47904 matches found
WordPress Plugin AccessPress Social Icons 1.8.2 - 'icon title' Stored Cross-Site Scripting (XSS)
Exploit Title: WordPress Plugin AccessPress Social Icons 1.8.2 - 'icon title' Stored Cross-Site Scripting XSS Date: 11/12/2021 Exploit Author: Murat DEMIRCI @butterflyhunt3r Vendor Homepage: https://accesspressthemes.com/ Software Link: https://wordpress.org/plugins/accesspress-social-icons/...
WordPress Plugin WP Symposium Pro 2021.10 - 'wps_admin_forum_add_name' Stored Cross-Site Scripting (XSS)
Exploit Title: WordPress Plugin WP Symposium Pro 2021.10 - 'wpsadminforumaddname' Stored Cross-Site Scripting XSS Date: 11/11/2021 Exploit Author: Murat DEMIRCI @butterflyhunt3r Vendor Homepage: http://www.wpsymposiumpro.com/ Software Link: https://wordpress.org/plugins/wp-symposium-pro/ Version:...
Apache HTTP Server 2.4.50 - Remote Code Execution (RCE) (3)
Exploit Title: Apache HTTP Server 2.4.50 - Remote Code Execution RCE 3 Date: 11/11/2021 Exploit Author: Valentin Lobstein Vendor Homepage: https://apache.org/ Version: Apache 2.4.49/2.4.50 CGI enabled Tested on: Debian GNU/Linux CVE : CVE-2021-41773 / CVE-2021-42013 Credits : Lucas Schnell...
AbsoluteTelnet 11.24 - 'Username' Denial of Service (PoC)
Exploit Title: AbsoluteTelnet 11.24 - 'Username' Denial of Service PoC Discovered by: Yehia Elghaly Discovered Date: 2021-11-10 Vendor Homepage: https://www.celestialsoftware.net/ Software Link: https://www.celestialsoftware.net/telnet/AbsoluteTelnet32.11.24.exe Tested Version: 11.24 Vulnerabilit...
FormaLMS 2.4.4 - Authentication Bypass
Exploit Title: FormaLMS 2.4.4 - Authentication Bypass Google Dork: inurl:index.php?r=adm/ Date: 2021-11-10 Exploit Author: Cristian 'void' Giustini @ Hacktive Security Vendor Homepage: https://formalms.org Software Link: https://formalms.org Version: = 2.4.4 Tested on: Linux CVE : CVE-2021-43136...
YeaLink SIP-TXXXP 53.84.0.15 - 'cmd' Command Injection (Authenticated)
Exploit Title: YeaLink SIP-TXXXP 53.84.0.15 - 'cmd' Command Injection Authenticated Date: 11-10-2021 Exploit Author: tahaafarooq Vendor Homepage: https://www.yealink.com/ Version: 53.84.0.15 Tested on: YeaLink IP Phone SIP-T19P Hadrware VOIP Phone Description: Using Diagnostic tool from the...
AbsoluteTelnet 11.24 - 'Phone' Denial of Service (PoC)
Exploit Title: AbsoluteTelnet 11.24 - 'Phone' Denial of Service PoC Discovered by: Yehia Elghaly Discovered Date: 2021-11-10 Vendor Homepage: https://www.celestialsoftware.net/ Software Link : https://www.celestialsoftware.net/telnet/AbsoluteTelnet32.11.24.exe Tested Version: 11.24 Vulnerability...
Employee and Visitor Gate Pass Logging System 1.0 - 'name' Stored Cross-Site Scripting (XSS)
Exploit Title: Employee and Visitor Gate Pass Logging System 1.0 - 'name' Stored Cross-Site Scripting XSS Date: 10.11.2021 Exploit Author: İlhami Selamet Vendor Homepage: https://www.sourcecodester.com/php/15026/employee-and-visitor-gate-pass-logging-system-php-source-code.html Software Link:...
Employee Daily Task Management System 1.0 - 'Name' Stored Cross-Site Scripting (XSS)
Exploit Title: Employee Daily Task Management System 1.0 - 'Name' Stored Cross-Site Scripting XSS Date: 09/11/2021 Exploit Author: Ragavender A G Vendor Homepage: https://www.sourcecodester.com/ Software Link: https://www.sourcecodester.com/sites/default/files/download/oretnom23/edtms.zip Version...
