Companymaps 8.0 Cross Site Scripting

Exploit Title: Reflected Cross Site Scripting - Google Dork: - Date: 27.04.2023 - Exploit Author: Lucas Noki 0xPrototype - Vendor Homepage: https://github.com/vogtmh - Software Link: https://github.com/vogtmh/cmaps - Version: 8.0 - Tested on: Mac, Windows, Linux - CVE : CVE-2023-29808 Description...

PHPJabbers Simple CMS 5.0 SQL Injection

Exploit Title: PHPJabbers Simple CMS 5.0 - SQL Injection Date: 2023-04-29 Exploit Author: Ahmet Ümit BAYRAM Vendor Homepage: https://www.phpjabbers.com/faq.php Software Link: https://www.phpjabbers.com/simple-cms/ Version: 5.0 Tested on: Kali Linux Request GET...

GLPI 9.5.7 Username Enumeration

Exploit Title: GLPI 9.5.7 - Username Enumeration Date: 04/29/2023 Author: Rafael B. Vendor Homepage: https://glpi-project.org/pt-br/ Affected Versions: GLPI version 9.1 = 9.5.7 Software: https://github.com/glpi-project/glpi/releases/download/9.5.7/glpi-9.5.7.tgz import requests from bs4 import...

phpMyFAQ 3.1.12 CSV Injection

Exploit Title: phpMyFAQ v3.1.12 - CSV Injection Application: phpMyFAQ Version: 3.1.12 Bugs: CSV Injection Technology: PHP Vendor URL: https://www.phpmyfaq.de/ Software Link: https://download.phpmyfaq.de/phpMyFAQ-3.1.12.zip Date of found: 21.04.2023 Author: Mirabbas Ağalarov Tested on: Windows 2...

PHPFusion 9.10.30 Cross Site Scripting

Exploit Title: PHPFusion 9.10.30 - Stored Cross-Site Scripting XSS Application: PHPFusion Version: 9.10.30 Bugs: XSS Technology: PHP Vendor URL: https://www.php-fusion.co.uk/home.php Software Link: https://sourceforge.net/projects/php-fusion/ Date of found: 28-04-2023 Author: Mirabbas Ağalarov...

FS-S3900-24T4S Privilege Escalation

Exploit Title: FS-S3900-24T4S Privilege Escalation Date: 29/04/2023 Exploit Author: Daniele Linguaglossa & Alberto Bruscino Vendor Homepage: https://www.fs.com/ Software Link: not available Version: latest Tested on: latest CVE : CVE-2023-30350 import sys import telnetlib def exploitargs: printar...

PHPJabbers Simple CMS 5.0 Cross Site Scripting

Exploit Title: PHPJabbers Simple CMS V5.0 - Stored Cross-Site Scripting XSS Date: 2023-04-29 Exploit Author: Ahmet Ümit BAYRAM Vendor Homepage: https://www.phpjabbers.com/faq.php Software Link: https://www.phpjabbers.com/simple-cms/ Version: 5.0 Tested on: Kali Linux Steps to Reproduce - Please...

projectSend r1605 Private File Download

Exploit Title: projectSend r1605 - Private file download Application: projectSend Version: r1605 Bugs: IDOR Technology: PHP Vendor URL: https://www.projectsend.org/ Software Link: https://www.projectsend.org/ Date of found: 24-01-2023 Author: Mirabbas Ağalarov Tested on: Linux Technical Details &...

Admidio 4.2.5 CSV Injection

Exploit Title: admidio v4.2.5 - CSV Injection Application: admidio Version: 4.2.5 Bugs: CSV Injection Technology: PHP Vendor URL: https://www.admidio.org/ Software Link: https://www.admidio.org/download.php Date of found: 26.04.2023 Author: Mirabbas Ağalarov Tested on: Windows 2. Technical Detail...

Databricks Platform Cluster Isolation Bypass

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Bypassing cluster isolation through insecure defaults and shared storage product: Databricks Platform vulnerable version: PaaS version as of 2023-01-26 fixed version:...

SoftExpert Suite 2.1.3 Local File Inclusion

Exploit Title: SoftExpert SE Suite v2.1.3 - Local File Inclusion Date: 27-04-2023 Exploit Author: Felipe Alcantara Filiplain Vendor Homepage: https://www.softexpert.com/ Version: 2.0 target=$1 u=$2 p=$3 file=$echo -n "$4"|base64 -w 0 end="\0330m\e0m" red="\e0;31m\0331m" blue="\e0;34m\0331m" echo ...

