WordPress File Manager Pro 8.3.1 Backup Disclosure

==================================================================================================================================== | Title : WordPress - file manager pro 8.3.1 Backup Disclosure Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla...

RentEquip Multipurpose Rental 1.0 Cross Site Scripting

┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...

elearning-SES 1.0 Sql Injection

Title: elearning-SES by: oretnom23 v1.0 Multiple-SQLi Author: nu11secur1ty Date: 06.14.2023 Vendor: https://github.com/oretnom23 Software: https://github.com/oretnom23/php-elearning-system Reference: https://portswigger.net/web-security/sql-injection Description: The username parameter appears to...

BBoard Forum 1.0 Cross Site Scripting

┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...

Coursela Personal Course Selling Website 1.0 Cross Site Scripting

┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...

Polycom BToE Connector 4.4.0.0 Buffer Overflow / Man-In-The-Middle

Microsoft® Lync™ Better Together over Ethernet BToE feature on Polycom® VVX® business media. phones enables you to control phone activity from your computer using your Lync client. The BToE feature enables you to place, answer, and hold audio and video calls from your Polycom VVX phone and your...

WordPress Google Maps 9.0.17 Backup Disclosure

==================================================================================================================================== | Title : WordPress - Google maps 9.0.17 Backup Disclosure Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefo...

WordPress Envato 2.0.7 Backup Disclosure

==================================================================================================================================== | Title : WordPress - Envato Plugin 2.0.7 Backup Disclosure Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firef...

WG Ticket 1.0 Cross Site Scripting

┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...

Multirent Multivendor Equipment Rental 1.0 Cross Site Scripting

┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...

Diafan CMS 6.0 Cross Site Scripting

Exploit Title: Diafan CMS 6.0 - Reflected Cross-Site Scripting XSS Exploit Author: tmrswrr / Hulya Karabag Vendor Homepage: https://www.diafancms.com/ Version: 6.0 Tested on: https://demo.diafancms.com Description: 1 https://demo.diafancms.com/ Go to main page and write your payload in Search in...

Coursemat Multi-Tenant Course Selling Website 1.1 Cross Site Scripting

┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...

WordPress Duplicator 4.0.2 Backup Disclosure

==================================================================================================================================== | Title : WordPress - Duplicator 3.8.0.2 Backup Disclosure Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefo...

SystemK NVR 504/508/516 Command Injection

Exploit Title: SystemK NVR 504/508/516 Command Injection Exploit Author: Keniver Wang Publish Date: 19/06/2023 Date of found: 20/01/2021 Vendor: SystemK Vendor Homepage: https://nvr.bz/ Version: NVR 504/508/516 2.3.5SK.30084998 Greets: Weber Tsai CHT Security Description A Command Injection...

WordPress Abandoned Cart Lite For WooCommerce 5.14.2 Authentication Bypass

On May 29, 2023, our Wordfence Threat Intelligence team identified and began the responsible disclosure process for an Authentication Bypass vulnerability in Tyche Softwares’s Abandoned Cart Lite for WooCommerce plugin, which is actively installed on more than 30,000 WordPress websites. This...

Online Art Gallery Project 1.0 Arbitrary File Upload

Exploit Title: Online Art gallery project 1.0 - Arbitrary File Upload Unauthenticated Google Dork: n/a Date: 14/06/2023 Exploit Author: Ramil Mustafayev Vendor Homepage: https://github.com/projectworldsofficial Software Link: https://github.com/projectworlds32/Art-Gallary-php/archive/master.zip...

Textpattern CMS 4.8.8 Command Injection

Exploit Title: Textpattern CMS v4.8.8 - Command Injection Authenticated Date: 2023-06-15 Exploit Author: tmrswrr Vendor Homepage: https://textpattern.com/ Software Link: https://textpattern.com/filedownload/118/textpattern-4.8.8.zip Version: v4.8.8 Tested : https://release-demo.textpattern.co/ --...

Quicklancer Freelance Marketplace 2.4 Cross Site Scripting

┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...

WordPress Unyson 2.7.28 Backup Disclosure

==================================================================================================================================== | Title : WordPress - Unyson 2.7.28 Backup Disclosure Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox...

QuickJob Portal 6.1 Cross Site Scripting

┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...

Quickad Classified Ads CMS 10.4 SQL Injection

┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...

QuickHomes Real Estate CMS 1.3 Cross Site Scripting

┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...

Instagram App 287.0.0.22.85 Denial Of Service

Exploit Title: Instagram App 287.0.0.22.85 - Denial of Service PoC Date: 2023-06-13 Exploit Author: Aryan Chehreghani Vendor Homepage: https://www.instagram.com Software Link: https://play.google.com/store/apps/details?id=com.instagram.android Version: 287.0.0.22.85 Tested on: Android 12 About Ap...

WordPress Abandoned Cart Lite For WooCommerce 5.14.2 Authentication Bypass

Entering the URL in browser will give you access to the respective users account. If the wordpress admin user himself...

projectSend r1605 Cross Site Scripting

Exploit Title: projectSend r1605 - Stored XSS Application: projectSend Version: r1605 Bugs: Stored Xss Technology: PHP Vendor URL: https://www.projectsend.org/ Software Link: https://www.projectsend.org/ Date of found: 11-06-2023 Author: Mirabbas Ağalarov Tested on: Linux 2. Technical Details & P...

PyLoad 0.5.0 Remote Code Execution

Exploit Title: PyLoad 0.5.0 - Pre-auth Remote Code Execution RCE Date: 06-10-2023 Credits: bAu @bauh0lz Exploit Author: Gabriel Lima 0xGabe Vendor Homepage: https://pyload.net/ Software Link: https://github.com/pyload/pyload Version: 0.5.0 Tested on: Ubuntu 20.04.6 CVE: CVE-2023-0297 import...

Ptclab 3.5 Insecure Settings

==================================================================================================================================== | Title : Ptclab V3.5 Insecure Settings Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 108.064-bit | |...

projectSend r1605 CSV Injection

Exploit Title: projectSend r1605 - CSV injection Version: r1605 Bugs: CSV Injection Technology: PHP Vendor URL: https://www.projectsend.org/ Software Link: https://www.projectsend.org/ Date of found: 11-06-2023 Author: Mirabbas Ağalarov Tested on: Windows 2. Technical Details & POC...

Rest-Cafe And Restaurant Website CMS 2.0.0 Insecure Settings

==================================================================================================================================== | Title : Rest-Cafe and Restaurant Website CMS 2.0.0 Insecure Settings Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser :...

phpFK 8.0 Cross Site Scripting

==================================================================================================================================== | Title : phpFK v8.0 version XSS Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 68.032-bit | | Vendor :...

Purle Devloper Panel 1.0 Insecure Direct Object Reference

==================================================================================================================================== | Title : Purle Devloper Panel ver 1.0 Unauthorized administrative access Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser :...

QUICKAD CMS 7.3 Cross Site Request Forgery

==================================================================================================================================== | Title : QUICKAD CMS 7.3 CSRF Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 66.0.332-bit | | Vendor :...

Teachers Record Management System 1.0 Validation Bypass

Exploit Title: Teachers Record Management System 1.0 – File Upload Type Validation Date: 17-01-2023 EXPLOIT-AUTHOR: AFFAN AHMED Vendor Homepage: Software Link: Version: 1.0 Tested on: Windows 11 + XAMPP CVE : CVE-2023-3187 =============================== STEPSTOREPRODUCE...

Symmetricom SyncServer Unauthenticated Remote Command Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Symmetricom SyncServer Unauthenticated Remote Command Execution', 'Description' = %q This module exploits an unauthenticated command injection...

Online Examination System Project 1.0 Cross Site Request Forgery

Exploit Title: Online Examination System Project 1.0 - Cross-site request forgery CSRF Google Dork: n/a Date: 09/06/2023 Exploit Author: Ramil Mustafayev kryptohaker Vendor Homepage: https://github.com/projectworldsofficial/online-examination-systen-in-php Software Link:...

