47884 matches found
Color Notes 1.4 - Denial of Service (PoC)
Exploit Title: Color Notes 1.4 - Denial of Service PoC Date: 06-04-2021 Author: Geovanni Ruiz Download Link: https://apps.apple.com/gt/app/color-notes/id830515136 Version: 1.4 Category: DoS iOS Vulnerability Color Notes is vulnerable to a DoS condition when a long list of characters is being used...
Gitlab 13.10.2 - Remote Code Execution (Authenticated)
Exploit Title: Gitlab 13.10.2 - Remote Code Execution Authenticated Date: 04/06/2021 Exploit Author: enox Vendor Homepage: https://about.gitlab.com/ Software Link: https://gitlab.com/ Version: 13.10.3 Tested On: Ubuntu 20.04 Environment: Gitlab 13.10.2 CE Credits:...
Macaron Notes great notebook 5.5 - Denial of Service (PoC)
Exploit Title: Macaron Notes great notebook 5.5 - Denial of Service PoC Date: 06-04-2021 Author: Geovanni Ruiz Download Link: https://apps.apple.com/us/app/macaron-notes-great-notebook/id1079862221 Version: 5.5 Category: DoS iOS Vulnerability Color Notes is vulnerable to a DoS condition when a lo...
Monstra CMS 3.0.4 - Remote Code Execution (Authenticated)
Exploit Title: Monstra CMS 3.0.4 - Remote Code Execution Authenticated Date: 03.06.2021 Exploit Author: Ron Jost hacker5preme Vendor Homepage: https://monstra.org/ Software Link: https://monstra.org/monstra-3.0.4.zip Version: 3.0.4 Tested on: Ubuntu 20.04 CVE: CVE-2018-6383 Documentation:...
Inkpad Notepad & To do list 4.3.61 - Denial of Service (PoC)
Exploit Title: Inkpad Notepad & To do list 4.3.61 - Denial of Service PoC Date: 2021-06-03 Author: Brian Rodríguez Download Link: https://play.google.com/store/apps/details?id=com.workpail.inkpad.notepad.notes&hl=esMX Version: 4.3.61 Category: DoS Android Vulnerability InkPad Bloc de notas - Tare...
CHIYU IoT Devices - 'Telnet' Authentication Bypass
Exploit Title: CHIYU IoT Devices - 'Telnet' Authentication Bypass Date: 01/06/2021 Exploit Author: sirpedrotavares Vendor Homepage: https://www.chiyu-tech.com/msg/msg88.html Software Link: https://www.chiyu-tech.com/category-hardware.html Version: BF-430, BF-431, BF-450M, and SEMAC - all firmware...
Gitlab 13.9.3 - Remote Code Execution (Authenticated)
Exploit Title: Gitlab 13.9.3 - Remote Code Execution Authenticated Date: 02/06/2021 Exploit Author: enox Vendor Homepage: https://about.gitlab.com/ Software Link: https://gitlab.com/ Version: 13.9.4 Tested On: Ubuntu 20.04 Environment: Gitlab 13.9.1 CE Credits: https://hackerone.com/reports/11254...
Notepad notes 2.6.7 - Denial of Service (PoC)
Exploit Title: Notepad notes 2.6.7 - Denial of Service PoC Date: 2021-06-02 Author: Brian Rodríguez Download Link: https://play.google.com/store/apps/details?id=com.hlcsdev.x.notepad&hl=esMX Version: 2.6.7 Category: DoS Android Vulnerability Bloc de notas is vulnerable to a DoS condition when a...
Blacknote 2.2.1 - Denial of Service (PoC)
Exploit Title: Blacknote 2.2.1 - Denial of Service PoC Date: 2021-06-02 Author: Brian Rodríguez Download Link: https://play.google.com/store/apps/details?id=notepad.note.notas.notes.notizen&hl=esMX Version: 2.2.1 Category: DoS Android Vulnerability BlackNote Bloc de notas is vulnerable to a DoS...
ColorNote 4.1.9 - Denial of Service (PoC)
Exploit Title: ColorNote 4.1.9 - Denial of Service PoC Date: 2021-06-02 Author: Brian Rodríguez Download Link: https://play.google.com/store/apps/details?id=com.socialnmobile.dictapps.notepad.color.note&hl=esMX Version: 4.1.9 Category: DoS Android Vulnerability Color Note is vulnerable to a DoS...
