50738 matches found
Game Jackal Server 5 Unquoted Service Path
Exploit Title: Game Jackal Server v5 - Unquoted Service Path Date: 06/07/2023 Exploit Author: Idan Malihi Vendor Homepage: https://www.allradiosoft.ru Software Link: https://www.allradiosoft.ru/en/ss/index.htm Version: 5 Tested on: Microsoft Windows 10 Pro CVE : CVE-2023-36166 PoC C:\Userswmic...
Siemens A8000 CP-8050 / CP-8031 Code Execution / Command Injection
SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple Vulnerabilities including Unauthenticated RCE product: Siemens A8000 CP-8050 MASTER MODULE 6MF2805-0AA00 Siemens A8000 CP-8031 MASTER MODULE 6MF2803-1AA00...
Rukovoditel Project Management CRM 2.4.1 Local File Inclusion
==================================================================================================================================== | Title : Rukovoditel Project Management CRM 2.4.1 LFI Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox...
Super Store Finder 3.6 SQL Injection
┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...
Academy LMS 5.15 Cross Site Scripting
Exploit Title: Academy LMS 5.15 - Reflected XSS Exploit Author: CraCkEr Date: 09/07/2023 Vendor: Creativeitem Vendor Homepage: https://creativeitem.com/ Software Link: https://demo.creativeitem.com/academy/ Tested on: Windows 10 Pro Impact: Manipulate the content of the site Description Allow...
Microsoft 365 MSO 2306 Build 16.0.16529.20100 Remote Code Execution
Title: Microsoft Outlook ®Microsoft 365 MSO Version 2306 Build 16.0.16529.20100 32-bit RCE Author: nu11secur1ty Date: 07.07.2023 Vendor: https://www.microsoft.com/ Software: https://outlook.live.com/owa/ Reference: https://www.crowdstrike.com/cybersecurity-101/remote-code-execution-rce/...
Qatanna POS Software 1.0 Blind SQL Injection
Exploit Title: Qatanna POS Software 1.0 - Blind SQL Injection Exploit Date: May 07, 2023. CVSS 3.1: 8.8 High CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Application Name: Qatanna POS Software Application Version: 1.0 Link: https://www.codester.com/items/42053/qatanna-pos-software...
Boomerang Parental Control App Cross Site Scripting / Privilege Escalation
SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Stored XSS & Privilege Escalation product: Boomerang Parental Control App vulnerable version: =13.83 only issue 1, rest not fixed CVE number: CVE-2023-36620, CVE-2023-366...
Inout Blockchain AltExchanger 2.0 SQL Injection
┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...
ILIAS eLearning Platform XSS / Remote Code Execution
SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple high risk vulnerabilities product: ILIAS eLearning platform vulnerable version: see section "Vulnerable version" below fixed version: see section "Solution" belo...
SmarterTools SmarterMail Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'SmarterTools SmarterMail less than build 6985 - .NET Deserialization Remote Code Execution', 'Description' = %q This module exploits a...
Faculty Evaluation System 1.0 SQL Injection
Exploit Title: Faculty Evaluation System v1.0 - SQL Injection Date: 07/2023 Exploit Author: Andrey Stoykov Vendor Homepage: https://www.sourcecodester.com/php/14635/faculty-evaluation-system-using-phpmysqli-source-code.html Software Link:...
Balaji CMS 1.03 SQL Injection
==================================================================================================================================== | Title : balaji cms v1.03 Auth by pass Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 66.0.332-bit | |...
ZAMAN CMS 1.0 Cross Site Scripting
==================================================================================================================================== | Title : ZAMAN CMS v1.0 XSS Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 63.0.3 32-bit | | Vendor :...
C3iM CMS 2.0 Cross Site Scripting
====================================================================================================================================== | Title : C3iM CMS V2.0 XSS Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 66.0.232-bit | | Vendor :...
XOO DIGITAL 2.1.0 Cross Site Scripting
==================================================================================================================================== | Title : XOO DIGITAL v2.1.0 XSS Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 68.032-bit | | Vendor :...
