47884 matches found
GestioIP 3.5.7 - Stored Cross-Site Scripting (Stored XSS)
Exploit Title: GestioIP 3.5.7 - GestioIP Vulnerability: Auth. Stored Cross-Site Scripting Exploit Author: m4xth0r Maximiliano Belino Author website: https://maxibelino.github.io/ Author email: max.cybersecurity at belino.com GitHub disclosure link:...
OpenPanel 0.3.4 - OS Command Injection
Exploit Title: OpenPanel 0.3.4 - OS Command Injection Date: Nov 25, 2024 Exploit Author: Korn Chaisuwan, Punthat Siriwan, Pongtorn Angsuchotmetee Vendor Homepage: https://openpanel.com/ Software Link: https://openpanel.com/ Version: 0.3.4 Tested on: macOS CVE : CVE-2024-53584 POST /server/timezon...
GestioIP 3.5.7 - Remote Command Execution (RCE)
Exploit Title: GestioIP 3.5.7 - Remote Command Execution RCE Exploit Author: m4xth0r Maximiliano Belino Author website: https://maxibelino.github.io/ Author email max.cybersecurity at belino.com GitHub disclosure link: https://github.com/maxibelino/CVEs/tree/main/CVE-2024-48760 Date: 2025-01-13...
GestioIP 3.5.7 - Cross-Site Request Forgery (CSRF)
Exploit Title: GestioIP 3.5.7 - GestioIP Vulnerability: Auth. Cross-Site Request Forgery CSRF Exploit Author: m4xth0r Maximiliano Belino Author website: https://maxibelino.github.io/ Author email : max.cybersecurity at belino.com GitHub disclosure link:...
Pimcore customer-data-framework 4.2.0 - SQL injection
Exploit Title: Pimcore customer-data-framework 4.2.0 - SQL injection Date: 01/28/2025 Exploit Author: maeitsec Vendor Homepage: https://pimcore.com/ Software Link: https://github.com/pimcore/pimcore Version: Pimcore versions prior to 10.5.21 Tested on: Ubuntu 20.04 with Pimcore 10.5.20 CVE:...
Pimcore 11.4.2 - Stored cross site scripting
Exploit Title: Authenticated Stored Cross-Site Scripting XSS Via Search Document Google Dork: N/A Date: 1/28/2025 Exploit Author: maeitsec Vendor Homepage: https://pimcore.com/ Software Link: https://github.com/pimcore/pimcore Version: Pimcore 10.5.x prior to 10.5.21 and 11.x prior to 11.1.1 Test...
ZTE ZXHN H168N 3.1 - Remote Code Execution (RCE) via authentication bypass
Exploit Title: ZTE ZXHN H168N 3.1 - RCE via authentication bypass Author: l34n / tasos meletlidis Exploit Blog: https://i0.rs/blog/finding-0click-rce-on-two-zte-routers/ import http.client, requests, os, argparse, struct, zlib from io import BytesIO from os import stat from Crypto.Cipher import A...
Xinet Elegant 6 Asset Lib Web UI 6.1.655 - SQL Injection
Exploit Title: Xinet Elegant 6 Asset Lib Web UI 6.1.655 - SQL Injection Exploit author: hyp3rlinx import requests,time,re,sys,argparse NAPC Xinet Elegant 6 Asset Library v6.1.655 Pre-Auth SQL Injection 0day Exploit By hyp3rlinx ApparitionSec UPDATED: Jan 2024 for python3 TODO: add SSL support...
OpenPanel 0.3.4 - Directory Traversal
Exploit Title: OpenPanel 0.3.4 - Directory Traversal Date: Dec 05, 2024 Exploit Author: Korn Chaisuwan, Punthat Siriwan, Pongtorn Angsuchotmetee Vendor Homepage: https://openpanel.com/ Software Link: https://openpanel.com/ Version: 0.3.4 Tested on: macOS CVE : CVE-2024-53537 Compress Function POS...
SilverStripe 5.3.8 - Stored Cross Site Scripting (XSS) (Authenticated)
Exploit Title: SilverStripe 5.3.8 - Stored Cross Site Scripting XSS Authenticated Date: 2025-01-15 Exploit Author: James Nicoll Vendor Homepage: https://www.silverstripe.org/ Software Link: https://www.silverstripe.org/download/ Category: Web Application Version: 5.2.22 Tested on: SilverStripe...
