ImpressCMS v1.4.4 - Unrestricted File Upload

Exploit Title: ImpressCMS v1.4.4 - Unrestricted File Upload Date: 7/4/2022 Exploit Author: Ünsal Furkan Harani Zemarkhos Vendor Homepage: https://www.impresscms.org/ Software Link: https://github.com/ImpressCMS/impresscms Version: v1.4.4 Description: Between lines 152 and 162, we see the function...

USR IOT 4G LTE Industrial Cellular VPN Router 1.0.36 - Remote Root Backdoor

Exploit Title: USR IOT 4G LTE Industrial Cellular VPN Router 1.0.36 - Remote Root Backdoor Exploit Author: LiquidWorm !/usr/bin/env python3 USR IOT 4G LTE Industrial Cellular VPN Router 1.0.36 Remote Root Backdoor Vendor: Jinan USR IOT Technology Limited Product web page: https://www.pusr.com |...

WordPress Plugin stafflist 3.1.2 - SQLi (Authenticated)

Exploit Title: WordPress Plugin stafflist 3.1.2 - SQLi Authenticated Date: 05-02-2022 Exploit Author: Hassan Khan Yusufzai - Splint3r7 Vendor Homepage: https://wordpress.org/plugins/stafflist/ Version: 3.1.2 Tested on: Firefox Contact me: h at spidersilk.com Vulnerable Code: $w = isset$GET'search...

Google Chrome 78.0.3904.70 - Remote Code Execution

Exploit Title: Google Chrome 78.0.3904.70 - Remote Code Execution Date: 2022-05-03 Exploit Author: deadlock Forrest Orr Type: RCE Platform: Windows Website: https://forrest-orr.net Twitter: https://twitter.com/ForrestOrr Vendor Homepage: https://www.google.com/chrome/ Software Link:...

Cyclos 4.14.7 - 'groupId' DOM Based Cross-Site Scripting (XSS)

Exploit Title: Cyclos 4.14.7 - 'groupId' DOM Based Cross-Site Scripting XSS Date: 17/04/2021 Exploit Author: Tin Pham aka TF1T of VietSunshine Cyber Security Services Vendor Homepage: https://www.cyclos.org/ Version: Cyclos 4.14.7 and prior Tested on: Ubuntu CVE : CVE-2021-31673 Description: A...

Cyclos 4.14.7 - DOM Based Cross-Site Scripting (XSS)

Exploit Title: Cyclos 4.14.7 - DOM Based Cross-Site Scripting XSS Date: 18/04/2021 Exploit Author: Tin Pham aka TF1T of VietSunshine Cyber Security Services Vendor Homepage: https://www.cyclos.org/ Version: Cyclos 4.14.7 and prior Tested on: Ubuntu CVE : CVE-2021-31674 Description: Cyclos 4 PRO...

TCQ - ITeCProteccioAppServer.exe - Unquoted Service Path

Exploit Title: TCQ - 'ITeCProteccioAppServer.exe' Unquoted Service Path Discovery by: Edgar Carrillo Egea - https://twitter.com/ecarrilloeg Discovery Date: 2022-04-25 Vendor Homepage: https://itec.es/programas/ Vulnerability Type: Unquoted Service Path Privilege Escalation Tested on OS: Microsoft...

Bitrix24 - Remote Code Execution (RCE) (Authenticated)

Exploit Title: Bitrix24 - Remote Code Execution RCE Authenticated Date: 4/22/2022 Exploit Author: picaroo Vendor Homepage: https://www.bitrix24.com/apps/desktop.php Tested on: Linux os /usr/bin/env python Created by heinjame import requests import re from bs4 import BeautifulSoup import...

WordPress Plugin Advanced Uploader 4.2 - Arbitrary File Upload (Authenticated)

Exploit Title: WordPress Plugin Advanced Uploader 4.2 - Arbitrary File Upload Authenticated Google Dork: - Date: 2022-03-13 Exploit Author: Roel van Beurden Vendor Homepage: - Software Link: https://downloads.wordpress.org/plugin/advanced-uploader.4.2.zip Version: =4.2 Tested on: WordPress 5.9 on...

WordPress Plugin Blue Admin 21.06.01 - Cross-Site Request Forgery (CSRF)

Exploit Title: WordPress Plugin Blue Admin 21.06.01 - Cross-Site Request Forgery CSRF Date: 2021-07-27 Exploit Author : WordPress Plugin Blue Admin 21.06.01 - Cross-Site Request Forgery CSRF Vendor Homepage : https://wpscan.com/plugin/blue-admi Version : alert/XSS/' /...

