50738 matches found
Employee Management System 1.0 Cross Site Scripting
Exploit Title: Employee Management System 1.0 - Stored Cross Site Scripting Date: 2020-10-16 Exploit Author: Ankita Pal Vendor Homepage: https://www.sourcecodester.com/php/14432/employee-management-system-using-php.html Software Link:...
OwnCloud 8.1.8 Username Disclosure
OwnCloud version 8.1.8 stable are vulnerable to recovery all username login list. PoC: 1. Create an account in OwnCloud 2. Intercept connection with Burp 3. Share a file, typing anything --------------------------------------------------------- 4. Burp will capture this request GET...
iServiceOnline 1.0 SQL Injection
Exploit Title: iServiceOnline 1.0 - 'r' SQL Injection Dork: N/A Date: 2018-11-12 Exploit Author: Ihsan Sencan Vendor Homepage: https://sourceforge.net/projects/iserviceonline/ Software Link: https://netcologne.dl.sourceforge.net/project/iserviceonline/iServiceEng.zip Version: 1.0 Category: Webapp...
📄 Adapt Authoring Tool 0.11.3 Remote Command Execution
Adapt Authoring Tool version 0.11.3 suffers from a remote command execution vulnerability. Exploit Title: Adapt Authoring Tool 0.11.3 - Remote Command Execution RCE Date: 2024-11-24 Exploit Author: Eui Chul Chung Vendor Homepage: https://www.adaptlearning.org/ Software Link:...
📄 Palo Alto Networks Expedition 1.2.90.1 Privilege Escalation
Palo Alto Networks Expedition version 1.2.90.1 proof of concept exploit that allows for an administrative password reset. - Exploit Title: PoC for Admin Account Password Reset of Palo Alto Networks Expedition tool - Shodan Dork: html:"expedition project" - FOFA Dork: "expedition project" &&...
Simple College Website 1.0 Shell Upload
============================================================================================================================================= | Title : Simple College Website 1.0 code injection Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 129.0...
Art Gallery Management System 1.0 PHP Code Injection
============================================================================================================================================= | Title : Art Gallery Management System 1.0 php code injection Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla...
Simple Machines Forum 2.1.4 Code Injection
Exploit Title: Authenticated Code Injection - smfv2.1.4 Date: 8/2024 Exploit Author: Andrey Stoykov Version: 2.1.4 Tested on: Ubuntu 22.04 Blog: https://msecureltd.blogspot.com/2024/06/friday-fun-pentest-series-7-smfv214.html Code Injection Authenticated: Steps to Reproduce: 1. Login as admin 2...
Elber Wayber Analog/Digital Audio STL 4.00 Insecure Direct Object Reference
Elber Wayber Analog/Digital Audio STL 4.00 Device Config Vendor: Elber S.r.l. Product web page: https://www.elber.it Affected version: Version 3.0.0 Revision 1553 Firmware Ver. 4.00 Rev. 1501 Version 3.0.0 Revision 1542 Firmware Ver. 4.00 Rev. 1516 Version 3.0.0 Revision 1530 Firmware Ver. 4.00...
DerbyNet 9.0 inc/kisosks.inc Cross Site Scripting
CVE ID: CVE-2024-30926 Description: A Cross-Site Scripting XSS vulnerability has been identified in DerbyNet version 9.0, affecting the ./inc/kiosks.inc component. This vulnerability permits remote attackers to execute arbitrary code by exploiting the addressforcurrentkiosk function. The issue...
Rail Pass Management System 1.0 SQL Injection
Exploit Title: Rail Pass Management System - 'searchdata' Time-Based SQL Injection Date: 02/10/2023 Exploit Author: Alperen Yozgat Vendor Homepage: https://phpgurukul.com/rail-pass-management-system-using-php-and-mysql/ Software Link: https://phpgurukul.com/?sdmprocessdownload=1&downloadid=17479...
VIMESA VHF/FM Transmitter Blue Plus 9.7.1 Denial Of Service
VIMESA VHF/FM Transmitter Blue Plus 9.7.1 doreboot Remote Denial Of Service Vendor: Video Medios, S.A. VIMESA Product web page: https://www.vimesa.es Affected version: img:v9.7.1 Html:v2.4 RS485:v2.5 Summary: The transmitter Blue Plus is designed with all the latest technologies, such as high...
