Expert X Jobs Portal And Resume Builder 1.0 Cross Site Scripting

┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...

TerraMaster TOS 4.2.15 Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'digest/md5' require 'time' class MetasploitModule 'TerraMaster TOS 4.2.15 or lower - RCE chain from unauthenticated to root via session crafting.', 'Description...

OmniCart 3.4.0 Cross Site Scripting

┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...

LearnDesk 1.0 Cross Site Scripting

┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...

TerraMaster TOS 4.2.06 Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'TerraMaster TOS 4.2.06 or lower - Unauthenticated Remote Code Execution', 'Description' = %q This module exploits an unauthenticated remote...

Ormesson-Immobilier CMS 8 SQL Injection

==================================================================================================================================== | Title : Ormesson-immobilier cms v8 Auth By Pass Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox...

Anevia Flamingo XL 3.2.9 Remote Root Jailbreak

Anevia Flamingo XL 3.2.9 login Remote Root Jailbreak Vendor: Ateme Product web page: https://www.ateme.com Affected version: 3.2.9 Hardware revision 1.0 SoapLive 2.0.3 Summary: Flamingo XL, a new modular and high-density IPTV head-end product for hospitality and corporate markets. Flamingo XL...

Anevia Flamingo XL/XS 3.6.x Default / Hardcoded Credentials

Anevia Flamingo XL/XS 3.6.x Default/Hard-coded Credentials Vendor: Ateme Product web page: https://www.ateme.com Affected version: 3.6.20, 3.2.9 Hardware revision 1.1, 1.0 SoapLive 2.4.1, 2.0.3 SoapSystem 1.3.1 Summary: Flamingo XL, a new modular and high-density IPTV head-end product for...

PhotoSwipe 5.3.7 Arbitrary File Download

=========================================================================================== | Title : PhotoSwipe 5.3.7 Arbitrary File Download Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 103.064-bit | | Vendor : https://photoswipe.com...

Anevia Flamingo XL 3.6.20 Authenticated Root Remote Code Execution

Anevia Flamingo XL 3.6.20 Authenticated Root Remote Code Execution Vendor: Ateme Product web page: https://www.ateme.com Affected version: 3.6.20, 3.2.9 Hardware revision 1.1, 1.0 SoapLive 2.4.1, 2.0.3 SoapSystem 1.3.1 Summary: Flamingo XL, a new modular and high-density IPTV head-end product for...

Oracle Weblogic PreAuth Remote Command Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule Taken from page 24 of https://docs.oracle.com/cd/E1321101/wle/wle42/corba/giop.pdf NOEXCEPTION = 0 USEREXCEPTION = 1 SYSTEMEXCEPTION = 2...

Acelle Email Marketing 4.0.25 Arbitrary File Upload

==================================================================================================================================== | Title : Acelle Email Marketing 4.0.25 LTS unrestricted file uploads Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser :...

EasyAnswer 1.0.1 Cross Site Scripting

┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...

Zyxel IKE Packet Decoder Unauthenticated Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Zyxel IKE Packet Decoder Unauthenticated Remote Code Execution', 'Description' = %q This module exploits a remote unauthenticated command injecti...

Thruk Monitoring Web Interface 3.06 Path Traversal

Exploit Title: Path Traversal Vulnerability in Thruk Monitoring Web Interface ≤ 3.06 Date: 08-Jun-2023 Exploit Author: Galoget Latorre @galoget CVE: CVE-2023-34096 Galoget Latorre Vendor Homepage: https://thruk.org/ Software Link: https://github.com/sni/Thruk/archive/refs/tags/v3.06.zip Software...

P2S CMS 0.1 Cross Site Scripting

==================================================================================================================================== | Title : P2s-cms v0.1 XSS Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 65.032-bit | | Vendor :...

PHP Live 3.1 Cross Site Scripting

==================================================================================================================================== | Title : PHP Live 3.1 XSS Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 69.0.332-bit | | Vendor :...

Kesion CMS X 2.0 Add Administrator

==================================================================================================================================== | Title : KesionCMS X2.0 Reinstall Add Admin Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 105.0.32-bit...

MVC Shop 0.5 Directory Traversal

==================================================================================================================================== | Title : mvc-shop v0.5 Directory Traversal Vulnerability Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox...

Scriptio 1.4 Cross Site Scripting

┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...

Movierocket 1.0 Cross Site Scripting

┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...

Codemonkey Multi Vendor Digital Product Mart 1.0 Cross Site Scripting

┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...

Expert Restaurant eCommerce 1.0 Cross Site Scripting

┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...

Microsoft Windows PowerShell Remote Command Execution

from base64 import b64encode import argparse,sys,os PSTrojanFile.py By hyp3rlinx c 2023 ApparitionSec hyp3rlinx.altervista.org twitter.com/hyp3rlinx twitter.com/malvuln PoC Video: https://www.youtube.com/watch?v=-ZJnA70Cf4I...

Expert Restaurant eCommerce 1.0 SQL Injection

┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...

Microsoft HVCIScan DLL Hijacking

Hi @ll, about a month ago Microsoft published HVCIScan-amd,arm64.exe, a "Tool to check devices for compatibility with memory integrity HVCI" The "Install instructions" on the download page tell: | Download the hvciscan.exe for your system architecture AMD64 or ARM64. | From an elevated command...

NETXPERTS CMS 0.1 SQL Injection

==================================================================================================================================== | Title : NETXPERTS-CMS v0.1 Auth By Pass Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 69.032-bit | |...

WordPress Directorist 7.5.4 Insecure Direct Object Reference / Privilege Escalation

Alongside our usual work to discover, report, and remediate vulnerabilities in the WordPress ecosystem, the WordPress Threat Intelligence team has been conducting a deep-dive into WordPress plugin code with the objective of finding methods to bypass authentication and gain elevated privileges in...

