47884 matches found
Hospitals Patient Records Management System 1.0 - 'room_list' Stored Cross Site Scripting (XSS)
Exploit Title: Hospitals Patient Records Management System 1.0 - 'roomlist' Stored Cross Site Scripting XSS Exploit Author: Sant268 Vendor Homepage: https://www.sourcecodester.com/ Software Link:...
Online Diagnostic Lab Management System 1.0 - SQL Injection (Unauthenticated)
Exploit Title: Online Diagnostic Lab Management System 1.0 - SQL Injection Unauthenticated Date: 11/01/2022 Exploit Author: Himash Vendor Homepage: https://www.sourcecodester.com/php/15129/online-diagnostic-lab-management-system-php-free-source-code.html Software Link:...
Online Diagnostic Lab Management System 1.0 - Stored Cross Site Scripting (XSS)
Exploit Title: Online Diagnostic Lab Management System 1.0 - Stored Cross Site Scripting XSS Date: 11/01/2022 Exploit Author: Himash Vendor Homepage: https://www.sourcecodester.com/php/15129/online-diagnostic-lab-management-system-php-free-source-code.html Software Link:...
SalonERP 3.0.1 - 'sql' SQL Injection (Authenticated)
Exploit Title: SalonERP 3.0.1 - 'sql' SQL Injection Authenticated Exploit Author: Betul Denizler Vendor Homepage: https://salonerp.sourceforge.io/ Software Link: https://sourceforge.net/projects/salonerp/files/latest/download Version: SalonERP v3.0.1 Tested on: Ubuntu Mate 20.04 Vulnerable...
WordPress Core 5.8.2 - 'WP_Query' SQL Injection
Exploit Title: WordPress Core 5.8.2 - 'WPQuery' SQL Injection Date: 11/01/2022 Exploit Author: Aryan Chehreghani Vendor Homepage: https://wordpress.org Software Link: https://wordpress.org/download/releases Version: 5.8.3 Tested on: Windows 10 CVE : CVE-2022-21661 VULNERABILITY DETAILS : This...
Online Diagnostic Lab Management System 1.0 - Account Takeover (Unauthenticated)
Exploit Title: Online Diagnostic Lab Management System 1.0 - Account Takeover Unauthenticated Date: 11/01/2022 Exploit Author: Himash Vendor Homepage: https://www.sourcecodester.com/php/15129/online-diagnostic-lab-management-system-php-free-source-code.html Software Link:...
Microsoft Windows Defender - Detections Bypass
Exploit Title: Microsoft Internet Explorer / ActiveX Control - Security Bypass Exploit Author: John Page aka hyp3rlinx Website: hyp3rlinx.altervista.org Source: http://hyp3rlinx.altervista.org/advisories/MICROSOFTWINDOWSDEFENDERDETECTIONBYPASS.txt twitter.com/hyp3rlinx ISR: ApparitionSec Vendor...
WordPress Plugin Frontend Uploader 1.3.2 - Stored Cross Site Scripting (XSS) (Unauthenticated)
Exploit Title: WordPress Plugin Frontend Uploader 1.3.2 - Stored Cross Site Scripting XSS Unauthenticated Date: 10/01/2022 Exploit Author: Veshraj Ghimire Vendor Homepage: https://wordpress.org/plugins/frontend-uploader/ Software Link: https://plugins.trac.wordpress.org/browser/frontend-uploader/...
Microsoft Windows .Reg File - Dialog Spoof / Mitigation Bypass
Exploit Title: Microsoft Windows .Reg File - Dialog Spoof / Mitigation Bypass Exploit Author: John Page aka hyp3rlinx Website: hyp3rlinx.altervista.org Source: http://hyp3rlinx.altervista.org/advisories/MICROSOFTWINDOWSREGFILEDIALOGSPOOFMITIGATIONBYPASS.txt twitter.com/hyp3rlinx ISR: ApparitionSe...
Online Railway Reservation System 1.0 - Remote Code Execution (RCE) (Unauthenticated)
Exploit Title: Online Railway Reservation System 1.0 - Remote Code Execution RCE Unauthenticated Date: 07/01/2022 Exploit Author: Zachary Asher Vendor Homepage: https://www.sourcecodester.com/php/15121/online-railway-reservation-system-phpoop-project-free-source-code.html Software Link:...
