50644 matches found
Franklin Fueling Systems TS-550 Information Disclosure
Exploit Title: Franklin Fueling Systems TS-550 - Exploit and Default Password Date: 3/11/2023 Exploit Author: parsa rezaie khiabanloo Vendor Homepage: Franklin Fueling Systems http://www.franklinfueling.com/ Version: TS-550 Tested on: Linux/Androidtermux Step 1 : attacker can using these dorks an...
Medicine Tracker System 1.0 SQL Injection
Exploit Title: Medicine Tracker System v1.0 - Sql Injection Exploit Author: Sanjay Singh Vendor Homepage: https://www.sourcecodester.com Software Link: https://www.sourcecodester.com/sites/default/files/download/oretnom23/php-mts0.zip Version: V1.0.0 Tested on: Windows/Linux Proof of Concept: 1-...
IBM Instana 243-0 Missing Authentication
Exploit Title: Docker based datastores for IBM Instana 241-2 243-0 - No Authentication Google Dork: if applicable Date: 06 March 2023 Exploit Author: Shahid Parvez zippon Vendor Homepage: https://www.instana.com/trial/ and https://www.ibm.com/docs/en/instana-observability Software Link:...
Restaurant Management System 1.0 SQL Injection
Exploit Title: Restaurant Management System 1.0 - SQL Injection Date: 2023-03-20 Exploit Author: calfcrusher [email protected] Vendor Homepage: https://www.sourcecodester.com/users/lewa Software Link: https://www.sourcecodester.com/php/11815/restaurant-management-system.html Version: 1.0...
WebsiteBaker 2.13.3 Cross Site Scripting
Exploit Title: WebsiteBaker v2.13.3 - Cross-Site Scripting XSS Application: WebsiteBaker Version: 2.13.3 Bugs: Stored XSS Technology: PHP Vendor URL: https://websitebaker.org/pages/en/home.php Software Link: https://wiki.websitebaker.org/doku.php/en/downloads Date of found: 02.04.2023 Author:...
Snitz Forum 1.0 SQL Injection
Exploit Title: Snitz Forum v1.0 - Blind SQL Injection Date: 13/03/2023 Exploit Author: Emiliano Febbi Vendor Homepage: https://forum.snitz.com/ Software Link: https://sourceforge.net/projects/sf2k/files/ Version: ALL VERSION Tested on: Windows 10 code . . / ///I . / // 0day PoC...
ActFax 10.10 Unquoted Service Path
Exploit Title: ActFax 10.10 - Unquoted Path Services Date: 22/03/2023 Exploit Author: Birkan ALHAN @taftss Vendor Homepage: https://www.actfax.com Software Link: https://www.actfax.com/en/download.html Version: Version 10.10, Build 0551 2023-02-01 Tested on: Windows 10 21H2 OS Build 19044.2728...
Altenergy Power Control Software C1.2.5 Command Injection
Exploit Title: Altenergy Power Control Software C1.2.5 - OS command injection Google Dork: intitle:"Altenergy Power Control Software" Date: 15/3/2023 Exploit Author: Ahmed Alroky Vendor Homepage: https://apsystems.com/ Version: C1.2.5 Tested on: Windows 10 CVE : CVE-2023-28343 import requests...
Palo Alto Cortex XSOAR 6.5.0 Cross Site Scripting
Exploit Title: Palo Alto Cortex XSOAR 6.5.0 - Stored Cross-Site Scripting XSS Exploit Author: omurugur Vendor Homepage: https://security.paloaltonetworks.com/CVE-2022-0020 Version: 6.5.0 - 6.2.0 - 6.1.0 Tested on: relevant os CVE : CVE-2022-0020 Author Web: https://www.justsecnow.com Author Socia...
Icinga Web 2.10 Arbitrary File Disclosure
!/usr/bin/env python3 Exploit Title: Icinga Web 2.10 - Arbitrary File Disclosure Date: 2023-03-19 Exploit Author: Jacob Ebben Vendor Homepage: https://icinga.com/ Software Link: https://github.com/Icinga/icingaweb2 Version: 2.8.6, 2.9.6, 2.10 Tested on: Icinga Web 2 Version 2.9.2 on Linux CVE:...
pfsenseCE 2.6.0 Protection Bypass
!/usr/bin/python3 Exploit Title: pfsenseCE v2.6.0 - Anti-brute force protection bypass Google Dork: intitle:"pfSense - Login" Date: 2023-04-07 Exploit Author: FabDotNET Fabien MAISONNETTE Vendor Homepage: https://www.pfsense.org/ Software Link:...
