47904 matches found
MacOS 320.whatis Script - Privilege Escalation
Exploit Title: MacOS 320.whatis Script - Privilege Escalation Date: 2020-05-06 Exploit Author: Csaba Fitzl Vendor Homepage: https://support.apple.com/en-us/HT210722 Version: macOS Labelcom.sample.LoadProgramArguments /Applications/Scripts/sample.shRunAtLoad!-- """ shquickcontent = """...
WordPress Plugin ChopSlider 3.4 - 'id' SQL Injection
Exploit Title: ChopSlider3 Wordpress Plugin3.4 - 'id' SQL Injection Exploit Author: SunCSR Sun Cyber Security Research Google Dork: N/A Date: 2020-05 -12 Vendor Homepage: https://idangero.us/ Software Link: https://github.com/idangerous/Plugins Version: getrow'SELECT FROM ' . CHOPSLIDERTABLENAME...
CuteNews 2.1.2 - Authenticated Arbitrary File Upload
Exploit Title: CuteNews 2.1.2 - Authenticated Arbitrary File Upload Date: 2020-05-12 Author: Vigov5 - SunCSR Team Vendor Homepage: https://cutephp.com Software Link: https://cutephp.com/click.php?cutenewslatest Version: v2.1.2 Tested on: Ubuntu 18.04 / Kali Linux Description:...
SolarWinds MSP PME Cache Service 1.1.14 - Insecure File Permissions
Title: SolarWinds MSP PME Cache Service 1.1.14 - Insecure File Permissions Author: Jens Regel, Schneider & Wulf EDV-Beratung GmbH & Co. KG Date: 2020-05-06 Vendor: https://www.solarwindsmsp.com/ CVE: CVE-2020-12608 GitHub: https://github.com/jensregel/Advisories/tree/master/CVE-2020-12608 CVSSv3:...
Online AgroCulture Farm Management System 1.0 - 'uname' SQL Injection
Exploit Title: Online AgroCulture Farm Management System 1.0 - 'uname' SQL Injection Date: 2020-05-06 Exploit Author: Tarun Sehgal Vendor Homepage: https://www.sourcecodester.com/ Software Link:...
Victor CMS 1.0 - 'post' SQL Injection
Exploit Title: Victor CMS 1.0 - 'post' SQL Injection Google Dork: N/A Date: 2020-05-09 Exploit Author: BKpatron Vendor Homepage: https://github.com/VictorAlagwu/CMSsite Software Link: https://github.com/VictorAlagwu/CMSsite/archive/master.zip Version: v1.0 Tested on: Win 10 CVE: N/A my website:...
OpenZ ERP 3.6.60 - Persistent Cross-Site Scripting
Exploit Title: OpenZ ERP 3.6.60 - Persistent Cross-Site Scripting Date: 2020-05-11 Exploit Author: Vulnerability-Lab Vendor: https://www.openz.de/ https://www.openz.de/download.html Document Title: =============== OpenZ v3.6.60 ERP - Employee Persistent XSS Vulnerability References Source:...
Complaint Management System 1.0 - Authentication Bypass
Exploit Title: complaint management system 1.0 - Authentication Bypass Google Dork: N/A Date: 2020-05-10 Exploit Author: BKpatron Vendor Homepage: https://www.sourcecodester.com/php/14206/complaint-management-system.html Software Link:...
CuteNews 2.1.2 - Arbitrary File Deletion
Exploit Title: CuteNews 2.1.2 - Arbitrary File Deletion Date: 2020-05-08 Author: Besim ALTINOK Vendor Homepage: https://cutephp.com Software Link: https://cutephp.com/click.php?cutenewslatest Version: v2.1.2 Maybe it affect other versions Tested on: Xampp Credit: İsmail BOZKURT Remotely: Yes...
WordPress Plugin Simple File List 4.2.2 - Remote Code Execution
Exploit Title: Wordpress Plugin Simple File List 4.2.2 - Remote Code Execution Date: 2020-04-19 Exploit Author: coiffeur Vendor Homepage: https://simplefilelist.com/ Software Link: https://wordpress.org/plugins/simple-file-list/ Version: Wordpress Simple File List AUTHOR: coiffeur """ printbanner...
