47904 matches found
Cypress Solutions CTM-200/CTM-ONE - Hard-coded Credentials Remote Root (Telnet/SSH)
Exploit Title: Cypress Solutions CTM-200/CTM-ONE - Hard-coded Credentials Remote Root Telnet/SSH Date: 21.09.2021 Exploit Author: LiquidWorm Vendor Homepage: https://www.cypress.bc.ca !/usr/bin/env python3 Cypress Solutions CTM-200/CTM-ONE Hard-coded Credentials Remote Root Telnet/SSH Vendor:...
Company's Recruitment Management System 1.0 - 'Multiple' SQL Injection (Unauthenticated)
Title: Company's Recruitment Management System 1.0 - 'Multiple' SQL Injection Unauthenticated Exploit Author: Yash Mahajan Date: 2021-10-09 Vendor Homepage: https://www.sourcecodester.com/php/14959/companys-recruitment-management-system-php-and-sqlite-free-source-code.html Version: 1 Software Lin...
Cypress Solutions CTM-200 2.7.1 - Root Remote OS Command Injection
Exploit Title: Cypress Solutions CTM-200 2.7.1 - Root Remote OS Command Injection Date: 21.09.2021 Exploit Author: LiquidWorm Vendor Homepage: https://www.cypress.bc.ca Cypress Solutions CTM-200 2.7.1 Root Remote OS Command Injection Vendor: Cypress Solutions Inc. Product web page:...
Logitech Media Server 8.2.0 - 'Title' Cross-Site Scripting (XSS)
Exploit Title: Logitech Media Server 8.2.0 - 'Title' Cross-Site Scripting XSS Shodan Dork: Search Logitech Media Server Date: 12.10.2021 Exploit Author: Mert Das Vendor Homepage: www.logitech.com Version: 8.2.0 Tested on: Windows 10, Linux POC: 1. Go to Settings / Interface tab 2. Add payload to...
Keycloak 12.0.1 - 'request_uri ' Blind Server-Side Request Forgery (SSRF) (Unauthenticated)
Exploit Title: Keycloak 12.0.1 - 'requesturi ' Blind Server-Side Request Forgery SSRF Unauthenticated Date: 2021-10-09 Exploit Author: Mayank Deshmukh Vendor Homepage: https://www.keycloak.org/ Software Link: https://www.keycloak.org/archive/downloads-12.0.1.html Version: versions 192.168.0.1:444...
Simple Payroll System 1.0 - SQLi Authentication Bypass
Exploit Title: Simple Payroll System 1.0 - SQLi Authentication Bypass Date: 2021-10-09 Exploit Author: Yash Mahajan Vendor Homepage: https://www.sourcecodester.com/php/14974/simple-payroll-system-dynamic-tax-bracket-php-using-sqlite-free-source-code.html Software Link:...
Apache HTTP Server 2.4.50 - Path Traversal & Remote Code Execution (RCE)
Exploit: Apache HTTP Server 2.4.50 - Path Traversal & Remote Code Execution RCE Date: 10/05/2021 Exploit Author: Lucas Souza https://lsass.io Vendor Homepage: https://apache.org/ Version: 2.4.50 Tested on: 2.4.50 CVE : CVE-2021-42013 Credits: Ash Daulton and the cPanel Security Team !/bin/bash if...
Online Employees Work From Home Attendance System 1.0 - SQLi Authentication Bypass
Exploit Title: Online Employees Work From Home Attendance System 1.0 - SQLi Authentication Bypass Date: 08.10.2021 Exploit Author: Merve Oral Vendor Homepage: https://www.sourcecodester.com/php/14981/online-employees-work-home-attendance-system-php-and-sqlite-free-source-code.html Software Link:...
Online Enrollment Management System 1.0 - Authentication Bypass
Exploit Title: Online Enrollment Management System 1.0 - Authentication Bypass Date: 07.10.2021 Exploit Author: Amine ismail @aminei Vendor Homepage: https://www.sourcecodester.com/php/12914/online-enrollment-management-system-paypal-payments-phpmysqli.html Software Link:...
Cmder Console Emulator 1.3.18 - 'Cmder.exe' Denial of Service (PoC)
Exploit Title: Cmder Console Emulator 1.3.18 - 'Cmder.exe' Denial of Service PoC Date: 2021-10-07 Exploit Author: Aryan Chehreghani Vendor Homepage: https://cmder.net Software Link: https://github.com/cmderdev/cmder/releases/download/v1.3.18/cmder.zip Version: v1.3.18 Tested on: Windows 10 About ...
