EyesOfNetwork 5.3 - RCE & PrivEsc

Exploit Title: EyesOfNetwork 5.3 - RCE & PrivEsc Date: 10/01/2021 Exploit Author: Audencia Business SCHOOL Red Team Vendor Homepage: https://www.eyesofnetwork.com/en Software Link: http://download.eyesofnetwork.com/EyesOfNetwork-5.3-x8664-bin.iso Version: 5.3 Authentified Romote Code Execution fl...

OpenCart 3.0.36 - ATO via Cross Site Request Forgery

Exploit Title: OpenCart 3.0.36 - ATO via Cross Site Request Forgery Date: 01-09-2021 Exploit Author: Mahendra Purbia Mah3Sec Vendor Homepage: https://www.opencart.com Software Link: https://www.opencart.com/index.php?route=cms/download Version: OpenCart CMS - 3.0.3.6 Tested on: Kali Linux...

EyesOfNetwork 5.3 - LFI

Exploit Title: EyesOfNetwork 5.3 - LFI Date: 10/01/2021 Exploit Author: Audencia Business SCHOOL Red Team Vendor Homepage: https://www.eyesofnetwork.com/en Software Link: http://download.eyesofnetwork.com/EyesOfNetwork-5.3-x8664-bin.iso Version: 5.3 The php not exclude other tools than proposed...

Prestashop 1.7.7.0 - 'id_product' Time Based Blind SQL Injection

Exploit Title: Prestashop 1.7.7.0 - 'idproduct' Time Based Blind SQL Injection Date: 08-01-2021 Exploit Author: Jaimin Gondaliya Vendor Homepage: https://www.prestashop.com Software Link: https://www.prestashop.com/en/download Version: Prestashop CMS - 1.7.7.0 Tested on: Windows 10 Parameter:...

Cemetry Mapping and Information System 1.0 - Multiple Stored Cross-Site Scripting

Exploit Title: Cemetry Mapping and Information System 1.0 - Multiple Stored Cross-Site Scripting Exploit Author: Mesut Cetin Date: 2021-01-10 Vendor Homepage: https://www.sourcecodester.com/php/12779/cemetery-mapping-and-information-system-using-phpmysqli.html Software Link:...

Cockpit Version 234 - Server-Side Request Forgery (Unauthenticated)

Exploit Title: Cockpit Version 234 - Server-Side Request Forgery Unauthenticated Date: 08.01.2021 Exploit Author: Metin Yunus Kandemir Vendor Homepage: https://cockpit-project.org/ Version: v234 Tested on: Ubuntu 18.04 !/usr/bin/python3 import argparse import requests import sys import urllib3...

Online Doctor Appointment System 1.0 - 'Multiple' Stored XSS

Exploit Title: Online Doctor Appointment System 1.0 - 'Multiple' Stored XSS Tested on: Windows 10 Exploit Author: Mohamed habib Smidi Craniums Date: 2021-01-08 Vendor Homepage: https://www.sourcecodester.com/php/14663/online-doctor-appointment-system-php-full-source-code.html Software Link:...

WordPress Plugin Autoptimize 2.7.6 - Authenticated Arbitrary File Upload (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Wordpress Autoptimize Authenticated File Upload', 'Description' = %q The aoccssimport AJAX call does not ensure that the file provided is a...

dnsrecon 0.10.0 - CSV Injection

Exploit Title: dnsrecon 0.10.0 - CSV Injection Author: Dolev Farhi Date: 2021-01-07 Vendor Homepage: https://github.com/darkoperator/dnsrecon/ Version : 0.10.0 Tested on: ParrotOS 4.10 dnsrecon, when scanning a TXT record such as SPF, i.e.: spf.domain.com, outputs a CSV report -c out.csv with...

Wordpress Plugin wpDiscuz 7.0.4 - Unauthenticated Arbitrary File Upload (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'WordPress wpDiscuz Unauthen File Upload Vulnerability', 'Description' = %q This module exploits an arbitrary file upload in the WordPress wpDiscu...

Apache Flink 1.11.0 - Unauthenticated Arbitrary File Read (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Apache Flink File Read Vulnerability', 'Description' = %q This module exploits an unauthenticated directory traversal vulnerability in Apache Fli...

