Online Traffic Offense Management System 1.0 - Multiple SQL Injection (Unauthenticated)

Exploit Title: Online Traffic Offense Management System 1.0 - Multiple SQL Injection Unauthenticated Date: 07/10/2021 Exploit Author: Hubert Wojciechowski Contact Author: [email protected] Vendor Homepage: https://www.sourcecodester.com Software Link:...

Google SLO-Generator 2.0.0 - Code Execution

Exploit Title: Google SLO-Generator 2.0.0 - Code Execution Date: 2021-09-28 Exploit Author: Kiran Ghimire Software Link: https://github.com/google/slo-generator/releases Version: = 2.0.0 Tested on: Linux CVE: CVE-2021-22557 Introduction: Is a tool to compute and export Service Level Objectives...

Online Traffic Offense Management System 1.0 - Multiple RCE (Unauthenticated)

Exploit Title: Online Traffic Offense Management System 1.0 - Multiple RCE Unauthenticated Date: 07/10/2021 Exploit Author: Hubert Wojciechowski Contact Author: [email protected] Vendor Homepage: https://www.sourcecodester.com Software Link:...

Simple Online College Entrance Exam System 1.0 - SQLi Authentication Bypass

Exploit Title: Simple Online College Entrance Exam System 1.0 - SQLi Authentication Bypass Date: 07.10.2021 Exploit Author: Mevlüt Yılmaz Vendor Homepage: https://www.sourcecodester.com/php/14976/simple-online-college-entrance-exam-system-php-and-sqlite-free-source-code.html Software Link:...

Online Traffic Offense Management System 1.0 - Multiple XSS (Unauthenticated)

Exploit Title: Online Traffic Offense Management System 1.0 - Multiple XSS Unauthenticated Date: 07/10/2021 Exploit Author: Hubert Wojciechowski Contact Author: [email protected] Vendor Homepage: https://www.sourcecodester.com Software Link:...

Wordpress Plugin BulletProof Security 5.1 - Sensitive Information Disclosure

Exploit Title: Wordpress Plugin BulletProof Security 5.1 - Sensitive Information Disclosure Date 04.10.2021 Exploit Author: Ron Jost Hacker5preme Vendor Homepage: https://forum.ait-pro.com/read-me-first/ Software Link: https://downloads.wordpress.org/plugin/bulletproof-security.5.1.zip Version: =...

Atlassian Jira Server Data Center 8.16.0 - Arbitrary File Read

Exploit Title: Atlassian Jira Server Data Center 8.16.0 - Arbitrary File Read Date: 2021-10-05 Exploit Author: Mayank Deshmukh Vendor Homepage: https://www.atlassian.com/ Software Link: https://www.atlassian.com/software/jira/download/data-center Version: versions 8.5.14, 8.6.0 ≤ version 8.13.6,...

Odine Solutions GateKeeper 1.0 - 'trafficCycle' SQL Injection

Exploit Title: Odine Solutions GateKeeper 1.0 - 'trafficCycle' SQL Injection Date: 05.10.2021 Exploit Author: Emel Basayar Vendor: Odine Solutions - odinesolutions.com Vendor Homepage: https://odinesolutions.com/software/gatekeeper-simbox-antifraud/ Version: 1.0 Category: Webapps Tested on: Ubunt...

Apache HTTP Server 2.4.49 - Path Traversal & Remote Code Execution (RCE)

Exploit Title: Apache HTTP Server 2.4.49 - Path Traversal & Remote Code Execution RCE Date: 10/05/2021 Exploit Author: Lucas Souza https://lsass.io Vendor Homepage: https://apache.org/ Version: 2.4.49 Tested on: 2.4.49 CVE : CVE-2021-41773 Credits: Ash Daulton and the cPanel Security Team...

Atlassian Confluence 7.12.2 - Pre-Authorization Arbitrary File Read

Exploit Title: Atlassian Confluence 7.12.2 - Pre-Authorization Arbitrary File Read Date: 2021-10-05 Exploit Author: Mayank Deshmukh Vendor Homepage: https://www.atlassian.com/ Software Link: https://www.atlassian.com/software/confluence/download-archives Version: version 7.4.10 and 7.5.0 ≤ versio...

Wordpress Plugin TheCartPress 1.5.3.6 - Privilege Escalation (Unauthenticated)

Exploit Title: Wordpress Plugin TheCartPress 1.5.3.6 - Privilege Escalation Unauthenticated Google Dork: inurl:/wp-content/plugins/thecartpress/ Date: 04/10/2021 Exploit Author: spacehen Vendor Homepage: https://wordpress.org/plugin/thecartpress Version: spacehen www.github.com/spacehen" def...

