50738 matches found
BrainyCP 1.0 Remote Code Execution
Exploit Title: BrainyCP V1.0 - Remote Code Execution Date: 2023-04-03 Exploit Author: Ahmet Ümit BAYRAM Vendor Homepage: https://brainycp.io Demo: https://demo.brainycp.io Tested on: Kali Linux CVE : N/A import requests credentials url = input"URL: " username = input"Username: " password =...
Restaurant Management System 1.0 SQL Injection
Exploit Title: Restaurant Management System 1.0 - SQL Injection Date: 2023-03-20 Exploit Author: calfcrusher [email protected] Vendor Homepage: https://www.sourcecodester.com/users/lewa Software Link: https://www.sourcecodester.com/php/11815/restaurant-management-system.html Version: 1.0...
Palo Alto Cortex XSOAR 6.5.0 Cross Site Scripting
Exploit Title: Palo Alto Cortex XSOAR 6.5.0 - Stored Cross-Site Scripting XSS Exploit Author: omurugur Vendor Homepage: https://security.paloaltonetworks.com/CVE-2022-0020 Version: 6.5.0 - 6.2.0 - 6.1.0 Tested on: relevant os CVE : CVE-2022-0020 Author Web: https://www.justsecnow.com Author Socia...
Medicine Tracker System 1.0 SQL Injection
Exploit Title: Medicine Tracker System v1.0 - Sql Injection Exploit Author: Sanjay Singh Vendor Homepage: https://www.sourcecodester.com Software Link: https://www.sourcecodester.com/sites/default/files/download/oretnom23/php-mts0.zip Version: V1.0.0 Tested on: Windows/Linux Proof of Concept: 1-...
FortiRecorder 6.4.3 Denial Of Service
Exploit Title: FortiRecorder 6.4.3 - Denial of Service Google Dork: N/A Date: 13/03/2023 Exploit Author: Mohammed Adel Vendor Homepage: https://www.fortinet.com/ Software Link: https://www.fortinet.com/products/network-based-video-security/forticam-fortirecorder Version: 6.4.3 and below && 6.0.11...
dotclear 2.25.3 Shell Upload
Exploit Title: dotclear 2.25.3 - Remote Code Execution RCE Authenticated Application: dotclear Version: 2.25.3 Bugs: Remote Code Execution RCE Authenticated via file upload Technology: PHP Vendor URL: https://dotclear.org/ Software Link: https://dotclear.org/download Date of found: 08.04.2023...
Schneider Electric 1.0 Insecure Direct Object Reference
Exploit Title: Schneider Electric v1.0 - Directory traversal & Broken Authentication Google Dork: inurl:/scada-vis Date: 3/11/2023 Exploit Author: parsa rezaie khiabanloo Vendor Homepage: https://www.se.com/ Version: all-versions Tested on: Windows/Linux/Android Attacker can using these dorks and...
Paradox Security Systems IPR512 Denial Of Service
!/bin/bash Exploit Title: Paradox Security Systems IPR512 - Denial Of Service Google Dork: intitle:"ipr512 - login screen" Date: 09-APR-2023 Exploit Author: Giorgi Dograshvili Vendor Homepage: Paradox - Headquarters https://www.paradox.com/Products/default.asp?PID=423 Version: IPR512 CVE :...
Online Appointment System 1.0 Cross Site Scripting
Exploit Title: Online Appointment System V1.0 - Cross-Site Scripting XSS Date: 25/02/2023 Exploit Author: Sanjay Singh Vendor Homepage: https://www.sourcecodester.com Software Link: https://www.sourcecodester.com/php/14502/online-appointment-system-php-full-source-code-2020.html Tested on: Window...
pfsenseCE 2.6.0 Protection Bypass
!/usr/bin/python3 Exploit Title: pfsenseCE v2.6.0 - Anti-brute force protection bypass Google Dork: intitle:"pfSense - Login" Date: 2023-04-07 Exploit Author: FabDotNET Fabien MAISONNETTE Vendor Homepage: https://www.pfsense.org/ Software Link:...