Life Insurance Management System 1.0 - Multiple Stored XSS

Exploit Title: Life Insurance Management System 1.0 - Multiple Stored XSS Date: 4/1/2021 Exploit Author: Arnav Tripathy Vendor Homepage: https://www.sourcecodester.com Software Link: https://www.sourcecodester.com/php/14665/life-insurance-management-system-php-full-source-code.html Version: 1.0...

CRUD Operation 1.0 - Multiple Stored XSS

Exploit Title: CRUD Operation 1.0 - Multiple Stored XSS Date: 4/1/2021 Exploit Author: Arnav Tripathy Vendor Homepage: https://egavilanmedia.com Software Link: https://egavilanmedia.com/crud-operation-with-php-mysql-bootstrap-and-dompdf/ Version: 1.0 Tested on: linux / Lamp Click on add new recor...

iBall-Baton WRA150N Rom-0 Backup - File Disclosure (Sensitive Information)

Exploit Title: iBall-Baton WRA150N Rom-0 Backup - File Disclosure Sensitive Information Date: 07/01/2021 Exploit Author: h4cks1n Vendor Homepage: iball.co.in Version: iBall-Baton WRA150N Tested on : Windows 7/8/8.1/10, Parrot Linux OS The iBall-Baton router version WRA150N is vulnerable to the...

Curfew e-Pass Management System 1.0 - Stored XSS

Exploit Title: Curfew e-Pass Management System 1.0 - Stored XSS Date: 2/1/2021 Exploit Author: Arnav Tripathy Vendor Homepage: https://phpgurukul.com Software Link: https://phpgurukul.com/curfew-e-pass-management-system-using-php-and-mysql/ Version: 1.0 Tested on: Windows 10/Wamp 1 Log into the...

ECSIMAGING PACS 6.21.5 - SQL injection

Exploit Title: ECSIMAGING PACS 6.21.5 - SQL injection Date: 06/01/2021 Exploit Author: shoxxdj Vendor Homepage: https://www.medicalexpo.fr/ Version: 6.21.5 and bellow tested on 6.21.5,6.21.3 Tested on: Linux ECSIMAGING PACS Application in 6.21.5 and bellow suffers from SQLinjection vulnerability...

Cockpit CMS 0.6.1 - Remote Code Execution

Cockpit CMS 0.6.1 - Remote Code Execution Product: Cockpit CMS https://getcockpit.com Version: Cockpit CMS = 0.6.1...

ECSIMAGING PACS 6.21.5 - Remote code execution

Exploit Title: ECSIMAGING PACS 6.21.5 - Remote code execution Date: 06/01/2021 Exploit Author: shoxxdj Vendor Homepage: https://www.medicalexpo.fr/ Version: 6.21.5 and bellow tested on 6.21.5,6.21.3 Tested on: Linux ECSIMAGING PACS Application in 6.21.5 and bellow suffers from a OS Injection...

Employee Record System 1.0 - Unrestricted File Upload to Remote Code Execution

Exploit Title: Employee Record System 1.0 - Unrestricted File Upload to Remote Code Execution Exploit Author: Saeed Bala Ahmed r0b0tG4nG Date: 2021-01-05 Vendor Homepage: https://www.sourcecodester.com/php/14588/employee-record-system-phpmysqli-full-source-code.html Software Link:...

Resumes Management and Job Application Website 1.0 - RCE (Unauthenticated)

Exploit Title: Resumes Management and Job Application Website 1.0 - RCE Unauthenticated Date: 3/1/2021 Exploit Author: Arnav Tripathy Vendor Homepage: https://egavilanmedia.com Software Link: https://egavilanmedia.com/resumes-management-and-job-application-website/ Version: 1.0 Tested on:...

PaperStream IP (TWAIN) 1.42.0.5685 - Local Privilege Escalation

Exploit Title: PaperStream IP TWAIN 1.42.0.5685 - Local Privilege Escalation Exploit Author: 1F98D Original Author: securifera Date: 12 May 2020 Vendor Hompage: https://www.fujitsu.com/global/support/products/computing/peripheral/scanners/fi/software/fi6x30-fi6x40-ps-ip-twain32.html CVE:...

