47904 matches found
Online Project Time Management System 1.0 - Multiple Stored Cross Site Scripting (XSS) (Authenticated)
Exploit Title: Online Project Time Management System 1.0 - Multiple Stored XSS Authenticated Date: 19/01/2022 Exploit Author: Felipe Alcantara Filiplain Vendor Homepage: https://www.sourcecodester.com/ Software Link:...
Online Project Time Management System 1.0 - SQLi (Authenticated)
Exploit Title: Online Project Time Management System 1.0 - SQLi Authenticated Date: 19/01/2022 Exploit Author: Felipe Alcantara Filiplain Vendor Homepage: https://www.sourcecodester.com/ Software Link:...
Landa Driving School Management System 2.0.1 - Arbitrary File Upload
Exploit Title: Landa Driving School Management System 2.0.1 - Arbitrary File Upload Version 2.0.1 Google Dork: N/A Date: 17/01/2022 Exploit Author: Sohel Yousef - [email protected] Software Link: https://codecanyon.net/item/landa-driving-school-management-system/23220151 Landa Driving Schoo...
Affiliate Pro 1.7 - 'Multiple' Cross Site Scripting (XSS)
Exploit Title: Affiliate Pro 1.7 - 'Multiple' Cross Site Scripting XSS Exploit Author: Vulnerability-Lab Date: 05/01/2022 Document Title: =============== Affiliate Pro v1.7 - Multiple Cross Site Vulnerabilities References Source: ====================...
Rocket LMS 1.1 - Persistent Cross Site Scripting (XSS)
Exploit Title: Rocket LMS 1.1 - Persistent Cross Site Scripting XSS Exploit Author: Vulnerability-Lab Date: 29/12/2021 Document Title: =============== Rocket LMS 1.1 - Persistent Cross Site Scripting XSS References Source: ====================...
uDoctorAppointment v2.1.1 - 'Multiple' Cross Site Scripting (XSS)
Exploit Title: uDoctorAppointment v2.1.1 - 'Multiple' Cross Site Scripting XSS Exploit Author: Vulnerability-Lab Date: 15/12/2021 Document Title: =============== uDoctorAppointment v2.1.1 - Multiple XSS Vulnerabilities References Source: ====================...
Nyron 1.0 - SQLi (Unauthenticated)
Exploit Title: Nyron 1.0 - SQLi Unauthenticated Google Dork: inurl:"winlib.aspx" Date: 01/18/2021 Exploit Author: Miguel Santareno Vendor Homepage: http://www.wecul.pt/ Software Link: http://www.wecul.pt/solucoes/bibliotecas/ Version: 3. Research: https://miguelsantareno.github.io/edp.pdf...
Online Resort Management System 1.0 - SQLi (Authenticated)
Exploit Title: Online Resort Management System 1.0 - SQLi Authenticated Date: 15/01/2022 Exploit Author: Gaurav Grover Vendor Homepage: Software Link: Version: 1.0 Tested on: Linux and windows both Summary: There are a vulnerabilities in Online Resort Management System ORMS 1. The attacker can...
Creston Web Interface 1.0.0.2159 - Credential Disclosure
Exploit Title: Creston Web Interface 1.0.0.2159 - Credential Disclosure Exploit Author: RedTeam Pentesting GmbH Advisory: Credential Disclosure in Web Interface of Crestron Device When the administrative web interface of the Crestron HDMI switcher is accessed unauthenticated, user credentials are...
OpenBMCS 2.4 - Information Disclosure
Exploit Title: OpenBMCS 2.4 - Information Disclosure Exploit Author: LiquidWorm Date: 26/10/2021 OpenBMCS 2.4 Secrets Disclosure Vendor: OPEN BMCS Product web page: https://www.openbmcs.com Affected version: 2.4 Summary: Building Management & Controls System BMCS. No matter what the size of your...
OpenBMCS 2.4 - Server Side Request Forgery (SSRF) (Unauthenticated)
Exploit Title: OpenBMCS 2.4 - Server Side Request Forgery SSRF Unauthenticated Exploit Author: LiquidWorm Date: 26/10/2021 OpenBMCS 2.4 Unauthenticated SSRF / RFI Vendor: OPEN BMCS Product web page: https://www.openbmcs.com Affected version: 2.4 Summary: Building Management & Controls System BMCS...
