Pisay Online E-Learning System 1.0 - Remote Code Execution

Exploit Title: Pisay Online E-Learning System 1.0 - Remote Code Execution Exploit Author: Bobby Cooke Date: 2020-05-05 Vendor Homepage: https://www.sourcecodester.com/php/14192/pisay-online-e-learning-system-using-phpmysql.html Software Link:...

Car Park Management System 1.0 - Authentication Bypass

Exploit Title: Car Park Management System 1.0 - Authentication Bypass Date: 2020-05-07 Exploit Author: Tarun Sehgal Vendor Homepage: https://www.sourcecodester.com/ Software Link: https://www.sourcecodester.com/sites/default/files/download/razormist/car-park-management-system.zip Version: 1.0...

School File Management System 1.0 - 'username' SQL Injection

Exploit Title: School File Management System 1.0 - 'username' SQL Injection Date: 2020-05-04 Exploit Author: Tarun Sehgal Vendor Homepage: https://www.sourcecodester.com/php/14155/school-file-management-system.html Software Link:...

GitLab 12.9.0 - Arbitrary File Read

Exploit Title: GitLab 12.9.0 - Arbitrary File Read Google Dork: - Date: 2020-05-03 Exploit Author: KouroshRZ Vendor Homepage: https://about.gitlab.com Software Link: https://about.gitlab.com/install Version: tested on gitlab version 12.9.0 Tested on: Ubuntu 18.04 but it's OS independent CVE : -...

Online Clothing Store 1.0 - 'username' SQL Injection

Exploit Title: Online Clothing Store 1.0 - 'username' SQL Injection Date: 2020-05-05 Exploit Author: Sushant Kamble Vendor Homepage: https://www.sourcecodester.com/php/14185/online-clothing-store.html Software Link:...

i-doit Open Source CMDB 1.14.1 - Arbitrary File Deletion

Exploit Title: i-doit Open Source CMDB 1.14.1 - Arbitrary File Deletion Date: 2020-05-02 Author: Besim ALTINOK Vendor Homepage: https://www.i-doit.org/ Software Link: https://sourceforge.net/projects/i-doit/ Version: v1.14.1 Tested on: Xampp Credit: İsmail BOZKURT...

webTareas 2.0.p8 - Arbitrary File Deletion

Exploit Title: webTareas 2.0.p8 - Arbitrary File Deletion Date: 2020-05-02 Author: Besim ALTINOK Vendor Homepage: https://sourceforge.net/projects/webtareas/files/ Software Link: https://sourceforge.net/projects/webtareas/files/ Version: v2.0.p8 Tested on: Xampp Credit: İsmail BOZKURT Description...

Online Clothing Store 1.0 - Persistent Cross-Site Scripting

Exploit Title: Online Clothing Store 1.0 - Persistent Cross-Site Scripting Date: 2020-05-05 Exploit Author: Sushant Kamble Vendor Homepage: https://www.sourcecodester.com/php/14185/online-clothing-store.html Software Link:...

YesWiki cercopitheque 2020.04.18.1 - 'id' SQL Injection

Exploit Title: YesWiki cercopitheque 2020.04.18.1 - 'id' SQL Injection Date: 2020-04-25 Exploit Author: coiffeur Vendor Homepage: https://yeswiki.net/ Software Link: https://yeswiki.net/, https://github.com/YesWiki/yeswiki Version: YesWiki cercopitheque OPTIONS... DESCRIPTION: -lt, list tables. -...

MPC Sharj 3.11.1 - Arbitrary File Download

Exploit title : MPC Sharj 3.11.1 - Arbitrary File Download Exploit Author : SajjadBnd Date : 2020-05-02 Software Link : http://dl.nuller.ir/mpc-sharj-vr3.11.1betawww.nuller.ir.zip Tested on : Ubuntu 19.10 Version : 3.11.1 Beta DESCRIPTION MPC Sharj is a free open source script for creating sim ca...

