47884 matches found
WebPort 1.19.1 - 'setup' Reflected Cross-Site Scripting
Exploit Title: WebPort 1.19.1 - 'setup' Reflected Cross-Site Scripting Date: 2019-05-30 Exploit Author: Emre ÖVÜNÇ Vendor Homepage: https://webport.se/ Software Link: https://webport.se/nedladdningar/ Version: v1.19.1 Tested on: Windows/Linux CVE-2019-12460...
WebPort 1.19.1 - Reflected Cross-Site Scripting
Exploit Title: WebPort 1.19.1 - Reflected Cross-Site Scripting Date: 2019-05-30 Exploit Author: Emre ÖVÜNÇ Vendor Homepage: https://webport.se/ Software Link: https://webport.se/nedladdningar/ Version: v1.19.1 Tested on: Windows/Linux CVE-2019-12461...
Student Enrollment 1.0 - Unauthenticated Remote Code Execution
Exploit Title: Student Enrollment 1.0 - Unauthenticated Remote Code Execution Date: 2020-06-22 Exploit Author: Selim Enes 'Enesdex' Karaduman Vendor Homepage: https://www.sourcecodester.com/php/14281/online-student-enrollment-system-using-phpmysqli.html Version: 1.0 Tested on: Windows 10 /...
Eaton Intelligent Power Manager 1.6 - Directory Traversal
Exploit Title: Eaton Intelligent Power Manager 1.6 - Directory Traversal Date: 2018-09-29 Exploit Author: Emre ÖVÜNÇ Vendor Homepage: https://powerquality.eaton.com/ Software Link: https://powerquality.eaton.com/Support/Software-Drivers/default.asp?cx=-999 Version: v1.6 Tested on: Windows...
Online Student Enrollment System 1.0 - Unauthenticated Arbitrary File Upload
Exploit Title: Online Student Enrollment System 1.0 - Unauthenticated Arbitrary File Upload Google Dork: N/A Date: 2020-06-20 Exploit Author: BKpatron Vendor Homepage: https://www.campcodes.com/projects/php/4745/online-student-enrollment-system-in-php-mysqli/ Software Link:...
FileRun 2019.05.21 - Reflected Cross-Site Scripting
Exploit Title: FileRun 2019.05.21 - Reflected Cross-Site Scripting Date: 2019-07-01 Exploit Author: Emre ÖVÜNÇ Vendor Homepage: https://www.filerun.com/ Software Link: https://filerun.com/download Version: v2019.05.21 Tested on: Windows/Linux CVE: CVE-2019-12905 CVE-2019-12905...
Frigate 2.02 - Denial Of Service (PoC)
Exploit Title: Frigate 2.02 - Denial Of Service PoC Vendor Homepage: http://www.frigate3.com/ Software Link Download: http://www.frigate3.com/download/Frigate2.exe Exploit Author: Paras Bhatia Discovery Date: 2020-06-22 Vulnerable Software: Frigate Version: 2.02 Vulnerability Type: Denial of...
Odoo 12.0 - Local File Inclusion
Exploit Title: Odoo 12.0 - Local File Inclusion Date: 2019-06-14 Exploit Author: Emre ÖVÜNÇ Vendor Homepage: https://www.odoo.com/ Software Link: https://www.odoo.com/trTR/page/download Version: v12.0 Tested on: Windows/Linux https://github.com/EmreOvunc/Odoo-12.0-LFI-Vulnerabilities...
Beauty Parlour Management System 1.0 - Authentication Bypass
Exploit Title: Beauty Parlour Management System 1.0 - Authentication Bypass Google Dork: N/A Exploit Author: Prof. Kailas PATIL krp Date: 2020-06-18 Vendor Homepage: https://phpgurukul.com/ Software Link: https://phpgurukul.com/beauty-parlour-management-system-using-php-and-mysql/ Version: v1.0...
Code Blocks 17.12 - 'File Name' Local Buffer Overflow (Unicode) (SEH) (PoC)
Exploit Title: Code Blocks 17.12 - 'File Name' Local Buffer Overflow Unicode SEH PoC Vendor Homepage: http://www.codeblocks.org/ Software Link Download: https://sourceforge.net/projects/codeblocks/files/Binaries/17.12/Windows/codeblocks-17.12-setup.exe/download Exploit Author: Paras Bhatia...
