50748 matches found
WordPress Spryng Payments WooCommerce 1.6.7 Cross Site Scripting
Class Input Validation Error Remote Yes Credit Ricardo Sanchez Vulnerable Spryng payments woocommerce 1.6.7 Spryng payments woocommerce is prone to a reflected cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to...
Mumsoft Easy Software 2.0 Denial Of Service
Exploit Title: Mumsoft Easy Software 2.0 - Denial of Service PoC Dork: N/A Date: 2018-11-15 Exploit Author: Ihsan Sencan Vendor Homepage: https://www.munsoft.com/EasyRARRecovery/ Software Link:...
PCManFTPD 2.0.7 Server APPE Command Buffer Overflow
!/usr/bin/python Exploit Title: PCManFTPD 2.0.7 Server APPE Command - Buffer Overflow Exploit Date: 30/10/2018 Exploit Author: DC - Telspace Systems Vendor Homepage: http://pcman.openfoundry.org/ Contact: [email protected] Version: 2.0.7 Tested on: Windows XP Prof SP3 ENG x86 CVE:...
peoplebook10.txt
--------------------------------------------------------------------------- Peoplebook Mambo Component = v1.0 Remote File Include Vulnerabilities --------------------------------------------------------------------------- Author : Matdhule Date : August, 14th 2006 Location : Indonesia, Jakarta...
📄 WordPress WP Reactions Box 1.0 SQL Injection
WordPress WP Reactions Box plugin versions 1.0 and below suffer from a remote SQL Injection vulnerability. Exploit Title: WordPress WP Reactions Box Plugin 1.0 - SQL Injection Google Dork: N/A Date: 2025-08-24 Exploit Author: bRpsd cyatlive.no Vendor Homepage:...
📄 Student Result Management System 2.0 SQL Injection / Local File Inclusion
Student Result Management System version 2.0 suffers from unauthenticated remote SQL injection and local file inclusion vulnerabilities. Exploit Title: Student Result Management System v2.0 Unauthenticated SQL Injection / Local File Inclusion Date: 2025-08-22 Exploit Author: Mehmet Can Kadıoğlu...
ABB Cylon Aspect 3.08.01 jsonProxy.php Servlet Inclusion Authentication Bypass
ABB Cylon Aspect 3.08.01 jsonProxy.php Servlet Inclusion Authentication Bypass Vendor: ABB Ltd. Product web page: https://www.global.abb Affected version: NEXUS Series, MATRIX-2 Series, ASPECT-Enterprise, ASPECT-Studio Firmware: =3.08.01 Summary: ASPECT is an award-winning scalable building energ...
Netlogon Weak Cryptographic Authentication
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'windowserror' class MetasploitModule 'Netlogon Weak Cryptographic Authentication', 'Description' = %q A vulnerability exists within the Netlogon authentication...
SureMDM On-Premise CAPTCHA Bypass / User Enumeration
Exploit Title: SureMDM On-premise 6.31 - CAPTCHA Bypass User Enumeration Date: 05/12/2023 Exploit Author: Jonas Benjamin Friedli Vendor Homepage: https://www.42gears.com/products/mobile-device-management/ Version: = 6.31 Tested on: 6.31 CVE : CVE-2023-3897 import requests import sys def printhelp...
Saltstack Minion Payload Deployer
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Saltstack Minion Payload Deployer', 'Description' = %q This exploit module uses saltstack salt to deploy a payload and run it on all targets whic...
PHPJabbers Shared Asset Booking System 1.0 Cross Site Scripting
Exploit Title: PHPJabbers Shared Asset Booking System v1.0 - Multiple Stored XSS Date: 19/12/2023 Exploit Author: BugsBD Limited Discover by: Rahad Chowdhury Vendor Homepage: https://www.phpjabbers.com/ Software Link: https://www.phpjabbers.com/shared-asset-booking-system/sectionDemo Version: v1....
LOYTEC Electronics Insecure Transit / Insecure Permissions / Unauthenticated Access
CVE : CVE-2023-46380, CVE-2023-46381, CVE-2023-46382 + Title : Multiple vulnerabilities in Loytec LWEB-802, L-INX Automation Servers, L-IOB I/O Controllers, L-VIS Touch Panels + Vendor : LOYTEC electronics GmbH + Affected Products : LINX-212 firmware 6.2.4, LVIS-3ME12-A1 firmware 6.2.2, LIOB-586...