Booked Scheduler 2.7.7 - Authenticated Directory Traversal

Exploit Title: Booked Scheduler 2.7.7 - Authenticated Directory Traversal Date: 2020-05-03 Author: Besim ALTINOK Vendor Homepage: https://www.bookedscheduler.com Software Link: https://sourceforge.net/projects/phpscheduleit/ Version: v2.7.7 Tested on: Xampp Credit: İsmail BOZKURT Description:...

BlogEngine 3.3 - 'syndication.axd' XML External Entity Injection

Title: BlogEngine 3.3 - 'syndication.axd' XML External Entity Injection Author: Daniel Martinez Adan aDoN90 Date: 2020-05-01 Homepage: https://blogengine.io/ Software Link: https://blogengine.io/support/download/ Affected Versions: 3.3 Vulnerability: XML External Entity XXE OOB Injection...

PhreeBooks ERP 5.2.5 - Remote Command Execution

Exploit Title: PhreeBooks ERP 5.2.5 - Remote Command Execution Date: 2020-05-01 Author: Besim ALTINOK Vendor Homepage: https://www.phreesoft.com/ Software Link: https://sourceforge.net/projects/phreebooks/ Version: v5.2.4, v5.2.5 Tested on: Xampp Credit: İsmail BOZKURT...

NEC Electra Elite IPK II WebPro 01.03.01 - Session Enumeration

Title: NEC Electra Elite IPK II WebPro 01.03.01 - Session Enumeration Author: Cold z3ro Date: 2020-05-04 Homepage: https://www.0x30.cc/ Vendor Homepage: https://www.nec.com Version: 01.03.01 Discription: NEC SL2100 NEC Electra Elite IPK II WebPro Session Enumeration = $maxproc while pcntlwaitpid0...

Fishing Reservation System 7.5 - 'uid' SQL Injection

Title: Fishing Reservation System 7.5 - 'uid' SQL Injection Author: Vulnerability Laboratory Date: 2020-05-05 Vendor: https://fishingreservationsystem.com/index.html Software: https://fishingreservationsystem.com/features.htm CVE: N/A Document Title: =============== Fishing Reservation System -...

webERP 4.15.1 - Unauthenticated Backup File Access

Exploit Title: webERP 4.15.1 - Unauthenticated Backup File Access Date: 2020-05-01 Author: Besim ALTINOK Vendor Homepage: http://www.weberp.org Software Link: https://sourceforge.net/projects/web-erp/ Version: v4.15.1 Tested on: Xampp Credit: İsmail BOZKURT...

SimplePHPGal 0.7 - Remote File Inclusion

Title: SimplePHPGal 0.7 - Remote File Inclusion Author: h4shur date:2020-05-05 Vendor Homepage: https://johncaruso.ca Software Link: https://johncaruso.ca/phpGallery/ Software Link: https://sourceforge.net/projects/simplephpgal/ Tested on: Windows 10 & Google Chrome Category : Web Application Bug...

Oracle Database 11g Release 2 - 'OracleDBConsoleorcl' Unquoted Service Path

Exploit Title: Oracle Database 11g Release 2 - 'OracleDBConsoleorcl' Unquoted Service Path Discovery by: Nguyen Khang - SunCSR Discovery Date: 2020-05-03 Vendor Homepage: https://www.oracle.com/ Software Link: https://www.oracle.com/database/technologies/112010-win64soft.html Tested Version: 11g...

Online Scheduling System 1.0 - 'username' SQL Injection

Exploit Title: Online Scheduling System 1.0 - 'username' SQL Injection Date: 2020-05-04 Exploit Author: Saurav Shukla Vendor Homepage: https://www.sourcecodester.com/php/14168/online-scheduling-system.html Software Link:...

Saltstack 3000.1 - Remote Code Execution

Exploit Title: Saltstack 3000.1 - Remote Code Execution Date: 2020-05-04 Exploit Author: Jasper Lievisse Adriaanse Vendor Homepage: https://www.saltstack.com/ Version: 3000.2, 2019.2.4, 2017., 2018. Tested on: Debian 10 with Salt 2019.2.0 CVE : CVE-2020-11651 and CVE-2020-11652 Discription:...

