47884 matches found
DiskBoss Service 12.2.18 - 'diskbsa.exe' Unquoted Service Path
Exploit Title: DiskBoss Service 12.2.18 - 'diskbsa.exe' Unquoted Service Path Discovery by: Erick Galindo Discovery Date: 2021-05-21 Vendor Homepage: https://www.diskboss.com Software : https://www.diskboss.com/setupsx64/diskbosssetupv12.2.18x64.exe Tested Version: 12.2.18 Vulnerability Type:...
Schlix CMS 2.2.6-6 - Arbitary File Upload (Authenticated)
Exploit Title: Schlix CMS 2.2.6-6 - Arbitary File Upload And Directory Traversal Leads To RCE Authenticated Date: 21.05.2021 Exploit Author: Emir Polat Vendor Homepage: https://www.schlix.com/ Software Link: https://www.schlix.com/html/schlix-cms-downloads.html Version: 2.2.6-6 Tested On: Ubuntu...
Microsoft Exchange 2019 - Unauthenticated Email Download (Metasploit)
Exploit Title: Microsoft Exchange 2019 - Unauthenticated Email Download Metasploit Date: 2021-03-02 Exploit Author: RAMELLA Sébastien Vendor Homepage: https://microsoft.com Version: This vulnerability affects Exchange 2013 Versions 'Microsoft Exchange ProxyLogon Collector', 'Description' = %q Thi...
WordPress Plugin WP Statistics 13.0.7 - Time-Based Blind SQL Injection (Unauthenticated)
Exploit Title: WordPress Plugin WP Statistics 13.0.7 - Time-Based Blind SQL Injection Unauthenticated Date: 20/05/2021 Exploit Author: Mansoor R @time4ster CVSS Score: 7.5 High CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Version Affected: 13.0 to 13.0.7 Vendor URL:...
Mozilla Firefox 88.0.1 - File Extension Execution of Arbitrary Code
Exploit Title: Mozilla Firefox 88.0.1 - File Extension Execution of Arbitrary Code Date: 20/05/2021 Exploit Authors: Carlo Di Dato and Michael Caruso from BestEffort Team https://besteffortteam.it Vendor Homepage: https://www.mozilla.org Version: = 88.0.1 Tested on: Windows XP Professional SP3...
Spotweb 1.4.9 - DOM Based Cross-Site Scripting (XSS)
Exploit Title: Spotweb 1.4.9 - DOM Based Cross-Site Scripting XSS Exploit Author: @nu11secur1ty Date: 05.20.2021 Software Link: https://github.com/spotweb/spotweb Proof: https://streamable.com/hix5o1 + Exploit Source: !/usr/bin/python3 Author: @nu11secur1ty from selenium import webdriver import...
DELL dbutil_2_3.sys 2.3 - Arbitrary Write to Local Privilege Escalation (LPE)
Exploit Title: DELL dbutil23.sys 2.3 - Arbitrary Write to Local Privilege Escalation LPE Date: 10/05/2021 Exploit Author: Paolo Stagno aka VoidSec Version: include include include include define IOCTLCODE 0x9B0C1EC8 // IOCTLCODE value, used to reach the vulnerable function taken from IDA define...
Solaris SunSSH 11.0 x86 - libpam Remote Root (2)
Exploit Title: Solaris SunSSH 11.0 x86 - libpam Remote Root 2 Original Exploit Author: Hacker Fantastic Metasploit Module Author: wvu Vendor Homepage: https://www.oracle.com/solaris/technologies/solaris10-overview.html Version: 10 Tested on: SunOS solaris 10 CVE: CVE-2020-14871 Ported By: legend...
Backup Manager Module 3.0.0.99 - 'IScheduleSvc.exe' Unquoted Service Path
Exploit Title: Acer Backup Manager Module 3.0.0.99 - 'IScheduleSvc.exe' Unquoted Service Path Discovery by: Emmanuel Lujan Discovery Date: 2021-05-19 Vendor Homepage: https://www.acer.com/ac/en/US/content/home Tested Version: 3.0.0.99 Vulnerability Type: Unquoted Service Path Tested on OS: Window...
Acer Updater Service 1.2.3500.0 - 'UpdaterService.exe' Unquoted Service Path
Exploit Title: Acer Updater Service 1.2.3500.0 - 'UpdaterService.exe' Unquoted Service Path Discovery by: Emmanuel Lujan Discovery Date: 2020-11-26 Vendor Homepage: https://www.acer.com/ac/en/US/content/home Tested Version: 1.2.3500.0 Vulnerability Type: Unquoted Service Path Tested on OS: Window...