Electrolink FM/DAB/TV Transmitter Unauthenticated Remote Denial Of Service
Electrolink FM/DAB/TV Transmitter Unauthenticated Remote DoS Vendor: Electrolink s.r.l. Product web page: https://www.electrolink.com Affected version: 10W, 100W, 250W, Compact DAB Transmitter 500W, 1kW, 2kW Medium DAB Transmitter 2.5kW, 3kW, 4kW, 5kW High Power DAB Transmitter 100W, 500W, 1kW, 2...
Kaledo RD CMS 1.0 SQL Injection
==================================================================================================================================== | Title : Kalédo RD CMS va1.0 SQL Injection vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 63.0.3 32-bit...
HighPlus CMS 0.1.3 SQL Injection
==================================================================================================================================== | Title : HighPlus CMS v0.1.3 Auth By pass Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 63.0.3 32-bit ...
E-Journal Homoeo CMS 2.0.3 SQL Injection
==================================================================================================================================== | Title : E-Journal homoeo CMS v2.0.3 Sql inhection Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox...
Bayfront CMS 1.0 SQL Injection
==================================================================================================================================== | Title : Bayfront-CMS v1.0 Auth by pass Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 108.032-bit | |...
XAMPP 8.2.4 Unquoted Service Path
Exploit Title: XAMPP 8.2.4 - Unquoted Path Date: 07/2023 Exploit Author: Andrey Stoykov Version: 8.2.4 Software Link: https://sourceforge.net/projects/xampp/files/XAMPP%20Windows/8.2.4/xampp-windows-x64-8.2.4-0-VS16-installer.exe Tested on: Windows Server 2022 Blog: http://msecureltd.blogspot.com...
SPIP 4.2.3 SQL Injection
Title: spip-v4.2.3 SQLi-cookie session vulnerability - Server Side Sensitive information Disclosure! Author: nu11secur1ty Date: 06.28.2023 Vendor: https://www.spip.net/enrubrique25.html Software: https://files.spip.net/spip/archives/spip-v4.2.3.zip Reference:...
Nokia ASIKA 7.13.52 Private Key Disclosure
// Exploit Title: Nokia ASIKA 7.13.52 - Hard-coded private key disclosure // Date: 2023-06-20 // Exploit Author: Amirhossein Bahramizadeh // Category : Hardware // Vendor Homepage: https://www.nokia.com/about-us/security-and-privacy/product-security-advisory/cve-2023-25187/ // Version: 7.13.52...
UliCMS 2023-1 Sniffing-Vicuna Shell Upload
Exploit Title: Ulicms-2023.1 sniffing-vicuna - Remote Code Execution RCE Application: Ulicms Version: 2023.1-sniffing-vicuna Bugs: RCE Technology: PHP Vendor URL: https://en.ulicms.de/ Software Link: https://www.ulicms.de/content/files/Releases/2023.1/ulicms-2023.1-sniffing-vicuna-full.zip Date o...
Joomla JKassa ShoppingCart 2.0.0 SQL Injection
┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...
Online Market Place Site 1.0 SQL Injection
Exploit Title: Online Market Place Site v1.0 - Unauthenticated Blind Time-Based SQL Injection Exploit Author: Joe Pollock Date: September 03, 2022 Vendor Homepage: https://www.sourcecodester.com/php/15273/online-market-place-site-phpoop-free-source-code.html Software Link:...
WordPress Videos Sync PDF 1.7.4 Cross Site Scripting
Exploit Title: WordPress Plugin Videos sync PDF 1.7.4 - Stored Cross Site Scripting XSS Google Dork: inurl:/wp-content/plugins/video-synchro-pdf/ Date: 2022-04-13 Exploit Author: UnD3sc0n0c1d0 Vendor Homepage: http://www.a-j-evolution.com/ Software Link:...
Student Grading System 1.0 SQL Injection
Title: Student Grading System v1.0 SQLi Author: nu11secur1ty Date: 03.14.2022 Vendor: https://www.sourcecodester.com/users/tips23 Software: https://www.sourcecodester.com/php/14522/student-grading-system-using-phpmysql-source-code.html Reference:...