TLR-2005KSH - Arbitrary File Upload

Exploit Title: TLR-2005KSH - Arbitrary File Upload Date: 2022-05-11 Shodan Dork: title:"Login to TLR-2021" Exploit Author: Ahmed Alroky Author Company : Aiactive Version: 1.0.0 Vendor home page : http://telesquare.co.kr/ Authentication Required: No Tested on: Windows CVE: CVE-2021-45428...

Tenda HG6 v3.3.0 - Remote Command Injection

Exploit Title: Tenda HG6 v3.3.0 - Remote Command Injection Exploit Author: LiquidWorm Tenda HG6 v3.3.0 Remote Command Injection Vulnerability Vendor: Tenda Technology Co.,Ltd. Product web page: https://www.tendacn.com https://www.tendacn.com/product/HG6.html Affected version: Firmware version:...

DLINK DAP-1620 A1 v1.01 - Directory Traversal

Exploit Title: DLINK DAP-1620 A1 v1.01 - Directory Traversal Date: 27/4/2022 Exploit Author: Momen Eldawakhly Cyber Guy Vendor Homepage: https://me.dlink.com/consumer Version: DAP-1620 - A1 v1.01 Tested on: Linux CVE : CVE-2021-46381 POST /apply.cgi HTTP/1.1 Content-Type:...

ExifTool 12.23 - Arbitrary Code Execution

Exploit Title: ExifTool 12.23 - Arbitrary Code Execution Date: 04/30/2022 Exploit Author: UNICORD NicPWNs & Dev-Yeoj Vendor Homepage: https://exiftool.org/ Software Link: https://github.com/exiftool/exiftool/archive/refs/tags/12.23.zip Version: 7.44-12.23 Tested on: ExifTool 12.23 Debian CVE:...

Wondershare Dr.Fone 12.0.7 - Privilege Escalation (ElevationService)

Exploit Title: Wondershare Dr.Fone 12.0.7 - Privilege Escalation ElevationService Date: 4/27/2022 Exploit Author: Netanel Cohen & Tomer Peled Vendor Homepage: https://drfone.wondershare.net/ Software Link: https://download.wondershare.net/drfonefull4008.exe Version: up to 12.0.7 Tested on: Window...

DLINK DIR850 - Open Redirect

Exploit Title: DLINK DIR850 - Open Redirect Product: Dlink Model: DIR850 Date: 14/1/2022 CVE: CVE-2021-46379 Exploit Author: AhmedAlroky Hardware version: b1 Firmware version: ET850-1.08TRb03 Vendor home page: https://www.dlink.com/ Exploit : Visit...

DLINK DIR850 - Insecure Access Control

Exploit Title: DLINK DIR850 - Insecure Access Control Product: Dlink Model: DIR850 Date: 14/1/2022 CVE : CVE-2021-46378 Exploit Author: Ahmed Alroky Hardware version: b1 Firmware version: ET850-1.08TRb03 Vendor home page: https://www.dlink.com/ Exploit : Visit http:///config.dat...

Akka HTTP 10.1.14 - Denial of Service

Exploit Title: Akka HTTP Denial of Service via Nested Header Comments Date: 18/4/2022 Exploit Author: cxosmo Vendor Homepage: https://akka.io Software Link: https://github.com/akka/akka-http Version: Akka HTTP 10.1.x 10.1.15 & 10.2.x 10.2.7 Tested on: Akka HTTP 10.2.4, Ubuntu CVE : CVE-2021-42697...

Wondershare Dr.Fone 12.0.7 - Remote Code Execution (RCE)

Exploit Title: Wondershare Dr.Fone 12.0.7 - Remote Code Execution RCE Date: 4/27/2022 Exploit Author: Netanel Cohen & Tomer Peled Vendor Homepage: https://drfone.wondershare.net/ Software Link: https://download.wondershare.net/drfonefull4008.exe Version: up to 12.0.7 Tested on: Windows 10 CVE :...

