47904 matches found
Church Management System 1.0 - 'Multiple' Stored Cross-Site Scripting (XSS)
Exploit Title: Church Management System 1.0 - 'Multiple' Stored Cross-Site Scripting XSS Date: 07/03/2021 Exploit Author: Murat DEMIRCI @butterflyhunt3r Vendor Homepage: https://www.sourcecodester.com Software Link: https://www.sourcecodester.com/php/11206/church-management-system.html Version: 1...
Garbage Collection Management System 1.0 - SQL Injection (Unauthenticated)
Exploit Title: Garbage Collection Management System 1.0 - SQL Injection Unauthenticated Exploit Author: ircashem Date 02.07.2021 Vendor Homepage: https://www.sourcecodester.com/ Software Link: https://www.sourcecodester.com/php/14854/garbage-collection-management-system-php.html Version 1.0 Teste...
Wordpress Plugin Modern Events Calendar 5.16.2 - Event export (Unauthenticated)
Exploit Title: Wordpress Plugin Modern Events Calendar 5.16.2 - Event export Unauthenticated Date 01.07.2021 Exploit Author: Ron Jost Hacker5preme Vendor Homepage: https://webnus.net/modern-events-calendar/ Software Link: https://downloads.wordpress.org/plugin/modern-events-calendar-lite.5.16.2.z...
WinWaste.NET 1.0.6183.16475 - Privilege Escalation due Incorrect Access Control
Exploit Title: WinWaste.NET 1.0.6183.16475 - Privilege Escalation due Incorrect Access Control Date: 2021-07-01 Author: Andrea Intilangelo Vendor Homepage: http://nica.it - http://winwastenet.com Version: 1.0.6183.16475 Tested on: Windows 10 Pro x64 - 20H2 and 21H1 CVE: CVE-2021-34110 WinWaste.NE...
Wordpress Plugin Modern Events Calendar 5.16.2 - Remote Code Execution (Authenticated)
Exploit Title: Wordpress Plugin Modern Events Calendar 5.16.2 - Remote Code Execution Authenticated Date 01.07.2021 Exploit Author: Ron Jost Hacker5preme Vendor Homepage: https://webnus.net/modern-events-calendar/ Software Link:...
Scratch Desktop 3.17 - Remote Code Execution
Exploit Title: Scratch Desktop 3.17 - Cross-Site Scripting/Remote Code Execution XSS/RCE Google Dork: 'inurl:"/projects/editor/?tutorial=getStarted" -mit.edu' not foolproof on versioning Date: 2021-06-18 Exploit Author: Stig Magnus Baugstø Vendor Homepage: https://scratch.mit.edu/ Software Link:...
b2evolution 7.2.2 - 'edit account details' Cross-Site Request Forgery (CSRF)
Exploit Title: b2evolution 7.2.2 - 'edit account details' Cross-Site Request Forgery CSRF Exploit Author: Alperen Ergel @alpernae Vendor Homepage: https://b2evolution.net/ Software Link: https://b2evolution.net/downloads/7-2-2 Version : 7.2.2 Tested on: Kali Linux Category: WebApp Description...
AKCP sensorProbe SPX476 - 'Multiple' Cross-Site Scripting (XSS)
Exploit Title: AKCP sensorProbe SPX476 - 'Multiple' Cross-Site Scripting XSS Date: 07-01-2021 Exploit Author: Tyler Butler Vendor Homepage: https://www.akcp.com/ Software Link: https://www.akcp.com/support-center/customer-login/sensorprobe-series-firmware-download/ Advisory:...
Online Voting System 1.0 - Remote Code Execution (Authenticated)
Exploit Title: Online Voting System 1.0 - Remote Code Execution Authenticated Exploit Author: Salman Asad @deathflash1411 a.k.a LeoBreaker Date 30.06.2021 Vendor Homepage: https://www.sourcecodester.com/ Software Link: https://www.sourcecodester.com/php/4808/voting-system-php.html Version 1.0...
Online Voting System 1.0 - Authentication Bypass (SQLi)
Exploit Title: Online Voting System 1.0 - Authentication Bypass SQLi Exploit Author: Salman Asad @deathflash1411 a.k.a LeoBreaker Date 30.06.2021 Vendor Homepage: https://www.sourcecodester.com/ Software Link: https://www.sourcecodester.com/php/4808/voting-system-php.html Version 1.0 Tested on:...
