50738 matches found
Appointment Scheduler 3.0 Insecure Direct Object Reference
============================================================================================================================================= | Title : Appointment Scheduler v3.0 IDOR Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 128.0.3 64 bits...
Oracle Database 12c Release 1 Unquoted Service Path
Exploit Title: Oracle Database 12c Release 1 - Unquoted Service Path Date: 2024-07-31 Exploit Author: Milad Karimi Ex3ptionaL Contact: [email protected] Zone-H: www.zone-h.org/archive/notifier=Ex3ptionaL MiRROR-H: https://mirror-h.org/search/hacker/49626/ Vendor Homepage:...
Online Medicine Ordering System 1.0 Insecure Settings
==================================================================================================================================== | Title : Online Medicine Ordering System v1.0 Insecure Settings Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox...
Leafpub 1.1.9 Cross Site Scripting
Leafpub 1.1.9 - Stored Cross-Site Scripting XSS Date: 2024-04-24 Exploit Author: Ahmet Ümit BAYRAM Vendor Homepage: https://github.com/Leafpub Software Link: https://github.com/Leafpub/leafpub Version: 1.1.9 Tested on: MacOS Steps to Reproduce - Please login from this address:...
Employee Management System 1.0-2024 SQL Injection
Title: employeeakpoly-management-system-1.0-2024 Multiple-SQLi Author: nu11secur1ty Date: 03/01/2024 Vendor: https://www.sourcecodester.com/users/walterjnr1 Software: https://www.sourcecodester.com/php/16999/employee-management-system.html Reference:...
PCMan FTP Server 2.0 Buffer Overflow
Exploit Title: PCMan FTP Server 2.0 - 'pwd' Remote Buffer Overflow Date: 09/25/2023 Exploit Author: Waqas Ahmed Faroouqi ZEROXINN Vendor Homepage: http://pcman.openfoundry.org/ Software Link: https://www.exploit-db.com/apps/9fceb6fefd0f3ca1a8c36e97b6cc925d-PCMan.7z Version: 2.0 Tested on: Windows...
GaatiTrack Courier Management System 1.0 SQL Injection
Exploit Title: GaatiTrack Courier Management System v1.0 - SQL Injection Date: 13/11/2023 Exploit Author: BugsBD Limited Discover by: Rahad Chowdhury Vendor Homepage: https://www.mayurik.com/ Software Link: https://www.mayurik.com/source-code/P0998/best-courier-management-system-project-in-php...
Islam CMS 1.0 Code Injection
==================================================================================================================================== | Title : islam cms v1.0 PHP code injection Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 63.0.3 32-bit...
Forum Fire Soft Board 0.3.0 Cross Site Scripting
==================================================================================================================================== | Title : Forum Fire Soft Board v0.3.0 XSS Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 63.0.3 32-bit ...
TSPlus 16.0.0.0 Insecure Credential Storage
Exploit Title: TSPlus 16.0.0.0 - Remote Work Insecure Credential storage Date: 2023-08-09 Exploit Author: Carlo Di Dato for Deloitte Risk Advisory Italia Vendor Homepage: https://tsplus.net/ Version: Up to 16.0.0.0 Tested on: Windows CVE : CVE-2023-31069 With TSPlus Remote Work v. 16.0.0.0 you ca...
Credit Lite 1.5.4 SQL Injection
Exploit Title: Credit Lite 1.5.4 - SQL Injection Exploit Author: CraCkEr Date: 31/07/2023 Vendor: Hobby-Tech Vendor Homepage: https://codecanyon.net/item/credit-lite-micro-credit-solutions/39554392 Software Link: https://credit-lite.appshat.xyz/ Tested on: Windows 10 Pro Impact: Database Access...
Web Portal People CMS 2.8 Open Redirection
==================================================================================================================================== | Title : Web Portal People CMS v2.8 URL redirection Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 63.0...
Joomla Fireboard 1.3 SQL Injection
==================================================================================================================================== | Title : Joomla com fireboard v1.3 SQL Injection Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 63.0.3...
NETXPERTS CMS 0.1 SQL Injection
==================================================================================================================================== | Title : NETXPERTS-CMS v0.1 Auth By Pass Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 69.032-bit | |...