Simple Chatbot Application 1.0 - Remote Code Execution (RCE)
Exploit Title: Simple Chatbot Application 1.0 - Remote Code Execution RCE Date: 18/01/2022 Exploit Author: Saud Alenazi Vendor Homepage: https://www.sourcecodester.com/ Software Link: https://www.sourcecodester.com/php/14788/simple-chatbot-application-using-php-source-code.html Version: 1.0 Teste...
Simple Chatbot Application 1.0 - 'message' Blind SQLi
Exploit Title: Simple Chatbot Application 1.0 - 'message' Blind SQLi Date: 18/01/2022 Exploit Author: Saud Alenazi Vendor Homepage: https://www.sourcecodester.com/ Software Link: https://www.sourcecodester.com/php/14788/simple-chatbot-application-using-php-source-code.html Version: 1.0 Tested on:...
OpenBMCS 2.4 - Cross Site Request Forgery (CSRF)
Exploit Title: OpenBMCS 2.4 - Cross Site Request Forgery CSRF Exploit Author: LiquidWorm Date: 26/10/2021 OpenBMCS 2.4 CSRF Send E-mail Vendor: OPEN BMCS Product web page: https://www.openbmcs.com Affected version: 2.4 Summary: Building Management & Controls System BMCS. No matter what the size o...
WorkTime 10.20 Build 4967 - Unquoted Service Path
Exploit Title: WorkTime 10.20 Build 4967 - Unquoted Service Path Discovery by: Yehia Elghaly Date: 30-12-2021 Vendor Homepage: https://www.worktime.com/ Software Link: https://www.worktime.com/download/worktimecorporate.exe Tested Version: 10.20 Build Build 4967 Vulnerability Type: Unquoted Servi...
Archeevo 5.0 - Local File Inclusion
Exploit Title: Archeevo 5.0 - Local File Inclusion Google Dork: intitle:"archeevo" Date: 01/15/2021 Exploit Author: Miguel Santareno Vendor Homepage: https://www.keep.pt/ Software Link: https://www.keep.pt/produtos/archeevo-software-de-gestao-de-arquivos/ Version: 5.0 Tested on: windows 1...
OpenBMCS 2.4 - Create Admin / Remote Privilege Escalation
Exploit Title: OpenBMCS 2.4 - Create Admin / Remote Privilege Escalation Exploit Author: LiquidWorm Date: 26/10/2021 OpenBMCS 2.4 Create Admin / Remote Privilege Escalation Vendor: OPEN BMCS Product web page: https://www.openbmcs.com Affected version: 2.4 Summary: Building Management & Controls...
OpenBMCS 2.4 - SQLi (Authenticated)
Exploit Title: OpenBMCS 2.4 - SQLi Authenticated Exploit Author: LiquidWorm Date: 26/10/2021 OpenBMCS 2.4 Authenticated SQL Injection Vendor: OPEN BMCS Product web page: https://www.openbmcs.com Affected version: 2.4 Summary: Building Management & Controls System BMCS. No matter what the size of...
SalonERP 3.0.1 - 'sql' SQL Injection (Authenticated)
Exploit Title: SalonERP 3.0.1 - 'sql' SQL Injection Authenticated Exploit Author: Betul Denizler Vendor Homepage: https://salonerp.sourceforge.io/ Software Link: https://sourceforge.net/projects/salonerp/files/latest/download Version: SalonERP v3.0.1 Tested on: Ubuntu Mate 20.04 Vulnerable...
Hospitals Patient Records Management System 1.0 - 'room_types' Stored Cross Site Scripting (XSS)
Exploit Title: Hospitals Patient Records Management System 1.0 - 'roomtypes' Stored Cross Site Scripting XSS Exploit Author: Sant268 Vendor Homepage: https://www.sourcecodester.com/ Software Link:...
Hospitals Patient Records Management System 1.0 - 'room_list' Stored Cross Site Scripting (XSS)
Exploit Title: Hospitals Patient Records Management System 1.0 - 'roomlist' Stored Cross Site Scripting XSS Exploit Author: Sant268 Vendor Homepage: https://www.sourcecodester.com/ Software Link:...