Vianeos OctoPUS 5 - 'login_user' SQLi
Exploit Title: Vianeos OctoPUS 5 - 'loginuser' SQLi Date: 01/07/2021 Exploit Author: Audencia Business SCHOOL Vendor Homepage: http://www.vianeos.com/en/home-vianeos/ Software Link: http://www.vianeos.com/en/octopus/ Version: V5 Tested on: Fedora / Apache2 / MariaDB Octopus V5 SQLi The "loginuser...
Wordpress Plugin XCloner 4.2.12 - Remote Code Execution (Authenticated)
Exploit Title: Wordpress Plugin XCloner 4.2.12 - Remote Code Execution Authenticated Date 30.06.2021 Exploit Author: Ron Jost Hacker5preme Vendor Homepage: https://www.xcloner.com/ Software Link: https://downloads.wordpress.org/plugin/xcloner-backup-and-restore.4.2.12.zip Version: 4.2.1 - 4.2.12...
phpAbook 0.9i - SQL Injection
Exploit Title: phpAbook 0.9i - SQL Injection Date: 2021-06-29 Vendor Homepage: http://sourceforge.net/projects/phpabook/ Exploit Author: Said Cortes, Alejandro Perez Version: v0.9i This was written for educational purpose. Use it at your own risk. Author will be not responsible for any damage...
Doctors Patients Management System 1.0 - SQL Injection (Authentication Bypass)
Exploit Title: Doctors Patients Management System 1.0 - SQL Injection Authentication Bypass Date: 06/30/2021 Exploit Author: Murat DEMIRCI butterflyhunt3r Vendor Homepage: https://www.codester.com/ Software Link: https://www.codester.com/items/31349/medisol-doctors-patients-managment-system...
Simple Traffic Offense System 1.0 - Stored Cross Site Scripting (XSS)
Exploit Title: Simple Traffic Offense System 1.0 - 'Multiple' Stored Cross Site Scripting XSS Date: 30-06-2021 Exploit Author: Barış Yıldızoğlu Vendor Homepage: https://www.sourcecodester.com/ Software Link: https://www.sourcecodester.com/sites/default/files/download/oretnom23/trafic.zip Version:...
Apache Superset 1.1.0 - Time-Based Account Enumeration
Exploit Title: Apache Superset 1.1.0 - Time-Based Account Enumeration Author: Dolev Farhi Date: 2021-05-13 Vendor Homepage: https://superset.apache.org/ Version: 1.1.0 Tested on: Ubuntu import sys import requests import time scheme = 'http' host = '192.168.1.1' port = 8080 change with your wordli...
ES File Explorer 4.1.9.7.4 - Arbitrary File Read
Exploit Title: ES File Explorer 4.1.9.7.4 - Arbitrary File Read Date: 29/06/2021 Exploit Author: Nehal Zaman Version: ES File Explorer v4.1.9.7.4 Tested on: Android CVE : CVE-2019-6447 import requests import json import ast import sys if lensys.argv file to download" sys.exit1 url = 'http://' +...
Atlassian Jira Server Data Center 8.16.0 - Reflected Cross-Site Scripting (XSS)
Exploit Title: Atlassian Jira Server/Data Center 8.16.0 - Reflected Cross-Site Scripting XSS Date: 06/05/2021 Exploit Author: CAPTAINHOOK Vendor Homepage: https://www.atlassian.com/ Software Link: https://www.atlassian.com/software/jira/download/data-center Version: versions 8.5.14, 8.6.0 ≤ versi...
WordPress Plugin YOP Polls 6.2.7 - Stored Cross Site Scripting (XSS)
Exploit Title: WordPress Plugin YOP Polls 6.2.7 - Stored Cross Site Scripting XSS Date: 09/06/2021 Exploit Author: inspired - Toby Jackson Vendor Homepage: https://yop-poll.com/ Blog Post: https://www.in-spired.xyz/discovering-wordpress-plugin-yop-polls-v6-2-7-stored-xss/ Software Link:...
Netgear WNAP320 2.0.3 - 'macAddress' Remote Code Execution (RCE) (Unauthenticated)
Exploit Title: Netgear WNAP320 2.0.3 - 'macAddress' Remote Code Execution RCE Unauthenticated Vulnerability: Remote Command Execution on /boardDataWW.php macAddress parameter Notes: The RCE doesn't need to be authenticated Date: 26/06/2021 Exploit Author: Bryan Leong IoT Device: Netgear WNAP320...
