Magnolia CMS 6.2.19 - Stored Cross-Site Scripting (XSS)

Exploit Title: Magnolia CMS 6.2.19 - Stored Cross-Site Scripting XSS Date: 08/05/2022 Exploit Author: Giulio Garzia 'Ozozuz' Vendor Homepage: https://www.magnolia-cms.com/ Software Link:...

Dr. Fone 4.0.8 - 'net_updater32.exe' Unquoted Service Path

Exploit Title: Dr. Fone v4.0.8- 'netupdater32.exe' Unquoted Service Path Discovery Date: 2022-05-07 Discovery by: Esant1490 Vendor Homepage: https://drfone.wondershare.net Software Link : https://download.wondershare.net/drfonefull4008.exe Tested Version: 4.0.8 Tested on OS: Windows 10 Pro x64 en...

CodoForum v5.1 - Remote Code Execution (RCE)

Exploit Title: CodoForum v5.1 - Remote Code Execution RCE Date: 06/07/2022 Exploit Author: Krish Pandey @vikaran101 Vendor Homepage: https://codoforum.com/ Software Link: https://bitbucket.org/evnix/codoforumdownloads/downloads/codoforum.v.5.1.zip Version: CodoForum v5.1 Tested on: Ubuntu 20.04...

Nginx 1.20.0 - Denial of Service (DOS)

Exploit Title: Nginx 1.20.0 - Denial of Service DOS Date: 2022-6-29 Exploit Author: Mohammed Alshehri - https://Github.com/M507 Vendor Homepage: https://nginx.org/ Software Link: https://github.com/nginx/nginx/releases/tag/release-1.20.0 Version: 0.6.18 - 1.20.0 Tested on: Ubuntu 18.04.4 LTS bion...

WiFi Mouse 1.7.8.5 - Remote Code Execution(v2)

Exploit Title: WiFi Mouse 1.7.8.5 - Remote Code Execution Date: 25-02-2021 Author: H4rk3nz0 Vendor Homepage: http://necta.us/ Software Link: http://wifimouse.necta.us/download Version: 1.7.8.5 Tested on: Windows Enterprise Build 17763 ​ Python 3 port done by RedHatAugust Original exploit:...

WSO2 Management Console (Multiple Products) - Unauthenticated Reflected Cross-Site Scripting (XSS)

Exploit Title: WSO2 Management Console Multiple Products - Unauthenticated Reflected Cross-Site Scripting XSS Date: 21 Apr 2022 Exploit Author: cxosmo Vendor Homepage: https://wso2.com Software Link: API Manager https://wso2.com/api-manager/, Identity Server https://wso2.com/identity-server/,...

WordPress Plugin Weblizar 8.9 - Backdoor

Exploit Title: WordPress Plugin Weblizar 8.9 - Backdoor Google Dork: 'wp-json/am-member/license' Exploit Author: Sobhan Mahmoodi Vendor Homepage: https://weblizar.com/plugins/school-management/ Version: 8.9 Tested on: windows/linux Vulnerable code: addaction 'restapiinit', function...

Mailhog 1.0.1 - Stored Cross-Site Scripting (XSS)

Exploit Title: Mailhog 1.0.1 - Stored Cross-Site Scripting XSS Google Dork: https://www.shodan.io/search?query=mailhog 3500 Date: 06.18.2022 Exploit Author: Vulnz Vendor Homepage: https://github.com/mailhog/MailHog Software Link: https://github.com/mailhog/MailHog Version: 1.0.1 Tested on:...

phpIPAM 1.4.5 - Remote Code Execution (RCE) (Authenticated)

Exploit Title: phpIPAM 1.4.5 - Remote Code Execution RCE Authenticated Date: 2022-04-10 Exploit Author: Guilherme '@behiNdyk1' Alves Vendor Homepage: https://phpipam.net/ Software Link: https://github.com/phpipam/phpipam/releases/tag/v1.4.5 Version: 1.4.5 Tested on: Linux Ubuntu 20.04.3 LTS...

TP-Link Router AX50 firmware 210730 - Remote Code Execution (RCE) (Authenticated)

Exploit Title: TP-Link Router AX50 firmware 210730 - Remote Code Execution RCE Authenticated Exploit Author: Tomas Melicher Technical Details: https://github.com/aaronsvk/CVE-2022-30075 Date: 2022-06-08 Vendor Homepage: https://www.tp-link.com/ Tested On: Tp-Link Archer AX50 Vulnerability...