NEWS-BUZZ News Management System 1.0 - SQL Injection
Exploit Title: NEWS-BUZZ News Management System 1.0 - SQL Injection Google Dork: N/A Exploit Author: egsec Date: 2024-11-03 Vendor Homepage: https://code-projects.org Software Link: https://code-projects.org/content-management-system-in-php-with-source-code-2/ Version: 1.0 Tested on: Windows 11 P...
ABB Cylon FLXeon 9.3.4 - Cross-Site Request Forgery
Exploit title: ABB Cylon FLXeon 9.3.4 Limited Cross-Site Request Forgery Vendor: ABB Ltd. Product web page: https://www.global.abb Affected version: FLXeon Series FBXi Series, FBTi Series, FBVi Series CBX Series FLX Series CBT Series CBV Series Firmware: =9.3.4 Summary: BACnet® Smart Building...
ABB Cylon FLXeon 9.3.4 - System Logs Information Disclosure
Exploit Tiltle: ABB Cylon FLXeon 9.3.4 - System Logs Information Disclosure Vendor: ABB Ltd. Product web page: https://www.global.abb Affected version: FLXeon Series FBXi Series, FBTi Series, FBVi Series CBX Series FLX Series CBT Series CBV Series Firmware: =9.3.4 Summary: BACnet® Smart Building...
MagnusSolution magnusbilling 7.3.0 - Command Injection
Exploit Title: MagnusSolution magnusbilling 7.3.0 - Command Injection Date: 2024-10-26 Exploit Author: CodeSecLab Vendor Homepage: https://github.com/magnussolution/magnusbilling7 Software Link: https://github.com/magnussolution/magnusbilling7 Version: 7.3.0 Tested on: Centos CVE : CVE-2023-30258...
ABB Cylon FLXeon 9.3.4 - WebSocket Command Spawning
ABB Cylon FLXeon 9.3.4 wsConnect.js WebSocket Command Spawning PoC Vendor: ABB Ltd. Product web page: https://www.global.abb Affected version: FLXeon Series FBXi Series, FBTi Series, FBVi Series CBX Series FLX Series CBT Series CBV Series Firmware: =9.3.4 Advisory ID: ZSL-2025-5913 Advisory URL:...
CMU CERT/CC VINCE 2.0.6 - Stored XSS
Exploit Tile: CMU CERT/CC VINCE 2.0.6 - Stored XSS Vendor: Carnegie Mellon University Product web page: https://www.kb.cert.org/vince/ Affected version: -H "Cookie: sessionid=xxxx" \ -d 'content="ZSL%0A%0A&csrfmiddlewaretoken=xxx&paginateby=10&replyto=xxxxx'...
WebFileSys 2.31.0 - Directory Path Traversal
Exploit Title: WebFileSys 2.31.0 - Directory Path Traversal in relPath Parameter Date: Nov 25, 2024 Exploit Author: Korn Chaisuwan, Charanin Thongudom, Pongtorn Angsuchotmetee Vendor Homepage: http://www.webfilesys.de/webfilesys-home/index.html Software Link:...
Roundcube Webmail 1.6.6 - Stored Cross Site Scripting (XSS)
Exploit Title: Roundcube Webmail 1.6.6 - Stored Cross Site Scripting XSS Google Dork: Exploit Author: AmirZargham Vendor Homepage: Roundcube - Free and Open Source Webmail Software Software Link: Releases · roundcube/roundcubemail Version: Roundcube client version earlier than 1.5.6 or from 1.6 t...
GeoVision GV-ASManager 6.1.1.0 - CSRF
Exploit Title: GeoVision GV-ASManager 6.1.1.0 - CSRF Google Dork: inurl:"ASWeb/Login" Date: 02-FEB-2025 Exploit Author: Giorgi Dograshvili DRAGOWN Vendor Homepage: https://www.geovision.com.tw/ Software Link: https://www.geovision.com.tw/download/product/ Version: 6.1.1.0 or less Tested on: Windo...
qBittorrent 5.0.1 - MITM RCE
Exploit Title: qBittorrent 5.0.1 MITM RCE Date: 01/02/2025 Exploit Author: Jordan Sharp Vendor Homepage: https://github.com/qbittorrent/qBittorrent Software Link: https://www.qbittorrent.org/download Version: 5.0.1 Tested on: Windows 10 CVE : CVE-2024-51774 Run the PoC on a MITM machine...