Student Quarterly Grading System 1.0 - SQLi Authentication Bypass

Exploit Title: Student Quarterly Grading System 1.0 - SQLi Authentication Bypass Date: 04.10.2021 Exploit Author: Blackhan Vendor Homepage: https://www.sourcecodester.com/php/14953/student-quarterly-grading-system-using-php-and-sqlite-free-source-code.html Software Link:...

Wordpress Plugin MStore API 2.0.6 - Arbitrary File Upload

Exploit Title: Wordpress Plugin MStore API 2.0.6 - Arbitrary File Upload Google Dork: inurl:/wp-content/plugins/mstore-api/ Date: 22/09/2021 Exploit Author: spacehen Vendor Homepage: https://wordpress.org/plugins/mstore-api/ Version: 2.0.6, possibly higher Tested on: Ubuntu 20.04.1 import os.path...

Payara Micro Community 5.2021.6 - Directory Traversal

Exploit Title: Payara Micro Community 5.2021.6 - Directory Traversal Date: 01/10/2021 Exploit Author: Yasser Khan N3Thunt3r Vendor Homepage: https://docs.payara.fish/community/docs/release-notes/release-notes-2021-6.html Software Link:...

Open Game Panel - Remote Code Execution (RCE) (Authenticated)

Exploit Title: Open Game Panel - Remote Code Execution RCE Authenticated Google Dork: intext:"Open Game Panel 2021" Date: 08/14/2021 Exploit Author: prey Vendor Homepage: https://www.opengamepanel.org/ Software Link: https://github.com/OpenGamePanel/OGP-Website Version: before 14 Aug patch...

Lodging Reservation Management System 1.0 - Authentication Bypass

Exploit Title: Lodging Reservation Management System 1.0 - Authentication Bypass Date: 2021-09-20 Exploit Author: Nitin Sharmavidvansh Vendor Homepage: https://www.sourcecodester.com/php/14883/lodging-reservation-management-system-php-free-source-code.html Software Link:...

Young Entrepreneur E-Negosyo System 1.0 - 'PRODESC' Stored Cross-Site Scripting (XSS)

Exploit Title: Young Entrepreneur E-Negosyo System 1.0 - 'PRODESC' Stored Cross-Site Scripting XSS Date: 2021-10-03 Exploit Author: Jordan Glover Vendor Homepage: https://www.sourcecodester.com/php/12684/young-entrepreneur-e-negosyo-system.html Software Link:...

Young Entrepreneur E-Negosyo System 1.0 - SQL Injection Authentication Bypass

Exploit Title: Young Entrepreneur E-Negosyo System 1.0 - SQL Injection Authentication Bypass Date: 2021-10-02 Exploit Author: Jordan Glover Vendor Homepage: https://www.sourcecodester.com/php/12684/young-entrepreneur-e-negosyo-system.html Software Link:...

Drupal Module MiniorangeSAML 8.x-2.22 - Privilege escalation

Exploit Title: Drupal Module MiniorangeSAML 8.x-2.22 - Privilege escalation via XML Signature Wrapping Date: 09/07/2021 Exploit Author: Cristian 'void' Giustini Vendor Homepage: https://www.miniorange.com/ Software Link: https://www.drupal.org/project/miniorangesaml Version: 8.x-2.22 REQUIRED...

Dairy Farm Shop Management System 1.0 - SQL Injection Authentication Bypass

Exploit Title: Dairy Farm Shop Management System 1.0 - SQL Injection Authentication Bypass Date: 2021-09-30 Exploit Author: sanjay singh Vendor Homepage: https://phpgurukul.com/ Software Link: https://phpgurukul.com/dairy-farm-shop-management-system-using-php-and-mysql/ Version: v1.0 Tested on:...

WhatsUpGold 21.0.3 - Stored Cross-Site Scripting (XSS)

Exploit Title: WhatsUpGold 21.0.3 - Stored Cross-Site Scripting XSS Date: 09.17.2021 Exploit Author: Andreas Finstad 4ndr34z Vendor Homepage: https://www.whatsupgold.com Version: v.21.0.3, Build 188 Tested on: Windows 2019 Server CVE : CVE-2021-41318 Reference:...