ASUS HID Access Service 1.0.94.0 - 'AsHidSrv.exe' Unquoted Service Path
Exploit Title: ASUS HID Access Service 1.0.94.0 - 'AsHidSrv.exe' Unquoted Service Path Date: 2020-05-19 Exploit Author: Alejandra Sánchez Vendor Homepage: www.asus.com Version: 1.0.94.0 Tested on: Windows 10 Pro x64 es Description: ATK Hotkey 1.0.94.0 suffers from an unquoted search path issue...
ManageEngine ADSelfService Plus 6.1 - CSV Injection
Exploit Title: ManageEngine ADSelfService Plus 6.1 - CSV Injection Date: 19/05/2021 Exploit Author: Metin Yunus Kandemir Vendor Homepage: https://www.manageengine.com/ Software Link: https://www.manageengine.com/products/self-service-password/download.html Version: 6.1 Description:...
WebSSH for iOS 14.16.10 - 'mashREPL' Denial of Service (PoC)
Exploit Title: WebSSH for iOS 14.16.10 - 'mashREPL' Denial of Service PoC Author: Luis Martinez Discovery Date: 2021-05-18 Vendor Homepage: https://apps.apple.com/mx/app/webssh-ssh-client/id497714887 Software Link: App Store for iOS devices Tested Version: 14.16.10 Vulnerability Type: Denial of...
Visual Studio Code 1.47.1 - Denial of Service (PoC)
Exploit Tittle: Visual Studio Code 1.47.1 - Denial of Service Poc Exploit Author: H.H.A.Ravindu Priyankara Category: Denial of ServiceDOS Tested Version:1.47.1 Vendor: Microsoft Software Download Link:https://code.visualstudio.com/updates/ Write-Host "...
WordPress Plugin Stop Spammers 2021.8 - 'log' Reflected Cross-site Scripting (XSS)
Exploit Title: WordPress Plugin Stop Spammers 2021.8 - 'log' Reflected Cross-site Scripting XSS Date: 04/08/2021 Exploit Author: Hosein Vita Vendor Homepage: https://wordpress.org/plugins/stop-spammer-registrations-plugin/ Software Link:...
COVID19 Testing Management System 1.0 - SQL Injection (Auth Bypass)
Exploit Title: COVID19 Testing Management System 1.0 - SQL Injection Auth Bypass Date: 19/05/2021 Exploit Author: Rohit Burke Vendor Homepage: https://phpgurukul.com Software Link: https://phpgurukul.com/covid19-testing-management-system-using-php-and-mysql/ Version: 1.0 Tested on: Windows 10 SQL...
COVID19 Testing Management System 1.0 - 'Admin name' Cross-Site Scripting (XSS)
Exploit Title: COVID19 Testing Management System 1.0 - 'Admin name' Cross-Site Scripting XSS Date: 19/05/2021 Exploit Author: Rohit Burke Vendor Homepage: https://phpgurukul.com Software Link: https://phpgurukul.com/covid19-testing-management-system-using-php-and-mysql/ Version: 1.0 Tested on:...
In4Suit ERP 3.2.74.1370 - 'txtLoginId' SQL injection
Exploit Title: In4Suit ERP 3.2.74.1370 - 'txtLoginId' SQL injection Date: 18/05/2021 Exploit Author: Gulab Mondal Vendor Homepage: https://www.in4velocity.com/in4suite-erp.html Version: In4Suite ERP 3.2.74.1370 Tested on: Windows CVE: CVE-2021-27828 ----------------------------------------- SQL...
Microsoft Exchange 2019 - Unauthenticated Email Download
Exploit Title: Microsoft Exchange 2019 - Unauthenticated Email Download Date: 03-11-2021 Exploit Author: Gonzalo Villegas a.k.a Cl34r Vendor Homepage: https://www.microsoft.com/ Version: OWA Exchange 2013 - 2019 Tested on: OWA 2016 CVE : CVE-2021-26855 Details: checking users mailboxes and...
EgavilanMedia PHPCRUD 1.0 - 'First Name' SQL Injection
Exploit Title: EgavilanMedia PHPCRUD 1.0 - 'First Name' SQL Injection Date: 5/17/2021 Exploit Author: Dimitrios Mitakos Vendor Homepage: https://egavilanmedia.com Software Link: https://egavilanmedia.com/crud-operation-with-php-mysql-bootstrap-and-dompdf/ Version: 1.0 Tested on: Debian GNU/Linux ...