Laravel Valet 2.0.3 Privilege Escalation
Exploit Title: Laravel Valet 2.0.3 - Local Privilege Escalation macOS Exploit Author: leonjza Vendor Homepage: https://laravel.com/docs/8.x/valet Version: v1.1.4 to v2.0.3 !/usr/bin/env python2 Laravel Valet v1.1.4 - 2.0.3 Local Privilege Escalation macOS February 2017 - @leonjza Affected version...
Cyberoam NetGenie Cross Site Scripting
Title: Cyberoam NetGenie C0101B1-20141120-NG11VO - Reflected Cross Site Scripting XSS Date: 14.08.2021 Credit: Gionathan "John" Reale Firmware Version: C0101B1-20141120-NG11VO CVE-2021-38702 DESCRIPTION: Cyberoam NetGenie C0101B1-20141120-NG11VO devices through 2021-08-14 allow tweb/ft.php?u=XSS...
Facebook For Android Friend Acceptance
Author - Sivanesh Ashok | @sivaneshashok | stazot.com Date : 2021-08-03 Vendor : https://facebook.com/ Version : Tested on : Version 329.0.0.29.120, Android 10 Last Modified : 2021-08-10 -- Bug Description Facebook for Android is vulnerable to a permission issue which allows anyone with physical...
Backdoor.Win32.Agent.cu Man-In-The-Middle
Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/ce1963d3fd6a8e1383aac40a1f1c4107B.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Agent.cu Vulnerability: Port Bounce Scan MITM Description: The malware listens on TC...
VirTool.Win32.Afix Buffer Overflow / Code Execution
Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/35100db8750364871fe70ef6de4833f7.txt Contact: [email protected] Media: twitter.com/malvuln Threat: VirTool.Win32.Afix Vulnerability: Local Stack Buffer Overflow Description: VirTool.Win32.Afix By...
WordPress Poll, Survey, Questionnaire And Voting System 1.5.2 SQL Injection
Exploit Title: WordPress Plugin Poll, Survey, Questionnaire and Voting system 1.5.2 - 'dateanswers' Blind SQL Injection Date: 09/06/2021 Exploit Author: inspired - Toby Jackson Blog Post: https://in-spired.xyz/wpdevart-polls-blind-sql-injection/ Vendor Homepage:...
WordPress GiveWP 2.9.7 Cross Site Scripting
Exploit Title: GiveWP 2.9.7 Reflected Cross-Site Scripting Date: 3/23/2021 Exploit Author: Austin Bentley Vendor Homepage: https://givewp.com/ Software Link: https://wordpress.org/plugins/give/ Version: 2.9.7 Tested on: Windows 7 CVE: CVE-2021-24213 Exploitation requirements: Admin must visit...
Trojan-Proxy.Win32.Wimain Buffer Overflow
Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/8936c97e99799809812fa740076a2d7f.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Trojan-Proxy.Win32.Wimain Vulnerability: Remote Stack Buffer Overflow Description: Win32.Wimain troj...
Druva inSync Windows Client 6.6.3 Privilege Escalation
Exploit Title: Druva inSync Windows Client 6.6.3 - Local Privilege Escalation PowerShell Date: 2020-12-03 Exploit Author: 1F98D Original Author: Matteo Malvica Vendor Homepage: druva.com Software Link: https://downloads.druva.com/downloads/inSync/Windows/6.6.3/inSync6.6.3r102156.msi Version: 6.6....
HiSilicon Video Encoder Buffer Overflow / Denial Of Service
!/usr/bin/env bash Exploit Title: HiSilicon video encoders - unauthenticated RTSP buffer overflow DoS Date: 2020-09-20 Exploit Author: Alexei Kojenov Vendor Homepage: multiple vendors Software Link: N/A Version: vendor-specific Tested on: Linux CVE: CVE-2020-24214 Vendors: URayTech, J-Tech Digita...
IBM Flashsystem / Storwize CSRF / Arbitrary File Read / Information Disclosure
Vulnerabilities in IBMs Flashsystems and Storwize Products ------------------------------------------------------------------------- Introduction ============ Vulnerabilities were identified in the IBM Flashsystem 840, IBM Flashsystem 900 and IBM Storwize V7000. These were discovered during a bla...
TFTP Server NetDecision 4.2 Directory Traversal
TFTP Server NetDecision version 4.2 proof of concept directory traversal exploit that leverages a vulnerability from 2009. ============================================================================================================================================= | Title : TFTP Server NetDecisio...