Advanced Host Monitor 12.56 Unquoted Service Path

Exploit Title: Advanced Host Monitor v12.56 - Unquoted Service Path Date: 2023-04-23 CVE: CVE-2023-2417 Exploit Author: MrEmpy Vendor Homepage: https://www.ks-soft.net Software Link: https://www.ks-soft.net/hostmon.eng/downpage.htm Version: 12.56 Tested on: Windows 10 21H2 Title: ================...

OpenEMR 7.0.1 Authentication Bruteforce Mitigation Bypass

Exploit Title: OpenEMR v7.0.1 - Authentication credentials brute force Date: 2023-04-28 Exploit Author: abhhi Abhishek Birdawade Vendor Homepage: https://www.open-emr.org/ Software Link: https://github.com/openemr/openemr/archive/refs/tags/v701.tar.gz Version: 7.0.1 Tested on: Windows ''' Example...

Revive Adserver 5.4.1 Cross Site Scripting

Exploit Title: revive-adserver v5.4.1 - Cross-Site Scripting XSS Application: revive-adserver Version: 5.4.1 Bugs: XSS Technology: PHP Vendor URL: https://www.revive-adserver.com/ Software Link: https://www.revive-adserver.com/download/ Date of found: 31-03-2023 Author: Mirabbas Ağalarov Tested o...

ESET Forwarder 16.0.26.0 Unquoted Service Path

Exploit Title: ESET Forwarder 16.0.26.0 - Unquoted Service Path Privilege Escalation Date: 2023-04-30 Author: Milad Karimi Ex3ptionaL Vendor Homepage: https://www.eset.com Software Link: https://www.eset.com/download/ version : 16.0.26.0 Latest Tested on: Windows 11 ESET installs as a service wit...

Emporium Multi-Vendor 2.1 Cross Site Scripting

┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...

Fortigate 7.0.1 Stack Overflow

c@ubuntu:/LABS$ cat fp17.py !/usr/bin/env python3 fortigate 7.0.1 postauth stack overflow 0day more: https://code610.blogspot.com/2023/04/fuzzing-fortigate-7.html Pid: 00243, application: newcli, Firmware: FortiGate-VM64 v7.0.1,build0157b0157,210714 GA Release, Signal 6 received, Backtrace:...

Old Age Home Management 1.0 SQL Injection

Title: Old Age Home Management-2022-2023-1.0 SQLi-Bypass-Authentication-Account-Take-Over Author: nu11secur1ty Date: 04.29.2023 Vendor: BY ANUJ KUMAR, https://phpgurukul.com/author/anujk305/ Software: https://phpgurukul.com/old-age-home-management-system-using-php-and-mysql/googlevignette...

Adobe ColdFusion Unauthenticated Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Adobe ColdFusion Unauthenticated Remote Code Execution', 'Description' = %q This module exploits a remote unauthenticated deserialization of...

CompanyMaps 8.0 Cross Site Scripting

Exploit Title: Stored Cross Site Scripting Google Dork: Date: 27.04.2023 Exploit Author: Lucas Noki 0xPrototype Vendor Homepage: https://github.com/vogtmh Software Link: https://github.com/vogtmh/cmaps Version: 8.0 Tested on: Mac, Windows, Linux CVE : CVE-2023-29983 Steps to reproduce: 1. Clone t...

Mobile Mouse 3.6.0.4 Remote Code Execution

Exploit Title: Mobile Mouse 3.6.0.4 Remote Code Execution v2 Date: Apr 28, 2023 Exploit Author: Chokri Hammedi Vendor Homepage: https://mobilemouse.com/ Software Link: https://www.mobilemouse.com/downloads/setup.exe Version: 3.6.0.4 Tested on: Windows 10 Enterprise LTSC Build 17763 !/usr/bin/env...

Aigital Wireless-N Repeater Mini_Router.0.131229 Authentication Bypass

Exploit Title: Aigital Wireless-N Repeater - Login Bypass Exploit Author: Matteo Mandolini Date : 13/04/2023 Vendor Homepage: https://web.archive.org/web/20220625053314/https://www.aigital.com/ Version: MiniRouter.0.131229 Login bypass The device web application relies on a time-based mechanism t...

Chitor CMS 1.1.2 SQL Injection

┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...

AC Repair And Services 1.0 SQL Injection

Title: AC Repair and Services-2023-1.0 Multiple-SQLi Author: nu11secur1ty Date: 05.01.2023 Vendor: https://github.com/oretnom23 Software: https://www.sourcecodester.com/sites/default/files/download/oretnom23/php-acrss.zip Reference: https://portswigger.net/web-security/sql-injection Description:...

CreativeItem Academy Learning Management System 5.14 Cross Site Scripting

┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...