Online Railway Reservation System 1.0 - 'Multiple' Stored Cross Site Scripting (XSS) (Unauthenticated)
Exploit Title: Online Railway Reservation System 1.0 - 'Multiple' Stored Cross Site Scripting XSS Unauthenticated Date: 07/01/2022 Exploit Author: Zachary Asher Vendor Homepage: https://www.sourcecodester.com/php/15121/online-railway-reservation-system-phpoop-project-free-source-code.html Softwar...
Online Railway Reservation System 1.0 - 'id' SQL Injection (Unauthenticated)
Exploit Title: Online Railway Reservation System 1.0 - 'id' SQL Injection Unauthenticated Date: 07/01/2022 Exploit Author: twseptian Vendor Homepage: https://www.sourcecodester.com/php/15121/online-railway-reservation-system-phpoop-project-free-source-code.html Software Link:...
VUPlayer 2.49 - '.wax' Local Buffer Overflow (DEP Bypass)
Exploit Title: VUPlayer 2.49 - '.wax' Local Buffer Overflow DEP Bypass Date: 26/06/2021 Exploit Author: Bryan Leong Vendor Homepage: http://www.vuplayer.com/ Software Link: Null Version: VUPlayer 2.49 Tested on: Windows 7 x64 CVE : CVE-2009-0182 VUPlayer 2.49 Local Buffer Overflow to Arbitrary Co...
HTTP Commander 3.1.9 - Stored Cross Site Scripting (XSS)
Exploit Title: HTTP Commander 3.1.9 - Stored Cross Site Scripting XSS Date: 07/01/2022 Exploit Author: Oscar Sandén Vendor Homepage: https://www.element-it.com Software Link: https://www.element-it.com/downloads.aspx Version: 3.1.9 Tested on: Windows Server 2016 Description There is a stored XSS ...
CoreFTP Server build 725 - Directory Traversal (Authenticated)
Exploit Title: CoreFTP Server build 725 - Directory Traversal Authenticated Date: 08/01/2022 Exploit Author: LiamInfosec Vendor Homepage: http://coreftp.com/ Version: build 725 and below Tested on: Windows 10 CVE : CVE-2022-22836 Description: CoreFTP Server before 727 allows directory traversal f...
Open-AudIT Community 4.2.0 - Cross-Site Scripting (XSS) (Authenticated)
Exploit Title: Open-AudIT Community 4.2.0 - Cross-Site Scripting XSS Authenticated Date: 01/11/2021 Exploit Author: Dominic Clark parzival Vendor Homepage: https://opmantek.com/ Software Link: https://www.open-audit.org/downloads.php Category: WebApps Version: = 4.2.0 Tested on: Windows 10 CVE:...
Online Railway Reservation System 1.0 - Admin Account Creation (Unauthenticated)
Exploit Title: Online Railway Reservation System 1.0 - Admin Account Creation Unauthenticated Date: 07/01/2022 Exploit Author: Zachary Asher Vendor Homepage: https://www.sourcecodester.com/php/15121/online-railway-reservation-system-phpoop-project-free-source-code.html Software Link:...
Online Veterinary Appointment System 1.0 - 'Multiple' SQL Injection
Exploit Title: Online Veterinary Appointment System 1.0 - 'Multiple' SQL Injection Date: 05/01/20222 Exploit Author: twseptian Vendor Homepage: https://www.sourcecodester.com/php/15119/online-veterinary-appointment-system-using-phpoop-free-source-code.html Software Link:...
Siemens S7 Layer 2 - Denial of Service (DoS)
Exploit Title: Siemens S7 Layer 2 - Denial of Service DoS Date: 21/10/2021 Exploit Author: RoseSecurity Vendor Homepage: https://www.siemens.com/us/en.html Version: Firmware versions = 3 Tested on: Siemens S7-300, S7-400 PLCs !/usr/bin/python3 from scapy.all import from colorama import Fore, Back...
Nettmp NNT 5.1 - SQLi Authentication Bypass
Exploit Title: Nettmp NNT 5.1 - SQLi Authentication Bypass Date: 23/12/2021 Exploit Author: Momen Eldawakhly Cyber Guy Vendor Homepage: https://wiki.nettemp.tk Software Link: https://wiki.nettemp.tk Version: nettmp NNT Tested on: Linux Ubuntu 20.04 Payload: username: 1' or 1=1;-- password: \ Proo...
