47904 matches found
Online Discussion Forum Site 1.0 - Remote Code Execution
Exploit Title: Online Discussion Forum Site 1.0 - Remote Code Execution Google Dork: N/A Date: 2020-05-24 Exploit Author: Selim Enes 'Enesdex' Karaduman Vendor Homepage: https://www.sourcecodester.com/php/14233/online-discussion-forum-site.html Software Link:...
WordPress Plugin Form Maker 5.4.1 - 's' SQL Injection (Authenticated)
Exploit Title: Wordpress Plugin Form Maker 5.4.1 - 's' SQL Injection Authenticated Exploit Author: SunCSR Sun Cyber Security Research Date: 2020 - 5 - 22 Vender Homepage: https://help.10web.io/ Version: = 5.4.1 Tested on: Ubuntu 18.04 Description: SQL injection in the Form Maker by 10Web WordPres...
Dolibarr 11.0.3 - Persistent Cross-Site Scripting
Title: Dolibarr 11.0.3 - Persistent Cross-Site Scripting Author: Mehmet Kelepce / Gais Cyber Security Date : 2020-04-14 Vendor: https://www.dolibarr.org/ Exploit-DB Author ID: 8763 Remotely Exploitable: Yes Dynamic Coding Language: PHP CVSSv3 Base Score: 7.4 AV:N, AC:L, PR:L, UI:N, S:C, C:L, I:L,...
Filetto 1.0 - 'FEAT' Denial of Service (PoC)
Exploit Title: Filetto 1.0 - 'FEAT' Denial of Service PoC Date: 2020-05-13 Found by: Alvaro J. Gene Socket0x03 Vendor Homepage: http://www.utillyty.eu Software Link: https://sourceforge.net/projects/filetto Vulnerable Application: Filetto Version: 1.0 last version. Updated: 01/31/2020 Server: FTP...
Druva inSync Windows Client 6.6.3 - Local Privilege Escalation
Exploit Title: Druva inSync Windows Client 6.6.3 - Local Privilege Escalation Date: 2020-05-21 Exploit Author: Matteo Malvica Credits: Chris Lyne for previous version's exploit Vendor Homepage: druva.com Software Link:...
WebLogic Server - Deserialization RCE - BadAttributeValueExpException (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'WebLogic Server Deserialization RCE - BadAttributeValueExpException', 'Description' = %q There exists a Java object deserialization vulnerability...
Gym Management System 1.0 - Unauthenticated Remote Code Execution
Exploit Title: Gym Management System 1.0 - Unauthenticated Remote Code Execution Exploit Author: Bobby Cooke Date: 2020-05-21 Vendor Homepage: https://projectworlds.in/ Software Link: https://projectworlds.in/free-projects/php-projects/gym-management-system-project-in-php/ Version: 1.0 Tested On:...
Konica Minolta FTP Utility 1.0 - 'LIST' Denial of Service (PoC)
Exploit Title: Konica Minolta FTP Utility 1.0 - 'LIST' Denial of Service PoC Date: 2020-05-16 Found by: Alvaro J. Gene Socket0x03 Software Link: https://konica-minolta-ftp-utility.software.informer.com/download/ Vulnerable Application: Konica Minolta FTP Utility Version: 1.0 Server: FTP Server...
VUPlayer 2.49 .m3u - Local Buffer Overflow (DEP,ASLR)
Exploit title: VUPlayer 2.49 .m3u - Local Buffer Overflow DEP,ASLR Date: 2020-05-22 Exploit Author: Gobinathan L Vendor Homepage: http://www.vuplayer.com/ Version: v2.49 Tested on: Windows 7 Professional with ALSR and Full DEP Turned ON. Usage : $ python .py ===================================...
Konica Minolta FTP Utility 1.0 - 'NLST' Denial of Service (PoC)
Exploit Title: Konica Minolta FTP Utility 1.0 - 'NLST' Denial of Service PoC Date: 2020-05-16 Found by: Alvaro J. Gene Socket0x03 Software Link: https://konica-minolta-ftp-utility.software.informer.com/download/ Vulnerable Application: Konica Minolta FTP Utility Version: 1.0 Server: FTP Server...