Hospitals Patient Records Management System 1.0 - 'doctors' Stored Cross Site Scripting (XSS)
Exploit Title: Hospitals Patient Records Management System 1.0 - 'doctors' Stored Cross Site Scripting XSS Exploit Author: Sant268 Vendor Homepage: https://www.sourcecodester.com/ Software Link:...
Online Diagnostic Lab Management System 1.0 - SQL Injection (Unauthenticated)
Exploit Title: Online Diagnostic Lab Management System 1.0 - SQL Injection Unauthenticated Date: 11/01/2022 Exploit Author: Himash Vendor Homepage: https://www.sourcecodester.com/php/15129/online-diagnostic-lab-management-system-php-free-source-code.html Software Link:...
Online Diagnostic Lab Management System 1.0 - Stored Cross Site Scripting (XSS)
Exploit Title: Online Diagnostic Lab Management System 1.0 - Stored Cross Site Scripting XSS Date: 11/01/2022 Exploit Author: Himash Vendor Homepage: https://www.sourcecodester.com/php/15129/online-diagnostic-lab-management-system-php-free-source-code.html Software Link:...
Online Diagnostic Lab Management System 1.0 - Account Takeover (Unauthenticated)
Exploit Title: Online Diagnostic Lab Management System 1.0 - Account Takeover Unauthenticated Date: 11/01/2022 Exploit Author: Himash Vendor Homepage: https://www.sourcecodester.com/php/15129/online-diagnostic-lab-management-system-php-free-source-code.html Software Link:...
WordPress Core 5.8.2 - 'WP_Query' SQL Injection
Exploit Title: WordPress Core 5.8.2 - 'WPQuery' SQL Injection Date: 11/01/2022 Exploit Author: Aryan Chehreghani Vendor Homepage: https://wordpress.org Software Link: https://wordpress.org/download/releases Version: 5.8.3 Tested on: Windows 10 CVE : CVE-2022-21661 VULNERABILITY DETAILS : This...
WordPress Plugin Frontend Uploader 1.3.2 - Stored Cross Site Scripting (XSS) (Unauthenticated)
Exploit Title: WordPress Plugin Frontend Uploader 1.3.2 - Stored Cross Site Scripting XSS Unauthenticated Date: 10/01/2022 Exploit Author: Veshraj Ghimire Vendor Homepage: https://wordpress.org/plugins/frontend-uploader/ Software Link: https://plugins.trac.wordpress.org/browser/frontend-uploader/...
Microsoft Windows Defender - Detections Bypass
Exploit Title: Microsoft Internet Explorer / ActiveX Control - Security Bypass Exploit Author: John Page aka hyp3rlinx Website: hyp3rlinx.altervista.org Source: http://hyp3rlinx.altervista.org/advisories/MICROSOFTWINDOWSDEFENDERDETECTIONBYPASS.txt twitter.com/hyp3rlinx ISR: ApparitionSec Vendor...
Microsoft Windows .Reg File - Dialog Spoof / Mitigation Bypass
Exploit Title: Microsoft Windows .Reg File - Dialog Spoof / Mitigation Bypass Exploit Author: John Page aka hyp3rlinx Website: hyp3rlinx.altervista.org Source: http://hyp3rlinx.altervista.org/advisories/MICROSOFTWINDOWSREGFILEDIALOGSPOOFMITIGATIONBYPASS.txt twitter.com/hyp3rlinx ISR: ApparitionSe...
Online Railway Reservation System 1.0 - Admin Account Creation (Unauthenticated)
Exploit Title: Online Railway Reservation System 1.0 - Admin Account Creation Unauthenticated Date: 07/01/2022 Exploit Author: Zachary Asher Vendor Homepage: https://www.sourcecodester.com/php/15121/online-railway-reservation-system-phpoop-project-free-source-code.html Software Link:...
Online Railway Reservation System 1.0 - 'id' SQL Injection (Unauthenticated)
Exploit Title: Online Railway Reservation System 1.0 - 'id' SQL Injection Unauthenticated Date: 07/01/2022 Exploit Author: twseptian Vendor Homepage: https://www.sourcecodester.com/php/15121/online-railway-reservation-system-phpoop-project-free-source-code.html Software Link:...