Billing Management System 2.0 - Union based SQL injection (Authenticated)
Exploit Title: Billing Management System 2.0 - Union based SQL injection Authenticated Date: 2021-05-16 Exploit Author: Mohammad Koochaki Vendor Homepage: https://www.sourcecodester.com/php/14380/billing-management-system-php-mysql-updated.html Software Link:...
Dental Clinic Appointment Reservation System 1.0 - 'Firstname' Persistent Cross Site Scripting (Authenticated)
Exploit Title: Dental Clinic Appointment Reservation System 1.0 - 'Firstname' Persistent Cross Site Scripting Authenticated Date: 14-05-2021 Exploit Author: Reza Afsahi Vendor Homepage: https://www.sourcecodester.com/php/6848/appointment-reservation-system.html Software Link:...
IPFire 2.25 - Remote Code Execution (Authenticated)
Exploit Title: IPFire 2.25 - Remote Code Execution Authenticated Date: 15/05/2021 Exploit Author: Mücahit Saratar Vendor Homepage: https://www.ipfire.org/ Software Link: https://downloads.ipfire.org/releases/ipfire-2.x/2.25-core156/ipfire-2.25.x8664-full-core156.iso Version: 2.25 - core update 15...
Microsoft Internet Explorer 8 - 'SetMouseCapture ' Use After Free
Exploit Title: Microsoft Internet Explorer 8 - 'SetMouseCapture ' Use After Free Date: 15/05/2021 CVE : CVE-2013-3893 PoC: https://github.com/travelworld/cve20133893trigger.html/blob/gh-pages/params.json Exploit Author: SlidingWindow Vendor Advisory:...
Subrion CMS 4.2.1 - Arbitrary File Upload
Exploit Title: Subrion CMS 4.2.1 - File Upload Bypass to RCE Authenticated Date: 17/05/2021 Exploit Author: Fellipe Oliveira Vendor Homepage: https://subrion.org/ Software Link: https://github.com/intelliants/subrion Version: SubrionCMS 4.2.1 Tested on: Debian9, Debian 10 and Ubuntu 16.04 CVE:...
Customer Relationship Management (CRM) System 1.0 - 'Category' Persistent Cross site Scripting
Exploit Title: Customer Relationship Management CRM System 1.0 - 'Category' Persistent Cross site Scripting Date: 14-05-2021 Exploit Author: Vani K G Vendor Homepage: https://www.sourcecodester.com/ Software Link:...
Simple Chatbot Application 1.0 - 'Category' Stored Cross site Scripting
Exploit Title: Simple Chatbot Application 1.0 - 'Category' Stored Cross site Scripting Date: 16-05-2021 Exploit Author: Vani K G Vendor Homepage: https://www.sourcecodester.com/ Software Link: https://www.sourcecodester.com/php/14788/simple-chatbot-application-using-php-source-code.html Version:...
Printable Staff ID Card Creator System 1.0 - 'email' SQL Injection
Exploit Title: Printable Staff ID Card Creator System 1.0 - SQLi & RCE via Arbitrary File Upload Date: 2021-05-16 Exploit Author : bwnz Software Link: https://www.sourcecodester.com/php/12802/php-staff-id-card-creation-and-printing-system.html Version: 1.0 Tested on: Ubuntu 20.04.2 LTS Printable...
Advanced Guestbook 2.4.4 - 'Smilies' Persistent Cross-Site Scripting (XSS)
Exploit Title: Advanced Guestbook 2.4.4 - 'Smilies' Persistent Cross-Site Scripting XSS Date: 17/08/2021 Exploit Author: Abdulkadir AYDOGAN Vendor Homepage: https://www.ampps.com/apps/guestbooks/AdvancedGuestbook Software Link: https://www.ampps.com/apps/guestbooks/AdvancedGuestbook Version: 2.4....
Dental Clinic Appointment Reservation System 1.0 - Cross Site Request Forgery (Add Admin)
Exploit Title: Dental Clinic Appointment Reservation System 1.0 - Cross Site Request Forgery Add Admin Date: 15-05-2021 Exploit Author: Reza Afsahi Vendor Homepage: https://www.sourcecodester.com/php/6848/appointment-reservation-system.html Software Link:...
