50644 matches found
Unified Remote 3.13.0 Remote Code Execution
Exploit Title: Unified Remote 3.13.0 - Remote Code Execution RCE Google Dork: NA Date: 03/03/2023 Exploit Author: H4rk3nz0 Vendor Homepage: https://www.unifiedremote.com/ Software Link: https://www.unifiedremote.com/download/windows Version: 3.13.0 Current Tested on: Windows CVE : NA Due to the u...
Mitel MiCollab AWV 8.1.2.4 / 9.1.3 Directory Traversal / LFI
Exploit Title: Mitel MiCollab AWV 8.1.2.4 and 9.1.3 - Directory Traversal and LFI Date: 2022-10-14 Fix Date: 2020-05 Exploit Author: Kahvi-0 Github: https://github.com/Kahvi-0 Vendor Homepage: https://www.mitel.com/ Vendor Security Advisory:...
HospitalRun 1.0.0-beta macOS Local Root
Exploit Title: HospitalRun 1.0.0-beta - Local Root Exploit for macOS Written by Jean Pereira Date: 2023/03/04 Vendor Homepage: https://hospitalrun.io Software Link: https://github.com/HospitalRun/hospitalrun-frontend/releases/download/1.0.0-beta/HospitalRun.dmg Version: 1.0.0-beta Tested on: macO...
bgERP 22.31 Cross Site Scripting
Title: bgERP v22.31 Orlovets - Cookie Session vulnerability & Cross-Site Scripting XSS Author: nu11secur1ty Date: 01.31.2023 Vendor: https://bgerp.com/Bg/Za-sistemata Software: https://github.com/bgerp/bgerp/releases/tag/v22.31 Reference:...
Universal Media Server 13.2.1 Cross Site Scripting
Exploit Title: Universal Media Server 13.2.1 Cross Site Scripting Google Dork: NA Date: 01/04/2023 Exploit Author: Yehia Elghaly - Mrvar0x Vendor Homepage: https://www.universalmediaserver.com/ Software Link: https://www.universalmediaserver.com/download/ Version: 13.2.1 Tested on: Windows 7 / 10...
Intern Record System 1.0 SQL Injection
Exploit Title: Intern Record System v1.0 - SQL Injection Unauthenticated Date: 2022-06-09 Exploit Author: Hamdi Sevben Vendor Homepage: https://code-projects.org/intern-record-system-in-php-with-source-code/ Software Link:...
Bus Pass Management System 1.0 Cross Site Scripting
Exploit Title: Bus Pass Management System 1.0 - Stored Cross-Site Scripting XSS Date: 2021-09-17 Exploit Author: Matteo Conti - https://deltaspike.io Vendor Homepage: https://phpgurukul.com/ Software Link:...
Sales Tracker Management System 1.0 Insecure Direct Object Reference
Exploit Title: Sales Tracker Management System v1.0 - Sensitive information disclosure CVE: CVE-2023-26774 Exploit Author: Achuth V P retrymp3 Date: February 08, 2023 Vendor Homepage: https://www.sourcecodester.com/php/16061/sales-tracker-management-system-using-php-free-source-code.html Software...
Calendar Event Multi View 1.4.07 Cross Site Scripting
Exploit Title: Calendar Event Multi View 1.4.07 - Unauthenticated Arbitrary Event Creation to Cross-Site Scripting XSS Date: 2022-05-25 Exploit Author: Mostafa Farzaneh WPScan page: https://wpscan.com/vulnerability/95f92062-08ce-478a-a2bc-6d026adf657c Vendor Homepage:...
Citrix 22.2.1.103 / 23.1.1.11 Local Privilege Escalation
//Discovered by:: TOUHAMI KASBAOUI - VXREMALWARE //Discover date : 25/03/2023 //Reported to Citrix: 25/03/2023 //Tested Version: 22.2.1.103, 23.1.1.11/Last version //Exploit: https://github.com/sqrtZeroKnowledge/CitrixSecureAccessLPE0DAY define UNICODE define UNICODE include include include inclu...
