opencart 3.0.3.8 - Sessjion Injection

Exploit Title: opencart 3.0.3.8 - Sessjion Injection Date: 28/11/2021 Exploit Author: Hubert Wojciechowski Contact Author: [email protected] Company: https://redteam.pl Vendor Homepage: https://www.opencart.com/ Software Link: https://www.opencart.com/ Version: 3.0.3.8 Testeted on: Windows 10...

orangescrum 1.8.0 - Privilege escalation (Authenticated)

Exploit Title: orangescrum 1.8.0 - Privilege escalation Authenticated Date: 07/10/2021 Exploit Author: Hubert Wojciechowski Contact Author: [email protected] Company: https://redteam.pl Vendor Homepage: https://www.orangescrum.org/ Software Link: https://www.orangescrum.org/ Version: 1.8.0 Teste...

Bagisto 1.3.3 - Client-Side Template Injection

Exploit Title: Bagisto 1.3.3 - Client-Side Template Injection Date: 11-25-2021 Exploit Author: Mohamed Abdellatif Jaber Vendor Homepage: https://bagisto.com/en/ Software Link: https://github.com/bagisto/bagisto Version: v1.3.3 Tested on: windows | chrome | firefox Exploit :. 1- register an accoun...

CMSimple 5.4 - Local file inclusion (LFI) to Remote code execution (RCE) (Authenticated)

Exploit Title: CMSimple 5.4 - Local file inclusion LFI to Remote code execution RCE Authenticated Date: 11/15/2021 Exploit Author: S1lv3r Vendor Homepage: https://www.cmsimple.org/en/ Software Link: https://www.cmsimple.org/en/ Version: CMSimple 5.4 Tested on: CMSimple 5.4 writeup:...

HTTPDebuggerPro 9.11 - Unquoted Service Path

Exploit Title: HTTPDebuggerPro 9.11 - Unquoted Service Path Exploit Author: Aryan Chehreghani Date: 23/11/2021 Vendor Homepage: https://www.httpdebugger.com Software Link: https://www.httpdebugger.com/download.html Version: 9.11 Tested on: Windows 10 x64 SERVICENAME: HTTPDebuggerPro TYPE : 10...

Linux Kernel 5.1.x - 'PTRACE_TRACEME' pkexec Local Privilege Escalation (2)

Exploit Title: Linux Kernel 5.1.x - 'PTRACETRACEME' pkexec Local Privilege Escalation 2 Date: 11/22/21 Exploit Author: Ujas Dhami Version: 4.19 - 5.2.1 Platform: Linux Tested on: Ubuntu 19.04 kernel 5.0.0-15-generic Parrot OS 4.5.1 kernel 4.19.0-parrot1-13t-amd64 Kali Linux kernel...

Webrun 3.6.0.42 - 'P_0' SQL Injection

Exploit Title: Webrun 3.6.0.42 - 'P0' SQL Injection Google Dork: intitle:"Webrun 3.6.0.42" Date: 23/11/2021 Exploit Author: Vinicius Alves Vendor Homepage: https://softwell.com.br/ Version: 3.6.0.42 Tested on: Kali Linux 2021.3 CVE: CVE-2021-43650 =-=-=-= Description =-=-=-= Webrun version 3.6.0....

FLEX 1085 Web 1.6.0 - HTML Injection

Exploit Title: FLEX 1085 Web 1.6.0 - HTML Injection Date: 2021-11-21 Exploit Author: Mr Empy Vendor Homepage: https://www.tem.ind.br/ Software Link: https://www.tem.ind.br/?page=prod-detalhe&id=94 Version: 1.6.0 Tested on: Android Title: ================ FLEX 1085 Web - HTML Injection Summary:...

GNU gdbserver 9.2 - Remote Command Execution (RCE)

Exploit Title: GNU gdbserver 9.2 - Remote Command Execution RCE Date: 2021-11-21 Exploit Author: Roberto Gesteira Miñarro 7Rocky Vendor Homepage: https://www.gnu.org/software/gdb/ Software Link: https://www.gnu.org/software/gdb/download/ Version: GNU gdbserver Ubuntu 9.2-0ubuntu120.04 9.2 Tested...

Bus Pass Management System 1.0 - 'Search' SQL injection

Exploit Title: Bus Pass Management System 1.0 - 'Search' SQL injection Date: 23-11-2021 Exploit Author: Abhijeet Singh Vendor Homepage: https://phpgurukul.com/ Software Link: https://phpgurukul.com/bus-pass-management-system-using-php-and-mysql/ Version: v-1.0 Default Tested on: macOS...

