosure Date: 2022-11-10 Exploit Author: Aryan Chehreghani Vendor Homepage: https://www.dlink.com Software Link: https://dlinkmea.com/index.php/product/details?det=dU1iNFc4cWRsdUpjWEpETFlSeFlZdz09 Firmware Version: ME1.00 Tested on:...
Outline V1.6.0 - Unquoted Service Path
Exploit Title: Outline V1.6.0 - Unquoted Service Path Exploit Author: Milad Karimi Ex3ptionaL Discovery Date: 2022-11-10 Vendor Homepage: https://getoutline.org/ Software Link: https://getoutline.org/ Tested Version: V1.6.0 Vulnerability Type: Unquoted Service Path Tested on OS: Microsoft Windows...
Inbit Messenger v4.9.0 - Unauthenticated Remote SEH Overflow
Exploit Title: Inbit Messenger v4.9.0 - Unauthenticated Remote SEH Overflow Date: 11/08/2022 Exploit Author: a-rey Vendor Homepage: http://www.inbit.com/support.html Software Link: http://www.softsea.com/review/Inbit-Messenger-Basic-Edition.html Version: v4.6.0 - v4.9.0 Tested on: Windows XP SP3,...
Human Resource Management System 1.0 - SQL Injection (unauthenticated)
Exploit Title: Human Resource Management System - SQL Injection unauthenticated Date: 08-11-2022 Exploit Author: Matthijs van der Vaart eMVee Vendor Homepage: https://www.sourcecodester.com/php/15740/human-resource-management-system-project-php-and-mysql-free-source-code.html Software Link:...
Book Store Management System 1.0.0 - Stored Cross-Site Scripting (XSS)
Exploit Title: Book Store Management System 1.0.0 - Stored Cross-Site Scripting XSS Date: 2022-11-08 Exploit Author: Rajeshwar Singh Vendor Homepage: https://www.sourcecodester.com/ Software Link: https://www.sourcecodester.com/sites/default/files/download/oretnom23/bsmsci.zip Tested on:...
WP All Import v3.6.7 - Remote Code Execution (RCE) (Authenticated)
Exploit Title: WP All Import v3.6.7 - Remote Code Execution RCE Authenticated Date: 11/05/2022 Exploit Author: AkuCyberSec https://github.com/AkuCyberSec Vendor Homepage: https://www.wpallimport.com/ Software Link: https://wordpress.org/plugins/wp-all-import/advanced/ scroll down to select the...
SugarSync 4.1.3 - 'SugarSync Service' Unquoted Service Path
Exploit Title: SugarSync 4.1.3 - 'SugarSync Service' Unquoted Service Path Exploit Author: Jorge Manuel Lozano Gómez Date: 2022-10-20 Vendor Homepage: https://www1.sugarsync.com Software Link: https://www1.sugarsync.com/apps/windows/ Version : 4.1.3 Tested on: Windows 11 64bit CVE : N/A About...
Tapo C310 RTSP server v1.3.0 - Unauthorised Video Stream Access
Exploit Title: Tapo C310 RTSP server v1.3.0- Unauthorised Video Stream Access Date: 19th July 2022 Exploit Author: dsclee1 Vendor Homepage: tp-link.com Software Link: http://download.tplinkcloud.com/firmware/TapoC310v1en1.3.0Build220328Rel.64283nu1649923652150.bin Version: 1.3.0 Tested on: Linux ...
BoxBilling<=4.22.1.5 - Remote Code Execution (RCE)
Exploit Title: BoxBilling POC Video : https://drive.google.com/file/d/1m2glCeJ9QXc8epuY2QfvbWwjLTJ8Hjx/view?usp=sharing...
Label Studio 1.5.0 - Authenticated Server Side Request Forgery (SSRF)
Exploit Title: Label Studio 1.5.0 - Authenticated Server Side Request Forgery SSRF Google Dork: intitle:"Label Studio" intext:"Sign Up" intext:"Welcome to Label Studio Community Edition" Date: 2022-10-03 Exploit Author: @DeveloperNinja, [email protected] Vendor Homepage:...
