47884 matches found
Mara CMS 7.5 - Reflective Cross-Site Scripting
Exploit Title: Mara CMS 7.5 - Reflective Cross-Site Scripting Google Dork: NA Date: 2020-08-01 Exploit Author: George Tsimpidas Vendor Homepage: https://sourceforge.net/projects/maracms/ Software Link: https://sourceforge.net/projects/maracms/files/MaraCMS75.zip/download Version: 7.5 Tested on:...
Fuel CMS 1.4.8 - 'fuel_replace_id' SQL Injection (Authenticated)
Exploit Title: Fuel CMS 1.4.8 - 'fuelreplaceid' SQL Injection Authenticated Date: 2020-08-19 Exploit Author: c0mpu7er(@ymbank.cn) Vendor Homepage: https://www.getfuelcms.com/ Software Link: https://github.com/daylightstudio/FUEL-CMS/archive/1.4.8.zip Version: 1.4.7 Tested on: PHP 5.4.45, Apache...
BlazeDVD 7.0 Professional - '.plf' Local Buffer Overflow (SEH,ASLR,DEP)
Title: BlazeDVD 7.0 Professional - '.plf' Local Buffer Overflow SEH,ASLR,DEP Author: emalp Date: 2020-08-31 Vendor Homepage: http://www.blazevideo.com/ Software Link: http://www.blazevideo.com/download/BlazeDVDProSetup.exe Version: 7.0.0.0 Tested on: Windows 7 Home Basic Run this file bfile.plf...
CMS Made Simple 2.2.14 - Arbitrary File Upload (Authenticated)
!/usr/bin/python3 -- coding: utf-8 -- Exploit Title: CMS Made Simple 2.2.14 - Arbitrary File Upload Authenticated Google Dork: N/A Date: 2020-08-31 Exploit Author: Luis Noriega @nogagmx Vendor Homepage: https://www.cmsmadesimple.org/ Software Link:...
Nagios Log Server 2.1.6 - Persistent Cross-Site Scripting
Exploit Title: Nagios Log Server 2.1.6 - Persistent Cross-Site Scripting Date: 2020-08-07 Vendor Homepage: https://www.nagios.com/products/nagios-log-server/ Vendor Changelog: https://www.nagios.com/downloads/nagios-log-server/change-log/ Exploit Author: Jinson Varghese Behanan @JinsonCyberSec...
Online Shopping Alphaware 1.0 - 'id' SQL Injection
Title: Online Shopping Alphaware 1.0 - 'id' SQL Injection Exploit Author: Moaaz Taha 0xStorm Date: 2020-08-28 Vendor Homepage: https://www.sourcecodester.com/php/14368/online-shopping-alphaware-phpmysql.html Software Link:...
SymphonyCMS 3.0.0 - Persistent Cross-Site Scripting
Exploit Title: SymphonyCMS 3.0.0 - Persistent Cross-Site Scripting Google Dork: "lepton cms" Date: 2020-08-28 Exploit Author: SunCSR Sun Cyber Security Research Vendor Homepage: https://www.getsymphony.com/ Software Link: https://www.getsymphony.com/ Version: 3.0.0 Tested on: Windows CVE : N/A...
Eibiz i-Media Server Digital Signage 3.8.0 - Privilege Escalation
Exploit Title: Eibiz i-Media Server Digital Signage 3.8.0 - Privilege Escalation Date: 2020-08-28 Exploit Author: LiquidWorm Vendor Homepage: http://www.eibiz.co.th Version: 3.8.0 Tested on: Windows CVE : N/A !/usr/bin/env python3 -- coding: utf-8 -- Eibiz i-Media Server Digital Signage 3.8.0...
ASX to MP3 converter 3.1.3.7.2010.11.05 - '.wax' Local Buffer Overflow (DEP,ASLR Bypass) (PoC)
Exploit Title: ASX to MP3 converter 3.1.3.7.2010.11.05 - '.wax' Local Buffer Overflow DEP,ASLR Bypass PoC Software Link Download: https://github.com/x00x00x00x00/ASXtoMP3Converter3.1.3.7.2010.11.05/blob/master/ASXtoMP3Converter3.1.3.7.2010.11.05.exe?raw=true Exploit Author: Paras Bhatia Discovery...
Mida eFramework 2.9.0 - Remote Code Execution
Exploit Title: Mida eFramework 2.9.0 - Remote Code Execution Google Dork: Server: Mida eFramework Date: 2020-08-27 Exploit Author: elbae Vendor Homepage: https://www.midasolutions.com/ Software Link: http://ova-efw.midasolutions.com/ Reference:...