FusionPBX 4.5.29 - Remote Code Execution (RCE) (Authenticated)
Exploit Title: FusionPBX 4.5.29 - Remote Code Execution RCE Authenticated Date: 11/08/2021 Exploit Author: Luska Vendor Homepage: https://www.fusionpbx.com/ Software Link: https://github.com/fusionpbx/fusionpbx Version: 4.5.30 Tested on: Debian CVE : CVE-2021-43405 !/usr/bin/python3 import reques...
zlog 1.2.15 - Buffer Overflow
Exploit Title: zlog 1.2.15 - Buffer Overflow Date: 10/23/2021 Exploit Author: LIWEI Vendor Homepage: https://github.com/HardySimpson/zlog Software Link: https://github.com/HardySimpson/zlog Version: v1.2.15 Tested on: ubuntu 18.04.2 1.- compile the zlogv1.2.15 code to a library. 2.- Use the...
Simple Client Management System 1.0 - SQLi (Authentication Bypass)
Exploit Title: Simple Client Management System 1.0 - SQLi Authentication Bypass Exploit Author: Sentinal920 Date: 5-11-2021 Category: Web application Vendor Homepage: https://www.sourcecodester.com/php/15027/simple-client-management-system-php-source-code.html Software Link:...
Kmaleon 1.1.0.205 - 'tipocomb' SQL Injection (Authenticated)
Exploit Title: Kmaleon 1.1.0.205 - 'tipocomb' SQL Injection Authenticated Google Dork: intitle: "Inicio de Sesión - Kmaleon" Date: 2021-11-05 Exploit Author: Amel BOUZIANE-LEBLOND Vendor Homepage: https://www.levelprograms.com Software Link: https://www.levelprograms.com/kmaleon-abogados/ Version...
Money Transfer Management System 1.0 - Authentication Bypass
Exploit Title: Money Transfer Management System 1.0 - Authentication Bypass Date: 2021-11-07 Exploit Author: Aryan Chehreghani Vendor Homepage: https://www.sourcecodester.com Software Link:...
Froxlor 0.10.29.1 - SQL Injection (Authenticated)
Exploit Title: Froxlor 0.10.29.1 - SQL Injection Authenticated Exploit Author: Martin Cernac Date: 2021-11-05 Vendor: Froxlor https://froxlor.org/ Software Link: https://froxlor.org/download.php Affected Version: 0.10.28, 0.10.29, 0.10.29.1 Patched Version: 0.10.30 Category: Web Application Teste...
Simple Client Management System 1.0 - 'multiple' Stored Cross-Site Scripting (XSS)
Exploit Title: Simple Client Management System 1.0 - 'multiple' Stored Cross-Site Scripting XSS Exploit Author: Sentinal920 Date: 5-11-2021 Category: Web application Vendor Homepage: https://www.sourcecodester.com/php/15027/simple-client-management-system-php-source-code.html Software Link:...
WordPress Plugin Backup and Restore 1.0.3 - Arbitrary File Deletion
Exploit Title: WordPress Plugin Backup and Restore 1.0.3 - Arbitrary File Deletion Date: 11/07/2021 Exploit Author: Murat DEMIRCI @butterflyhunt3r Vendor Homepage: https://www.miniorange.com/ Software Link: https://wordpress.org/plugins/backup-and-restore-for-wp/ Version: 1.0.3 Tested on : Window...
Payment Terminal 3.1 - 'Multiple' Cross-Site Scripting (XSS)
Exploit Title: Payment Terminal 3.1 - 'Multiple' Cross-Site Scripting XSS Date: 2021-11-05 Exploit Author: Vulnerability Lab Vendor Homepage: https://www.criticalgears.com/ Software Link: https://www.criticalgears.com/product/authorize-net-payment-terminal/...
ImportExportTools NG 10.0.4 - HTML Injection
Exploit Title: ImportExportTools NG 10.0.4 - HTML Injection Date: 2021-11-05 Exploit Author: Vulnerability Lab Vendor Homepage: https://github.com/thundernest/import-export-tools-ng Software Link: https://addons.thunderbird.net/en-US/thunderbird/addon/importexporttools-ng/ Version: 10.0.4 Tested...
10-Strike Network Inventory Explorer Pro 9.31 - 'srvInventoryWebServer' Unquoted Service Path
Exploit Title: 10-Strike Network Inventory Explorer Pro 9.31 - 'srvInventoryWebServer' Unquoted Service Path Discovery by: Brian Rodriguez Date: 04-11-2021 Vendor Homepage: https://www.10-strike.com/ Software Link: https://www.10-strike.com/networkinventoryexplorer/network-inventory-pro-setup.exe...