College-Management-System-Php 1.0 - Authentication Bypass
Exploit Title: College-Management-System-Php 1.0 - Authentication Bypass / SQL Injection Exploit Author: BLAY ABU SAFIAN Inveteck Global Website: https://github.com/olotieno/College-Management-System-Php Date: 2020-06-16 Google Dork: N/A Vendor: https://github.com/olotieno/ Software Link:...
OpenCTI 3.3.1 - Directory Traversal
Exploit Title: OpenCTI 3.3.1 - Directory Traversal Date: 2020-03-05 Exploit Author: Raif Berkay Dincel Vendor Homepage: www.opencti.io/ Software https://github.com/OpenCTI-Platform/opencti/releases/tag/3.3.1 Version: 3.3.1 CVE-ID: N/A Tested on: Linux Mint / Windows 10 Vulnerabilities Discovered...
Bandwidth Monitor 3.9 - 'Svc10StrikeBandMontitor' Unquoted Service Path
Exploit Title: Bandwidth Monitor 3.9 - 'Svc10StrikeBandMontitor' Unquoted Service Path Exploit Author: Bobby Cooke Date: 2020-07-15 Vendor Site: https://www.10-strike.com/ Software Download: https://www.10-strike.com/bandwidth-monitor/bandwidth-monitor.exe Tested On: Windows 10 - Pro 1909 x86...
Gila CMS 1.11.8 - 'query' SQL Injection
Exploit Title: Gila CMS 1.11.8 - 'query' SQL Injection Date: 2020-06-15 Exploit Author: Carlos Ramírez L. BillyV4 Vendor Homepage: https://gilacms.com/ Software Link: https://github.com/GilaCMS/gila/releases/tag/1.11.8 Version: Gila 1.11.8 Tested on: Gila 1.11.8 CVE : CVE-2020-5515 import request...
Netgear R7000 Router - Remote Code Execution
EDB Note: Download https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/48588.zip Exploits a pre-authentication memcpy based stack buffer overflow vulnerability in httpd on several devices and versions: Device Version httpd md5sum Exploit status AC1450 V1.0.0.3610.0.17...
SOS JobScheduler 1.13.3 - Stored Password Decryption
Exploit Title: SOS JobScheduler 1.13.3 - Stored Password Decryption Google Dork: N/A Date: 2020-04-20 Exploit Author: Sander Ubink Vendor Homepage: www.sos-berlin.com Software Link: www.sos-berlin.com/en/jobscheduler-downloads Version: Tested on 1.12.9 and 1.13.3, vendor reported 1.12 and 1.13...
Avaya IP Office 11 - Password Disclosure
Exploit Title: Avaya IP Office 11 - Password Disclosure Exploit Author: hyp3rlinx Date: 2020-06-09 Vender Homepage: https://downloads.avaya.com Product Link: https://downloads.avaya.com/css/P8/documents/101067493 CVE: CVE-2020-7030 + Credits: John Page aka hyp3rlinx + Website:...
SmarterMail 16 - Arbitrary File Upload
Exploit Title: SmarterMail 16 - Arbitrary File Upload Google Dork: inurl:/interface/root Date: 2020-06-10 Exploit Author: vvhack.org Vendor Homepage: https://www.smartertools.com Software Link: https://www.smartertools.com Version: 16.x Tested on: Windows CVE : N/A !/usr/bin/python3 import...
Sysax MultiServer 6.90 - Reflected Cross Site Scripting
Exploit Title: Sysax MultiServer 6.90 - Reflected Cross Site Scripting Google Dork: n.d. Date: 2020-06-02 Exploit Author: Luca Epifanio wrongsid3 Vendor Homepage: https://www.sysax.com/ Software Link: https://www.sysax.com/download.htm Version: MultiServer 6.90 Tested on: Windows 10 x64 CVE :...
Frigate Professional 3.36.0.9 - 'Find Computer' Local Buffer Overflow (SEH) (PoC)
Exploit Title: Frigate Professional 3.36.0.9 - 'Find Computer' Local Buffer Overflow SEH PoC Vendor Homepage: http://www.frigate3.com/ Software Link Download: http://www.frigate3.com/download/frigate3pro.exe Exploit Author: Paras Bhatia Discovery Date: 2020-06-04 Vulnerable Software: Frigate...
