Hotel and Lodge Management System 1.0 - Remote Code Execution (Unauthenticated)

Exploit Title: Hotel and Lodge Management System 1.0 - Remote Code Execution Unauthenticated Date: 07-03-2021 Exploit Author: Christian Vierschilling Vendor Homepage: https://www.sourcecodester.com Software Link: https://www.sourcecodester.com/php/13707/hotel-and-lodge-management-system.html...

Print Job Accounting 4.4.10 - 'OkiJaSvc' Unquoted Service Path

Exploit Title: Print Job Accounting 4.4.10 - 'OkiJaSvc' Unquoted Service Path Discovery by: Brian Rodriguez Date: 07-03-2021 Vendor Homepage: https://www.oki.com Software Links:...

GLPI 9.5.3 - 'fromtype' Unsafe Reflection

Exploit Title: GLPI 9.5.3 - 'fromtype' Unsafe Reflection Date: 2021-02-13 Exploit Author: Vadym Soroka @Iterasec https://iterasec.com Vendor Homepage: https://glpi-project.org Software Link: https://github.com/glpi-project/glpi/releases Version: =9.5.3 Tested on:v9.5.3, 2021-02-13 Technical...

Joomla JCK Editor 6.4.4 - 'parent' SQL Injection (2)

Exploit Title: Joomla JCK Editor 6.4.4 - 'parent' SQL Injection 2 Googke Dork: inurl:/plugins/editors/jckeditor/plugins/jtreelink/ Date: 05/03/2021 Exploit Author: Nicholas Ferreira Vendor Homepage: http://docs.arkextensions.com/downloads/jck-editor Version: 6.4.4 Tested on: Debian 10 CVE :...

Pingzapper 2.3.1 - 'PingzapperSvc' Unquoted Service Path

Exploit Title: Pingzapper 2.3.1 - 'PingzapperSvc' Unquoted Service Path Discovery by: Brian Rodriguez Date: 07-03-2021 Vendor Homepage: https://pingzapper.com Software Links: https://pingzapper.com/download Tested Version: 2.3.1 Vulnerability Type: Unquoted Service Path Tested on: Windows 8.1 Pro...

Fluig 1.7.0 - Path Traversal

Exploit Title: Fluig 1.7.0 - Path Traversal Date: 26/11/2020 Exploit Author: Lucas Souza Vendor Homepage: https://www.totvs.com/fluig/ Version: payload.txt curl -s https://raw.githubusercontent.com/lucxssouza/banners/main/xFluig/banner banner -- FUNCTIONS -- function create-payload wordlist.txt...

CatDV 9.2 - RMI Authentication Bypass

Exploit Title: CatDV 9.2 - RMI Authentication Bypass Date: 3/1/2021 Exploit Author: Christopher Ellis, Nick Gonella, Workday Inc. Vendor Homepage: https://catdv.com/ Software Link: https://www.squarebox.com/download/CatDVServer9.2.0.exe Version: 9.2 and lower Tested on: Windows, Mac import...

e107 CMS 2.3.0 - CSRF

Exploit Title: e107 CMS 2.3.0 - CSRF Date: 04/03/2021 Exploit Author: Tadjmen Vendor Homepage: https://e107.org Software Link: https://e107.org/download Version: 2.3.0 Tested on: Windows 10 CVE : CVE-2021-27885 CSRF vulnerability on e107 CMS Bug Description Hi. I found a CSRF on the e107 CMS...

Textpattern 4.8.3 - Remote code execution (Authenticated) (2)

Exploit Title: Textpattern 4.8.3 - Remote code execution Authenticated 2 Date: 03/03/2021 Exploit Author: Ricardo Ruiz @ricardojoserf Vendor Homepage: https://textpattern.com/ Software Link: https://textpattern.com/start Version: Previous to 4.8.3 Tested on: CentOS, textpattern 4.5.7 and 4.6.0...

Online Ordering System 1.0 - Blind SQL Injection (Unauthenticated)

Exploit Title: Online Ordering System 1.0 - Blind SQL Injection Unauthenticated Date: 2021-03-04 Exploit Author: Suraj Bhosale Vendor Homepage: https://www.sourcecodester.com Software Link: https://www.sourcecodester.com/php/5125/online-ordering-system-using-phpmysql.html Version: v1.0 Vulnerable...

