50738 matches found
WordPress WP Visitor Statistics 4.7 SQL Injection
Exploit Title: WordPress Plugin WP Visitor Statistics 4.7 - SQL Injection Date 22/12/2021 Exploit Author: Ron Jost Hacker5preme Vendor Homepage: https://www.plugins-market.com/ Software Link: https://downloads.wordpress.org/plugin/wp-stats-manager.4.7.zip Version: = 4.7 Tested on: Ubuntu 18.04 CV...
Online Thesis Archiving System 1.0 SQL Injection / Cross Site Scripting
Exploit Title: Online Thesis Archiving System 1.0 - SQLi Authentication Bypass & Stored XSS Exploit Author: Yehia Elghaly YME Vendor Homepage: https://www.sourcecodester.com/ Software Link: https://www.sourcecodester.com/php/15083/online-thesis-archiving-system-using-phpoop-free-source-code.html...
College Management System 1.0 SQL Injection
Exploit Title: college management system - SQL Injection Authentication Bypass Date: 01/10/2021 Exploit Author: Abdulrahman https://twitter.com/infosec90 Vendor Homepage: https://www.eedunext.com/ Software Link: https://code-projects.org/college-management-system-in-php-with-source-code/ Version:...
Remote Mouse 4.002 Unquoted Service Path
Exploit Title: Remote Mouse 4.002 - Unquoted Service Path Exploit Author: Salman Asad @deathflash1411, [email protected] Date: 03.09.2021 Software Link: https://www.remotemouse.net/downloads/RemoteMouse.exe Vendor Homepage: https://www.remotemouse.net/ Version: Remote Mouse 3.008 & 4.002 Tested on...
Atlassian JIRA 8.11.1 User Enumeration
Title: Atlassian JIRA 8.11.1 - User Enumeration Author: Dolev Farhi Vulnerable versions: version ' print'e.g. python3 script.py https://jiratarget.com usernames.txt' sys.exit if lensys.argv 3: help server = sys.argv1 usernames = sys.argv2 randomuser = '0x00001' try: os.path.existsusernames except...
b2evolution CMS 6.11.6 Cross Site Scripting
Exploit Title: Reflected XSS in b2evolution CMS 6.11.6 via tab3 parameter in evoadm.php CVE : CVE-2020-22839 Date: 10/02/2021 Exploit Author: Nakul Ratti, Soham Bakore Vendor Homepage: https://b2evolution.net/ Software Link: https://b2evolution.net/downloads/6-11-6-stable?download=12405 Version:...
Online Marriage Registration System 1.0 Remote Code Execution
Exploit Title: Online Marriage Registration System OMRS 1.0 - Remote Code Execution Authenticated Google Dork: N/A Date: 2020-14-12 Exploit Author: Andrea Bruschi - www.andreabruschi.net Vendor Homepage: https://phpgurukul.com/ Software Link:...
TimeClock Software 1.01 SQL Injection
!/usr/bin/python3 Exploit Title: TimeClock Software 1.01 Authenticated Time-Based SQL Injection Date: July 21, 2020 Exploit Author: François Bibeau Co Author: Tyler Butler, http://tbutler.org, https://twitter.com/tbutler0x90 Vendor Homepage: http://timeclock-software.net/ Software Link:...
Microsoft Internet Explorer Use-After-Free
IE: Use-after-free in JScript arguments during toJSON callback There is a use-after-free issue in JSCript triggerable via Internet Explorer where the members of the 'arguments' object aren't tracked by the garbage collector during the 'toJSON' callback. Thus, during the 'toJSON' callback, it is...
Ping Identity Agentless Integration Kit Cross Site Scripting
Ping Identity Agentless Integration Kit Reflected Cross-site Scripting XSS Link: https://github.com/sbaresearch/advisories/tree/public/2019/SBA-ADV-20190305-01PingIdentityAgentlessIntegrationKitReflectedXSS Vulnerability Overview Ping Identity Agentless Integration Kit before 1.5 is susceptible t...
Apache Tomcat Manager Code Execution
This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 /Apache.Coyote|Tomcat/ CSRFVAR = 'CSRFNONCE=' include Msf::Exploit::Remote::HttpClient include Msf::Exploit::EXE def initializeinfo =...