IBM Aspera Faspex 4.4.1 YAML Deserialization
Exploit Title: IBM Aspera Faspex 4.4.1 - YAML deserialization RCE Date: 02/02/2023 Exploit Author: Maurice Lambert Vendor Homepage: https://www.ibm.com/ Software Link: https://www.ibm.com/docs/en/aspera-faspex/5.0?topic=welcome-faspex Version: 4.4.1 Tested on: Linux CVE : CVE-2022-47986 """ This...
ENTAB ERP 1.0 Information Disclosure
Exploit Title: ENTAB ERP 1.0 - Username PII leak Date: 17.05.2022 Exploit Author: Deb Prasad Banerjee Vendor Homepage: https://www.entab.in Version: Entab ERP 1.0 Tested on: Windows IIS CVE: CVE-2022-30076 Vulnerability Name: Broken Access control via Rate Limits Description: In the entab softwar...
IBM Instana 243-0 Missing Authentication
Exploit Title: Docker based datastores for IBM Instana 241-2 243-0 - No Authentication Google Dork: if applicable Date: 06 March 2023 Exploit Author: Shahid Parvez zippon Vendor Homepage: https://www.instana.com/trial/ and https://www.ibm.com/docs/en/instana-observability Software Link:...
ZCBS / ZBBS / ZPBS 4.14k Cross Site Scripting
Exploit Title: ZCBS/ZBBS/ZPBS v4.14k - Reflected Cross-Site Scripting XSS Date: 2023-03-30 CVE: CVE-2023-26692 Exploit Author: Abdulaziz Saad @b4zb0z Vendor Homepage: https://www.zcbs.nl Version: 4.14k Tested on: LAMP, Ubuntu Google Dork: inurl:objecten.pl?ident=3D --- Vulnerability : $GET'ident'...
WebsiteBaker 2.13.3 Cross Site Scripting
Exploit Title: WebsiteBaker v2.13.3 - Cross-Site Scripting XSS Application: WebsiteBaker Version: 2.13.3 Bugs: Stored XSS Technology: PHP Vendor URL: https://websitebaker.org/pages/en/home.php Software Link: https://wiki.websitebaker.org/doku.php/en/downloads Date of found: 02.04.2023 Author:...
Goanywhere Encryption Helper 7.1.1 Remote Code Execution
// Exploit Title: Goanywhere Encryption helper 7.1.1 - Remote Code Execution RCE // Google Dork: title:"GoAnywhere" // Date: 3/26/2023 // Exploit Author: Youssef Muhammad // Vendor Homepage: https://www.goanywhere.com/ // Software Link:...
Roxy Fileman 1.4.5 Shell Upload
Exploit Title: Roxy Fileman 1.4.5 For .NET Arbitrary File Upload Date: 09/04/2023 Exploit Author: Zer0FauLT [email protected] Vendor Homepage: roxyfileman.com Software Link: https://web.archive.org/web/20190317053437/http://roxyfileman.com/download.php?f=1.4.5-net Version: = 1.4.5 Tested on:...
HospitalRun 1.0.0-beta macOS Local Root
Exploit Title: HospitalRun 1.0.0-beta - Local Root Exploit for macOS Written by Jean Pereira Date: 2023/03/04 Vendor Homepage: https://hospitalrun.io Software Link: https://github.com/HospitalRun/hospitalrun-frontend/releases/download/1.0.0-beta/HospitalRun.dmg Version: 1.0.0-beta Tested on: macO...
BTCPay Server 1.7.4 HTML Injection
Exploit Title: BTCPay Server v1.7.4 - HTML Injection Date: 01/26/2023 Exploit Author: Manojkumar J TheWhiteEvil Vendor Homepage: https://github.com/btcpayserver/btcpayserver Software Link: https://github.com/btcpayserver/btcpayserver/releases/tag/v1.7.5 Version: clickhere 3. Click remove/delete A...
Auto Dealer Management System 1.0 Broken Access Control
Exploit Title: Auto Dealer Management System 1.0 - Broken Access Control Exploit It leads to compromise of all application accounts by accessing the ?page=user/list with low privileged user account Date: 18 February 2023 CVE Assigned: CVE-2023-0916 mitre.org nvd.nist.org Author: Muhammad Navaid...
