D-Link DAP-1325 Insecure Direct Object Reference

Exploit Title: D-Link DAP-1325 - Broken Access Control Date: 27-06-2023 Exploit Author: ieduardogoncalves Contact : twitter.com/0x00dia Vendor : www.dlink.com Version: Hardware version: A1 Firmware version: 1.01 Tested on:All Platforms 1 Description Security vulnerability known as "Unauthenticate...

Car Rental Script 1.8 Cross Site Scripting

┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...

Citrix Gateway And Cloud MFA Insufficient Session Validation

Document Title: =============== Citrix Gateway & Cloud MFA - Insufficient Session Validation Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2324 Vulnerability...

Active Super Shop 1.5.1 HTML Injection

==================================================================================================================================== | Title : Active super shop v1 5.1 HTML inject Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 64.0.2...

Allhandsmarketing CMS 3.01 SQL Injection

==================================================================================================================================== | Title : Allhandsmarketing CMS v3.01 SQL Injection Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox...

ADMINA BULGARIA Ltd 1.0 Insecure Settings

==================================================================================================================================== | Title : ADMINA BULGARIA Ltd v 1.0 Insecure Settings Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox...

Arlisistem 3.0 SQL Injection

==================================================================================================================================== | Title : Arlisistem 3.0 Auth By Pass Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro | | Vendor : http://www.arlisistem.com/ | | Dor...

AppleZeed CMS 2.0 SQL Injection

==================================================================================================================================== | Title : AppleZeed CMS v2.0 Auth by pass Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 71.032-bit | |...

PodcastGenerator 3.2.9 Server-Side Request Forgery

Exploit Title: PodcastGenerator 3.2.9 - Blind SSRF via XML Injection Application: PodcastGenerator Version: v3.2.9 Bugs: Blind SSRF via XML Injection Technology: PHP Vendor URL: https://podcastgenerator.net/ Software Link: https://github.com/PodcastGenerator/PodcastGenerator Date of found:...

XEL CMS 1.1 Cross Site Request Forgery

==================================================================================================================================== | Title : XEL cms© v1.1 CSRF Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 66.0.332-bit | | Vendor :...

WBCE CMS 1.6.1 Cross Site Request Forgery / Open Redirection

Exploit Title: WBCE CMS 1.6.1 - Open Redirect & CSRF Version: 1.6.1 Bugs: Open Redirect + CSRF = CSS KEYLOGGING Technology: PHP Vendor URL: https://wbce-cms.org/ Software Link: https://github.com/WBCE/WBCECMS/releases/tag/1.6.1 Date of found: 03-07-2023 Author: Mirabbas Ağalarov Tested on: Linux ...

Prestashop 8.0.4 Cross Site Scripting

Exploit Title: Prestashop 8.0.4 - Cross-Site Scripting XSS Application: prestashop Version: 8.0.4 Bugs: Stored XSS Technology: PHP Vendor URL: https://prestashop.com/ Software Link: https://prestashop.com/prestashop-edition-basic/ Date of found: 30.06.2023 Author: Mirabbas Ağalarov Tested on: Lin...

WebsiteBaker 2.13.3 Directory Traversal

Exploit Title: WebsiteBaker v2.13.3 - Directory Traversal Application: WebsiteBaker Version: 2.13.3 Bugs: Directory Traversal Technology: PHP Vendor URL: https://websitebaker.org/pages/en/home.php Software Link: https://wiki.websitebaker.org/doku.php/en/downloads Date of found: 26.06.2023 Author:...

WordPress Duplicator 3.8.8 Backup Disclosure

==================================================================================================================================== | Title : WordPress - Duplicator 3.8.8 Backup Disclosure Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox...

WebsiteBaker 2.13.3 Cross Site Scripting

Exploit Title: WebsiteBaker v2.13.3 - Stored XSS Application: WebsiteBaker Version: 2.13.3 Bugs: Stored XSS Technology: PHP Vendor URL: https://websitebaker.org/pages/en/home.php Software Link: https://wiki.websitebaker.org/doku.php/en/downloads Date of found: 26.06.2023 Author: Mirabbas Ağalarov...

Anuranan SBAdmin 2.0 SQL Injection

==================================================================================================================================== | Title : Anuranan SBAdmin v2.0 Auth By Pass Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 113.0.1 64...

Sales Of Cashier Goods 1.0 Cross Site Scripting

Exploit Title: Sales of Cashier Goods v1.0 - Cross Site Scripting XSS Date: 2023-06-23 country: Iran Exploit Author: Amirhossein Bahramizadeh Category : webapps Dork : /print.php?nmmember= Vendor Homepage:...

Rukovoditel 3.4.1 Cross Site Scripting

Exploit Title: Rukovoditel 3.4.1 - Multiple Stored XSS Version: 3.4.1 Bugs: Multiple Stored XSS Technology: PHP Vendor URL: https://www.rukovoditel.net/ Software Link: https://www.rukovoditel.net/download.php Date of found: 24-06-2023 Author: Mirabbas Ağalarov Tested on: Linux 2. Technical Detail...

TP-Link TL-WR940N 4 Buffer Overflow

Exploit Title: TP-Link TL-WR940N V4 - Buffer OverFlow Date: 2023-06-30 country: Iran Exploit Author: Amirhossein Bahramizadeh Category : hardware Dork : /userRpm/WanDynamicIpV6CfgRpm Tested on: Windows/Linux CVE : CVE-2023-36355 import requests Replace the IP address with the router's IP routerip...