Sentrifugo CMS 3.2 - Persistent Cross-Site Scripting
Exploit Title: Sentrifugo CMS 3.2 - Persistent Cross-Site Scripting Dork: N/A Date: 2020-05-06 Exploit Author: Vulnerability-Lab Vendor: http://www.sentrifugo.com/ Link: http://www.sentrifugo.com/download Version: 3.2 Category: Webapps CVE: N/A Document Title: =============== Sentrifugo v3.2 CMS ...
LibreNMS 1.46 - 'search' SQL Injection
Exploit Title: LibreNMS 1.46 - 'search' SQL Injection Google Dork:unknown Date: 2019-09-01 Exploit Author: Punt Vendor Homepage: https://www.librenms.org Software Link: https://www.librenms.org Version:1.46 and less Tested on:Linux and Windows CVE: N/A Affected Device: more than 4k found on Shoda...
Kartris 1.6 - Arbitrary File Upload
Exploit Title: Kartris 1.6 - Arbitrary File Upload Dork: N/A Date: 2020-05-08 Exploit Author: Nhat Ha - Sun CSR Vendor Homepage: https://www.cactusoft.com/ Software Link: https://www.kartris.com/ Version: 1.6 Category: Webapps Tested on: WiN10x64/KaLiLinuXx64 CVE: N/A POC:...
Pi-hole < 4.4 - Authenticated Remote Code Execution / Privileges Escalation
!/usr/bin/env python3 Pi-hole = 4.4 RCE Author: Nick Frichette Homepage: https://frichetten.com Note: This exploit must be run with root privileges and port 80 must not be occupied. While it is possible to exploit this from a non standard port, for the sake of simplicity and not having to modify...
Pi-hole < 4.4 - Authenticated Remote Code Execution
!/usr/bin/env python3 Pi-hole = 4.4 RCE Author: Nick Frichette Homepage: https://frichetten.com Note: This exploit must be run with root privileges and port 80 must not be occupied. While it is possible to exploit this from a non standard port, for the sake of simplicity and not having to modify...
Extreme Networks Aerohive HiveOS 11.0 - Remote Denial of Service (PoC)
Exploit title : Extreme Networks Aerohive HiveOS 11.0 - Remote Denial of Service PoC Exploit Author : LiquidWorm Date : 2020-05-06 Vendor: Extreme Networks Product web page: https://www.extremenetworks.com Datasheet: https://www.aerohive.com/wp-content/uploads/AerohiveDatasheetHiveOS.pdf Affected...
FlashGet 1.9.6 - Denial of Service (PoC)
Exploit Title: FlashGet 1.9.6 - Denial of Service PoC Date: 2020-05-02 Author: Milad Karimi Testen on: Kali Linux Software Link: http://www.flashget.com/en/download.htm?uid=undefined Version: 1.9.6 CVE : N/A !/usr/bin/python from time import sleep from socket import res = '220 WELCOME!! :x\r\n',...
Online AgroCulture Farm Management System 1.0 - 'pid' SQL Injection
Exploit Title: Online AgroCulture Farm Management System 1.0 - 'pid' SQL Injection Google Dork: N/A Date: 2020-05-07 Exploit Author: BKpatron Vendor Homepage: https://www.sourcecodester.com/php/14198/online-agroculture-farm-management-system-phpmysql.html Software Link:...
Online Clothing Store 1.0 - Arbitrary File Upload
Exploit Title: Online Clothing Store 1.0 - Arbitrary File Upload Date: 2020-05-05 Exploit Author: Sushant Kamble and Saurav Shukla Vendor Homepage: https://www.sourcecodester.com/php/14185/online-clothing-store.html Software Link:...
School File Management System 1.0 - 'username' SQL Injection
Exploit Title: School File Management System 1.0 - 'username' SQL Injection Date: 2020-05-04 Exploit Author: Tarun Sehgal Vendor Homepage: https://www.sourcecodester.com/php/14155/school-file-management-system.html Software Link:...