MiniCMS 1.1 - Cross Site Scripting (XSS)
Exploit Title: MiniCMS 1.1 - Cross Site Scripting XSS Date: 2024-10-26 Exploit Author: CodeSecLab Vendor Homepage: https://github.com/bg5sbk/MiniCMS Software Link: https://github.com/bg5sbk/MiniCMS Version: 1.10 Tested on: Ubuntu Windows CVE : CVE-2018-1000638 PoC: GET...
phpIPAM 1.6 - Reflected Cross Site Scripting (XSS)
Exploit Title: phpIPAM 1.6 - Reflected Cross Site Scripting XSS Date: 2024-10-26 Exploit Author: CodeSecLab Vendor Homepage: https://github.com/phpipam/phpipam Software Link: https://github.com/phpipam/phpipam Version: 1.5.1 Tested on: Ubuntu Windows CVE : CVE-2023-24657 PoC:...
RosarioSIS 7.6 - SQL Injection
Exploit Title: RosarioSIS 7.6 - SQL Injection Date: 2024-10-26 Exploit Author: CodeSecLab Vendor Homepage: https://gitlab.com/francoisjacquet/rosariosis Software Link: https://gitlab.com/francoisjacquet/rosariosis Version: 7.6 Tested on: Ubuntu Windows CVE : CVE-2021-44567 PoC: POST...
ABB Cylon FLXeon 9.3.4 - Remote Code Execution (Authenticated)
Exploit Title: ABB Cylon FLXeon 9.3.4 - Remote Code Execution Authenticated Vendor: ABB Ltd. Product web page: https://www.global.abb Affected version: FLXeon Series FBXi Series, FBTi Series, FBVi Series CBX Series FLX Series CBT Series CBV Series Firmware: =9.3.4 Summary: BACnet® Smart Building...
LearnPress WordPress LMS Plugin 4.2.7 - SQL Injection
Exploit Title: LearnPress WordPress LMS Plugin 4.2.7 - SQL Injection Google Dork: inurl:"/wp-json/learnpress/v1/" OR inurl:"/wp-content/plugins/learnpress/" OR "powered by LearnPress" AND "version 4.2.7" Date: Current Date, e.g., October 30, 2024 Exploit Author: Your Name or Username Vendor...
GeoVision GV-ASManager 6.1.0.0 - Broken Access Control
Exploit Title: Broken Access Control in GeoVision GV-ASManager Google Dork: inurl:"ASWeb/Login" Date: 02-FEB-2025 Exploit Author: Giorgi Dograshvili DRAGOWN Vendor Homepage: https://www.geovision.com.tw/ Software Link: https://www.geovision.com.tw/download/product/ Version: 6.1.0.0 or less Tested...
Netman 204 - Remote command without authentication
Exploit Title: Netman 204 - Remote command with out authentication Date: 2/4/2025 Exploit Author: parsa rezaie khiabanloo Vendor Homepage: netman-204 https://www.riello-ups.com/downloads/25-netman-204 Version: netman-204 Tested on: Windows/Linux Step 1 : Attacker can using these dorks then can fi...
GetSimpleCMS 3.3.16 - Remote Code Execution (RCE)
Exploit Title: GetSimpleCMS 3.3.16 - Remote Code Execution RCE Date: 2024-10-26 Exploit Author: CodeSecLab Vendor Homepage: https://github.com/GetSimpleCMS/GetSimpleCMS Software Link: https://github.com/GetSimpleCMS/GetSimpleCMS Version: 3.3.16 Tested on: Ubuntu Windows CVE : CVE-2021-28976 PoC-1...
flatCore 1.5 - Cross Site Request Forgery (CSRF)
Exploit Title: flatCore 1.5 - Cross Site Request Forgery CSRF Date: 2024-10-26 Exploit Author: CodeSecLab Vendor Homepage: https://github.com/flatCore/flatCore-CMS Software Link: https://github.com/flatCore/flatCore-CMS Version: d3a5168 Tested on: Ubuntu Windows CVE : CVE-2019-13961 PoC: CSRF PoC...
ABB Cylon FLXeon 9.3.4 - Remote Code Execution (RCE)
Exploit title: ABB Cylon FLXeon 9.3.4 - Remote Code Execution RCE Vendor: ABB Ltd. Product web page: https://www.global.abb Affected version: FLXeon Series FBXi Series, FBTi Series, FBVi Series CBX Series FLX Series CBT Series CBV Series Firmware: =9.3.4 Summary: BACnet® Smart Building Controller...
