47904 matches found
Chamilo LMS 1.11.14 - Remote Code Execution (Authenticated)
Exploit Title: Chamilo LMS 1.11.14 - Remote Code Execution Authenticated Date: 13/05/2021 Exploit Author: M. Cory Billington @th3y Vendor Homepage: https://chamilo.org Software Link: https://github.com/chamilo/chamilo-lms Version: 1.11.14 Tested on: Ubuntu 20.04.2 LTS CVE: CVE-2021-31933 Writeup:...
Podcast Generator 3.1 - 'Long Description' Persistent Cross-Site Scripting (XSS)
Exploit Title: Podcast Generator 3.1 - 'Long Description' Persistent Cross-Site Scripting XSS Date: 13/05/2021 Exploit Author: AyÅŸenur KARAASLAN Vendor Homepage: https://podcastgenerator.net/demoV2/ Software Link: https://podcastgenerator.net/download and...
Student Management System 1.0 - 'message' Persistent Cross-Site Scripting (Authenticated)
Exploit Title: Student Management System 1.0 - 'message' Persistent Cross-Site Scripting Authenticated Date: 2021-05-13 Exploit Author: mohsen khashei kh4sh3i or [email protected] Vendor Homepage: https://github.com/amirhamza05/Student-Management-System Software Link:...
Dental Clinic Appointment Reservation System 1.0 - 'date' UNION based SQL Injection (Authenticated)
Exploit Title: Dental Clinic Appointment Reservation System 1.0 - 'date' UNION based SQL Injection Authenticated Date: 12.05.2021 Exploit Author: Mesut Cetin Vendor Homepage: https://www.sourcecodester.com/php/6848/appointment-reservation-system.html Software Link:...
Dental Clinic Appointment Reservation System 1.0 - Authentication Bypass (SQLi)
Exploit Title: Dental Clinic Appointment Reservation System 1.0 - Authentication Bypass SQLi Date: 12.05.2021 Exploit Author: Mesut Cetin Vendor Homepage: https://www.sourcecodester.com/php/6848/appointment-reservation-system.html Software Link:...
Firefox 72 IonMonkey - JIT Type Confusion
Exploit Title: Firefox 72 IonMonkey - JIT Type Confusion Date: 2021-05-10 Exploit Author: deadlock Forrest Orr Vendor Homepage: https://www.mozilla.org/en-US/ Software Link: https://www.mozilla.org/en-US/firefox/new/ Versions: Firefox | | /| \ | |\ / / \ | | / | | / / / / |/ | /|/ \ / / || /||...
Microsoft Internet Explorer 11 and WPAD service 'Jscript.dll' - Use-After-Free
Exploit Title: Microsoft Internet Explorer 8/11 and WPAD service 'Jscript.dll' - Use-After-Free Date: 2021-05-04 Exploit Author: deadlock Forrest Orr Vendor Homepage: https://www.microsoft.com/ Software Link: https://www.microsoft.com/en-gb/download/internet-explorer.aspx Versions: IE 8-11 64-bit...
ZeroShell 3.9.0 - Remote Command Execution
Exploit Title: ZeroShell 3.9.0 - Remote Command Execution Date: 10/05/2021 Exploit Author: Fellipe Oliveira Vendor Homepage: https://zeroshell.org/ Software Link: https://zeroshell.org/download/ Version: 3.9.0 Tested on: ZeroShell 3.9.0 CVE : CVE-2019-12725 !/usr/bin/python3 import requests impor...
Splinterware System Scheduler Professional 5.30 - Unquoted Service Path
Exploit Title: Splinterware System Scheduler Professional 5.30 - Unquoted Service Path Date: 2021-05-11 Exploit Author: Andrea Intilangelo Vendor Homepage: https://www.splinterware.com Software Link: https://www.splinterware.com/download/ssproeval.exe Version: 5.30 Professional Tested on: Windows...
Chevereto 3.17.1 - Cross Site Scripting (Stored)
Exploit Title: Chevereto 3.17.1 - Cross Site Scripting Stored Google Dork: "powered by chevereto" Date: 19.04.2021 Exploit Author: Akıner Kısa Vendor Homepage: https://chevereto.com/ Software Link: https://chevereto.com/releases Version: 3.17.1 Tested on: Windows 10 / Xampp Proof of Concept: 1...