Pisay Online E-Learning System 1.0 - Remote Code Execution
Exploit Title: Pisay Online E-Learning System 1.0 - Remote Code Execution Exploit Author: Bobby Cooke Date: 2020-05-05 Vendor Homepage: https://www.sourcecodester.com/php/14192/pisay-online-e-learning-system-using-phpmysql.html Software Link:...
Car Park Management System 1.0 - Authentication Bypass
Exploit Title: Car Park Management System 1.0 - Authentication Bypass Date: 2020-05-07 Exploit Author: Tarun Sehgal Vendor Homepage: https://www.sourcecodester.com/ Software Link: https://www.sourcecodester.com/sites/default/files/download/razormist/car-park-management-system.zip Version: 1.0...
Draytek VigorAP 1000C - Persistent Cross-Site Scripting
Title: Draytek VigorAP 1000C - Persistent Cross-Site Scripting Author: Vulnerability Laboratory Date: 2020-05-07 Vendor: https://www.draytek.com/ Software: https://www.draytek.com/products/vigorap-903/ CVE: N/A Document Title: =============== Draytek VigorAP - RADIUS Persistent XSS Vulnerability...
i-doit Open Source CMDB 1.14.1 - Arbitrary File Deletion
Exploit Title: i-doit Open Source CMDB 1.14.1 - Arbitrary File Deletion Date: 2020-05-02 Author: Besim ALTINOK Vendor Homepage: https://www.i-doit.org/ Software Link: https://sourceforge.net/projects/i-doit/ Version: v1.14.1 Tested on: Xampp Credit: İsmail BOZKURT...
Online Clothing Store 1.0 - 'username' SQL Injection
Exploit Title: Online Clothing Store 1.0 - 'username' SQL Injection Date: 2020-05-05 Exploit Author: Sushant Kamble Vendor Homepage: https://www.sourcecodester.com/php/14185/online-clothing-store.html Software Link:...
Online Clothing Store 1.0 - Persistent Cross-Site Scripting
Exploit Title: Online Clothing Store 1.0 - Persistent Cross-Site Scripting Date: 2020-05-05 Exploit Author: Sushant Kamble Vendor Homepage: https://www.sourcecodester.com/php/14185/online-clothing-store.html Software Link:...
YesWiki cercopitheque 2020.04.18.1 - 'id' SQL Injection
Exploit Title: YesWiki cercopitheque 2020.04.18.1 - 'id' SQL Injection Date: 2020-04-25 Exploit Author: coiffeur Vendor Homepage: https://yeswiki.net/ Software Link: https://yeswiki.net/, https://github.com/YesWiki/yeswiki Version: YesWiki cercopitheque OPTIONS... DESCRIPTION: -lt, list tables. -...
MPC Sharj 3.11.1 - Arbitrary File Download
Exploit title : MPC Sharj 3.11.1 - Arbitrary File Download Exploit Author : SajjadBnd Date : 2020-05-02 Software Link : http://dl.nuller.ir/mpc-sharj-vr3.11.1betawww.nuller.ir.zip Tested on : Ubuntu 19.10 Version : 3.11.1 Beta DESCRIPTION MPC Sharj is a free open source script for creating sim ca...
GitLab 12.9.0 - Arbitrary File Read
Exploit Title: GitLab 12.9.0 - Arbitrary File Read Google Dork: - Date: 2020-05-03 Exploit Author: KouroshRZ Vendor Homepage: https://about.gitlab.com Software Link: https://about.gitlab.com/install Version: tested on gitlab version 12.9.0 Tested on: Ubuntu 18.04 but it's OS independent CVE : -...
webTareas 2.0.p8 - Arbitrary File Deletion
Exploit Title: webTareas 2.0.p8 - Arbitrary File Deletion Date: 2020-05-02 Author: Besim ALTINOK Vendor Homepage: https://sourceforge.net/projects/webtareas/files/ Software Link: https://sourceforge.net/projects/webtareas/files/ Version: v2.0.p8 Tested on: Xampp Credit: İsmail BOZKURT Description...