Textpattern CMS 4.9.0-dev - 'Excerpt' Persistent Cross-Site Scripting (XSS)

Exploit Title: Textpattern CMS 4.9.0-dev - 'Excerpt' Persistent Cross-Site Scripting XSS Date: 2021-03-04 Exploit Author: Tushar Vaidya Vendor Homepage: https://textpattern.com Software Link: https://textpattern.com/start Version: v 4.9.0-dev Tested on: Windows Steps-To-Reproduce: 1. Login into...

Online Ordering System 1.0 - Arbitrary File Upload

Exploit Title: Online Ordering System 1.0 - Arbitrary File Upload to Remote Code Execution Date: 04/03/2021 Exploit Author: Suraj Bhosale Vendor Homepage: https://www.sourcecodester.com Software Link: https://www.sourcecodester.com/php/5125/online-ordering-system-using-phpmysql.html Version: 1.0...

Textpattern CMS 4.8.4 - 'Comments' Persistent Cross-Site Scripting (XSS)

Exploit Title: Textpattern CMS 4.8.4 - 'Comments' Persistent Cross-Site Scripting XSS Date: 2021-03-04 Exploit Author: Tushar Vaidya Vendor Homepage: https://textpattern.com Software Link: https://textpattern.com/start Version: v 4.8.4 Tested on: Windows Steps-To-Reproduce: 1. Login into...

Web Based Quiz System 1.0 - 'eid' Union Based Sql Injection (Authenticated)

Exploit Title: Web Based Quiz System 1.0 - 'eid' Union Based Sql Injection Authenticated Date: 04-03-2021 Exploit Author: Deepak Kumar Bharti Vendor Homepage: https://www.sourcecodester.com Software Download Link:...

Local Services Search Engine Management System (LSSMES) 1.0 - 'name' Persistent Cross-Site Scripting (XSS)

Exploit Title: Local Services Search Engine Management System LSSMES 1.0 - 'name' Persistent Cross-Site Scripting XSS Date: 2021-03-03 Exploit Author: Tushar Vaidya Vendor Homepage: https://phpgurukul.com/local-services-search-engine-management-system-using-php-and-mysql/ Software Link:...

AnyDesk 5.5.2 - Remote Code Execution

Exploit Title: AnyDesk 5.5.2 - Remote Code Execution Date: 09/06/20 Exploit Author: scryh Vendor Homepage: https://anydesk.com/en Version: 5.5.2 Tested on: Linux Walkthrough: https://devel0pment.de/?p=1881 !/usr/bin/env python import struct import socket import sys ip = '192.168.x.x' port = 50001...

Local Services Search Engine Management System (LSSMES) 1.0 - Blind & Error based SQL injection (Authenticated)

Exploit Title: Local Services Search Engine Management System LSSMES 1.0 - Blind & Error based SQL injection Authenticated Date: 2021-03-02 Exploit Author: Tushar Vaidya Vendor Homepage: https://phpgurukul.com/local-services-search-engine-management-system-using-php-and-mysql/ Software Link:...

Web Based Quiz System 1.0 - 'MCQ options' Persistent Cross-Site Scripting

Exploit Title: Web Based Quiz System 1.0 - 'MCQ options' Persistent/Stored Cross-Site Scripting Date: 2021-03-02 Exploit Author: Praharsh Kumar Singh Vendor Homepage: https://www.sourcecodester.com Software Download Link:...

Zen Cart 1.5.7b - Remote Code Execution (Authenticated)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework This exploit write payload in database and trig to command a bug in an zencart v1.5.7b web application class MetasploitModule 'zencart authenticated remote code executio...

Web Based Quiz System 1.0 - 'name' Persistent Cross-Site Scripting

Exploit Title: Web Based Quiz System 1.0 - 'name' Persistent/Stored Cross-Site Scripting Date: 2021-03-02 Exploit Author: P.Naveen Kumar Vendor Homepage: https://www.sourcecodester.com Software Download Link :...