Pentaho BA Server EE 9.3.0.0-428 Server-Side Template Injection / Remote Code Execution
Title: Pentaho BA Server EE 9.3.0.0-428 - RCE via Server-Side Template Injection Unauthenticated Author: dwbzn Date: 2022-04-04 Vendor: https://www.hitachivantara.com/ Software Link: https://www.hitachivantara.com/en-us/products/lumada-dataops/data-integration-analytics/download-pentaho.html...
projectSend r1605 Remote Code Execution
Exploit Title: projectSend r1605 - Remote Code Exectution RCE Application: projectSend Version: r1605 Bugs: rce via file extension manipulation Technology: PHP Vendor URL: https://www.projectsend.org/ Software Link: https://www.projectsend.org/ Date of found: 26-01-2023 Author: Mirabbas Ağalarov...
Sales Tracker Management System 1.0 Cross Site Scripting
Exploit Title: Sales Tracker Management System v1.0 - One click account takeover XSS Exploit Author: Achuth V P retrymp3 Date: February 08, 2023 CVE: CVE-2023-26773 Vendor Homepage: https://www.sourcecodester.com/php/16061/sales-tracker-management-system-using-php-free-source-code.html Software...
Kardex Mlog MCC 5.7.12 Remote Code Execution
!/usr/bin/env python3 Exploit Title: Kardex Mlog MCC 5.7.12 - RCE Remote Code Execution Date: 12/13/2022 Exploit Author: Patrick Hener Vendor Homepage: https://www.kardex.com/en/mlog-control-center Version: 5.7.12+0-a203c2a213-master Tested on: Windows Server 2016 CVE : CVE-2023-22855 Writeup:...
D-Link DIR-846 Remote Command Execution
Exploit Title: D-Link DIR-846 - Remote Command Execution RCE vulnerability Google Dork: NA Date: 30/01/2023 Exploit Author: Françoa Taffarel Vendor Homepage:...
Uptime Kuma 1.19.6 Cross Site Scripting
Exploit Title: Stored XSS in uptime-kuma ""alert"XSS" If anyone loads the page, the javascript inside the script tag will be executed...
PhotoShow 3.0 Remote Code Execution
Exploit Title: PhotoShow 3.0 - Remote Code Execution Date: January 11, 2023 Exploit Author: LSCP Responsible Disclosure Lab Detailed Bug Description: https://lscp.llc/index.php/2021/07/19/how-white-box-hacking-works-remote-code-execution-and-stored-xss-in-photoshow-3-0/ Vendor Homepage:...
Monitorr 1.7.6 Cross Site Scripting
Exploit Title: Monitorr v1.7.6 - Cross Site Scripting CVE: CVE-2023-26776 Exploit Author: Achuth V P retrymp3 Date: February 09, 2023 Vendor Homepage: https://github.com/Monitorr/ Software Link: https://github.com/Monitorr/Monitorr Tested on: Ubuntu Version: v1.7.6 Exploit Description: Cross Site...
Liferay Portal 6.2.5 Insecure Permissions
Exploit Title: Liferay Portal 6.2.5 - Insecure Permissions Google Dork: -inurl:/html/js/editor/ckeditor/editor/filemanager/browser/ Date: 2021/05 Exploit Author: fu2x2000 Version: Liferay Portal 6.2.5 or later CVE : CVE-2021-33990 import requests import json print " Search this on Google Dork for...
GLPI Manageentities Local File Inclusion
ADVISORY INFORMATION Exploit Title: GLPI 4.0.2 - Unauthenticated Local File Inclusion on Manageentities plugin Date of found: 11 Jun 2022 Application: GLPI Manageentities 4.0.2 Author: Nuri Çilengir Vendor Homepage: https://glpi-project.org/ Software Link:...
GLPI 10.0.2 SQL Injection / Remote Code Execution
ADVISORY INFORMATION Exploit Title: GLPI v10.0.2 - SQL Injection Authentication Depends on Configuration Date of found: 11 Jun 2022 Application: GLPI =10.0.0, 10.0.3 Author: Nuri Çilengir Vendor Homepage: https://glpi-project.org/ Software Link: https://github.com/glpi-project/glpi Advisory:...