Composr CMS 10.0.30 - Persistent Cross-Site Scripting
Title: Composr CMS 10.0.30 - Persistent Cross-Site Scripting Author: Manuel Garcia Cardenas Date: 2020-02-06 Vendor: https://compo.sr/ CVE: N/A ============================================= MGC ALERT 2020-001 - Original release date: February 06, 2020 - Last revised: May 21, 2020 - Discovered by:...
PHPFusion 9.03.50 - Persistent Cross-Site Scripting
Exploit Title: PHPFusion 9.03.50 - Persistent Cross-Site Scripting Date: 2020-05-20 Exploit Author: coiffeur Vendor Homepage: https://www.php-fusion.co.uk/home.php Software Link: https://www.php-fusion.co.uk/phpfusion9downloads.php Version: v9.03.50 How? When creating a thread or editing one of h...
OpenEDX platform Ironwood 2.5 - Remote Code Execution
Exploit Title: OpenEDX platform Ironwood 2.5 - Remote Code Execution Google Dork: N/A Date: 2020-05-20 Exploit Author: Daniel Monzón stark0de Vendor Homepage: https://open.edx.org/ Software Link: https://github.com/edx/edx-platform Version: Ironwood 2.5 Tested on: Debian x64 CVE : CVE-2020-13144...
AbsoluteTelnet 11.21 - 'Username' Denial of Service (PoC)
Exploit Title: AbsoluteTelnet 11.21 - 'Username' Denial of Service PoC Discovered by: Xenofon Vassilakopoulos Discovered Date: 2020-05-21 Vendor Homepage: https://www.celestialsoftware.net/ Software Link : https://www.celestialsoftware.net/telnet/AbsoluteTelnet11.21.exe Tested Version: 11.21...
forma.lms 5.6.40 - Cross-Site Request Forgery (Change Admin Email)
Exploit Title: forma.lms 5.6.40 - Cross-Site Request Forgery Change Admin Email Date: 2020-05-21 Exploit Author: Daniel Ortiz Vendor Homepage: https://sourceforge.net/projects/forma/ Tested on: XAMPP for Linux 64bit 5.6.40-0 1 - Description - Vulnerable form: Edit Profile - Details: The validatio...
CloudMe 1.11.2 - Buffer Overflow (SEH,DEP,ASLR)
Exploit Title: CloudMe 1.11.2 - Buffer Overflow SEH,DEP,ASLR Date: 2020-05-20 Exploit Author: Xenofon Vassilakopoulos Vendor Homepage: https://www.cloudme.com/en Software Link: https://www.cloudme.com/downloads/CloudMe1112.exe Version: CloudMe 1.11.2 Tested on: Windows 7 Professional x86 SP1 Step...
CraftCMS 3 vCard Plugin 1.0.0 - Remote Code Execution
Exploit Title: CraftCMS 3 vCard Plugin 1.0.0 - Remote Code Execution Date: 2020-05-18 Exploit Author: Wade Guest Vendor Homepage: https://craftcms.com/ Software Link: https://plugins.craftcms.com/vcard Vulnerability Details: https://gitlab.com/wguest/craftcms-vcard-exploit Version: 1.0.0 Tested o...
BIND - 'TSIG' Denial of Service
!/usr/bin/python coding:utf-8 from scapy.all import DNS, DNSQR, IP, sr1, UDP, DNSRRTSIG, DNSRROPT tsig = DNSRRTSIGrrname="local-ddns", algoname="hmac-sha256", rclass=255, maclen=0, macdata="", timesigned=0, fudge=300, error=16 dnsreq = IPdst='127.0.0.1'/UDPdport=53/DNSrd=1, ad=1,...
Victor CMS 1.0 - Authenticated Arbitrary File Upload
Exploit Title: Victor CMS 1.0 - Authenticated Arbitrary File Upload Google Dork: N/A Date: 2020-05-19 Exploit Author: Kishan Lal Choudhary Vendor Homepage: https://github.com/VictorAlagwu/CMSsite Software Link: https://github.com/VictorAlagwu/CMSsite/archive/master.zip Version: 1.0 Tested on:...
Pi-Hole - heisenbergCompensator Blocklist OS Command Execution (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Pi-Hole heisenbergCompensator Blocklist OS Command Execution', 'Description' = %q This exploits a command execution in Pi-Hole MSFLICENSE, 'Autho...