SAS Environment Manager 2.5 - 'name' Stored Cross-Site Scripting (XSS)
Exploit Title: SAS Environment Manager 2.5 - 'name' Stored Cross-Site Scripting XSS Date: 24/06/2021 Exploit Author: Luqman Hakim Zahari @ Saitamang Vendor Homepage: https://support.sas.com/en/software/environment-manager-support.html Version: 2.5 Tested on: CentOS 7 CVE : CVE-2021-35475...
Lightweight facebook-styled blog 1.3 - Remote Code Execution (RCE) (Authenticated) (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "Lightweight facebook-styled blog authenticated remote code execution", 'Description' = %q This module exploits the file upload vulnerability of...
Simple Client Management System 1.0 - 'uemail' SQL Injection (Unauthenticated)
Exploit Title: Simple Client Management System 1.0 - 'uemail' SQL Injection Unauthenticated Date: 24-06-2021 Exploit Author: Barış Yıldızoğlu Vendor Homepage: https://www.sourcecodester.com/ Software Link: https://www.sourcecodester.com/sites/default/files/download/oretnom23/client-details.zip...
SAPSprint 7.60 - 'SAPSprint' Unquoted Service Path
Exploit Title: SAPSprint 7.60 - 'SAPSprint' Unquoted Service Path Discovery by: Brian Rodriguez Date: 21-06-2021 Vendor Homepage: https://brother.com/ Tested Version: 7.60 Vulnerability Type: Unquoted Service Path Tested on: Windows 10 Enterprise 64 bits Step to discover Unquoted Service Path:...
Seeddms 5.1.10 - Remote Command Execution (RCE) (Authenticated)
Exploit Title: Seeddms 5.1.10 - Remote Command Execution RCE Authenticated Date: 25/06/2021 Exploit Author: Bryan Leong Vendor Homepage: https://www.seeddms.org/index.php?id=2 Software Link: https://sourceforge.net/projects/seeddms/files/seeddms-5.0.11/ Version: Seeddms 5.1.10 Tested on: Windows ...
VMware vCenter Server 7.0 - Remote Code Execution (RCE) (Unauthenticated)
Exploit Title: VMware vCenter Server RCE 6.5 / 6.7 / 7.0 - Remote Code Execution RCE Unauthenticated Date: 06/21/2021 Exploit Author: CHackA0101 Vendor Homepage: https://kb.vmware.com/s/article/82374 Software Link: https://www.vmware.com/products/vcenter-server.html Version: This affects VMware...
TP-Link TL-WR841N - Command Injection
Exploit Title: TP-Link TL-WR841N - Command Injection Date: 2020-12-13 Exploit Author: Koh You Liang Vendor Homepage: https://www.tp-link.com/ Software Link: https://static.tp-link.com/TL-WR841NJPV13161028.zip Version: TL-WR841N 0.9.1 4.0 Tested on: Windows 10 CVE : CVE-2020-35576 import requests...
Adobe ColdFusion 8 - Remote Command Execution (RCE)
Exploit Title: Adobe ColdFusion 8 - Remote Command Execution RCE Google Dork: intext:"adobe coldfusion 8" Date: 24/06/2021 Exploit Author: Pergyz Vendor Homepage: https://www.adobe.com/sea/products/coldfusion-family.html Version: 8 Tested on: Microsoft Windows Server 2008 R2 Standard CVE :...
Huawei dg8045 - Authentication Bypass
Title: Huawei dg8045 - Authentication Bypass Date: 2020-06-24 Author: Abdalrahman Gamal Vendor Homepage: www.huawei.com Version: dg8045 Hardware Version: VER.A POC: The default password of this router is the last 8 characters of the device's serial number which exist in the back of the device. An...
Simple CRM 3.0 - 'email' SQL injection (Authentication Bypass)
Exploit Title: Simple CRM 3.0 - 'email' SQL injection Authentication Bypass Date: 22/06/2021 Exploit Author: Rinku Kumar rinku191 Vendor Homepage: https://phpgurukul.com/ Software Link: https://phpgurukul.com/small-crm-php/ Version: 3.0 Category: Webapps Tested on: Apache2+MariaDB latest version...
Online Library Management System 1.0 - 'Search' SQL Injection
Exploit Title: Online Library Management System 1.0 - 'Search' SQL Injection Date: 23-06-2021 Exploit Author: Berk Can Geyikci Vendor Homepage: https://www.sourcecodester.com/ Software Link: https://www.sourcecodester.com/sites/default/files/download/janobe/ols.zip Version: 1.0 Tested on: Windows...