MVC Shop 0.5 Cross Site Scripting

==================================================================================================================================== | Title : mvc-shop v0.5 XSS Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 65.032-bit | | Vendor :...

RenderDoc 1.26 Local Privilege Escalation / Remote Code Execution

Qualys Security Advisory LPE and RCE in RenderDoc: CVE-2023-33865, CVE-2023-33864, CVE-2023-33863 ======================================================================== Contents ======================================================================== Summary CVE-2023-33865, a symlink...

Anuranan SBAdmin 2 Insecure Settings

==================================================================================================================================== | Title : Anuranan SBAdmin 2 Insecure Settings Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 113.0.1 64...

Delta Electronics InfraSuite Device Master Deserialization

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Delta Electronics InfraSuite Device Master Deserialization', 'Description' = %q Delta Electronics InfraSuite Device Master versions below v1.0.5...

Wizcyb Interactive 2.0 SQL Injection

==================================================================================================================================== | Title : wizcyb interactive v2.0 auth by pass Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox...

CloudPanel 2.2.2 Privilege Escalation / Path Traversal

Title : Privilege Escalation through path traversal CVE ID : CVE-2023-33747 Exploit Author : EagleEye Github : https://github.com/EagleTube/CloudPanel/tree/main/CVE-2023-33747 Version Affected : CloudPanel v2.0.0 - v2.2.2 Vendor : CloudPanel.io Date : 31/05/2023 , 12:00 PM Step : Login as ssh as...

PaperCut PaperCutNG Authentication Bypass

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'cgi' class MetasploitModule 'PaperCut PaperCutNG Authentication Bypass', 'Description' = %q This module leverages an authentication bypass in PaperCut NG. If...

WordPress Updraft 0.6.1 Backup Disclosure

==================================================================================================================================== | Title : WordPress - updraft 0.6.1 Backup Disclosure Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox...

Expert Job Portal Management System 1.0 SQL Injection

┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...

Magento eCommerce 2.4.0 Information Disclosure

==================================================================================================================================== | Title : Magento eCommerce v 2.4.0 sensitive information disclosure Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser :...

USB Flash Drives Control 4.1.0.0 Unquoted Service Path

Exploit Title: USB Flash Drives Control 4.1.0.0 - Unquoted Service Path Date: 2023-31-05 Exploit Author: Jeffrey Bencteux Vendor Homepage: https://binisoft.org/ Software Link: https://binisoft.org/wfc Version: 4.1.0.0 Tested on: Microsoft Windows 11 Pro Vulnerability Type: Unquoted Service Path P...

WordPress Getwid Gutenberg Blocks 1.8.3 Improper Authorization / SSRF

On April 6, 2023, the Wordfence Threat Intelligence team initiated the responsible disclosure process for two vulnerabilities in Getwid – Gutenberg Blocks, a plugin installed on over 50,000 WordPress sites. The plugin’s developers responded immediately, and we sent over the full disclosure the sa...

Macro Expert 4.9 Unquoted Service Path

Exploit Title: Macro Expert 4.9 - Unquoted Service Path Date: 04/06/2023 Exploit Author: Murat DEMIRCI Vendor Homepage: http://www.macro-expert.com/ Software Link: http://www.macro-expert.com/product/gmsetup4.9.exe Version: 4.9 Tested on: Windows 10 Proof of Concept : C:\Users\Muratsc qc "Macro...

WordPress Tree Page View 1.6.7 Cross Site Scripting

Exploit Title: Tree Page View Plugin 1.6.7 - Cross Site Scripting XSS Google Dork: inurl:/wp-content/plugins/cms-tree-page-view/ Date: 2023-04-24 Exploit Author: LEE SE HYOUNG hackintoanetwork Vendor Homepage: https://wordpress.org/plugins/cms-tree-page-view/ Software Link:...

ManageEngine ADManager Plus Command Injection

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'ManageEngine ADManager Plus ChangePasswordAction Authenticated Command Injection', 'Description' = %q ManageEngine ADManager Plus prior to build...

WordPress WP File Manager 7.1.7 Backup Disclosure

==================================================================================================================================== | Title : WordPress - wp file manager pro 7.1.7 Backup Disclosure Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla...

Expert Job Portal Management System 1.0 Cross Site Scripting

┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...

WordPress WPtouch Pro 4 Backup Disclosure

==================================================================================================================================== | Title : WordPress - WPtouch Pro 4 Backup Disclosure Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox...

Total CMS 1.7.4 Cross Site Scripting

┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...

FC Red Bull Salzburg App 5.1.9-R Improper Authorization

RCE Security Advisory https://www.rcesecurity.com 1. ADVISORY INFORMATION ======================= Product: FC Red Bull Salzburg App Vendor URL: https://play.google.com/store/apps/details?id=laola.redbull Type: Improper Authorization in Handler for Custom URL Scheme CWE-939 Date found: 2023-04-06...

WordPress Circle Progress 1.0 Cross Site Scripting

Exploit Title: WordPress Plugin Circle progress bar – Cross site scripting-Stored Date: 2-06-2023 Exploit Author: Taliya Bilal- NightHawk Vendor Homepage: https://wordpress.org/plugins/circle-progress-bar/ Version: 1.0 Tested on: Firefox Contact me: [email protected] Steps to reproduce: 1...

Advance Charity Management 1.0 Insecure Settings

Title: Advance Charity Management-1.0 - TLS cookie without secure flag set-PHPSESSID NEVER EXPIRATION-current session-Hijacking Author: nu11secur1ty Date: 06.04.2023 Vendor: https://www.sourcecodester.com/users/aown-shah Software:...