Property Listing Script 1.0 Cross Site Scripting

┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...

GZ Multi Hotel Booking System 1.8 Cross Site Scripting

┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...

GZ Forum Script 1.8 Cross Site Scripting

┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...

Chrome v8::internal::Object::SetPropertyWithAccessor Type Confusion

Chrome: Type confusion in v8::internal::Object::SetPropertyWithAccessor VULNERABILITY DETAILS When SetSuperProperty can't find the requested property in the holder, it performs an OWN lookup on the receiver. If the receiver has a property interceptor installed, the function invokes the...

Advanced Testimonials Manager 5.5 Add Administrator

==================================================================================================================================== | Title : Advanced Testimonials Manager v5.5 Reinstall Add Admin Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla...

Event Script 2.1 Cross Site Scripting

┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...

NewsLetter Script 2.4 Cross Site Scripting

┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...

Simple Blog 3.2 Cross Site Scripting

┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...

FAQ Script 2.3 Cross Site Scripting

┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...

WordPress Social Login And Register 7.6.4 Authentication Bypass

Description: WordPress Social Login and Register Discord, Google, Twitter, LinkedIn = 7.6.4 – Authentication Bypass Affected Plugin: WordPress Social Login and Register Discord, Google, Twitter, LinkedIn Plugin Slug: woocommerce-abandoned-cart Affected Versions: = 7.6.4 CVE ID: CVE-2023-2982 CVSS...

SPIP 4.2.3 SQL Injection

Title: spip-v4.2.3 SQLi-cookie session vulnerability - Server Side Sensitive information Disclosure! Author: nu11secur1ty Date: 06.28.2023 Vendor: https://www.spip.net/enrubrique25.html Software: https://files.spip.net/spip/archives/spip-v4.2.3.zip Reference:...

News Script Pro 2.4 Cross Site Scripting

┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...

Advanced PHP URL Shortener 1.0 Cross Site Scripting

==================================================================================================================================== | Title : Advanced Php Url Shortener v 1.0 Xss Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro | | Vendor :...

Funeral Script 3.1 Cross Site Scripting

┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...

Simple Forum 2.7 Cross Site Scripting

┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...

Photo Gallery 2.0 Cross Site Scripting

┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...

Active Matrimonial CMS 1.6 HTML Injection

==================================================================================================================================== | Title : Active Matrimonial CMS v 1.6 HTML inject Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 64.0.2...

GuestBook Script 2.2 Cross Site Scripting

┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...

Classified Ads Script 1.8 Cross Site Scripting

┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...

AMSS++ 2.0 Insecure Settings

==================================================================================================================================== | Title : AMSS++ v 2.0 Insecure Settings Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 65.032-bit | |...

ALTISA CMS 5.2.1 SQL Injection

==================================================================================================================================== | Title : ALTISA CMS 5.2.1 Auth by pass Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 64.0.2 32-bit | |...

Advanced Testimonials Manager 4.1.1 SQL Injection

==================================================================================================================================== | Title : Advanced Testimonials Manager v4.1.1 Auth by pass Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firef...

Alumni Club Management Tools 2.2.7 SQL Injection

==================================================================================================================================== | Title : Alumni Club Management Tools v 2.2.7 auth by pass Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firef...

Zip And RAR FileExtractor 5.7 Cross Site Scripting

Exploit Title: Zip & RAR FileExtractor v5.7 - Reflected XSS Vendor Homepage: Penghui Zhao Software Link: https://apps.apple.com/tr/app/zip-rar-file-extractor/id769409043?l=en Date: 2023-06-20 Exploit Author: tmrswrr Category : ios app Version: v5.7 Tested on: Windows/Linux Description: Go to Wi-F...

Active eCommerce CMS 6.5.0 Cross Site Scripting

┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...

Office Suite Premium 10.9.1.42602 Path Traversal

Exploit Title: Office Suite Premium 10.9.1.42602 - Path Traversal Date: 06-26-2023 Exploit Author: tmrswrr Vendor Homepage: https://www.mobisystems.com/ Software Link: https://apps.apple.com/us/app/officesuite-docs-pdf-editor/id924005506 Version: Office Suite Premium 10.9.1.42602 Tested on: Ubunt...

MagicAI 1.55R Cross Site Scripting

┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...

Xenforo 2.2.13 Cross Site Scripting

Exploit Title: Xenforo Version 2.2.13 - Authenticated Stored XSS Date: 2023-06-24 Exploit Author: Furkan Karaarslan Category : Webapps Vendor Homepage: https://x.com/admin.php?smilies Version: 2.2.12 REQUIRED Tested on: Windows/Linux CVE :...

MyBB Favicon 1.0 Cross Site Scripting

Exploit Title: MyBB PGM Favicon Plugin 1.0 – Cross-Site Scripting Date: May 2, 2023 Author: 0xB9 Twitter: @0xB9sec Software Link: https://community.mybb.com/mods.php?action=view&pid=1554 Version: 1.0 Tested On: Windows 10 Description: The favicon input in the settings doesn’t sanitize the favicon...

PrestaShop Winbiz Payment Improper Limitation

Exploit Title: PrestaShop Winbiz Payment module - Improper Limitation of a Pathname to a Restricted Directory Date: 2023-06-20 Dork: /modules/winbizpayment/downloads/download.php country: Iran Exploit Author: Amirhossein Bahramizadeh Category : webapps Vendor Homepage:...

Microsoft Windows 11 22h2 Kernel Privilege Escalation

// Exploit Title: Windows 11 22h2 - Kernel Privilege Elevation // Date: 2023-06-20 // country: Iran // Exploit Author: Amirhossein Bahramizadeh // Category : webapps // Vendor Homepage: // Tested on: Windows/Linux // CVE : CVE-2023-28293 include include // The vulnerable driver file name const ch...