TP-Link TL-WR902AC Remote Code Execution
!/usr/bin/python3 Exploit Title: TP-Link TL-WR902AC firmware 210730 V3 - Remote Code Execution RCE Authenticated Exploit Author: Tobias Müller Date: 2022-12-01 Version: TL-WR902ACEUV30.9.1 Build 220329 Vendor Homepage: https://www.tp-link.com/ Tested On: TP-Link TL-WR902AC Vulnerability...
Grand Theft Auto III Vice City Skin File 1.1 Buffer Overflow
Exploit Title: Grand Theft Auto III/Vice City Skin File v1.1 - Buffer Overflow Exploit Date: 22.01.2023 Discovered and Written by: Knursoft Vendor Homepage: https://www.rockstargames.com/ Version: v1.1 Tested on: Windows XP SP2/SP3, 7, 10 21H2 CVE : N/A 1 - Run this python script to generate...
Yahoo User Interface TreeView 2.8.2 Cross Site Scripting
Exploit Title: Yahoo User Interface library YUI2 TreeView v2.8.2 - Multiple Reflected Cross Site Scripting XSS Google Dork: N/A Date: 2/1/2023 Exploit Author: Rian Saaty Vendor Homepage: https://yui.github.io/yui2/ Software Link: https://yui.github.io/yui2/ Version: 2.8.2 Tested on: MacOS,...
Roxy WI 6.1.1.0 Remote Code Execution
ADVISORY INFORMATION Exploit Title: Roxy WI v6.1.1.0 - Unauthenticated Remote Code Execution RCE via sslcert Upload Date of found: 21 July 2022 Application: Roxy WI .oastify.com;...
Splashtop 8.71.12001.0 Unquoted Service Path
Exploit Title: Splashtop 8.71.12001.0 - Unquoted Service Path Date: 12/20/2022 Exploit Author: A.I. hernandez Version: 8.71.12001.0 Vendor Homepage: https://www.splashtop.com Version: current version Tested on: Windows 10 21H2 Step to discover Unquoted Service Path: C:\wmic service get...
GLPI Glpiinventory 1.0.1 Local File Inclusion
ADVISORY INFORMATION Exploit Title: GLPI Glpiinventory v1.0.1 - Unauthenticated Local File Inclusion Date of found: 11 Jun 2022 Application: GLPI Glpiinventory = 1.0.1 Author: Nuri Çilengir Vendor Homepage: https://glpi-project.org/ Software Link:...
AimOne Video Converter 2.04 Build 103 Buffer Overflow / Denial Of Service
Title: AimOne Video Converter V2.04 Build 103 - Buffer Overflow DoS Author: nu11secur1ty Date: 01.05.2023 Vendor: https://aimone-video-converter.software.informer.com/, http://www.aimonesoft.com/ Software: https://aimone-video-converter.software.informer.com/download/?ca85d0 Reference: Descriptio...
WordPress Paid Memberships Pro 2.9.8 SQL Injection
!/usr/bin/env python Exploit Title: Paid Memberships Pro v2.9.8 WordPress Plugin - Unauthenticated SQL Injection Exploit Author: r3nt0n CVE: CVE-2023-23488 Date: 2023/01/24 Vulnerability discovered by Joshua Martinelle Vendor Homepage: https://www.paidmembershipspro.com Software Link:...
ELSI Smart Floor 3.3.3 Cross Site Scripting
Exploit Title: ELSI Smart Floor V3.3.3 - Stored Cross-Site Scripting XSS Date: 12/09/2022 Exploit Author: Rob, CTRL Group Vendor Homepage: marigroup.com Version: V3.3.3 and under Tested on: Windows IIS all versions CVE : CVE-2022-35543 “Stored Cross-Site Scripting” Vulnerability within the Elsi...