PHP 8.1.0-dev - 'User-Agentt' Remote Code Execution
Exploit Title: PHP 8.1.0-dev - 'User-Agentt' Remote Code Execution Date: 23 may 2021 Exploit Author: flast101 Vendor Homepage: https://www.php.net/ Software Link: - https://hub.docker.com/r/phpdaily/php - https://github.com/phpdaily/php Version: 8.1.0-dev Tested on: Ubuntu 20.04 References: -...
4Images 1.8 - 'redirect' Reflected XSS
Exploit Title: 4Images 1.8 - 'redirect' Reflected XSS Exploit Author: Piyush Patil Vendor Homepage: https://www.4homepages.de/ Software Link: https://www.4homepages.de/?download=4images1.8.zip&code=81da0c7b5208e172ea83d879634f51d6 Version: 4Images Gallery 1.8 Tested on: Windows 10 and Kali CVE :...
FUDForum 3.1.0 - 'author' Reflected XSS
Exploit Title: FUDForum 3.1.0 - 'author' Reflected XSS Exploit Author: Piyush Patil Vendor Homepage: http://fudforum.org/ Software Link: https://sourceforge.net/projects/fudforum/files/FUDforum3.1.0.zip/download Version: FUDForum 3.1.0 Tested on: Windows 10 and Kali CVE : CVE-2021-27520...
BasicNote 1.1.9 - Denial of Service (PoC)
Exploit Title: BasicNote 1.1.9 - Denial of Service PoC Date: 2021-06-02 Author: Brian Rodríguez Download Link: https://play.google.com/store/apps/details?id=notizen.basic.notes.notas.note.notepad&hl=esMX Version: 1.1.9 Category: DoS Android Vulnerability BasicNote - Notas, Bloc de notas is...
FUDForum 3.1.0 - 'srch' Reflected XSS
Exploit Title: FUDForum 3.1.0 - 'srch' Reflected XSS Exploit Author: Piyush Patil Vendor Homepage: http://fudforum.org/ Software Link: https://sourceforge.net/projects/fudforum/files/FUDforum3.1.0.zip/download Version: FUDForum 3.1.0 Tested on: Windows 10 and Kali CVE : CVE-2021-27519 -Descriptio...
CHIYU IoT Devices - Denial of Service (DoS)
Exploit Title: CHIYU IoT Devices - Denial of Service DoS Date: 01/06/2021 Exploit Author: sirpedrotavares Vendor Homepage: https://www.chiyu-tech.com/msg/msg88.html Software Link: https://www.chiyu-tech.com/category-hardware.html Version: BIOSENSE, Webpass, and BF-630, BF-631, and SEMAC - all...
Seo Panel 4.8.0 - 'from_time' Reflected XSS
Exploit Title: Seo Panel 4.8.0 - 'fromtime' Reflected XSS Date: 23-03-2021 Exploit Author: Piyush Patil Vendor Homepage: https://www.seopanel.org/ Version: Seo Panel 4.8.0 Tested on: Windows 10 and Kali CVE : CVE-2021-28420 -Description: A cross-site scripting XSS issue in Seo Panel 4.8.0 allows...
Thecus N4800Eco Nas Server Control Panel - Comand Injection
Exploit Title: Thecus N4800Eco Nas Server Control Panel - Comand Injection Date: 01/06/2021 Exploit Author: Metin Yunus Kandemir Vendor Homepage: http://www.thecus.com/ Software Link: http://www.thecus.com/product.php?PRODID=83 Version: N4800Eco Description:...
Seo Panel 4.8.0 - 'category' Reflected XSS
Exploit Title: Seo Panel 4.8.0 - 'category' Reflected XSS Date: 22-03-2021 Exploit Author: Piyush Patil Vendor Homepage: https://www.seopanel.org/ Software Link: https://github.com/seopanel/Seo-Panel/releases/tag/4.8.0 Version: Seo Panel 4.8.0 Tested on: Windows 10 and Kali CVE : CVE-2021-28418...
Seo Panel 4.8.0 - 'search_name' Reflected XSS
Exploit Title: Seo Panel 4.8.0 - 'searchname' Reflected XSS Date: 21-03-2021 Exploit Author: Piyush Patil Vendor Homepage: https://www.seopanel.org/ Software Link: https://github.com/seopanel/Seo-Panel/releases/tag/4.8.0 Version: Seo Panel 4.8.0 Tested on: Windows 10 and Kali CVE : CVE-2021-28417...