Directory Management System 1.0 - SQL Injection Authentication Bypass

Exploit Title: Directory Management System 1.0 - SQL Injection Authentication Bypass Date: 2021-10-01 Exploit Author: SUDONINJA Vendor Homepage: https://phpgurukul.com/ Software Link: https://phpgurukul.com/directory-management-system-using-php-and-mysql/ Version: v1.0 Tested on: Windows 10...

Vehicle Service Management System 1.0 - Remote Code Execution (RCE) (Unauthenticated)

Exploit Title: Vehicle Service Management System 1.0 - Remote Code Execution RCE Unauthenticated Date: 30.09.2021 Exploit Author: Fikrat Ghuliev Ghuliev Vendor Homepage: https://www.sourcecodester.com/php/14972/vehicle-service-management-system-php-free-source-code.html Software Link:...

Phpwcms 1.9.30 - Arbitrary File Upload

Exploit Title: Phpwcms 1.9.30 - Arbitrary File Upload Date: 30/9/2021 Exploit Author: Okan Kurtulus | okankurtulus.com.tr Software Link: http://www.phpwcms.org/ Version: 1.9.30 Tested on: Ubuntu 16.04 Steps: 1- You need to login to the system. http://target.com/phpwcms/login.php 2- Creating paylo...

CMSimple_XH 1.7.4 - Remote Code Execution (RCE) (Authenticated)

Exploit Title: CMSimpleXH 1.7.4 - Remote Code Execution RCE Authenticated Date: 01-10-2021 Exploit Author: Halit AKAYDIN hLtAkydn Vendor Homepage: https://www.cmsimple-xh.org/ Software Link: https://www.cmsimple-xh.org/?Downloads Version: 1.7.4 Category: Webapps Tested on: Linux/Windows CMSimpleX...

Blood Bank System 1.0 - Authentication Bypass

Exploit Title: Blood Bank System 1.0 - Authentication Bypass Date: 30-9-2021 Exploit Author: Nitin Sharma vidvansh Vendor Homepage: https://code-projects.org/blood-bank-in-php-with-source-code/ Software Link : https://download.code-projects.org/details/f44a4ba9-bc33-48c3-b030-02f62117d230 Version...

Exam Form Submission System 1.0 - SQL Injection Authentication Bypass

Exploit Title: Exam Form Submission System 1.0 - SQL Injection Authentication Bypass Date: 30-09-2021 Exploit Author: Nitin Sharma Vidvansh Vendor Homepage: https://code-projects.org Product link: https://code-projects.org/exam-form-submission-in-php-with-source-code/ Version: 1.0 Tested on: XAMP...

Cyber Cafe Management System Project (CCMS) 1.0 - SQL Injection Authentication Bypass

Exploit Title: Cyber Cafe Management System Project CCMS 1.0 - SQL Injection Authentication Bypass Date: 29-09-2021 Exploit Author: sudoninja Vendor Homepage: https://phpgurukul.com Product link: https://phpgurukul.com/cyber-cafe-management-system-using-php-mysql/ Version: 1.0 Tested on: XAMPP /...

Cmsimple 5.4 - Remote Code Execution (RCE) (Authenticated)

Exploit Title: Cmsimple 5.4 - Remote Code Execution RCE Authenticated Date: 29.09.2021 Exploit Author: pussycat0x Vendor Homepage: https://www.cmsimple.org/ Version: 5.4 Tested on: ubuntu-20.04.1 import argparse from bs4 import BeautifulSoup from argparse import ArgumentParser import requests...

Wordpress Plugin JS Jobs Manager 1.1.7 - Unauthenticated Plugin Install/Activation

Exploit Title: Wordpress Plugin JS Jobs Manager 1.1.7 - Unauthenticated Plugin Install/Activation Google Dork: inurl:/wp-content/plugins/js-jobs/ Date: 22/09/2021 Exploit Author: spacehen Vendor Homepage: https://wordpress.org/plugins/js-jobs/ Version: spacehen www.github.com/spacehen" def...

Pharmacy Point of Sale System 1.0 - 'Multiple' SQL Injection (SQLi)

Exploit Title: Pharmacy Point of Sale System 1.0 - 'Multiple' SQL Injection SQLi Date: 28.09.2021 Exploit Author: Murat Vendor Homepage: https://www.sourcecodester.com/php/14957/pharmacy-point-sale-system-using-php-and-sqlite-free-source-code.html Software Link:...