Wordpress Plugin WP Guppy 1.1 - WP-JSON API Sensitive Information Disclosure

Exploit Title: Wordpress Plugin WP Guppy 1.1 - WP-JSON API Sensitive Information Disclosure Exploit Author: Keyvan Hardani Date: 22/11/2021 Vendor Homepage: https://wp-guppy.com/ Version: up to 1.1 Tested on: Kali Linux - Windows 10 - Wordpress 5.8.x and apache2 Usage ./exploit.sh -h !/bin/bash...

Pinkie 2.15 - TFTP Remote Buffer Overflow (PoC)

Exploit Title: Pinkie 2.15 - TFTP Remote Buffer Overflow PoC Discovered by: Yehia Elghaly Discovered Date: 2021-11-19 Vendor Homepage: http://www.ipuptime.net/ Software Link : http://ipuptime.net/PinkieSetup.zip Tested Version: 2.15 Vulnerability Type: Buffer Overflow DoS Remote Tested on OS:...

Modbus Slave 7.3.1 - Buffer Overflow (DoS)

Exploit Title: Modbus Slave 7.3.1 - Buffer Overflow DoS Discovered by: Yehia Elghaly Discovered Date: 2021-11-19 Vendor Homepage: https://www.modbustools.com/ Software Link : https://www.modbustools.com/download/ModbusSlaveSetup32Bit.exe Tested Version: 7.3.1 Connect 5. - Paste the characters of...

Aimeos Laravel ecommerce platform 2021.10 LTS - 'sort' SQL injection

Exploit Title: Aimeos Laravel ecommerce platform 2021.10 LTS - 'sort' SQL injection Date: 20/11/2021 Exploit Author: Ilker Burak ADIYAMAN Vendor Homepage: https://aimeos.org Software Link: https://aimeos.org/laravel-ecommerce-package Version: Aimeos 2021.10 LTS Tested on: MacOSX Description: The...

Bludit 3.13.1 - 'username' Cross Site Scripting (XSS)

Exploit Title: Bludit 3.13.1 - 'username' Cross Site Scripting XSS Date: 19/10/2021 Exploit Author: Vasu tamilanmkv Vendor Homepage: https://www.bludit.com Software Link: https://www.bludit.com/releases/bludit-3-13-1.zip Version: bludit-3-13-1 Tested on: kali linux CVE : CVE-2021-35323 Steps to...

SuiteCRM 7.11.18 - Remote Code Execution (RCE) (Authenticated) (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'SuiteCRM Log File Remote Code Execution', 'Description' = %q This module exploits an input validation error on the log file extension parameter. ...

Quick.CMS 6.7 - Cross Site Request Forgery (CSRF) to Cross Site Scripting (XSS) (Authenticated)

Exploit Title: Quick.CMS 6.7 - Cross Site request forgery CSRF to Cross-site Scripting XSS Authenticated Date: 21/04/2021 Exploit Author: Rahad Chowdhury Vendor Homepage: https://opensolution.org/ Software Link: https://opensolution.org/download/home.html?sFile=Quick.Cmsv6.7-en.zip Version: 6.7...

Wordpress Plugin Smart Product Review 1.0.4 - Arbitrary File Upload

Exploit Title: Wordpress Plugin Smart Product Review 1.0.4 - Arbitrary File Upload Google Dork: inurl: /wp-content/plugins/smart-product-review/ Date: 16/11/2021 Exploit Author: Keyvan Hardani Vendor Homepage: https://demo.codeflist.com/wordpress-plugins/smart-product-review/ Version: = 1.0.4...

GitLab 13.10.2 - Remote Code Execution (RCE) (Unauthenticated)

Exploit Title: GitLab 13.10.2 - Remote Code Execution RCE Unauthenticated Shodan Dork: https://www.shodan.io/search?query=title%3A%22GitLab%22+%2B%22Server%3A+nginx%22 Date: 11/01/2021 Exploit Author: Jacob Baines Vendor Homepage: https://about.gitlab.com/ Software Link:...

Online Learning System 2.0 - Remote Code Execution (RCE)

Exploit Title: Online Learning System 2.0 - Remote Code Execution RCE Date: 15/11/2021 Exploit Author: djebbaranon Vendor Homepage: https://github.com/oretnom23 Software Link: https://www.sourcecodester.com/sites/default/files/download/oretnom23/elearningv20.zip Version: 2.0 Tested on: Kali linux...