Online Railway Reservation System 1.0 - Remote Code Execution (RCE) (Unauthenticated)
Exploit Title: Online Railway Reservation System 1.0 - Remote Code Execution RCE Unauthenticated Date: 07/01/2022 Exploit Author: Zachary Asher Vendor Homepage: https://www.sourcecodester.com/php/15121/online-railway-reservation-system-phpoop-project-free-source-code.html Software Link:...
CoreFTP Server build 725 - Directory Traversal (Authenticated)
Exploit Title: CoreFTP Server build 725 - Directory Traversal Authenticated Date: 08/01/2022 Exploit Author: LiamInfosec Vendor Homepage: http://coreftp.com/ Version: build 725 and below Tested on: Windows 10 CVE : CVE-2022-22836 Description: CoreFTP Server before 727 allows directory traversal f...
HTTP Commander 3.1.9 - Stored Cross Site Scripting (XSS)
Exploit Title: HTTP Commander 3.1.9 - Stored Cross Site Scripting XSS Date: 07/01/2022 Exploit Author: Oscar Sandén Vendor Homepage: https://www.element-it.com Software Link: https://www.element-it.com/downloads.aspx Version: 3.1.9 Tested on: Windows Server 2016 Description There is a stored XSS ...
VUPlayer 2.49 - '.wax' Local Buffer Overflow (DEP Bypass)
Exploit Title: VUPlayer 2.49 - '.wax' Local Buffer Overflow DEP Bypass Date: 26/06/2021 Exploit Author: Bryan Leong Vendor Homepage: http://www.vuplayer.com/ Software Link: Null Version: VUPlayer 2.49 Tested on: Windows 7 x64 CVE : CVE-2009-0182 VUPlayer 2.49 Local Buffer Overflow to Arbitrary Co...
Online Railway Reservation System 1.0 - 'Multiple' Stored Cross Site Scripting (XSS) (Unauthenticated)
Exploit Title: Online Railway Reservation System 1.0 - 'Multiple' Stored Cross Site Scripting XSS Unauthenticated Date: 07/01/2022 Exploit Author: Zachary Asher Vendor Homepage: https://www.sourcecodester.com/php/15121/online-railway-reservation-system-phpoop-project-free-source-code.html Softwar...
Open-AudIT Community 4.2.0 - Cross-Site Scripting (XSS) (Authenticated)
Exploit Title: Open-AudIT Community 4.2.0 - Cross-Site Scripting XSS Authenticated Date: 01/11/2021 Exploit Author: Dominic Clark parzival Vendor Homepage: https://opmantek.com/ Software Link: https://www.open-audit.org/downloads.php Category: WebApps Version: = 4.2.0 Tested on: Windows 10 CVE:...
Online Veterinary Appointment System 1.0 - 'Multiple' SQL Injection
Exploit Title: Online Veterinary Appointment System 1.0 - 'Multiple' SQL Injection Date: 05/01/20222 Exploit Author: twseptian Vendor Homepage: https://www.sourcecodester.com/php/15119/online-veterinary-appointment-system-using-phpoop-free-source-code.html Software Link:...
Vodafone H-500-s 3.5.10 - WiFi Password Disclosure
Exploit Title: Vodafone H-500-s 3.5.10 - WiFi Password Disclosure Date: 01/01/2022 Exploit Author: Daniel Monzón stark0de Vendor Homepage: https://www.vodafone.es/ Software Link: N/A Version: Firmware version Vodafone-H-500-s-v3.5.10 Hardware model: Sercomm VFH500 The WiFi access point password...
openSIS Student Information System 8.0 - 'multiple' SQL Injection
Exploit Title: openSIS Student Information System 8.0 - 'multiple' SQL Injection Date: 26/12/2021 Exploit Author: securityforeveryone.com Author Mail: helloATsecurityforeveryone.com Vendor Homepage: https://opensis.com Software Link: https://opensis.com Version: 8.0 Community Edition Tested on:...
Gerapy 0.9.7 - Remote Code Execution (RCE) (Authenticated)
Exploit Title: Gerapy 0.9.7 - Remote Code Execution RCE Authenticated Date: 03/01/2022 Exploit Author: Jeremiasz Pluta Vendor Homepage: https://github.com/Gerapy/Gerapy Version: All versions of Gerapy prior to 0.9.8 CVE: CVE-2021-43857 Tested on: Gerapy 0.9.6 Vulnerability: Gerapy prior to versio...
