FUXA 1.1.13-1186 Remote Code Execution

Exploit Title: FUXA V.1.1.13-1186- Unauthenticated Remote Code Execution RCE Date: 18/04/2023 Exploit Author: Rodolfo Mariano Vendor Homepage: https://github.com/frangoteam/FUXA Version: FUXA V.1.1.13-1186 current from argparse import RawTextHelpFormatter import argparse, sys, threading, requests...

Piwigo 13.6.0 Cross Site Scripting

Exploit Title: Piwigo 13.6.0 - Stored Cross-Site Scripting XSS Application: Piwigo Version: 13.6.0 Bugs: Stored XSS Technology: PHP Vendor URL: https://piwigo.org/ Software Link: https://piwigo.org/get-piwigo Date of found: 18.04.2023 Author: Mirabbas Ağalarov Tested on: Linux 2. Technical Detail...

Franklin Fueling Systems TS-550 Hash Disclosure / Default Credentials

Exploit Title: Franklin Fueling Systems TS-550 - Default Password Date: 4/16/2023 Exploit Author: parsa rezaie khiabanloo Vendor Homepage: Franklin Fueling Systems http://www.franklinfueling.com/ Version: TS-550 Tested on: Linux/Androidtermux Step 1 : attacker can using these dorks and access to...

Swagger UI 4.1.3 Critical Information Misrepresentation

Exploit Title: Swagger UI 4.1.3 - User Interface UI Misrepresentation of Critical Information Date: 14 April, 2023 Exploit Author: Rafael Cintra Lopes Vendor Homepage: https://swagger.io/ Version: 4.1.3 CVE: CVE-2018-25031 Site: https://rafaelcintralopes.com.br/ Usage: python swagger-exploit.py...

Serendipity 2.4.0 Shell Upload

Exploit Title: Serendipity 2.4.0 - Remote Code Execution RCE Authenticated Application: Serendipity Version: 2.4.0 Bugs: Remote Code Execution RCE Authenticated via file upload Technology: PHP Vendor URL: https://docs.s9y.org/ Software Link: https://docs.s9y.org/downloads.html Date of found:...

Chitor-CMS 1.1.2 SQL Injection

!/usr/bin/python3 Exploit Title: Chitor-CMS v1.1.2 - Pre-Auth SQL Injection Date: 2023/04/13 ExploitAuthor: msd0pe Project: https://github.com/waqaskanju/Chitor-CMS My Github: https://github.com/msd0pe-1 Patched the 2023/04/16: 69d3442 commit description = 'Chitor-CMS 1.1.2 Pre-Auth SQL Injection...

Serendipity 2.4.0 Cross Site Scripting

Exploit Title: Serendipity 2.4.0 - Cross-Site Scripting XSS Author: Mirabbas Ağalarov Application: Serendipity Version: 2.4.0 Bugs: Stored XSS Technology: PHP Vendor URL: https://docs.s9y.org/ Software Link: https://docs.s9y.org/downloads.html Date of found: 13.04.2023 Tested on: Linux 2. Technic...

VMware Workspace ONE Access Privilege Escalation

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'VMware Workspace ONE Access CVE-2022-22960', 'Description' = %q This module exploits CVE-2022-22960 which allows the user to overwrite the...

SPIP Remote Command Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'SPIP form PHP Injection', 'Description' = %q This module exploits a PHP code injection in SPIP. The vulnerability exists in the oubli parameter a...

SecurePoint UTM 12.x Session ID Leak

RCE Security Advisory https://www.rcesecurity.com 1. ADVISORY INFORMATION ======================= Product: SecurePoint UTM Vendor URL: https://www.securepoint.de/en/for-companies/firewall-vpn Type: Exposure of Sensitive Information to an Unauthorized Actor CWE-200 Date found: 2023-01-05 Date...

WordPress Weaver Xtreme 5.0.7 / Weaver Show Posts 1.6 Cross Site Scripting

On March 14, 2023, the Wordfence Threat Intelligence team initiated the responsible disclosure process for 2 nearly identical Cross-Site Scripting vulnerabilities in the Weaver Xtreme theme and the Weaver Show Posts plugin, which each have over 10,000 installations. The plugin developer responded...

SecurePoint UTM 12.x Memory Leak

RCE Security Advisory https://www.rcesecurity.com 1. ADVISORY INFORMATION ======================= Product: SecurePoint UTM Vendor URL: https://www.securepoint.de/en/for-companies/firewall-vpn Type: Use of Uninitialized Variable CWE-457 Date found: 2023-01-05 Date published: 2023-04-12 CVSSv3 Scor...