PlaceOS 1.2109.1 - Open Redirection

Exploit Title: PlaceOS 1.2109.1 - Open Redirection Date: 29-09-2021 Exploit Author: Hamza Khedr @ Accenture Austalia AARO Team Vendor Homepage: https://place.technology/ Software Link: https://github.com/PlaceOS Version: 1.29.10 Tested on: Ubuntu 20.04 CVE: CVE-2021-41826 PoC:...

Mitrastar GPT-2541GNAC-N1 - Privilege escalation

Exploit Title: Mitrastar GPT-2541GNAC-N1 - Privilege escalation Date: 10-08-2021 Exploit Author: Leonardo Nicolas Servalli Vendor Homepage: www.mitrastar.com Platform: Mistrastar router devices GPT-2541GNAC-N1 HGU Tested on: Firmware BRg3.5100VNZ0b33 Vulnerability...

Storage Unit Rental Management System 1.0 - Remote Code Execution (RCE) (Unauthenticated)

Exploit Title: Storage Unit Rental Management System 1.0 - Remote Code Execution RCE Unauthenticated Date: 28.09.2021 Exploit Author: Fikrat Ghuliev Ghuliev Vendor Homepage: https://www.sourcecodester.com/php/14932/storage-unit-rental-management-system-using-php-free-source-code.html Software Lin...

WordPress Plugin Select All Categories and Taxonomies 1.3.1 - Reflected Cross-Site Scripting (XSS)

Exploit Title: WordPress Plugin Select All Categories and Taxonomies 1.3.1 - Reflected Cross-Site Scripting XSS Date: 2/15/2021 Author: 0xB9 Software Link: https://downloads.wordpress.org/plugin/select-all-categories-and-taxonomies-change-checkbox-to-radio-buttons.1.3.1.zip Version: 1.3.1 Tested...

OpenSIS 8.0 - 'cp_id_miss_attn' Reflected Cross-Site Scripting (XSS)

Exploit Title: OpenSIS 8.0 - 'cpidmissattn' Reflected Cross-Site Scripting XSS Date: 9/24/2021 Exploit Author: Eric Salario Vendor Homepage: http://www.os4ed.com/ Software Link: https://opensis.com/download Version: 8.0 Tested on: Windows, Linux CVE : CVE-2021-40310 OpenSIS Community Edition...

Pet Shop Management System 1.0 - Remote Code Execution (RCE) (Unauthenticated)

Title: Pet Shop Management System 1.0 - Remote Code Execution RCE Unauthenticated Date: 28.09.2021 Author: Mr.Gedik Vendor Homepage: https://www.sourcecodester.com Software Link: https://www.sourcecodester.com/php/14962/petshop-management-system-using-phppdo-oop-full-source-code-complete.html...

WordPress Plugin Redirect 404 to Parent 1.3.0 - Reflected Cross-Site Scripting

Exploit Title: WordPress Plugin Redirect 404 to Parent 1.3.0 - Reflected Cross-Site Scripting XSS Date: 2/3/2021 Author: 0xB9 Software Link: https://downloads.wordpress.org/plugin/redirect-404-to-parent.1.3.0.zip Version: 1.3.0 Tested on: Windows 10 CVE: CVE-2021-24286 1. Description: This plugin...

FatPipe Networks WARP/IPVPN/MPVPN 10.2.2 - 'Add Admin' Cross-Site Request Forgery (CSRF)

Exploit Title: FatPipe Networks WARP/IPVPN/MPVPN 10.2.2 - 'Add Admin' Cross-Site Request Forgery CSRF Date: 25.07.2021 Exploit Author: LiquidWorm Vendor Homepage: https://www.fatpipeinc.com !-- FatPipe Networks WARP/IPVPN/MPVPN 10.2.2 CSRF Add Admin Exploit Vendor: FatPipe Networks Inc. Product w...

WordPress Plugin Popup 1.10.4 - Reflected Cross-Site Scripting (XSS)

Exploit Title: WordPress Plugin Popup 1.10.4 - Reflected Cross-Site Scripting XSS Date: 3/28/2021 Author: 0xB9 Software Link: https://wordpress.org/plugins/popup-by-supsystic/ Version: 1.10.4 Tested on: Windows 10 CVE: CVE-2021-24275 1. Description: The plugin did not sanitize the tab parameter o...

WordPress Plugin Ultimate Maps 1.2.4 - Reflected Cross-Site Scripting (XSS)

Exploit Title: WordPress Plugin Ultimate Maps 1.2.4 - Reflected Cross-Site Scripting XSS Date: 3/28/2021 Author: 0xB9 Software Link: https://wordpress.org/plugins/ultimate-maps-by-supsystic/ Version: 1.2.4 Tested on: Windows 10 CVE: CVE-2021-24274 1. Description: The plugin did not sanitize the t...