Electrolink FM/DAB/TV Transmitter Vertical Privilege Escalation
Electrolink FM/DAB/TV Transmitter Vertical Privilege Escalation Vendor: Electrolink s.r.l. Product web page: https://www.electrolink.com Affected version: 10W, 100W, 250W, Compact DAB Transmitter 500W, 1kW, 2kW Medium DAB Transmitter 2.5kW, 3kW, 4kW, 5kW High Power DAB Transmitter 100W, 500W, 1kW...
Grawlix 1.5.1 Cross Site Scripting
Title: grawlix-1.5.1 XSS-Reflected Author: nu11secur1ty Date: 08/29/2023 Vendor: https://getgrawlix.com/ Software: Reference: https://portswigger.net/web-security/cross-site-scripting Description: The value of the ref request parameter is copied into the value of an HTML tag attribute which is...
E-partenaire LMS 1.0.0 Cross Site Scripting
==================================================================================================================================== | Title : E-partenaire LMS v1.0.0 XSS Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 68.032-bit | | Vend...
WordPress User Registration 3.0.2 Arbitrary File Upload
Description: User Registration = 3.0.2 – Authenticated Subscriber+ Arbitrary File Upload Affected Plugin: User Registration – Custom Registration Form, Login Form And User Profile For WordPress Plugin Slug: user-registration Affected Versions: = 3.0.2 CVE ID: CVE-2023-3342 CVSS Score: 9.9 Critica...
Quickad Classified Ads CMS 10.4 SQL Injection
┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...
WordPress Getwid Gutenberg Blocks 1.8.3 Improper Authorization / SSRF
On April 6, 2023, the Wordfence Threat Intelligence team initiated the responsible disclosure process for two vulnerabilities in Getwid – Gutenberg Blocks, a plugin installed on over 50,000 WordPress sites. The plugin’s developers responded immediately, and we sent over the full disclosure the sa...
Osprey Pump Controller 1.0.1 eventFileSelected Command Injection
Osprey Pump Controller 1.0.1 eventFileSelected Command Injection Vendor: ProPump and Controls, Inc. Product web page: https://www.propumpservice.com | https://www.pumpstationparts.com Affected version: Software Build ID 20211018, Production 10/18/2021 Mirage App: MirageAppManager, Release 1.0.1...
WordPress Slider Revolution 4.1.2 Directory Traversal
==================================================================================================================================== | Title : WordPress - Slider Revolution 4.1.2 Directory Traversal Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla...
IOTransfer 4 Unquoted Service Path
Exploit Title: IOTransfer V4 - Unquoted Service Path Exploit Author: BLAY ABU SAFIAN Inveteck Global Discovery Date: 2022-28-07 Vendor Homepage: http://www.iobit.com/en/index.php Software Link: https://iotransfer.itopvpn.com/download/ Tested Version: V4 Vulnerability Type: Unquoted Service Path...
WordPress 3dady Real-Time Web Stats 1.0 Cross Site Scripting
Exploit Title: Wordpress Plugin 3dady real-time web stats 1.0 - Stored Cross Site Scripting XSS Google Dork: inurl:/wp-content/plugins/3dady-real-time-web-stats/ Date: 2022-08-24 Exploit Author: UnD3sc0n0c1d0 Vendor Homepage: https://profiles.wordpress.org/3dady/ Software Link:...
Library Management System With QR Code 1.0 Cross Site Scripting
Title: Library Management System with QR code Attendance 1.0 Stored Cross-Site Scripting Author: Ashish Kumar https://www.linkedin.com/in/ashish-kumar-0b65a3184 Date: 27.06.2022 Vendor: https://www.sourcecodester.com/users/kingbhob02 Software:...
Simple Subscription Website 1.0 SQL Injection
Exploit Title: Simple Subscription Website 1.0 - SQLi Authentication Bypass Exploit Author: Daniel Haro Dirox Vendor Homepage: https://www.sourcecodester.com/php/15013/simple-subscription-website-admin-panel-php-and-sqlite-source-code.html Software Link:...
Online Traffic Offense Management System 1.0 SQL Injection
Exploit Title: Online Traffic Offense Management System 1.0 - 'id' SQL Injection Authenticated Date: 19/08/2021 Exploit Author: Justin White Vendor Homepage: https://www.sourcecodester.com Software Link:...