Piwigo 13.5.0 SQL Injection

===== Tempest Security Intelligence - ADV-03/2023 ========================== Piwigo - Version 13.5.0 Author: Rodolfo Tavares Tempest Security Intelligence - Recife, Pernambuco - Brazil ===== Table of Contents================================================== Overview Detailed description Timeline...

Aigital Wireless-N Repeater Mini_Router.0.131229 Remote Command Execution

Exploit Title: Aigital Wireless-N Repeater - Command Injection Exploit Author: Matteo Mandolini Date : 13/04/2023 Vendor Homepage: https://web.archive.org/web/20220625053314/https://www.aigital.com/ Version: MiniRouter.0.131229 Command Injection POST /boafrm/formSysCmd HTTP/1.1 Host: 192.168.10.2...

ebankIT 6 Cross Site Scripting

CVE-2023-30454 Description An issue was discovered in ebankIT before version 7. Document Object Model based XSS exists within the /Security/Transactions/Transactions.aspx endpoint. Users can supply their own JavaScript within the...

ebankIT 6 Denial Of Service

CVE-2023-30455 Description An issue was discovered in ebankIT before version 7. A Denial-of-Service attack is possible through the GET parameter EStatementsIds located on the /Controls/Generic/EBMK/Handlers/EStatements/DownloadEStatement.ashx endpoint. The GET parameter accepts over 100...

MilleGPG5 5.9.2 Local Privilege Escalation

Exploit Title: MilleGPG5 5.9.2 Gennaio 2023 - Local Privilege Escalation / Incorrect Access Control Date: 2023-04-28 Exploit Author: Andrea Intilangelo Vendor Homepage: https://millegpg.it/ Software Homepage: https://millegpg.it - https://millewin.it/prodotti/governo-clinico-3/ Software Link:...

Aigital Wireless-N Repeater Mini_Router.0.131229 Cross Site Scripting

Exploit Title: Aigital Wireless-N Repeater - Stored Cross-Site Scripting Exploit Author: Matteo Mandolini Date : 13/04/2023 Vendor Homepage: https://web.archive.org/web/20220625053314/https://www.aigital.com/ Version: MiniRouter.0.131229 XSS Stored POST /boafrm/formHomeWlanSetup HTTP/1.1 Host:...

ChurchCRM 4.5.3 SQL Injection

Exploit Title: ChurchCRM 4.5.3 - Authenticated SQL Injection Date: 27-04-2023 Exploit Author: Iyaad Luqman K Software Link: https://github.com/ChurchCRM/CRM/releases Vendor Homepage: http://churchcrm.io/ Version: 4.5.3 Tested on: Windows, Linux CVE: CVE-2023-24685 ChurchCRM v4.5.3 and below was...

Wondershare Filmora 12.2.9.2233 Unquoted Service Path

Exploit Title: Wondershare Filmora 12.2.9.2233 - Unquoted Service Path Date: 2023/04/23 Exploit Author: msd0pe Vendor Homepage: https://www.wondershare.com My Github: https://github.com/msd0pe-1 Wondershare Filmora: Versions = wmic service get name,pathname,displayname,startmode | findstr /i auto...

PHP Restaurants 1.0 SQL Injection / Cross Site Scripting

Exploit Title: PHP Restaurants 1.0 - SQLi Authentication Bypass & Cross Site Scripting Google Dork: None Date: 4/26/2023 Exploit Author: Or4nG.M4n Vendor Homepage: https://github.com/jcwebhole Software Link: https://github.com/jcwebhole/phprestaurants Version: 1.0 functions.php function login...

Sophos Web Appliance 4.3.10.4 Command Injection

!/bin/bash Exploit Title: Sophos Web Appliance 4.3.10.4 - Pre-auth command injection Exploit Author: Behnam Abasi Vanda Vendor Homepage: https://www.sophos.com Version: Sophos Web Appliance older than version 4.3.10.4 Tested on: Ubuntu CVE : CVE-2023-1671 Shodan Dork: title:"Sophos Web Appliance"...

Old Age Home Management System 1.0 Cross Site Scripting / Missing Authentication

Exploit Title: Old Age Home Management System 1.0 - Multi Date: 4/26/2023 Exploit Author: OR4NG.M4N Vendor Homepage: https://phpgurukul.com/old-age-home-management-system-using-php-and-mysql/ Software Link: https://phpgurukul.com/projects/Old-Age-Home-MS-using-PHP.zip Version: v1.0 you can delete...