Victor CMS 1.0 - 'cat_id' SQL Injection
Exploit Title: Victor CMS 1.0 - 'catid' SQL Injection Google Dork: N/A Date: 2020-05-19 Exploit Author: Kishan Lal Choudhary Vendor Homepage: https://github.com/VictorAlagwu/CMSsite Software Link: https://github.com/VictorAlagwu/CMSsite/archive/master.zip Version: 1.0 Tested on: Windows 10...
NukeViet VMS 4.4.00 - Cross-Site Request Forgery (Change Admin Password)
Exploit Title: NukeViet VMS 4.4.00 - Cross-Site Request Forgery Change Admin Password Date: 2020-05-18 Exploit Author: JEBARAJ Vendor Homepage: https://nukeviet.vn/ Software Link: https://github.com/nukeviet/nukeviet/releases/download/4.4.00/nukeviet4.4.00setup.zip Version: 4.4.00 Tested on:...
Submitty 20.04.01 - Persistent Cross-Site Scripting
Exploit Title: Submitty 20.04.01 - Persistent Cross-Site Scripting Date: 2020-05-15 Exploit Author: humblelad Vendor Homepage: http://submitty.org/ Software Link: https://github.com/Submitty/Submitty/releases Version: 20.04.01 Tested on: Mac Os Catalina CVE : CVE-2020-12882 Description: Submitty...
Victor CMS 1.0 - 'comment_author' Persistent Cross-Site Scripting
Exploit Title: Victor CMS 1.0 - 'commentauthor' Persistent Cross-Site Scripting Google Dork: N/A Date: 2020-05-19 Exploit Author: Kishan Lal Choudhary Vendor Homepage: https://github.com/VictorAlagwu/CMSsite Software Link: https://github.com/VictorAlagwu/CMSsite/archive/master.zip Version: 1.0...
qdPM 9.1 - 'cfg[app_app_name]' Persistent Cross-Site Scripting
Exploit Title: qdPM 9.1 - 'cfgappappname' Persistent Cross-Site Scripting Google Dork: N/A Date: 2020-05-19 Exploit Author: Kishan Lal Choudhary Vendor Homepage: https://qdpm.net Software Link: https://sourceforge.net/projects/qdpm/ Version: 9.1 Tested on: Windows 10 Description: The form paramet...
php-fusion 9.03.50 - 'ctype' SQL Injection
Exploit Title: php-fusion 9.03.50 - 'ctype' SQL Injection Exploit Author: SunCSR Sun Cyber Security Research - ThienNV Date: 2020-05-19 Vendor Homepage: https://www.php-fusion.co.uk/ Software Link: https://www.php-fusion.co.uk/phpfusion9downloads.php Version: 9.03.50 Tested On: Windows 10 + XAMPP...
Online Healthcare management system 1.0 - Authentication Bypass
Exploit Title: Online Healthcare management system 1.0 - Authentication Bypass Google Dork: N/A Date: 2020-05-16 Exploit Author: BKpatron Vendor Homepage: https://www.sourcecodester.com/php/14217/online-healthcare-patient-record-management-system-using-phpmysql.html Software Link:...
forma.lms The E-Learning Suite 2.3.0.2 - Persistent Cross-Site Scripting
Exploit Title: forma.lms The E-Learning Suite 2.3.0.2 - Persistent Cross-Site Scripting Date: 2020-05-15 Exploit Author: Daniel Ortiz Vendor Homepage: https://sourceforge.net/projects/forma/ Software link: https://sourceforge.net/projects/forma/files/latest/download Tested on: XAMPP for Linux 64b...
Monstra CMS 3.0.4 - Authenticated Arbitrary File Upload
Exploit Title: Monstra CMS 3.0.4 - Authenticated Arbitrary File Upload Google Dork: N/A Date: 2020-05-18 Exploit Author: Kishan Lal Choudhary Vendor Homepage: https://monstra.org Software Link: https://bitbucket.org/awilum/monstra/downloads/monstra-3.0.4.zip Version: 3.0.4 Tested on: Ubuntu 1...
Mikrotik Router Monitoring System 1.2.3 - 'community' SQL Injection
Exploit Title: Mikrotik Router Monitoring System 1.2.3 - 'community' SQL Injection Exploit Author: jul10l1r4 Julio Lira Google Dork: N/A Date: 2020-05-16 Vendor Homepage: https://mikrotik.com Software Link: https://mikrotik.com/download Version: = 1.2.3 Tested on: Debian 10 buster CVE: 2020-13118...