Answerdev 1.0.3 Account Takeover
Exploit Title: Answerdev 1.0.3 - Account Takeover Date: Reported on Jan 24th 2023 Exploit Author: Eduardo Pérez-Malumbres Cervera @blueudp Vendor Homepage: https://answer.dev/ Software Link: https://github.com/answerdev/answer Version: 1.0.3 Tested on: Ubuntu 22.04 / Debian 11 CVE : CVE-2023-0744...
Titan FTP Path Traversal
Titan FTP Server Path Traversal Vulnerability in move-file Function Version: 2.0.1.2102 CVE-2023-22629 CWE-24: Path Traversal TitanFTP Server is vulnerable to a path traversal attack in the move-file function. An attacker can exploit this vulnerability by providing a specially crafted newPath...
Control Web Panel 7 (CWP7) 0.9.8.1147 Remote Code Execution
// Exploit Title: Control Web Panel 7 CWP7 v0.9.8.1147 - Remote Code Execution RCE // Date: 2023-02-02 // Exploit Author: Mayank Deshmukh // Vendor Homepage: https://centos-webpanel.com/ // Affected Versions: version 0.9.8.1147 // Tested on: Kali Linux // CVE : CVE-2022-44877 // Github POC:...
itech TrainSmart r1044 SQL Injection
Exploit Title: itech TrainSmart r1044 - SQL injection Date: 03.02.2023 Exploit Author: Adrian Bondocea Software Link: https://sourceforge.net/p/trainsmart/code/HEAD/tree/code/ Version: TrainSmart r1044 Tested on: Linux CVE : CVE-2021-36520 SQL injection vulnerability in itech TrainSmart r1044...
Intern Record System 1.0 SQL Injection
Exploit Title: Intern Record System v1.0 - SQL Injection Unauthenticated Date: 2022-06-09 Exploit Author: Hamdi Sevben Vendor Homepage: https://code-projects.org/intern-record-system-in-php-with-source-code/ Software Link:...
Froxlor 2.0.3 Stable Remote Code Execution
!/usr/bin/python3 Exploit Title: Froxlor 2.0.3 Stable - Remote Code Execution RCE Date: 2023-01-08 Exploit Author: Askar @mohammadaskar2 CVE: CVE-2023-0315 Vendor Homepage: https://froxlor.org/ Version: v2.0.3 Tested on: Ubuntu 20.04 / PHP 8.2 import telnetlib import requests import socket import...
EasyNas 1.1.0 Command Injection
Exploit Title: EasyNas 1.1.0 - OS Command Injection Date: 2023-02-9 Exploit Author: Ivan Spiridonov [email protected] Author Blog: https://xbz0n.medium.com Version: 1.0.0 Vendor home page : https://www.easynas.org Authentication Required: Yes CVE : CVE-2023-0830 !/usr/bin/python3 import...
Microsoft Excel Spoofing
Title: Microsoft Excel Spoofing Vulnerability Author: nu11secur1ty Date: 04.06.2023 Vendor: https://www.microsoft.com/ Software: https://www.microsoft.com/en-us/microsoft-365/excel Reference: https://www.rapid7.com/fundamentals/spoofing-attacks/ CVE-2023-23398 Description: The attack itself is...
BulletProof FTP Server 2019.0.0.51 Denial Of Service
Exploit Title: BulletProof FTP Server 2019.0.0.51 - Denial of Service Discovery by: Yehia Elghaly - Mrvar0x Discovery Date: 2023-03-31 Vendor Homepage: https://barcodemagic.com/ Software Link: http://bpftpserver.com/products/bpftpserver/windows/download Tested Version: 2019.0.0.51 Tested on:...
Cisco / Dell / Netgear Information Disclosure / Hash Decrypter
Exploit Title: Dell EMC Networking PC5500 firmware versions 4.1.0.22 and Cisco Sx / SMB - Information Disclosure DSA-2020-042: Dell Networking Security Update for an Information Disclosure Vulnerability | Dell US...