SAP BusinessObjects Intelligence 4.3 - XML External Entity (XXE)

Exploit Title: SAP BusinessObjects Intelligence 4.3 - XML External Entity XXE Google Dork: N/A Date: 4/21/2022 Exploit Author: West Shepherd Vendor Homepage: https://www.sap.com/ Software Link: https://www.sap.com/ Version: 4.2 and 4.3 Tested on: Windows Server 2019 x64 CVE : CVE-2022-28213...

Apache CouchDB 3.2.1 - Remote Code Execution (RCE)

Exploit Title: Apache CouchDB 3.2.1 - Remote Code Execution RCE Date: 2022-01-21 Exploit Author: Konstantin Burov, @sadshade Software Link: https://couchdb.apache.org/ Version: 3.2.1 and below Tested on: Kali 2021.2 Based on 1F98D's Erlang Cookie - Remote Code Execution Shodan: port:4369 "name...

ManageEngine ADSelfService Plus Build 6118 - NTLMv2 Hash Exposure

Exploit Title: ManageEngine ADSelfService Plus Build 6118 - NTLMv2 Hash Exposure Exploit Author: Metin Yunus Kandemir Vendor Homepage: https://www.manageengine.com/ Software Link: https://www.manageengine.com/products/self-service-password/download.html Details:...

UDisk Monitor Z5 Phone - 'MonServiceUDisk.exe' Unquoted Service Path

Exploit Title: UDisk Monitor Z5 Phone - 'MonServiceUDisk.exe' Unquoted Service Path Discovery by: Edgar Carrillo Egea // https://twitter.com/ecarrilloeg Discovery Date: 2022-04-24 Vendor Homepage: https://www.zte.com.cn/global/ Tested Version: 2.0.3.0 Vulnerability Type: Unquoted Service Path...

Microfinance Management System 1.0 - 'customer_number' SQLi

Exploit Title: Microfinance Management System 1.0 - 'customernumber' SQLi Date: 2022-25-03 Exploit Author: Eren Gozaydin Vendor Homepage: https://www.sourcecodester.com/php/14822/microfinance-management-system.html Software Link:...

PHProjekt PhpSimplyGest v1.3. - Stored Cross-Site Scripting (XSS)

Exploit Title: PHProjekt PhpSimplyGest v1.3.0 - Stored Cross-Site Scripting XSS Date: 2022-05-05 Exploit Author: Andrea Intilangelo Vendor Homepage: http://www.phprojekt.altervista.org removed demo was at http://phprojekt.altervista.org/phpsimplygest130 Software Link:...

Joomla Plugin SexyPolling 2.1.7 - SQLi

Exploit Title: Joomla Plugin SexyPolling 2.1.7 - SQLi Google Dork: intext:"Powered by Sexy Polling" Date: 2022-02-08 Exploit Author: Wolfgang Hotwagner Vendor Homepage: https://2glux.com/projects/sexypolling Software Link: https://2glux.com/downloads/files/free/sexypollingpack2.1.72glux.com.zip...

MyBB 1.8.29 - MyBB 1.8.29 - Remote Code Execution (RCE) (Authenticated)

Exploit Title: MyBB 1.8.29 - Remote Code Execution RCE Authenticated Date: 2022-05-08 Exploit Author: Altelus Vendor Homepage: https://mybb.com/ Software Link: https://github.com/mybb/mybb/releases/tag/mybb1829 Version: MyBB 1.8.29 Tested on: Linux CVE : CVE-2022-24734 An RCE can be obtained on...

PyScript - Read Remote Python Source Code

Exploit Title: PyScript Remote Emscripten VMemory Python libraries Source Codes Read Date: 5-9-2022 Exploit Author: Momen Eldawakhly Cyber Guy Vendor Homepage: https://pyscript.net/ Software Link: https://github.com/pyscript/pyscript Version: 2022-05-04-Alpha Tested on: Ubuntu Apache Server CVE :...

Anuko Time Tracker - SQLi (Authenticated)

Exploit Title: Anuko Time Tracker - SQLi Authenticated Date: 2022-05-03 Exploit Author: Altelus Vendor Homepage: https://www.anuko.com/ Software Link: https://github.com/anuko/timetracker/tree/0924ef499c2b0833a20c2d180b04fa70c6484b6d Version: Anuko Time Tracker 1.20.0.5640 Tested on: Linux CVE :...

e107 CMS v3.2.1 - Multiple Vulnerabilities

Exploit Title: e107 CMS v3.2.1 - Multiple Vulnerabilities Date: 30/04/2022 Exploit Author: Hubert Wojciechowski Contact Author: [email protected] Vendor Homepage: https://e107.org/ Software Link: https://e107.org/download Version: 3.2.1 Tested on: Windows 10 using XAMPP, Apache/2.4.48 Win64...