Joomla! J2 Store 3.3.11 - 'filter_order_Dir' Authenticated SQL Injection
Exploit Title: Joomla J2 Store 3.3.11 - 'filterorderDir' SQL Injection Authenticated Date: 2020-04-17 Exploit Author: Mehmet Kelepçe / Gais Cyber Security Vendor Homepage: https://www.j2store.org/ Software Link: https://www.j2store.org/download.html Reference:...
Sistem Informasi Pengumuman Kelulusan Online 1.0 - Cross-Site Request Forgery (Add Admin)
Exploit Title: Sistem Informasi Pengumuman Kelulusan Online 1.0 - Cross-Site Request Forgery Add Admin Google Dork: N/A Date: 2020-06-10 Exploit Author: Extinction Vendor Homepage: https://adikiss.net/ Software Link:...
WinGate 9.4.1.5998 - Insecure Folder Permissions
Exploit Title: WinGate 9.4.1.5998 - Insecure Folder Permissions Date: 2020-06-05 Exploit Author: hyp3rlinx Vendor Homepage: https://www.wingate.com Version: 9.4.1.5998 CVE: CVE-2020-13866 + Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source:...
Virtual Airlines Manager 2.6.2 - 'id' SQL Injection
Exploit Title: Virtual Airlines Manager 2.6.2 - 'id' SQL Injection Date: 2020-06-09 Exploit Author: Mosaaed Vendor Homepage: http://virtualairlinesmanager.net/ Dork: N/A Affected Version: 2.6.2 Tested on: Ubuntu CVE : N/A ------------------- xss...
10-Strike Bandwidth Monitor 3.9 - Buffer Overflow (SEH) (ASLR + DEP Bypass)
Exploit Title: 10-Strike Bandwidth Monitor 3.9 - Buffer Overflow SEH,DEP,ASLR Exploit Author: Bobby Cooke Date: 2020-07-07 Vendor Site: https://www.10-strike.com/ Software Download: https://www.10-strike.com/bandwidth-monitor/bandwidth-monitor.exe Tested On: Windows 10 - Pro 1909 x86 Version:...
HFS Http File Server 2.3m Build 300 - Buffer Overflow (PoC)
Exploit Title: HFS Http File Server 2.3m Build 300 - Buffer Overflow PoC Date: 2020-06-05 Exploit Author: hyp3rlinx Vendor Homepage: www.rejetto.com CVE : CVE-2020-13432 + Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source:...
Bludit 3.9.12 - Directory Traversal
Exploit Title: Bludit 3.9.12 - Directory Traversal Date: 2020-06-05 Exploit Author: Luis Vacacas Vendor Homepage: https://www.bludit.com Software Link: https://github.com/bludit/bludit Version: = 3.9.12 Tested on: Ubuntu 19.10 CVE : CVE-2019-16113 !/usr/bin/env python3 -- coding: utf-8 -- import...
Virtual Airlines Manager 2.6.2 - 'airport' SQL Injection
Exploit Title: Virtual Airlines Manager 2.6.2 - 'airport' SQL Injection Google Dork: N/A Date: 2020-06-08 Exploit Author: Kostadin Tonev Vendor Homepage: http://virtualairlinesmanager.net Software Link: https://virtualairlinesmanager.net/index.php/vam-releases/ Version: 2.6.2 Tested on: Linux Min...
Frigate 3.36.0.9 - 'Command Line' Local Buffer Overflow (SEH) (PoC)
Exploit Title: Frigate 3.36.0.9 - 'Command Line' Local Buffer Overflow SEH PoC Vendor Homepage: http://www.frigate3.com/ Software Link Download: http://www.frigate3.com/download/frigate3pro.exe Exploit Author: Paras Bhatia Discovery Date: 2020-06-07 Vulnerable Software: Frigate Version: "Command...
Kyocera Printer d-COPIA253MF - Directory Traversal (PoC)
Exploit Title : Kyocera Printer d-COPIA253MF - Directory Traversal PoC Exploit Author: Hakan Eren ŞAN Date: 2020-06-06 Vendor Homepage: https://www.kyoceradocumentsolutions.com.tr/tr.html Version: d-COPIA253MF plus Tested on : Linux Credit: Berat Isler First step , you can capture the main page...