Wordpress Plugin Autoptimize 2.7.6 - Arbitrary File Upload (Authenticated)
Exploit Title: Wordpress Plugin Autoptimize 2.7.6 - Arbitrary File Upload Authenticated Date: 2020-08-24 Software Link: https://wordpress.org/plugins/autoptimize/ Author : SunCSR Team Version: v2.7.6 Tested on Ubuntu 18.04 / Kali Linux Reference: https://wpvulndb.com/vulnerabilities/10372...
Eibiz i-Media Server Digital Signage 3.8.0 - Directory Traversal
Exploit Title: Eibiz i-Media Server Digital Signage 3.8.0 - Directory Traversal Date: 2020-08-22 Exploit Author: LiquidWorm Vendor Homepage: http://www.eibiz.co.th Affected version: =3.8.0 CVE: N/A Eibiz i-Media Server Digital Signage 3.8.0 oldfile File Path Traversal Vendor: EIBIZ Co.,Ltd. Produ...
Ericom Access Server x64 9.2.0 - Server-Side Request Forgery
Exploit Title: Ericom Access Server x64 9.2.0 - Server-Side Request Forgery Date: 2020-08-22 Exploit Author: hyp3rlinx Vendor Homepage: www.ericom.com Version: Ericom Access Server x64 for AccessNow & Ericom Blaze v9.2.0 CVE: CVE-2020-24548 + Credits: John Page aka hyp3rlinx + Website:...
Eibiz i-Media Server Digital Signage 3.8.0 - Authentication Bypass
Exploit Title: Eibiz i-Media Server Digital Signage 3.8.0 - Authentication Bypass Date: 2020-08-21 Exploit Author: LiquidWorm Vendor Homepage: http://www.eibiz.co.th Version: =3.8.0 CVE: N/A !/usr/bin/env python3 -- coding: utf-8 -- Eibiz i-Media Server Digital Signage 3.8.0 createUser...
LimeSurvey 4.3.10 - 'Survey Menu' Persistent Cross-Site Scripting
Exploit Title: LimeSurvey 4.3.10 - 'Survey Menu' Persistent Cross-Site Scripting Date: 2020-08-23 Exploit Author: Matthew Aberegg Vendor Homepage: https://www.limesurvey.org Version: LimeSurvey 4.3.10+200812 Tested on: Ubuntu 18.04.4 Patch Link:...
Eibiz i-Media Server Digital Signage 3.8.0 - Configuration Disclosure
Exploit Title: Eibiz i-Media Server Digital Signage 3.8.0 - Configuration Disclosure Date: 2020-08-21 Exploit Author: LiquidWorm Vendor Homepage: http://www.eibiz.co.th Version: =3.8.0 CVE: N/A Eibiz i-Media Server Digital Signage 3.8.0 Configuration Disclosure Vendor: EIBIZ Co.,Ltd. Product web...
Seowon SlC 130 Router - Remote Code Execution
Exploit Title: Seowon SlC 130 Router - Remote Code Execution Author: maj0rmil4d - Ali Jalalat Author website: https://secureguy.ir Date: 2020-08-20 Vendor Homepage: seowonintech.co.kr Software Link: http://www.seowonintech.co.kr/en/product/detail.asp?num=150&bigkind=B05&middlekind=B0529 CVE:...
Complaint Management System 1.0 - 'cid' SQL Injection
Title: Complaint Management System 1.0 - 'cid' SQL Injection Exploit Author: Mohamed Elobeid 0b3!d Date: 2020-08-21 Vendor Homepage: https://www.sourcecodester.com/php/14206/complaint-management-system.html Software Link:...
ElkarBackup 1.3.3 - Persistent Cross-Site Scripting
Exploit Title: ElkarBackup 1.3.3 - Persistent Cross-Site Scripting Date: 2020-08-14 Exploit Author: Enes Özeser Vendor Homepage: https://www.elkarbackup.org/ Version: 1.3.3 Tested on: Linux 1- Go to following url. http://HOST/elkarbackup/login 2- Default username and password is root:root. We mus...
PNPSCADA 2.200816204020 - 'interf' SQL Injection (Authenticated)
Exploit Title: PNPSCADA 2.200816204020 - 'interf' SQL Injection Authenticated Google Dork: - Date: 2020-08-17 Exploit Author: İsmail ERKEK Vendor Homepage: http://wiki.pnpscada.com/forumHome.jsp Version: 2.200816204020 Tested on: - 1. Description: ---------------------- PNPSCADA 2.200816204020...