NetModule Router Software Password Handling / Session Fixation
SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple Vulnerabilities in NetModule Router Software product: NetModule Router Software NRSW vulnerable version: Before 4.3.0.113, 4.4.0.111, 4.5.0.105 fixed version:...
osCommerce 2.3.4.1 Remote Code Execution
Exploit Title: osCommerce 2.3.4.1 - Remote Code Execution 2 Vulnerability: Remote Command Execution when /install directory wasn't removed by the admin Exploit: Exploiting the install.php finish process by injecting php payload into the dbdatabase parameter & read the system command output from...
ProjeQtOr Project Management 9.1.4 Shell Upload
Exploit Title: ProjeQtOr Project Management 9.1.4 - Remote Code Execution Date: 29.05.2021 Exploit Author: Temel Demir Vendor Homepage: https://www.projeqtor.org Software Link: https://sourceforge.net/projects/projectorria/files/projeqtorV9.1.4.zip Version: v9.1.4 Tested on: Laragon @WIN10...
Windows 10 Wi-Fi Drivers For Intel Wireless Adapters 22.30.0 Privilege Escalation
Hi @ll, the executable installers version 22.30.0 Latest, published 2/23/2021, for the "Windows® 10 Wi-Fi Drivers for Intel® Wireless Adapters", and , available from are SURPRISE! vulnerable: they allow arbitrary code execution WITH local escalation of privilege. CVSS 3.0 score: 8.2 High CVSS 3.0...
Id Card Generator 1.0 Cross Site Scripting
Exploit Title: Id Card Generator | Cross Site Scripting 'download.php' Exploit Author: Richard Jones Date: 2021-03-28 Vendor Homepage: https://www.sourcecodester.com/php/12040/id-generator-php.html Software Link:...
Backdoor.Win32.Cabrotor.21 Insecure Permissions
Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/af7001c2d6284a1295638576bc138cb2.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Cabrotor.21 Vulnerability: Insecure Permissions Description: Cabrotor.21 backdoor...
SmartFoxServer 2X 2.17.0 Remote Code Execution
SmartFoxServer 2X 2.17.0 God Mode Console Remote Code Execution Vendor: gotoAndPlay Product web page: https://www.smartfoxserver.com Affected version: Server: 2.17.0 Remote Admin: 3.2.6 SmartFoxServer 2X, Pro, Basic Summary: SmartFoxServer SFS is a comprehensive SDK for rapidly developing...
IP Watcher 3.0.0.30 Unquoted Service Path
Exploit Title: IP Watcher v3.0.0.30 - 'PACService.exe' Unquoted Service Path Date: 2020-8-25 Exploit Author: Mohammed Alshehri Vendor Homepage: https://www.gearboxcomputers.com/ Software Link: https://www.gearboxcomputers.com/files/IPWatcherSetup.exe Version: 3.0.0.30 Tested on: Microsoft Windows...
Online Student's Management System 1.0 Shell Upload
Exploit Title: Online Student's Management System 1.0 - Remote Code Execution Authenticated Google Dork: N/A Date: 2020/10/18 Exploit Author: Akıner Kısa Vendor Homepage: https://www.sourcecodester.com/php/14490/online-students-management-system-php-full-source-code-2020.html Software Link:...
Podman / Varlink Remote Code Execution
!/usr/bin/python -- coding: UTF-8 -- pickletime.py Podman + Varlink Insecure Config Remote Exploit Jeremy Brown jbrown3264/gmail @ Oct 2019 ------- Details ------- Podman is container engine / platform similar to Docker supported by RedHat and Fedora with Varlink being a protocol to exchange...
WordPress Spryng Payments WooCommerce 1.6.7 Cross Site Scripting
Class Input Validation Error Remote Yes Credit Ricardo Sanchez Vulnerable Spryng payments woocommerce 1.6.7 Spryng payments woocommerce is prone to a reflected cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to...
Mumsoft Easy Software 2.0 Denial Of Service
Exploit Title: Mumsoft Easy Software 2.0 - Denial of Service PoC Dork: N/A Date: 2018-11-15 Exploit Author: Ihsan Sencan Vendor Homepage: https://www.munsoft.com/EasyRARRecovery/ Software Link:...