CMDBuild 3.3.2 - 'Multiple' Cross Site Scripting (XSS)

Exploit Title: CMDBuild 3.3.2 - 'Multiple' Cross Site Scripting XSS Date: 15/11/2021 Exploit Author: Hosein Vita Vendor Homepage: https://www.cmdbuild.org Software Link: https://www.cmdbuild.org/en/download/latest-version Version: CMDBuild 3.3.2 Tested on: Linux Summary: Multiple stored cross-sit...

WordPress Plugin WPSchoolPress 2.1.16 - 'Multiple' Cross Site Scripting (XSS)

Exploit Title: WordPress Plugin WPSchoolPress 2.1.16 - 'Multiple' Cross Site Scripting XSS Date: 20/08/2021 Exploit Author: Davide Taraschi Vendor Homepage: https://wpschoolpress.com/ Software Link: https://wpschoolpress.com/free-download/ Version: up to 2.1.17 non included Tested on: Ubuntu 20.0...

Fuel CMS 1.4.13 - 'col' Blind SQL Injection (Authenticated)

Exploit Title: Fuel CMS 1.4.13 - 'col' Blind SQL Injection Authenticated Date: 2021-04-11 Exploit Author: Rahad Chowdhury Vendor Homepage: https://www.getfuelcms.com/ Software Link: https://github.com/daylightstudio/FUEL-CMS/archive/1.4.13.zip Version: 1.4.13 Tested on: Kali Linux, PHP 7.4.16,...

Simple Subscription Website 1.0 - SQLi Authentication Bypass

Exploit Title: Simple Subscription Website 1.0 - SQLi Authentication Bypass Exploit Author: Daniel Haro Dirox Vendor Homepage: https://www.sourcecodester.com/php/15013/simple-subscription-website-admin-panel-php-and-sqlite-source-code.html Software Link:...

PHP Laravel 8.70.1 - Cross Site Scripting (XSS) to Cross Site Request Forgery (CSRF)

Exploit Title: PHP Laravel 8.70.1 - Cross Site Scripting XSS to Cross Site Request Forgery CSRF Date: 14/11/2021 Exploit Author: Hosein Vita Vendor Homepage: https://laravel.com/ Software Link: https://laravel.com/docs/4.2 Version: Laravel Framework 8.70.1 Tested on: Windows/Linux Description: We...

WordPress Plugin Contact Form to Email 1.3.24 - Stored Cross Site Scripting (XSS) (Authenticated)

Exploit Title: WordPress Plugin Contact Form to Email 1.3.24 - Stored Cross Site Scripting XSS Authenticated Date: 11/11/2021 Exploit Author: Mohammed Aadhil Ashfaq Vendor Homepage: https://form2email.dwbooster.com/ Version: 1.3.24 Tested on: wordpress POC 1. Click Contact form to Email...

KONGA 0.14.9 - Privilege Escalation

Exploit Title: KONGA 0.14.9 - Privilege Escalation Date: 10/11/2021 Exploit Author: Fabricio Salomao & Paulo Trindade @paulotrindadec Vendor Homepage: https://github.com/pantsel/konga Software Link: https://github.com/pantsel/konga/archive/refs/tags/0.14.9.zip Version: 0.14.9 Tested on: Linux -...

Windows MultiPoint Server 2011 SP1 - RpcEptMapper and Dnschade Local Privilege Escalation

Exploit Title: Windows MultiPoint Server 2011 SP1 - RpcEptMapper and Dnschade Local Privilege Escalation Date: 11/11/2021 Exploit Author: it Vendor Homepage: https://www.microsoft.com Software Link: https://www.microsoft.com/pt-br/download/details.aspx?id=8518 Version: Version 6.1 Compilation 760...

WordPress Plugin AccessPress Social Icons 1.8.2 - 'icon title' Stored Cross-Site Scripting (XSS)

Exploit Title: WordPress Plugin AccessPress Social Icons 1.8.2 - 'icon title' Stored Cross-Site Scripting XSS Date: 11/12/2021 Exploit Author: Murat DEMIRCI @butterflyhunt3r Vendor Homepage: https://accesspressthemes.com/ Software Link: https://wordpress.org/plugins/accesspress-social-icons/...

Mumara Classic 2.93 - 'license' SQL Injection (Unauthenticated)

Exploit Title: Mumara Classic 2.93 - 'license' SQL Injection Unauthenticated Date: 2021-11-11 Exploit Author: v0yager Shain Lakin Vendor Homepage: https://mumara.com Version: = 2.93 Tested on: CentOS 7 -==== Vulnerability ====- An SQL injection vulnerability in licenseupdate.php in Mumara Classic...

