47904 matches found
Cobian Backup 11 Gravity 11.2.0.582 - 'Password' Denial of Service (PoC)
Exploit Title: Cobian Backup 11 Gravity 11.2.0.582 - 'Password' Denial of Service PoC Discovery by: Luis Martinez Discovery Date: 2022-02-16 Vendor Homepage: https://www.cobiansoft.com/ Software Link: https://files.cobiansoft.com/programs/cbSetup.exe Tested Version: 11.2.0.582 Vulnerability Type:...
Casdoor 1.13.0 - SQL Injection (Unauthenticated)
// Exploit Title: Casdoor 1.13.0 - SQL Injection Unauthenticated // Date: 2022-02-25 // Exploit Author: Mayank Deshmukh // Vendor Homepage: https://casdoor.org/ // Software Link: https://github.com/casdoor/casdoor/releases/tag/v1.13.0 // Version: version 1.13.1 // Security Advisory:...
Cobian Reflector 0.9.93 RC1 - 'Password' Denial of Service (PoC)
Exploit Title: Cobian Reflector 0.9.93 RC1 - 'Password' Denial of Service PoC Discovery by: Luis Martinez Discovery Date: 2022-02-16 Vendor Homepage: https://www.cobiansoft.com/ Software Link: https://files.cobiansoft.com/programs/crSetup-0.9.93-RC1.exe Tested Version: 0.9.93 RC1 Vulnerability...
Cipi Control Panel 3.1.15 - Stored Cross-Site Scripting (XSS) (Authenticated)
Exploit Title: Cipi Control Panel 3.1.15 - Stored Cross-Site Scripting XSS Authenticated Date: 24.02.2022 Exploit Author: Fikrat Ghuliev Ghuliev Vendor Homepage: https://cipi.sh/ Software Link: https://cipi.sh/ Version: 3.1.15 Tested on: Ubuntu When the user wants to add a new server on the...
WAGO 750-8212 PFC200 G2 2ETH RS - Privilege Escalation
Exploit Title: WAGO 750-8212 PFC200 G2 2ETH RS Privilege Escalation Date: 02/16/2022 Exploit Author: Momen Eldawakhly Cyber Guy at Cypro AB Vendor Homepage: https://www.wago.com Version: Firmware version 03.05.1017 Tested on: PopOS! Linux ======================================== = The ordinary us...
Wondershare MirrorGo 2.0.11.346 - Insecure File Permissions
Exploit Title: Wondershare MirrorGo 2.0.11.346 - Insecure File Permissions Discovery by: Luis Martinez Discovery Date: 2022-02-23 Vendor Homepage: https://www.wondershare.com/ Software Link : https://download.wondershare.com/mirrorgofull8050.exe Tested Version: 2.0.11.346 Vulnerability Type: Loca...
WebHMI 4.1.1 - Remote Code Execution (RCE) (Authenticated)
Exploit Title: WebHMI 4.1.1 - Remote Code Execution RCE Authenticated Date: 03/01/2022 Exploit Author: Antonio Cuomo arkantolo Vendor Homepage: https://webhmi.com.ua/en/ Version: WebHMI 4.1.1.7662 Tested on: WebHMI-4.1.1.7662 !/usr/bin/python import sys import re import argparse import requests...
Student Record System 1.0 - 'cid' SQLi (Authenticated)
Exploit Title: Student Record System 1.0 - 'cid' SQLi Authenticated Exploit Author: Mohd. Anees Contact: https://www.linkedin.com/in/aneessecure/ Software Homepage: https://phpgurukul.com/student-record-system-php/ Version : 1.0 Tested on: windows 10 xammp | Kali linux Category: WebApp Google Dor...
aaPanel 6.8.21 - Directory Traversal (Authenticated)
Exploit Title: aaPanel 6.8.21 - Directory Traversal Authenticated Date: 22.02.2022 Exploit Author: Fikrat Ghuliev Ghuliev Vendor Homepage: https://www.aapanel.com/ Software Link: https://www.aapanel.com Version: 6.8.21 Tested on: Ubuntu Application vulnerable to Directory Traversal and attacker c...
Adobe ColdFusion 11 - LDAP Java Object Deserialization Remode Code Execution (RCE)
Exploit Title: Adobe ColdFusion 11 - LDAP Java Object Deserialization Remode Code Execution RCE Google Dork: intext:"adobe coldfusion 11" Date: 2022-22-02 Exploit Author: Amel BOUZIANE-LEBLOND https://twitter.com/amellb Vendor Homepage: https://www.adobe.com/sea/products/coldfusion-family.html...