Ruijie Networks Switch eWeb S29_RGOS 11.4 - Directory Traversal
Exploit Title: Ruijie Networks Switch eWeb S29RGOS 11.4 - Directory Traversal Exploit Author: Tuygun Date: 2020-08-19 Vendor Homepage: https://www.ruijienetworks.com/ Version: eWeb S29RGOS 11.41B12P11 Source : https://faruktuygun.com/directorytraversal.html Proof of Concept Request: GET...
Savsoft Quiz 5 - Stored Cross-Site Scripting
Exploit Title: Savsoft Quiz 5 - Stored Cross-Site Scripting Date: 2020-07-28 Exploit Author: Mayur Parmarth3cyb3rc0p Vendor Homepage: https://savsoftquiz.com/ Software Link: https://github.com/savsofts/savsoftquizv5.git Version: 5.0 Tested on: Windows 10 Contact:...
Pharmacy Medical Store and Sale Point 1.0 - 'catid' SQL Injection
Title: Pharmacy Medical Store and Sale Point 1.0 - 'catid' SQL Injection Exploit Author: Moaaz Taha 0xStorm Date: 2020-08-18 Vendor Homepage: https://www.sourcecodester.com/php/14398/pharmacymedical-store-sale-point-using-phpmysql-bootstrap-framework.html Software Link:...
QiHang Media Web Digital Signage 3.0.9 - Cleartext Credential Disclosure
Exploit Title: QiHang Media Web Digital Signage 3.0.9 - Cleartext Credential Disclosure Date: 2020-08-12 Exploit Author: LiquidWorm Vendor Homepage: http://www.howfor.com Tested on: Microsoft Windows Server 2012 R2 Datacenter CVE : N/A QiHang Media Web QH.aspx Digital Signage 3.0.9 Cleartext...
Bludit 3.9.2 - Authentication Bruteforce Mitigation Bypass
!/usr/bin/env ruby Title: Bludit 3.9.2 - Authentication Bruteforce Mitigation Bypass Author: noraj Alexandre ZANNI Author website: https://pwn.by/noraj/ Date: 2020-08-16 Vendor Homepage: https://www.bludit.com/ Software Link: https://github.com/bludit/bludit/archive/3.9.2.tar.gz Version: = 3.9.2...
QiHang Media Web Digital Signage 3.0.9 - Unauthenticated Arbitrary File Deletion
Exploit Title: QiHang Media Web Digital Signage 3.0.9 - Unauthenticated Arbitrary File Deletion Date: 2020-08-12 Exploit Author: LiquidWorm Vendor Homepage: http://www.howfor.com Tested on: Microsoft Windows Server 2012 R2 Datacenter CVE : N/A QiHang Media Web QH.aspx Digital Signage 3.0.9...
QiHang Media Web Digital Signage 3.0.9 - Unauthenticated Arbitrary File Disclosure
Exploit Title: QiHang Media Web Digital Signage 3.0.9 - Unauthenticated Arbitrary File Disclosure Date: 2020-08-12 Exploit Author: LiquidWorm Vendor Homepage: http://www.howfor.com Tested on: Microsoft Windows Server 2012 R2 Datacenter CVE : N/A QiHang Media Web QH.aspx Digital Signage 3.0.9...
QiHang Media Web Digital Signage 3.0.9 - Remote Code Execution (Unauthenticated)
Exploit Title: QiHang Media Web Digital Signage 3.0.9 - Remote Code Execution Unauthenticated Date: 2020-08-12 Exploit Author: LiquidWorm Vendor Homepage: http://www.howfor.com Tested on: Microsoft Windows Server 2012 R2 Datacenter CVE : N/A...
Microsoft SharePoint Server 2019 - Remote Code Execution
Exploit Title: Microsoft SharePoint Server 2019 - Remote Code Execution Google Dork: inurl:quicklinks.aspx Date: 2020-08-14 Exploit Author: West Shepherd Vendor Homepage: https://www.microsoft.com Version: SharePoint Enterprise Server 2013 Service Pack 1, SharePoint Enterprise Server 2016 ,...
Artica Proxy 4.3.0 - Authentication Bypass
Exploit Title: Artica Proxy 4.3.0 - Authentication Bypass Google Dork: N/A Date: 2020-08-13 Exploit Author: Dan Duffy Vendor Homepage: http://articatech.net/ Software Link: http://articatech.net/download2x.php?IsoOnly=yes Version: 4.30.00000000 REQUIRED Tested on: Debian CVE : CVE-2020-17506 impo...