Booked Scheduler 2.7.7 - Authenticated Directory Traversal
Exploit Title: Booked Scheduler 2.7.7 - Authenticated Directory Traversal Date: 2020-05-03 Author: Besim ALTINOK Vendor Homepage: https://www.bookedscheduler.com Software Link: https://sourceforge.net/projects/phpscheduleit/ Version: v2.7.7 Tested on: Xampp Credit: İsmail BOZKURT Description:...
Online Scheduling System 1.0 - 'username' SQL Injection
Exploit Title: Online Scheduling System 1.0 - 'username' SQL Injection Date: 2020-05-04 Exploit Author: Saurav Shukla Vendor Homepage: https://www.sourcecodester.com/php/14168/online-scheduling-system.html Software Link:...
Fishing Reservation System 7.5 - 'uid' SQL Injection
Title: Fishing Reservation System 7.5 - 'uid' SQL Injection Author: Vulnerability Laboratory Date: 2020-05-05 Vendor: https://fishingreservationsystem.com/index.html Software: https://fishingreservationsystem.com/features.htm CVE: N/A Document Title: =============== Fishing Reservation System -...
SimplePHPGal 0.7 - Remote File Inclusion
Title: SimplePHPGal 0.7 - Remote File Inclusion Author: h4shur date:2020-05-05 Vendor Homepage: https://johncaruso.ca Software Link: https://johncaruso.ca/phpGallery/ Software Link: https://sourceforge.net/projects/simplephpgal/ Tested on: Windows 10 & Google Chrome Category : Web Application Bug...
webERP 4.15.1 - Unauthenticated Backup File Access
Exploit Title: webERP 4.15.1 - Unauthenticated Backup File Access Date: 2020-05-01 Author: Besim ALTINOK Vendor Homepage: http://www.weberp.org Software Link: https://sourceforge.net/projects/web-erp/ Version: v4.15.1 Tested on: Xampp Credit: İsmail BOZKURT...
PhreeBooks ERP 5.2.5 - Remote Command Execution
Exploit Title: PhreeBooks ERP 5.2.5 - Remote Command Execution Date: 2020-05-01 Author: Besim ALTINOK Vendor Homepage: https://www.phreesoft.com/ Software Link: https://sourceforge.net/projects/phreebooks/ Version: v5.2.4, v5.2.5 Tested on: Xampp Credit: İsmail BOZKURT...
Saltstack 3000.1 - Remote Code Execution
Exploit Title: Saltstack 3000.1 - Remote Code Execution Date: 2020-05-04 Exploit Author: Jasper Lievisse Adriaanse Vendor Homepage: https://www.saltstack.com/ Version: 3000.2, 2019.2.4, 2017., 2018. Tested on: Debian 10 with Salt 2019.2.0 CVE : CVE-2020-11651 and CVE-2020-11652 Discription:...
BlogEngine 3.3 - 'syndication.axd' XML External Entity Injection
Title: BlogEngine 3.3 - 'syndication.axd' XML External Entity Injection Author: Daniel Martinez Adan aDoN90 Date: 2020-05-01 Homepage: https://blogengine.io/ Software Link: https://blogengine.io/support/download/ Affected Versions: 3.3 Vulnerability: XML External Entity XXE OOB Injection...
NEC Electra Elite IPK II WebPro 01.03.01 - Session Enumeration
Title: NEC Electra Elite IPK II WebPro 01.03.01 - Session Enumeration Author: Cold z3ro Date: 2020-05-04 Homepage: https://www.0x30.cc/ Vendor Homepage: https://www.nec.com Version: 01.03.01 Discription: NEC SL2100 NEC Electra Elite IPK II WebPro Session Enumeration = $maxproc while pcntlwaitpid0...
Oracle Database 11g Release 2 - 'OracleDBConsoleorcl' Unquoted Service Path
Exploit Title: Oracle Database 11g Release 2 - 'OracleDBConsoleorcl' Unquoted Service Path Discovery by: Nguyen Khang - SunCSR Discovery Date: 2020-05-03 Vendor Homepage: https://www.oracle.com/ Software Link: https://www.oracle.com/database/technologies/112010-win64soft.html Tested Version: 11g...
