eCart Web 5.0.0 Cross Site Scripting

┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...

Deprixa Pro 7.5 Insecure Settings

==================================================================================================================================== | Title : DEPRIXA Pro V7.5 Insecure Settings Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 103.064-bit ...

Flex 5.22 Insecure Settings

==================================================================================================================================== | Title : Flex Version: 5.22 Insecure Settings Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 103.064-bi...

2ad Guestbook 2.0 Database Disclosure

==================================================================================================================================== | Title : 2ad guestbook version 2.0 Database Disclosure Exploit | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox...

ChiKoi 1.0 SQL Injection

Title: ChiKoi-1.0 SQLi Author: nu11secur1ty Date: 01.12.2023 Vendor: https://chikoiquan.tanhongit.com/ Software: https://github.com/tanhongit/new-mvc-shop/releases/tag/v1.0 Reference: https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/tanhongit/2023/ChiKoi Description: The...

eCart Multi Vendor eCommerce System 1.x Insecure Settings

==================================================================================================================================== | Title : eCart – Multi Vendor eCommerce System 1.x Insecure Settings Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser :...

eCart Web 4.0.0 Insecure Settings

==================================================================================================================================== | Title : eCart Web v4.0.0- Multi Vendor eCommerce Marketplace Insecure Settings Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro /...

Concepts Informatics CMS 7 SQL Injection

==================================================================================================================================== | Title : Concepts Informatics cms v 7 Sql injection Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox...

CMS Global-PC Technology 1.0 Insecure Settings

==================================================================================================================================== | Title : CMS Global-PC Technology v 1.0 Insecure Settings Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefo...

WordPress Royal Elementor 1.3.59 XSS / CSRF / Insufficient Access Controls

On December 23, 2022, the Wordfence Threat Intelligence team initiated the responsible disclosure process for a set of 11 vulnerabilities in Royal Elementor Addons, a WordPress plugin with over 100,000 installations. The plugin developers responded on December 26, and we sent over the full...

Tiki Wiki CMS Groupware 25.0 Cross Site Scripting

┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...

Online Food Ordering System 2.0 Cross Site Scripting

Exploit Title: Online Food Ordering System v2 - Stored Cross Site Scripting XSS Date: 01/11/2023 Exploit Author: Alaeddin Berksoy Vendor Homepage: https://www.sourcecodester.com/php/16022/online-food-ordering-system-v2-using-php8-and-mysql-free-source-code.html Software Link:...

Medisense-Healthcare Solutions CRM 2.0 Cross Site Request Forgery

==================================================================================================================================== | Title : Medisense-Healthcare Solutions CRM v2.0 CSRF Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox...

ERPGo SaaS CRM 3.3 Arbitrary File Upload

==================================================================================================================================== | Title : ERPGo SaaS CRM v3.3 Arbitrary File Upload Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox...

BDWeb-Link LMS 1.11.5 Insecure Direct Object Reference

==================================================================================================================================== | Title : BDWeb-Link Lms v1.11.5 Unauthorized administrative access Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozil...

Tiki Wiki CMS Groupware 25.0 Cross Site Request Forgery

------------------------------------------------------------------------------ Tiki Wiki CMS Groupware = 25.0 Two Cross-Site Request Forgery Vulnerabilities ------------------------------------------------------------------------------ - Software Link: https://tiki.org - Affected Versions: Versio...

Dcastalia CMS 1.2 Insecure Direct Object Reference

==================================================================================================================================== | Title : Dcastalia CMS v1.2 Unauthorized administrative access Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla...

Tiki Wiki CMS Groupware 24.0 structlib.php Code Execution

-------------------------------------------------------------------------------- Tiki Wiki CMS Groupware = 24.0 structlib.php PHP Code Injection Vulnerability -------------------------------------------------------------------------------- - Software Link: https://tiki.org - Affected Versions:...

ADMINA BULGARIA Ltd 1.0 SQL Injection

==================================================================================================================================== | Title : ADMINA BULGARIA Ltd v 1.0 SQL Injection Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox...

WordPress Mega Main Menu 2.2.2 Information Disclosure

==================================================================================================================================== | Title : WordPress Menu Plugin - Mega Main Menu v2.2.2 unauthorized backup download Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro ...

AdminSeg 2.15 Insecure Direct Object Reference

==================================================================================================================================== | Title : AdminSeg v2.15 Unauthorized administrative access Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firef...

Online Food Ordering System 2.0 Shell Upload

Exploit Title: Online Food Ordering System v2 - Remote Code Execution RCE Unauthenticated Date: 01/10/2023 Exploit Author: Hakan Sonay Vendor Homepage: https://www.sourcecodester.com/php/16022/online-food-ordering-system-v2-using-php8-and-mysql-free-source-code.html Software Link:...