GetSimple CMS Plugin Multi User 1.8.2 - Cross-Site Request Forgery (Add Admin)
Exploit Title: GetSimple CMS Plugin Multi User v1.8.2 - Cross-Site Request Forgery Add Admin Exploit Author: Bobby Cooke boku & Adeeb Shah @hyd3sec Date: August 2020-08-12 Vendor Homepage: http://get-simple.info/extend/plugin/multi-user/133/ Software Link:...
CMS Made Simple 2.2.14 - Authenticated Arbitrary File Upload
Exploit Title: CMS Made Simple 2.2.14 - Arbitrary File Upload Authenticated Google Dork: - Date: 2020-07-29 Exploit Author: Roel van Beurden Vendor Homepage: https://www.cmsmadesimple.org/ Software Link: http://s3.amazonaws.com/cmsms/downloads/14793/cmsms-2.2.14-install.zip Version: 2.2.14 Tested...
vBulletin 5.6.2 - 'widget_tabbedContainer_tab_panel' Remote Code Execution
Exploit Title: vBulletin 5.6.2 - 'widgettabbedContainertabpanel' Remote Code Execution Date: 2020-08-09 Exploit Author: @zenofex Vendor Homepage: https://www.vbulletin.com/ Software Link: None Version: 5.4.5 through 5.6.2 Tested on: vBulletin 5.6.2 on Ubuntu 19.04 CVE : None vBulletin 5.5.4 throu...
Fuel CMS 1.4.7 - 'col' SQL Injection (Authenticated)
Exploit Title: Fuel CMS 1.4.7 - 'col' SQL Injection Authenticated Google Dork: - Date: 2020-08-01 Exploit Author: Roel van Beurden Vendor Homepage: https://www.getfuelcms.com/ Software Link: https://github.com/daylightstudio/FUEL-CMS/archive/1.4.7.zip Version: 1.4.7 Tested on: Linux Ubuntu 18.04...
ManageEngine ADSelfService Build prior to 6003 - Remote Code Execution (Unauthenticated)
Exploit Title: ManageEngine ADSelfService Plus 6000 – Unauthenticated Remote Code Execution Date: 2020-08-08 Exploit Author: Bhadresh Patel Vendor link: https://www.manageengine.com/company.html Version: ADSelfService Plus build 6003 CVE : CVE-2020-11552 This is an article with PoC exploit video ...
Warehouse Inventory System 1.0 - Cross-Site Request Forgery (Change Admin Password)
Exploit Title: Warehouse Inventory System 1.0 - Cross-Site Request Forgery Change Admin Password Exploit Author: Bobby Cooke boku & Adeeb Shah @hyd3sec Date: 2020-08-09 Vendor Homepage: https://oswapp.com Software Link: https://github.com/siamon123/warehouse-inventory-system/archive/master.zip...
BarcodeOCR 19.3.6 - 'BarcodeOCR' Unquoted Service Path
Exploit Title: BarcodeOCR 19.3.6 - 'BarcodeOCR' Unquoted Service Path Discovery Date: 2020-07-31 Response from BarcodeOCR Support: 08/03/2020 Exploit Author: Daniel Bertoni Vendor Homepage: https://www.barcode-ocr.com/ Version: 19.3.6 Tested on: Windows Server 2016, Windows 10 Find the Unquoted...
Daily Expenses Management System 1.0 - 'item' SQL Injection
Exploit Title: Daily Expenses Management System 1.0 - 'item' SQL Injection Date: 2020-08-05 Exploit Author: Edo Maland Vendor Homepage: https://www.sourcecodester.com/php/14372/daily-tracker-system-phpmysql.html Software Link:...
All-Dynamics Digital Signage System 2.0.2 - Cross-Site Request Forgery (Add Admin)
Exploit Title: All-Dynamics Digital Signage System 2.0.2 - Cross-Site Request Forgery Add Admin Discovery by: LiquidWorm Discovery Date: 2020-08-05 Vendor Homepage: https://www.all-dynamics.de !-- All-Dynamics Software enlogic:show Digital Signage System 2.0.2 CSRF Add Admin Vendor: All-Dynamics...
CodeMeter 6.60 - 'CodeMeter.exe' Unquoted Service Path
Exploit Title: CodeMeter 6.60 - 'CodeMeter.exe' Unquoted Service Path Discovery by: Luis Martinez Discovery Date: 2020-08-05 Vendor Homepage: https://www.wibu.com/us/products/codemeter/runtime.html Tested Version: 6.60 Vulnerability Type: Unquoted Service Path Tested on OS: Windows 10 Pro x64 es...