BoltWire 6.03 - Local File Inclusion
Exploit Title: BoltWire 6.03 - Local File Inclusion Date: 2020-05-02 Exploit Author: Andrey Stoykov Vendor Homepage: https://www.boltwire.com/ Software Link: https://www.boltwire.com/downloads/go&v=6&r=03 Version: 6.03 Tested on: Ubuntu 20.04 LAMP LFI: Steps to Reproduce: 1 Using HTTP GET request...
osTicket 1.14.1 - Persistent Authenticated Cross-Site Scripting
Title: osTicket 1.14.1 - Persistent Authenticated Cross-Site Scripting Author: Mehmet Kelepce / Gais Cyber Security Date : 2020-03-24 Source Link: https://github.com/osticket/osticket/commit/fc4c8608fa122f38673b9dddcb8fef4a15a9c884 Vendor: http://osticket.com Remotely Exploitable: Yes Dynamic...
Frigate 3.36 - Buffer Overflow (SEH)
Exploit Title: Frigate 3.36 - Buffer Overflow SEH Exploit Author: Xenofon Vassilakopoulos Date: 2020-05-03 Version: 3.36 Vendor Homepage: http://www.Frigate3.com/ Software Link Download: http://www.Frigate3.com/download/Frigate3Stdv36.exe Tested on: Windows 7 Professional SP1 x86 Steps to reprodu...
addressbook 9.0.0.1 - 'id' SQL Injection
Title: addressbook 9.0.0.1 - 'id' SQL Injection Date: 2020-04-01 Author: David Velazquez a.k.a. d4sh&r000 vulnerable application: https://sourceforge.net/projects/php-addressbook/files/latest/download vulnerable version: 9.0.0.1 Discription: addressbook 9.0.0.1 time-based blind SQL injection Test...
Outline Service 1.3.3 - 'Outline Service ' Unquoted Service Path
Exploit Title: Outline Service 1.3.3 - 'Outline Service ' Unquoted Service Path Discovery by: Minh Tuan - SunCSR Discovery Date: 2020-05-03 Vendor Homepage: https://getoutline.org/vi/home Software Link :...
Apache OFBiz 17.12.03 - Cross-Site Request Forgery (Account Takeover)
Exploit Title: Apache OFBiz 17.12.03 - Cross-Site Request Forgery Account Takeover Exploit Author: Faiz Ahmed Zaidi Vendor Homepage: https://ofbiz.apache.org/security.html Software Link: https://ofbiz.apache.org/download.htmlsecurity Version: Before 17.12.03 Tested on: Linux and Windows CVE :...
Online Scheduling System 1.0 - Authentication Bypass
Exploit Title: Online Scheduling System 1.0 - Authentication Bypass Exploit Author: Bobby Cooke Date: 2020-04-30 Vendor Homepage: https://www.sourcecodester.com/php/14168/online-scheduling-system.html Software Link:...
Super Backup 2.0.5 for iOS - Directory Traversal
Title: Super Backup 2.0.5 for iOS - Directory Traversal Author: Vulnerability Laboratory Date: 2020-04-30 Software: https://apps.apple.com/us/app/super-backup-export-import/id1052684097 CVE: N/A Document Title: =============== Super Backup v2.0.5 iOS - Directory Traversal Vulnerability References...
php-fusion 9.03.50 - Persistent Cross-Site Scripting
Exploit Title: php-fusion 9.03.50 - Persistent Cross-Site Scripting Google Dork: "php-fusion" Date: 2020-04-30 Exploit Author: SunCSR Sun Cyber Security Research Vendor Homepage: https://www.php-fusion.co.uk/ Software Link: https://www.php-fusion.co.uk/infusions/downloads/downloads.php?catid=30...
ChemInv 1.0 - Authenticated Persistent Cross-Site Scripting
Exploit Title: ChemInv 1.0 - Authenticated Persistent Cross-Site Scripting Exploit Author: Bobby Cooke Date: 2020-04-29 Software Link: https://github.com/tmorrell/cheminv Software Info: "Cheminv is a web-based chemical inventory system. This responsive database provides an accessible way to...