47884 matches found
Atlassian Jira Server Data Center 8.16.0 - Reflected Cross-Site Scripting (XSS)
Exploit Title: Atlassian Jira Server/Data Center 8.16.0 - Reflected Cross-Site Scripting XSS Date: 06/05/2021 Exploit Author: CAPTAINHOOK Vendor Homepage: https://www.atlassian.com/ Software Link: https://www.atlassian.com/software/jira/download/data-center Version: versions 8.5.14, 8.6.0 ≤ versi...
Simple Client Management System 1.0 - 'uemail' SQL Injection (Unauthenticated)
Exploit Title: Simple Client Management System 1.0 - 'uemail' SQL Injection Unauthenticated Date: 24-06-2021 Exploit Author: Barış Yıldızoğlu Vendor Homepage: https://www.sourcecodester.com/ Software Link: https://www.sourcecodester.com/sites/default/files/download/oretnom23/client-details.zip...
Seeddms 5.1.10 - Remote Command Execution (RCE) (Authenticated)
Exploit Title: Seeddms 5.1.10 - Remote Command Execution RCE Authenticated Date: 25/06/2021 Exploit Author: Bryan Leong Vendor Homepage: https://www.seeddms.org/index.php?id=2 Software Link: https://sourceforge.net/projects/seeddms/files/seeddms-5.0.11/ Version: Seeddms 5.1.10 Tested on: Windows ...
SAPSprint 7.60 - 'SAPSprint' Unquoted Service Path
Exploit Title: SAPSprint 7.60 - 'SAPSprint' Unquoted Service Path Discovery by: Brian Rodriguez Date: 21-06-2021 Vendor Homepage: https://brother.com/ Tested Version: 7.60 Vulnerability Type: Unquoted Service Path Tested on: Windows 10 Enterprise 64 bits Step to discover Unquoted Service Path:...
Lightweight facebook-styled blog 1.3 - Remote Code Execution (RCE) (Authenticated) (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "Lightweight facebook-styled blog authenticated remote code execution", 'Description' = %q This module exploits the file upload vulnerability of...
TP-Link TL-WR841N - Command Injection
Exploit Title: TP-Link TL-WR841N - Command Injection Date: 2020-12-13 Exploit Author: Koh You Liang Vendor Homepage: https://www.tp-link.com/ Software Link: https://static.tp-link.com/TL-WR841NJPV13161028.zip Version: TL-WR841N 0.9.1 4.0 Tested on: Windows 10 CVE : CVE-2020-35576 import requests...
VMware vCenter Server 7.0 - Remote Code Execution (RCE) (Unauthenticated)
Exploit Title: VMware vCenter Server RCE 6.5 / 6.7 / 7.0 - Remote Code Execution RCE Unauthenticated Date: 06/21/2021 Exploit Author: CHackA0101 Vendor Homepage: https://kb.vmware.com/s/article/82374 Software Link: https://www.vmware.com/products/vcenter-server.html Version: This affects VMware...
Huawei dg8045 - Authentication Bypass
Title: Huawei dg8045 - Authentication Bypass Date: 2020-06-24 Author: Abdalrahman Gamal Vendor Homepage: www.huawei.com Version: dg8045 Hardware Version: VER.A POC: The default password of this router is the last 8 characters of the device's serial number which exist in the back of the device. An...
Adobe ColdFusion 8 - Remote Command Execution (RCE)
Exploit Title: Adobe ColdFusion 8 - Remote Command Execution RCE Google Dork: intext:"adobe coldfusion 8" Date: 24/06/2021 Exploit Author: Pergyz Vendor Homepage: https://www.adobe.com/sea/products/coldfusion-family.html Version: 8 Tested on: Microsoft Windows Server 2008 R2 Standard CVE :...
WordPress Plugin WP Google Maps 8.1.11 - Stored Cross-Site Scripting (XSS)
Exploit Title: WordPress Plugin WP Google Maps 8.1.11 - Stored Cross-Site Scripting XSS Date: 22/6/2021 Exploit Author: Mohammed Adam Vendor Homepage: https://www.wpgmaps.com/ Software Link: https://wordpress.org/plugins/wp-google-maps/ Version: 5.7.2 Tested on: Windows 10 CVE: CVE-2021-24383...