Simple Online College Entrance Exam System 1.0 - 'Multiple' SQL injection
Exploit Title: Simple Online College Entrance Exam System 1.0 - 'Multiple' SQL injection Date: 07.10.2021 Exploit Author: Amine ismail @aminei Vendor Homepage: https://www.sourcecodester.com/php/14976/simple-online-college-entrance-exam-system-php-and-sqlite-free-source-code.html Software Link:...
Loan Management System 1.0 - SQLi Authentication Bypass
Exploit Title: Loan Management System 1.0 - SQLi Authentication Bypass Date: 08.10.2021 Exploit Author: Merve Oral Vendor Homepage: https://www.sourcecodester.com/php/14471/loan-management-system-using-phpmysql-source-code.html Software Link:...
IFSC Code Finder Project 1.0 - SQL injection (Unauthenticated)
Title: IFSC Code Finder Project 1.0 - SQL injection Unauthenticated Exploit Author: Yash Mahajan Date: 2021-10-07 Vendor Homepage: https://phpgurukul.com/ifsc-code-finder-project-using-php/ Version: 1 Software Link: https://phpgurukul.com/?smdprocessdownload=1&downloadid=14478 Tested On: Windows...
Simple Online College Entrance Exam System 1.0 - Account Takeover
Exploit Title: Simple Online College Entrance Exam System 1.0 - Account Takeover Date: 07.10.2021 Exploit Author: Amine ismail @aminei Vendor Homepage: https://www.sourcecodester.com/php/14976/simple-online-college-entrance-exam-system-php-and-sqlite-free-source-code.html Software Link:...
Maian-Cart 3.8 - Remote Code Execution (RCE) (Unauthenticated)
Exploit title: Maian-Cart 3.8 - Remote Code Execution RCE Unauthenticated Date: 27.11.2020 19:35 Tested on: Ubuntu 20.04 LTS Exploit Authors: DreyAnd, purpl3 Software Link: https://www.maiancart.com/download.html Vendor homepage: https://www.maianscriptworld.co.uk/ Version: Maian Cart 3.8 CVE:...
WordPress Plugin Pie Register 3.7.1.4 - Admin Privilege Escalation (Unauthenticated)
Exploit Title: WordPress Plugin Pie Register 3.7.1.4 - Admin Privilege Escalation Unauthenticated Google Dork: inurl:/plugins/pie-register/ Date: 08.10.2021 Exploit Author: Lotfi13-DZ Vendor Homepage: https://wordpress.org/plugins/pie-register/ Software Link:...
Simple Online College Entrance Exam System 1.0 - Unauthenticated Admin Creation
Exploit Title: Simple Online College Entrance Exam System 1.0 - Unauthenticated Admin Creation Date: 07.10.2021 Exploit Author: Amine ismail @aminei Vendor Homepage: https://www.sourcecodester.com/php/14976/simple-online-college-entrance-exam-system-php-and-sqlite-free-source-code.html Software...
django-unicorn 0.35.3 - Stored Cross-Site Scripting (XSS)
Exploit Title: django-unicorn 0.35.3 - Stored Cross-Site Scripting XSS Date: 10/7/21 Exploit Author: Raven Security Associates, Inc. ravensecurity.net Software Link: https://pypi.org/project/django-unicorn/ Version: = 0.35.3 CVE: CVE-2021-42053 django-unicorn = 0.35.3 suffers from a stored XSS...
Online Traffic Offense Management System 1.0 - Privilage escalation (Unauthenticated)
Exploit Title: Online Traffic Offense Management System 1.0 - Privilage escalation Unauthenticated Date: 07/10/2021 Exploit Author: Hubert Wojciechowski Contact Author: [email protected] Vendor Homepage: https://www.sourcecodester.com Software Link:...
Online Traffic Offense Management System 1.0 - Multiple RCE (Unauthenticated)
Exploit Title: Online Traffic Offense Management System 1.0 - Multiple RCE Unauthenticated Date: 07/10/2021 Exploit Author: Hubert Wojciechowski Contact Author: [email protected] Vendor Homepage: https://www.sourcecodester.com Software Link:...