Opencart 3 Extension TMD Vendor System - Blind SQL Injection
Exploit Title: Opencart 3 Extension TMD Vendor System - Blind SQL Injection Author: Muhammad Zaki Sulistya [email protected] Date: 03-11-2021 Product: TMD Vendor System Vendor Homepage: https://www.opencartextensions.in/ Software Link:...
OpenAM 13.0 - LDAP Injection
Exploit Title: OpenAM 13.0 - LDAP Injection Date: 03/11/2021 Exploit Author: Charlton Trezevant, GuidePoint Security Vendor Homepage: https://www.forgerock.com/ Software Link: https://github.com/OpenIdentityPlatform/OpenAM/releases/tag/13.0.0,...
Ultimate POS 4.4 - 'name' Cross-Site Scripting (XSS)
Exploit Title: Ultimate POS 4.4 - 'name' Cross-Site Scripting XSS Date: 2021-10-26 Exploit Author: Vulnerability Lab Vendor Homepage: https://ultimatefosters.com/docs/ultimatepos/ Version: 4.4 Document Title: =============== Ultimate POS v4.4 - Products Persistent XSS Vulnerability References...
PHP Melody 3.0 - 'vid' SQL Injection
Exploit Title: PHP Melody 3.0 - 'vid' SQL Injection Date: 2021-10-20 Exploit Author: Vulnerability Lab Vendor Homepage: https://www.phpsugar.com/phpmelody.html Version: v3 Document Title: =============== PHP Melody v3.0 - vid SQL Injection Vulnerability References Source: ====================...
Isshue Shopping Cart 3.5 - 'Title' Cross Site Scripting (XSS)
Exploit Title: Isshue Shopping Cart 3.5 - 'Title' Cross Site Scripting XSS Date: 2021-10-22 Exploit Author: Vulnerability Lab Vendor Homepage: https://www.bdtask.com/multi-store-ecommerce-shopping-cart-software/ Version: 3.5 Document Title: =============== Isshue Shopping Cart v3.5 - Cross Site W...
Mult-e-Cart Ultimate 2.4 - 'id' SQL Injection
Exploit Title: Mult-e-Cart Ultimate 2.4 - 'id' SQL Injection Date: 2021-10-22 Exploit Author: Vulnerability Lab Vendor Homepage: https://multecart.com/ Version: 2.4 Document Title: =============== Mult-e-Cart Ultimate v2.4 - SQL Injection Vulnerability References Source: ====================...
Vanguard 2.1 - 'Search' Cross-Site Scripting (XSS)
Exploit Title: Vanguard 2.1 - 'Search' Cross-Site Scripting XSS Date: 2021-10-26 Exploit Author: Vulnerability Lab Vendor Homepage: https://codecanyon.net/item/vanguard-marketplace-digital-products-php/20287975 Version: 2.1 Document Title: =============== Vanguard v2.1 - Search POST Inject Web...
Simplephpscripts Simple CMS 2.1 - 'Multiple' Stored Cross-Site Scripting (XSS)
Exploit Title: Simplephpscripts Simple CMS 2.1 - 'Multiple' Stored Cross-Site Scripting XSS Date: 2021-10-19 Exploit Author: Vulnerability Lab Vendor Homepage: https://simplephpscripts.com/simple-cms-php Version: 2.1 Tested on: Linux Document Title: =============== Simplephpscripts Simple CMS v2....
WordPress Plugin Popup Anything 2.0.3 - 'Multiple' Stored Cross-Site Scripting (XSS)
Exploit Title: WordPress Plugin Popup Anything 2.0.3 - 'Multiple' Stored Cross-Site Scripting XSS Date: 03/11/2021 Exploit Author: Luca Schembri Vendor Homepage: https://www.essentialplugin.com/ Software Link: https://wordpress.org/plugins/popup-anything-on-click/ Version: 2.0.4 Summary A user wi...
Eclipse Jetty 11.0.5 - Sensitive File Disclosure
Exploit Title: Eclipse Jetty 11.0.5 - Sensitive File Disclosure Date: 2021-11-03 Exploit Author: Mayank Deshmukh Vendor Homepage: https://www.eclipse.org/jetty/ Software Link: https://repo1.maven.org/maven2/org/eclipse/jetty/jetty-distribution/ Version: 9.4.37 ≤ version ColdFusionX - Web Applicat...