BoltWire 6.03 - Local File Inclusion

Exploit Title: BoltWire 6.03 - Local File Inclusion Date: 2020-05-02 Exploit Author: Andrey Stoykov Vendor Homepage: https://www.boltwire.com/ Software Link: https://www.boltwire.com/downloads/go&v=6&r=03 Version: 6.03 Tested on: Ubuntu 20.04 LAMP LFI: Steps to Reproduce: 1 Using HTTP GET request...

addressbook 9.0.0.1 - 'id' SQL Injection

Title: addressbook 9.0.0.1 - 'id' SQL Injection Date: 2020-04-01 Author: David Velazquez a.k.a. d4sh&r000 vulnerable application: https://sourceforge.net/projects/php-addressbook/files/latest/download vulnerable version: 9.0.0.1 Discription: addressbook 9.0.0.1 time-based blind SQL injection Test...

osTicket 1.14.1 - Persistent Authenticated Cross-Site Scripting

Title: osTicket 1.14.1 - Persistent Authenticated Cross-Site Scripting Author: Mehmet Kelepce / Gais Cyber Security Date : 2020-03-24 Source Link: https://github.com/osticket/osticket/commit/fc4c8608fa122f38673b9dddcb8fef4a15a9c884 Vendor: http://osticket.com Remotely Exploitable: Yes Dynamic...

Outline Service 1.3.3 - 'Outline Service ' Unquoted Service Path

Exploit Title: Outline Service 1.3.3 - 'Outline Service ' Unquoted Service Path Discovery by: Minh Tuan - SunCSR Discovery Date: 2020-05-03 Vendor Homepage: https://getoutline.org/vi/home Software Link :...

Frigate 3.36 - Buffer Overflow (SEH)

Exploit Title: Frigate 3.36 - Buffer Overflow SEH Exploit Author: Xenofon Vassilakopoulos Date: 2020-05-03 Version: 3.36 Vendor Homepage: http://www.Frigate3.com/ Software Link Download: http://www.Frigate3.com/download/Frigate3Stdv36.exe Tested on: Windows 7 Professional SP1 x86 Steps to reprodu...

HardDrive 2.1 for iOS - Arbitrary File Upload

Title: HardDrive 2.1 for iOS - Arbitrary File Upload Author: Vulnerability Laboratory Date: 2020-04-30 Software: https://apps.apple.com/ch/app/harddrive/id383226784 CVE: N/A Document Title: =============== HardDrive v2.1 iOS - Arbitrary File Upload Vulnerability References Source:...

Super Backup 2.0.5 for iOS - Directory Traversal

Title: Super Backup 2.0.5 for iOS - Directory Traversal Author: Vulnerability Laboratory Date: 2020-04-30 Software: https://apps.apple.com/us/app/super-backup-export-import/id1052684097 CVE: N/A Document Title: =============== Super Backup v2.0.5 iOS - Directory Traversal Vulnerability References...

Online Scheduling System 1.0 - Authentication Bypass

Exploit Title: Online Scheduling System 1.0 - Authentication Bypass Exploit Author: Bobby Cooke Date: 2020-04-30 Vendor Homepage: https://www.sourcecodester.com/php/14168/online-scheduling-system.html Software Link:...

VirtualTablet Server 3.0.2 - Denial of Service (PoC)

Title: VirtualTablet Server 3.0.2 - Denial of Service PoC Author: Dolev Farhi Date: 2020-04-29 Vulnerable version: 3.0.2 14 Link: http://www.sunnysidesoft.com/ CVE: N/A from thrift import Thrift from thrift.transport import TSocket from thrift.transport import TTransport from thrift.protocol impo...

Apache Shiro 1.2.4 - Cookie RememberME Deserial RCE (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Apache Shiro v1.2.4 Cookie RememberME Deserial RCE', 'Description' = %q This vulnerability allows remote attackers to execute arbitrary code on...

php-fusion 9.03.50 - Persistent Cross-Site Scripting

Exploit Title: php-fusion 9.03.50 - Persistent Cross-Site Scripting Google Dork: "php-fusion" Date: 2020-04-30 Exploit Author: SunCSR Sun Cyber Security Research Vendor Homepage: https://www.php-fusion.co.uk/ Software Link: https://www.php-fusion.co.uk/infusions/downloads/downloads.php?catid=30...