Dixell XWEB 500 - Arbitrary File Write
Exploit Title: Dixell XWEB-500 - Arbitrary File Write Google Dork: inurl:"xweb500.cgi" Date: 03/01/2022 Exploit Author: Roberto Palamaro Vendor Homepage: https://climate.emerson.com/it-it/shop/1/dixell-electronics-sku-xweb500-evo-it-it Version: XWEB-500 Tested on: Dixell XWEB-500 References:...
WordPress Plugin AAWP 3.16 - 'tab' Reflected Cross Site Scripting (XSS) (Authenticated)
Exploit Title: WordPress Plugin AAWP 3.16 - 'tab' Reflected Cross Site Scripting XSS Authenticated Date: 04/01/2022 Exploit Author: Andrea Bocchetti Vendor Homepage: https://getaawp.com/ Software Link: https://getaawp.com/ Version: 3.16 Tested on: Windows 10 - Chrome, WordPress 5.8.2 Proof of...
Projeqtor v9.3.1 - Stored Cross Site Scripting (XSS)
Exploit Title: Projeqtor v9.3.1 - Stored Cross Site Scripting XSS Exploit Author: Oscar Gutierrez m4xp0w3r Date: January 4, 2021 Vendor Homepage: https://www.projeqtor.org/en/ Software Link: https://www.projeqtor.org/en/product-en/downloads Tested on: Ubuntu, LAAMP Vendor: Projeqtor Version: v9.3...
TermTalk Server 3.24.0.2 - Arbitrary File Read (Unauthenticated)
Exploit Title: TermTalk Server 3.24.0.2 - Arbitrary File Read Unauthenticated Date: 03/01/2022 Exploit Author: Fabiano Golluscio @ Swascan Vendor Homepage: https://www.solari.it/it/ Software Link: https://www.solari.it/it/solutions/other-solutions/access-control/ Version: 3.24.0.2 Fixed Version:...
WordPress Plugin WP Visitor Statistics 4.7 - SQL Injection
Exploit Title: WordPress Plugin WP Visitor Statistics 4.7 - SQL Injection Date 22/12/2021 Exploit Author: Ron Jost Hacker5preme Vendor Homepage: https://www.plugins-market.com/ Software Link: https://downloads.wordpress.org/plugin/wp-stats-manager.4.7.zip Version: = 4.7 Tested on: Ubuntu 18.04 CV...
CMSimple 5.4 - Cross Site Scripting (XSS)
Exploit Title: CMSimple 5.4 - Cross Site Scripting XSS Date: 22/10/2021 Exploit Author: heinjame Vendor Homepage: https://www.cmsimple.org/en/ Software Link: https://www.cmsimple.org/en/?Downloads Version: images Upload a file Attack vector '-alert1// need to encode ' When the victim clicks the...
Movie Rating System 1.0 - SQLi to RCE (Unauthenticated)
Exploit Title: Movie Rating System 1.0 - SQLi to RCE Unauthenticated Date: 22/12/2021 Exploit Author: Tagoletta Tağmaç Software Link: https://www.sourcecodester.com/php/15104/sentiment-based-movie-rating-system-using-phpoop-free-source-code.html Version: 1.0 Tested on: Ubuntu This exploit only...
Siemens S7 Layer 2 - Denial of Service (DoS)
Exploit Title: Siemens S7 Layer 2 - Denial of Service DoS Date: 21/10/2021 Exploit Author: RoseSecurity Vendor Homepage: https://www.siemens.com/us/en.html Version: Firmware versions = 3 Tested on: Siemens S7-300, S7-400 PLCs !/usr/bin/python3 from scapy.all import from colorama import Fore, Back...
RiteCMS 3.1.0 - Arbitrary File Overwrite (Authenticated)
Exploit Title: RiteCMS 3.1.0 - Arbitrary File Overwrite Authenticated Date: 25/07/2021 Exploit Author: faisalfs10x https://github.com/faisalfs10x Vendor Homepage: https://ritecms.com/ Software Link: https://github.com/handylulu/RiteCMS/releases/download/V3.1.0/ritecms.v3.1.0.zip Version: Browse...