Inout RealEstate 2.1.3 SQL Injection
┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...
Doctor's Appointment System 1.0 SQL Injection
Exploit Title: SQLi - Doctor's Appointment System v1.0 Google Dork: N/A Date: 7/13/2022 Exploit Author: Abdullah Zaid - @aznull Vendor Homepage: https://www.sourcecodester.com/hashenudara/simple-doctors-appointment-project.html Software Link:...
DouPHP 1.2 Release 20141027 SQL Injection
==================================================================================================================================== | Title : DouPHP v1.2 Release 20141027 SQL Injection Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox...
SolarView Compact 6.00 Cross Site Scripting
Exploit Title: SolarView Compact 6.00 - 'timebegin' Cross-Site Scripting XSS Date: 2022-05-15 Exploit Author: Ahmed Alroky Author Company : AIactive Version: ver.6.00 Vendor home page : https://www.contec.com/ Authentication Required: No CVE : CVE-2022-29299 Tested on: Windows Proof Of Concept:...
College Management System 1.0 Arbitrary File Upload
Exploit Title: college management system - Arbitrary File Upload Unauthenticated Date: 01/10/2021 Exploit Author: Abdulrahman https://twitter.com/infosec90 Vendor Homepage: https://www.eedunext.com/ Software Link: https://code-projects.org/college-management-system-in-php-with-source-code/ Versio...
Simple Library Management System 1.0 SQL Injection
Exploit Title: Simple Library Management System 1.0 - 'rollno' SQL Injection Date: 2021-08-08 Exploit Author: Halit AKAYDIN hLtAkydn Vendor Homepage: https://www.nikhilbhalerao.com/ Software Link: https://www.sourcecodester.com/php/14126/simple-library-management-system.html Version: V1 Category:...
SOYAL Biometric Access Control System 5.0 Weak Default Credentials
SOYAL Biometric Access Control System 5.0 Weak Default Credentials Vendor: SOYAL Technology Co., Ltd Product web page: https://www.soyal.com.tw | https://www.soyal.com Affected version: AR-727 i/CM - F/W: 5.0 AR837E/EF - F/W: 4.3 AR725Ev2 - F/W: 4.3 191231 AR331/725E - F/W: 4.2 AR837E/EF - F/W: 4...
VFS For Git 1.0.21014.1 Unquoted Service Path
Exploit Title: VFS for Git 1.0.21014.1 - 'GVFS.Service' Unquoted Service Path Date: 2021-2-6 Exploit Author: Mohammed Alshehri Vendor Homepage: https://vfsforgit.org/ Software Link: https://github.com/microsoft/VFSForGit/releases/download/v1.0.21014.1/SetupGVFS.1.0.21014.1.exe Version: 1.0.21014....
VoIPmonitor 27.5 Missing Memory Protections
VoIPmonitor static builds are compiled without any standard memory corruption protection - Fixed versions: N/A - Enable Security Advisory: https://github.com/EnableSecurity/advisories/tree/master/ES2021-04-voipmonitor-staticbuild-memory-corruption-protection - VoIPmonitor Security Advisory: none ...
QCubed 3.1.1 SQL Injection
QCubed SQL Injection ================== | Identifier: | AIT-SA-20210215-02 | | Target: | QCubed Framework | | Vendor: | QCubed | | Version: | all versions including 3.1.1 | | CVE: | CVE-2020-24913 | | Accessibility: | Remote | | Severity: | Critical | | Author: | Wolfgang Hotwagner AIT Austrian...
DeviceViewer 3.12.0.1 Local Buffer Overflow
Exploit Title: Sricam DeviceViewer 3.12.0.1 - 'add user' Local Buffer Overflow DEP Bypass Date: 08/10/2019 Exploit Author: Alessandro Magnosi Vendor Homepage: http://www.sricam.com/ Software Link: http://download.sricam.com/Manual/DeviceViewer.exe Version: v3.12.0.1 Exploit type: Local Tested on:...