Microweber CMS 1.2.10 - Local File Inclusion (Authenticated) (Metasploit)
Exploit Title: Microweber CMS v1.2.10 Local File Inclusion Authenticated Date: 22.02.2022 Exploit Author: Talha Karakumru Vendor Homepage: https://microweber.org/ Software Link: https://github.com/microweber/microweber/archive/refs/tags/v1.2.10.zip Version: Microweber CMS v1.2.10 Tested on:...
ICL ScadaFlex II SCADA Controllers SC-1/SC-2 1.03.07 - Remote File CRUD
Exploit Title: CL ScadaFlex II SCADA Controllers SC-1/SC-2 1.03.07 Remote File CRUD Exploit Author: LiquidWorm !/usr/bin/env python3 -- coding: utf-8 -- ICL ScadaFlex II SCADA Controllers SC-1/SC-2 1.03.07 Remote File CRUD Vendor: Industrial Control Links, Inc. Product web page:...
Simple Real Estate Portal System 1.0 - 'id' SQLi
Exploit Title: Simple Real Estate Portal System 1.0 - 'id' SQL Injection Date: 22/02/2022 Exploit Author: Mosaaed Vendor Homepage: https://www.sourcecodester.com/ Software Link: https://www.sourcecodester.com/php/15184/simple-real-estate-portal-system-phpoop-free-source-code.html Version: 1.0...
WebHMI 4.1 - Stored Cross Site Scripting (XSS) (Authenticated)
Exploit Title: WebHMI 4.1 - Stored Cross Site Scripting XSS Authenticated Date: 04/01/2022 Exploit Author: Antonio Cuomo arkantolo Vendor Homepage: https://webhmi.com.ua/en/ Version: WebHMI Firmware 4.1.1.7662 Tested on: WebHMI Firmware 4.1.1.7662 Steps to Reproduce 1. Login to admin account 2. A...
Air Cargo Management System v1.0 - SQLi
Title: Air Cargo Management System v1.0 - SQLi Author: nu11secur1ty Date: 02.18.2022 Vendor: https://www.sourcecodester.com/users/tips23 Software: https://www.sourcecodester.com/php/15188/air-cargo-management-system-php-oop-free-source-code.html Reference:...
FileCloud 21.2 - Cross-Site Request Forgery (CSRF)
Exploit Title: FileCloud 21.2 - Cross-Site Request Forgery CSRF Date: 2022-02-20 Exploit Author: Masashi Fujiwara Vendor Homepage: https://www.filecloud.com/ Software Link: https://hub.docker.com/r/filecloud/filecloudserver21.2 Version: All versions of FileCloud prior to 21.3 Fiexd: version...
WordPress Plugin WP User Frontend 3.5.25 - SQLi (Authenticated)
Exploit Title: WordPress Plugin WP User Frontend 3.5.25 - SQLi Authenticated Date 20.02.2022 Exploit Author: Ron Jost Hacker5preme Vendor Homepage: https://wedevs.com/ Software Link: https://downloads.wordpress.org/plugin/wp-user-frontend.3.5.25.zip Version: 3.5.25 Tested on: Ubuntu 20.04 CVE:...
HMA VPN 5.3 - Unquoted Service Path
Exploit Title: HMA VPN 5.3 - Unquoted Service Path Date: 18/02/2022 Exploit Author: Saud Alenazi Vendor Homepage: https://www.hidemyass.com/ Software Link: https://www.hidemyass.com/en-us/downloads Version: 5.3.5913.0 Tested: Windows 10 Pro x64 es C:\Users\saudhsc qc HmaProVpn SC QueryServiceConf...
Cyclades Serial Console Server 3.3.0 - Local Privilege Escalation
Exploit Title: Cyclades Serial Console Server 3.3.0 - Local Privilege Escalation Date: 09 Feb 2022 Exploit Author: @ibby Vendor Homepage: https://www.vertiv.com/en-us/ Software Link: https://downloads2.vertivco.com/SerialACS/ACS/ACSv3.3.0-16/FL0536-017.zip Version: Legacy Versions V1.0.0 to...
Cab Management System 1.0 - 'id' SQLi (Authenticated)
Exploit Title: Cab Management System 1.0 - 'id' SQLi Authenticated Exploit Author: Alperen Ergel Contact: @alpernae IG/TW Software Homepage: https://www.sourcecodester.com/php/15180/cab-management-system-phpoop-free-source-code.html Version : 1.0 Tested on: windows 10 xammp | Kali linux Category:...