Mware Workspace ONE Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'VMware Workspace ONE Access VMSA-2022-0011 exploit chain', 'Description' = %q This module combines two vulnerabilities in order achieve remote co...

Bang Resto 1.0 Cross Site Scripting

Exploit Title: Bang Resto v1.0 - Stored Cross-Site Scripting XSS Date: 2023-04-02 Exploit Author: Rahad Chowdhury Vendor Homepage: https://www.hockeycomputindo.com/2021/05/restaurant-pos-source-code-free.html Software Link: https://github.com/mesinkasir/bangresto/archive/refs/heads/main.zip...

AspEmail 5.6.0.2 Weak Permissions / Local Privilege Escalation

Exploit Title: AspEmail 5.6.0.2 - Local Privilege Escalation Vulnerability Category: Weak Services Permission - Binary Permission Vulnerability Date: 13/04/2023 Exploit Author: Zer0FauLT [email protected] Vendor Homepage: https://www.aspemail.com Software Link:...

Bang Resto 1.0 SQL Injection

Exploit Title: Bang Resto v1.0 - 'Multiple' SQL Injection Date: 2023-04-02 Exploit Author: Rahad Chowdhury Vendor Homepage: https://www.hockeycomputindo.com/2021/05/restaurant-pos-source-code-free.html Software Link: https://github.com/mesinkasir/bangresto/archive/refs/heads/main.zip Version: 1.0...

GDidees CMS 3.9.1 Local File Disclosure / Directory Traversal

Exploit Title: GDidees CMS - 'imgdownload.php' Local File Disclosure Date : 03/27/2023 Exploit Author : Hadi Mene Vendor Homepage : https://www.gdidees.eu/ Software Link : https://www.gdidees.eu/cms-1-0.html Version : 3.9.1 and earlier Tested on : Debian 11 CVE : CVE-2023-27179 Summary: GDidees C...

Microsoft Word Remote Code Execution

Title: Microsoft Word Remote Code Execution Vulnerability Author: nu11secur1ty Date: 04.14.2023 Vendor: https://www.microsoft.com/ Software: https://www.microsoft.com/en-us/microsoft-365/word?activetab=tabs%3afaqheaderregion3 Reference:...

File Replication Pro 7.5.0 Insecure Permissions / Privilege Escalation

Exploit Title: File Replication Pro 7.5.0 - Password disclosure/reset & PrivEsc due Incorrect Access Control Date: 2023-04-13 Exploit Author: Andrea Intilangelo Vendor Homepage: http://www.diasoft.net - https://www.filereplicationpro.com Software Link:...

Sielco PolyEco Digital FM Transmitter 2.0.6 Authentication Bypass

Sielco PolyEco Digital FM Transmitter 2.0.6 Account Takeover / Lockout / EoP Vendor: Sielco S.r.l Product web page: https://www.sielco.org Affected version: PolyEco1000 CPU:2.0.6 FPGA:10.19 PolyEco1000 CPU:1.9.4 FPGA:10.19 PolyEco1000 CPU:1.9.3 FPGA:10.19 PolyEco500 CPU:1.7.0 FPGA:10.16 PolyEco30...

Sielco PolyEco Digital FM Transmitter 2.0.6 Authorization Bypass

Sielco PolyEco Digital FM Transmitter 2.0.6 Authorization Bypass Factory Reset Vendor: Sielco S.r.l Product web page: https://www.sielco.org Affected version: PolyEco1000 CPU:2.0.6 FPGA:10.19 PolyEco1000 CPU:1.9.4 FPGA:10.19 PolyEco1000 CPU:1.9.3 FPGA:10.19 PolyEco500 CPU:1.7.0 FPGA:10.16...

Sielco Analog FM Transmitter 2.12 Cookie Brute Force

Sielco Analog FM Transmitter 2.12 'id' Cookie Brute Force Session Hijacking Vendor: Sielco S.r.l Product web page: https://www.sielco.org Affected version: 2.12 EXC5000GX 2.12 EXC120GX 2.11 EXC300GX 2.10 EXC1600GX 2.10 EXC2000GX 2.08 EXC1600GX 2.08 EXC1000GX 2.07 EXC3000GX 2.06 EXC5000GX 1.7.7...

Sielco Analog FM Transmitter 2.12 Remote Privilege Escalation

form action="http://trans...

Sielco Analog FM Transmitter 2.12 Improper Access Control

...

Sielco PolyEco Digital FM Transmitter 2.0.6 Cookie Brute Force

Sielco PolyEco Digital FM Transmitter 2.0.6 'polyeco' Session Hijacking Vendor: Sielco S.r.l Product web page: https://www.sielco.org Affected version: PolyEco1000 CPU:2.0.6 FPGA:10.19 PolyEco1000 CPU:1.9.4 FPGA:10.19 PolyEco1000 CPU:1.9.3 FPGA:10.19 PolyEco500 CPU:1.7.0 FPGA:10.16 PolyEco300...