Odoo 12.0.20190101 - 'nssm.exe' Unquoted Service Path
Exploit Title: Odoo 12.0.20190101 - 'nssm.exe' Unquoted Service Path Exploit Author: 1F98D Vendor Homepage: https://www.odoo.com/ Software Link: https://nightly.odoo.com/12.0/nightly/windows/odoo12.0.20190101.exe Tested Version: 12.0.20190101 Tested on OS: Windows Step to discover Unquoted Servic...
DHCP Broadband 4.1.0.1503 - 'dhcpt.exe' Unquoted Service Path
Exploit Title: DHCP Broadband 4.1.0.1503 - 'dhcpt.exe' Unquoted Service Path Discovery by: Erick Galindo Discovery Date: 2020-05-07 Vendor Homepage: https://www.weird-solutions.com Software : https://www.weird-solutions.com/download/products/dhcpbbv4retailx64.exe Tested Version: 4.1.0.1503...
Microweber CMS 1.1.20 - Remote Code Execution (Authenticated)
Exploit Title: Microweber CMS 1.1.20 - Remote Code Execution Authenticated Date: 2020-10-31 Exploit Author: sl1nki Vendor Homepage: https://microweber.org/ Software Link: https://github.com/microweber/microweber/tree/1.1.20 Version: " . shellexec$REQUEST"fexec" . ""; ?' Notes: SSL verification is...
PHP Timeclock 1.04 - 'Multiple' Cross Site Scripting (XSS)
Exploit Title: PHP Timeclock 1.04 - 'Multiple' Cross Site Scripting XSS Date: May 3rd 2021 Exploit Author: Tyler Butler Vendor Homepage: http://timeclock.sourceforge.net Software Link: https://sourceforge.net/projects/timeclock/files/PHP%20Timeclock/PHP%20Timeclock%201.04/ Version: 1.04 Tested on...
Human Resource Information System 0.1 - 'First Name' Persistent Cross-Site Scripting (Authenticated)
Exploit Title: Human Resource Information System 0.1 - 'First Name' Persistent Cross-Site Scripting Authenticated Date: 04-05-2021 Exploit Author: Reza Afsahi Vendor Homepage: https://www.sourcecodester.com Software Link:...
BOOTP Turbo 2.0.0.1253 - 'bootpt.exe' Unquoted Service Path
Exploit Title: BOOTP Turbo 2.0.0.1253 - 'bootpt.exe' Unquoted Service Path Discovery by: Erick Galindo Discovery Date: 2020-05-07 Vendor Homepage: https://www.weird-solutions.com Software : https://www.weird-solutions.com/download/products/bootptdemox64.exe Tested Version: 2.0.0.1253 Vulnerabilit...
TFTP Broadband 4.3.0.1465 - 'tftpt.exe' Unquoted Service Path
Exploit Title: TFTP Broadband 4.3.0.1465 - 'tftpt.exe' Unquoted Service Path Discovery by: Erick Galindo Discovery Date: 2020-05-07 Vendor Homepage: https://www.weird-solutions.com Software : https://www.weird-solutions.com/download/products/tftpbbv4retailx64.exe Tested Version: 4.3.0.1465...
Sandboxie Plus 0.7.4 - 'SbieSvc' Unquoted Service Path
Exploit Title: Sandboxie Plus 0.7.4 - 'SbieSvc' Unquoted Service Path Discovery by: Erick Galindo Discovery Date: 2020-05-06 Vendor Homepage: https://github.com/sandboxie-plus/Sandboxie/releases/download/0.7.4/Sandboxie-Plus-x64-v0.7.4.exe Tested Version: 0.7.4 Vulnerability Type: Unquoted Servic...
Sandboxie 5.49.7 - Denial of Service (PoC)
Exploit Title: Sandboxie 5.49.7 - Denial of Service PoC Date: 06/05/2021 Author: Erick Galindo Vendor Homepage: https://sandboxie-plus.com/ Software https://github.com/sandboxie-plus/Sandboxie/releases/download/0.7.4/Sandboxie-Classic-x64-v5.49.7.exe Version: 5.49.7 Tested on: Windows 10 Pro x64 ...