Quick Player 1.3 - '.m3l' Buffer Overflow (Unicode & SEH)
Exploit Title: Quick Player 1.3 - '.m3l' Buffer Overflow Unicode & SEH Date: 2020-06-05 Author: Felipe Winsnes Software Link: http://download.cnet.com/Quick-Player/3640-21684-10871418.html Version: 1.3 Tested on: Windows 7 Proof of Concept: 1.- Run the python script "poc.py", it will create a new...
Virtual Airlines Manager 2.6.2 - 'notam' SQL Injection
Exploit Title: Virtual Airlines Manager 2.6.2 - 'notam' SQL Injection Date: 2020-06-07 Exploit Author: Pankaj Kumar Thakur Vendor Homepage: http://virtualairlinesmanager.net/ Dork: inurl:notamid= Affected Version: 2.6.2 Tested on: Ubuntu CVE : N/A Vulnerable parameter -------------------...
Online Course Registration 1.0 - Authentication Bypass
Exploit Title: Online Course Registration 1.0 - Authentication Bypass Google Dork: N/A Date: 2020-06-05 Exploit Author: BKpatron Vendor Homepage: https://www.sourcecodester.com/php/14251/online-course-registration.html Software Link:...
Online-Exam-System 2015 - 'feedback' SQL Injection
Exploit Title: Online-Exam-System 2015 - 'feedback' SQL Injection Date: 2020-06-04 Exploit Author: Gus Ralph Vendor Homepage: https://github.com/sunnygkp10/ Software Link: https://github.com/sunnygkp10/Online-Exam-System-.git Affected Version: 2015 Tested on: Ubuntu CVE : N/A import requests,...
Online Marriage Registration System 1.0 - Remote Code Execution (1)
Exploit Title: Online Marriage Registration System 1.0 Remote Code Execution Google Dork: N/A Date: 2020-05-31 Exploit Author: Selim Enes 'Enesdex' Karaduman Vendor Homepage: https://phpgurukul.com/ Software Link: https://phpgurukul.com/online-marriage-registration-system-using-php-and-mysql/...
Cayin Signage Media Player 3.0 - Remote Command Injection (root)
Title: Cayin Signage Media Player 3.0 - Remote Command Injection root Author:LiquidWorm Date: 2020-06-04 Vendor: https://www.cayintech.com CVE: N/A !/usr/bin/env python3 Cayin Signage Media Player 3.0 Root Remote Command Injection Vendor: CAYIN Technology Co., Ltd. Product web page:...
Navigate CMS 2.8.7 - Authenticated Directory Traversal
Exploit Title: Navigate CMS 2.8.7 - Authenticated Directory Traversal Date: 2020-06-04 Exploit Author: Gus Ralph Vendor Homepage: https://www.navigatecms.com/en/home Software Link: https://sourceforge.net/projects/navigatecms/files/releases/navigate-2.8.7r1401.zip/download Version: 2.8.7 Tested o...
Clinic Management System 1.0 - Authenticated Arbitrary File Upload
Exploit Title: Clinic Management System 1.0 - Authenticated Arbitrary File Upload Google Dork: N/A Date: 2020-06-02 Exploit Author: BKpatron Vendor Homepage: https://www.sourcecodester.com/php/14243/open-source-clinic-management-system-php-full-source-code.html Software Link:...
Oriol Espinal CMS 1.0 - 'id' SQL Injection
Exploit Title: Oriol Espinal CMS 1.0 - 'id' SQL Injection Google Dork: inurl:/eotoolsshare/ Date: 2020-06-03 Exploit Author: TSAR Vendor Homepage: http://www.oriolespinal.es/eowd Software Link: http://www.oriolespinal.es/eotools Version: ALL VERSION UP TO LATEST Tested on: MACOS 10.11.2 CVE : NOt...
Cayin Digital Signage System xPost 2.5 - Remote Command Injection
Title: Cayin Digital Signage System xPost 2.5 - Remote Command Injection Author:LiquidWorm Date: 2020-06-04 Vendor: https://www.cayintech.com CVE: N/A !/usr/bin/env python3 Cayin Digital Signage System xPost 2.5 Pre-Auth SQLi Remote Code Execution Vendor: CAYIN Technology Co., Ltd. Product web...