RDP Manager 4.9.9.3 - Denial-of-Service (PoC)
Exploit Title: RDP Manager 4.9.9.3 - Denial-of-Service PoC Date: 2021-10-18 Exploit Author: Vulnerability Lab Vendor Homepage: https://www.cinspiration.de/uebersicht4.html Software Link: https://www.cinspiration.de/download.html Version: 4.9.9.3 Tested on: Linux Document Title: =============== RD...
Simplephpscripts Simple CMS 2.1 - 'Multiple' SQL Injection
Exploit Title: Simplephpscripts Simple CMS 2.1 - 'Multiple' SQL Injection Date: 2021-10-19 Exploit Author: Vulnerability Lab Vendor Homepage: https://simplephpscripts.com/simple-cms-php Version: 2.1 Tested on: Linux Document Title: =============== Simplephpscripts Simple CMS v2.1 - SQL Injection...
PHP Melody 3.0 - Persistent Cross-Site Scripting (XSS)
Exploit Title: PHP Melody 3.0 - Persistent Cross-Site Scripting XSS Date: 2021-10-21 Exploit Author: Vulnerability Lab Vendor Homepage: https://www.phpsugar.com/phpmelody.html Document Title: =============== PHP Melody v3.0 - Editor Persistent XSS Vulnerability References Source:...
Fuel CMS 1.4.1 - Remote Code Execution (3)
Exploit Title: Fuel CMS 1.4.1 - Remote Code Execution 3 Exploit Author: Padsala Trushal Date: 2021-11-03 Vendor Homepage: https://www.getfuelcms.com/ Software Link: https://github.com/daylightstudio/FUEL-CMS/releases/tag/1.4.1 Version: ',epilog=f'EXAMPLE - python3 sys.argv0 -u http://10.10.21.74'...
WordPress Plugin Hotel Listing 3 - 'Multiple' Cross-Site Scripting (XSS)
Exploit Title: WordPress Plugin Hotel Listing 3 - 'Multiple' Cross-Site Scripting XSS Date: 2021-10-28 Exploit Author: Vulnerability Lab Vendor Homepage: https://hotel.eplug-ins.com/ Software Link: https://hotel.eplug-ins.com/hoteldoc/ Version: v3 Tested on: Linux Document Title: ===============...
PHPJabbers Simple CMS 5 - 'name' Persistent Cross-Site Scripting (XSS)
Exploit Title: PHPJabbers Simple CMS 5 - 'name' Persistent Cross-Site Scripting XSS Google Dork: subtitle:Copyright © 2021 PHPJabbers.com Date: 2021-10-28 Exploit Author: Vulnerability-Lab Vendor Homepage: https://www.phpjabbers.com/faq.php Software Link: https://www.phpjabbers.com/simple-cms/...
Sonicwall SonicOS 6.5.4 - 'Common Name' Cross-Site Scripting (XSS)
Exploit Title: Sonicwall SonicOS 6.5.4 - 'Common Name' Cross-Site Scripting XSS Date: 2021-10-18 Exploit Author: Vulnerability Lab Vendor Homepage: https://www.sonicguard.com/NSV-800.asp Version: 6.5.4 Document Title: =============== Sonicwall SonicOS 6.5.4 - Cross Site Scripting Web Vulnerabilit...
PHP Melody 3.0 - 'Multiple' Cross-Site Scripting (XSS)
Exploit Title: PHP Melody 3.0 - 'Multiple' Cross-Site Scripting XSS Date: 2021-10-20 Exploit Author: Vulnerability Lab Vendor Homepage: https://www.phpsugar.com/phpmelody.html Version: v3 Tested on: Linux Document Title: =============== PHP Melody v3.0 - Multiple Cross Site Web Vulnerabilities...
Codiad 2.8.4 - Remote Code Execution (Authenticated) (4)
Exploit Title: Codiad 2.8.4 - Remote Code Execution Authenticated 4 Author: P4p4M4n3 Vendor Homepage: http://codiad.com/ Software Links : https://github.com/Codiad/Codiad/releases Type: WebApp ------------------------------------- Proof of Concept: 1- login on codiad 2- go to...