Basic Inventory Stock Management And Invoicing 2.0 Insecure Direct Object Reference
==================================================================================================================================== | Title : Basic Inventory - Stock Management and Invoicing v2.0 Missing Authorization Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro...
Zuz CMS 1.0 Cross Site Scripting
==================================================================================================================================== | Title : Zuz CMS v1.0 XSS Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 65.0.132-bit | | Vendor :...
Bahardowload CMS 2 Database Disclosure
==================================================================================================================================== | Title : bahardowload cms v2 Database Disclosure Exploit | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 63.0.3 32-bit...
Banner Management CMS 1.0 Database Disclosure
==================================================================================================================================== | Title : Banner Management CMS v1.0 Database Disclosure Exploit | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox...
AppleZeed CMS 2.0 Insecure Settings
==================================================================================================================================== | Title : AppleZeed CMS v2.0 Insecure Settings Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 68.032-bit...
AGVirtues Galeria 2.0 SQL Injection
==================================================================================================================================== | Title : AGVirtues Galeria v2.0 Auth By Pass Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 66.0.332-bi...
CakePHP Test Suite 2.7.0 Cross Site Scripting
==================================================================================================================================== | Title : CakePHP Test Suite v2.7.0 Xss Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 66.0.264-bit | |...
Aplikasi Sistem Informasi Kelulusan CMS 1.0.9 Local File Inclusion
==================================================================================================================================== | Title : Aplikasi Sistem Informasi Kelulusan CMS v 1.0.9 ASIK LFI Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozill...
DaillyTools Remote Command Execution
==================================================================================================================================== | Title : DaillyTools v1 command execution Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 64.0.2 32-bit ...
Lost And Found Information System 1.0 SQL Injection
Exploit Title: Lost and Found Information System v1.0 - SQL Injection Date: 2023-06-30 country: Iran Exploit Author: Amirhossein Bahramizadeh Category : webapps Dork : /php-lfis/admin/?page=systeminfo/contactinformation Tested on: Windows/Linux CVE : CVE-2023-33592 import requests URL of the...
Piwigo 13.7.0 Cross Site Scripting
Exploit Title: Piwigo v13.7.0 - Stored Cross-Site Scripting XSS Authenticated Date: 25 June 2023 Exploit Author: Okan Kurtulus Vendor Homepage: https://piwigo.org Version: 13.7.0 Tested on: Ubuntu 22.04 CVE : N/A Proof of Concept: 1– Install the system through the website and log in with any user...
Gila CMS 1.10.9 Remote Code Execution
Exploit Title: Gila CMS 1.10.9 - Remote Code Execution RCE Authenticated Date: 05-07-2023 Exploit Author: Omer Shaik unknownexploit Vendor Homepage: https://gilacms.com/ Software Link: https://github.com/GilaCMS/gila/ Version: Gila 1.10.9 Tested on: Linux import requests from termcolor import...
Apache RocketMQ 5.1.0 Arbitrary Code Injection
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Apache RocketMQ update config RCE', 'Description' = %q RocketMQ versions 5.1.0 and below are vulnerable to Arbitrary Code Injection. Broker...
DANGEROUS MAILER-CLONED 2.0 Information Disclosure
==================================================================================================================================== | Title : DANGEROUS MAILER-CLONED V2.0 information disclosure Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla...
Archon CMS 3.14 Cross Site Scripting
==================================================================================================================================== | Title : Archon CMS V3.14 XSS Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 63.0.3 32-bit | | Vendor :...
Super Store Finder PHP Script 3.6 SQL Injection
Title : Super Store Finder PHP Script SQL Injection / Bypass admin login Researcher : Etharus Vendor : Joe Iz, https://superstorefinder.net/ Script Demo Url : https://superstorefinder.net/products/superstorefinder/ Version Affected : 3.6 and below Date : 5 July 2023 FOFA Dork : "designed and buil...