Webpower UPS 5.53 Denial Of Service

Exploit Title: Webpower UPS v5.53 HTTP Denial of Service Date: 2023-03-09 Exploit Author: Yehia Elghaly Vendor Homepage: https://www.eaton.com/ae/en-gb.html Software Link: https://www.eaton.com/ae/en-gb.html Version: Revision v5.53 Tested on: WebPower UPS CVE: N/A !/usr/bin/env python Webpower UP...

FuguHub 8.1 Remote Code Execution

Exploit Title: FuguHub 8.1 - Remote Code Execution Date: 6/24/2023 Exploit Author: redfire359 Vendor Homepage: https://fuguhub.com/ Software Link: https://fuguhub.com/download.lsp Version: 8.1 Tested on: Ubuntu 22.04.1 CVE : CVE-2023-24078 import requests from bs4 import BeautifulSoup import...

Strawberry 1.1.9 Cross Site Scripting

==================================================================================================================================== | Title : Strawberry 1.1.9 XSS Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 66.0.232-bit | | Vendor :...

ArabInfotech CMS 2.0.1 Cross Site Scripting

==================================================================================================================================== | Title : ArabInfotech CMS v 2.0.1 L.L.C Xss Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro | | Vendor : http://www.editpubdz.com/ |...

Alkacon OpenCMS 15.0 Cross Site Scripting

Exploit Title: Alkacon OpenCMS 15.0 - Multiple Cross-Site Scripting Date: 1/07/2023 Exploit Author: tmrswrr Vendor Homepage: http://www.opencms.org Software Link: https://github.com/alkacon/opencms-core Version: v15.0 POC: 1 Login in demo page , go to this url...

AngularJS Filemanager 1.5.1 Shell Upload

==================================================================================================================================== | Title : AngularJS Filemanager v1.5.1 File Upload Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro | | Vendor :...

phpFK 9.2 Beta Cross Site Scripting / SQL Injection

==================================================================================================================================== | Title : phpFK v9.2 Beta version SQLi + XSS Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 68.0.32-bit ...

Inout Search Engine AI Edition 1.1 Cross Site Scripting

┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...

Vacation Rental 1.8 Cross Site Scripting

┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...

Alumni Club Management Tools 2.2.7 Cross Site Scripting

==================================================================================================================================== | Title : Alumni Club Management Tools v 2.2.7 XSS Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox...

Rest-Cafe And Restaurant Website CMS 2.0.0 Cross Site Scripting

==================================================================================================================================== | Title : Rest-Cafe and Restaurant Website CMS 2.0.0 ْXSS Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox...

Aplikasi Sistem Informasi Kelulusan CMS 1.0.9 Remote File Inclusion

==================================================================================================================================== | Title : Aplikasi Sistem Informasi Kelulusan CMS v 1.0.9 ASIK RCE Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozill...

Sisfo Sistem Informasi Akademik LMS 1.9.3 Cross Site Scripting

==================================================================================================================================== | Title : sisfo Sistem Informasi Akademik lms v1.9.3 XSS Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox...

Amazon S3 Droppy 1.4.6 Shell Upload

============================================================================================================================ | Title : Amazon S3 Droppy v 1.4.6 File Upload Vulnerability | | Author : indoushka | | email : [email protected] | | Tested on : windows 10 Français V.Pro | | Vendo...

Alumni Club Management Tools 2.2.7 SQL Injection / Arbitrary File Upload

==================================================================================================================================== | Title : Alumni Club Management Tools v 2.2.7 Unrestricted File Upload Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser :...

GZ Hotel Booking Script 1.8 Cross Site Scripting

┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...

Active Super Shop 1.5.2 HTML Injection

==================================================================================================================================== | Title : Active super shop v1.5.2 HTML inject Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 64.0.2...

GZ E Learning Platform 1.8 Cross Site Scripting

┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...

Ticket Booking Script 1.8 Cross Site Scripting

┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...

GZ Appointment Scheduling 1.8 Cross Site Scripting

┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...

Anonymous Feedback Script 2.1 Cross Site Scripting

==================================================================================================================================== | Title : Anonymous Feedback Script V2.1 xss Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro | | Vendor :...

Time Slot Booking Calendar 1.8 Cross Site Scripting

┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...

NodCMS 3.4.1 Cross Site Scripting

┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...

Availability Booking Calendar 1.8 Cross Site Scripting

┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...

Vacation Rental Script 1.8 Cross Site Scripting

┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...

Car Listing Script 1.8 Cross Site Scripting

┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...

Event Booking Calendar 1.8 Cross Site Scripting

┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...

Chrome V8 Type Confusion

Chrome: Extending non-extensible objects leads to type confusion in V8 SUMMARY v8::internal::JSObject::SetAccessor doesn't check if the receiver is extensible before adding a new property. A potential attacker can exploit the ability to extend non-extensible objects to achieve arbitrary code...

ApepBlack Premium Checker CMS 3.0.5 Cross Site Scripting

==================================================================================================================================== | Title : ApepBlack Premium Checker cms 3.0.5 XSS Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 63.0.3...

CRM Platform 1.8 Cross Site Scripting

┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...

AMSS++ 4.2 Insecure Settings

=================================================================== | Title : AMSS++ v 4.2 Insecure Settings Vulnerability | | Author : indoushka | | Tested on: windows 8.1 Français V.Pro | | Vendor : http://amssplus.ubn4.go.th/amssplusdownload/ | | Dork : Education Area Management Support System...