Epic Games Rocket League 1.95 - Stack Buffer Overrun
Exploit Title: Epic Games Rocket League 1.95 - Stack Buffer Overrun Date: 25.04.2021 Exploit Author: LiquidWorm Vendor Homepage: https://www.epicgames.com https://www.rocketleague.com Epic Games Rocket League 1.95 AK::MemoryMgr::GetPoolName Stack Buffer Overrun Vendor: Epic Games Inc. | Psyonix,...
PHP Timeclock 1.04 - Time and Boolean Based Blind SQL Injection
Exploit Title: PHP Timeclock 1.04 - Time and Boolean Based Blind SQL Injection Date: 03.05.2021 Exploit Author: Tyler Butler Vendor Homepage: http://timeclock.sourceforge.net Software Link: https://sourceforge.net/projects/timeclock/files/PHP%20Timeclock/PHP%20Timeclock%201.04/ Version: 1.04 Test...
WifiHotSpot 1.0.0.0 - 'WifiHotSpotService.exe' Unquoted Service Path
Exploit Title: WifiHotSpot 1.0.0.0 - 'WifiHotSpotService.exe' Unquoted Service Path Discovery by: Erick Galindo Discovery Date: 2020-05-06 Vendor Homepage: https://www.gearboxcomputers.com/downloads/wifihotspot.exe Tested Version: 1.0.0.0 Vulnerability Type: Unquoted Service Path Tested on OS:...
Voting System 1.0 - Authentication Bypass (SQLI)
Exploit Title: Voting System 1.0 - Authentication Bypass SQLI Date: 06/05/2021 Exploit Author: secure77 Vendor Homepage: https://www.sourcecodester.com/php/12306/voting-system-using-php.html Software Link:...
Voting System 1.0 - Remote Code Execution (Unauthenticated)
Exploit Title: Voting System 1.0 - Remote Code Execution Unauthenticated Date: 07/05/2021 Exploit Author: secure77 Vendor Homepage: https://www.sourcecodester.com/php/12306/voting-system-using-php.html Software Link:...
Human Resource Information System 0.1 - Remote Code Execution (Unauthenticated)
Exploit Title: Human Resource Information System 0.1 - Remote Code Execution Unauthenticated Date: 04-05-2021 Exploit Author: Reza Afsahi Vendor Homepage: https://www.sourcecodester.com Software Link:...
Epic Games Easy Anti-Cheat 4.0 - Local Privilege Escalation
Exploit Title: Epic Games Easy Anti-Cheat 4.0 - Local Privilege Escalation Date: 04.05.2021 Exploit Author: LiquidWorm Vendor Homepage: https://www.epicgames.com https://www.easy.ac Epic Games Easy Anti-Cheat 4.0 Local Privilege Escalation Vendor: Epic Games, Inc. Product web page:...
Wordpress Plugin WP Super Edit 2.5.4 - Remote File Upload
Title: Wordpress Plugin WP Super Edit 2.5.4 - Remote File Upload Author: h4shur date: 2021-05-06 Vendor Homepage: https://wordpress.org Software Link: https://wordpress.org/plugins/wp-super-edit/ Version : 2.5.4 and earlier Tested on: Windows 10 & Google Chrome Category : Web Application Bugs Dor...
Schlix CMS 2.2.6-6 - Remote Code Execution (Authenticated)
Exploit Title: Schlix CMS 2.2.6-6 - Remote Code Execution Authenticated Date: 2021-05-06 Exploit Author: Eren Saraç Vendor Homepage: https://www.schlix.com/ Software Link: https://www.schlix.com/downloads/schlix-cms/schlix-cms-v2.2.6-6.zip Version: 2.2.6-6 Tested on: Windows & WampServer ==...
b2evolution 7-2-2 - 'cf_name' SQL Injection
Exploit Title: b2evolution 7-2-2 - 'cfname' SQL Injection Author: @nu11secur1ty Testing and Debugging: @nu11secur1ty Date: 05.06.2021 Vendor: https://b2evolution.net/ Link: https://b2evolution.net/downloads/7-2-2 CVE: CVE-2021-28242 Proof: https://streamable.com/x51kso + Exploit Source:...