Apache Airflow 1.10.10 - 'Example Dag' Remote Code Execution
Exploit Title: Apache Airflow 1.10.10 - 'Example Dag' Remote Code Execution Date: 2021-06-02 Exploit Author: Pepe Berba Vendor Homepage: https://airflow.apache.org/ Software Link: https://airflow.apache.org/docs/apache-airflow/stable/installation.html Version: = 1.10.10 Tested on: Docker...
Intel(R) Audio Service x64 01.00.1080.0 - 'IntelAudioService' Unquoted Service Path
Exploit Title: IntelR Audio Service x64 01.00.1080.0 - 'IntelAudioService' Unquoted Service Path Date: 06-01-2021 Exploit Author: Geovanni Ruiz Vendor Homepage: https://www.intel.com Software Version: 01.00.1080.0 File Version: 1.00.1080.0 Tested on: Microsoft® Windows 10 Home Single Language...
Products.PluggableAuthService 2.6.0 - Open Redirect
Exploit Title: Products.PluggableAuthService 2.6.0 - Open Redirect Exploit Author: Piyush Patil Affected Component: Pluggable Zope authentication/authorization framework Component Link: https://pypi.org/project/Products.PluggableAuthService/ Version: =2.6.1"...
GetSimple CMS 3.3.4 - Information Disclosure
Exploit Title: GetSimple CMS 3.3.4 - Information Disclosure Date 01.06.2021 Exploit Author: Ron Jost Hacker5preme Vendor Homepage: http://get-simple.info/ Software Link: https://github.com/GetSimpleCMS/GetSimpleCMS/archive/refs/tags/v3.3.4.zip Version: 3.3.4 CVE: CVE-2014-8722 Documentation:...
Ubee EVW327 - 'Enable Remote Access' Cross-Site Request Forgery (CSRF)
Exploit Title: Ubee EVW327 - 'Enable Remote Access' Cross-Site Request Forgery CSRF Date: 2021-05-30 Exploit Author: lated Vendor Homepage: https://www.ubeeinteractive.com Version: EVW327 document.forms0.submit;...
Atlassian Jira 8.15.0 - Information Disclosure (Username Enumeration)
Exploit Title: Atlassian Jira 8.15.0 - Information Disclosure Username Enumeration Date: 31/05/2021 Exploit Author: Mohammed Aloraimi Vendor Homepage: https://www.atlassian.com/ Software Link: https://www.atlassian.com/software/jira Vulnerable versions: version 8.11.x to 8.15.0 Tested on: Kali...
LogonTracer 1.2.0 - Remote Code Execution (Unauthenticated)
Exploit Title: LogonTracer 1.2.0 - Remote Code Execution Unauthenticated Date: 29/05/2021 Exploit Author: g0ldm45k Vendor Homepage: https://www.jpcert.or.jp/ Software Link: https://github.com/JPCERTCC/LogonTracer/releases/tag/v1.2.0 Version: 1.2.0 and earlier Tested on: Version 1.2.0 on Debian...
CHIYU TCP/IP Converter devices - CRLF injection
Exploit Title: CHIYU TCP/IP Converter devices - CRLF injection Date: May 31 2021 Exploit Author: sirpedrotavares Vendor Homepage: https://www.chiyu-tech.com/msg/msg88.html Software Link: https://www.chiyu-tech.com/category-hardware.html Version: BF-430, BF-431, and BF-450M TCP/IP Converter device...
ProjeQtOr Project Management 9.1.4 - Remote Code Execution
Exploit Title: ProjeQtOr Project Management 9.1.4 - Remote Code Execution Date: 29.05.2021 Exploit Author: Temel Demir Vendor Homepage: https://www.projeqtor.org Software Link: https://sourceforge.net/projects/projectorria/files/projeqtorV9.1.4.zip Version: v9.1.4 Tested on: Laragon @WIN10...
DupTerminator 1.4.5639.37199 - Denial of Service (PoC)
Exploit Title: DupTerminator 1.4.5639.37199 - Denial of Service PoC Date: 2021-05-28 Author: Brian Rodríguez Software Site: https://sourceforge.net/projects/dupterminator/ Version: 1.4.5639.37199 Category: DoS Windows Vulnerability DupTerminator is vulnerable to a DoS condition when a long list o...
WordPress Plugin WP Prayer version 1.6.1 - 'prayer_messages' Stored Cross-Site Scripting (XSS) (Authenticated)
Exploit Title: WordPress Plugin WP Prayer version 1.6.1 - 'prayermessages' Stored Cross-Site Scripting XSS Authenticated Date: 2021-05-31 Exploit Author: Bastijn Ouwendijk Vendor Homepage: http://goprayer.com/ Software Link: https://wordpress.org/plugins/wp-prayer/ Version: 1.6.1 and earlier Test...