📄 Pandora FMS Authenticated Command Injection
This Metasploit module exploits a command injection vulnerability in the chromium-path or phantomjs-bin directory setting at the application settings page of Pandora FMS. You need to have administrative access in the Pandora FMS web application in order to achieve remote code execution. This modu...
Eramba Remote Code Execution
This Metasploit module exploits a remote code execution vulnerability in Eramba. An authenticated user can execute arbitrary commands on the server by exploiting the path parameter in the download-test-pdf endpoint. Eramba debug mode has to be enabled. Versions up to 3.19.1 are affected. This...
Craft CMS 3.9.14 Remote Command Execution
Craft CMS version 3.9.14 proof of concept remote command execution exploit that leverages a vulnerability discovered in 2024. ============================================================================================================================================= | Title : Craft CMS 3.9.14...
OpenPanel 0.3.4 Directory Traversal / Arbitrary File Read
OpenPanel version 0.3.4 suffers from a directory traversal vulnerability in the fix permission functionality. This can be leveraged to change permissions on files unaccessible to userland and make them accessible to attackers. Exploit Title: OpenPanel 0.3.4 - Insecure Permission Modification via...
Sentry Switched CDU Bruteforce Login Utility
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Sentry Switched CDU Bruteforce Login Utility', 'Description' = % This module scans for ServerTech's Sentry Switched CDU Cabinet Power Distributio...
Cisco IOS HTTP Unauthorized Administrative Access
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Cisco IOS HTTP Unauthorized Administrative Access', 'Description' = %q This module exploits a vulnerability in the Cisco IOS HTTP Server. By...
Moxa UDP Device Discovery
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Moxa UDP Device Discovery', 'Description' = %q The Moxa protocol listens on 4800/UDP and will respond to broadcast or direct traffic. The service...
Cablehaunt Cable Modem WebSocket Denial of Service
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'eventmachine' require 'faye/websocket' class MetasploitModule '"Cablehaunt" Cable Modem WebSocket DoS', 'Description' = %q There exists a buffer overflow...
Siemens SIPROTEC 4 and SIPROTEC Compact EN100 Ethernet Module Denial Of Service
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Siemens SIPROTEC 4 and SIPROTEC Compact EN100 Ethernet Module - Denial of Service', 'Description' = %q This module sends a specially crafted pack...
Lost And Found Information System 1.0 SQL Injection
Exploit Title: Unauthenticated Blind Boolean-Based SQL Injection Exploit - Lost and Found Information System Exploit Author: Amit Roy Rezur / AR0x7 Date: June 07, 2024 Vendor Homepage:...
Quick.CMS 6.7 SQL Injection
Exploit Title: Quick.CMS 6.7 SQL Injection Login Bypass Google Dork: N/A Date: 02-03-2024 Exploit Author: ./H4X.Forensics - Diyar Vendor Homepage: https://www.opensolution.org Software Link: https://opensolution.org/download/home.html?sFile=Quick.Cmsv6.7-en.zip Version: 6.7 Tested on: Windows CVE...
NorthStar C2 Agent 1.0 Cross Site Scripting / Remote Command Execution
Exploit Title: NorthStar C2 agent RCE via stored XSS Date: 2024-03-11 Exploit Author: @chebuya Software Link: https://github.com/EnginDemirbilek/NorthStarC2 Version: v1.0 Tested on: Ubuntu 20.04 LTS CVE: CVE-2024-28741 Description: NorthStar C2 applies insufficient sanitization on agent...
SPA-Cart eCommerce CMS 1.9.0.3 Cross Site Scripting
Exploit Title: SPA-Cart eCommerce CMS 1.9.0.3 - Reflected XSS Exploit Author: CraCkEr Date: 20/08/2023 Vendor: SPA-Cart Vendor Homepage: https://spa-cart.com/ Software Link: https://demo.spa-cart.com/ Tested on: Windows 10 Pro Impact: Manipulate the content of the site CVE: CVE-2023-4547 CWE:...