Simple CRM 3.0 - 'email' SQL injection (Authentication Bypass)
Exploit Title: Simple CRM 3.0 - 'email' SQL injection Authentication Bypass Date: 22/06/2021 Exploit Author: Rinku Kumar rinku191 Vendor Homepage: https://phpgurukul.com/ Software Link: https://phpgurukul.com/small-crm-php/ Version: 3.0 Category: Webapps Tested on: Apache2+MariaDB latest version...
Online Library Management System 1.0 - 'Search' SQL Injection
Exploit Title: Online Library Management System 1.0 - 'Search' SQL Injection Date: 23-06-2021 Exploit Author: Berk Can Geyikci Vendor Homepage: https://www.sourcecodester.com/ Software Link: https://www.sourcecodester.com/sites/default/files/download/janobe/ols.zip Version: 1.0 Tested on: Windows...
Online Library Management System 1.0 - Arbitrary File Upload Remote Code Execution (Unauthenticated)
Exploit Title: Online Library Management System 1.0 - Arbitrary File Upload Remote Code Execution Unauthenticated Date: 23-06-2021 Exploit Author: Berk Can Geyikci Vendor Homepage: https://www.sourcecodester.com/ Software Link:...
WordPress Plugin Poll, Survey, Questionnaire and Voting system 1.5.2 - 'date_answers' Blind SQL Injection
Exploit Title: WordPress Plugin Poll, Survey, Questionnaire and Voting system 1.5.2 - 'dateanswers' Blind SQL Injection Date: 09/06/2021 Exploit Author: inspired - Toby Jackson Blog Post: https://in-spired.xyz/wpdevart-polls-blind-sql-injection/ Vendor Homepage:...
Responsive Tourism Website 3.1 - Remote Code Execution (RCE) (Unauthenticated)
Exploit Title: Responsive Tourism Website 3.1 - Remote Code Execution RCE Unauthenticated Date: 22.06.2021 Exploit Author: Tagoletta Tağmaç Software Link: https://www.sourcecodester.com/php/14838/simple-responsive-tourism-website-using-php-free-source-code.html Version: V 3.1 Tested on: MacOS &...
ASUS DisplayWidget Software 3.4.0.036 - 'ASUSDisplayWidgetService' Unquoted Service Path
Exploit Title: ASUS DisplayWidget Software 3.4.0.036 - 'ASUSDisplayWidgetService' Unquoted Service Path Date: 2021-06-21 Exploit Author: Julio Aviña Vendor Homepage: https://www.asus.com/ Software Link: https://dlcdnets.asus.com/pub/ASUS/LCD%20Monitors/MB16ACE/ASUSDisplayWidget3.4.0.036.exe.zip...
Phone Shop Sales Managements System 1.0 - Insecure Direct Object Reference (IDOR)
Exploit Title: Phone Shop Sales Managements System 1.0 - Insecure Direct Object Reference IDOR Date: 21/06/2021 Exploit Author: Pratik Khalane Vendor Homepage: https://www.sourcecodester.com/ Software Link: https://www.sourcecodester.com/php/10882/phone-shop-sales-managements-system.html Version:...
Remote Mouse GUI 3.008 - Local Privilege Escalation
Exploit Title: Remote Mouse GUI 3.008 - Local Privilege Escalation Exploit Author: Salman Asad @deathflash1411 a.k.a LeoBreaker Date: 17.06.2021 Version: Remote Mouse 3.008 Tested on: Windows 10 Pro Version 21H1 Reference: https://deathflash1411.github.io/blog/cve-2021-35448 CVE: CVE-2021-35448...
Customer Relationship Management System (CRM) 1.0 - Remote Code Execution
Exploit Title: Customer Relationship Management System CRM 1.0 - Remote Code Execution Date: 21.06.2021 Exploit Author: Ishan Saha Vendor Homepage: https://www.sourcecodester.com/php/14794/customer-relationship-management-crm-system-php-source-code.html Software Link:...
Lexmark Printer Software G2 Installation Package 1.8.0.0 - 'LM__bdsvc' Unquoted Service Path
Exploit Title: Lexmark Printer Software G2 Installation Package 1.8.0.0 - 'LMbdsvc' Unquoted Service Path Date: 2021-06-20 Exploit Author: Julio Aviña Vendor Homepage: https://www.lexmark.com/ Software Link:...