CHIYU IoT devices - 'Multiple' Cross-Site Scripting (XSS)
Exploit Title: CHIYU IoT devices - 'Multiple' Cross-Site Scripting XSS Date: May 31 2021 Exploit Author: sirpedrotavares Vendor Homepage: https://www.chiyu-tech.com/msg/msg88.html Software Link: https://www.chiyu-tech.com/category-hardware.html Version: BF-430, BF-431, BF-450M, BF-630, BF631-W,...
Veyon 4.4.1 - 'VeyonService' Unquoted Service Path
Exploit Title: Veyon 4.4.1 - 'VeyonService' Unquoted Service Path Discovery by: Víctor García Discovery Date: 2020-03-23 Vendor Homepage: https://veyon.io/ Software Link: https://github.com/veyon/veyon/releases/download/v4.4.1/veyon-4.4.1.0-win64-setup.exe Tested Version: 4.4.1 Vulnerability Type...
WordPress Plugin LifterLMS 4.21.0 - Stored Cross-Site Scripting (XSS)
Exploit Title: WordPress Plugin LifterLMS 4.21.0 - Stored Cross-Site Scripting XSS Date: 2021-05-10 Exploit Author: Captainhook Vendor Homepage: https://lifterlms.com/ Software Link: https://github.com/gocodebox/lifterlms/releases/tag/4.21.0 Version: LifterLMS alert/XSS/ 3- The XSS will be stored...
Trixbox 2.8.0.4 - 'lang' Remote Code Execution (Unauthenticated)
Exploit Title: Trixbox 2.8.0.4 - 'lang' Remote Code Execution Unauthenticated Date: 27.05.2021 Exploit Author: Ron Jost Hacker5preme Credits to: https://secur1tyadvisory.wordpress.com/2018/02/11/trixbox-os-command-injection-vulnerability-cve-2017-14535/ Credits to: Sachin Wagh Vendor Homepage:...
PHPFusion 9.03.50 - Remote Code Execution
Exploit Title: PHPFusion 9.03.50 - Remote Code Execution Date: 20/05/2021 Exploit Author: g0ldm45k Vendor Homepage: https://www.php-fusion.co.uk/home.php Software Link: https://www.php-fusion.co.uk/infusions/downloads/downloads.php?catid=30&downloadid=606 Version: 9.03.50 Tested on: Docker + Debi...
Trixbox 2.8.0.4 - 'lang' Path Traversal
Exploit Title: Trixbox 2.8.0.4 - 'lang' Path Traversal Date: 27.05.2021 Exploit Author: Ron Jost Hacker5preme Credits to: https://secur1tyadvisory.wordpress.com/2018/02/13/trixbox-multiple-path-traversal-vulnerabilities-cve-2017-14537/ Credits to: Sachin Wagh Vendor Homepage:...
Selenium 3.141.59 - Remote Code Execution (Firefox/geckodriver)
Exploit Title: Selenium 3.141.59 - Remote Code Execution Firefox/geckodriver Date: 2021-05-27 Exploit Author: Jon Stratton Vendor Homepage: https://www.selenium.dev/ Software Link: https://selenium-release.storage.googleapis.com/3.141/selenium-server-standalone-3.141.59.jar Version: 3.141.59 Test...
Postbird 0.8.4 - Javascript Injection
Exploit Title: Postbird 0.8.4 - Javascript Injection Date: 26 May 2021 Exploit Author: Debshubra Chakraborty Vendor Homepage: https://github.com/paxa/postbird Software Link: https://www.electronjs.org/apps/postbird Version: 0.8.4 Tested on: Linux CVE : CVE-2021-33570 """ XSS Payload LFI Payload...
ProFTPd 1.3.5 - 'mod_copy' Remote Command Execution (2)
Exploit Title: ProFTPd 1.3.5 - 'modcopy' Remote Command Execution 2 Date: 25/05/2021 Exploit Author: Shellbr3ak Version: 1.3.5 Tested on: Ubuntu 16.04.6 LTS CVE : CVE-2015-3306 !/usr/bin/env python3 import sys import socket import requests def exploitclient, target: client.connecttarget,21...