Student Management System 1.0 - 'message' Persistent Cross-Site Scripting (Authenticated)
Exploit Title: Student Management System 1.0 - 'message' Persistent Cross-Site Scripting Authenticated Date: 2021-05-13 Exploit Author: mohsen khashei kh4sh3i or [email protected] Vendor Homepage: https://github.com/amirhamza05/Student-Management-System Software Link:...
Podcast Generator 3.1 - 'Long Description' Persistent Cross-Site Scripting (XSS)
Exploit Title: Podcast Generator 3.1 - 'Long Description' Persistent Cross-Site Scripting XSS Date: 13/05/2021 Exploit Author: Ayşenur KARAASLAN Vendor Homepage: https://podcastgenerator.net/demoV2/ Software Link: https://podcastgenerator.net/download and...
Chamilo LMS 1.11.14 - Remote Code Execution (Authenticated)
Exploit Title: Chamilo LMS 1.11.14 - Remote Code Execution Authenticated Date: 13/05/2021 Exploit Author: M. Cory Billington @th3y Vendor Homepage: https://chamilo.org Software Link: https://github.com/chamilo/chamilo-lms Version: 1.11.14 Tested on: Ubuntu 20.04.2 LTS CVE: CVE-2021-31933 Writeup:...
ZeroShell 3.9.0 - Remote Command Execution
Exploit Title: ZeroShell 3.9.0 - Remote Command Execution Date: 10/05/2021 Exploit Author: Fellipe Oliveira Vendor Homepage: https://zeroshell.org/ Software Link: https://zeroshell.org/download/ Version: 3.9.0 Tested on: ZeroShell 3.9.0 CVE : CVE-2019-12725 !/usr/bin/python3 import requests impor...
Dental Clinic Appointment Reservation System 1.0 - 'date' UNION based SQL Injection (Authenticated)
Exploit Title: Dental Clinic Appointment Reservation System 1.0 - 'date' UNION based SQL Injection Authenticated Date: 12.05.2021 Exploit Author: Mesut Cetin Vendor Homepage: https://www.sourcecodester.com/php/6848/appointment-reservation-system.html Software Link:...
Firefox 72 IonMonkey - JIT Type Confusion
Exploit Title: Firefox 72 IonMonkey - JIT Type Confusion Date: 2021-05-10 Exploit Author: deadlock Forrest Orr Vendor Homepage: https://www.mozilla.org/en-US/ Software Link: https://www.mozilla.org/en-US/firefox/new/ Versions: Firefox | | /| \ | |\ / / \ | | / | | / / / / |/ | /|/ \ / / || /||...
Microsoft Internet Explorer 11 and WPAD service 'Jscript.dll' - Use-After-Free
Exploit Title: Microsoft Internet Explorer 8/11 and WPAD service 'Jscript.dll' - Use-After-Free Date: 2021-05-04 Exploit Author: deadlock Forrest Orr Vendor Homepage: https://www.microsoft.com/ Software Link: https://www.microsoft.com/en-gb/download/internet-explorer.aspx Versions: IE 8-11 64-bit...
Dental Clinic Appointment Reservation System 1.0 - Authentication Bypass (SQLi)
Exploit Title: Dental Clinic Appointment Reservation System 1.0 - Authentication Bypass SQLi Date: 12.05.2021 Exploit Author: Mesut Cetin Vendor Homepage: https://www.sourcecodester.com/php/6848/appointment-reservation-system.html Software Link:...
Splinterware System Scheduler Professional 5.30 - Unquoted Service Path
Exploit Title: Splinterware System Scheduler Professional 5.30 - Unquoted Service Path Date: 2021-05-11 Exploit Author: Andrea Intilangelo Vendor Homepage: https://www.splinterware.com Software Link: https://www.splinterware.com/download/ssproeval.exe Version: 5.30 Professional Tested on: Windows...
Chevereto 3.17.1 - Cross Site Scripting (Stored)
Exploit Title: Chevereto 3.17.1 - Cross Site Scripting Stored Google Dork: "powered by chevereto" Date: 19.04.2021 Exploit Author: Akıner Kısa Vendor Homepage: https://chevereto.com/ Software Link: https://chevereto.com/releases Version: 3.17.1 Tested on: Windows 10 / Xampp Proof of Concept: 1...