Schlix CMS 2.2.6-6 - 'title' Persistent Cross-Site Scripting (Authenticated)
Exploit Title: Schlix CMS 2.2.6-6 - 'title' Persistent Cross-Site Scripting Authenticated Date: 2021-05-05 Exploit Author: Emircan BaÅŸ Vendor Homepage: https://www.schlix.com/ Software Link: https://www.schlix.com/downloads/schlix-cms/schlix-cms-v2.2.6-6.zip Version: 2.2.6-6 Tested on: Windows &...
Markdown Explorer 0.1.1 - Persistent Cross-Site Scripting
Exploit Title: Markdown Explorer 0.1.1 - XSS to RCE Exploit Author: TaurusOmar Date: 04/05/2021 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Risk: High 8.8 Vendor Homepage: https://github.com/jersou/markdown-explorer Version: 0.1.1 Tested on: Windows, Linux, MacOs Software Description: Easily...
Savsoft Quiz 5 - 'User Account Settings' Persistent Cross-Site Scripting
Exploit Title: Savsoft Quiz 5 - 'User Account Settings' Persistent Cross-Site Scripting Date: 2021-05-04 Exploit Author: strider Software Link: https://github.com/savsofts/savsoftquizv5 Vendor: https://savsoftquiz.com Version: 5.0 Tested on: Ubuntu 20.04 LTS / Kali Linux...
Markright 1.0 - Persistent Cross-Site Scripting
Exploit Title: Markright 1.0 - Persistent Cross-Site Scripting Exploit Author: TaurusOmar Date: 04/05/2021 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Risk: High 8.8 Vendor Homepage: https://github.com/dvcrn/markright Version: 1.0 Tested on: Linux, MacOs,Windows Software Description: A minimalis...
Freeter 1.2.1 - Persistent Cross-Site Scripting
Exploit Title: Freeter 1.2.1 - Persistent Cross-Site Scripting Exploit Author: TaurusOmar Date: 04/05/2021 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Risk: High 8.8 Vendor Homepage: https://freeter.io/ Version: 1.2.1 Tested on: Windows, Linux, MacOs Software Description: It is an organizer for...
StudyMD 0.3.2 - Persistent Cross-Site Scripting
Exploit Title: StudyMD 0.3.2 - Persistent Cross-Site Scripting Exploit Author: TaurusOmar Date: 04/05/2021 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Risk: High 8.8 Vendor Homepage: https://github.com/jotron/StudyMD Version: 0.3.2 Tested on: Windows, Linux, MacOs Software Description: A cool ap...
SnipCommand 0.1.0 - Persistent Cross-Site Scripting
Exploit Title: SnipCommand 0.1.0 - XSS to RCE Exploit Author: TaurusOmar Date: 04/05/2021 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Risk: High 8.8 Vendor Homepage: https://github.com/gurayyarar/SnipCommand Version: 0.1.0 Tested on: Windows, Linux, MacOs Software Description: Open source comman...
Xmind 2020 - Persistent Cross-Site Scripting
Exploit Title: Xmind 2020 - XSS to RCE Exploit Author: TaurusOmar Date: May 4th, 2021 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Risk: High 8.8 Vendor Homepage: https://www.xmind.net/ Version: 2020 Tested on: Windows, Linux, MacOs Software Description: XMind, a full-featured mind mapping and...
Anote 1.0 - Persistent Cross-Site Scripting
Exploit Title: Anote 1.0 - Persistent Cross-Site Scripting Exploit Author: TaurusOmar Date: 04/05/2021 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Risk: High 8.8 Vendor Homepage: https://github.com/AnotherNote/anote Version: 1.0 Tested on: Linux, MacOs Software Description: A simple opensource...
Marky 0.0.1 - Persistent Cross-Site Scripting
Exploit Title: Marky 0.0.1 - Persistent Cross-Site Scripting Exploit Author: TaurusOmar Date: 04/05/2021 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Risk: High 8.8 Vendor Homepage: https://github.com/vesparny/marky Version: 0.0.1 Tested on: Linux, MacOs, Windows Software Description: Marky is an...
Moeditor 0.2.0 - Persistent Cross-Site Scripting
Exploit Title: Moeditor 0.2.0 - Persistent Cross-Site Scripting Exploit Author: TaurusOmar Date: 04/05/2021 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Risk: High 8.8 Vendor Homepage: https://moeditor.js.org/ Version: 0.2.0 Tested on: Windows, Linux, MacOs Software Description: Software to view...