PaperCut NG/MG 22.0.4 Authentication Bypass

Exploit Title: PaperCut NG/MG 22.0.4 - Authentication Bypass Date: 21 April 2023 Exploit Author: MaanVader Vendor Homepage: https://www.papercut.com/ Version: 8.0 or later Tested on: 22.0.4 CVE: CVE-2023-27350 import requests from bs4 import BeautifulSoup import re def vulnversion: ip = input"Ent...

qdPM 9.1 Cross Site Scripting

Exploit Title: qdPM 9.x -bindtype - Cross-Site Scripting Exploit Author: Or4nG.M4n Date : 4/26/2023 Vendor Homepage: https://qdpm.net/ Software Link: https://sourceforge.net/projects/qdpm/files/latest/download Version: 9.2 , 9.1 XSS Reflected . GET...

Online Book Store 1.0 SQL Injection

Exploit Title: Online Book Store 1.0 - process.php SQL injection Google Dork: 4/26/2023 Exploit Author: Or4nG.M4n Vendor Homepage: https://projectworlds.in/free-projects/php-projects/online-book-store-project-in-php/ Software Link:...

Mars Stealer 8.3 Account Takeover

Exploit Title: Mars Stealer 8.3 - Admin Account Takeover Product: Mars Stelaer Technology: PHP Version: 8.3 Google Dork: N/A Date: 20.04.2023 Tested on: Linux Author: Sköll - twitter.com/skoll import argparse import requests parser = argparse.ArgumentParserdescription='Mars Stealer Account Takeov...

OCS Inventory NG 2.3.0.0 Unquoted Service Path

Exploit Title: OCS Inventory NG 2.3.0.0 - Unquoted Service Path Date: 2023/04/21 Exploit Author: msd0pe Vendor Homepage: https://oscinventory-ng.org Software Link: https://github.com/OCSInventory-NG/WindowsAgent My Github: https://github.com/msd0pe-1 Fixed in version 2.3.1.0 OCS Inventory NG...

Arcsoft PhotoStudio 6.0.0.172 Unquoted Service Path

Exploit Title: Arcsoft PhotoStudio 6.0.0.172 - Unquoted Service Path Date: 2023/04/22 Exploit Author: msd0pe Vendor Homepage: https://www.arcsoft.com/ My Github: https://github.com/msd0pe-1 Arcsoft PhotoStudio: Versions = wmic service get name,pathname,displayname,startmode | findstr /i auto |...

WordPress Shield Security 17.0.17 Cross Site Scripting / Missing Authorization

Affected Plugin: Shield Security – Smart Bot Blocking & Intrusion Prevention Plugin Slug: wp-simple-firewall Affected Versions: = 17.0.17 CVE ID: CVE-2023-0992 CVSS Score: 7.2 High CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N Researcher/s: Ramuel Gall Fully Patched Version: 17.0.18 T...

Multi-Vendor Online Groceries Management System 1.0 Remote Code Execution

Exploit Title: Multi-Vendor Online Groceries Management System 1.0 - Remote Code Execution RCE Date: 4/23/2023 Author: Or4nG.M4n Vendor Homepage: https://www.sourcecodester.com/ Software Link:...

Chitor CMS 1.1.2 SQL Injection

┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...

KODExplorer 4.49 Cross Site Request Forgery / Shell Upload

Exploit Title: KodExplorer ' path = '/data/User/admin/home/' targetpath = input' Target KODExplorer path ex /var/www...

Nokia OneNDS 17 Insecure Permissions / Privilege Escalation

=============================================================================== title: Incorrect Permission Assignment product: Nokia OneNDS 17 vulnerability type: Security Misconfiguration severity: High CVSS Score: 7.8 CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H found on: 31/03/20...

Nokia OneNDS 20.9 Insecure Permissions / Privilege Escalation

=============================================================================== title: Incorrect Permission Assignment product: Nokia OneNDS 20.9 vulnerability type: Security Misconfiguration severity: High CVSS Score: 7.8 CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H found on:...

ProjeQtOr Project Management System 10.3.2 Shell Upload

Exploit Title: ProjeQtOr Project Management System 10.3.2 -Remote Code Execution RCE Application: ProjeQtOr Project Management System Version: 10.3.2 Bugs: Remote Code Execution RCE Authenticated via file upload Technology: PHP Vendor URL: https://www.projeqtor.org Software Link:...

Lilac-Reloaded For Nagios 2.0.8 Remote Code Execution

!/usr/bin/env python """ Exploit Title: Lilac-Reloaded for Nagios 2.0.8 - Remote Code Execution RCE Google Dork: N/A Date: 2023-04-13 Exploit Author: max / Zoltan Padanyi Vendor Homepage: https://exchange.nagios.org/directory/Addons/Configuration/Lilac-2DReloaded/visit Software Link:...