WIMAX SWC-5100W Remote Command Execution
Exploit Title: WIMAX SWC-5100W Firmware V1.11.0.1 :1.9.9.4 - Authenticated RCE Vulnerability Name: Ballin' Mada Date: 4/3/2023 Exploit Author: Momen Eldawakhly Cyber Guy Vendor Homepage: http://www.seowonintech.co.kr/eng/main Version: Bootloader1.18.19.0 , HW 0.0.7.0, FW1.11.0.1 : 1.9.9.4 Tested...
flatnux 2021-03.25 Remote Code Execution
Exploit Title: flatnux-2021-03.25 - Remote Code Execution Authenticated Exploit Author: Ömer Hasan Durmuş Vendor Homepage: https://en.altervista.org Software Link: http://flatnux.altervista.org/flatnux.html Version: 2021-03.25 Tested on: Windows/Linux POST...
pdfkit 0.8.7.2 Command Injection
!/usr/bin/env python3 Exploit Title: pdfkit v0.8.7.2 - Command Injection Date: 02/23/2023 Exploit Author: UNICORD NicPWNs & Dev-Yeoj Vendor Homepage: https://pdfkit.org/ Software Link: https://github.com/pdfkit/pdfkit Version: 0.0.0-0.8.7.2 Tested on: pdfkit 0.8.6 CVE: CVE-2022–25765 Source:...
Universal Media Server 13.2.1 Cross Site Scripting
Exploit Title: Universal Media Server 13.2.1 Cross Site Scripting Google Dork: NA Date: 01/04/2023 Exploit Author: Yehia Elghaly - Mrvar0x Vendor Homepage: https://www.universalmediaserver.com/ Software Link: https://www.universalmediaserver.com/download/ Version: 13.2.1 Tested on: Windows 7 / 10...
modoboa 2.0.4 Admin Takeover
/ Exploit Title: modoboa 2.0.4 - Admin TakeOver Description: Authentication Bypass by Primary Weakness Date: 02/10/2023 Software Link: https://github.com/modoboa/modoboa Version: modoboa/modoboa prior to 2.0.4 Tested on: Arch Linux Exploit Author: 7h3h4ckv157 CVE: CVE-2023-0777 / package main...
LDAP Tool Box Self Service Password 1.5.2 Account Takeover
Exploit Title: LDAP Tool Box Self Service Password v1.5.2 - Account takeover Date: 02/17/2023 Exploit Author: Tahar BENNACEF aka tar.gz Software Link: https://github.com/ltb-project/self-service-password Version: 1.5.2 Tested on: Ubuntu Self Service Password is a PHP application that allows users...
Simple Task Managing System 1.0 SQL Injection
Exploit Title: Simple Task Managing System v1.0 - SQL Injection Unauthenticated Date: 2022-01-09 Exploit Author: Hamdi Sevben Vendor Homepage: https://www.sourcecodester.com/php/15624/simple-task-managing-system-php-mysqli-free-source-code.html Software Link:...
ERPNext 12.29 Cross Site Scripting
Exploit Title: ERPNext 12.29 - Cross-Site Scripting XSS Date: 7 Feb 2023 Exploit Author: Patrick Dean Ramos / Nathu Nandwani / Junnair Manla Github - https://github.com/patrickdeanramos/CVE-2022-28598 Vendor Homepage: https://erpnext.com/ Version: 12.29 CVE-2022-28598 Summary: Stored cross-site...
bgERP 22.31 Cross Site Scripting
Title: bgERP v22.31 Orlovets - Cookie Session vulnerability & Cross-Site Scripting XSS Author: nu11secur1ty Date: 01.31.2023 Vendor: https://bgerp.com/Bg/Za-sistemata Software: https://github.com/bgerp/bgerp/releases/tag/v22.31 Reference:...
FileZilla Client 3.63.1 DLL Hijacking
--------------------------------------------------------- Title: FileZilla Client 3.63.1 - 'TextShaping.dl' DLL Hijacking Date: 2023-02-14 Author: Bilal Qureshi Vendor: https://filezilla-project.org/ Version: 3.63.1 Tested on: Windows 10 Pro 64-bit 10.0, Build 19044...