Victor CMS 1.0 - 'Search' SQL Injection
Exploit Title: Victor CMS 1.0 - 'Search' SQL Injection Date: 2020-08-04 Exploit Author: Edo Maland Vendor Homepage: https://github.com/VictorAlagwu/CMSsite Software Link: https://github.com/VictorAlagwu/CMSsite/archive/master.zip Version: 1.0 Tested on: XAMPP / Windows 10...
Stock Management System 1.0 - Authentication Bypass
Exploit Title: Stock Management System 1.0 - Authentication Bypass Exploit Author: Adeeb Shah @hyd3sec Date: August 1, 2020 Vendor Homepage: https://www.sourcecodester.com/ Software Link: https://www.sourcecodester.com/php/14366/stock-management-system-php.html Version: 1.0 Tested On: Windows 10...
ACTi NVR3 Standard or Professional Server 3.0.12.42 - Denial of Service (PoC)
Exploit Title: ACTi NVR3 Standard or Professional Server 3.0.12.42 - Denial of Service PoC Date: 2020-08-04 Exploit Author: MegaMagnus Vendor Homepage: https://www.acti.com/ Software Link: https://www.acti.com/DownloadCenter Version: V.3.0.12.42 , V.2.3.04.07 Tested on: Windows 7, Windows 10 CVE:...
QlikView 12.50.20000.0 - 'FTP Server Address' Denial of Service (PoC)
Exploit Title: QlikView 12.50.20000.0 - 'FTP Server Address' Denial of Service PoC Discovery by: Luis Martinez Discovery Date: 2020-08-03 Vendor Homepage: https://www.qlik.com Software Link: https://www.qlik.com/us/trial/qlik-sense-business Tested Version: 12.50.20000.0 Vulnerability Type: Denial...
RTSP for iOS 1.0 - 'IP Address' Denial of Service (PoC)
Exploit Title: RTSP for iOS 1.0 - 'IP Address' Denial of Service PoC Author: Luis Martinez Discovery Date: 2020-08-03 Vendor Homepage: https://appadvice.com/app/rtsp-viewer/1056996189 Software Link: App Store for iOS devices Tested Version: 1.0 Vulnerability Type: Denial of Service DoS Local Test...
Pi-hole 4.3.2 - Remote Code Execution (Authenticated)
!/usr/bin/env python2 Exploit Title: Pi-hole 4.3.2 - Remote Code Execution Authenticated Date: 2020-08-04 Exploit Author: Luis Vacas @CyberVaca Vendor Homepage: https://pi-hole.net/ Software Link: https://github.com/pi-hole/pi-hole Version: = 4.3.2 Tested on: Ubuntu 19.10 CVE : CVE-2020-8816...
Daily Expenses Management System 1.0 - 'username' SQL Injection
Exploit Title: Daily Expenses Management System 1.0 - 'username' SQL Injection Exploit Author: Daniel Ortiz Date: 2020-08-01 Vendor Homepage: https://www.sourcecodester.com/php/14372/daily-tracker-system-phpmysql.html Tested on: XAMPP Version 5.6.40 / Windows 10 Software Link:...
Mocha Telnet Lite for iOS 4.2 - 'User' Denial of Service (PoC)
Exploit Title: Mocha Telnet Lite for iOS 4.2 - 'User' Denial of Service PoC Discovery by: Luis Martinez Discovery Date: 2020-08-03 Vendor Homepage: https://apps.apple.com/us/app/telnet-lite/id286893976 Software Link: App Store for iOS devices Tested Version: 4.2 Vulnerability Type: Denial of...
BacklinkSpeed 2.4 - Buffer Overflow PoC (SEH)
Exploit Title: BacklinkSpeed 2.4 - Buffer Overflow PoC SEH Date: 2020-08-01 Exploit Author: Saeed reza Zamanian Vendor Homepage: http://www.dummysoftware.com Software Link: http://www.dummysoftware.com/backlinkspeed.html Version: 2.4 Tested on: Windows 10.0 x64 Build 10240 Windows 7 x64 Windows...
Online Shopping Alphaware 1.0 - Authentication Bypass
Title: Online Shopping Alphaware 1.0 - Authentication Bypass Exploit Author: Ahmed Abbas Date: 2020-07-28 Vendor Homepage: https://www.sourcecodester.com/php/14368/online-shopping-alphaware-phpmysql.html Software Link:...