Google SLO-Generator 2.0.0 - Code Execution
Exploit Title: Google SLO-Generator 2.0.0 - Code Execution Date: 2021-09-28 Exploit Author: Kiran Ghimire Software Link: https://github.com/google/slo-generator/releases Version: = 2.0.0 Tested on: Linux CVE: CVE-2021-22557 Introduction: Is a tool to compute and export Service Level Objectives...
Online Traffic Offense Management System 1.0 - Multiple SQL Injection (Unauthenticated)
Exploit Title: Online Traffic Offense Management System 1.0 - Multiple SQL Injection Unauthenticated Date: 07/10/2021 Exploit Author: Hubert Wojciechowski Contact Author: [email protected] Vendor Homepage: https://www.sourcecodester.com Software Link:...
Online Traffic Offense Management System 1.0 - Multiple XSS (Unauthenticated)
Exploit Title: Online Traffic Offense Management System 1.0 - Multiple XSS Unauthenticated Date: 07/10/2021 Exploit Author: Hubert Wojciechowski Contact Author: [email protected] Vendor Homepage: https://www.sourcecodester.com Software Link:...
Online DJ Booking Management System 1.0 - 'Multiple' Blind Cross-Site Scripting
Exploit Title: Online DJ Booking Management System 1.0 - 'Multiple' Blind Cross-Site Scripting Date: 2021-10-06 Exploit Author: Yash Mahajan Vendor Homepage: https://phpgurukul.com/ Software Link: https://phpgurukul.com/online-dj-booking-management-system-using-php-and-mysql/ Version: V 1.0...
Simple Online College Entrance Exam System 1.0 - SQLi Authentication Bypass
Exploit Title: Simple Online College Entrance Exam System 1.0 - SQLi Authentication Bypass Date: 07.10.2021 Exploit Author: Mevlüt Yılmaz Vendor Homepage: https://www.sourcecodester.com/php/14976/simple-online-college-entrance-exam-system-php-and-sqlite-free-source-code.html Software Link:...
Apache HTTP Server 2.4.49 - Path Traversal & Remote Code Execution (RCE)
Exploit Title: Apache HTTP Server 2.4.49 - Path Traversal & Remote Code Execution RCE Date: 10/05/2021 Exploit Author: Lucas Souza https://lsass.io Vendor Homepage: https://apache.org/ Version: 2.4.49 Tested on: 2.4.49 CVE : CVE-2021-41773 Credits: Ash Daulton and the cPanel Security Team...
Wordpress Plugin BulletProof Security 5.1 - Sensitive Information Disclosure
Exploit Title: Wordpress Plugin BulletProof Security 5.1 - Sensitive Information Disclosure Date 04.10.2021 Exploit Author: Ron Jost Hacker5preme Vendor Homepage: https://forum.ait-pro.com/read-me-first/ Software Link: https://downloads.wordpress.org/plugin/bulletproof-security.5.1.zip Version: =...
Odine Solutions GateKeeper 1.0 - 'trafficCycle' SQL Injection
Exploit Title: Odine Solutions GateKeeper 1.0 - 'trafficCycle' SQL Injection Date: 05.10.2021 Exploit Author: Emel Basayar Vendor: Odine Solutions - odinesolutions.com Vendor Homepage: https://odinesolutions.com/software/gatekeeper-simbox-antifraud/ Version: 1.0 Category: Webapps Tested on: Ubunt...
Atlassian Jira Server Data Center 8.16.0 - Arbitrary File Read
Exploit Title: Atlassian Jira Server Data Center 8.16.0 - Arbitrary File Read Date: 2021-10-05 Exploit Author: Mayank Deshmukh Vendor Homepage: https://www.atlassian.com/ Software Link: https://www.atlassian.com/software/jira/download/data-center Version: versions 8.5.14, 8.6.0 ≤ version 8.13.6,...
Atlassian Confluence 7.12.2 - Pre-Authorization Arbitrary File Read
Exploit Title: Atlassian Confluence 7.12.2 - Pre-Authorization Arbitrary File Read Date: 2021-10-05 Exploit Author: Mayank Deshmukh Vendor Homepage: https://www.atlassian.com/ Software Link: https://www.atlassian.com/software/confluence/download-archives Version: version 7.4.10 and 7.5.0 ≤ versio...