ChurchCRM 4.5.1 SQL Injection
Exploit Title: ChurchCRM 4.5.1 - Authenticated SQL Injection Date: 11-03-2023 Exploit Author: Arvandy Blog Post: https://github.com/arvandy/CVE/blob/main/CVE-2023-24787/CVE-2023-24787.md Software Link: https://github.com/ChurchCRM/CRM/releases Vendor Homepage: http://churchcrm.io/ Version: 4.5.1...
ZCBS / ZBBS / ZPBS 4.14k Cross Site Scripting
Exploit Title: ZCBS/ZBBS/ZPBS v4.14k - Reflected Cross-Site Scripting XSS Date: 2023-03-30 CVE: CVE-2023-26692 Exploit Author: Abdulaziz Saad @b4zb0z Vendor Homepage: https://www.zcbs.nl Version: 4.14k Tested on: LAMP, Ubuntu Google Dork: inurl:objecten.pl?ident=3D --- Vulnerability : $GET'ident'...
Roxy Fileman 1.4.5 Shell Upload
Exploit Title: Roxy Fileman 1.4.5 For .NET Arbitrary File Upload Date: 09/04/2023 Exploit Author: Zer0FauLT [email protected] Vendor Homepage: roxyfileman.com Software Link: https://web.archive.org/web/20190317053437/http://roxyfileman.com/download.php?f=1.4.5-net Version: = 1.4.5 Tested on:...
FortiRecorder 6.4.3 Denial Of Service
Exploit Title: FortiRecorder 6.4.3 - Denial of Service Google Dork: N/A Date: 13/03/2023 Exploit Author: Mohammed Adel Vendor Homepage: https://www.fortinet.com/ Software Link: https://www.fortinet.com/products/network-based-video-security/forticam-fortirecorder Version: 6.4.3 and below && 6.0.11...
MAC 1200R Directory Traversal
Exploit Title: MAC 1200R - Directory Traversal Google Dork: "MAC1200R" && port="8888" Date: 2023/03/09 Exploit Author: Chunlei Shang, Jiangsu Public Information Co., Ltd. Vendor Homepage: https://www.mercurycom.com.cn/ Software Link: https://www.mercurycom.com.cn/product-1-1.html Version: all...
Schneider Electric 1.0 Insecure Direct Object Reference
Exploit Title: Schneider Electric v1.0 - Directory traversal & Broken Authentication Google Dork: inurl:/scada-vis Date: 3/11/2023 Exploit Author: parsa rezaie khiabanloo Vendor Homepage: https://www.se.com/ Version: all-versions Tested on: Windows/Linux/Android Attacker can using these dorks and...
Rukovoditel 3.3.1 Remote Code Execution
Exploit Title: Rukovoditel 3.3.1 - Remote Code Execution RCE Version: 3.3.1 Bugs: rce via jpeg file upload Technology: PHP Vendor URL: https://www.rukovoditel.net/ Software Link: https://www.rukovoditel.net/download.php Date of found: 12-03-2023 Author: Mirabbas Ağalarov Tested on: Linux 2...
Goanywhere Encryption Helper 7.1.1 Remote Code Execution
// Exploit Title: Goanywhere Encryption helper 7.1.1 - Remote Code Execution RCE // Google Dork: title:"GoAnywhere" // Date: 3/26/2023 // Exploit Author: Youssef Muhammad // Vendor Homepage: https://www.goanywhere.com/ // Software Link:...
Paradox Security Systems IPR512 Denial Of Service
!/bin/bash Exploit Title: Paradox Security Systems IPR512 - Denial Of Service Google Dork: intitle:"ipr512 - login screen" Date: 09-APR-2023 Exploit Author: Giorgi Dograshvili Vendor Homepage: Paradox - Headquarters https://www.paradox.com/Products/default.asp?PID=423 Version: IPR512 CVE :...