Nacos 2.0.3 Access Control
Exploit Title: Nacos 2.0.3 - Access Control vulnerability Date: 2023-01-17 Exploit Author: Jenson Zhao Vendor Homepage: https://nacos.io/ Software Link: https://github.com/alibaba/nacos/releases/ Version: Up to including2.0.3 Tested on: Windows 10 CVE : CVE-2021-43116 Required before execution: p...
Reprise Software RLM 14.2BL4 Cross Site Scripting
Exploit Title: Reprise Software RLM v14.2BL4 - Cross-Site Scripting XSS Exploit Author: Mohammed A.Siledar Author Company : reprisesoftware Version: rlm.v14.2BL4 Vendor home page : https://reprisesoftware.com Software Link:...
SQL Monitor 12.1.31.893 Cross Site Scripting
Exploit Title: SQL Monitor 12.1.31.893 - Cross-Site Scripting XSS Date: 12/21/2022 02:07:23 AM UTC Exploit Author: [email protected] Vendor Homepage: https://www.red-gate.com/ Software Link: https://www.red-gate.com/products/dba/sql-monitor/ Version: SQL Monitor 12.1.31.893 Tested on: Window...
ManageEngine Access Manager Plus 4.3.0 Path Traversal
Exploit Title: ManageEngine Access Manager Plus 4.3.0 - File-path-traversal Author: nu11secur1ty Date: 11.22.2023 Vendor: https://www.manageengine.com/ Software: https://www.manageengine.com/privileged-session-management/download.html Reference:...
Chromacam 4.0.3.0 Unquoted Service Path
Exploit Title: Chromacam 4.0.3.0 - PsyFrameGrabberService Unquoted Service Path Exploit Author: Laguin Benjamin MONK-MODE Discovery Date: 2023-19-01 Vendor Homepage: https://personifyinc.com/ Software Link: https://personifyinc.com/download/chromacam Tested Version: Chromacam-4.0.3.0 Vulnerabilit...
Art Gallery Management System Project 1.0 Cross Site Scripting
Exploit Title: Art Gallery Management System Project v1.0 - Reflected Cross-Site Scripting XSS Date: 20/01/2023 Exploit Author: Rahul Patwari Vendor Homepage: https://phpgurukul.com/ Software Link: https://phpgurukul.com/projects/Art-Gallery-MS-PHP.zip Version: 1.0 Tested on: XAMPP / Windows 10 C...
GLPI Cartography Shell Upload
Exploit Title: GLPI Cartography Plugin v6.0.0 - Unauthenticated Remote Code Execution RCE Date of found: 11 Jun 2022 Application: GLPI Cartography...
Roxy WI 6.1.0.0 Remote Code Execution
ADVISORY INFORMATION Exploit Title: Roxy WI v6.1.0.0 - Unauthenticated Remote Code Execution RCE Date of found: 21 July 2022 Application: Roxy WI = v6.1.0.0 Author: Nuri Çilengir Vendor Homepage: https://roxy-wi.org Software Link: https://github.com/hap-wi/roxy-wi.git Advisory:...
Microsoft Exchange Active Directory Topology 15.02.1118.007 Unquoted Service Path
Exploit Title: Microsoft Exchange Active Directory Topology 15.02.1118.007 - 'Service MSExchangeADTopology' Unquoted Service Path Exploit Author: Milad Karimi Ex3ptionaL Exploit Date: 2023-01-18 Vendor : Microsoft Version : 15.02.1118.007 Tested on OS: Microsoft Exchange Server 2019 CU12 PoC :...
Online Pizza Ordering 1.0 Shell Upload
Title: Online-Pizza-Ordering-1.0 File-Inclusion-RCE Author: nu11secur1ty Date: 03.30.2023 Vendor: https://github.com/oretnom23 Software: https://www.sourcecodester.com/php/16166/online-pizza-ordering-system-php-free-source-code.html Reference: https://portswigger.net/web-security/file-upload...
MyBB 1.8.32 Remote Code Execution
Exploit Title: MyBB 1.8.32 - Chained LFI Remote Code Execution RCE Authenticated Date: 2023-01-19 Exploit Author: lUc1f3r11 https://github.com/FDlucifer Vendor Homepage: https://mybb.com/ Software Link: https://github.com/mybb/mybb/releases/tag/mybb1832 Version: MyBB 1.8.32 Tested on: Linux CVE :...