Websvn 2.6.0 - Remote Code Execution (Unauthenticated)
Exploit Title: Websvn 2.6.0 - Remote Code Execution Unauthenticated Date: 20/06/2021 Exploit Author: g0ldm45k Vendor Homepage: https://websvnphp.github.io/ Software Link: https://github.com/websvnphp/websvn/releases/tag/2.6.0 Version: 2.6.0 Tested on: Docker + Debian GNU/Linux Buster CVE :...
OpenEMR 5.0.1.7 - 'fileName' Path Traversal (Authenticated)
Exploit Title: OpenEMR 5.0.1.7 - 'fileName' Path Traversal Authenticated Date 16.06.2021 Exploit Author: Ron Jost Hacker5preme Vendor Homepage: https://www.open-emr.org/ Software Link: https://github.com/openemr/openemr/archive/refs/tags/v5017.zip Version: All versions prior to 5.0.2 Tested on:...
Simple CRM 3.0 - 'Change user information' Cross-Site Request Forgery (CSRF)
Exploit Title: Simple CRM 3.0 - 'Change user information' Cross-Site Request Forgery CSRF Date: 20/06/2021 Exploit Author: Riadh Benlamine rbn0x00 Vendor Homepage: https://phpgurukul.com/ Software Link: https://phpgurukul.com/small-crm-php/ Version: 3.0 Category: Webapps Tested on: Apache2+MariaD...
Solaris SunSSH 11.0 x86 - libpam Remote Root (3)
Exploit Title: Solaris SunSSH 11.0 x86 - libpam Remote Root 3 Exploit Author: Nathaniel Singer, Joe Rozner Date: 09/11/2020 CVE: 2020-14871 Vulnerable Versions: Oracle Solaris: 9 some releases, 10 all releases, 11.0 Description: CVE-2020-14871 is a critical pre-authentication via SSH stack-based...
iFunbox 4.2 - 'Apple Mobile Device Service' Unquoted Service Path
Exploit Title: iFunbox 4.2 - 'Apple Mobile Device Service' Unquoted Service Path Date: 2021-06-18 Exploit Author: Julio Aviña Vendor Homepage: https://www.i-funbox.com/en/index.html Software Link: https://www.i-funbox.com/download/ifunboxsetup4.2.exe Version: 4.2 Service File Version: 486.0.2.23...
Simple CRM 3.0 - 'name' Stored Cross site scripting (XSS)
Exploit Title: Simple CRM 3.0 - 'name' Stored Cross site scripting XSS Date: 20/06/2021 Exploit Author: Riadh Benlamine rbn0x00 Vendor Homepage: https://phpgurukul.com/ Software Link: https://phpgurukul.com/small-crm-php/ Version: 3.0 Category: Webapps Tested on: Apache2+MariaDB latest version...
Wise Care 365 5.6.7.568 - 'WiseBootAssistant' Unquoted Service Path
Exploit Title: Wise Care 365 5.6.7.568 - 'WiseBootAssistant' Unquoted Service Path Date: 2021-06-18 Exploit Author: Julio Aviña Vendor Homepage: https://www.wisecleaner.com/wise-care-365.html Software Link: https://downloads.wisecleaner.com/soft/WiseCare3655.6.7.568.exe Version: 5.6.7.568 Service...
Node.JS - 'node-serialize' Remote Code Execution (3)
Exploit Title: Node.JS - 'node-serialize' Remote Code Execution 3 Date: 17.06.2021 Exploit Author: Beren Kuday GORUN Vendor Homepage: https://github.com/luin/serialize Software Link: https://github.com/luin/serialize Version: 0.0.4 Tested on: Windows & Ubuntu CVE : 2017-5941 var serialize =...
Dlink DSL2750U - 'Reboot' Command Injection
Exploit Title: Dlink DSL2750U - 'Reboot' Command Injection Date: 17-06-2021 Exploit Author: Mohammed Hadi HadiMed Vendor Homepage: https://me.dlink.com/consumer Software Link: https://dlinkmea.com/index.php/product/details?det=c0lvN0JoeVVhSXh4TVhjTnd1OUpUUT09 Version: ME1.16 Tested on: firmware...
ICE Hrm 29.0.0.OS - 'Account Takeover' Cross-Site Scripting and Session Fixation
Exploit Title: ICE Hrm 29.0.0.OS - 'Account Takeover' Cross-Site Scripting and Session Fixation Exploit Author: Piyush Patil & Rafal Lykowski Vendor Homepage: https://icehrm.com/ Version: 29.0.0.OS Tested on: Windows 10 and Kali Description ICE Hrm Version 29.0.0.OS is vulnerable to session...