Codiad 2.8.4 - Remote Code Execution (Authenticated) (3)
Exploit Title: Codiad 2.8.4 - Remote Code Execution Authenticated 3 Date: 24.05.2021 Exploit Author: Ron Jost Hacker5preme Vendor Homepage: http://codiad.com/ Software Link: https://github.com/Codiad/Codiad/releases/tag/v.2.8.4 Version: 2.8.4 Tested on Xubuntu 20.04 CVE: CVE-2018-19423 '''...
RarmaRadio 2.72.8 - Denial of Service (PoC)
Exploit Title: RarmaRadio 2.72.8 - Denial of Service PoC Date: 2021-05-25 Exploit Author: Ismael Nava Vendor Homepage: http://www.raimersoft.com/ Software Link: http://raimersoft.com/downloads/rarmaradiosetup.exe Version: 2.75.8 Tested on: Windows 10 Home x64 STEPS Open the program RarmaRadio Cli...
Pluck CMS 4.7.13 - File Upload Remote Code Execution (Authenticated)
Exploit Title: Pluck CMS 4.7.13 - File Upload Remote Code Execution Authenticated Date: 25.05.2021 Exploit Author: Ron Jost Hacker5preme Vendor Homepage: https://github.com/pluck-cms/pluck Software Link: https://github.com/pluck-cms/pluck/releases/tag/4.7.13 Version: 4.7.13 Tested on Xubuntu 20.0...
WordPress Plugin Cookie Law Bar 1.2.1 - 'clb_bar_msg' Stored Cross-Site Scripting (XSS)
Exploit Title: WordPress Plugin Cookie Law Bar 1.2.1 - 'clbbarmsg' Stored Cross-Site Scripting XSS Date: 2021-05-24 Exploit Author: Mesut Cetin Vendor Homepage: https://www.cookielawinfo.com/wordpress-plugin/ Software Link: https://wordpress.org/plugins/cookie-law-bar/ Version: 1.2.1 Tested on:...
Gadget Works Online Ordering System 1.0 - 'Category' Persistent Cross-Site Scripting (XSS)
Exploit Title: Gadget Works Online Ordering System 1.0 - 'Category' Persistent Cross-Site Scripting XSS Date: 24-05-2021 Exploit Author: Vinay H C Vendor Homepage: https://www.sourcecodester.com/ Software Link:...
WordPress Plugin ReDi Restaurant Reservation 21.0307 - 'Comment' Stored Cross-Site Scripting (XSS)
Exploit Title: WordPress Plugin ReDi Restaurant Reservation 21.0307 - 'Comment' Stored Cross-Site Scripting XSS Date: 2021-05-10 Exploit Author: Bastijn Ouwendijk Vendor Homepage: https://reservationdiary.eu/ Software Link: https://wordpress.org/plugins/redi-restaurant-reservation/ Version: 21.03...
Codiad 2.8.4 - Remote Code Execution (Authenticated) (2)
Exploit Title: Codiad 2.8.4 - Remote Code Execution Authenticated 2 Date: 21.05.2021 Exploit Author: Ron Jost Hacker5preme Credits to: https://herolab.usd.de/security-advisories/usd-2019-0049/ Tobias Neitzel Vendor Homepage: http://codiad.com/ Software Link:...
ePowerSvc 6.0.3008.0 - 'ePowerSvc.exe' Unquoted Service Path
Exploit Title: ePowerSvc 6.0.3008.0 - 'ePowerSvc.exe' Unquoted Service Path Discovery by: Emmanuel Lujan Discovery Date: 2021-05-22 Vendor Homepage: https://www.acer.com Tested Version: 6.0.3008.0 Vulnerability Type: Unquoted Service Path Tested on OS: Windows 7 Home Premium x64 Step to discover...
iDailyDiary 4.30 - Denial of Service (PoC)
Exploit Title: iDailyDiary 4.30 - Denial of Service PoC Date: 2021-05-21 Exploit Author: Ismael Nava Vendor Homepage: https://www.splinterware.com/index.html Software Link: https://www.splinterware.com/download/iddfree.exe Version: 4.30 Tested on: Windows 10 Home x64 STEPS Open the program...
Shopizer 2.16.0 - 'Multiple' Cross-Site Scripting (XSS)
Exploit Title: Shopizer 2.16.0 - 'Multiple' Cross-Site Scripting XSS Date: 23-05-2021 Exploit Author: Marek Toth Vendor Homepage: https://www.shopizer.com Software Link: https://github.com/shopizer-ecommerce/shopizer Version: alert1 and save it 4. Open "Customers" - XSS payload will trigger Excep...