Marval MSM v14.19.0.12476 - Remote Code Execution (RCE) (Authenticated)

Exploit Title: Marval MSM v14.19.0.12476 - Remote Code Execution RCE Authenticated Date: 27/5/2022 Exploit Author: Momen Eldawakhly Cyber Guy Vendor Homepage: https://www.marvalnorthamerica.com/ Software Link: https://www.marvalnorthamerica.com/ Version: v14.19.0.12476 Tested on: Windows Detailed...

SolarView Compact 6.00 - 'pow' Cross-Site Scripting (XSS)

Exploit Title: SolarView Compact 6.00 - 'pow' Cross-Site Scripting XSS Date: 2022-05-15 Exploit Author: Ahmed Alroky Author Company : AIactive Version: ver.6.00 Vendor home page : https://www.contec.com/ Authentication Required: No CVE : CVE-2022-29301 Tested on: Windows Proof Of Concept:...

Algo 8028 Control Panel - Remote Code Execution (RCE) (Authenticated)

Exploit Title: Algo 8028 Control Panel - Remote Code Execution RCE Authenticated Google Dork: intitle:"Algo 8028 Control Panel" Shodan: title:"Algo 8028 Control Panel" Date: 2022-06-07 Exploit Author: Filip Carlsson Vendor Homepage: https://www.algosolutions.com/ Software Link:...

Virtua Software Cobranca 12S - SQLi

Exploit Title: Virtua Software Cobranca 12S - SQLi Shodan Query: http.favicon.hash:876876147 Date: 13/08/2021 Exploit Author: Luca Regne Vendor Homepage: https://www.virtuasoftware.com.br/ Software Link: https://www.virtuasoftware.com.br/downloads/Cobranca12S1308.exe Version: 12S Tested on: Windo...

HP LaserJet Professional M1210 MFP Series Receive Fax Service - Unquoted Service Path

Exploit Title: HP LaserJet Professional M1210 MFP Series Receive Fax Service - Unquoted Service Path Date: 2022-06-06 Exploit Author: Ali Alipour Vendor Homepage: https://support.hp.com/us-en/document/c01998934 Software Link:...

Avantune Genialcloud ProJ 10 - Cross-Site Scripting (XSS)

Exploit Title: Avantune Genialcloud ProJ 10 - Cross-Site Scripting XSS Date: 2022-06-01 Exploit Author: Andrea Intilangelo Vendor Homepage: https://www.avantune.com Software Link: https://www.genialcloud.com - https://www.genialcloud.com/discover-genialcloud-proj - https://store.genialcloud.com...

Old Age Home Management System 1.0 - SQLi Authentication Bypass

Exploit Title: Old Age Home Management System 1.0 - SQLi Authentication Bypass Date: 12/06/2022 Exploit Author: twseptian Vendor Homepage: https://phpgurukul.com/old-age-home-management-system-using-php-and-mysql/ Software Link: https://phpgurukul.com/projects/Old-Age-Home-MS-using-PHP.zip Versio...

Real Player v.20.0.8.310 G2 Control - 'DoGoToURL()' Remote Code Execution (RCE)

Exploit Title: Real Player v.20.0.8.310 G2 Control - 'DoGoToURL' Remote Code Execution RCE Google Dork: n/a Date: May 31, 2022 Exploit Author: Eduardo Braun Prado Vendor Homepage: http://real.com/ Software Link: http://real.com/ Version: v.20.0.8.310 Tested on: Windows 7, 8.1, 10 CVE : N/A Full...

SolarView Compact 6.00 - 'time_begin' Cross-Site Scripting (XSS)

Exploit Title: SolarView Compact 6.00 - 'timebegin' Cross-Site Scripting XSS Date: 2022-05-15 Exploit Author: Ahmed Alroky Author Company : AIactive Version: ver.6.00 Vendor home page : https://www.contec.com/ Authentication Required: No CVE : CVE-2022-29299 Tested on: Windows Proof Of Concept:...

ChurchCRM 4.4.5 - SQLi

Exploit Title: ChurchCRM 4.4.5 - SQLi Exploit Author: nu11secur1ty Date: 05.11.2022 Vendor: https://churchcrm.io/ Software: https://github.com/ChurchCRM/CRM Reference: https://github.com/nu11secur1ty/CVE-mitre/tree/main/2022/CVE-2022-31325 Description: There is a SQL Injection vulnerability in...