HDD Health 4.2.0.112 - 'HDDHealth' Unquoted Service Path
Exploit Title: HDD Health 4.2.0.112 - 'HDDHealth' Unquoted Service Path Exploit Author: Jorge Manuel Lozano Gómez Date: 2022-10-19 Vendor Homepage: https://www.panterasoft.com Software Link: https://hdd-health.softonic.com Version : 4.2.0.112 Tested on: Windows 11 64bit CVE : N/A About Unquoted...
Jetpack 11.4 - Cross Site Scripting (XSS)
Exploit Title: Jetpack 11.4 - Cross Site Scripting XSS Date: 2022-10-19 Author: Behrouz Mansoori Software Link: https://wordpress.org/plugins/jetpack Version: 11.4 Tested on: Mac m1 CVE: N/A 1. Description: This plugin creates a Jetpack from any post types. The slider import search feature and ta...
Online shopping system advanced 1.0 - Multiple Vulnerabilities
Exploit Title: Online shopping system advanced 1.0 - Multiple Vulnerabilities Discovery by: Rafael Pedrero Discovery Date: 2020-09-24 Vendor Homepage: https://github.com/PuneethReddyHC/online-shopping-system-advanced Software Link :...
ZKTeco ZEM/ZMM 8.88 - Missing Authentication
Exploit Title: ZKTeco ZEM/ZMM 8.88 - Missing Authentication Exploit Author: RedTeam Pentesting GmbH CVE: CVE-2022-42953 Advisory: Missing Authentication in ZKTeco ZEM/ZMM Web Interface The ZKTeco time attendance device does not require authentication to use the web interface, exposing the databas...
SuperMailer v11.20 - Buffer overflow DoS
Exploit Title: SuperMailer v11.20 - Buffer overflow DoS Exploit Author: Rafael Pedrero Discovery Date: 2021-02-07 Vendor Homepage: https://int.supermailer.de/downloadnewslettersoftware.htm Software Link : https://int.supermailer.de/smintsw.zip / https://int.supermailer.de/smintswx64.zip Tested...
YouPHPTube<= 7.8 - Multiple Vulnerabilities
Exploit Title: YouPHPTube getLanguage; if !empty$GET'lang' $GET'lang' = striptags$GET'lang'; $SESSION'language' = $GET'lang'; @includeonce "$global'systemRootPath'locale/$SESSION'language'.php"; The parameter "lang" can be modified and load a ph...
VMware Workstation 15 Pro - Denial of Service
Title: VMware Workstation 15 Pro - Denial of Service Author: Milad Karimi Date: 2022-10-17 Tested on: Windows 10 Pro and Windows 7 Pro SP1 with VMware® Workstation 15 Pro 15.5.6 build-16341506 Affected: VMware Workstation Pro/Player 15.x config.version = "8" virtualHW.version = "4" displayName =...
Beauty-salon v1.0 - Remote Code Execution (RCE)
Exploit Title: Beauty-salon v1.0 - Remote Code Execution RCE Exploit Author: nu11secur1ty Date: 10.12.2022 Vendor: https://code4berry.com/projects/beautysalon.php Software: https://code4berry.com/project%20downloads/beautysalondownload.php Reference:...
Pega Platform 8.1.0 - Remote Code Execution (RCE)
Exploit Title: Pega Platform 8.1.0 - Remote Code Execution RCE Google Dork: N/A Date: 20 Oct 2022 Exploit Author: Marcin Wolak using MOGWAI LABS JMX Exploitation Toolkit Vendor Homepage: www.pega.com Software Link: Not Available Version: 8.1.0 on-premise and higher, up to 8.3.7 Tested on: Red Hat...
iBooking v1.0.8 - Arbitrary File Upload
Exploit Title: iBooking v1.0.8 - Arbitrary File Upload Exploit Author: d1z1n370/oPty Date: 01/11/2022 Vendor Homepage: https://codecanyon.net/item/ibooking-laravel-booking-system/30362088 Tested on: Linux Version: 1.0.8 Exploit Description: The application is prone to an arbitrary file-upload...