Chrome Internal JavaScript Object Access Via Origin Trials

Chrome: Internal JavaScript object access via Origin Trials VULNERABILITY DETAILS 1. JSObject::DefineAccessor doesn't ensure that the receiver object is in a valid state before creating an accessor property. This allows callers to extend non-extensible objects and reconfigure non-configurable...

Apache Druid JNDI Injection Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Apache Druid JNDI Injection RCE', 'Description' = %q This module is designed to exploit the JNDI injection vulnerability in Druid. The...

Office Suite Premium 10.9.1.42602 Local File Inclusion

Exploit Title: Office Suite Premium 10.9.1.42602 - Local File Inclusion Date: 06-26-2023 Exploit Author: tmrswrr Vendor Homepage: https://www.mobisystems.com/ Software Link: https://apps.apple.com/us/app/officesuite-docs-pdf-editor/id924005506 Version: Office Suite Premium 10.9.1.42602 Tested on:...

Job Board 1.0 Shell Upload

┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...

Microsoft SharePoint Enterprise Server 2016 Spoofing

// Exploit Title: Microsoft SharePoint Enterprise Server 2016 - Spoofing // Date: 2023-06-20 // country: Iran // Exploit Author: Amirhossein Bahramizadeh // Category : Remote // Vendor Homepage: // Microsoft SharePoint Foundation 2013 Service Pack 1 // Microsoft SharePoint Server Subscription...

WordPress LearnDash LMS 4.6.0 Insecure Direct Object Reference

Description: LearnDash LMS = 4.6.0 – Authenticated Subscriber+ Insecure Direct Object Reference to Arbitrary User Password Change Affected Plugin: LearnDash LMS Plugin Slug: sfwd-lms Affected Versions: = 4.6.0 CVE ID: CVE-2023-3105 CVSS Score: 8.8 High CVSS Vector:...

Office Suite Premium 10.9.1.42602 Cross Site Scripting

Exploit Title: Office Suite Premium 10.9.1.42602 - Cross-Site Scripting reflected Date: 06-26-2023 Exploit Author: tmrswrr Vendor Homepage: https://www.mobisystems.com/ Software Link: https://apps.apple.com/us/app/officesuite-docs-pdf-editor/id924005506 Version: Office Suite Premium 10.9.1.42602...

MCL-Net 4.3.5.8788 Information Disclosure

Exploit Title: MCL-Net 4.3.5.8788 - Information Disclosure Date: 5/31/2023 Exploit Author: Victor A. Morales, GM Sectec Inc. Vendor Homepage: https://www.mcl-mobilityplatform.com/net.php Version: 4.3.5.8788 other versions may be affected Tested on: Microsoft Windows 10 Pro CVE: CVE-2023-34834...

ONEST CRM 1.0 Cross Site Scripting

┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...

Rocket LMS 1.7 Cross Site Scripting

┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...

Microsoft Excel / 365 MSO Remote Code Execution

Title: Microsoft Excel Microsoft® Microsoft 365 MSO Version 2305 Build 16.0.16501.20074 32-bit Remote Code Execution Vulnerability Author: nu11secur1ty Date: 06.27.2023 Vendor: https://www.microsoft.com/ Software: https://www.microsoft.com/en-us/microsoft-365/excel Reference:...

Azure Apache Ambari 2302250400 Spoofing

Exploit Title: Azure Apache Ambari 2302250400 - Spoofing Date: 2023-06-23 country: Iran Exploit Author: Amirhossein Bahramizadeh Category : Remote Vendor Homepage: Microsoft Apache Ambari Microsoft azure Hdinsights Tested on: Windows/Linux CVE : CVE-2023-23408 import requests Set the URL and...

Microsoft 365 MSO 2305 Build 16.0.16501.20074 Remote Code Execution

Title: Microsoft 365 MSO Version 2305 Build 16.0.16501.20074 64-bit Remote Code Execution Vulnerability Author: nu11secur1ty Date: 04.17.2023 Vendor: https://www.microsoft.com/ Software: https://www.microsoft.com/en-us/microsoft-365/ Reference:...

Thinu-CMS Blog System 1.5 Cross Site Scripting

┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...

Alhotphp Article CMS 1.0 Cross Site Request Forgery

==================================================================================================================================== | Title : Alhotphp article CMS 1.0 CSRF Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 66.0.332-bit | |...

Active Matrimonial CMS 1.5 HTML Injection

==================================================================================================================================== | Title : Active Matrimonial CMS v 1.5 HTML inject Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 64.0.2...

Bludit Arbitrary File Download

-- coding: utf-8 -- /usr/bin/env python Exploit Title: Bludit 3.13.1 Backup Plugin - Arbitrary File Download Authenticated Date: 2022-07-21 Exploit Author: Antonio Cuomo arkantolo Vendor Homepage: https://www.bludit.com Software Link: https://github.com/bludit/bludit Version: 3.13.1 Tested on:...

Microsoft Office Remote Code Execution

Title: Microsoft Office Remote Code Execution Vulnerability Author: nu11secur1ty Date: 04.17.2023 Vendor: https://www.microsoft.com/ Software: https://www.microsoft.com/en-us/microsoft-365/ Reference: https://www.crowdstrike.com/cybersecurity-101/remote-code-execution-rce/ CVE-2023-28285...

Adult Video Script 8.2 File Inclusion

==================================================================================================================================== | Title : Adult Video Script 8.2 RFI /LFI Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 69.032-bit | |...