Tiny Tiny RSS - Remote Code Execution

Exploit Title: Tiny Tiny RSS - Remote Code Execution Date: 21/09/2020 Exploit Author: Daniel Neagaru & Benjamin Nadarević Blog post: https://www.digeex.de/blog/tinytinyrss/ Software Link: https://git.tt-rss.org/fox/tt-rss Version: all before 2020-09-16 Commit with the fixes:...

WiFi Mouse 1.7.8.5 - Remote Code Execution

Exploit Title: WiFi Mouse 1.7.8.5 - Remote Code Execution Date: 25-02-2021 Author: H4rk3nz0 Vendor Homepage: http://necta.us/ Software Link: http://wifimouse.necta.us/download Version: 1.7.8.5 Tested on: Windows Enterprise Build 17763 Desktop Server software used by mobile app has PIN option whic...

FortiLogger 4.4.2.2 - Unauthenticated Arbitrary File Upload (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'FortiLogger Arbitrary File Upload Exploit', 'Description' = %q This module exploits an unauthenticated arbitrary file upload via insecure POST...

VMware vCenter Server 7.0 - Unauthenticated File Upload

Exploit Title: VMware vCenter Server 7.0 - Unauthenticated File Upload Date: 2021-02-27 Exploit Author: Photubias Vendor Advisory: 1 https://www.vmware.com/security/advisories/VMSA-2021-0002.html Version: vCenter Server 6.5 7515524. File name CVE-2021-21972.py written by tijldotdeneutathowestdotb...

Covid-19 Contact Tracing System 1.0 - Remote Code Execution (Unauthenticated)

Exploit Title: Covid-19 Contact Tracing System 1.0 - Remote Code Execution Unauthenticated Date: 28-02-2021 Exploit Author: Christian Vierschilling Vendor Homepage: https://www.sourcecodester.com Software Link:...

Online Catering Reservation System 1.0 - Remote Code Execution (Unauthenticated)

Exploit Title: Online Catering Reservation System 1.0 - Unauthenticated Remote Code Execution Date: 28-02-2021 Exploit Author: Christian Vierschilling Vendor Homepage: https://www.sourcecodester.com Software Link: https://www.sourcecodester.com/php/11355/online-catering-reservation.html Version:...

Simple Employee Records System 1.0 - File Upload RCE (Unauthenticated)

Exploit Title: Simple Employee Records System 1.0 - File Upload RCE Unauthenticated Date: 2021-02-25 Exploit Author: [email protected] Vendor Homepage: https://www.sourcecodester.com/php/11393/employee-records-system.html Software Link:...

Remote Desktop Web Access - Authentication Timing Attack (Metasploit Module)

!/usr/bin/env python3 -- coding: utf-8 -- standard modules from metasploit import module extra modules DEPENDENCIESMISSING = False try: import base64 import itertools import os import requests except ImportError: DEPENDENCIESMISSING = True Metasploit Metadata metadata = 'name': 'Microsoft RDP Web...

LightCMS 1.3.4 - 'exclusive' Stored XSS

Exploit Title: LightCMS 1.3.4 - 'exclusive' Stored XSS Date: 25/02/2021 Exploit Author: Peithon Vendor Homepage: https://github.com/eddy8/LightCMS Software Link: https://github.com/eddy8/LightCMS/releases/tag/v1.3.4 Version: 1.3.4 Tested on: latest version of Chrome, Firefox on Windows and Linux...

Triconsole 3.75 - Reflected XSS

Exploit Title: Triconsole 3.75 - Reflected XSS Google Dork: inurl : /calendar/calendarform.php Date: 15/2/2021 Exploit Author: Akash Chathoth Vendor Homepage: http://www.triconsole.com/ Software Link: http://www.triconsole.com/php/calendardatepicker.php Version: alertdocument.domain...

Vehicle Parking Management System 1.0 - 'catename' Persistent Cross-Site Scripting (XSS)

Exploit Title: Vehicle Parking Management System 1.0 - 'catename' Persistent Cross-Site Scripting XSS Date: 2021-02-25 Exploit Author: Tushar Vaidya Vendor Homepage: https://www.sourcecodester.com/php/14415/vehicle-parking-management-system-project-phpmysql-full-source-code.html Software Link:...