WordPress Plugin WP Google Maps 8.1.11 - Stored Cross-Site Scripting (XSS)
Exploit Title: WordPress Plugin WP Google Maps 8.1.11 - Stored Cross-Site Scripting XSS Date: 22/6/2021 Exploit Author: Mohammed Adam Vendor Homepage: https://www.wpgmaps.com/ Software Link: https://wordpress.org/plugins/wp-google-maps/ Version: 5.7.2 Tested on: Windows 10 CVE: CVE-2021-24383...
WordPress Plugin Poll, Survey, Questionnaire and Voting system 1.5.2 - 'date_answers' Blind SQL Injection
Exploit Title: WordPress Plugin Poll, Survey, Questionnaire and Voting system 1.5.2 - 'dateanswers' Blind SQL Injection Date: 09/06/2021 Exploit Author: inspired - Toby Jackson Blog Post: https://in-spired.xyz/wpdevart-polls-blind-sql-injection/ Vendor Homepage:...
Online Library Management System 1.0 - Arbitrary File Upload Remote Code Execution (Unauthenticated)
Exploit Title: Online Library Management System 1.0 - Arbitrary File Upload Remote Code Execution Unauthenticated Date: 23-06-2021 Exploit Author: Berk Can Geyikci Vendor Homepage: https://www.sourcecodester.com/ Software Link:...
Phone Shop Sales Managements System 1.0 - Insecure Direct Object Reference (IDOR)
Exploit Title: Phone Shop Sales Managements System 1.0 - Insecure Direct Object Reference IDOR Date: 21/06/2021 Exploit Author: Pratik Khalane Vendor Homepage: https://www.sourcecodester.com/ Software Link: https://www.sourcecodester.com/php/10882/phone-shop-sales-managements-system.html Version:...
Responsive Tourism Website 3.1 - Remote Code Execution (RCE) (Unauthenticated)
Exploit Title: Responsive Tourism Website 3.1 - Remote Code Execution RCE Unauthenticated Date: 22.06.2021 Exploit Author: Tagoletta Tağmaç Software Link: https://www.sourcecodester.com/php/14838/simple-responsive-tourism-website-using-php-free-source-code.html Version: V 3.1 Tested on: MacOS &...
ASUS DisplayWidget Software 3.4.0.036 - 'ASUSDisplayWidgetService' Unquoted Service Path
Exploit Title: ASUS DisplayWidget Software 3.4.0.036 - 'ASUSDisplayWidgetService' Unquoted Service Path Date: 2021-06-21 Exploit Author: Julio Aviña Vendor Homepage: https://www.asus.com/ Software Link: https://dlcdnets.asus.com/pub/ASUS/LCD%20Monitors/MB16ACE/ASUSDisplayWidget3.4.0.036.exe.zip...
Websvn 2.6.0 - Remote Code Execution (Unauthenticated)
Exploit Title: Websvn 2.6.0 - Remote Code Execution Unauthenticated Date: 20/06/2021 Exploit Author: g0ldm45k Vendor Homepage: https://websvnphp.github.io/ Software Link: https://github.com/websvnphp/websvn/releases/tag/2.6.0 Version: 2.6.0 Tested on: Docker + Debian GNU/Linux Buster CVE :...
Customer Relationship Management System (CRM) 1.0 - Remote Code Execution
Exploit Title: Customer Relationship Management System CRM 1.0 - Remote Code Execution Date: 21.06.2021 Exploit Author: Ishan Saha Vendor Homepage: https://www.sourcecodester.com/php/14794/customer-relationship-management-crm-system-php-source-code.html Software Link:...
Remote Mouse GUI 3.008 - Local Privilege Escalation
Exploit Title: Remote Mouse GUI 3.008 - Local Privilege Escalation Exploit Author: Salman Asad @deathflash1411 a.k.a LeoBreaker Date: 17.06.2021 Version: Remote Mouse 3.008 Tested on: Windows 10 Pro Version 21H1 Reference: https://deathflash1411.github.io/blog/cve-2021-35448 CVE: CVE-2021-35448...