Ericsson Network Location MPS GMPC21 - Remote Code Execution (RCE) (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Ericsson Network Location MPS - Restrictions Bypass RCE Meow Variant', 'Description' = %q This module exploits an arbitrary command execution...
Employee Record Management System 1.2 - 'empid' SQL injection (Unauthenticated)
Title: Employee Record Management System 1.2 - 'empid' SQL injection Unauthenticated Exploit Author: Anubhav Singh Date: 2021-10-31 Vendor Homepage: https://phpgurukul.com/employee-record-management-system-in-php-and-mysql/ Version: 1.2 Software Link:...
10-Strike Network Inventory Explorer Pro 9.31 - Buffer Overflow (SEH)
Exploit Title: 10-Strike Network Inventory Explorer Pro 9.31 - Buffer Overflow SEH Date: 2021-10-31 Exploit Author: ro0k Vendor Homepage: https://www.10-strike.com/ Software Link: https://www.10-strike.com/networkinventoryexplorer/network-inventory-pro-setup.exe Version: 9.31 Tested on: Windows 1...
Ericsson Network Location MPS GMPC21 - Privilege Escalation (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Ericsson Network Location MPS - Privilege Escalation Meow Variant', 'Description' = %q This module exploits privilege escalation vulnerability in...
YouTube Video Grabber 1.9.9.1 - Buffer Overflow (SEH)
Exploit Title: YouTube Video Grabber 1.9.9.1 - Buffer Overflow SEH Date: 01.11.2021 Software Link: https://www.litexmedia.com/ytgrabber.exe Exploit Author: Achilles Tested Version: 1.9.9.1 Tested on: Windows 7 64bit 1.- Run python code : YouTube.py 2.- Open EVIL.txt and copy All content to...
Kingdia CD Extractor 3.0.2 - Buffer Overflow (SEH)
Exploit Title: Kingdia CD Extractor 3.0.2 - Buffer Overflow SEH Date: 31.10.2021 Software Link: https://en.softonic.com/download/kingdia-cd-extractor/windows/post-download Exploit Author: Achilles Tested Version: 3.0.2 Tested on: Windows 7 64bit 1.- Run python code : Kingdia.py 2.- Open EVIL.txt...
Dynojet Power Core 2.3.0 - Unquoted Service Path
Exploit Title: Dynojet Power Core 2.3.0 - Unquoted Service Path Exploit Author: Pedro Sousa Rodrigues https://www.0x90.zone/ / @PedroSECR Version: 2.3.0 Build 303 Date: 30.10.2021 Vendor Homepage: https://www.dynojet.com/ Software Link: https://docs.dynojet.com/Document/18762 Tested on: Windows 1...
i3 International Annexxus Cameras Ax-n 5.2.0 - Application Logic Flaw
Exploit Title: i3 International Annexxus Cameras Ax-n 5.2.0 - Application Logic Flaw Date: 27.10.2021 Exploit Author: LiquidWorm Vendor Homepage: https://www.i3international.com i3 International Annexxus Cameras Ax-n 5.2.0 Application Logic Flaw Vendor: i3 International Inc. Product web page:...
Mini-XML 3.2 - Heap Overflow
Exploit Title: Mini-XML 3.2 - Heap Overflow Google Dork: mxml Mini-xml Mini-XML Date: 2020.10.19 Exploit Author: LIWEI Vendor Homepage: https://www.msweet.org/mxml/ Software Link: https://github.com/michaelrsweet/mxml Version: v3.2 Tested on: ubuntu 18.04.2 1.- compile the Mini-XML code to a...
WebCTRL OEM 6.5 - 'locale' Reflected Cross-Site Scripting (XSS)
Exploit Title: WebCTRL OEM 6.5 - 'locale' Reflected Cross-Site Scripting XSS Date: 4/07/2021 Exploit Author: 3ndG4me Vendor Homepage: https://www.automatedlogic.com/en/products/webctrl-building-automation-system/ Version: 6.5 and Below CVE : CVE-2021-31682 --Summary-- The login portal for the...
Umbraco v8.14.1 - 'baseUrl' SSRF
Exploit Title: Umbraco v8.14.1 - 'baseUrl' SSRF Date: July 5, 2021 Exploit Author: NgoAnhDuc Vendor Homepage: https://our.umbraco.com/ Software Link: https://our.umbraco.com/download/releases/8141 Version: v8.14.1 Affect: Umbraco CMS v8.14.1, Umbraco Cloud Vulnerable code:...