ChemInv 1.0 - Authenticated Persistent Cross-Site Scripting

Exploit Title: ChemInv 1.0 - Authenticated Persistent Cross-Site Scripting Exploit Author: Bobby Cooke Date: 2020-04-29 Software Link: https://github.com/tmorrell/cheminv Software Info: "Cheminv is a web-based chemical inventory system. This responsive database provides an accessible way to...

Apache OFBiz 17.12.03 - Cross-Site Request Forgery (Account Takeover)

Exploit Title: Apache OFBiz 17.12.03 - Cross-Site Request Forgery Account Takeover Exploit Author: Faiz Ahmed Zaidi Vendor Homepage: https://ofbiz.apache.org/security.html Software Link: https://ofbiz.apache.org/download.htmlsecurity Version: Before 17.12.03 Tested on: Linux and Windows CVE :...

Online Scheduling System 1.0 - Persistent Cross-Site Scripting

Exploit Title: Online Scheduling System 1.0 - Persistent Cross-Site Scripting Exploit Author: Bobby Cooke Date: 2020-04-30 Vendor Homepage: https://www.sourcecodester.com/php/14168/online-scheduling-system.html Software Link:...

Druva inSync Windows Client 6.5.2 - Local Privilege Escalation

Exploit Title: Druva inSync Windows Client 6.5.2 - Local Privilege Escalation Date: 2020-04-28 Exploit Author: Chris Lyne Vendor Homepage: druva.com Software Link: https://downloads.druva.com/downloads/inSync/Windows/6.5.2/inSync6.5.2r99097.msi Version: 6.5.2 Tested on: Windows 10 CVE :...

Open-AudIT Professional 3.3.1 - Remote Code Execution

Exploit Title: Open-AudIT Professional 3.3.1 - Remote Code Execution Date: 2020-04-22 Exploit Author: Askar CVE: CVE-2020-8813 Vendor Homepage: https://opmantek.com/ Version: v3.3.1 Tested on: Ubuntu 18.04 / PHP 7.2.24 !/usr/bin/python3 import requests import sys import warnings import random...

Internet Download Manager 6.37.11.1 - Stack Buffer Overflow (PoC)

Title: Internet Download Manager 6.37.11.1 - Stack Buffer Overflow PoC Author: Vulnerability Laboratory Date: 2020-04-28 Vendor: https://www.internetdownloadmanager.com Software: https://www.internetdownloadmanager.com/download.html CVE: N/A Document Title: =============== Internet Download Manag...

Andrea ST Filters Service 1.0.64.7 - 'Andrea ST Filters Service ' Unquoted Service Path

Exploit Title: Andrea ST Filters Service 1.0.64.7 - 'Andrea ST Filters Service ' Unquoted Service Path Discovery by: Roberto Piña Discovery Date: 2020-04-28 Vendor Homepage: https://andreaelectronics.com/ Software Link : https://andreaelectronics.com/ Tested Version: 1.0.64.7 Vulnerability Type:...

School ERP Pro 1.0 - Arbitrary File Read

Exploit Title: School ERP Pro 1.0 - Arbitrary File Read Date: 2020-04-28 Author: Besim ALTINOK Vendor Homepage: http://arox.in Software Link: https://sourceforge.net/projects/school-erp-ultimate/ Version: latest version Tested on: Xampp Credit: İsmail BOZKURT CVE: N/A Vulnerable code:...

EmEditor 19.8 - Insecure File Permissions

Exploit Title: EmEditor 19.8 - Insecure File Permissions Date: 2020-04-27 Exploit Author: SajjadBnd Vendor Homepage: https://www.emeditor.com/ Software Link: https://support.emeditor.com/en/downloads/suggested Version: 19.8 Tested on: Win10 Professional x64 Description EmEditor is a fast,...