Sourcegraph Gitserver 3.36.3 - Remote Code Execution (RCE)

Exploit Title: Sourcegraph Gitserver 3.36.3 - Remote Code Execution RCE Date: 2022-06-10 Exploit Author: Altelus Vendor Homepage: https://about.sourcegraph.com/ Version: 3.63.3 Tested on: Linux CVE : CVE-2022-23642 Docker Container: sourcegraph/server:3.36.3 Sourcegraph prior to 3.37.0 has a remo...

Marval MSM v14.19.0.12476 - Cross-Site Request Forgery (CSRF)

Exploit Title: Marval MSM v14.19.0.12476 - Cross-Site Request Forgery CSRF Date: 27/5/2022 Exploit Author: Momen Eldawakhly Cyber Guy Vendor Homepage: https://www.marvalnorthamerica.com/ Software Link: https://www.marvalnorthamerica.com/ Version: v14.19.0.12476 Tested on: Windows PoCs:...

Pandora FMS v7.0NG.742 - Remote Code Execution (RCE) (Authenticated)

Exploit Title: Pandora FMS v7.0NG.742 - Remote Code Execution RCE Authenticated Date: 05/20/2022 Exploit Author: UNICORD NicPWNs & Dev-Yeoj Vendor Homepage: https://pandorafms.com/ Software Link:...

Real Player 16.0.3.51 - 'external::Import()' Directory Traversal to Remote Code Execution (RCE)

Exploit Title: Real Player 16.0.3.51 - 'external::Import' Directory Traversal to Remote Code Execution RCE Google Dork: n/a Date: May 31, 2022 Exploit Author: Eduardo Braun Prado Vendor Homepage: http://real.com/ Software Link: http://real.com/ Version: ver. 16.00.282, 16.0.3.51, Cloud 17.0.9.17,...

Confluence Data Center 7.18.0 - Remote Code Execution (RCE)

Exploit Title: Confluence Data Center 7.18.0 - Remote Code Execution RCE Google Dork: N/A Date: 06/006/2022 Exploit Author: h3v0x Vendor Homepage: https://www.atlassian.com/ Software Link: https://www.atlassian.com/software/confluence/download-archives Version: All 7.4.17 versions before 7.18.1...

WordPress Plugin Motopress Hotel Booking Lite 4.2.4 - Stored Cross-Site Scripting (XSS)

Exploit Title: WordPress Plugin Motopress Hotel Booking Lite 4.2.4 - Stored Cross-Site Scripting XSS Date: 2022-06-05 Exploit Author: Sanjay Singh Vendor Homepage: https://motopress.com/ Software Link: https://downloads.wordpress.org/plugin/motopress-hotel-booking-lite.4.2.4.zip Version: 4.2.4...

Telesquare SDT-CW3B1 1.1.0 - OS Command Injection

!/usr/bin/python3 Exploit Title: Telesquare SDT-CW3B1 1.1.0 - OS Command Injection Date: 24th May 2022 Exploit Author: Bryan Leong Vendor Homepage: http://telesquare.co.kr/ CVE : CVE-2021-46422 Authentication Required: No import requests import argparse import sys from xml.etree import ElementTre...

Contao 4.13.2 - Cross-Site Scripting (XSS)

Exploit Title: Contao 4.13.2 - Cross-Site Scripting XSS Google Dork: NA Date: 04/28/2022 Exploit Author: Chetanya Sharma @AggressiveUser Vendor Homepage: https://contao.org/en/ Software Link: https://github.com/contao/contao/releases/tag/4.13.2 Version: 4.13.2 Tested on: KALI OS CVE : CVE-2022-15...

Microweber CMS 1.2.15 - Account Takeover

Exploit Title: Microweber CMS 1.2.15 - Account Takeover Date: 2022-05-09 Exploit Author: Manojkumar J Vendor Homepage: https://github.com/microweber/microweber Software Link: https://github.com/microweber/microweber/releases/tag/v1.2.15 Version: =1.2.15 Tested on: Windows10 CVE : CVE-2022-1631...

Schneider Electric C-Bus Automation Controller (5500SHAC) 1.10 - Remote Code Execution (RCE)

Exploit Title: Schneider Electric C-Bus Automation Controller 5500SHAC 1.10 - Remote Code Execution RCE Exploit Author: LiquidWorm !/usr/bin/env python3 -- coding: utf-8 -- Schneider Electric C-Bus Automation Controller 5500SHAC 1.10 Remote Root Exploit Vendor: Schneider Electric SE Product web...

