Hotel Management System 1.0 - Remote Code Execution (Authenticated)

Exploit Title: Hotel Management System 1.0 - Remote Code Execution Authenticated Google Dork: N/A Date: 2020-09-23 Exploit Author: Eren Şimşek Vendor Homepage: https://www.sourcecodester.com/php/14458/hotel-management-system-project-using-phpmysql.html Software Link:...

Seat Reservation System 1.0 - Unauthenticated SQL Injection

Title: Seat Reservation System 1.0 - Unauthenticated SQL Injection Exploit Author: Rahul Ramkumar Date: 2020-09-16 Vendor Homepage: www.sourcecodester.com Software Link: https://www.sourcecodester.com/sites/default/files/download/oretnom23/seat-reservation-system-using-php0.zip Version: 1.0 Teste...

Alumni Management System 1.0 - Authentication Bypass

Exploit Title: Alumni Management System 1.0 - Authentication Bypass Date: 2020-10-16 Exploit Author: Ankita Pal Vendor Homepage: https://www.sourcecodester.com/php/14524/alumni-management-system-using-phpmysql-source-code.html Software Link:...

Employee Management System 1.0 - Cross Site Scripting (Stored)

Exploit Title: Employee Management System 1.0 - Stored Cross Site Scripting Date: 2020-10-16 Exploit Author: Ankita Pal Vendor Homepage: https://www.sourcecodester.com/php/14432/employee-management-system-using-php.html Software Link:...

Simple Grocery Store Sales And Inventory System 1.0 - Authentication Bypass

Exploit Title: Simple Grocery Store Sales And Inventory System 1.0 - Authentication Bypass Date: 24/09/2020 Exploit Author: Saurav Shukla & Jyotsna Adhana Vendor Homepage: https://www.sourcecodester.com/php/14461/simple-grocery-store-sales-and-inventory-system-using-phpmysql-source-code.html...

Zoo Management System 1.0 - Authentication Bypass

Exploit Title: Zoo Management System 1.0 - Authentication Bypass Date: 02/10/2020 Exploit Author: Jyotsna Adhana Vendor Homepage: https://phpgurukul.com/zoo-management-system-using-php-and-mysql/ Software Link: https://phpgurukul.com/?smdprocessdownload=1&downloadid=12723 Version: 1.0 Tested On:...

Vehicle Parking Management System 1.0 - Authentication Bypass

Exploit Title: Vehicle Parking Management System 1.0 - Authentication Bypass Google Dork: N/A Date: 2020-10-14 Exploit Author: BKpatron Vendor Homepage: https://www.sourcecodester.com/php/14415/vehicle-parking-management-system-project-phpmysql-full-source-code.html Software Link:...

rConfig 3.9.5 - Remote Code Execution (Unauthenticated)

Exploit Title: rConfig 3.9.5 - Remote Code Execution Unauthenticated Google Dork: N/A Date: 2020-10-13 Exploit Author: Daniel Monzón stark0de Vendor Homepage: https://www.rconfig.com/ Software Link: https://www.rconfig.com/downloads/rconfig-3.9.5.zip Version: rConfig v3.9.5 Tested on: CentOS 7 x6...

Guild Wars 2 - Insecure Folder Permissions

Exploit Title: Guild Wars 2 - Insecure Folder Permissions Date: 2020-10-09 Exploit Author: George Tsimpidas Software Link : https://account.arena.net/welcome Version Build : 106915 Tested on: Microsoft Windows 10 Home 10.0.18362 N/A Build 18362 Category: local Vulnerability Description: Guild War...

NodeBB Forum 1.12.2-1.14.2 - Account Takeover

Exploit Title: NodeBB Forum 1.12.2-1.14.2 - Account Takeover Date: 2020-08-18 Exploit Author: Muhammed Eren Uygun Vendor Homepage: https://nodebb.org/ Software Link: https://github.com/NodeBB/NodeBB Version: 1.12.2-1.14.2 Tested on: Linux CVE : CVE-2020-15149 -...

Battle.Net 1.27.1.12428 - Insecure File Permissions

Exploit Title: Battle.Net 1.27.1.12428 - Insecure File Permissions Date: 2020-10-09 Exploit Author: George Tsimpidas Software Link : https://www.blizzard.com/en-gb/download/ Battle Net Desktop Version Patch: 1.27.1.12428 Tested on: Microsoft Windows 10 Home 10.0.18362 N/A Build 18362 Category:...

berliCRM 1.0.24 - 'src_record' SQL Injection

Exploit Title: berliCRM 1.0.24 - 'srcrecord' SQL Injection Google Dork: N/A Date: 2020-10-11 Exploit Author: Ahmet Ümit BAYRAM Vendor Homepage: https://www.berlicrm.de Software Link: https://github.com/berliCRM/berlicrm/archive/1.0.24.zip Version: 1.0.24 Tested on: Kali Linux CVE : N/A ==========...