HP LinuxKI 6.01 - Remote Command Injection
Exploit Title: HP LinuxKI 6.01 - Remote Command Injection Date: 2020-05-17 Exploit Author: Cody Winkler Vendor Homepage: https://www.hpe.com/us/en/home.html Software Link: https://github.com/HewlettPackard/LinuxKI/releases/tag/v6.0-1 Version: = v6.0-1 Tested on: LinuxKI Docker Image CVE:...
Online Healthcare Patient Record Management System 1.0 - Authentication Bypass
Exploit Title: Online Healthcare Patient Record Management System 1.0 - Authentication Bypass Google Dork: N/A Date: 2020-05-18 Exploit Author: Daniel Monzón stark0de Vendor Homepage: https://www.sourcecodester.com Software Link:...
online Chatting System 1.0 - 'id' SQL Injection
Exploit Title: online Chatting System 1.0 - 'id' SQL Injection Google Dork: N/A Date: 2020-05-17 Exploit Author: BKpatron Vendor Homepage: https://www.sourcecodester.com/php/14224/online-chatting-system-using-phpmysql.html Software Link:...
WordPress Plugin Ajax Load More 5.3.1 - '#1' Authenticated SQL Injection
Exploit Title: Wordpress Plugin Ajax Load More 5.3.1 - '1' Authenticated SQL Injection Exploit Author: SunCSR Sun Cyber Security Research - Nguyen Khang Google Dork: N/A Date: 2020-05-18 Vendor Homepage: https://connekthq.com/plugins/ajax-load-more/ Software Link:...
Online Examination System 1.0 - 'eid' SQL Injection
Exploit Title: Online Examination System 1.0 - 'eid' SQL Injection Google Dork: N/A Date: 2020-05-16 Exploit Author: BKpatron Vendor Homepage: https://www.sourcecodester.com/php/14210/online-examination-system-project-using-phpmysql.html Software Link:...
Oracle Hospitality RES 3700 5.7 - Remote Code Execution
Exploit Title: Oracle Hospitality RES 3700 5.7 - Remote Code Execution Date: 2019-10-01 Exploit Author: Walid Faour Vendor Homepage: https://www.oracle.com/industries/food-beverage/products/res-3700/ Software Link: N/A Available to customers Version: \ \ MDSSYSUTILS \ TransferFile \ Session \ \ '...
ManageEngine Service Desk 10.0 - Cross-Site Scripting
Exploit Title: ManageEngine Service Desk 10.0 - Cross-Site Scripting Date: 2020-05-14 Exploit Author: Felipe Molina @felmoltor Vendor Homepage: https://www.manageengine.com/ Software Link: https://www.manageengine.com/products/service-desk/download.html Version: 10.0 10000.0.0.0 Tested on: Window...
vBulletin 5.6.1 - 'nodeId' SQL Injection
Exploit Title: vBulletin 5.6.1 - 'nodeId' SQL Injection Date: 2020-05-15 Exploit Author: Photubias Vendor Advisory: 1 https://forum.vbulletin.com/forum/vbulletin-announcements/vbulletin-announcementsaa/4440032-vbulletin-5-6-1-security-patch-level-1 Version: vBulletin v5.6.x prior to Patch Level 1...
Dameware Remote Support 12.1.1.273 - Buffer Overflow (SEH)
Exploit Title: Dameware Remote Support 12.1.1.273 - Buffer Overflow SEH Exploit Author: gurbanli Date: 2020-05-13 Vulnerable Software: Solarwinds Dameware Remote Support 12.1.1.273 Vendor Homepage: https://www.solarwinds.com/ Version: 12.1.1.273 Software Link:...
Complaint Management System 1.0 - 'username' SQL Injection
Exploit Title: Complaint Management System 1.0 - 'username' SQL Injection Exploit Author: Daniel Ortiz Date: 2020-05-12 Vendor Homepage: https://www.sourcecodester.com/php/14206/complaint-management-system.html Tested on: XAMPP Version 5.6.40 / Windows 10 Software Link:...