ENTAB ERP 1.0 Information Disclosure
Exploit Title: ENTAB ERP 1.0 - Username PII leak Date: 17.05.2022 Exploit Author: Deb Prasad Banerjee Vendor Homepage: https://www.entab.in Version: Entab ERP 1.0 Tested on: Windows IIS CVE: CVE-2022-30076 Vulnerability Name: Broken Access control via Rate Limits Description: In the entab softwar...
IBM Aspera Faspex 4.4.1 YAML Deserialization
Exploit Title: IBM Aspera Faspex 4.4.1 - YAML deserialization RCE Date: 02/02/2023 Exploit Author: Maurice Lambert Vendor Homepage: https://www.ibm.com/ Software Link: https://www.ibm.com/docs/en/aspera-faspex/5.0?topic=welcome-faspex Version: 4.4.1 Tested on: Linux CVE : CVE-2022-47986 """ This...
Online Appointment System 1.0 Cross Site Scripting
Exploit Title: Online Appointment System V1.0 - Cross-Site Scripting XSS Date: 25/02/2023 Exploit Author: Sanjay Singh Vendor Homepage: https://www.sourcecodester.com Software Link: https://www.sourcecodester.com/php/14502/online-appointment-system-php-full-source-code-2020.html Tested on: Window...
WIMAX SWC-5100W Remote Command Execution
Exploit Title: WIMAX SWC-5100W Firmware V1.11.0.1 :1.9.9.4 - Authenticated RCE Vulnerability Name: Ballin' Mada Date: 4/3/2023 Exploit Author: Momen Eldawakhly Cyber Guy Vendor Homepage: http://www.seowonintech.co.kr/eng/main Version: Bootloader1.18.19.0 , HW 0.0.7.0, FW1.11.0.1 : 1.9.9.4 Tested...
FileZilla Client 3.63.1 DLL Hijacking
--------------------------------------------------------- Title: FileZilla Client 3.63.1 - 'TextShaping.dl' DLL Hijacking Date: 2023-02-14 Author: Bilal Qureshi Vendor: https://filezilla-project.org/ Version: 3.63.1 Tested on: Windows 10 Pro 64-bit 10.0, Build 19044...
Control Web Panel 7 (CWP7) 0.9.8.1147 Remote Code Execution
// Exploit Title: Control Web Panel 7 CWP7 v0.9.8.1147 - Remote Code Execution RCE // Date: 2023-02-02 // Exploit Author: Mayank Deshmukh // Vendor Homepage: https://centos-webpanel.com/ // Affected Versions: version 0.9.8.1147 // Tested on: Kali Linux // CVE : CVE-2022-44877 // Github POC:...
Dompdf 1.2.1 Remote Code Execution
!/usr/bin/python3 Exploit Title: Dompdf 1.2.1 - Remote Code Execution RCE Date: 16 February 2023 Exploit Author: Ravindu Wickramasinghe @rvizx9 Vendor Homepage: https://dompdf.github.io/ Software Link: https://github.com/dompdf/dompdf Version: 1.2.1 Tested on: Kali linux CVE : CVE-2022-28368 Gith...
Provide Server 14.4 XSS / Cross Site Request Forgery / Code Execution
Provide Server v. 14.4 CVE-2023-23286 Vulnerabilities: CWE-79: Improper Neutralization of Input During Web Page Generation Unauthenticated stored XSS in server-log delivered via username field from login-form CWE-352: Cross-Site Request Forgery CSRF-token exposed in javascript, making it possible...
flatnux 2021-03.25 Remote Code Execution
Exploit Title: flatnux-2021-03.25 - Remote Code Execution Authenticated Exploit Author: Ömer Hasan Durmuş Vendor Homepage: https://en.altervista.org Software Link: http://flatnux.altervista.org/flatnux.html Version: 2021-03.25 Tested on: Windows/Linux POST...
Responsive FileManager 9.9.5 Remote Shell Upload
Exploit Title: Responsive FileManager 9.9.5 - Remote Code Execution RCE Date: 02-Feb-2023 Exploit Author: Galoget Latorre @galoget Vendor Homepage: https://responsivefilemanager.com Software Link: https://github.com/trippo/ResponsiveFilemanager/releases/download/v9.9.5/responsivefilemanager.zip...