Responsive E-Learning System 1.0 - Unrestricted File Upload to RCE

Exploit Title: Responsive E-Learning System 1.0 - Unrestricted File Upload to RCE Date: 2020-12-24 Exploit Author: Kshitiz Raj manitorpotterk Vendor Homepage: https://www.sourcecodester.com/php/5172/responsive-e-learning-system.html Software Link:...

IPeakCMS 3.5 - Boolean-based blind SQLi

Exploit Title: IPeakCMS 3.5 - Boolean-based blind SQLi Date: 07.12.2020 Exploit Author: MoeAlbarbari Vendor Homepage: https://ipeak.ch/ Software Link: N/A Version: 3.5 Tested on: BackBox Linux CVE : CVE-2021-3018 Check the CMS version :goto www.site.com/cms/ and you will notice that in the login...

WordPress Plugin WP24 Domain Check 1.6.2 - 'fieldnameDomain' Stored Cross Site Scripting

Exploit Title: WordPress Plugin WP24 Domain Check 1.6.2 - 'fieldnameDomain' Stored Cross Site Scripting Date: 2021-01-03 Exploit Author: Mehmet Kelepçe / Gais Cyber Security Vendor Homepage: https://wordpress.org/plugins/wp24-domain-check/ Software Link:...

WordPress Plugin litespeed cache 3.6 - 'server_ip' Cross-Site Scripting

Exploit Title: WordPress Plugin litespeed-cache 3.6 - 'serverip' Cross-Site Scripting Date: 20-12-2020 Software Link: https://downloads.wordpress.org/plugin/litespeed-cache.3.6.zip Version: litespeed-cache Tested on: Windows 10 x64 Description: A Stored Cross-site scripting XSS was discovered in...

Advanced Webhost Billing System 3.7.0 - Cross-Site Request Forgery (CSRF)

Exploit Title: Advanced Webhost Billing System 3.7.0 - Cross-Site Request Forgery CSRF Date: 06/01/2021 Exploit Author: Rahul Ramakant Singh Vendor Homepage: https://www.awbs.com/ Version: 3.7.0 Tested on Windows Steps: 1. Login into the application with the help of email and password. 2. Navigat...

dirsearch 0.4.1 - CSV Injection

Exploit Title: dirsearch 0.4.1 - CSV Injection Author: Dolev Farhi Date: 2021-01-05 Vendor Homepage: https://github.com/maurosoria/dirsearch Version : 0.4.1 Tested on: Debian 9.13 dirsearch, when used with the --csv-report flag, writes the results of crawled endpoints which redirect, to a csv fil...

Resumes Management and Job Application Website 1.0 - Multiple Stored XSS

Exploit Title: Resumes Management and Job Application Website 1.0 - Multiple Stored XSS Date: 2/1/2021 Exploit Author: Saswat Subhajyoti Mallick Vendor Homepage: https://egavilanmedia.com/ Software Link: https://egavilanmedia.com/resumes-management-and-job-application-website/ Version: 1.0 Tested...

Sonatype Nexus 3.21.1 - Remote Code Execution (Authenticated)

Exploit Title: Sonatype Nexus 3.21.1 - Remote Code Execution Authenticated Exploit Author: 1F98D Original Author: Alvaro Muñoz Date: 27 May 2020 Vendor Hompage: https://www.sonatype.com/ CVE: CVE-2020-10199 Tested on: Windows 10 x64 References:...

Responsive E-Learning System 1.0 - Stored Cross Site Scripting

Exploit Title: Responsive E-Learning System 1.0 – Stored Cross Site Scripting Date: 2020-12-24 Exploit Author: Kshitiz Rajmanitorpotterk Vendor Homepage: https://www.sourcecodester.com/php/5172/responsive-e-learning-system.html Software Link:...

Newgen Correspondence Management System (corms) eGov 12.0 - IDOR

Exploit Title: Newgen Correspondence Management System corms eGov 12.0 - IDOR Date: 29 Dec 2020 Exploit Author: ALI AL SINAN Vendor Homepage: https://newgensoft.com Software Link: https://newgensoft.com/solutions/industries/government/e-gov-office/ Version: eGov 12.0 Tested on: JBoss EAP 7 CVE :...