Cisco ASA and FTD 9.6.4.42 - Path Traversal

Exploit Title: Cisco ASA and FTD 9.6.4.42 - Path Traversal Date: 2020-10-10 Exploit Author: 3ndG4me Vendor: www.cisco.com Product: https://www.cisco.com/c/en/us/products/security/asa-firepower-services/index.html CVE : CVE-2020-3452 TARGET=$1 CISCOKNOWNFILES="logo.gif httpauth.html userdialog.htm...

Liman 0.7 - Cross-Site Request Forgery (Change Password)

Exploit Title: Liman 0.7 - Cross-Site Request Forgery Change Password Date: 2020-10-07 Exploit Author: George Tsimpidas Software Link : https://github.com/salihciftci/liman/releases/tag/v0.7 Version: 0.7 Tested on: Ubuntu 18.04.5 LTS Bionic Beaver Category: Webapp Description: There is no CSRF...

MedDream PACS Server 6.8.3.751 - Remote Code Execution (Unauthenticated)

!/usr/bin/python Exploit Title: MedDream PACS Server 6.8.3.751 - Remote Code Execution Unauthenticated Exploit Author: bzyo Twitter: @bzyo Date: 10-10-2020 Vulnerable Software: https://www.softneta.com/products/meddream-pacs-server/ Vendor Homepage: https://www.softneta.com Version: 6.8.3.751...

Small CRM 2.0 - 'email' SQL Injection

Exploit Title: Small CRM 2.0 - 'email' SQL Injection Google Dork: N/A Date: 2020-10-10 Exploit Author: Ahmet Ümit BAYRAM Vendor Homepage: https://phpgurukul.com/ Software Link: https://phpgurukul.com/small-crm-php/ Version: V2.0 Tested on: Kali Linux CVE : N/A ========== Vulnerable Code =========...

Online Students Management System 1.0 - 'username' SQL Injections

Title: Online Students Management System 1.0 - 'username' SQL Injections Exploit Author: George Tsimpidas Date: 2020-10-09 Vendor Homepage: www.sourcecodester.com Software Link: https://www.sourcecodester.com/sites/default/files/download/janobe/studentrecord0.zip Version : 1.0 Tested on: Ubuntu...

openMAINT 1.1-2.4.2 - Arbitrary File Upload

Exploit Title: openMAINT 1.1-2.4.2 - Arbitrary File Upload Dork: N/A Date: 2020-08-19 Exploit Author: mrb3n Vendor Homepage: https://www.openmaint.org/en Software Link: https://sourceforge.net/projects/openmaint/files/1.1/openmaint-1.1-2.4.2.zip/download Version: 1.1-2.4.2 Category: Webapps Teste...

DynPG 4.9.1 - Persistent Cross-Site Scripting (Authenticated)

Exploit Title: DynPG 4.9.1 - Persistent Cross-Site Scripting Authenticated Date: 2020-10-09 Exploit Author: Enes Özeser Vendor Homepage: https://dynpg.org/ Version: 4.9.1 Tested on: Windows & XAMPP == Tutorial alert"XSS"; == HTTP Request alert"XSS";...

Kentico CMS 9.0-12.0.49 - Persistent Cross Site Scripting

Exploit Title: Kentico CMS 9.0-12.0.49 - Persistent Cross Site Scripting Exploit Author: Ataberk YAVUZER CVE: CVE-2019-19493 Type: Webapps Vendor Homepage: https://www.kentico.com/ Version: 9.0-12.0.49 Date: 29-11-2019 CVE Details: https://nvd.nist.gov/vuln/detail/CVE-2019-19493 Details Persisten...

D-Link DSR-250N 3.12 - Denial of Service (PoC)

Exploit Title: D-Link DSR-250N 3.12 - Denial of Service PoC Google Dork: N/A Author: RedTeam Pentesting GmbH Date: 2020-10-03 Exploit Author: Kiko Andreu kikoas1995 & Daniel Monzón stark0de Vendor Homepage: https://www.dlink.com Software Link:...