WordPress Plugin WP Symposium Pro 2021.10 - 'wps_admin_forum_add_name' Stored Cross-Site Scripting (XSS)

Exploit Title: WordPress Plugin WP Symposium Pro 2021.10 - 'wpsadminforumaddname' Stored Cross-Site Scripting XSS Date: 11/11/2021 Exploit Author: Murat DEMIRCI @butterflyhunt3r Vendor Homepage: http://www.wpsymposiumpro.com/ Software Link: https://wordpress.org/plugins/wp-symposium-pro/ Version:...

Xlight FTP 3.9.3.1 - Buffer Overflow (PoC)

Exploit Title: Xlight FTP 3.9.3.1 - 'Buffer Overflow' PoC Discovered by: Yehia Elghaly Discovered Date: 2021-11-12 Vendor Homepage: https://www.xlightftpd.com/ Software Link: https://www.xlightftpd.com/download/setup.exe Tested Version: 3.9.3.1 Vulnerability Type: Buffer Overflow Local Tested on...

YeaLink SIP-TXXXP 53.84.0.15 - 'cmd' Command Injection (Authenticated)

Exploit Title: YeaLink SIP-TXXXP 53.84.0.15 - 'cmd' Command Injection Authenticated Date: 11-10-2021 Exploit Author: tahaafarooq Vendor Homepage: https://www.yealink.com/ Version: 53.84.0.15 Tested on: YeaLink IP Phone SIP-T19P Hadrware VOIP Phone Description: Using Diagnostic tool from the...

AbsoluteTelnet 11.24 - 'Username' Denial of Service (PoC)

Exploit Title: AbsoluteTelnet 11.24 - 'Username' Denial of Service PoC Discovered by: Yehia Elghaly Discovered Date: 2021-11-10 Vendor Homepage: https://www.celestialsoftware.net/ Software Link: https://www.celestialsoftware.net/telnet/AbsoluteTelnet32.11.24.exe Tested Version: 11.24 Vulnerabilit...

FormaLMS 2.4.4 - Authentication Bypass

Exploit Title: FormaLMS 2.4.4 - Authentication Bypass Google Dork: inurl:index.php?r=adm/ Date: 2021-11-10 Exploit Author: Cristian 'void' Giustini @ Hacktive Security Vendor Homepage: https://formalms.org Software Link: https://formalms.org Version: = 2.4.4 Tested on: Linux CVE : CVE-2021-43136...

AbsoluteTelnet 11.24 - 'Phone' Denial of Service (PoC)

Exploit Title: AbsoluteTelnet 11.24 - 'Phone' Denial of Service PoC Discovered by: Yehia Elghaly Discovered Date: 2021-11-10 Vendor Homepage: https://www.celestialsoftware.net/ Software Link : https://www.celestialsoftware.net/telnet/AbsoluteTelnet32.11.24.exe Tested Version: 11.24 Vulnerability...

Apache HTTP Server 2.4.50 - Remote Code Execution (RCE) (3)

Exploit Title: Apache HTTP Server 2.4.50 - Remote Code Execution RCE 3 Date: 11/11/2021 Exploit Author: Valentin Lobstein Vendor Homepage: https://apache.org/ Version: Apache 2.4.49/2.4.50 CGI enabled Tested on: Debian GNU/Linux CVE : CVE-2021-41773 / CVE-2021-42013 Credits : Lucas Schnell...

Employee and Visitor Gate Pass Logging System 1.0 - 'name' Stored Cross-Site Scripting (XSS)

Exploit Title: Employee and Visitor Gate Pass Logging System 1.0 - 'name' Stored Cross-Site Scripting XSS Date: 10.11.2021 Exploit Author: İlhami Selamet Vendor Homepage: https://www.sourcecodester.com/php/15026/employee-and-visitor-gate-pass-logging-system-php-source-code.html Software Link:...

Employee Daily Task Management System 1.0 - 'Name' Stored Cross-Site Scripting (XSS)

Exploit Title: Employee Daily Task Management System 1.0 - 'Name' Stored Cross-Site Scripting XSS Date: 09/11/2021 Exploit Author: Ragavender A G Vendor Homepage: https://www.sourcecodester.com/ Software Link: https://www.sourcecodester.com/sites/default/files/download/oretnom23/edtms.zip Version...

zlog 1.2.15 - Buffer Overflow

Exploit Title: zlog 1.2.15 - Buffer Overflow Date: 10/23/2021 Exploit Author: LIWEI Vendor Homepage: https://github.com/HardySimpson/zlog Software Link: https://github.com/HardySimpson/zlog Version: v1.2.15 Tested on: ubuntu 18.04.2 1.- compile the zlogv1.2.15 code to a library. 2.- Use the...