H2 Database 1.4.199 - JNI Code Execution

Exploit Title: H2 Database 1.4.199 - JNI Code Execution Exploit Author: 1F98D Original Author: Markus Wulftange Date: 28 April 2020 Vendor Hompage: https://www.h2database.com/ Tested on: Windows 10 x64, Java 1.8, H2 1.4.199 References:...

Expense Tracker 1.0 - 'Expense Name' Stored Cross-Site Scripting

Exploit Title: Expense Tracker 1.0 - 'Expense Name' Stored Cross-Site Scripting Exploit Author: Shivam Vermacyb3rn3rd Date: 2021-01-05 Vendor Homepage: https://code-projects.org/expense-tracker-in-php-with-source-code/ Software Link: https://code-projects.org Version: 1.0 Category: Web Applicatio...

Gitea 1.7.5 - Remote Code Execution

Exploit Title: Gitea 1.7.5 - Remote Code Execution Date: 2020-05-11 Exploit Author: 1F98D Original Author: LoRexxar Software Link: https://gitea.io/en-us/ Version: Gitea before 1.7.6 and 1.8.x before 1.8-RC3 Tested on: Debian 9.11 x64 CVE: CVE-2019-11229 References:...

WinAVR Version 20100110 - Insecure Folder Permissions

Exploit Title: WinAVR Version 20100110 - Insecure Folder Permissions Date: 2020-12-11 Exploit Author: Mohammed Alshehri Vendor Homepage: https://sourceforge.net/projects/winavr/ Software Link: https://sourceforge.net/projects/winavr/files/WinAVR/20100110/WinAVR-20100110-install.exe Version: Versi...

IObit Uninstaller 10 Pro - Unquoted Service Path

Exploit Title: IObit Uninstaller 10 Pro - Unquoted Service Path Date: 2020–12–24 Exploit Author: Mayur Parmarth3cyb3rc0p Vendor Homepage: https://www.iobit.com Software Link: https://www.iobit.com/en/advanceduninstaller.php Version: 10 Tested on Windows 10 Unquoted Service Path: When a service is...

Zoom Meeting Connector 4.6.239.20200613 - Remote Root Exploit (Authenticated)

Exploit Title: Zoom Meeting Connector 4.6.239.20200613 - Remote Root Exploit Authenticated Date: 12-29-2020 Exploit Author: Jeremy Brown Vendor Homepage: https://support.zoom.us/hc/en-us/articles/201363093-Deploying-the-Meeting-Connector Software Link:...

Responsive FileManager 9.13.4 - 'path' Path Traversal

Exploit Title: Responsive FileManager 9.13.4 - 'path' Path Traversal Date: 12/12/2018 PoC Date: 04/01/2020 Auto Exploit Exploit Author: SunCSR Sun Cyber Security Research Google Dork: intitle:"Responsive FileManager 9.x.x" Vendor Homepage: http://responsivefilemanager.com/ Software Link:...

WordPress Plugin WP-Paginate 2.1.3 - 'preset' Stored XSS

Exploit Title: WordPress Plugin WP-Paginate 2.1.3 - 'preset' Stored XSS Date: 04-01-2021 Software Link: https://wordpress.org/plugins/wp-paginate/ Exploit Author: Park Won Seok Contact: [email protected] Category: Webapps Version: WP-PaginateVer-2.1.3 CVE : N/A Tested on: Windows 10 x64...

IncomCMS 2.0 - Insecure File Upload

Exploit Title: IncomCMS 2.0 - Insecure File Upload Google Dork: intext:"Incom CMS 2.0" Date: 07.12.2020 Exploit Author: MoeAlBarbari Vendor Homepage: https://www.incomcms.com/ Version: 2.0 Tested on: BackBox linux CVE: CVE-2020-29597 Upload your files Upload your file...