SEO Panel 4.6.0 - Remote Code Execution (1)

Exploit Title: SEO Panel 4.6.0 - Remote Code Execution Google Dork: N/A Date: 2020-10-03 Exploit Author: Kiko Andreu kikoas1995 & Daniel Monzón stark0de Vendor Homepage: https://seopanel.org/ Software Link: https://www.seopanel.org/spdownload/4.6.0 Version: 4.6.0 Tested on: Kali Linux x64 5.4.0 C...

Textpattern CMS 4.6.2 - 'body' Persistent Cross-Site Scripting

Exploit Title: Textpattern CMS 4.6.2 - 'body' Persistent Cross-Site Scripting Exploit Author: Alperen Ergel Web Site: https://alperenae.gitbook.io/ Software Homepage: https://textpattern.com/ Version : 4.6.2 Tested on: windows 10 / xammp Category: WebApp Google Dork: intext:"Published with...

BACnet Test Server 1.01 - Remote Denial of Service (PoC)

Title: BACnet Test Server 1.01 - Remote Denial of Service PoC Date: 2020-10-07 Author: LiquidWorm Vendor: https://www.bac-test.com Product link: https://sourceforge.com/projects/bacnetserver CVE: N/A !/usr/bin/perl BACnet Test Server 1.01 Remote Denial of Service Exploit Vendor: BACnet...

EasyPMS 1.0.0 - Authentication Bypass

Exploit Title: EasyPMS 1.0.0 - Authentication Bypass Discovery by: Jok3r Vendor Homepage: https://www.elektraweb.com/en/ Software Link: https://github.com/Travelaps/EasyPMS/releases/ Tested Version: 1.0.0 Vulnerability Type: Authentication Bypass Tested on OS: Windows Server 2012 Description:...

Karel IP Phone IP1211 Web Management Panel - Directory Traversal

Exploit Title: Karel IP Phone IP1211 Web Management Panel - Directory Traversal Exploit Author: Berat Gokberk ISLER Date: 2020-09-01 CVE: N/A Type: Webapps Vendor Homepage: https://www.karel.com.tr/urun-cozum/ip1211-ip-telefon Version: IP1211 Details Directory traversal vulnerability on the Karel...

SpamTitan 7.07 - Unauthenticated Remote Code Execution

Exploit Title: SpamTitan 7.07 - Unauthenticated Remote Code Execution Date: 2020-09-18 Exploit Author: Felipe Molina @felmoltor Vendor Homepage: https://www.titanhq.com/spamtitan/spamtitangateway/ Software Link: https://www.titanhq.com/signup/?producttype=spamtitangateway Version: 7.07 Tested on:...

MOVEit Transfer 11.1.1 - 'token' Unauthenticated SQL Injection

Exploit Title: MOVEit Transfer 11.1.1 - 'token' Unauthenticated SQL Injection Google Dork: inurl:human.aspx intext:moveit Date: 2020-10-05 Exploit Author: Aviv Beniash Vendor Homepage: https://www.ipswitch.com/ Version: MOVEit Transfer 2018 SP2 before 10.2.4, 2019 before 11.0.2, and 2019.1 before...

MedDream PACS Server 6.8.3.751 - Remote Code Execution (Authenticated)

!/usr/bin/python Exploit Title: MedDream PACS Server 6.8.3.751 - Remote Code Execution Authenticated Exploit Author: bzyo Twitter: @bzyo Exploit Title: MedDream PACS Server 6.8.3.751 - Remote Code Execution Authenticated Date: 2020-10-01 Vulnerable Software:...

Photo Share Website 1.0 - Persistent Cross-Site Scripting

Exploit Title: Photo Share Website 1.0 - Persistent Cross-Site Scripting Date: 2020-09-30 Exploit Author: Augkim Vendor Homepage: https://www.sourcecodester.com/php/14478/photo-share-website-using-phpmysql-source-code.html Software Link:...

Sony IPELA Network Camera 1.82.01 - 'ftpclient.cgi' Remote Stack Buffer Overflow

Exploit Title: Sony IPELA Network Camera 1.82.01 - 'ftpclient.cgi' Remote Stack Buffer Overflow Google Dork: Server: Mida eFramework Date: 2020-09-30 Exploit Author: LiquidWorm Vendor Homepage: https://pro.sony Version: = 1.82.01 !/usr/bin/env python Sony IPELA Network Camera ftpclient.cgi Remote...