Zyxel USG FLEX 5.21 - OS Command Injection

Exploit Title: Zyxel USG FLEX 5.21 - OS Command Injection Shodan Dork: title:"USG FLEX 100" title:"USG FLEX 100W" title:"USG FLEX 200" title:"USG FLEX 500" title:"USG FLEX 700" title:"USG20-VPN" title:"USG20W-VPN" title:"ATP 100" title:"ATP 200" title:"ATP 500" title:"ATP 700" title:"ATP 800" Dat...

SolarView Compact 6.00 - Directory Traversal

Exploit Title: SolarView Compact 6.00 - Directory Traversal Date: 2022-05-15 Exploit Author: Ahmed Alroky Author Company : Aiactive Author linkedin profile : https://www.linkedin.com/in/ahmedalroky/ Version: ver.6.00 Vendor home page : https://www.contec.com/ Authentication Required: No CVE :...

qdPM 9.1 - Remote Code Execution (RCE) (Authenticated) (v2)

Exploit Title: qdPM 9.1 - Remote Code Execution RCE Authenticated Google Dork: intitle:qdPM 9.1. Copyright © 2020 qdpm.net Date: 2021-08-03 Original Exploit Author: Rishal Dwivedi Loginsoft Original ExploitDB ID: 47954 https://www.exploit-db.com/exploits/47954 Exploit Author: Leon Trappett...

OpenCart v3.x Newsletter Module - Blind SQLi

Exploit Title: OpenCart v3.x Newsletter Module - Blind SQLi Date: 19/05/2022 Exploit Author: Saud Alenazi Vendor Homepage: https://www.opencart.com/ Software Link: https://www.opencart.com/index.php?route=marketplace/extension/info&extensionid=32750&filtermember=Zemez Version: v.3.0.2.0 Tested on...

m1k1o's Blog v.10 - Remote Code Execution (RCE) (Authenticated)

Exploit Title: m1k1o's Blog v.10 - Remote Code Execution RCE Authenticated Date: 2022-01-06 Exploit Author: Malte V Vendor Homepage: https://github.com/m1k1o/blog Software Link: https://github.com/m1k1o/blog/archive/refs/tags/v1.3.zip Version: 1.3 and below Tested on: Linux CVE : CVE-2022-23626...

SolarView Compact 6.0 - OS Command Injection

Exploit Title: SolarView Compact 6.0 - OS Command Injection Date: 2022-05-15 Exploit Author: Ahmed Alroky Author Company : AIactive Version: ver.6.00 Vendor home page : https://www.contec.com/ Authentication Required: No CVE : CVE-2022-29303 Tested on: Windows Exploit HTTP Request : POST...

Survey Sparrow Enterprise Survey Software 2022 - Stored Cross-Site Scripting (XSS)

Exploit Title: Survey Sparrow Enterprise Survey Software 2022 - Stored Cross-Site Scripting XSS Date: May 11 2022 Exploit Author: Pankaj Kumar Thakur Vendor Homepage: https://surveysparrow.com/ Software Link: https://surveysparrow.com/enterprise-survey-software/ Version: 2022 Tested on: Windows C...

T-Soft E-Commerce 4 - SQLi (Authenticated)

Exploit Title: T-Soft E-Commerce 4 - SQLi Authenticated Exploit Author: Alperen Ergel Contact: @alpernae IG/TW Software Homepage: https://www.tsoft.com.tr/ Version : v4 Tested on: Kali Linux Category: WebApp Google Dork: N/A CVE: 2022-28132 Date: 18.02.2022 Description Step-1: Login as Admin or...

SDT-CW3B1 1.1.0 - OS Command Injection

Exploit Title: SDT-CW3B1 1.1.0 - OS command injection Date: 2022-05-12 Exploit Author: Ahmed Alroky Author Company : AIactive Version: 1.0.0 Vendor home page : http://telesquare.co.kr/ Authentication Required: No CVE : CVE-2021-46422 Tested on: Windows HTTP Request GET...

Showdoc 2.10.3 - Stored Cross-Site Scripting (XSS)

Exploit Title: Showdoc 2.10.3 - Stored Cross-Site Scripting XSS Exploit Author: Akshay Ravi Vendor Homepage: https://github.com/star7th/showdoc Software Link: https://github.com/star7th/showdoc/releases/tag/v2.10.3 Version: alert1" 2. Login to showdoc v2.10.2 and go to file library Endpoint =...