Linux watch_queue Filter Out-Of-Bounds Write
The Linux watchqueue filter suffers from an out of bounds write vulnerability amongst other issues that are also noted. This bug report is about things in the watchqueue subsystem, which is only enabled under CONFIGWATCHQUEUE. That seems to be disabled e.g. on Debian, but Ubuntu and Fedora enable...
vBulletin 4.5 Add Administrator
vBulletin version 4.5 proof of concept add administrator exploit that leverages a vulnerability from 2013. ============================================================================================================================================= | Title : vBulletin 4.5 create new administrator...
TX Text Control .NET Server For ASP.NET Arbitrary File Read / Write
Hej, Let's keep it short ... ===== Intro ===== A "sudo make me a sandwich" security issue has been identified in the TX Text Control .NET Server for ASP.NET1. According to the vendor2, "the most powerful, MS Word compatible document editor that runs in all browsers". Likely all versions are...
AccPack Buzz 1.0 Insecure Direct Object Reference
============================================================================================================================================= | Title : AccPack Buzz v1.0 IDOR Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 125.0.1 64 bits | | Vend...
FengOffice 3.11.1.2 SQL Injection
Exploit Title: FengOffice - Blind SQL Injection Date: 06/2024 Exploit Author: Andrey Stoykov Version: 3.11.1.2 Tested on: Ubuntu 22.04 Blog: https://msecureltd.blogspot.com/2024/05/friday-fun-pentest-series-6.html Steps to Reproduce: 1. Login to application 2. Click on "Workspaces" 3. Copy full U...
Serendipity 2.5.0 Remote Code Execution
Exploit Title: Serendipity 2.5.0 - Remote Code Execution RCE Discovered by: Ahmet Ümit BAYRAM Discovered Date: 26.04.2024 Vendor Homepage: https://docs.s9y.org/ Software Link:https://www.s9y.org/latest Tested Version: v2.5.0 latest Tested on: MacOS import requests import time import random import...
OpenOLAT 18.1.5 Cross Site Scripting / Privilege Escalation
SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple Stored Cross-Site Scripting Vulnerabilities product: OpenOLAT Frentix GmbH vulnerable version: = 18.1.4 and = 18.1.5 fixed version: 18.1.6 / 18.2 CVE number:...
Database Compilation 1.2 Cross Site Scripting
==================================================================================================================================== | Title : Database compilation CMS v1.2 XSS Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 65.0.232-bit ...
Flexense HTTP Server 10.6.24 Buffer Overflow / Denial Of Service
Exploit Title: Flexense HTTP Server 10.6.24 - Buffer Overflow DoS Metasploit Date: 2018-03-09 Exploit Author: Ege Balci Vendor Homepage: https://www.flexense.com/downloads.html Version: 'Flexense HTTP Server Denial Of Service', 'Description' = %q This module triggers a Denial of Service...
e-Biz Technocrats Pvt.Ltd SQL Injection
Exploit Title: Sql Injection on one site credentials can be use on other sites - Google Dork:" Designed and Developed by e-Biz Technocrats Pvt.Ltd " - Date: 05/11/2023 - Exploit Author: K1LL3rB4LL - Tested on: Mac, Windows, Linux Description: The vulnerability found is an SQL injection. You may r...
Best POS Management System 1.0 Shell Upload
Exploit Title: Best POS Management System v1.0 - Unauthenticated Remote Code Execution Google Dork: NA Date: 15/5/2023 Exploit Author: Mesut Cetin Vendor Homepage: https://www.sourcecodester.com/php/16127/best-pos-management-system-php.html Software Link:...
Roxy WI 6.1.0.0 Remote Command Execution
Exploit Title: Roxy WI v6.1.0.0 - Unauthenticated Remote Code Execution RCE via subprocessexecute Exploit Author: Iyaad Luqman K Application: Roxy WI = v6.1.0.0 Vendor Homepage: https://roxy-wi.org Software Link: https://github.com/hap-wi/roxy-wi.git Tested on: Ubuntu 22.04 CVE : CVE-2022-31137 P...
Chitor CMS 1.1.2 SQL Injection
┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...