WordPress Plugin Contact Form 1.7.14 - Reflected Cross-Site Scripting (XSS)

Exploit Title: WordPress Plugin Contact Form 1.7.14 - Reflected Cross-Site Scripting XSS Date: 3/28/2021 Author: 0xB9 Software Link: https://wordpress.org/plugins/contact-form-by-supsystic/ Version: 1.7.14 Tested on: Windows 10 CVE: CVE-2021-24276 1. Description: The Contact Form by Supsystic...

FatPipe Networks WARP/IPVPN/MPVPN 10.2.2 - Remote Privilege Escalation

Exploit Title: FatPipe Networks MPVPN 10.2.2 - Remote Privilege Escalation Date: 25.07.2021 Exploit Author: LiquidWorm Vendor Homepage: https://www.fatpipeinc.com !/usr/bin/env python3 FatPipe Networks WARP/IPVPN/MPVPN 10.2.2 Remote Privilege Escalation Vendor: FatPipe Networks Inc. Product web...

Apache James Server 2.3.2 - Remote Command Execution (RCE) (Authenticated) (2)

Exploit Title: Apache James Server 2.3.2 - Remote Command Execution RCE Authenticated 2 Date: 27/09/2021 Exploit Author: shinris3n Vendor Homepage: http://james.apache.org/server/ Software Link: http://ftp.ps.pl/pub/apache/james/server/apache-james-2.3.2.zip Version: Apache James Server 2.3.2...

FatPipe Networks WARP/IPVPN/MPVPN 10.2.2 - Config Download (Unauthenticated)

Exploit Title: FatPipe Networks WARP/IPVPN/MPVPN 10.2.2 - Config Download Unauthenticated Date: 25.07.2021 Exploit Author: LiquidWorm Vendor Homepage: https://www.fatpipeinc.com FatPipe Networks WARP/IPVPN/MPVPN 10.2.2 Unauthenticated Config Download Vendor: FatPipe Networks Inc. Product web page...

FatPipe Networks WARP/IPVPN/MPVPN 10.2.2 - Hidden Backdoor Account (Write Access)

Exploit Title: FatPipe Networks WARP/IPVPN/MPVPN 10.2.2 - Hidden Backdoor Account Write Access Date: 25.07.2021 Exploit Author: LiquidWorm Vendor Homepage: https://www.fatpipeinc.com FatPipe Networks WARP/IPVPN/MPVPN 10.2.2 Hidden Backdoor Account Write Access Vendor: FatPipe Networks Inc. Produc...

FatPipe Networks WARP 10.2.2 - Authorization Bypass

Exploit Title: FatPipe Networks WARP 10.2.2 - Authorization Bypass Date: 25.07.2021 Exploit Author: LiquidWorm Vendor Homepage: https://www.fatpipeinc.com FatPipe Networks WARP 10.2.2 Authorization Bypass Vendor: FatPipe Networks Inc. Product web page: https://www.fatpipeinc.com Affected version:...

WordPress Plugin TranslatePress 2.0.8 - Stored Cross-Site Scripting (XSS) (Authenticated)

Exploit Title: WordPress Plugin TranslatePress 2.0.8 - Stored Cross-Site Scripting XSS Authenticated Date: 06-08-2021 Exploit Author: Nosa Shandy Apapedulimu Vendor Homepage: https://translatepress.com/ Software Link: https://wordpress.org/plugins/translatepress-multilingual/ Reference:...

Cisco small business RV130W 1.0.3.44 - Inject Counterfeit Routers

Exploit Title: Cisco small business RV130W 1.0.3.44 - Inject Counterfeit Routers Date: 24/09/2021 Exploit Author: Michael Alamoot Vendor Homepage: https://www.cisco.com/ Version: RV130W 1.0.3.44 Tested on: Kali linux ! /usr/bin/env python3 from scapy.contrib.eigrp import EIGRPAuthData from...

Cyberfox Web Browser 52.9.1 - Denial of Service (PoC)

Exploit Title: Cyberfox Web Browser 52.9.1 - Denial of Service PoC Date: 2021-09-26 Exploit Author: Aryan Chehreghani Vendor Homepage: https://cyberfox.8pecxstudios.com Software Link: https://www.techspot.com/downloads/6568-cyberfox-web-browser.html Version: v52.9.1 Possibly all versions Tested o...