Accu-Time Systems MAXIMUS 1.0 - Telnet Remote Buffer Overflow (DoS)
Exploit Title: Accu-Time Systems MAXIMUS 1.0 - Telnet Remote Buffer Overflow DoS Discovered by: Yehia Elghaly Discovered Date: 22/12/2021 Vendor Homepage: https://www.accu-time.com/ Software Link : https://www.accu-time.com/maximus-employee-time-clock-3/ Tested Version: 1.0 Vulnerability Type:...
WordPress Plugin AAWP 3.16 - 'tab' Reflected Cross Site Scripting (XSS) (Authenticated)
Exploit Title: WordPress Plugin AAWP 3.16 - 'tab' Reflected Cross Site Scripting XSS Authenticated Date: 04/01/2022 Exploit Author: Andrea Bocchetti Vendor Homepage: https://getaawp.com/ Software Link: https://getaawp.com/ Version: 3.16 Tested on: Windows 10 - Chrome, WordPress 5.8.2 Proof of...
Gerapy 0.9.7 - Remote Code Execution (RCE) (Authenticated)
Exploit Title: Gerapy 0.9.7 - Remote Code Execution RCE Authenticated Date: 03/01/2022 Exploit Author: Jeremiasz Pluta Vendor Homepage: https://github.com/Gerapy/Gerapy Version: All versions of Gerapy prior to 0.9.8 CVE: CVE-2021-43857 Tested on: Gerapy 0.9.6 Vulnerability: Gerapy prior to versio...
Hospitals Patient Records Management System 1.0 - Account TakeOver
Exploit Title: Hospitals Patient Records Management System 1.0 - Account TakeOver Date: 30/12/2021 Exploit Author: twseptian Vendor Homepage: https://www.sourcecodester.com/php/15116/hospitals-patient-records-management-system-php-free-source-code.html Software Link:...
WordPress Plugin The True Ranker 2.2.2 - Arbitrary File Read (Unauthenticated)
Exploit Title: WordPress Plugin The True Ranker 2.2.2 - Arbitrary File Read Unauthenticated Date: 23/12/2021 Exploit Authors: Nicole Sheinin, Liad Levy Vendor Homepage: https://wordpress.org/plugins/seo-local-rank/ Software Link: https://plugins.svn.wordpress.org/seo-local-rank/tags/2.2.2/ Versio...
Library System in PHP 1.0 - 'publisher name' Stored Cross-Site Scripting (XSS)
Exploit Title: Library System in PHP 1.0 - 'publisher name' Stored Cross-Site Scripting XSS Google Dork: NA Date: 03-OCT-2021 Exploit Author: Akash Rajendra Patil Vendor Homepage: https://www.yahoobaba.net/project/library-system-in-php Software Link:...
SAFARI Montage 8.5 - Reflected Cross Site Scripting (XSS)
Exploit Title: SAFARI Montage 8.5 - Reflected Cross Site Scripting XSS Date: 28/12/2021 Exploit Author: Momen Eldawakhly - Cyber Guy - Resecurity Inc Vendor Homepage: https://www.safarimontage.com/ Version: 8.3 and 8.5 Tested on: Ubuntu Linux Firefox CVE: CVE-2021-45425 Proof of Concept: GET...
RiteCMS 3.1.0 - Remote Code Execution (RCE) (Authenticated)
Exploit Title: RiteCMS 3.1.0 - Remote Code Execution RCE Authenticated Date: 25/07/2021 Exploit Author: faisalfs10x https://github.com/faisalfs10x Vendor Homepage: https://ritecms.com/ Software Link: https://github.com/handylulu/RiteCMS/releases/download/V3.1.0/ritecms.v3.1.0.zip Version: = 3.1.0...
TermTalk Server 3.24.0.2 - Arbitrary File Read (Unauthenticated)
Exploit Title: TermTalk Server 3.24.0.2 - Arbitrary File Read Unauthenticated Date: 03/01/2022 Exploit Author: Fabiano Golluscio @ Swascan Vendor Homepage: https://www.solari.it/it/ Software Link: https://www.solari.it/it/solutions/other-solutions/access-control/ Version: 3.24.0.2 Fixed Version:...
BeyondTrust Remote Support 6.0 - Reflected Cross-Site Scripting (XSS) (Unauthenticated)
Exploit Title: BeyondTrust Remote Support 6.0 - Reflected Cross-Site Scripting XSS Unauthenticated Google Dork: intext:"BeyondTrust" "Redistribution Prohibited" Date: 30/12/2021 Exploit Author: Malcrove Vendor Homepage: https://www.beyondtrust.com/ Version: v6.0 and earlier versions Summary:...