Odoo 12.0.20190101 - 'nssm.exe' Unquoted Service Path
Exploit Title: Odoo 12.0.20190101 - 'nssm.exe' Unquoted Service Path Exploit Author: 1F98D Vendor Homepage: https://www.odoo.com/ Software Link: https://nightly.odoo.com/12.0/nightly/windows/odoo12.0.20190101.exe Tested Version: 12.0.20190101 Tested on OS: Windows Step to discover Unquoted Servic...
Microweber CMS 1.1.20 - Remote Code Execution (Authenticated)
Exploit Title: Microweber CMS 1.1.20 - Remote Code Execution Authenticated Date: 2020-10-31 Exploit Author: sl1nki Vendor Homepage: https://microweber.org/ Software Link: https://github.com/microweber/microweber/tree/1.1.20 Version: " . shellexec$REQUEST"fexec" . ""; ?' Notes: SSL verification is...
TFTP Broadband 4.3.0.1465 - 'tftpt.exe' Unquoted Service Path
Exploit Title: TFTP Broadband 4.3.0.1465 - 'tftpt.exe' Unquoted Service Path Discovery by: Erick Galindo Discovery Date: 2020-05-07 Vendor Homepage: https://www.weird-solutions.com Software : https://www.weird-solutions.com/download/products/tftpbbv4retailx64.exe Tested Version: 4.3.0.1465...
DHCP Broadband 4.1.0.1503 - 'dhcpt.exe' Unquoted Service Path
Exploit Title: DHCP Broadband 4.1.0.1503 - 'dhcpt.exe' Unquoted Service Path Discovery by: Erick Galindo Discovery Date: 2020-05-07 Vendor Homepage: https://www.weird-solutions.com Software : https://www.weird-solutions.com/download/products/dhcpbbv4retailx64.exe Tested Version: 4.1.0.1503...
Human Resource Information System 0.1 - 'First Name' Persistent Cross-Site Scripting (Authenticated)
Exploit Title: Human Resource Information System 0.1 - 'First Name' Persistent Cross-Site Scripting Authenticated Date: 04-05-2021 Exploit Author: Reza Afsahi Vendor Homepage: https://www.sourcecodester.com Software Link:...
PHP Timeclock 1.04 - 'Multiple' Cross Site Scripting (XSS)
Exploit Title: PHP Timeclock 1.04 - 'Multiple' Cross Site Scripting XSS Date: May 3rd 2021 Exploit Author: Tyler Butler Vendor Homepage: http://timeclock.sourceforge.net Software Link: https://sourceforge.net/projects/timeclock/files/PHP%20Timeclock/PHP%20Timeclock%201.04/ Version: 1.04 Tested on...
BOOTP Turbo 2.0.0.1253 - 'bootpt.exe' Unquoted Service Path
Exploit Title: BOOTP Turbo 2.0.0.1253 - 'bootpt.exe' Unquoted Service Path Discovery by: Erick Galindo Discovery Date: 2020-05-07 Vendor Homepage: https://www.weird-solutions.com Software : https://www.weird-solutions.com/download/products/bootptdemox64.exe Tested Version: 2.0.0.1253 Vulnerabilit...
Epic Games Rocket League 1.95 - Stack Buffer Overrun
Exploit Title: Epic Games Rocket League 1.95 - Stack Buffer Overrun Date: 25.04.2021 Exploit Author: LiquidWorm Vendor Homepage: https://www.epicgames.com https://www.rocketleague.com Epic Games Rocket League 1.95 AK::MemoryMgr::GetPoolName Stack Buffer Overrun Vendor: Epic Games Inc. | Psyonix,...
Sandboxie 5.49.7 - Denial of Service (PoC)
Exploit Title: Sandboxie 5.49.7 - Denial of Service PoC Date: 06/05/2021 Author: Erick Galindo Vendor Homepage: https://sandboxie-plus.com/ Software https://github.com/sandboxie-plus/Sandboxie/releases/download/0.7.4/Sandboxie-Classic-x64-v5.49.7.exe Version: 5.49.7 Tested on: Windows 10 Pro x64 ...
WifiHotSpot 1.0.0.0 - 'WifiHotSpotService.exe' Unquoted Service Path
Exploit Title: WifiHotSpot 1.0.0.0 - 'WifiHotSpotService.exe' Unquoted Service Path Discovery by: Erick Galindo Discovery Date: 2020-05-06 Vendor Homepage: https://www.gearboxcomputers.com/downloads/wifihotspot.exe Tested Version: 1.0.0.0 Vulnerability Type: Unquoted Service Path Tested on OS:...