FOG Forum 0.8 Cross Site Scripting
==================================================================================================================================== | Title : FOG Forum v0.8 XSS Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 63.0.3 32-bit | | Vendor :...
E-Biz CMS 2.0 Cross Site Request Forgery
==================================================================================================================================== | Title : E-Biz CMS v2.0 CSRF Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 69.032-bit | | Vendor :...
Virtual Snipers DMS 1.0 SQL Injection
==================================================================================================================================== | Title : Virtual Snipers DMS v1.0 Auth by pass Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox...
Joomla Jomestate 4.0 SQL Injection
==================================================================================================================================== | Title : Joomla com jomestate v4.0 Sql injection Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 63.0.3...
CMS Made Simple 2.2.17 Server-Side Template Injection
Exploit Title: CmsMadeSimple v2.2.17 - session hijacking via Server-Side Template Injection SSTI Application: CmsMadeSimple Version: v2.2.17 Bugs: SSTI Technology: PHP Vendor URL: https://www.cmsmadesimple.org/ Software Link: https://www.cmsmadesimple.org/downloads/cmsms Date of found: 13-07-2023...
Blogator 0.93 Cross Site Scripting
==================================================================================================================================== | Title : Blogator script v 0.93 XSS Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 66.0.264-bit | |...
Thruk Monitoring Web Interface 3.06 Path Traversal
Exploit Title: Path Traversal Vulnerability in Thruk Monitoring Web Interface ≤ 3.06 Date: 08-Jun-2023 Exploit Author: Galoget Latorre @galoget CVE: CVE-2023-34096 Galoget Latorre Vendor Homepage: https://thruk.org/ Software Link: https://github.com/sni/Thruk/archive/refs/tags/v3.06.zip Software...
WordPress Tree Page View 1.6.7 Cross Site Scripting
Exploit Title: Tree Page View Plugin 1.6.7 - Cross Site Scripting XSS Google Dork: inurl:/wp-content/plugins/cms-tree-page-view/ Date: 2023-04-24 Exploit Author: LEE SE HYOUNG hackintoanetwork Vendor Homepage: https://wordpress.org/plugins/cms-tree-page-view/ Software Link:...
Rocket Software Unidata 8.2.4 Build 3003 Buffer Overflow
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule The amount of padding required to overwrite the return addr 'offset' = 0x2b8, This returns to "mov rdi, rsp / call system", which means the...
Yoga Class Registration System 1.0 SQL Injection
Exploit Title: Authenticated POST based SQL Injection when delete user on Yoga Class Registration System Google Dork: NA Date: 23/2/2023 Exploit Author: Ahmed Ismail @MrOz1l Vendor Homepage: https://www.sourcecodester.com/php/16097/yoga-class-registration-system-php-and-mysql-free-source-code.htm...
Senayan Library Management System 9.5.0 SQL Injection
Title: Senayan Library Management System v9.5.0 a.k.a SLIMS 9 BULIAN SQLi Author: nu11secur1ty Date: 11.03.2022 Vendor: https://slims.web.id/web/ Software: https://github.com/slims/slims9bulian/releases Reference:...
Fast Food Ordering System 1.0 SQL Injection
Title: Fast Food Ordering System 1.0 SQLi Author: nu11secur1ty Date: 05.30.2022 Vendor: https://www.sourcecodester.com/users/tips23 Software: https://www.sourcecodester.com/php/15366/fast-food-ordering-system-phpoop-free-source-code.html Reference:...
Pluck CMS 4.7.16 Shell Upload
Exploit Title: Pluck CMS 4.7.16 - Remote Code Execution RCE Authenticated Date: 13.03.2022 Exploit Author: Ashish Koli Shikari Vendor Homepage: https://github.com/pluck-cms/pluck Version: 4.7.16 Tested on Ubuntu 20.04.3 LTS CVE: CVE-2022-26965 Usage : python3 exploit.py Example: python3 exploit.p...
Backdoor.Win32.BNLite Buffer Overflow
Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/9cec5a23887f0c73148ab3ea147a6fa4.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.BNLite Vulnerability: Remote Heap Based Buffer Overflow Description: The malware...