ICE Hrm 29.0.0.OS - 'Account Takeover' Cross-Site Request Forgery (CSRF)
Exploit Title: ICE Hrm 29.0.0.OS - 'Account Takeover' Cross-Site Request Forgery CSRF Exploit Author: Piyush Patil & Rafal Lykowski Vendor Homepage: https://icehrm.com/ Version: 29.0.0.OS Tested on: Windows 10 and Kali Description ICE Hrm Version 29.0.0.OS is vulnerable to CSRF which allows...
ICE Hrm 29.0.0.OS - 'xml upload' Stored Cross-Site Scripting (XSS)
Exploit Title: ICE Hrm 29.0.0.OS - 'xml upload' Stored Cross-Site Scripting XSS Exploit Author: Piyush Patil & Rafal Lykowski Vendor Homepage: https://icehrm.com/ Version: 29.0.0.OS Tested on: Windows 10 and Kali Description The file upload feature in ICE Hrm Version 29.0.0.OS allows remote...
Sync Breeze 13.6.18 - 'Multiple' Unquoted Service Path
Exploit Title: Sync Breeze 13.6.18 - 'Multiple' Unquoted Service Path Discovery by: Brian Rodriguez Date: 16-06-2021 Vendor Homepage: https://www.syncbreeze.com/ Software Links: https://www.syncbreeze.com/setupsx64/syncbreezesrvsetupv13.6.18x64.exe...
Online Shopping Portal 3.1 - Remote Code Execution (Unauthenticated)
Exploit Title: Online Shopping Portal 3.1 - Remote Code Execution Unauthenticated Date: 17.06.2021 Exploit Author: Tagoletta Tağmaç Software Link: https://phpgurukul.com/shopping-portal-free-download/ Version: V3.1 Tested on: Windows & Ubuntu import requests import random import string url =...
VX Search 13.5.28 - 'Multiple' Unquoted Service Path
Exploit Title: VX Search 13.5.28 - 'Multiple' Unquoted Service Path Discovery by: Brian Rodriguez Date: 16-06-2021 Vendor Homepage: https://www.vxsearch.com Software Links: https://www.vxsearch.com/setupsx64/vxsearchsrvsetupv13.5.28x64.exe...
Unified Office Total Connect Now 1.0 - 'data' SQL Injection
Exploit Title: Unified Office Total Connect Now 1.0 – 'data' SQL Injection Shodan Filter: http.title:"TCN User Dashboard" Date: 06-16-2021 Exploit Author: Ajaikumar Nadar Vendor Homepage: https://unifiedoffice.com/ Software Link: https://unifiedoffice.com/voip-business-solutions/ Version: 1.0...
Dup Scout 13.5.28 - 'Multiple' Unquoted Service Path
Exploit Title: Dup Scout 13.5.28 - 'Multiple' Unquoted Service Path Discovery by: Brian Rodriguez Date: 16-06-2021 Vendor Homepage: https://www.dupscout.com Software Links: https://www.dupscout.com/setupsx64/dupscoutsrvsetupv13.5.28x64.exe...
Disk Savvy 13.6.14 - 'Multiple' Unquoted Service Path
Exploit Title: Disk Savvy 13.6.14 - 'Multiple' Unquoted Service Path Discovery by: Brian Rodriguez Date: 16-06-2021 Vendor Homepage: https://www.disksavvy.com Software Links: https://www.disksavvy.com/setupsx64/disksavvysrvsetupv13.6.14x64.exe...
Workspace ONE Intelligent Hub 20.3.8.0 - 'VMware Hub Health Monitoring Service' Unquoted Service Path
Exploit Title: Workspace ONE Intelligent Hub 20.3.8.0 - 'VMware Hub Health Monitoring Service' Unquoted Service Path Discovery by: Ismael Nava Discovery Date: 06-16-2021 Vendor Homepage: https://www.vmware.com/mx/products/workspace-one/intelligent-hub.html Software Links : https://getwsone.com/...
Zoho ManageEngine ServiceDesk Plus MSP 9.4 - User Enumeration
Exploit Title: Zoho ManageEngine ServiceDesk Plus MSP 9.4 - User Enumeration Date: 17/06/2021 Exploit Author: Ricardo Ruiz @ricardojoserf CVE: CVE-2021-31159 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31159 Vendor Homepage: https://www.manageengine.com Vendor Confirmation:...