Cassandra Web 0.5.0 - Remote File Read

Exploit Title: Cassandra Web 0.5.0 - Remote File Read Date: 12-28-2020 Exploit Author: Jeremy Brown Vendor Homepage: https://github.com/avalanche123/cassandra-web Software Link: https://rubygems.org/gems/cassandra-web/versions/0.5.0 Version: 0.5.0 Tested on: Linux !/usr/bin/python -- coding: UTF-...

Intel(R) Matrix Storage Event Monitor x86 8.0.0.1039 - 'IAANTMON' Unquoted Service Path

Exploit Title: IntelR Matrix Storage Event Monitor x86 8.0.0.1039 - 'IAANTMON' Unquoted Service Path Date: 2021-01-04 Exploit Author: Geovanni Ruiz Vendor Homepage: https://www.intel.com Software Version: 8.0.0.1039 File Version: 8.0.0.1039 Tested on: Microsoft® Windows Vista Business 6.0.6001...

Online Movie Streaming 1.0 - Authentication Bypass

Exploit Title: Online Movie Streaming 1.0 - Authentication Bypass Date: 2020-12-27 Exploit Author: Kshitiz Raj manitorpotterk Vendor Homepage: https://www.sourcecodester.com/php/14640/online-movie-streaming-php-full-source-code.html Software Link:...

House Rental and Property Listing 1.0 - Multiple Stored XSS

Exploit Title: House Rental and Property Listing 1.0 - Multiple Stored XSS Tested on: Windows 10 Exploit Author: Mohamed habib Smidi Craniums Date: 2020-12-28 Google Dork: N/A Vendor Homepage: https://www.sourcecodester.com/php/14649/house-rental-and-property-listing-php-full-source-code.html...

CSZ CMS 1.2.9 - Multiple Cross-Site Scripting

Exploit Title: CSZ CMS 1.2.9 - Multiple Cross-Site Scripting Date: 2020/12/28 Exploit Author: SunCSR Vendor Homepage: https://www.cszcms.com/ Software Link: https://github.com/cskaza/cszcms Version: 1.2.9 Tested on: CSZ CMS 1.2.9 1. Reflected XSS Go to url...

HPE Edgeline Infrastructure Manager 1.0 - Multiple Remote Vulnerabilities

Exploit Title: HPE Edgeline Infrastructure Manager 1.0 - Multiple Remote Vulnerabilities Date: 12-28-2020 Exploit Author: Jeremy Brown Vendor Homepage: https://support.hpe.com/hpsc/swd/public/detail?swItemId=MTXf62aaafe780a496dad6d28621a Software Link:...

Klog Server 2.4.1 - Command Injection (Unauthenticated)

Exploit Title: Klog Server 2.4.1 - Command Injection Unauthenticated Date: 22.12.2020 Exploit Author: b3kc4t Mustafa GUNDOGDU Vendor Homepage: https://www.klogserver.com/ Version: 2.4.1 Tested On: Ubuntu 18.04 CVE: 2020-35729 Description:...

Fluentd TD-agent plugin 4.0.1 - Insecure Folder Permission

Exploit Title: Fluentd TD-agent plugin 4.0.1 - Insecure Folder Permission Date: 21.12.2020 Exploit Author: Adrian Bondocea Vendor Homepage: https://www.fluentd.org/ Software Link: https://td-agent-package-browser.herokuapp.com/4/windows Version: icacls C:\opt\td-agent\bin C:\opt\td-agent\bin...

Resumes Management and Job Application Website 1.0 - Authentication Bypass

Exploit Title: Resumes Management and Job Application Website 1.0 - Authentication Bypass Sql Injection Date: 2020-12-27 Exploit Author: Kshitiz Raj manitorpotterk Vendor Homepage: http://egavilanmedia.com Software Link: https://egavilanmedia.com/resumes-management-and-job-application-website/...

EgavilanMedia User Registration & Login System with Admin Panel 1.0 - Persistent Cross-Site Scripting

Exploit Title: EgavilanMedia User Registration & Login System with Admin Panel 1.0 - Multiple Stored Cross-Site Scripting Date: 30-12-2020 Exploit Author: Mesut Cetin Vendor Homepage: http://egavilanmedia.com Version: 1.0 Tested on Windows 10, Firefox 83.0, Burp Suite Professional v1.7.34...