PCManFTPD 2.0.7 Server APPE Command Buffer Overflow
!/usr/bin/python Exploit Title: PCManFTPD 2.0.7 Server APPE Command - Buffer Overflow Exploit Date: 30/10/2018 Exploit Author: DC - Telspace Systems Vendor Homepage: http://pcman.openfoundry.org/ Contact: [email protected] Version: 2.0.7 Tested on: Windows XP Prof SP3 ENG x86 CVE:...
CMS Made Simple 2.2.7 Remote Code Execution
Exploit Title: CMS Made Simple 2.2.7 - Remote Code Execution Date: 04-11-2018 Exploit Author: Lucian Ioan Nitescu Contact: https://twitter.com/LucianNitescu Webiste: https://nitesculucian.github.io Vendor Homepage: https://www.cmsmadesimple.org/ Software Link:...
peoplebook10.txt
--------------------------------------------------------------------------- Peoplebook Mambo Component = v1.0 Remote File Include Vulnerabilities --------------------------------------------------------------------------- Author : Matdhule Date : August, 14th 2006 Location : Indonesia, Jakarta...
📄 Windows Server Update Service Deserialization Remote Code Execution
This Metasploit module exploits a deserialization vulnerability in the legacy serialization mechanism in Windows Server Update Services WSUS. The vulnerability allows an unauthenticated attacker to create a specially crafted event, which triggers an unsafe deserialization upon server...
📄 Student Result Management System 2.0 SQL Injection / Local File Inclusion
Student Result Management System version 2.0 suffers from unauthenticated remote SQL injection and local file inclusion vulnerabilities. Exploit Title: Student Result Management System v2.0 Unauthenticated SQL Injection / Local File Inclusion Date: 2025-08-22 Exploit Author: Mehmet Can Kadıoğlu...
ABB Cylon Aspect 3.08.01 jsonProxy.php Servlet Inclusion Authentication Bypass
ABB Cylon Aspect 3.08.01 jsonProxy.php Servlet Inclusion Authentication Bypass Vendor: ABB Ltd. Product web page: https://www.global.abb Affected version: NEXUS Series, MATRIX-2 Series, ASPECT-Enterprise, ASPECT-Studio Firmware: =3.08.01 Summary: ASPECT is an award-winning scalable building energ...
Car Washing Management System 1.0 Insecure Settings
==================================================================================================================================== | Title : Car Washing Management System 1.0 Insecure Settings Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox...
Netlogon Weak Cryptographic Authentication
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'windowserror' class MetasploitModule 'Netlogon Weak Cryptographic Authentication', 'Description' = %q A vulnerability exists within the Netlogon authentication...
ESET NOD32 Antivirus 17.0.16.0 Unquoted Service Path
Exploit Title: ESET NOD32 Antivirus 17.0.16.0 - Unquoted Service Path Exploit Author: Milad Karimi Ex3ptionaL Exploit Date: 2024-04-01 Vendor : https://www.eset.com Version : 17.0.16.0 Tested on OS: Microsoft Windows 10 pro x64 C:\wmic service get name,displayname,pathname,startmode |findstr /i...
PHPJabbers Shared Asset Booking System 1.0 Cross Site Scripting
Exploit Title: PHPJabbers Shared Asset Booking System v1.0 - Multiple Stored XSS Date: 19/12/2023 Exploit Author: BugsBD Limited Discover by: Rahad Chowdhury Vendor Homepage: https://www.phpjabbers.com/ Software Link: https://www.phpjabbers.com/shared-asset-booking-system/sectionDemo Version: v1....
LOYTEC Electronics Insecure Transit / Insecure Permissions / Unauthenticated Access
CVE : CVE-2023-46380, CVE-2023-46381, CVE-2023-46382 + Title : Multiple vulnerabilities in Loytec LWEB-802, L-INX Automation Servers, L-IOB I/O Controllers, L-VIS Touch Panels + Vendor : LOYTEC electronics GmbH + Affected Products : LINX-212 firmware 6.2.4, LVIS-3ME12-A1 firmware 6.2.2, LIOB-586...
Kaledo RD CMS 1.0 SQL Injection
==================================================================================================================================== | Title : Kalédo RD CMS va1.0 SQL Injection vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 63.0.3 32-bit...
HighPlus CMS 0.1.3 SQL Injection
==================================================================================================================================== | Title : HighPlus CMS v0.1.3 Auth By pass Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 63.0.3 32-bit ...