Sielco PolyEco Digital FM Transmitter 2.0.6 Default Credentials

Sielco PolyEco Digital FM Transmitter 2.0.6 Default Credentials Vendor: Sielco S.r.l Product web page: https://www.sielco.org Affected version: PolyEco1000 CPU:2.0.6 FPGA:10.19 PolyEco1000 CPU:1.9.4 FPGA:10.19 PolyEco1000 CPU:1.9.3 FPGA:10.19 PolyEco500 CPU:1.7.0 FPGA:10.16 PolyEco300 CPU:2.0.2...

Sielco Radio Link 2.06 Remote Privilege Escalation

inpu...

Sielco PolyEco Digital FM Transmitter 2.0.6 POST Manipulation

Sielco PolyEco Digital FM Transmitter 2.0.6 Radio Data System POST Manipulation Vendor: Sielco S.r.l Product web page: https://www.sielco.org Affected version: PolyEco1000 CPU:2.0.6 FPGA:10.19 PolyEco1000 CPU:1.9.4 FPGA:10.19 PolyEco1000 CPU:1.9.3 FPGA:10.19 PolyEco500 CPU:1.7.0 FPGA:10.16...

Sielco Radio Link 2.06 Cookie Brute Force

Sielco Radio Link 2.06 'id' Cookie Brute Force Session Hijacking Vendor: Sielco S.r.l Product web page: https://www.sielco.org Affected version: 2.06 RTX19 2.05 RTX19 2.00 EXC19 1.60 RTX19 1.59 RTX19 1.55 EXC19 Summary: Sielco develops and produces radio links for all transmission and reception...

Rocket Software Unidata udadmin_server Authentication Bypass

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Rocket Software Unidata udadminserver Authentication Bypass', 'Description' = %q This module exploits an authentication bypass vulnerability in t...

Google Chrome Browser 111.0.5563.64 AXPlatformNodeCocoa Denial Of Service

Google Chrome Browser 111.0.5563.64 AXPlatformNodeCocoa Fatal OOM/Crash macOS Vendor: Google LLC Product web page: https://www.google.com Affected version: 111.0.5563.64 Official Build x8664 110.0.5481.100 Official Build x8664 108.0.5359.124 Official Build x8664 108.0.5359.98 Official Build x8664...

Rocket Software Unidata 8.2.4 Build 3003 Buffer Overflow

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule The amount of padding required to overwrite the return addr 'offset' = 0x2b8, This returns to "mov rdi, rsp / call system", which means the...

Sielco PolyEco Digital FM Transmitter 2.0.6 Information Disclosure

Sielco PolyEco Digital FM Transmitter 2.0.6 Unauthenticated Information Disclosure Vendor: Sielco S.r.l Product web page: https://www.sielco.org Affected version: PolyEco1000 CPU:2.0.6 FPGA:10.19 PolyEco1000 CPU:1.9.4 FPGA:10.19 PolyEco1000 CPU:1.9.3 FPGA:10.19 PolyEco500 CPU:1.7.0 FPGA:10.16...

Sielco Analog FM Transmitter 2.12 Cross Site Request Forgery

CSRF Add Admin: ---------------...

Sielco Radio Link 2.06 Cross Site Request Forgery

CSRF Add Admin: --------------- input type="hidden" name="user2...

Sielco Radio Link 2.06 Improper Access Control

!-- This will set/modify user1 p...

WordPress Limit Login Attempts 1.7.1 Cross Site Scripting

On January 26, 2023, the Wordfence team responsibly disclosed an unauthenticated stored Cross-Site Scripting vulnerability in Limit Login Attempts, a WordPress plugin installed on over 600,000 sites that provides site owners with the ability to block IP addresses that have made repeated failed...

Sielco PolyEco Digital FM Transmitter 2.0.6 Authentication Bypass

!/usr/bin/env python3 -- coding: utf-8 -- Sielco PolyEco Digital FM Transmitter 2.0.6 Authentication Bypass Exploit Vendor: Sielco S.r.l Product web page: https://www.sielco.org Affected version: PolyEco1000 CPU:2.0.6 FPGA:10.19 PolyEco1000 CPU:1.9.4 FPGA:10.19 PolyEco1000 CPU:1.9.3 FPGA:10.19...