Wordpress Plugin MStore API 2.0.6 - Arbitrary File Upload
Exploit Title: Wordpress Plugin MStore API 2.0.6 - Arbitrary File Upload Google Dork: inurl:/wp-content/plugins/mstore-api/ Date: 22/09/2021 Exploit Author: spacehen Vendor Homepage: https://wordpress.org/plugins/mstore-api/ Version: 2.0.6, possibly higher Tested on: Ubuntu 20.04.1 import os.path...
Student Quarterly Grading System 1.0 - SQLi Authentication Bypass
Exploit Title: Student Quarterly Grading System 1.0 - SQLi Authentication Bypass Date: 04.10.2021 Exploit Author: Blackhan Vendor Homepage: https://www.sourcecodester.com/php/14953/student-quarterly-grading-system-using-php-and-sqlite-free-source-code.html Software Link:...
Wordpress Plugin TheCartPress 1.5.3.6 - Privilege Escalation (Unauthenticated)
Exploit Title: Wordpress Plugin TheCartPress 1.5.3.6 - Privilege Escalation Unauthenticated Google Dork: inurl:/wp-content/plugins/thecartpress/ Date: 04/10/2021 Exploit Author: spacehen Vendor Homepage: https://wordpress.org/plugin/thecartpress Version: spacehen www.github.com/spacehen" def...
Young Entrepreneur E-Negosyo System 1.0 - 'PRODESC' Stored Cross-Site Scripting (XSS)
Exploit Title: Young Entrepreneur E-Negosyo System 1.0 - 'PRODESC' Stored Cross-Site Scripting XSS Date: 2021-10-03 Exploit Author: Jordan Glover Vendor Homepage: https://www.sourcecodester.com/php/12684/young-entrepreneur-e-negosyo-system.html Software Link:...
Young Entrepreneur E-Negosyo System 1.0 - SQL Injection Authentication Bypass
Exploit Title: Young Entrepreneur E-Negosyo System 1.0 - SQL Injection Authentication Bypass Date: 2021-10-02 Exploit Author: Jordan Glover Vendor Homepage: https://www.sourcecodester.com/php/12684/young-entrepreneur-e-negosyo-system.html Software Link:...
Open Game Panel - Remote Code Execution (RCE) (Authenticated)
Exploit Title: Open Game Panel - Remote Code Execution RCE Authenticated Google Dork: intext:"Open Game Panel 2021" Date: 08/14/2021 Exploit Author: prey Vendor Homepage: https://www.opengamepanel.org/ Software Link: https://github.com/OpenGamePanel/OGP-Website Version: before 14 Aug patch...
Lodging Reservation Management System 1.0 - Authentication Bypass
Exploit Title: Lodging Reservation Management System 1.0 - Authentication Bypass Date: 2021-09-20 Exploit Author: Nitin Sharmavidvansh Vendor Homepage: https://www.sourcecodester.com/php/14883/lodging-reservation-management-system-php-free-source-code.html Software Link:...
Payara Micro Community 5.2021.6 - Directory Traversal
Exploit Title: Payara Micro Community 5.2021.6 - Directory Traversal Date: 01/10/2021 Exploit Author: Yasser Khan N3Thunt3r Vendor Homepage: https://docs.payara.fish/community/docs/release-notes/release-notes-2021-6.html Software Link:...
Exam Form Submission System 1.0 - SQL Injection Authentication Bypass
Exploit Title: Exam Form Submission System 1.0 - SQL Injection Authentication Bypass Date: 30-09-2021 Exploit Author: Nitin Sharma Vidvansh Vendor Homepage: https://code-projects.org Product link: https://code-projects.org/exam-form-submission-in-php-with-source-code/ Version: 1.0 Tested on: XAMP...
Phpwcms 1.9.30 - Arbitrary File Upload
Exploit Title: Phpwcms 1.9.30 - Arbitrary File Upload Date: 30/9/2021 Exploit Author: Okan Kurtulus | okankurtulus.com.tr Software Link: http://www.phpwcms.org/ Version: 1.9.30 Tested on: Ubuntu 16.04 Steps: 1- You need to login to the system. http://target.com/phpwcms/login.php 2- Creating paylo...