SpinetiX Fusion Digital Signage 3.4.8 - Username Enumeration

Exploit Title: SpinetiX Fusion Digital Signage 3.4.8 - Username Enumeration Date: 2020-09-30 Exploit Author: LiquidWorm Vendor Homepage: https://www.spinetix.com Version: = 8.2.26 SpinetiX Fusion Digital Signage 3.4.8 Username Enumeration Weakness Vendor: SpinetiX AG Product web page:...

GetSimple CMS 3.3.16 - Persistent Cross-Site Scripting (Authenticated)

Exploit Title: GetSimple CMS 3.3.16 - Persistent Cross-Site Scripting Authenticated Google Dork: - Date: 2020-09-29 Exploit Author: Roel van Beurden Vendor Homepage: http://get-simple.info Software Link: http://get-simple.info/download Version: 3.3.16 Tested on: Linux Ubuntu 18.04 CVE: N/A 1...

Typesetter CMS 5.1 - 'Site Title' Persistent Cross-Site Scripting

Exploit Title: Typesetter CMS 5.1 - 'Site Title' Persistent Cross-Site Scripting Exploit Author: Alperen Ergel Web Site: https://alperenae.gitbook.io/ Contact: @alperenae IG @alprenae TW Software Homepage: https://www.typesettercms.com/ Version : 5.1 Tested on: windows 10 / xammp Category: WebApp...

SpinetiX Fusion Digital Signage 3.4.8 - Cross-Site Request Forgery (Add Admin)

Exploit Title: SpinetiX Fusion Digital Signage 3.4.8 - Cross-Site Request Forgery Add Admin Date: 2020-09-30 Exploit Author: LiquidWorm Vendor Homepage: https://www.spinetix.com Version: = 8.2.26 SpinetiX Fusion Digital Signage 3.4.8 CSRF Add Admin Exploit Vendor: SpinetiX AG Product web page:...

CMS Made Simple 2.2.14 - Persistent Cross-Site Scripting (Authenticated)

Exploit Title: CMS Made Simple 2.2.14 - Persistent Cross-Site Scripting Authenticated Google Dork: - Date: 2020-09-29 Exploit Author: Roel van Beurden Vendor Homepage: https://www.cmsmadesimple.org/ Software Link: http://s3.amazonaws.com/cmsms/downloads/14793/cmsms-2.2.14-install.zip Version:...

BrightSign Digital Signage Diagnostic Web Server 8.2.26 - File Delete Path Traversal

Exploit Title: SpinetiX Fusion Digital Signage 3.4.8 - File Delete Path Traversal Date: 2020-09-30 Exploit Author: LiquidWorm Vendor Homepage: https://www.spinetix.com Version: = 8.2.26 SpinetiX Fusion Digital Signage 3.4.8 File Backup/Delete Path Traversal Vendor: SpinetiX AG Product web page:...

WebsiteBaker 2.12.2 - 'display_name' SQL Injection (authenticated)

Exploit Title: WebsiteBaker 2.12.2 - 'displayname' SQL Injection authenticated Google Dork: - Date: 2020-09-20 Exploit Author: Roel van Beurden Vendor Homepage: https://websitebaker.org Software Link: https://wiki.websitebaker.org/doku.php/en/downloads Version: 2.12.2 Tested on: Linux Ubuntu 18.0...

BrightSign Digital Signage Diagnostic Web Server 8.2.26 - Server-Side Request Forgery (Unauthenticated)

Exploit Title: BrightSign Digital Signage Diagnostic Web Server 8.2.26 - Server-Side Request Forgery Unauthenticated Date: 2020-09-30 Exploit Author: LiquidWorm Vendor Homepage: https://www.brightsign.biz Version: = 8.2.26 BrightSign Digital Signage Diagnostic Web Server 8.2.26 Unauthenticated SS...

MonoCMS Blog 1.0 - Arbitrary File Deletion (Authenticated)

Exploit Title: MonoCMS Blog 1.0 - Arbitrary File Deletion Authenticated Date: 2020-09-20 Exploit Author: Shahrukh Iqbal Mirza @shahrukhiqbal24 Vendor Homepage: https://monocms.com/download Software Link: https://monocms.com/download Version: 1.0 Tested On: Windows 10 XAMPP CVE: N/A Proof of...

SpinetiX Fusion Digital Signage 3.4.8 - Database Backup Disclosure

Exploit Title: SpinetiX Fusion Digital Signage 3.4.8 - Database Backup Disclosure Date: 2020-09-30 Exploit Author: LiquidWorm Vendor Homepage: https://www.spinetix.com Version: = 8.2.26 SpinetiX Fusion Digital Signage 3.4.8 Database Backup Disclosure Vendor: SpinetiX AG Product web page:...