HotKey Clipboard 2.1.0.6 Unquoted Service Path
Exploit Title: HotKey Clipboard 2.1.0.6 - Privilege Escalation Unquoted Service Path Date: 2023/01/17 Exploit Author : Wim Jaap van Vliet Vendor Homepage: www.clevo.com.tw Software Link: https://enstrong.blob.core.windows.net/en-driver/PDXXPNX1/Others/CC301006.zip Version: 2.1.0.6 Tested on:...
ChatGPT Cross Site Scripting
Exploit Title: ChatGPT OpenAI - Cross-Site Scripting XSS Vulnerability. Date: 25/03/2023 Vendor Homepage: https://openai.com/ Exploit Author: Miguel Segovia Software Link: https://chat.openai.com/chat CVE : Requested N/A Description: A reflected Cross-Site Scripting XSS vulnerability has been...
GeoVision Camera GV-ADR2701 Authentication Bypass
Exploit Title: GeoVision Camera GV-ADR2701 - Authentication Bypass Device name: GV-ADR2701 Date: 26 December , 2020 Exploit Author: Chan Nyein Wai Vendor Homepage: https://www.geovision.com.tw/ Software Link: https://www.geovision.com.tw/download/product/ Firmware Version: V1.0020171215 Tested on...
XCMS 1.83 Remote Command Execution
Exploit Title: XCMS v1.83 - Remote Command Execution RCE Author: Onurcan Email: [email protected] Site: ihteam.net Script Download : http://www.xcms.it Date: 26/12/2022 The xcms's footerthat is in "/dati/generali/footer.dtb" is included in each page of the xcms. Taking "home.php" for example...
Art Gallery Management System Project 1.0 SQL Injection
Exploit Title: Art Gallery Management System Project v1.0 - SQL Injection sqli Unauthenticated Date: 20/01/2023 Exploit Author: Rahul Patwari Vendor Homepage: https://phpgurukul.com/ Software Link: https://phpgurukul.com/projects/Art-Gallery-MS-PHP.zip Version: 1.0 Tested on: XAMPP / Windows 10 C...
sudo 1.9.12p1 Privilege Escalation
!/usr/bin/env bash Exploit Title: sudo 1.8.0 to 1.9.12p1 - Privilege Escalation Exploit Author: n3m1.sys CVE: CVE-2023-22809 Date: 2023/01/21 Vendor Homepage: https://www.sudo.ws/ Software Link: https://www.sudo.ws/dist/sudo-1.9.12p1.tar.gz Version: 1.8.0 to 1.9.12p1 Tested on: Ubuntu Server 22.0...
AD Manager Plus 7122 Remote Code Execution
Exploit Title: AD Manager Plus 7122 - Remote Code Execution RCE Exploit Author: Chan Nyein Wai & Thura Moe Myint Vendor Homepage: https://www.manageengine.com/products/ad-manager/ Software Link: https://www.manageengine.com/products/ad-manager/download.html Version: Ad Manager Plus Before 7122...
GitLab 15.3 Remote Code Execution
Exploit Title: GitLab v15.3 - Remote Code Execution RCE Authenticated Date: 2022-12-25 Exploit Author: Antonio Francesco Sardella Vendor Homepage: https://about.gitlab.com/ Software Link: https://about.gitlab.com/install/ Version: GitLab CE/EE, all versions from 11.3.4 prior to 15.1.5, 15.2 to...
perfSONAR 4.4.5 Cross Site Request Forgery
Exploit Title: perfSONAR v4.4.5 - Partial Blind CSRF Link: https://github.com/perfsonar/ Affected Versions: v4.x = v4.4.5 Vulnerability Type: Partial Blind CSRF Discovered by: Ryan Moore CVE: CVE-2022-41413 Summary A partial blind CSRF vulnerability exists in perfSONAR v4.x = v4.4.5 within the...