ASUS Remote Link 1.1.2.13 - Remote Code Execution

Exploit: ASUS Remote Link 1.1.2.13 - Remote Code Execution Date: 24-02-2021 Exploit Author: H4rk3nz0 Vendor Homepage: http://asus.com/ Software Link: http://remotelink.asus.com/ Version: 1.1.2.13 Tested on: Windows 10 Enterprise Build 17763 CVE: N/A !/usr/bin/python import socket from time import...

LogonExpert 8.1 - 'LogonExpertSvc' Unquoted Service Path

Exploit Title: LogonExpert 8.1 - 'LogonExpertSvc' Unquoted Service Path Discovery by: Victor Mondragón Discovery Date: 23-02-2021 Vendor Homepage: https://www.softros.com/ Software Links : https://download.logonexpert.com/LogonExpertSetup64.msi Tested Version: 8.1 Vulnerability Type: Unquoted...

LayerBB 1.1.4 - 'search_query' SQL Injection

Exploit Title: LayerBB 1.1.4 - 'searchquery' SQL Injection Date: 2021-02-19 Exploit Author: Görkem Haşin Version: 1.1.4 Tested on: Linux/Windows POST /search.php HTTP/1.1 Host: Target Payload: searchquery=Lffd' AND 8460=SELECT CASE WHEN 8460=8460 THEN 8460 ELSE SELECT 1560 UNION SELECT 2122 END--...

Softros LAN Messenger 9.6.4 - 'SoftrosSpellChecker' Unquoted Service Path

Exploit Title: Softros LAN Messenger 9.6.4 - 'SoftrosSpellChecker' Unquoted Service Path Discovery by: Victor Mondragón Discovery Date: 23-02-2021 Vendor Homepage: https://www.softros.com/ Software Links : https://download.softros.com/SoftrosLANMessengerSetup.exe Tested Version: 9.6.4 Vulnerabili...

python jsonpickle 2.0.0 - Remote Code Execution

Exploit Title: python jsonpickle 2.0.0 - Remote Code Execution Date: 24-2-2021 Vendor Homepage: https://jsonpickle.github.io Exploit Author: Adi Malyanker, Shay Reuven Software Link: https://github.com/jsonpickle/jsonpickle Version: 2.0.0 Tested on: windows, linux Python is an open source languag...

SpotAuditor 5.3.5 - 'multiple' Denial Of Service (PoC)

Exploit Title: SpotAuditor 5.3.5 - 'multiple' Denial Of Service PoC Exploit Author : Sinem Şahin Exploit Date: 2021-02-10 Vendor Homepage : http://www.nsauditor.com/ Link Software : http://spotauditor.nsauditor.com/downloads/spotauditorsetup.exe Tested on: Windows 7 x64 Version: 5.3.5 Steps: 1- R...

Product Key Explorer 4.2.7 - 'multiple' Denial of Service (PoC)

Exploit Title: Product Key Explorer 4.2.7 - 'multiple' Denial of Service PoC Exploit Author : Sinem Şahin Exploit Date: 2021-02-23 Vendor Homepage : http://www.nsauditor.com/ Link Software : http://www.nsauditor.com/downloads/productkeyexplorersetup.exe Version: 4.2.7 Tested on: Windows 7 x64...

Unified Remote 3.9.0.2463 - Remote Code Execution

Exploit Title: Unified Remote 3.9.0.2463 - Remote Code Execution Author: H4rk3nz0 Vendor Homepage: https://www.unifiedremote.com/ Software Link: https://www.unifiedremote.com/download Tested on: Windows 10, 10.0.19042 Build 19042 !/usr/bin/python import socket import sys import os from time impor...

Batflat CMS 1.3.6 - 'multiple' Stored XSS

Exploit Title: Batflat CMS 1.3.6 - 'multiple' Stored XSS Date: 22/02/2021 Exploit Author: Tadjmen Vendor Homepage: https://batflat.org/ Software Link: https://github.com/sruupl/batflat/archive/master.zip Version: 1.3.6 Tested on: Xammpp on Windows, Firefox Newest CVE : N/A Multiple Stored XSS...