Easy Transfer 1.7 for iOS - Directory Traversal

Title: Easy Transfer 1.7 for iOS - Directory Traversal Author: Vulnerability Laboratory Date: 2020-04-27 Software: https://apps.apple.com/us/app/easy-transfer-wifi-transfer/id1484667078 CVE: N/A Document Title: =============== Easy Transfer v1.7 iOS - Multiple Web Vulnerabilities References Sourc...

hits script 1.0 - 'item_name' SQL Injection

Exploit Title: hits script 1.0 - 'itemname' SQL Injection Date: 2020-04-27 Exploit Author: SajjadBnd Vendor Homepage: https://hits.ir Software Link: http://dl.persianscript.ir/script/hitsir-script-persian%28PersianScript.ir%29.zip Software Linkmirror:...

Docker-Credential-Wincred.exe - Privilege Escalation (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Docker-Credential-Wincred.exe Privilege Escalation', 'Description' = %q This exploit leverages a vulnerability in docker desktop community editio...

CloudMe 1.11.2 - Buffer Overflow (PoC)

Exploit Title: CloudMe 1.11.2 - Buffer Overflow PoC Date: 2020-04-27 Exploit Author: Andy Bowden Vendor Homepage: https://www.cloudme.com/en Software Link: https://www.cloudme.com/downloads/CloudMe1112.exe Version: CloudMe 1.11.2 Tested on: Windows 10 x86 Instructions: Start the CloudMe service a...

School ERP Pro 1.0 - 'es_messagesid' SQL Injection

Exploit Title: School ERP Pro 1.0 - 'esmessagesid' SQL Injection Date: 2020-04-28 Author: Besim ALTINOK Vendor Homepage: http://arox.in Software Link: https://sourceforge.net/projects/school-erp-ultimate/ Version: latest version Tested on: Xampp Credit: İsmail BOZKURT SQL Injection Detail...

NVIDIA Update Service Daemon 1.0.21 - 'nvUpdatusService' Unquoted Service Path

Exploit Title: NVIDIA Update Service Daemon 1.0.21 - 'nvUpdatusService' Unquoted Service Path Discovery by: Roberto Piña Discovery Date: 2020-04-27 Vendor Homepage: https://www.nvidia.com/es-la/ Software Link : https://www.nvidia.com/es-la/ Tested Version: 1.0.21 Vulnerability Type: Unquoted...

School ERP Pro 1.0 - Remote Code Execution

Exploit Title: School ERP Pro 1.0 - Remote Code Execution Date: 2020-04-28 Author: Besim ALTINOK Vendor Homepage: http://arox.in Software Link: https://sourceforge.net/projects/school-erp-ultimate/ Version: latest version Tested on: Xampp Credit: İsmail BOZKURT Description...

Maian Support Helpdesk 4.3 - Cross-Site Request Forgery (Add Admin)

Exploit Title: Maian Support Helpdesk 4.3 - Cross-Site Request Forgery Add Admin Date: 2020-04-26 Author: Besim ALTINOK Vendor Homepage: https://www.maiansupport.com Software Link: https://www.maiansupport.com/zip.html Version: v4.3 Tested on: Xampp Credit: İsmail BOZKURT...

Online shopping system advanced 1.0 - 'p' SQL Injection

Exploit Title: Online shopping system advanced 1.0 - 'p' SQL Injection Exploit Author : Majid kalantari Date: 2020-04-26 Vendor Homepage : https://github.com/PuneethReddyHC/online-shopping-system-advanced Software link:...

PHP-Fusion 9.03.50 - 'Edit Profile' Arbitrary File Upload

Exploit Title: PHP-Fusion 9.03.50 - 'Edit Profile' Arbitrary File Upload Date: 2020-04-24 Author: Besim ALTINOK Vendor Homepage: https://www.php-fusion.co.uk/home.php Software Link: https://sourceforge.net/projects/php-fusion/files/PHP-Fusion%20Archives/9.x/PHP-Fusion%209.03.50.zip/download...