Blood Bank System 1.0 - Authentication Bypass
Exploit Title: Blood Bank System 1.0 - Authentication Bypass Date: 30-9-2021 Exploit Author: Nitin Sharma vidvansh Vendor Homepage: https://code-projects.org/blood-bank-in-php-with-source-code/ Software Link : https://download.code-projects.org/details/f44a4ba9-bc33-48c3-b030-02f62117d230 Version...
Drupal Module MiniorangeSAML 8.x-2.22 - Privilege escalation
Exploit Title: Drupal Module MiniorangeSAML 8.x-2.22 - Privilege escalation via XML Signature Wrapping Date: 09/07/2021 Exploit Author: Cristian 'void' Giustini Vendor Homepage: https://www.miniorange.com/ Software Link: https://www.drupal.org/project/miniorangesaml Version: 8.x-2.22 REQUIRED...
Directory Management System 1.0 - SQL Injection Authentication Bypass
Exploit Title: Directory Management System 1.0 - SQL Injection Authentication Bypass Date: 2021-10-01 Exploit Author: SUDONINJA Vendor Homepage: https://phpgurukul.com/ Software Link: https://phpgurukul.com/directory-management-system-using-php-and-mysql/ Version: v1.0 Tested on: Windows 10...
CMSimple_XH 1.7.4 - Remote Code Execution (RCE) (Authenticated)
Exploit Title: CMSimpleXH 1.7.4 - Remote Code Execution RCE Authenticated Date: 01-10-2021 Exploit Author: Halit AKAYDIN hLtAkydn Vendor Homepage: https://www.cmsimple-xh.org/ Software Link: https://www.cmsimple-xh.org/?Downloads Version: 1.7.4 Category: Webapps Tested on: Linux/Windows CMSimpleX...
Dairy Farm Shop Management System 1.0 - SQL Injection Authentication Bypass
Exploit Title: Dairy Farm Shop Management System 1.0 - SQL Injection Authentication Bypass Date: 2021-09-30 Exploit Author: sanjay singh Vendor Homepage: https://phpgurukul.com/ Software Link: https://phpgurukul.com/dairy-farm-shop-management-system-using-php-and-mysql/ Version: v1.0 Tested on:...
Vehicle Service Management System 1.0 - Remote Code Execution (RCE) (Unauthenticated)
Exploit Title: Vehicle Service Management System 1.0 - Remote Code Execution RCE Unauthenticated Date: 30.09.2021 Exploit Author: Fikrat Ghuliev Ghuliev Vendor Homepage: https://www.sourcecodester.com/php/14972/vehicle-service-management-system-php-free-source-code.html Software Link:...
WhatsUpGold 21.0.3 - Stored Cross-Site Scripting (XSS)
Exploit Title: WhatsUpGold 21.0.3 - Stored Cross-Site Scripting XSS Date: 09.17.2021 Exploit Author: Andreas Finstad 4ndr34z Vendor Homepage: https://www.whatsupgold.com Version: v.21.0.3, Build 188 Tested on: Windows 2019 Server CVE : CVE-2021-41318 Reference:...
PlaceOS 1.2109.1 - Open Redirection
Exploit Title: PlaceOS 1.2109.1 - Open Redirection Date: 29-09-2021 Exploit Author: Hamza Khedr @ Accenture Austalia AARO Team Vendor Homepage: https://place.technology/ Software Link: https://github.com/PlaceOS Version: 1.29.10 Tested on: Ubuntu 20.04 CVE: CVE-2021-41826 PoC:...
Wordpress Plugin JS Jobs Manager 1.1.7 - Unauthenticated Plugin Install/Activation
Exploit Title: Wordpress Plugin JS Jobs Manager 1.1.7 - Unauthenticated Plugin Install/Activation Google Dork: inurl:/wp-content/plugins/js-jobs/ Date: 22/09/2021 Exploit Author: spacehen Vendor Homepage: https://wordpress.org/plugins/js-jobs/ Version: spacehen www.github.com/spacehen" def...
Cyber Cafe Management System Project (CCMS) 1.0 - SQL Injection Authentication Bypass
Exploit Title: Cyber Cafe Management System Project CCMS 1.0 - SQL Injection Authentication Bypass Date: 29-09-2021 Exploit Author: sudoninja Vendor Homepage: https://phpgurukul.com Product link: https://phpgurukul.com/cyber-cafe-management-system-using-php-mysql/ Version: 1.0 Tested on: XAMPP /...