Lexmark Printer Software G2 Installation Package 1.8.0.0 - 'LM__bdsvc' Unquoted Service Path
Exploit Title: Lexmark Printer Software G2 Installation Package 1.8.0.0 - 'LMbdsvc' Unquoted Service Path Date: 2021-06-20 Exploit Author: Julio Aviña Vendor Homepage: https://www.lexmark.com/ Software Link:...
Simple CRM 3.0 - 'Change user information' Cross-Site Request Forgery (CSRF)
Exploit Title: Simple CRM 3.0 - 'Change user information' Cross-Site Request Forgery CSRF Date: 20/06/2021 Exploit Author: Riadh Benlamine rbn0x00 Vendor Homepage: https://phpgurukul.com/ Software Link: https://phpgurukul.com/small-crm-php/ Version: 3.0 Category: Webapps Tested on: Apache2+MariaD...
Simple CRM 3.0 - 'name' Stored Cross site scripting (XSS)
Exploit Title: Simple CRM 3.0 - 'name' Stored Cross site scripting XSS Date: 20/06/2021 Exploit Author: Riadh Benlamine rbn0x00 Vendor Homepage: https://phpgurukul.com/ Software Link: https://phpgurukul.com/small-crm-php/ Version: 3.0 Category: Webapps Tested on: Apache2+MariaDB latest version...
Solaris SunSSH 11.0 x86 - libpam Remote Root (3)
Exploit Title: Solaris SunSSH 11.0 x86 - libpam Remote Root 3 Exploit Author: Nathaniel Singer, Joe Rozner Date: 09/11/2020 CVE: 2020-14871 Vulnerable Versions: Oracle Solaris: 9 some releases, 10 all releases, 11.0 Description: CVE-2020-14871 is a critical pre-authentication via SSH stack-based...
iFunbox 4.2 - 'Apple Mobile Device Service' Unquoted Service Path
Exploit Title: iFunbox 4.2 - 'Apple Mobile Device Service' Unquoted Service Path Date: 2021-06-18 Exploit Author: Julio Aviña Vendor Homepage: https://www.i-funbox.com/en/index.html Software Link: https://www.i-funbox.com/download/ifunboxsetup4.2.exe Version: 4.2 Service File Version: 486.0.2.23...
Wise Care 365 5.6.7.568 - 'WiseBootAssistant' Unquoted Service Path
Exploit Title: Wise Care 365 5.6.7.568 - 'WiseBootAssistant' Unquoted Service Path Date: 2021-06-18 Exploit Author: Julio Aviña Vendor Homepage: https://www.wisecleaner.com/wise-care-365.html Software Link: https://downloads.wisecleaner.com/soft/WiseCare3655.6.7.568.exe Version: 5.6.7.568 Service...
OpenEMR 5.0.1.7 - 'fileName' Path Traversal (Authenticated)
Exploit Title: OpenEMR 5.0.1.7 - 'fileName' Path Traversal Authenticated Date 16.06.2021 Exploit Author: Ron Jost Hacker5preme Vendor Homepage: https://www.open-emr.org/ Software Link: https://github.com/openemr/openemr/archive/refs/tags/v5017.zip Version: All versions prior to 5.0.2 Tested on:...
Dlink DSL2750U - 'Reboot' Command Injection
Exploit Title: Dlink DSL2750U - 'Reboot' Command Injection Date: 17-06-2021 Exploit Author: Mohammed Hadi HadiMed Vendor Homepage: https://me.dlink.com/consumer Software Link: https://dlinkmea.com/index.php/product/details?det=c0lvN0JoeVVhSXh4TVhjTnd1OUpUUT09 Version: ME1.16 Tested on: firmware...
Node.JS - 'node-serialize' Remote Code Execution (3)
Exploit Title: Node.JS - 'node-serialize' Remote Code Execution 3 Date: 17.06.2021 Exploit Author: Beren Kuday GORUN Vendor Homepage: https://github.com/luin/serialize Software Link: https://github.com/luin/serialize Version: 0.0.4 Tested on: Windows & Ubuntu CVE : 2017-5941 var serialize =...
ICE Hrm 29.0.0.OS - 'xml upload' Stored Cross-Site Scripting (XSS)
Exploit Title: ICE Hrm 29.0.0.OS - 'xml upload' Stored Cross-Site Scripting XSS Exploit Author: Piyush Patil & Rafal Lykowski Vendor Homepage: https://icehrm.com/ Version: 29.0.0.OS Tested on: Windows 10 and Kali Description The file upload feature in ICE Hrm Version 29.0.0.OS allows remote...