ABB Cylon FLXeon 9.3.4 - Default Credentials
ABB Cylon FLXeon 9.3.4 Default Credentials Vendor: ABB Ltd. Product web page: https://www.global.abb Affected version: FLXeon Series FBXi Series, FBTi Series, FBVi Series CBX Series FLX Series CBT Series CBV Series ABB UC32 Series Main Plant Controllers Cylon's UnitronUC32.xx Firmware: =9.3.4...
Gnuboard5 5.3.2.8 - SQL Injection
Exploit Title: Gnuboard5 5.3.2.8 - SQL Injection Date: 2024-10-26 Exploit Author: CodeSecLab Vendor Homepage: https://github.com/gnuboard/gnuboard5 Software Link: https://github.com/gnuboard/gnuboard5 Version: 5.3.2.8 Tested on: Ubuntu Windows CVE : CVE-2020-18662 PoC: 1 POST /install/installdb.p...
ABB Cylon Aspect 3.08.02 - PHP Session Fixation
Exploit title: ABB Cylon Aspect 3.08.02 PHP Session Fixation Vulnerability Advisory ID: ZSL-2025-5916 Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2025-5916.php CVE ID: CVE-2024-11317 CVE URL: https://www.cve.org/CVERecord?id=CVE-2024-11317 Vendor: ABB Ltd. Product web page:...
Nagios Log Server 2024R1.3.1 - API Key Exposure
Exploit Title: Nagios Log Server 2024R1.3.1 - API Key Exposure Date: 2025-04-08 Exploit Author: Seth Kraft, Alex Tisdale Vendor Homepage: https://www.nagios.com/ Vendor Changelog: https://www.nagios.com/changelog/log-server Software Link: https://www.nagios.com/products/log-server/download/...
CyberPanel 2.3.6 - Remote Code Execution (RCE)
Exploit Title: CyberPanel 2.3.6 - Remote Code Execution RCE Date: 10/29/2024 Exploit Author: Luka Petrovic refr4g Vendor Homepage: https://cyberpanel.net/ Software Link: https://github.com/usmannasir/cyberpanel Version: 2.3.5, 2.3.6, 2.3.7 before patch Tested on: Ubuntu 20.04, CyberPanel v2.3.5,...
AquilaCMS 1.409.20 - Remote Command Execution (RCE)
Exploit Title: AquilaCMS 1.409.20 - Remote Command Execution RCE Date: 2024-10-25 Exploit Author: Eui Chul Chung Vendor Homepage: https://www.aquila-cms.com/ Software Link: https://github.com/AquilaCMS/AquilaCMS Version: v1.409.20 CVE: CVE-2024-48572, CVE-2024-48573 import io import json import...
Typecho 1.3.0 - Stored Cross-Site Scripting (XSS)
Exploit Title: Typecho 1.3.0 - Stored Cross-Site Scripting XSS Google Dork: intext:"Powered by Typecho" inurl:/index.php Date: 18/08/2024 Exploit Author: Michele 'cyberaz0r' Di Bonaventura Vendor Homepage: https://typecho.org Software Link: https://github.com/typecho/typecho Version: 1.3.0 Tested...
CodeAstro Online Railway Reservation System 1.0 - Cross Site Scripting (XSS)
Exploit Title: CodeAstro Online Railway Reservation System 1.0 - Cross Site Scripting XSS Date: 2024-08-15 Exploit Author: Raj Nandi Vendor Homepage: https://codeastro.com/ Software Link: https://codeastro.com/online-railway-reservation-system-in-php-with-source-code/ Version: 1.0 Tested on: Any ...
Cisco Smart Software Manager On-Prem 8-202206 - Account Takeover
Exploit Title: Cisco Smart Software Manager On-Prem 8-202206 - Account Takeover Google Dork: N/A Date: 21/07/2024 Exploit Author: Mohammed Adel Vendor Homepage: https://www.cisco.com Software Link:...
PandoraFMS 7.0NG.772 - SQL Injection
Exploit Title: PandoraFMS 7.0NG.772 - SQL Injection Date: 21/11/2023 Exploit Author: Osama Yousef Vendor Homepage: https://pandorafms.com/ Software Link: https://github.com/pandorafms/pandorafms/releases/download/v772-LTS/pandorafmsagentlinux-7.0NG.772.tar.gz Version: v7.0NG.772 Tested on: Linux...