WordPress Plugin Perfect Survey - 1.5.1 - SQLi (Unauthenticated)
Exploit Title: WordPress Plugin Perfect Survey - 1.5.1 - SQLi Unauthenticated Date 18.02.2022 Exploit Author: Ron Jost Hacker5preme Vendor Homepage: https://www.getperfectsurvey.com/ Software Link:...
Thinfinity VirtualUI 2.5.26.2 - Information Disclosure
Exploit Title: Thinfinity VirtualUI 2.5.26.2 - Information Disclosure Date: 18/01/2022 Exploit Author: Daniel Morales Vendor: https://www.cybelesoft.com Software Link: https://www.cybelesoft.com/thinfinity/virtualui/ Version vulnerable: Thinfinity VirtualUI ?...
Cab Management System 1.0 - Remote Code Execution (RCE) (Authenticated)
Exploit Title: Cab Management System 1.0 - Remote Code Execution RCE Authenticated Exploit Author: Alperen Ergel Contact: @alpernae IG/TW Software Homepage: https://www.sourcecodester.com/php/15180/cab-management-system-phpoop-free-source-code.html Version : 1.0 Tested on: windows 10 xammp | Kali...
Thinfinity VirtualUI 2.5.41.0 - IFRAME Injection
Exploit Title: Thinfinity VirtualUI 2.5.41.0 - IFRAME Injection Date: 16/12/2021 Exploit Author: Daniel Morales Vendor: https://www.cybelesoft.com Software Link: https://www.cybelesoft.com/thinfinity/virtualui/ Version: Thinfinity VirtualUI " where "vpath=//" is the pointer to the external site t...
Microweber 1.2.11 - Remote Code Execution (RCE) (Authenticated)
Exploit Title: Microweber 1.2.11 - Remote Code Execution RCE Authenticated Google Dork: NA Date: 02/17/2022 Exploit Author: Chetanya Sharma @AggressiveUser Vendor Homepage: https://microweber.org/ Software Link: https://github.com/microweber/microweber Version: 1.2.11 Tested on: KALI OS CVE :...
Dbltek GoIP - Local File Inclusion
Exploit Title: Dbltek GoIP - Local File Inclusion Date: 20.02.2022 Exploit Author: Valtteri Lehtinen & Lassi Korhonen Vendor Homepage: http://en.dbltek.com/index.html Software Link: - Version: GHSFVT-1.1-67-5 firmware version Tested on: Target is an IoT device Exploit summary Dbltek GoIP-1 is a...
Microsoft Gaming Services 2.52.13001.0 - Unquoted Service Path
Exploit Title: Microsoft Gaming Services 2.52.13001.0 - Unquoted Service Path Discovery by: Johto Robbie Discovery Date: May 12, 2021 Tested Version: 2.52.13001.0 Vulnerability Type: Unquoted Service Path Tested on OS: Windows 10 x64 Home Step to discover Unquoted Service Path: Go to Start and ty...
Wondershare UBackit 2.0.5 - 'wsbackup' Unquoted Service Path
Exploit Title: Wondershare UBackit 2.0.5 - 'wsbackup' Unquoted Service Path Discovery by: Luis Martinez Discovery Date: 2022-02-17 Vendor Homepage: https://www.wondershare.com/ Software Link : https://download.wondershare.com/ubackitfull8767.exe Tested Version: 2.0.5 Vulnerability Type: Unquoted...
File Sanitizer for HP ProtectTools 5.0.1.3 - 'HPFSService' Unquoted Service Path
Exploit Title: File Sanitizer for HP ProtectTools 5.0.1.3 - 'HPFSService' Unquoted Service Path Exploit Author : SamAlucard Exploit Date: 2022-02-14 Vendor : Hewlett-PackardHP Version : File Sanitizer for HP ProtectTools 5.0.1.3 Vendor Homepage : http://www.hp.com Tested on OS: Windows 7 Pro...
Wondershare Dr.Fone 11.4.9 - 'DFWSIDService' Unquoted Service Path
Exploit Title: Wondershare Dr.Fone 11.4.9 - 'DFWSIDService' Unquoted Service Path Discovery by: Luis Martinez Discovery Date: 2022-02-17 Vendor Homepage: https://www.wondershare.com/ Software Link : https://download.wondershare.com/drfonefull3360.exe Tested Version: 11.4.9 Vulnerability Type:...