Teachers Record Management System 1.0 - 'Multiple' SQL Injection (Authenticated)
Exploit Title: Teachers Record Management System 1.0 – Multiple SQL Injection Authenticated Date: 05-10-2021 Exploit Author: nhattruong Vendor Homepage: https://phpgurukul.com Software Link: https://phpgurukul.com/teachers-record-management-system-using-php-and-mysql/ Version: 1.0 Tested on:...
Disk Sorter Server 13.6.12 - 'Disk Sorter Server' Unquoted Service Path
Exploit Title: Disk Sorter Server 13.6.12 - 'Disk Sorter Server' Unquoted Service Path Discovery by: BRushiran Date: 15-06-2021 Vendor Homepage: https://www.disksorter.com Software Links: https://www.disksorter.com/setupsx64/disksortersrvsetupv13.6.12x64.exe Tested Version: 13.6.12 Vulnerability...
DiskPulse 13.6.14 - 'Multiple' Unquoted Service Path
Exploit Title: DiskPulse 13.6.14 - 'Multiple' Unquoted Service Path Discovery by: Brian Rodriguez Date: 14-06-2021 Vendor Homepage: https://www.diskpulse.com Software Links: https://www.diskpulse.com/setupsx64/diskpulseentsetupv13.6.14x64.exe...
Teachers Record Management System 1.0 - 'email' Stored Cross-site Scripting (XSS)
Exploit Title: Teachers Record Management System 1.0 – 'email' Stored Cross-site Scripting XSS Date: 05-10-2021 Exploit Author: nhattruong Vendor Homepage: https://phpgurukul.com Software Link: https://phpgurukul.com/teachers-record-management-system-using-php-and-mysql/ Version: 1.0 Tested on:...
CKEditor 3 - Server-Side Request Forgery (SSRF)
Exploit Title: CKEditor 3 - Server-Side Request Forgery SSRF Google Dorks : inurl /editor/filemanager/connectors/uploadtest.html Date: 12-6-2021 Exploit Author: Blackangel Software Link: https://ckeditor.com/ Version:all version under 4 1,2,3 Tested on: windows 7 Steps of Exploit:- 1-using google...
OpenEMR 5.0.1.3 - Authentication Bypass
Exploit Title: OpenEMR 5.0.1.3 - '/portal/account/register.php' Authentication Bypass Date 15.06.2021 Exploit Author: Ron Jost Hacker5preme Vendor Homepage: https://www.open-emr.org/ Software Link: https://github.com/openemr/openemr/archive/refs/tags/v5013.zip Version: All versions prior to 5.0.1...
Cotonti Siena 0.9.19 - 'maintitle' Stored Cross-Site Scripting
Exploit Title: Cotonti Siena 0.9.19 - 'maintitle' Stored Cross-Site Scripting Date: 2021-15-06 Exploit Author: Fatih İLGİN Vendor Homepage: cotonti.com Vulnerable Software: https://www.cotonti.com/download/siena0919 Affected Version: 0.9.19 Tested on: Windows 10 Vulnerable Parameter Type: POST...
Disk Sorter Enterprise 13.6.12 - 'Disk Sorter Enterprise' Unquoted Service Path
Exploit Title: Disk Sorter Enterprise 13.6.12 - 'Disk Sorter Enterprise' Unquoted Service Path Discovery by: BRushiran Date: 15-06-2021 Vendor Homepage: https://www.disksorter.com Software Links: https://www.disksorter.com/setupsx64/disksorterentsetupv13.6.12x64.exe Tested Version: 13.6.12...
Client Management System 1.1 - 'Search' SQL Injection
Exploit Title: Client Management System 1.1 - 'Search' SQL Injection Date: 14 June 2021 Exploit Author: BHAVESH KAUL Vendor Homepage: https://phpgurukul.com Software Link: https://phpgurukul.com/client-management-system-using-php-mysql/ Version: 1.1 Tested on: Server: XAMPP Description Client...
Brother BRPrint Auditor - 'Multiple' Unquoted Service Path
Exploit Title: Brother BRPrint Auditor 3.0.7 - 'Multiple' Unquoted Service Path Discovery by: Brian Rodriguez Date: 14-06-2021 Vendor Homepage: https://support.brother.com/ Software Links:...