Feng Office 3.11.1.2 - SQL Injection
Exploit Title: Feng Office 3.11.1.2 - SQL Injection Date: 7/2024 Exploit Author: Andrey Stoykov Version: 3.11.1.2 Tested on: Ubuntu 22.04 Blog: http://msecureltd.blogspot.com SQL Injection: 1. Login to application 2. Click on "Workspaces" 3. Copy full URL 4. Paste the HTTP GET request into text...
Cosy+ firmware 21.2s7 - Command Injection
Exploit Title: Cosy+ firmware 21.2s7 - Command Injection Google Dork: N/A Date: 2024-8-20 Exploit Author: CodeB0ss Contact: t.me/codeb0ss / [email protected] Version: 21.2s7 Tested on: Windows 11 Home Edition CVE: CVE-2024-33896 import socket import subprocess import time def...
Centron 19.04 - Remote Code Execution (RCE)
Exploit Title : Centron 19.04 - Remote Code Execution RCE Tested on Centreon API 19.04.0 Centreon 19.04 - Login Password Bruteforcer Written on 6 Nov 2019 Referencing API Authentication of the Centreon API document Author: st4rry centbruteon.py Centreon Download Link:...
K7 Ultimate Security K7RKScan.sys 17.0.2019 - Denial Of Service (DoS)
Exploit Title: K7 Ultimate Security K7RKScan.sys 17.0.2019 - Denial Of Service DoS Date: 13.08.2024 Author: M. Akil Gündoğan Vendor Homepage: https://k7computing.com/ Version: v17.0.2019 Tested on: Windows 10 Pro x64 CVE ID: CVE-2024-36424 Vulnerability Description:...
Typecho 1.3.0 - Race Condition
Exploit Title: Typecho 1.3.0 - Race Condition Google Dork: intext:"Powered by Typecho" inurl:/index.php Date: 18/08/2024 Exploit Author: Michele 'cyberaz0r' Di Bonaventura Vendor Homepage: https://typecho.org Software Link: https://github.com/typecho/typecho Version: 1.3.0 Tested on: Typecho 1.3....
flatCore 1.5.5 - Arbitrary File Upload
Exploit Title: flatCore 1.5.5 - Arbitrary File Upload Date: 2024-10-26 Exploit Author: CodeSecLab Vendor Homepage: https://github.com/flatCore/flatCore-CMS Software Link: https://github.com/flatCore/flatCore-CMS Version: 1.5.5 Tested on: Ubuntu Windows CVE : CVE-2019-10652 PoC: 1 1. Access the...
PZ Frontend Manager WordPress Plugin 1.0.5 - Cross Site Request Forgery (CSRF)
Exploit Title: PZ Frontend Manager WordPress Plugin 1.0.5 - Cross Site Request Forgery CSRF Date: 2024-07-01 Exploit Author: Vuln Seeker Cybersecurity Team Vendor Homepage: https://wordpress.org/plugins/pz-frontend-manager/ Version: = 1.0.5 Tested on: Firefox Contact me: [email protected] The...
Intelight X-1L Traffic controller Maxtime 1.9.6 - Remote Code Execution (RCE)
Exploit Title: Intelight X-1L Traffic controller Maxtime 1.9.6 - Remote Code Execution RCE Google Dork: N/A Date: 07/09/2024 Exploit Author: Andrew Lemon/Red Threat https://redthreatsec.com Vendor Homepage: https://www.q-free.com Software Link: N/A Version: 1.9 Tested on: Intelight x-1 Linux...
Apache HugeGraph Server 1.2.0 - Remote Code Execution (RCE)
Exploit Title: Apache HugeGraph Server 1.2.0 - Remote Code Execution RCE Exploit Author: Yesith Alvarez Vendor Homepage: https://hugegraph.apache.org/docs/download/download/ Version: Apache HugeGraph 1.0.0 - 1.2.0 CVE : CVE-2024–27348 from requests import Request, Session import sys import json d...
Anchor CMS 0.12.7 - Stored Cross Site Scripting (XSS)
Exploit Title: Anchor CMS 0.12.7 - Stored Cross Site Scripting XSS Date: 04/28/2024 Exploit Author: Ahmet Ümit BAYRAM Vendor Homepage: https://anchorcms.com/ Software Link: https://github.com/anchorcms/anchor-cms/archive/refs/tags/0.12.7.zip Version: latest Tested on: MacOS Log in to Anchor CMS...