Unified Remote 3.13.0 Remote Code Execution
Exploit Title: Unified Remote 3.13.0 - Remote Code Execution RCE Google Dork: NA Date: 03/03/2023 Exploit Author: H4rk3nz0 Vendor Homepage: https://www.unifiedremote.com/ Software Link: https://www.unifiedremote.com/download/windows Version: 3.13.0 Current Tested on: Windows CVE : NA Due to the u...
Provide Server 14.4 XSS / Cross Site Request Forgery / Code Execution
Provide Server v. 14.4 CVE-2023-23286 Vulnerabilities: CWE-79: Improper Neutralization of Input During Web Page Generation Unauthenticated stored XSS in server-log delivered via username field from login-form CWE-352: Cross-Site Request Forgery CSRF-token exposed in javascript, making it possible...
GNU screen 4.9.0 Privilege Escalation
Exploit Title: GNU screen v4.9.0 - Privilege Escalation Date: 03.02.2023 Exploit Author: Manuel Andreas Vendor Homepage: https://www.gnu.org/software/screen/ Software Link: https://ftp.gnu.org/gnu/screen/screen-4.9.0.tar.gz Version: 4.9.0 Tested on: Arch Linux CVE : CVE-2023-24626 import os impor...
Binwalk 2.3.2 Remote Command Execution
Exploit Title: Binwalk v2.3.2 - Remote Command Execution RCE Exploit Author: Etienne Lacoche CVE-ID: CVE-2022-4510 import os import inspect import argparse print"" print"" print"------------------CVE-2022-4510----------------" print"" print"--------Binwalk Remote Command Execution--------"...
Mitel MiCollab AWV 8.1.2.4 / 9.1.3 Directory Traversal / LFI
Exploit Title: Mitel MiCollab AWV 8.1.2.4 and 9.1.3 - Directory Traversal and LFI Date: 2022-10-14 Fix Date: 2020-05 Exploit Author: Kahvi-0 Github: https://github.com/Kahvi-0 Vendor Homepage: https://www.mitel.com/ Vendor Security Advisory:...
Apache Tomcat 10.1 Denial Of Service
Exploit Title: Apache Tomcat 10.1 - Denial Of Service Google Dork: N/A Date: 13/07/2022 Exploit Author: Cristian 'void' Giustini Vendor Homepage: https://tomcat.apache.org/ Software Link: https://tomcat.apache.org/download-10.cgi Version: = 10.1 Tested on: Apache Tomcat 10.0 Docker CVE :...
POLR URL 2.3.0 Shortener Admin Takeover
Exploit Title: POLR URL 2.3.0 - Shortener Admin Takeover Date: 2021-02-01 Exploit Author: p4kl0nc4t Vendor Homepage: - Software Link: https://github.com/cydrobolt/polr Version: 2.3.0 Tested on: Linux CVE : CVE-2021-21276 import json import requests payload = 'acctusername': 'admin', 'acctpassword...
Responsive FileManager 9.9.5 Remote Shell Upload
Exploit Title: Responsive FileManager 9.9.5 - Remote Code Execution RCE Date: 02-Feb-2023 Exploit Author: Galoget Latorre @galoget Vendor Homepage: https://responsivefilemanager.com Software Link: https://github.com/trippo/ResponsiveFilemanager/releases/download/v9.9.5/responsivefilemanager.zip...
Dompdf 1.2.1 Remote Code Execution
!/usr/bin/python3 Exploit Title: Dompdf 1.2.1 - Remote Code Execution RCE Date: 16 February 2023 Exploit Author: Ravindu Wickramasinghe @rvizx9 Vendor Homepage: https://dompdf.github.io/ Software Link: https://github.com/dompdf/dompdf Version: 1.2.1 Tested on: Kali linux CVE : CVE-2022-28368 Gith...
PostgreSQL 9.6.1 Remote Code Execution
Exploit Title: PostgreSQL 9.6.1 - Remote Code Execution RCE Authenticated Date: 2023-02-01 Exploit Author: Paulo Trindade @paulotrindadec, Bruno Stabelini @Bruno Stabelini, Diego Farias @fulcrum and Weslley Shaimon Github: https://github.com/paulotrindadec/CVE-2019-9193 Version: PostgreSQL 9.6.1 ...