Wondershare Dr.Fone 11.4.10 - Insecure File Permissions

Exploit Title: Wondershare Dr.Fone 11.4.10 - Insecure File Permissions Date: 04/25/2022 Exploit Author: AkuCyberSec https://github.com/AkuCyberSec Vendor Homepage: https://drfone.wondershare.com/ Software Link: https://download.wondershare.com/drfonefull3360.exe Version: 11.4.10 Tested on: Window...

CSZ CMS 1.3.0 - 'Multiple' Blind SQLi

Exploit Title: CSZ CMS 1.3.0 - 'Multiple' Blind SQLi Date: 2021-04-22 Exploit Author: Dogukan Dincer Vendor Homepage: https://www.cszcms.com/ Software Link: https://sourceforge.net/projects/cszcms/files/install/CSZCMS-V1.3.0.zip/download Version: 1.3.0 Tested on: Kali Linux, Windows 10, PHP 7.2.4...

Magento eCommerce CE v2.3.5-p2 - Blind SQLi

Exploit Title: Magento eCommerce CE v2.3.5-p2 - Blind SQLi Date: 2021-4-21 Exploit Author: Aydin Naserifard Vendor Homepage: https://www.adobe.com/ Software Link: https://github.com/magento/magento2/releases/tag/2.3.5-p2 Version: 2.3.5-p2 Tested on: 2.3.5-p2 POC: 1PUT...

WebTareas 2.4 - Blind SQLi (Authenticated)

Exploit Title: WebTareas 2.4 - Blind SQLi Authenticated Date: 04/20/2022 Exploit Author: Behrad Taher Vendor Homepage: https://sourceforge.net/projects/webtareas/ Version: 2.4p3 CVE : CVE-2021-43481 The script takes 3 arguments: IP, user ID, session ID Example usage: python3 webtareassqli.py...

Bookeen Notea - Directory Traversal

Exploit Title: Bookeen Notea - Directory Traversal Date: December 2021 Exploit Author: Clement MAILLIOUX Vendor Homepage: https://bookeen.com/ Software Link: N/A Version: BKR1.0.520210608 Tested on: Bookeen Notea Android 8.1 CVE : CVE 2021-45783 The affected version of the Bookeen Notea System...

Gitlab 14.9 - Authentication Bypass

Exploit Title: Gitlab 14.9 - Authentication Bypass Date: 12/04/2022 Exploit Authors: Greenwolf Vendor Homepage: https://about.gitlab.com/ Software Link: https://about.gitlab.com/install Version: GitLab CE/EE versions 14.7 prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 Tested on:...

GitLab 14.9 - Stored Cross-Site Scripting (XSS)

Exploit Title: Gitlab Stored XSS Date: 12/04/2022 Exploit Authors: Greenwolf Vendor Homepage: https://about.gitlab.com/ Software Link: https://about.gitlab.com/install Version: GitLab CE/EE versions 14.4 before 14.7.7, all versions starting from 14.8 before 14.8.5, all versions starting from 14.9...

ManageEngine ADSelfService Plus 6.1 - User Enumeration

Exploit Title: ManageEngine ADSelfService Plus 6.1 - User Enumeration Exploit Author: Metin Yunus Kandemir Vendor Homepage: https://www.manageengine.com/ Software Link: https://www.manageengine.com/products/self-service-password/download.html Version: ADSelfService 6.1 Build 6121 Tested Against:...

Delta Controls enteliTOUCH 3.40.3935 - Cookie User Password Disclosure

Exploit Title: Delta Controls enteliTOUCH 3.40.3935 - Cookie User Password Disclosure Exploit Author: LiquidWorm Vendor: Delta Controls Inc. Product web page: https://www.deltacontrols.com Affected version: 3.40.3935 3.40.3706 3.33.4005 Summary: enteliTOUCH - Touchscreen Building Controller. Get...

Zyxel NWA-1100-NH - Command Injection

Exploit Title: Zyxel NWA-1100-NH - Command Injection Date: 12/4/2022 Exploit Author: Ahmed Alroky Vendor Homepage: https://www.zyxel.com/homepage.shtml Version: ALL BEFORE 2.12 Tested on: Linux CVE : CVE-2021-4039 References :...