SpagoBI 3.5.1 Cross Site Request Forgery
SpagoBI versions 3.5.1 and below suffer from a cross site request forgery vulnerability. CVE-2024-54792 Severity : Medium 6.1 CVSS score : CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Summary : Engineering Ingegneria Informatica SpagoBI version 3.5.1 is affected by CSRF in the admin panel that...
openSIS 9.1 SQL Injection
Exploit Title: openSIS 9.1 - SQLi Authenticated Google Dork: intext:"openSIS is a product" Date: 09.09.2024 Exploit Author: Devrim Dıragumandan d0ub1edd Vendor Homepage: https://www.os4ed.com/ Software Link: https://github.com/OS4ED/openSIS-Classic/releases/tag/V9.1 Version: 9.1 Tested on: Linux ...
Backdoor.Win32.BlackAngel.13 MVID-2024-0695 Code Execution
Discovery / credits: Malvuln John Page aka hyp3rlinx c 2024 Original source: https://malvuln.com/advisory/d1523df44da5fd40df92602b8ded59c8.txt Contact: [email protected] Media: x.com/malvuln Threat: Backdoor.Win32.BlackAngel.13 Vulnerability: Unauthenticated Remote Command Execution Description...
WordPress WPS Hide Login Login Page Revealer
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'WordPress WPS Hide Login Login Page Revealer', 'Description' = %q This module exploits a bypass issue with WPS Hide Login version 'WPVDB',...
FortiMail Unauthenticated Login Bypass Scanner
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'FortiMail Unauthenticated Login Bypass Scanner', 'Description' = %q This module attempts to detect instances of FortiMail vulnerable against an...
Native DNS Spoofer
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Native DNS Spoofer Example', 'Description' = %q This module provides a Rex based DNS service to resolve queries intercepted via the capture mixin...
Apache OFBiz 18.12.12 Directory Traversal
Exploit Title: Apache OFBiz 18.12.12 - Directory Traversal Google Dork: N/A Date: 2024-05-16 Exploit Author: Abdualhadi khalifa https://twitter.com/absholily Vendor Homepage: https://ofbiz.apache.org/ Software Link: https://ofbiz.apache.org/download.html Version: below example.createBlogPost...
DerbyNet 9.0 print/render/racer.inc SQL Injection
CVE ID: CVE-2024-30923 Description: An SQL Injection vulnerability has been discovered in DerbyNet version 9.0, specifically within the print/render/racer.inc component. This vulnerability allows remote attackers to execute arbitrary code and disclose sensitive information by exploiting improper...
WordPress WP Fastest Cache 1.2.2 SQL Injection
Exploit Title: Unauthenticated SQL Injection in WP Fastest Cache 1.2.2 Date: 14.11.2023 Exploit Author: Meryem Taşkın Vendor Homepage: https://www.wpfastestcache.com/ Software Link: https://wordpress.org/plugins/wp-fastest-cache/ Version: WP Fastest Cache 1.2.2 Tested on: WP Fastest Cache 1.2.2...
Online Library Management System 3 Password Reset
Exploit Title: Online Library Management System v3 - Password Reset and Email Matching Vulnerability Date: 12.09.2023 Exploit Author: SoSPiro Vendor Homepage: https://phpgurukul.com/ Software Link: https://phpgurukul.com/online-library-management-system/ Version: v3 Tested on: Windows 10 Pro 64 B...
WordPress Kero jQuery/HTML Dashboard PRO 2.3.86 SQL Injection
==================================================================================================================================== | Title : WordPress - Kero jQuery/HTML Dashboard PRO Auth BY pass Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla...
Goanywhere Encryption Helper 7.1.1 Remote Code Execution
// Exploit Title: Goanywhere Encryption helper 7.1.1 - Remote Code Execution RCE // Google Dork: title:"GoAnywhere" // Date: 3/26/2023 // Exploit Author: Youssef Muhammad // Vendor Homepage: https://www.goanywhere.com/ // Software Link:...
rconfig 3.9.7 SQL Injection
Exploit Title: rconfig 3.9.7 - Sql Injection Authenticated Exploit Author: azhen Date: 10/12/2022 Vendor Homepage: https://www.rconfig.com/ Software Link: https://www.rconfig.com/ Vendor: rConfig Version: " sys.exit1 host=sys.argv1 Enter the hostname def getdatahost: print"+ Get db data..." vulur...