InnovaStudio WYSIWYG Editor Asset Manager 5.4 Shell Upload

Exploit Title: InnovaStudio WYSIWYG Editor 5.4 ASSET MANAGER Unrestricted File Upload / Directory Traversal / Multiple WebApps Exploit Date: 11/04/2023 Exploit Author: Zer0FauLT [email protected] Vendor Homepage: innovastudio.com Product: Asset Manager Version: = Asset Manager ASP Version 5....

WordPress WP Data Access 5.3.7 Privilege Escalation

The Wordfence team responsibly disclosed an authenticated Privilege Escalation vulnerability in the WP Data Access plugin. On April 5, 2023 the Wordfence Threat Intelligence team initiated the responsible disclosure process for a vulnerability we discovered in WP Data Access, a WordPress plugin...

Bludit 4.0.0-rc-2 Privilege Escalation

Title: Bludit-4.0.0-rc-2 - Release candidate 2 Account takeover: API token vulnerability Author: nu11secur1ty Date: 04.11.2013 Vendor: https://www.bludit.com/ Software: https://github.com/bludit/bludit/releases/tag/4.0.0-rc-2 Reference:...

Tenda N300 F3 12.01.01.48 Header Processing

!/usr/bin/python3 Exploit Title: Tenda N300 F3 12.01.01.48 - Malformed HTTP Request Header Processing Shodan Dork: http.favicon.hash:-2145085239 http.title:"Tenda | LOGIN" Date: 09/03/2023 Exploit Author: @h454nsec Github: https://github.com/H454NSec/CVE-2020-35391 Vendor Homepage:...

ESET Service 16.0.26.0 Unquoted Service Path

Exploit Title: ESET Service 16.0.26.0 - 'Service ekrn' Unquoted Service Path Exploit Author: Milad Karimi Ex3ptionaL Exploit Date: 2023-04-05 Vendor : https://www.eset.com Version : 16.0.26.0 Tested on OS: Microsoft Windows 11 pro x64 PoC : ============== C:\sc qc ekrn SC QueryServiceConfig SUCCE...

Online Computer And Laptop Store 1.0 Shell Upload

!/usr/bin/env python3 Exploit Title: Online Computer and Laptop Store 1.0 - Remote Code Execution RCE Date: 09/04/2023 Exploit Author: Matisse Beckandt Backendt Vendor Homepage:...

Symantec Messaging Gateway 10.7.4 Cross Site Scripting

Exploit Title: Symantec Messaging Gateway 10.7.4 - Stored Cross-Site Scripting XSS Exploit Author: omurugur Vendor Homepage: https://support.broadcom.com/external/content/SecurityAdvisories/0/21117 Version: 10.7.4-10.7.13 Tested on: relevant os CVE : CVE-2022-25630 Author Web:...

dotclear 2.25.3 Shell Upload

Exploit Title: dotclear 2.25.3 - Remote Code Execution RCE Authenticated Application: dotclear Version: 2.25.3 Bugs: Remote Code Execution RCE Authenticated via file upload Technology: PHP Vendor URL: https://dotclear.org/ Software Link: https://dotclear.org/download Date of found: 08.04.2023...

X2CRM 6.6 / 6.9 Cross Site Scripting

Exploit Title: X2CRM v6.6/6.9 - Stored Cross-Site Scripting XSS Authenticated Exploit Author: Betul Denizler Vendor Homepage: https://x2crm.com/ Software Link: https://sourceforge.net/projects/x2engine/ Version: X2CRM v6.6/6.9 Tested on: Ubuntu Mate 20.04 Vulnerable Parameter: Actionssubject CVE:...

Microsoft Excel 365 MSO 2302 Build 16.0.16130.20186 Remote Code Execution

Title: Microsoft Excel RCE Vulnerability / Microsoft®365 MSO Version 2302 Build 16.0.16130.20186 64-bit Author: nu11secur1ty Date: 03.16.2023 Vendor: https://www.microsoft.com/en-us/microsoft-365/excel Software: https://www.microsoft.com/en-us/microsoft-365/excel Reference:...

BrainyCP 1.0 Remote Code Execution

Exploit Title: BrainyCP V1.0 - Remote Code Execution Date: 2023-04-03 Exploit Author: Ahmet Ümit BAYRAM Vendor Homepage: https://brainycp.io Demo: https://demo.brainycp.io Tested on: Kali Linux CVE : N/A import requests credentials url = input"URL: " username = input"Username: " password =...

NotrinosERP 0.7 SQL Injection

Exploit Title: NotrinosERP 0.7 - Authenticated Blind SQL Injection Date: 11-03-2023 Exploit Author: Arvandy Blog Post: https://github.com/arvandy/CVE/blob/main/CVE-2023-24788/CVE-2023-24788.md Software Link: https://github.com/notrinos/NotrinosERP/releases/tag/0.7 Vendor Homepage:...