Simple Client Management System 1.0 - SQLi (Authentication Bypass)

Exploit Title: Simple Client Management System 1.0 - SQLi Authentication Bypass Exploit Author: Sentinal920 Date: 5-11-2021 Category: Web application Vendor Homepage: https://www.sourcecodester.com/php/15027/simple-client-management-system-php-source-code.html Software Link:...

FusionPBX 4.5.29 - Remote Code Execution (RCE) (Authenticated)

Exploit Title: FusionPBX 4.5.29 - Remote Code Execution RCE Authenticated Date: 11/08/2021 Exploit Author: Luska Vendor Homepage: https://www.fusionpbx.com/ Software Link: https://github.com/fusionpbx/fusionpbx Version: 4.5.30 Tested on: Debian CVE : CVE-2021-43405 !/usr/bin/python3 import reques...

Money Transfer Management System 1.0 - Authentication Bypass

Exploit Title: Money Transfer Management System 1.0 - Authentication Bypass Date: 2021-11-07 Exploit Author: Aryan Chehreghani Vendor Homepage: https://www.sourcecodester.com Software Link:...

Simple Client Management System 1.0 - 'multiple' Stored Cross-Site Scripting (XSS)

Exploit Title: Simple Client Management System 1.0 - 'multiple' Stored Cross-Site Scripting XSS Exploit Author: Sentinal920 Date: 5-11-2021 Category: Web application Vendor Homepage: https://www.sourcecodester.com/php/15027/simple-client-management-system-php-source-code.html Software Link:...

WordPress Plugin Backup and Restore 1.0.3 - Arbitrary File Deletion

Exploit Title: WordPress Plugin Backup and Restore 1.0.3 - Arbitrary File Deletion Date: 11/07/2021 Exploit Author: Murat DEMIRCI @butterflyhunt3r Vendor Homepage: https://www.miniorange.com/ Software Link: https://wordpress.org/plugins/backup-and-restore-for-wp/ Version: 1.0.3 Tested on : Window...

Froxlor 0.10.29.1 - SQL Injection (Authenticated)

Exploit Title: Froxlor 0.10.29.1 - SQL Injection Authenticated Exploit Author: Martin Cernac Date: 2021-11-05 Vendor: Froxlor https://froxlor.org/ Software Link: https://froxlor.org/download.php Affected Version: 0.10.28, 0.10.29, 0.10.29.1 Patched Version: 0.10.30 Category: Web Application Teste...

Kmaleon 1.1.0.205 - 'tipocomb' SQL Injection (Authenticated)

Exploit Title: Kmaleon 1.1.0.205 - 'tipocomb' SQL Injection Authenticated Google Dork: intitle: "Inicio de Sesión - Kmaleon" Date: 2021-11-05 Exploit Author: Amel BOUZIANE-LEBLOND Vendor Homepage: https://www.levelprograms.com Software Link: https://www.levelprograms.com/kmaleon-abogados/ Version...

ImportExportTools NG 10.0.4 - HTML Injection

Exploit Title: ImportExportTools NG 10.0.4 - HTML Injection Date: 2021-11-05 Exploit Author: Vulnerability Lab Vendor Homepage: https://github.com/thundernest/import-export-tools-ng Software Link: https://addons.thunderbird.net/en-US/thunderbird/addon/importexporttools-ng/ Version: 10.0.4 Tested...

Payment Terminal 3.1 - 'Multiple' Cross-Site Scripting (XSS)

Exploit Title: Payment Terminal 3.1 - 'Multiple' Cross-Site Scripting XSS Date: 2021-11-05 Exploit Author: Vulnerability Lab Vendor Homepage: https://www.criticalgears.com/ Software Link: https://www.criticalgears.com/product/authorize-net-payment-terminal/...

10-Strike Network Inventory Explorer Pro 9.31 - 'srvInventoryWebServer' Unquoted Service Path

Exploit Title: 10-Strike Network Inventory Explorer Pro 9.31 - 'srvInventoryWebServer' Unquoted Service Path Discovery by: Brian Rodriguez Date: 04-11-2021 Vendor Homepage: https://www.10-strike.com/ Software Link: https://www.10-strike.com/networkinventoryexplorer/network-inventory-pro-setup.exe...