WordPress Mail Masta 1.0 Local File Inclusion
Exploit Title: WordPress Plugin Mail Masta 1.0 - Local File Inclusion 2 Date: 2021-08-24 Exploit Author: Matheus Alexandre Xcatolin Software Link: https://downloads.wordpress.org/plugin/mail-masta.zip Version: 1.0 WordPress Plugin Mail Masta is prone to a local file inclusion vulnerability becaus...
Backdoor.Win32.IRCBot.gen Weak Hardcoded Password
Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/9b12ff6b8b025e7fb0a171abad41c79c.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.IRCBot.gen Vulnerability: Weak Hardcoded Password Description: The malware listens on...
Advanced Guestbook 2.4.4 Cross Site Scripting
Exploit Title: Advanced Guestbook 2.4.4 - 'Smilies' Persistent Cross-Site Scripting XSS Date: 17/08/2021 Exploit Author: Abdulkadir AYDOGAN Vendor Homepage: https://www.ampps.com/apps/guestbooks/AdvancedGuestbook Software Link: https://www.ampps.com/apps/guestbooks/AdvancedGuestbook Version: 2.4....
Trojan.Win32.Scar.dxir Insecure Permissions
Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/68ed9d6e4f3e917ab4b91689e2890754.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Trojan.Win32.Scar.dxir Vulnerability: Insecure Permissions Description: Scar.dxir creates a insecure...
Online Catering Reservation System 1.0 Code Execution
Exploit Title: Online Catering Reservation System 1.0 - Unauthenticated Remote Code Execution Date: 28-02-2021 Exploit Author: Christian Vierschilling Vendor Homepage: https://www.sourcecodester.com Software Link: https://www.sourcecodester.com/php/11355/online-catering-reservation.html Version:...
Backdoor.Win32.Mhtserv.b Missing Authentication
Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/0ba104d752eb63194c356c309196c710.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Mhtserv.b Vulnerability: Missing Authentication Description: Mhtserv.b listens on TCP...
Apartment Visitors Management System Project 1.0 SQL Injection
Exploit Title: Apartment Visitors Management System Project 1.0 - Authentication Bypass Date: 2020-07-14 Exploit Author: gh1mau Team Members: Capt'N,muzzo,chaos689 | https://h0fclanmalaysia.wordpress.com/ Vendor Homepage:...
Trend Micro Web Security (Virtual Appliance) Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Trend Micro Web Security Virtual Appliance Remote Code Execution', 'Description' = %q This module exploits multiple vulnerabilities together in...
Piwigo 2.9.5 Cross Site Scripting / SQL Injection / Command Execution
/ / / / / / / / / / / / / / / / / / / / / \ / // / // / / / / / / / // / / / /,/// // /// // GulfTech Research and Development Piwigo = 2.9.5 Multiple Vulnerabilities Released Date: 2019-09-22 Last Modified: 2019-09-22 Company Info: Piwigo.org Version Info: Vulnerable Piwigo = 2.9.5 -- Table...
Pedidos 1.0 SQL Injection
Exploit Title: Pedidos 1.0 - SQL Injection Dork: N/A Date: 2018-11-12 Exploit Author: Ihsan Sencan Vendor Homepage: http://obedalvarado.pw/ Software Link: https://netcologne.dl.sourceforge.net/project/sistema-web-de-pedidos-php/pedidos.zip Version: 1.0 Category: Webapps Tested on:...
Staubli Jacquard Industrial System JC6 Shellshock
Exploit Title: Staubli Jacquard Industrial System | GNU Bash Environment Variable Handling Code Injection Shellshock Date: 21.09.2018 Exploit Author: t4rkd3vilz Vendor Homepage: https://www.staubli.com Software Link: https://www.staubli.com/tr-tr/textile/textile-machinery-solutions/ Version:JC6...
📄 MagnusBilling 6.x / 7.x Command Injection
MagnusBilling versions 6.x and 7.x suffer from an unauthenticated remote command injection vulnerability. Exploit Title: MagnusBilling 6.x and 7.x Unauthenticated Remote Command Injection Vulnerability Date: 2024-10-26 Exploit Author: CodeSecLab Vendor Homepage:...