Projeqtor v9.3.1 - Stored Cross Site Scripting (XSS)
Exploit Title: Projeqtor v9.3.1 - Stored Cross Site Scripting XSS Exploit Author: Oscar Gutierrez m4xp0w3r Date: January 4, 2021 Vendor Homepage: https://www.projeqtor.org/en/ Software Link: https://www.projeqtor.org/en/product-en/downloads Tested on: Ubuntu, LAAMP Vendor: Projeqtor Version: v9.3...
Hostel Management System 2.1 - Cross Site Scripting (XSS)
Exploit Title: Hostel Management System 2.1 - Cross Site Scripting XSS Date: 26/12/2021 Exploit Author: Chinmay Vishwas Divekar Vendor Homepage: https://phpgurukul.com/hostel-management-system/ Software Link: https://phpgurukul.com/hostel-management-system/ Version: V 2.1 Tested on: PopOS20.10...
TRIGONE Remote System Monitor 3.61 - Unquoted Service Path
Exploit Title: TRIGONE Remote System Monitor 3.61 - Unquoted Service Path Discovery by: Yehia Elghaly Date: 30-12-2021 Vendor Homepage: https://www.trigonesoft.com/ Software Link: https://www.trigonesoft.com/download/RemoteSystemmonitorServer3.61x86Setup.exe Tested Version: 3.61 Vulnerability Typ...
Movie Rating System 1.0 - SQLi to RCE (Unauthenticated)
Exploit Title: Movie Rating System 1.0 - SQLi to RCE Unauthenticated Date: 22/12/2021 Exploit Author: Tagoletta Tağmaç Software Link: https://www.sourcecodester.com/php/15104/sentiment-based-movie-rating-system-using-phpoop-free-source-code.html Version: 1.0 Tested on: Ubuntu This exploit only...
Online Admission System 1.0 - Remote Code Execution (RCE) (Unauthenticated)
Exploit Title: Online Admission System 1.0 - Remote Code Execution RCE Unauthenticated Date: 23/12/2021 Exploit Author: Jeremiasz Pluta Vendor Homepage: https://github.com/rskoolrash/Online-Admission-System Software Link: https://github.com/rskoolrash/Online-Admission-System Tested on: LAMP Stack...
ConnectWise Control 19.2.24707 - Username Enumeration
Exploit Title: ConnectWise Control 19.2.24707 - Username Enumeration Date: 17/12/2021 Exploit Author: Luca Cuzzolin aka czz78 Vendor Homepage: https://www.connectwise.com/ Version: vulnerable = 19.2.24707 CVE : CVE-2019-16516 https://github.com/czz/ScreenConnect-UserEnum from multiprocessing impo...
RiteCMS 3.1.0 - Arbitrary File Overwrite (Authenticated)
Exploit Title: RiteCMS 3.1.0 - Arbitrary File Overwrite Authenticated Date: 25/07/2021 Exploit Author: faisalfs10x https://github.com/faisalfs10x Vendor Homepage: https://ritecms.com/ Software Link: https://github.com/handylulu/RiteCMS/releases/download/V3.1.0/ritecms.v3.1.0.zip Version: Browse...
openSIS Student Information System 8.0 - 'multiple' SQL Injection
Exploit Title: openSIS Student Information System 8.0 - 'multiple' SQL Injection Date: 26/12/2021 Exploit Author: securityforeveryone.com Author Mail: helloATsecurityforeveryone.com Vendor Homepage: https://opensis.com Software Link: https://opensis.com Version: 8.0 Community Edition Tested on:...
AWebServer GhostBuilding 18 - Denial of Service (DoS)
Exploit Title: AWebServer GhostBuilding 18 - Denial of Service DoS Date: 28/12/2021 Exploit Author: Andres Ramos Invertebrado Vendor Homepage: http://sylkat-tools.rf.gd/awebserver.htm Software Link: https://play.google.com/store/apps/details?id=com.sylkat.apache&hl=en Version: AWebServer...
Automox Agent 32 - Local Privilege Escalation
Exploit Title: Automox Agent 32 - Local Privilege Escalation Date: 13/12/2021 Exploit Author: Greg Foss Writeup: https://www.lacework.com/blog/cve-2021-43326/ Vendor Homepage: https://www.automox.com/ Software Link: https://support.automox.com/help/agents Version: 31, 32, 33 Tested on: Windows 10...