GNU screen 4.9.0 Privilege Escalation
Exploit Title: GNU screen v4.9.0 - Privilege Escalation Date: 03.02.2023 Exploit Author: Manuel Andreas Vendor Homepage: https://www.gnu.org/software/screen/ Software Link: https://ftp.gnu.org/gnu/screen/screen-4.9.0.tar.gz Version: 4.9.0 Tested on: Arch Linux CVE : CVE-2023-24626 import os impor...
Simple Task Managing System 1.0 SQL Injection
Exploit Title: Simple Task Managing System v1.0 - SQL Injection Unauthenticated Date: 2022-01-09 Exploit Author: Hamdi Sevben Vendor Homepage: https://www.sourcecodester.com/php/15624/simple-task-managing-system-php-mysqli-free-source-code.html Software Link:...
Auto Dealer Management System 1.0 Broken Access Control
Exploit Title: Auto Dealer Management System 1.0 - Broken Access Control Exploit It leads to compromise of all application accounts by accessing the ?page=user/list with low privileged user account Date: 18 February 2023 CVE Assigned: CVE-2023-0916 mitre.org nvd.nist.org Author: Muhammad Navaid...
Binwalk 2.3.2 Remote Command Execution
Exploit Title: Binwalk v2.3.2 - Remote Command Execution RCE Exploit Author: Etienne Lacoche CVE-ID: CVE-2022-4510 import os import inspect import argparse print"" print"" print"------------------CVE-2022-4510----------------" print"" print"--------Binwalk Remote Command Execution--------"...
ERPNext 12.29 Cross Site Scripting
Exploit Title: ERPNext 12.29 - Cross-Site Scripting XSS Date: 7 Feb 2023 Exploit Author: Patrick Dean Ramos / Nathu Nandwani / Junnair Manla Github - https://github.com/patrickdeanramos/CVE-2022-28598 Vendor Homepage: https://erpnext.com/ Version: 12.29 CVE-2022-28598 Summary: Stored cross-site...
BulletProof FTP Server 2019.0.0.51 Denial Of Service
Exploit Title: BulletProof FTP Server 2019.0.0.51 - Denial of Service Discovery by: Yehia Elghaly - Mrvar0x Discovery Date: 2023-03-31 Vendor Homepage: https://barcodemagic.com/ Software Link: http://bpftpserver.com/products/bpftpserver/windows/download Tested Version: 2019.0.0.51 Tested on:...
PostgreSQL 9.6.1 Remote Code Execution
Exploit Title: PostgreSQL 9.6.1 - Remote Code Execution RCE Authenticated Date: 2023-02-01 Exploit Author: Paulo Trindade @paulotrindadec, Bruno Stabelini @Bruno Stabelini, Diego Farias @fulcrum and Weslley Shaimon Github: https://github.com/paulotrindadec/CVE-2019-9193 Version: PostgreSQL 9.6.1 ...
Titan FTP Path Traversal
Titan FTP Server Path Traversal Vulnerability in move-file Function Version: 2.0.1.2102 CVE-2023-22629 CWE-24: Path Traversal TitanFTP Server is vulnerable to a path traversal attack in the move-file function. An attacker can exploit this vulnerability by providing a specially crafted newPath...
Froxlor 2.0.3 Stable Remote Code Execution
!/usr/bin/python3 Exploit Title: Froxlor 2.0.3 Stable - Remote Code Execution RCE Date: 2023-01-08 Exploit Author: Askar @mohammadaskar2 CVE: CVE-2023-0315 Vendor Homepage: https://froxlor.org/ Version: v2.0.3 Tested on: Ubuntu 20.04 / PHP 8.2 import telnetlib import requests import socket import...
pdfkit 0.8.7.2 Command Injection
!/usr/bin/env python3 Exploit Title: pdfkit v0.8.7.2 - Command Injection Date: 02/23/2023 Exploit Author: UNICORD NicPWNs & Dev-Yeoj Vendor Homepage: https://pdfkit.org/ Software Link: https://github.com/pdfkit/pdfkit Version: 0.0.0-0.8.7.2 Tested on: pdfkit 0.8.6 CVE: CVE-2022–25765 Source:...