BearShare Lite 5.2.5 - 'Advanced Search'Buffer Overflow in (PoC)

Title: BearShare Lite 5.2.5 - 'Advanced Search'Buffer Overflow in PoC Date: 2020-09-29 Author: Christian Vierschilling Vendor Homepage: http://www.bearshareofficial.com/ Software Link: http://www.oldversion.com.de/windows/bearshare-lite-5-2-5 Versions: 5.1.0 - 5.2.5 Tested on: Windows 10 x64 EN/D...

CloudMe 1.11.2 - Buffer Overflow ROP (DEP,ASLR)

Exploit Title: CloudMe 1.11.2 - Buffer Overflow ROP DEP,ASLR Exploit Author: Bobby Cooke boku CVE: CVE-2018-6892 Date: 2020-09-29 Vendor Homepage: https://www.cloudme.com/ Software Link: https://www.cloudme.com/downloads/CloudMe1112.exe Version: 1.11.2 Tested On: Windows 10 x64 - 10.0.19041 Build...

WebsiteBaker 2.12.2 - Remote Code Execution

Exploit Title: WebsiteBaker 2.12.2 - Remote Code Execution Date: 2020-07-04 Exploit Author: Selim Enes 'Enesdex' Karaduman Vendor Homepage: https://websitebaker.org/pages/en/home.php Software Link: https://wiki.websitebaker.org/doku.php/downloads Version: 2.12.2 Tested on: Windows 10 and Ubuntu...

Mida eFramework 2.8.9 - Remote Code Execution

Exploit Title: Mida eFramework 2.8.9 - Remote Code Execution Google Dork: Server: Mida eFramework Date: 2020-08-27 Exploit Author: elbae Vendor Homepage: https://www.midasolutions.com/ Software Link: http://ova-efw.midasolutions.com/ Reference:...

Joplin 1.0.245 - Arbitrary Code Execution (PoC)

Exploit Title: Joplin 1.0.245 - Arbitrary Code Execution PoC Date: 2020-09-21 Exploit Author: Ademar Nowasky Junior @nowaskyjr Vendor Homepage: https://joplinapp.org/ Software Link: https://github.com/laurent22/joplin/releases/download/v1.0.245/Joplin-Setup-1.0.245.exe Version: 1.0.190 to 1.0.245...

MSI Ambient Link Driver 1.0.0.8 - Local Privilege Escalation

/ Exploit Title: MSI Ambient Link Driver 1.0.0.8 - Local Privilege Escalation Date: 2020-09-24 Exploit Author: Matteo Malvica Vendor Homepage: https://www.msi.com Software Link: https://msi.gm/ABLTMNB Driver: MSIO64.sys SHA256: 525D9B51A80CA0CD4C5889A96F857E73F3A80DA1FFBAE59851E0F51BDFB0B6CD...

BigTree CMS 4.4.10 - Remote Code Execution

Exploit Title: BigTree CMS 4.4.10 - Remote Code Execution Google Dork: " BigTree CMS " Date: 2020-25-09 Exploit Author: SunCSR ThienNV and HoaVT - Sun Cyber Security Research Vendor Homepage: https://www.bigtreecms.org/ Software Link: https://www.bigtreecms.org/ Version: 4.4.10 Tested on: Windows...

B-swiss 3 Digital Signage System 3.6.5 - Database Disclosure

Exploit Title: B-swiss 3 Digital Signage System 3.6.5 - Database Disclosure Date: 2020-09-16 Exploit Author: LiquidWorm Vendor Homepage: https://www.b-swiss.com Version: 3.6.5 Affected version: 3.6.5,3.6.2,3.6.1,3.6.0,3.5.80,3.5.40,3.5.20,3.5.00,3.2.00,3.1.00 B-swiss 3 Digital Signage System 3.6....

Anchor CMS 0.12.7 - Persistent Cross-Site Scripting (Authenticated)

Exploit Title: Anchor CMS 0.12.7 - Persistent Cross-Site Scripting Authenticated Date: 2020-09-24 Exploit Author: Sinem Şahin Vendor Homepage: https://anchorcms.com/ Version: 0.12.7 Tested on: Windows & XAMPP == Tutorial http://HOST/admin/ 2- Login to admin panel. 3- Press "Posts" button. 4- Writ...