Vodafone H-500-s 3.5.10 - WiFi Password Disclosure
Exploit Title: Vodafone H-500-s 3.5.10 - WiFi Password Disclosure Date: 01/01/2022 Exploit Author: Daniel Monzón stark0de Vendor Homepage: https://www.vodafone.es/ Software Link: N/A Version: Firmware version Vodafone-H-500-s-v3.5.10 Hardware model: Sercomm VFH500 The WiFi access point password...
Hospitals Patient Records Management System 1.0 - 'id' SQL Injection (Authenticated)
Exploit Title: Hospitalss Patient Records Management System 1.0 - 'id' SQL Injection Authenticated Date: 30/12/2021 Exploit Author: twseptian Vendor Homepage: https://www.sourcecodester.com/php/15116/hospitals-patient-records-management-system-php-free-source-code.html Software Link:...
WordPress Plugin WP Visitor Statistics 4.7 - SQL Injection
Exploit Title: WordPress Plugin WP Visitor Statistics 4.7 - SQL Injection Date 22/12/2021 Exploit Author: Ron Jost Hacker5preme Vendor Homepage: https://www.plugins-market.com/ Software Link: https://downloads.wordpress.org/plugin/wp-stats-manager.4.7.zip Version: = 4.7 Tested on: Ubuntu 18.04 CV...
RiteCMS 3.1.0 - Arbitrary File Deletion (Authenticated)
Exploit Title: RiteCMS 3.1.0 - Arbitrary File Deletion Authenticated Date: 25/07/2021 Exploit Author: faisalfs10x https://github.com/faisalfs10x Vendor Homepage: https://ritecms.com/ Software Link: https://github.com/handylulu/RiteCMS/releases/download/V3.1.0/ritecms.v3.1.0.zip Version: = 3.1.0...
Dixell XWEB 500 - Arbitrary File Write
Exploit Title: Dixell XWEB-500 - Arbitrary File Write Google Dork: inurl:"xweb500.cgi" Date: 03/01/2022 Exploit Author: Roberto Palamaro Vendor Homepage: https://climate.emerson.com/it-it/shop/1/dixell-electronics-sku-xweb500-evo-it-it Version: XWEB-500 Tested on: Dixell XWEB-500 References:...
Virtual Airlines Manager 2.6.2 - 'multiple' SQL Injection
Exploit Title: Virtual Airlines Manager 2.6.2 - 'multiple' SQL Injection Google Dork: Powered by Virtual Airlines Manager v2.6.2 Date: 2021-12-30 Exploit Author: Milad Karimi Vendor Homepage: http://virtualairlinesmanager.net Software Link: https://virtualairlinesmanager.net/index.php/vam-release...
Movie Rating System 1.0 - Broken Access Control (Admin Account Creation) (Unauthenticated)
Exploit Title: Movie Rating System 1.0 - Broken Access Control Admin Account Creation Unauthenticated Date: 22/12/2021 Exploit Author: Tagoletta Tağmaç Software Link: https://www.sourcecodester.com/php/15104/sentiment-based-movie-rating-system-using-phpoop-free-source-code.html Version: 1.0 Teste...
WordPress Plugin Contact Form Entries 1.1.6 - Cross Site Scripting (XSS) (Unauthenticated)
Exploit Title: WordPress Plugin Contact Form Entries 1.1.6 - Cross Site Scripting XSS Unauthenticated Date: 22/12/2021 Exploit Author: gx1 Vulnerability Discovery: Gaetano Perrone Vendor Homepage: https://www.crmperks.com/ Software Link: https://wordpress.org/plugins/contact-form-entries/ Version...
CMSimple 5.4 - Cross Site Scripting (XSS)
Exploit Title: CMSimple 5.4 - Cross Site Scripting XSS Date: 22/10/2021 Exploit Author: heinjame Vendor Homepage: https://www.cmsimple.org/en/ Software Link: https://www.cmsimple.org/en/?Downloads Version: images Upload a file Attack vector '-alert1// need to encode ' When the victim clicks the...
Terramaster TOS 4.2.15 - Remote Code Execution (RCE) (Unauthenticated)
Exploit Title: Terramaster TOS 4.2.15 - Remote Code Execution RCE Unauthenticated Date: 12/24/2021 Exploit Author: n0tme thatsn0tmysite Full Write-Up: https://thatsn0tmy.site/posts/2021/12/how-to-summon-rces/ Vendor Homepage: https://www.terra-master.com/ Version: TOS 4.2.X 4.2.15-2107141517 Test...