Beauty Salon Management System 1.0 SQL Injection
Exploit Title: Beauty Salon Management System v1.0 - SQLi Date of found: 04/07/2023 Exploit Author: Fatih Nacar Version: V1.0 Tested on: Windows 10 Vendor Homepage: https://www.campcodes.com Software Link: https://www.campcodes.com/projects/beauty-salon-management-system-in-php-and-mysqli/ CWE:...
Ariadna CMS 0.3 Cross Site Scripting
==================================================================================================================================== | Title : Ariadna CMS v.3 - XSS Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 64.0.2 32-bit | | Vendor ...
ApPHP MicroCMS 1.0.1 Host Header Injection
==================================================================================================================================== | Title : ApPHP MicroCMS v1.0.1 Host header attack Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro | | Vendor :...
POS Codekop 2.0 Shell Upload
Exploit Title: POS Codekop v2.0 - Authenticated Remote Code Execution RCE Date: 25-05-2023 Exploit Author: yuyudhn Vendor Homepage: https://www.codekop.com/ Software Link: https://github.com/fauzan1892/pos-kasir-php Version: 2.0 Tested on: Linux CVE: CVE-2023-36348 Vulnerability description: The...
Arlisistem 3.0 SQL Injection
==================================================================================================================================== | Title : Arlisistem 3.0 Auth By Pass Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro | | Vendor : http://www.arlisistem.com/ | | Dor...
D-Link DAP-1325 Insecure Direct Object Reference
Exploit Title: D-Link DAP-1325 - Broken Access Control Date: 27-06-2023 Exploit Author: ieduardogoncalves Contact : twitter.com/0x00dia Vendor : www.dlink.com Version: Hardware version: A1 Firmware version: 1.01 Tested on:All Platforms 1 Description Security vulnerability known as "Unauthenticate...
Aathesh Soft CMS 0.3.0 Cross Site Scripting
==================================================================================================================================== | Title : Aathesh Soft CMS v0.3.0 XSS Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 63.0.3 32-bit | |...
WordPress WP AutoComplete Search 1.0.4 SQL Injection
Exploit Title: WP AutoComplete 1.0.4 - Unauthenticated SQLi Date: 30/06/2023 Exploit Author: Matin nouriyan matitanium Version: = 1.0.4 CVE: CVE-2022-4297 Vendor Homepage: https://wordpress.org/support/plugin/wp-autosearch/ Tested on: Kali linux --------------------------------------- The WP...
AppleZeed CMS 2.0 SQL Injection
==================================================================================================================================== | Title : AppleZeed CMS v2.0 Auth by pass Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 71.032-bit | |...
Adveris CMS 3.0 Cross Site Scripting
==================================================================================================================================== | Title : Adveris CMS v3.0 XSS Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 68.032-bit | | Vendor :...
Advanced HRM 1.6 Insecure Direct Object Reference
==================================================================================================================================== | Title : Advanced HRM v1.6 Reset admin login Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 62.0.3 32-b...
ApnaTrademark CMS 2.5 SQL Injection
==================================================================================================================================== | Title : ApnaTrademark CMS V2.5 Auth by pass Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro | | Vendor :...
Car Rental Script 1.8 Cross Site Scripting
┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...
Active Super Shop 1.5.1 HTML Injection
==================================================================================================================================== | Title : Active super shop v1 5.1 HTML inject Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 64.0.2...
Allhandsmarketing LMS 2.0 Cross Site Request Forgery
==================================================================================================================================== | Title : Allhandsmarketing LMS v2.0 CSRF Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 69.032-bit | |...
ADMINA BULGARIA Ltd 1.0 Insecure Settings
==================================================================================================================================== | Title : ADMINA BULGARIA Ltd v 1.0 Insecure Settings Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox...
ArticleSetup Script CMS 1.02 Cross Site Request Forgery
==================================================================================================================================== | Title : ArticleSetup Script cms V1.02 CSRF Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro | | Vendor : http://articlesynergy.com/ ...
Allhandsmarketing LMS 2.0 Insecure Settings
==================================================================================================================================== | Title : Allhandsmarketing LMS v2.0 Insecure Settings Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox...