50738 matches found
PHPJabbers STIVA Blog Script 4.1 Cross Site Scripting
┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...
Adult Video Script 3.0 File Inclusion
==================================================================================================================================== | Title : Adult Video Script 3.0 RFI /LFI Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 69.032-bit | |...
Adiscon LogAnalyzer 4.1.5 Cross Site Scripting
==================================================================================================================================== | Title : Adiscon LogAnalyzer V 4.1.5 Xss Vulnerability | | Author : indoushka | | Telegram : @indoushka | | Tested on : windows 10 Français V.Pro | | Vendor :...
Smart Office Web 20.28 Information Disclosure / Insecure Direct Object Reference
Exploit Title: Smart Office Web 20.28 - Remote Information Disclosure Unauthenticated Shodan Dork:: inurl:"https://www.shodan.io/search?query=smart+office" Date: 09/Dec/2022 Exploit Author: Tejas Nitin Pingulkar https://cvewalkthrough.com/ Vendor Homepage: https://smartofficepayroll.com/ Software...
Adapt Inventory Management System 1.0.0 SQL Injection
==================================================================================================================================== | Title : Adapt Inventory Management System 1.0.0 Auth By Pass Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla...
ACJWEB DESIGNER 1.0 Cross Site Scripting
======================================================================================| | Title : ACJWEB DESIGNER v 1.0 XSS Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 108.032-bit | | Vendor : [email protected] | | Drok :...
PHPJabbers Knowledge Base Builder 3.0 Cross Site Scripting
┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...
Advanced ASP Chat 2.0 Database Disclosure
==================================================================================================================================== | Title : Advanced ASP chat 2.0 Database Disclosure Exploit | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 108.032-bit...
PHPJabbers Forum Script 3.0 Persistent Cross Site Scripting
┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...
MOVEit SQL Injection
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'MOVEit SQL Injection vulnerability', 'Description' = %q This module exploits an SQL injection vulnerability in the MOVEit Transfer web applicatio...
PHPJabbers Forum Script 3.0 Cross Site Scripting
┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...
Active Newspaper 2.0 HTML Injection
==================================================================================================================================== | Title : Active Newspaper v2.0 HTML inject Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 64.0.2 32-bit...
HiSecOS 04.0.01 Privilege Escalation
Exploit Title: HiSecOS 04.0.01 - Privilege Escalation Google Dork: HiSecOS Web Server Vulnerability Allows User Role Privilege Escalation Date: 21.06.2023 Exploit Author: dreizehnutters Vendor Homepage:...
ACJWEB DESIGNER 1.0 SQL Injection
======================================================================================| | Title : ACJWEB DESIGNER 1.0 - SQL Injection Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 108.032-bit | | Vendor : [email protected] | | Drok :...
WordPress BackUpWordPress 3.8 Backup Disclosure
==================================================================================================================================== | Title : WordPress BackUpWordPress 3.8 Plugins Backup Disclosure Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla...
Active Matrimonial CMS 1.4 HTML Injection
==================================================================================================================================== | Title : Active Matrimonial CMS v 1.4 HTML inject Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 64.0.2...
Zstore 6.5.4 Database Disclosure
==================================================================================================================================== | Title : Zstore version 6.5.4 Database Disclosure Exploit | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 108.032-bit ...
Microsoft OneNote 2305 Build 16.0.16501.20074 Spoofing
Title: Microsoft OneNote Version 2305 Build 16.0.16501.20074 64-bit - Spoofing Vulnerability Author: nu11secur1ty Date: 06.22.2023 Vendor: https://www.microsoft.com/ Software: https://www.microsoft.com/en/microsoft-365/onenote/digital-note-taking-app Reference:...
Acon Architecture and Construction Website CMS 1.2 Insecure Settings
==================================================================================================================================== | Title : Acon - Architecture and Construction Website CMS v1.2 Insecure Settings Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro /...
Ad Manager Pro 3.05 Backup Disclosure
==================================================================================================================================== | Title : Ad Manager Pro 3.05 Backup Disclosure Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox...
Hospital Management System 1.0 Cross Site Scripting
┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...
PHP Mall 5.0 Cross Site Scripting
┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...
WordPress Super Socializer 7.13.52 Cross Site Scripting
Exploit Title: Super Socializer 7.13.52 - Reflected XSS Dork: inurl: https://example.com/wp-admin/admin-ajax.php?action=thechampsharingcount&urls%3Cimg%20src%3Dx%20onerror%3Dalert%28document%2Edomain%29%3E=https://www.google.com Date: 2023-06-20 Exploit Author: Amirhossein Bahramizadeh Category :...
Talroo Jobs Script 1.0 Cross Site Scripting
┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...
3CX Open Standards Software IP PBX Thailand 2.0.3 Cross Site Scripting
==================================================================================================================================== | Title : 3CX Open Standards Software IP PBX Thailand v 2.0.3 XSS Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla...
WordPress BookIt 2.3.7 Authentication Bypass
On May 22, 2023, our Wordfence Threat Intelligence team identified and began the responsible disclosure process for an Authentication Bypass vulnerability in StylemixThemes’s BookIt plugin, which is actively installed on more than 10,000 WordPress websites. The vulnerability makes it possible for...
Accent Microcomputers CMS 2.4 Directory Traversal
==================================================================================================================================== | Title : Accent Microcomputers CMS v 2.4 Directory Traversal Vulnerability | | Author : indoushka | | Telegram : @indoushka | | Tested on : windows 10 Français V.P...
PHP Online School 1.0 Cross Site Scripting
┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...
WordPress WP Sticky Social 1.0.1 CSRF / Cross Site Scripting
Exploit Title: WP Sticky Social 1.0.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting XSS Dork: inurl:/admin/views/admin.php Date: 2023-06-20 Exploit Author: Amirhossein Bahramizadeh Category : Webapps Vendor Homepage: https://wordpress.org/plugins/wp-sticky-social Version: 1.0.1...
PHP Car Dealer 3.0 Cross Site Scripting
┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...
A Cart 2.0 Database Disclosure
==================================================================================================================================== | Title : A cart 2.0 Database Disclosure Exploit | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 108.032-bit | | Vendor...
SPIP 4.2.1 Remote Code Execution
!/usr/bin/env python3 -- coding: utf-8 -- Exploit Title: SPIP v4.2.1 - Remote Code Execution Unauthenticated Google Dork: inurl:"/spip.php?page=login" Date: 19/06/2023 Exploit Author: nuts7 https://github.com/nuts7/CVE-2023-27372 Vendor Homepage: https://www.spip.net/ Software Link:...
Nokia ASIKA 7.13.52 Private Key Disclosure
// Exploit Title: Nokia ASIKA 7.13.52 - Hard-coded private key disclosure // Date: 2023-06-20 // Exploit Author: Amirhossein Bahramizadeh // Category : Hardware // Vendor Homepage: https://www.nokia.com/about-us/security-and-privacy/product-security-advisory/cve-2023-25187/ // Version: 7.13.52...
Student Study Center Management System 1.0 Cross Site Scripting
Exploit Title: Student Study Center Management System v1.0 - Stored Cross-Site Scripting XSS Date of found: 12/05/2023 Exploit Author: VIVEK CHOUDHARY @sudovivek Version: V1.0 Tested on: Windows 10 Vendor Homepage: https://phpgurukul.com Software Link:...
WordPress Theme Medic 1.0.0 Weak Password Recovery Mechanism
Exploit Title: WordPress Theme Medic v1.0.0 - Weak Password Recovery Mechanism for Forgotten Password Dork: inurl:/wp-includes/class-wp-query.php Date: 2023-06-19 Exploit Author: Amirhossein Bahramizadeh Category : Webapps Vendor Homepage:...
NetArt Media Blog LITE 2.1 Cross Site Scripting
┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...
Groomify 1.0 SQL Injection
Exploit Title: Groomify v1.0 - SQL Injection Date: 2023-06-17 Exploit Author: Ahmet Ümit BAYRAM Vendor: https://codecanyon.net/item/groomify-barbershop-salon-spa-booking-and-ecommerce-platform/45808114 Demo Site: https://script.bugfinder.net/groomify Tested on: Kali Linux CVE: N/A Vulnerable URL...
WordPress Kero jQuery/HTML Dashboard PRO 2.3.86 SQL Injection
==================================================================================================================================== | Title : WordPress - Kero jQuery/HTML Dashboard PRO Auth BY pass Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla...
Jobpilot 2.61 SQL Injection
Exploit Title: Jobpilot v2.61 - SQL Injection Date: 2023-06-17 Exploit Author: Ahmet Ümit BAYRAM Vendor: https://codecanyon.net/item/jobpilot-job-portal-laravel-script/37897822 Demo Site: https://jobpilot.templatecookie.com Tested on: Kali Linux CVE: N/A ----- PoC: SQLi ----- Parameter: long GET...
NetArt Media PHP Hotel Site 2.0 Cross Site Scripting
┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...
The Shop 2.5 SQL Injection
Exploit Title: The Shop v2.5 - SQL Injection Date: 2023-06-17 Exploit Author: Ahmet Ümit BAYRAM Vendor: https://codecanyon.net/item/the-shop/34858541 Demo Site: https://shop.activeitzone.com Tested on: Kali Linux CVE: N/A Request POST /api/v1/carts/add HTTP/1.1 Content-Type: application/json...
Tenda AC6 AC1200 15.03.06.50_multi Cross Site Scripting
Exploit Title: Stored Cross-Site scripting in the Tenda router via the deviceId parameter in the Parental Control module Google Dork: None. Date: Aug-30-2022 Exploit Author: 0x783 Vendor Homepage: https://tendacn.com/default.html Software Link: https://www.tendacn.com/product/download/AC6.html...
Symantec SiteMinder WebAgent 12.52 Cross Site Scripting
Exploit Title: Symantec SiteMinder WebAgent v12.52 - Cross-site scripting XSS Google Dork: N/A Date: 18-06-2023 Exploit Author: Harshit Joshi Vendor Homepage: https://community.broadcom.com/home Software Link: https://www.broadcom.com/products/identity/siteminder Version: 12.52 Tested on: Linux,...
WordPress File Manager Pro 8.3.1 Backup Disclosure
==================================================================================================================================== | Title : WordPress - file manager pro 8.3.1 Backup Disclosure Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla...
RentEquip Multipurpose Rental 1.0 Cross Site Scripting
┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...
BBoard Forum 1.0 Cross Site Scripting
┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...
Evento Multivendor Event Ticket Booking 1.0 Cross Site Scripting
┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...
WordPress Abandoned Cart Lite For WooCommerce 5.14.2 Authentication Bypass
On May 29, 2023, our Wordfence Threat Intelligence team identified and began the responsible disclosure process for an Authentication Bypass vulnerability in Tyche Softwares’s Abandoned Cart Lite for WooCommerce plugin, which is actively installed on more than 30,000 WordPress websites. This...
Polycom BToE Connector 4.4.0.0 Buffer Overflow / Man-In-The-Middle
Microsoft® Lync™ Better Together over Ethernet BToE feature on Polycom® VVX® business media. phones enables you to control phone activity from your computer using your Lync client. The BToE feature enables you to place, answer, and hold audio and video calls from your Polycom VVX phone and your...
WordPress Envato 2.0.7 Backup Disclosure
==================================================================================================================================== | Title : WordPress - Envato Plugin 2.0.7 Backup Disclosure Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firef...