HFS (HTTP File Server) 2.3.x - Remote Command Execution (3)

Exploit Title: HFS HTTP File Server 2.3.x - Remote Command Execution 3 Google Dork: intext:"httpfileserver 2.3" Date: 20/02/2021 Exploit Author: Pergyz Vendor Homepage: http://www.rejetto.com/hfs/ Software Link: https://sourceforge.net/projects/hfs/ Version: 2.3.x Tested on: Microsoft Windows...

Monica 2.19.1 - 'last_name' Stored XSS

Exploit Title: Monica 2.19.1 - 'lastname' Stored XSS Date: 22-02-2021 Exploit Author: BouSalman Vendor Homepage: https://www.monicahq.com/ Software Link: https://github.com/monicahq/monica/releases Version: Monica 2.19.1 Tested on: Ubuntu 18.04 CVE : CVE-2021-27370 POST /people HTTP/1.1 Host:...

OpenText Content Server 20.3 - 'multiple' Stored Cross-Site Scripting

Exploit Title: OpenText Content Server 20.3 - 'multiple' Stored Cross-Site Scripting Date: 19/02/2021 Exploit Author: Kamil Breński Vendor Homepage: https://www.opentext.com/ Software Link: https://www.opentext.com/products-and-solutions/products/enterprise-content-management/content-management...

dataSIMS Avionics ARINC 664-1 - Local Buffer Overflow (PoC)

Exploit Title: dataSIMS Avionics ARINC 664-1 - Local Buffer Overflow PoC Exploit Author: Kağan Çapar Date: 2020-02-17 Vendor Homepage: https://www.ddc-web.com/ Software Link: https://www.ddc-web.com/en/connectivity/databus/milstd1553-1/software-1/bu-69414?partNumber=BU-69414 Version: 4.5.3 Tested...

PEEL Shopping 9.3.0 - 'Comments' Persistent Cross-Site Scripting

Exploit Title: PEEL Shopping 9.3.0 - 'Comments/Special Instructions' Stored Cross-Site Scripting Date: 2021-02-16 Exploit Author: Anmol K Sachan Vendor Homepage: https://www.peel.fr/ Software Link: https://sourceforge.net/projects/peel-shopping/ Software: PEEL SHOPPING 9.3.0 Vulnerability Type:...

Comment System 1.0 - 'multiple' Stored Cross-Site Scripting

Exploit Title: Comment System 1.0 - 'multiple' Stored Cross-Site Scripting Date: 2021-02-18 Exploit Author: Pintu Solanki Vendor Homepage: https://www.sourcecodester.com/ Software Link: https://www.sourcecodester.com/php/14713/comment-system-phpmysqli-full-source-code.html Software: : Comment...

Beauty Parlour Management System 1.0 - 'sername' SQL Injection

Exploit Title: Beauty Parlour Management System 1.0 - 'sername' SQL Injection Date: 19/2/2021 Exploit Author: Thinkland Security Team Vendor Homepage: https://phpgurukul.com/beauty-parlour-management-system-using-php-and-mysql/ Software Link:...

Online Exam System With Timer 1.0 - 'email' SQL injection Auth Bypass

Exploit Title: Online Exam System With Timer 1.0 - 'email' SQL injection Auth Bypass Date: 2021-02-18 Exploit Author: Suresh Kumar Vendor Homepage: https://www.sourcecodester.com/ Software Link: https://www.sourcecodester.com/php/13877/online-exam-timer.html Tested On: Windows 10 Pro 10.0.18363 N...

Apport 2.20 - Local Privilege Escalation

Exploit Title: Apport 2.20 - Local Privilege Escalation Date: 18/02/21 Exploit Author: Gr33nh4t Vendor Homepage: https://ubuntu.com/ Version: Apport: Ubuntu 20.10 - Before 2.20.11-0ubuntu50.5 Apport: Ubuntu 20.04 - Before 2.20.11-0ubuntu27.16 Apport: Ubuntu 18.04 - Before 2.20.9-0ubuntu7.23 Appor...

Gitea 1.12.5 - Remote Code Execution (Authenticated)

Exploit Title: Gitea 1.12.5 - Remote Code Execution Authenticated Date: 17 Feb 2020 Exploit Author: Podalirius PoC demonstration article: https://podalirius.net/en/articles/exploiting-cve-2020-14144-gitea-authenticated-remote-code-execution/ Vendor Homepage: https://gitea.io/ Software Link:...