Microsoft Exchange Mailbox Assistants 15.0.847.40 - 'Service MSExchangeMailboxAssistants' Unquoted Service Path

Exploit Title: Microsoft Exchange Mailbox Assistants 15.0.847.40 - 'Service MSExchangeMailboxAssistants' Unquoted Service Path Exploit Author: Antonio Cuomo arkantolo Exploit Date: 2022-04-11 Vendor : Microsoft Version : 15.0.847.40 Tested on OS: Microsoft Exchange Server 2013 SP1 PoC :...

WordPress Plugin Videos sync PDF 1.7.4 - Stored Cross Site Scripting (XSS)

Exploit Title: WordPress Plugin Videos sync PDF 1.7.4 - Stored Cross Site Scripting XSS Google Dork: inurl:/wp-content/plugins/video-synchro-pdf/ Date: 2022-04-13 Exploit Author: UnD3sc0n0c1d0 Vendor Homepage: http://www.a-j-evolution.com/ Software Link:...

Verizon 4G LTE Network Extender - Weak Credentials Algorithm

Exploit Title: Verizon 4G LTE Network Extender - Weak Credentials Algorithm Exploit Author: LiquidWorm Vendor: Verizon Communications Inc. Product web page: https://www.verizon.com Affected version: GA4.38 - V0.4.038.2131 Summary: An LTE Network Extender enhances your indoor and 4G LTE data and...

Easy Appointments 1.4.2 - Information Disclosure

Exploit Title: Easy Appointments 1.4.2 - Information Disclosure Exploit author: noraj Alexandre ZANNI for ACCEIS https://www.acceis.fr Author website: https://pwn.by/noraj/ Exploit source: https://github.com/Acceis/exploit-CVE-2022-0482 Date: 2022-04-11 Vendor Homepage:...

PKP Open Journals System 3.3 - Cross-Site Scripting (XSS)

Exploit Title: PKP Open Journals System 3.3 - Cross-Site Scripting XSS Date: 31/01/2022 Exploit Author: Hemant Kashyap Vendor Homepage: https://github.com/pkp/pkp-lib/issues/7649 Version: PKP Open Journals System 2.4.8 = 3.3 Tested on: All OS CVE : CVE-2022-24181 References:...

REDCap 11.3.9 - Stored Cross Site Scripting

Exploit Title: REDCap 11.3.9 - Stored Cross-Site Scripting Date: 2021-10-11 Exploit Author: Kendrick Lam References: https://github.com/KCL04/XSS-PoCs/blob/main/CVE-2021-42136.js Vendor Homepage: https://projectredcap.org Software Link: https://projectredcap.org Version: Redcap before 11.4.0 Test...

7-zip - Code Execution / Local Privilege Escalation

Exploit Title: 7-zip - Code Execution / Local Privilege Escalation Exploit Author: Kağan Çapar Date: 2020-04-12 Vendor homepage: https://www.7-zip.org/ Software link: https://www.7-zip.org/a/7z2107-x64.msi Version: 21.07 and all versions Tested On: Windows 10 Pro x64 References:...

PTPublisher v2.3.4 - Unquoted Service Path

Exploit Title: PTPublisher v2.3.4 - Unquoted Service Path Discovery by: bios Discovery Date: 2022-18-04 Vendor Homepage: https://www.primera.com/ Tested Version: 2.3.4 Vulnerability Type: Unquoted Service Path Tested on OS: Microsoft Windows 10 Pro x64 Step to discover Unquoted Service Path:...

EaseUS Data Recovery - 'ensserver.exe' Unquoted Service Path

Exploit Title: EaseUS Data Recovery - 'ensserver.exe' Unquoted Service Path Discovery by: bios Discovery Date: 2022-18-04 Vendor Homepage: https://www.easeus.com/ Tested Version: 15.1.0.0 Vulnerability Type: Unquoted Service Path Tested on OS: Microsoft Windows 10 Pro x64 Step to discover Unquote...

Delta Controls enteliTOUCH 3.40.3935 - Cross-Site Request Forgery (CSRF)

Exploit Tile: Delta Controls enteliTOUCH 3.40.3935 - Cross-Site Request Forgery CSRF Exploit Author: LiquidWorm enteliTouch CSRF CSRF Add User: form action="http://192.168.0.210/deltaweb/hmiuseredit.asp?formActio...