T-Soft E-Commerce 4 - 'UrunAdi' Stored Cross-Site Scripting (XSS)

Exploit Title: T-Soft E-Commerce 4 - 'UrunAdi' Stored Cross-Site Scripting XSS Exploit Author: Alperen Ergel alpernae IG/TW Web Site: https://alperenae.gitbook.io/ Software Homepage: https://www.tsoft.com.tr/ Version : v4 Tested on: Kali Linux Category: WebApp Google Dork: N/A Date: 2022-05-10 CV...

TLR-2005KSH - Arbitrary File Delete

Exploit Title: TLR-2005KSH - Arbitrary File Delete Date: 2022-05-11 Exploit Author: Ahmed Alroky Author Company : AIactive Version: 1.0.0 Vendor home page : http://telesquare.co.kr/ Authentication Required: No Tested on: Windows CVE: CVE-2021-46424 Proof-of-Concept Request DELETE /cgi-bin/test2.t...

Royal Event Management System 1.0 - 'todate' SQL Injection (Authenticated)

Exploit Title: Royal Event Management System 1.0 - 'todate' SQL Injection Authenticated Date: 2022-26-03 Exploit Author: Eren Gozaydin Vendor Homepage: https://www.sourcecodester.com/php/15238/event-management-system-project-php-source-code.html Software Link:...

College Management System 1.0 - 'course_code' SQL Injection (Authenticated)

Exploit Title: College Management System - 'coursecode' SQL Injection Authenticated Date: 2022-24-03 Exploit Author: Eren Gozaydin Vendor Homepage: https://code-projects.org/college-management-system-in-php-with-source-code/ Software Link:...

F5 BIG-IP 16.0.x - Remote Code Execution (RCE)

Exploit Title: F5 BIG-IP 16.0.x - Remote Code Execution RCE Exploit Author: Yesith Alvarez Vendor Homepage: https://www.f5.com/products/big-ip-services Version: 16.0.x CVE : CVE-2022-1388 from requests import Request, Session import sys import json def title: print''' / \ \ / / | | \ / \ | \ / | ...

Ruijie Reyee Mesh Router - Remote Code Execution (RCE) (Authenticated)

Exploit Title: Ruijie Reyee Mesh Router - Remote Code Execution RCE Authenticated Google Dork: None Date: November 1, 2021 Exploit Author: Minh Khoa of VSEC Vendor Homepage: https://ruijienetworks.com Software Link: https://www.ruijienetworks.com/resources/products/1896-1900 Version: ReyeeOS...

Explore CMS 1.0 - SQL Injection

Exploit Title: Explore CMS 1.0 - SQL Injection Date: 19/03/2022 Exploit Author: Sajibe Kanti Vendor Name : EXPLORE IT Vendor Homepage: https://exploreit.com.bd CVE: CVE-2022-27412 POC SQL Injection SQL injection is a web security vulnerability that allows an attacker to interfere with the queries...

Beehive Forum - Account Takeover

Exploit Title: Beehive Forum - Account Takeover Date:08/05/2022. Exploit Author: Pablo Santiago Vendor Homepage: https://www.beehiveforum.co.uk/ Software Link: https://sourceforge.net/projects/beehiveforum/ Version: 1.5.2 Tested on: Kali Linux and Ubuntu 20.0.4 CVE N/A PoC:...

Navigate CMS 2.9.4 - Server-Side Request Forgery (SSRF) (Authenticated)

!/usr/bin/env python3 Exploit Title: Navigate CMS 2.9.4 - Server-Side Request Forgery SSRF Authenticated Exploit Author: cheshireca7 Vendor Homepage: https://www.navigatecms.com/ Software Link: https://sourceforge.net/projects/navigatecms/files/releases/navigate-2.9.4r1561.zip/download Version:...

Prime95 Version 30.7 build 9 - Remote Code Execution (RCE)

Exploit Title: Prime95 Version 30.7 build 9 - Remote Code Execution RCE Discovered by: Yehia Elghaly Discovered Date: 2022-04-25 Vendor Homepage: https://www.mersenne.org/ Software Link : https://www.mersenne.org/ftproot/gimps/p95v307b9.win32.zip Tested Version: 30.7 build 9 Vulnerability Type:...