Hostel Management System 2.0 - 'id' SQL Injection (Unauthenticated)
Exploit Title: Hostel Management System 2.0 - 'id' SQL Injection Unauthenticated Date: 2020-06-02 Exploit Author: Selim Enes 'Enesdex' Karaduman Vendor Homepage: https://phpgurukul.com/hostel-management-system/ Software Link: https://phpgurukul.com/?smdprocessdownload=1&downloadid=7210 Version: 2...
Clinic Management System 1.0 - Unauthenticated Remote Code Execution
Exploit Title: Clinic Management System 1.0 - Unauthenticated Remote Code Execution Google Dork: N/A Date: 2020-06-02 Exploit Author: BKpatron Vendor Homepage: https://www.sourcecodester.com/php/14243/open-source-clinic-management-system-php-full-source-code.html Software Link:...
IObit Uninstaller 9.5.0.15 - 'IObit Uninstaller Service' Unquoted Service Path
Title: IObit Uninstaller 9.5.0.15 - 'IObit Uninstaller Service' Unquoted Service Path Author: Gobinathan L Date: 2020-06-03 Vendor Homepage: https://www.iobit.com Software Link: https://www.iobit.com/en/advanceduninstaller.php Version : 9.5.0.15 Tested on: Windows 10 64bitEN About Unquoted Servic...
Cayin Content Management Server 11.0 - Remote Command Injection (root)
Title: Cayin Content Management Server 11.0 - Remote Command Injection root Author:LiquidWorm Date: 2020-06-04 Vendor: https://www.cayintech.com CVE: N/A Cayin Content Management Server 11.0 Root Remote Command Injection Vendor: CAYIN Technology Co., Ltd. Product web page: https://www.cayintech.c...
Navigate CMS 2.8.7 - ''sidx' SQL Injection (Authenticated)
Exploit Title: Navigate CMS 2.8.7 - ''sidx' SQL Injection Authenticated Date: 2020-06-04 Exploit Author: Gus Ralph Vendor Homepage: https://www.navigatecms.com/en/home Software Link: https://sourceforge.net/projects/navigatecms/files/releases/navigate-2.8.7r1401.zip/download Version: 2.8.7 Tested...
AirControl 1.4.2 - PreAuth Remote Code Execution
Exploit Title: AirControl 1.4.2 - PreAuth Remote Code Execution Date: 2020-06-03 Exploit Author: 0xd0ff9 vs j3ssie Vendor Homepage: https://www.ui.com/ Software Link: https://www.ui.com/download/!utilities Version: AirControl = 1.4.2 Signature:...
D-Link DIR-615 T1 20.10 - CAPTCHA Bypass
Exploit Title: D-Link DIR-615 T1 20.10 - CAPTCHA Bypass Date: 2019-10-12 Exploit Author: huzaifa hussain Vendor Homepage: https://in.dlink.com/ Version: DIR-615 T1 ver:20.10 Tested on: D-LINK ROUTER "MODEL NO: DIR-615" with "FIRMWARE VERSION:20.10" & "HARDWARE VERSION:T1 CVE: CVE-2019-17525 D-LIN...
SnapGear Management Console SG560 3.1.5 - Cross-Site Request Forgery (Add Super User)
Title: SnapGear Management Console SG560 3.1.5 - Cross-Site Request Forgery Add Super User Author: LiquidWorm Date: 2020-06-04 Vendor: http://www.securecomputing.com CVE: N/A Secure Computing SnapGear Management Console SG560 v3.1.5 CSRF Add Super User Vendor: Secure Computing Corp. Product web...
VMWAre vCloud Director 9.7.0.15498291 - Remote Code Execution
Exploit Title: VMWAre vCloud Director 9.7.0.15498291 - Remote Code Execution Exploit Author: Tomas Melicher Technical Details: https://citadelo.com/en/blog/full-infrastructure-takeover-of-vmware-cloud-director-CVE-2020-3956/ Date: 2020-05-24 Vendor Homepage: https://www.vmware.com/ Software Link:...
Secure Computing SnapGear Management Console SG560 3.1.5 - Arbitrary File Read
Title: Secure Computing SnapGear Management Console SG560 3.1.5 - Arbitrary File Read Author:LiquidWorm Date: 2020-06-04 Vendor: http://www.securecomputing.com CVE: N/A Secure Computing SnapGear Management Console SG560 v3.1.5 Arbitrary File Read/Write Vendor: Secure Computing Corp. Product web...