Microsoft Excel Spoofing
Title: Microsoft Excel Spoofing Vulnerability Author: nu11secur1ty Date: 04.06.2023 Vendor: https://www.microsoft.com/ Software: https://www.microsoft.com/en-us/microsoft-365/excel Reference: https://www.rapid7.com/fundamentals/spoofing-attacks/ CVE-2023-23398 Description: The attack itself is...
Apache Tomcat 10.1 Denial Of Service
Exploit Title: Apache Tomcat 10.1 - Denial Of Service Google Dork: N/A Date: 13/07/2022 Exploit Author: Cristian 'void' Giustini Vendor Homepage: https://tomcat.apache.org/ Software Link: https://tomcat.apache.org/download-10.cgi Version: = 10.1 Tested on: Apache Tomcat 10.0 Docker CVE :...
Answerdev 1.0.3 Account Takeover
Exploit Title: Answerdev 1.0.3 - Account Takeover Date: Reported on Jan 24th 2023 Exploit Author: Eduardo Pérez-Malumbres Cervera @blueudp Vendor Homepage: https://answer.dev/ Software Link: https://github.com/answerdev/answer Version: 1.0.3 Tested on: Ubuntu 22.04 / Debian 11 CVE : CVE-2023-0744...
modoboa 2.0.4 Admin Takeover
/ Exploit Title: modoboa 2.0.4 - Admin TakeOver Description: Authentication Bypass by Primary Weakness Date: 02/10/2023 Software Link: https://github.com/modoboa/modoboa Version: modoboa/modoboa prior to 2.0.4 Tested on: Arch Linux Exploit Author: 7h3h4ckv157 CVE: CVE-2023-0777 / package main...
itech TrainSmart r1044 SQL Injection
Exploit Title: itech TrainSmart r1044 - SQL injection Date: 03.02.2023 Exploit Author: Adrian Bondocea Software Link: https://sourceforge.net/p/trainsmart/code/HEAD/tree/code/ Version: TrainSmart r1044 Tested on: Linux CVE : CVE-2021-36520 SQL injection vulnerability in itech TrainSmart r1044...
LDAP Tool Box Self Service Password 1.5.2 Account Takeover
Exploit Title: LDAP Tool Box Self Service Password v1.5.2 - Account takeover Date: 02/17/2023 Exploit Author: Tahar BENNACEF aka tar.gz Software Link: https://github.com/ltb-project/self-service-password Version: 1.5.2 Tested on: Ubuntu Self Service Password is a PHP application that allows users...
BTCPay Server 1.7.4 HTML Injection
Exploit Title: BTCPay Server v1.7.4 - HTML Injection Date: 01/26/2023 Exploit Author: Manojkumar J TheWhiteEvil Vendor Homepage: https://github.com/btcpayserver/btcpayserver Software Link: https://github.com/btcpayserver/btcpayserver/releases/tag/v1.7.5 Version: clickhere 3. Click remove/delete A...
Cisco / Dell / Netgear Information Disclosure / Hash Decrypter
Exploit Title: Dell EMC Networking PC5500 firmware versions 4.1.0.22 and Cisco Sx / SMB - Information Disclosure DSA-2020-042: Dell Networking Security Update for an Information Disclosure Vulnerability | Dell US...
POLR URL 2.3.0 Shortener Admin Takeover
Exploit Title: POLR URL 2.3.0 - Shortener Admin Takeover Date: 2021-02-01 Exploit Author: p4kl0nc4t Vendor Homepage: - Software Link: https://github.com/cydrobolt/polr Version: 2.3.0 Tested on: Linux CVE : CVE-2021-21276 import json import requests payload = 'acctusername': 'admin', 'acctpassword...
EasyNas 1.1.0 Command Injection
Exploit Title: EasyNas 1.1.0 - OS Command Injection Date: 2023-02-9 Exploit Author: Ivan Spiridonov [email protected] Author Blog: https://xbz0n.medium.com Version: 1.0.0 Vendor home page : https://www.easynas.org Authentication Required: Yes CVE : CVE-2023-0830 !/usr/bin/python3 import...