WordPress Paid Memberships Pro 2.9.8 SQL Injection
!/usr/bin/env python Exploit Title: Paid Memberships Pro v2.9.8 WordPress Plugin - Unauthenticated SQL Injection Exploit Author: r3nt0n CVE: CVE-2023-23488 Date: 2023/01/24 Vulnerability discovered by Joshua Martinelle Vendor Homepage: https://www.paidmembershipspro.com Software Link:...
Backdoor.Win32.EvilGoat.b MVID-2022-0619 Hardcoded Credential
Discovery / credits: Malvuln John Page aka hyp3rlinx c 2022 Original source: https://malvuln.com/advisory/20daf01e941f966b21a7ae431faefc65.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.EvilGoat.b Vulnerability: Weak Hardcoded Credentials Description: The malwa...
Online Car Wash Booking System 1.0 Blind SQL Injection
Exploit Title: Online Car Wash Booking System 1.0 - Unauthenticated blind SQL Injection Exploit Author: segf0lt Date: April 14, 2022 Vendor Homepage: https://www.sourcecodester.com/php/15274/online-car-wash-booking-system-phpoop-free-source-code.html Software Link:...
MiniTool Partition Wizard 12.0 Unquoted Service Path
Exploit Title: MiniTool Partition Wizard - Unquoted Service Path Date: 08/04/2022 Exploit Author: Saud Alenazi Vendor Homepage: https://www.minitool.com/ Software Link: https://www.minitool.com/download-center/ Version: 12.0 Tested: Windows 10 PoC : C:\Users\saudhsc qc MTSchedulerService SC...
Backdoor.Win32.Jokerdoor Hardcoded Credential
Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/a6437375fff871dff97dc91c8fd6259f.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Jokerdoor Vulnerability: Weak Hardcoded Credentials Family: Jokerdoor Type: PE32 MD5:...
Sports Complex Booking System 1.0 SQL Injection
Title: Sports Complex Booking System 1.0 Blind SQLi To Rce Author: Hejap Zairy Date: 24.07.2022 Vendor: https://www.sourcecodester.com/php/15236/online-sports-complex-booking-system-phpmysql-free-source-code.html Software:...
i3 International Annexxus Cameras Ax-n 5.2.0 Application Logic Flaw
i3 International Annexxus Cameras Ax-n 5.2.0 Application Logic Flaw Vendor: i3 International Inc. Product web page: https://www.i3international.com Affected version: V5.2.0 build 150317 Ax46 V5.0.9 build 151106 Ax68 V5.0.9 build 150615 Ax78 Summary: The Annexxus camera 6MP provides 4 simultaneous...
Company's Recruitment Management System 1.0 Cross Site Scripting
Exploit Title: Company's Recruitment Management System 1.0. - 'title' Stored Cross-Site Scripting XSS Date: 17-10-2021 Exploit Author: Aniket Deshmane Vendor Homepage: https://www.sourcecodester.com/php/14959/companys-recruitment-management-system-php-and-sqlite-free-source-code.html Software Lin...
Backdoor.Win32.LanFiltrator.11.b Code Execution
Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/9f87546e667e5af59a8580ddf7fd43c7.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.LanFiltrator.11.b Vulnerability: Unauthenticated Remote Command Execution Description...
Mitsubishi Electric / INEA SmartRTU Source Code Disclosure
Exploit Title: Mitsubishi Electric & INEA SmartRTU - Source Code Disclosure Date: 2021-17-10 Exploit Author: Hamit CİBO Vendor Homepage: https://www.inea.si Software Link: https://www.inea.si/telemetrija-in-m2m-produkti/mertu/ Version: ME RTU Tested on: Windows CVE : CVE-2018-16060 PoC Request GE...
Exam Form Submission System 1.0 SQL Injection
Exploit Title: Exam Form Submission System 1.0 - SQL Injection Authentication Bypass Date: 30-09-2021 Exploit Author: Nitin Sharma Vidvansh Vendor Homepage: https://code-projects.org Product link: https://code-projects.org/exam-form-submission-in-php-with-source-code/ Version: 1.0 Tested on: XAMP...
Backdoor.Win32.Psychward.c Code Execution
Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/f60a8d71a822e0e485f22ada8f26c31e.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Psychward.c Vulnerability: Unauthenticated Remote Command Execution Description: The...