ReQlogic v11.3 - Reflected Cross-Site Scripting (XSS)
Exploit Title: ReQlogic v11.3 - Reflected Cross-Site Scripting XSS Date: 9 October 2022 Exploit Author: Okan Kurtulus Vendor Homepage: https://reqlogic.com Version: 11.3 Tested on: Linux CVE : 2022-41441 Proof of Concept: 1- Install ReQlogic v11.3 2- Go to...
Social-Share-Buttons v2.2.3 - SQL Injection
Title: Social-Share-Buttons v2.2.3 - SQL Injection Author: nu11secur1ty Date: 09.16.2022 Vendor: https://wordpress.org/ Software: https://downloads.wordpress.org/plugin/social-share-buttons-by-supsystic.2.2.3.zip Reference:...
Senayan Library Management System v9.5.0 - SQL Injection
Title: Senayan Library Management System v9.5.0 - SQL Injection Author: nu11secur1ty Date: 11.03.2022 Vendor: https://slims.web.id/web/ Software: https://github.com/slims/slims9bulian/releases Reference: https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/slims.web.id/SLIMS-9.5.0...
Moodle LMS 4.0 - Cross-Site Scripting (XSS)
Exploit Title: Moodle LMS 4.0 - Cross-Site Scripting XSS Date: 26/10/2022 Exploit Author: Saud Alenazi Vendor Homepage: https://moodle.org/ Software Link: https://git.in.moodle.com/moodle Version: 4.0 Tested on: XAMPP, Windows 10 Contact: https://twitter.com/dmaral3noz Description: A Cross Site...
Hashicorp Consul v1.0 - Remote Command Execution (RCE)
Exploit Title: Hashicorp Consul v1.0 - Remote Command Execution RCE Date: 26/10/2022 Exploit Author: GatoGamer1155, 0bfxgh0st Vendor Homepage: https://www.consul.io/ Description: Exploit for gain reverse shell on Remote Command Execution via API References:...
rukovoditel 3.2.1 - Cross-Site Scripting (XSS)
Title: rukovoditel 3.2.1 - Cross-Site Scripting XSS Author: nu11secur1ty Date: 11.03.2022 Vendor: https://www.rukovoditel.net/ Software: https://sourceforge.net/projects/rukovoditel/files/rukovoditel3.2.1.zip/download Reference:...
X-Skipper-Proxy v0.13.237 - Server Side Request Forgery (SSRF)
Exploit Title: X-Skipper-Proxy v0.13.237 - Server Side Request Forgery SSRF Date: 24/10/2022 Exploit Author: Hosein Vita & Milad Fadavvi Vendor Homepage: https://github.com/zalando/skipper Software Link: https://github.com/zalando/skipper Version: v0.13.237 Tested on: Linux CVE: CVE-2022-38580...
Subrion CMS 4.2.1 - Stored Cross-Site Scripting (XSS)
Exploit Title: Subrion CMS 4.2.1 - Stored Cross-Site Scripting XSS Date: 2022-08-10 Exploit Author: Sinem Şahin Vendor Homepage: https://intelliants.com/ Version: 4.2.1 Tested on: Windows & XAMPP == Tutorial http://HOST/panel/fields/add 2- Write XSS Payload into the tooltip value of the field add...
OPSWAT Metadefender Core - Privilege Escalation
Exploit Title: OPSWAT Metadefender Core - Privilege Escalation Date: 24 October 2022 Exploit Author: Ulascan Yildirim Vendor Homepage: https://www.opswat.com/ Version: Metadefender Core 4.21.1 Tested on: Windows / Linux CVE : CVE-2022-32272...