Sales Tracker Management System 1.0 HTML Injection

Exploit Title: Sales Tracker Management System v1.0 – Multiple Vulnerabilities Google Dork: NA Date: 09-06-2023 EXPLOIT-AUTHOR: AFFAN AHMED Vendor Homepage: Software Link: Version: 1.0 Tested on: Windows 11 + XAMPP CVE : CVE-2023-3184 ============================== CREDENTIAL TO USE...

ProLogin 1.9 Insecure Direct Object Reference

==================================================================================================================================== | Title : ProLogin V1.9 Insecure Direct Object Reference Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox...

EasyAnswer 1.0.1 Cross Site Request Forgery

==================================================================================================================================== | Title : EasyAnswer version 1.0.1 CSRF Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 114.0.164-bit | |...

Piyanas 0.1 Cross Site Request Forgery

==================================================================================================================================== | Title : Piyanas v0.1 User Login Page CSRF Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 69.032-bit | ...

Online Thesis Archiving System 1.0 SQL Injection

Title: OTAS - PHP by: oretnom23 v1.0 Multiple-SQLi Author: nu11secur1ty Date: 06.12.2023 Vendor: https://github.com/oretnom23 Software: https://www.sourcecodester.com/php/15083/online-thesis-archiving-system-using-phpoop-free-source-code.html Reference:...

Xoops CMS 2.5.10 Cross Site Scripting

Exploit Title: Xoops CMS Version 2.5.10 - Stored Cross-Site Scripting XSS Authenticated Date: 2023-06-12 Exploit Author: tmrswrr Vendor Homepage: https://xoops.org/ Software https://github.com/XOOPS/XoopsCore25/releases/tag/v2.5.10 Version: 2.5.10 Tested : https://www.softaculous.com/apps/cms/Xoo...

TerraMaster TOS 4.2.29 Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'digest/md5' require 'time' class MetasploitModule 'TerraMaster TOS 4.2.29 or lower - Unauthenticated RCE chaining CVE-2022-24990 and CVE-2022-24989',...

phpAnalyzer 2.0.4 Insecure Settings

==================================================================================================================================== | Title : phpAnalyzer v2.0.4 Insecure Settings Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 66.0.232-b...

BB Machine Forum 1.0 Cross Site Scripting

┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...

WordPress Workreap 2.2.2 Shell Upload

Exploit Title: WordPress Theme Workreap 2.2.2 - Unauthenticated Upload Leading to Remote Code Execution Dork: inurl:/wp-content/themes/workreap/ Date: 2023-06-01 Category : Webapps Vendor Homepage: https://themeforest.net/item/workreap-freelance-marketplace-wordpress-theme/23712454 Exploit Author...

Anevia Flamingo XS 3.6.5 Authenticated Root Remote Code Execution

Anevia Flamingo XS 3.6.5 Authenticated Root Remote Code Execution Vendor: Ateme Product web page: https://www.ateme.com Affected version: 3.6.5 Hardware revision: 1.1 SoapLive 2.4.0 SoapSystem 1.3.1 Summary: Flamingo XL, a new modular and high-density IPTV head-end product for hospitality and...

Pannres-Idence CMS 7.3 Cross Site Request Forgery

==================================================================================================================================== | Title : Pannres-idence CMS 7.3 CSRF Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 66.0.332-bit | |...

PES Pro CMS 1.9.7 Add Administrator

==================================================================================================================================== | Title : PES Pro CMS - v1.9.7 Reinstall add admin Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro | | Vendor :...

osCommerce 4 Local File Inclusion

==================================================================================================================================== | Title : oscommerce V4 LFI Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 102.0.164-bit | | Vendor :...

KesionCMS X 9.5 Add Administrator

==================================================================================================================================== | Title : KesionCMS X9.5 Reinstall Add Admin Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 105.0.32-bit...