Wondershare MobileTrans 3.5.9 - 'ElevationService' Unquoted Service Path
Exploit Title: Wondershare MobileTrans 3.5.9 - 'ElevationService' Unquoted Service Path Discovery by: Luis Martinez Discovery Date: 2022-02-17 Vendor Homepage: https://www.wondershare.com/ Software Link : https://download.wondershare.com/mobiletransfull5793.exe Tested Version: 3.5.9 Vulnerability...
Hotel Druid 3.0.3 - Remote Code Execution (RCE)
Exploit Title: Hotel Druid 3.0.3 - Remote Code Execution RCE Date: 05/01/2022 Exploit Author: 0z09e https://twitter.com/0z09e Vendor Homepage: https://www.hoteldruid.com/ Software Link: https://www.hoteldruid.com/download/hoteldruid3.0.3.tar.gz Version: 3.0.3 CVE : CVE-2022-22909 !/usr/bin/python...
WordPress Plugin dzs-zoomsounds 6.60 - Remote Code Execution (RCE) (Unauthenticated)
Exploit Title: WordPress Plugin dzs-zoomsounds - Remote Code Execution RCE Unauthenticated Google Dork: inurl:wp-content/plugins/dzs-zoomsounds Date: 16/02/2022 Exploit Author: Overthinker1877 1877 Team Vendor Homepage: https://digitalzoomstudio.net/docs/wpzoomsounds/ Version: 6.60 Tested on:...
Wondershare FamiSafe 1.0 - 'FSService' Unquoted Service Path
Exploit Title: Wondershare FamiSafe 1.0 - 'FSService' Unquoted Service Path Discovery by: Luis Martinez Discovery Date: 2022-02-17 Vendor Homepage: https://www.wondershare.com/ Software Link : https://download-es.wondershare.com/famisafefull7869.exe Tested Version: 1.0 Vulnerability Type: Unquote...
WordPress Plugin MasterStudy LMS 2.7.5 - Unauthenticated Admin Account Creation
Title: WordPress Plugin MasterStudy LMS 2.7.5 - Unauthenticated Admin Account Creation Date: 16.02.2022 Author: Numan Türle CVE: CVE-2022-0441 Software Link: https://wordpress.org/plugins/masterstudy-lms-learning-management-system/ Version: 2.7.6 https://www.youtube.com/watch?v=SIO6CHXMZk...
Connectify Hotspot 2018 'ConnectifyService' - Unquoted Service Path
Exploit Title: Connectify Hotspot 2018 'ConnectifyService' - Unquoted Service Path Exploit Author : SamAlucard Exploit Date: 2022-02-17 Vendor : Connectify Inc Version : Connectify Hotspot 2018 Vendor Homepage : https://www.connectify.me/ Tested on OS: Windows 7 Pro Analyze PoC : ==============...
Intel(R) Management Engine Components 6.0.0.1189 - 'LMS' Unquoted Service Path
Exploit Title: IntelR Management Engine Components 6.0.0.1189 - 'LMS' Unquoted Service Path Exploit Author : SamAlucard Exploit Date: 2022-02-17 Vendor : Intel Version : IntelR Management Engine Components 6.0.0.1189 Vendor Homepage : https://www.intel.com Tested on OS: Windows 7 Pro Analyze PoC ...
TOSHIBA DVD PLAYER Navi Support Service - 'TNaviSrv' Unquoted Service Path
Exploit Title: TOSHIBA DVD PLAYER Navi Support Service - 'TNaviSrv' Unquoted Service Path Exploit Author : SamAlucard Exploit Date: 2022-02-17 Vendor : TOSHIBA Version : TOSHIBA Navi Support Service 1.00.0000 Tested on OS: Windows 7 Pro Analyze PoC : ============== C:\Users\Administradorsc qc...
Fortinet Fortimail 7.0.1 - Reflected Cross-Site Scripting (XSS)
Exploit Title: Fortinet Fortimail 7.0.1 - Reflected Cross-Site Scripting XSS Google Dork: inurl:/fmlurlsvc/ Date: 01-Feb-2022 Exploit Author: Braiant Giraldo Villa Contact: @ironfortress Twitter Vendor Homepage: https://www.fortinet.com/products/email-security Software Link:...