Netlink XPON 1GE WiFi V2801RGW - Remote Command Execution
Exploit Title: Netlink XPON 1GE WiFi V2801RGW - Remote Command Execution Google Dork: Not applicable Date: 2020-05-13 Exploit Author: Seecko Das Vendor Homepage: https://www.crtindia.com/ Version: V3.3.0-190627 Tested on: Windows 10/Linux Kali CVE: N/A Exploit : curl -L -d...
E-Commerce System 1.0 - Unauthenticated Remote Code Execution
Exploit Title: E-Commerce System 1.0 - Unauthenticated Remote Code Execution Exploit Author: SunCSR Sun Cyber Security Research - ThienNV Date: 2020-05-14 Vendor Homepage: https://www.sourcecodester.com/php/13524/e-commerce-system-using-phpmysqli.html Software Link:...
Remote Desktop Audit 2.3.0.157 - Buffer Overflow (SEH)
Exploit Title: Remote Desktop Audit 2.3.0.157 - Buffer Overflow SEH Exploit Author: gurbanli Date: 2020-05-12 Vulnerable Software: Remote Desktop Audit 2.3.0.157 Vendor Homepage: https://lizardsystems.com Version: 2.3.0.157 Software Link: https://lizardsystems.com/download/rdauditsetup.exe Tested...
Tryton 5.4 - Persistent Cross-Site Scripting
Exploit Title: Tryton 5.4 - Persistent Cross-Site Scripting Exploit Author: Vulnerability-Lab Date: 2020-05-13 Vendor Homepage: https://www.tryton.org/ Version: 5.4 Software Link: https://www.tryton.org/download Document Title: =============== Tryton v5.4 - Name Persistent Cross Site Vulnerabilit...
Sellacious eCommerce 4.6 - Persistent Cross-Site Scripting
Exploit Title: Sellacious eCommerce 4.6 - Persistent Cross-Site Scripting Exploit Author: gurbanli Date: 2020-05-13 Vendor Homepage: https://www.sellacious.com Version: 4.6 Software Link: https://www.sellacious.com/free-open-source-ecommerce-software Document Title: =============== Sellacious...
WordPress Plugin ChopSlider 3.4 - 'id' SQL Injection
Exploit Title: ChopSlider3 Wordpress Plugin3.4 - 'id' SQL Injection Exploit Author: SunCSR Sun Cyber Security Research Google Dork: N/A Date: 2020-05 -12 Vendor Homepage: https://idangero.us/ Software Link: https://github.com/idangerous/Plugins Version: getrow'SELECT FROM ' . CHOPSLIDERTABLENAME...
Cisco Digital Network Architecture Center 1.3.1.4 - Persistent Cross-Site Scripting
Exploit Title: Cisco Digital Network Architecture Center 1.3.1.4 - Persistent Cross-Site Scripting Date: 2020-04-16 Exploit Author: Dylan Garnaud & Benoit Malaboeuf - Pentesters from Orange Cyberdefense France Vendor Homepage:...
TylerTech Eagle 2018.3.11 - Remote Code Execution
Exploit Title: TylerTech Eagle 2018.3.11 - Remote Code Execution Date: 2019-10-08 Exploit Author: Anthony Cole Vendor Homepage: https://www.tylertech.com/products/eagle Version: 2018.3.11 Tested on: Windows 2012 CVE: CVE-2019-16112 Category: webapps Eagle is a software written in Java by TylerTec...
Orchard Core RC1 - Persistent Cross-Site Scripting
Exploit Title: Orchard Core RC1 - Persistent Cross-Site Scripting Google Dork: "Orchardcms" Date: 2020-05-07 Exploit Author: SunCSR Sun Cyber Security Research Vendor Homepage: http://www.orchardcore.net/ Software Link: https://github.com/OrchardCMS/OrchardCore Version: RC1 Tested on: Windows CVE...
LanSend 3.2 - Buffer Overflow (SEH)
Exploit Title: LanSend 3.2 - Buffer Overflow SEH Exploit Author: gurbanli Date: 2020-05-12 Vulnerable Software: LanSend 3.2 Vendor Homepage: https://lizardsystems.com Version: 3.2 Software Link: https://lizardsystems.com/download/lansendsetup.exe Tested on: Windows 7 x86 f = file'payload.txt','w'...