Markdownify 1.2.0 - Persistent Cross-Site Scripting
Exploit Title: Markdownify 1.2.0 - Persistent Cross-Site Scripting Exploit Author: TaurusOmar Date: 04/05/2021 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Risk: High 8.8 Vendor Homepage: https://github.com/amitmerchant1990/electron-markdownify Version: 1.2.0 Tested on: Windows, Linux, MacOs...
Tagstoo 2.0.1 - Persistent Cross-Site Scripting
Exploit Title: Tagstoo 2.0.1 - Stored XSS to RCE Exploit Author: TaurusOmar Date: 04/05/2021 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Risk: High 8.8 Vendor Homepage: https://tagstoo.sourceforge.io/ Version: v2.0.1 Tested on: Windows, Linux, MacOs Software Description: Software to tag folders...
Internship Portal Management System 1.0 - Remote Code Execution(Unauthenticated)
Exploit Title: Internship Portal Management System 1.0 - Remote Code Execution Via File Upload Unauthenticated Date: 2021-05-04 Exploit Author: argenestel Vendor Homepage: https://www.sourcecodester.com/php/11712/internship-portal-management-system.html Software Link:...
Voting System 1.0 - Time based SQLI (Unauthenticated SQL injection)
Exploit Title: Voting System 1.0 - Time based SQLI Unauthenticated SQL injection Date: 02/05/2021 Exploit Author: Syed Sheeraz Ali Vendor Homepage: https://www.sourcecodester.com/php/12306/voting-system-using-php.html Software Link:...
GitLab Community Edition (CE) 13.10.3 - 'Sign_Up' User Enumeration
Exploit Title: GitLab Community Edition CE 13.10.3 - 'SignUp' User Enumeration Date: 4/29/2021 Exploit Author: @4D0niiS https://github.com/4D0niiS Vendor Homepage: https://gitlab.com/ Version: 13.10.3 Tested on: Kali Linux 2021.1 INFO: An unauthenticated attacker can remotely enumerate the...
GetSimple CMS Custom JS 0.1 - Cross-Site Request Forgery
Exploit Title: GetSimple CMS Custom JS 0.1 - CSRF to XSS to RCE Exploit Author: Bobby Cooke boku & Abhishek Joshi Date: 30/04/201 Vendor Homepage: http://get-simple.info Software Link: http://get-simple.info/download/ & http://get-simple.info/extend/plugin/custom-js/1267/ Vendor: 4Enzo Version:...
GitLab Community Edition (CE) 13.10.3 - User Enumeration
Exploit Title: GitLab Community Edition CE 13.10.3 - User Enumeration Date: 4/29/2021 Exploit Author: @4D0niiS https://github.com/4D0niiS Vendor Homepage: https://gitlab.com/ Version: 13.10.3 Tested on: Kali Linux 2021.1 !/bin/bash Colors RED='\03338;5;196m' GREEN='\e38;5;47m' NC='\0330m'...
Piwigo 11.3.0 - 'language' SQL
Exploit Title: Piwigo 11.3.0 - 'language' SQL Author: @nu11secur1ty Testing and Debugging: nu11secur1ty Date: 04.30.2021 Vendor: https://piwigo.org/ Link: https://github.com/Piwigo/Piwigo/releases/tag/11.3.0 CVE: CVE-2021-27973 + Exploit Source: !/usr/bin/python3 Author: @nu11secur1ty Debug:...
GNU Wget < 1.18 - Arbitrary File Upload (2)
Exploit Title: GNU Wget 1.18 - Arbitrary File Upload / Remote Code Execution 2 Original Exploit Author: Dawid Golunski Exploit Author: liewehacksie Version: GNU Wget 1.18 CVE: CVE-2016-4971 import http.server import socketserver import socket import sys class...
Moodle 3.6.1 - Persistent Cross-Site Scripting (XSS)
Exploit Title: Moodle 3.6.1 - Persistent Cross-Site Scripting XSS Date: 04/2021 Exploit Author: farisv Vendor Homepage: https://moodle.org/ Software Link: https://download.moodle.org https://github.com/moodle/moodle/archive/refs/tags/v3.6.1.zip Version: Moodle 3.6.2, 3.5.4, 3.4.7, 3.1.16 CVE:...