Bluetooth Application 5.4.277 - 'BlueSoleilCS' Unquoted Service Path
Exploit Title: Bluetooth Application 5.4.277 - 'BlueSoleilCS' Unquoted Service Path Exploit Date: 2022-02-17 Vendor : IVT Corp Version : BlueSoleilCS 5.4.277 Vendor Homepage : www.ivtcorporation.com Tested on OS: Windows 7 Pro This software installs EDTService.exe version 11.10.2.1 Analyze PoC :...
Emerson PAC Machine Edition 9.80 Build 8695 - 'TrapiServer' Unquoted Service Path
Exploit Title: Emerson PAC Machine Edition 9.80 Build 8695 - 'TrapiServer' Unquoted Service Path Discovery by: Luis Martinez Discovery Date: 2022-02-13 Vendor Homepage: https://www.emerson.com/en-us Software Link : https://www.opertek.com/descargar-software/?prc=326 Tested Version: 9.80 Build 869...
Multi-Vendor Online Groceries Management System 1.0 - 'id' Blind SQL Injection
Exploit Title: Multi-Vendor Online Groceries Management System 1.0 - 'id' Blind SQL Injection Date: 11/02/2022 Exploit Author: Saud Alenazi Vendor Homepage: https://www.sourcecodester.com/ Software Link:...
H3C SSL VPN - Username Enumeration
Exploit Title: H3C SSL VPN - Username Enumeration Exploit Author: LiquidWorm H3C SSL VPN Username Enumeration Vendor: Hangzhou H3C Technologies Co. | New H3C Technologies Co., Ltd. Product web page: https://www.h3c.com Affected version: n/a Summary: H3C SSL VPN is a secure VPN system based on SSL...
Simple Student Quarterly Result/Grade System 1.0 - SQLi Authentication Bypass
Exploit Title: Simple Student Quarterly Result/Grade System 1.0 - SQLi Authentication Bypass Date: 11/02/2022 Exploit Author: Saud Alenazi Vendor Homepage: https://www.sourcecodester.com/ Software Link:...
ServiceNow - Username Enumeration
Exploit Title: ServiceNow - Username Enumeration Google Dork: NA Date: 12 February 2022 Exploit Author: Victor Hanna Trustwave SpiderLabs Author Github Page: https://9lyph.github.io/CVE-2021-45901/ Vendor Homepage: https://www.servicenow.com/ Software Link:...
WordPress Plugin Error Log Viewer 1.1.1 - Arbitrary File Clearing (Authenticated)
Exploit Title: WordPress Plugin Error Log Viewer 1.1.1 - Arbitrary File Clearing Authenticated Date: 09-11-2021 Exploit Author: Ceylan Bozogullarindan Exploit Website: https://bozogullarindan.com Vendor Homepage: https://bestwebsoft.com/ Software Link:...
Network Video Recorder NVR304-16EP - Reflected Cross-Site Scripting (XSS) (Unauthenticated)
Exploit Title: Network Video Recorder NVR304-16EP - Reflected Cross-Site Scripting XSS Unauthenticated Author: Luis Martinez Discovery Date: 2022-02-13 Vendor Homepage: https://www.uniview.com/Products/NVR/Easy/NVR304-S-P/Product%20features Datasheet of NVR304-S-P:...
TeamSpeak 3.5.6 - Insecure File Permissions
Exploit Title: TeamSpeak 3.5.6 - Insecure File Permissions Date: 2022-02-15 Exploit Author: Aryan Chehreghani Contact: [email protected] Vendor Homepage: https://www.teamspeak.com Software Link: https://www.teamspeak.com/en/downloads Version: 3.5.6 Tested on: Windows 10 x64 About -...
Accounting Journal Management System 1.0 - 'id' SQLi (Authenticated)
Exploit Title: Accounting Journal Management System 1.0 - 'id' SQLi Authenticated Exploit Author: Alperen Ergel Contact: @alpernae IG/TW Software Homepage: https://www.sourcecodester.com/php/15155/accounting-journal-management-system-trial-balance-php-free-source-code.html Version : 1.0 Tested on...
Subrion CMS 4.2.1 - Cross Site Request Forgery (CSRF) (Add Amin)
Exploit Title: Subrion CMS 4.2.1 - Cross Site Request Forgery CSRF Add Amin Date: 2022-02-09 Exploit Author: Aryan Chehreghani Vendor Homepage: https://subrion.org Software Link: https://subrion.org/download Version: 4.2.1 Tested on: Windows 10 About - Subrion CMS : Subrion is a PHP/MySQL based C...