Corpatech CMS 2 SQL Injection

==================================================================================================================================== | Title : Corpatech cms v2 SQL Injection Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 108.032-bit | |...

Online Food Ordering System 2.0 SQL Injection

Exploit Title: Online Food Ordering System v2 - Sql Injection Time-Based Blind Date: 01/10/2023 Exploit Author: Anıl Kızıltan Vendor Homepage: https://www.sourcecodester.com/php/16022/online-food-ordering-system-v2-using-php8-and-mysql-free-source-code.html Software Link:...

Tiki Wiki CMS Groupware 24.0 grid.php PHP Object Injection

----------------------------------------------------------------------------- Tiki Wiki CMS Groupware const popChain = 'O:25:"SearchElasticConnection":1:S:31:"\0...

Deprixa Pro CMS 3.2.5 Insecure Settings

==================================================================================================================================== | Title : Deprixa Pro CMS 3.2.5 Insecure Settings Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox...

Tiki Wiki CMS Groupware 24.1 tikiimporter_blog_wordpress.php PHP Object Injection

---------------------------------------------------------------------------------------------------- Tiki Wiki CMS Groupware input type="...

WordPress Slider Revolution 4.6.5 Shell Upload

==================================================================================================================================== | Title : WordPress - Slider Revolution 4.6.5 WordPress - Slider Revolution 4.6.5 shell upload 0-day exploit | | Author : indoushka | | Tested on : windows 10...

Eatself 1.1.5 SQL Injection

==================================================================================================================================== | Title : Eatself v1.1.5 Auth By Pass Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 69.032-bit | | Vend...

Excel Net Computer Institute 4.1 SQL Injection

==================================================================================================================================== | Title : Excel Net Computer Institute Version 4.1 SQL injection authentication bypass Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pr...

Control Web Panel 7 Remote Code Execution

Centos Web Panel 7 Unauthenticated Remote Code Execution + Centos Web Panel 7 - 0.9.8.1147 + Affected Component ip:2031/login/index.php?login=$whoami + Discoverer: Numan Türle @ Gais Cyber Security + Vendor: https://centos-webpanel.com/ -...

Linear eMerge E3-Series Access Controller Command Injection

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'rex/stopwatch' class MetasploitModule 'Linear eMerge E3-Series Access Controller Command Injection', 'Description' = %q This module exploits a command injection...

Oracle Database Vault Metadata Exposure

Title: CVE-2021-2175 – Oracle Database Vault Metadata Exposure Vulnerability Product: Database Manufacturer: Oracle Affected Versions: 12.1.0.2, 12.2.0.1, 18c, 19c Tested Versions: 19c Risk Level: low Solution Status: Fixed CVE Reference: CVE-2021-2175 Author of Advisory: Emad Al-Mousa Overview:...

Nexxt Router Firmware 42.103.1.5095 Remote Code Execution

Exploit Title: Nexxt Router Firmware 42.103.1.5095 - Remote Code Execution RCE Authenticated Date: 19/10/2022 Exploit Author: Yerodin Richards Vendor Homepage: https://www.nexxtsolutions.com/ Version: 42.103.1.5095 Tested on: ARN02304U8 CVE : CVE-2022-44149 import requests import base64 routerhos...

Oracle DBMS_REDACT Dynamic Data Masking Bypass

Title: ByPassing DBMSREDACT Dynamic Data Masking security feature in Oracle database system Product: Database Manufacturer: Oracle Affected Versions: 19c,21c Tested Versions: 19c,21c CVE Reference: N/A Author of Advisory: Emad Al-Mousa Overview: DBMSREDACT package provides an interface to Oracle...

Oracle Unified Audit Policy Bypass

Title: CVE-2021-35576 – Oracle database system Unified Audit Policy ByPass Product: Database Manufacturer: Oracle Affected Versions: 12.1.0.2, 12.2.0.1, 19c Tested Versions: 19c Risk Level: low Solution Status: Fixed Manufacturer Notification: 2021-03-17 Solution Date: 2021-10-17 Public Disclosur...

SugarCRM Shell Upload

!/usr/bin/env python SugarCRM 0-day Auth Bypass + RCE Exploit Dorks: https://www.google.com/search?q=site:sugarondemand.com&filter=0 https://www.google.com/search?q=intitle:"SugarCRM"+inurl:index.php https://www.shodan.io/search?query=http.title:"SugarCRM"...

BDWeb-Link LMS 1.11.5 SQL Injection

==================================================================================================================================== | Title : BDWeb-Link Lms v1.11.5 SQL Injection Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 108.032-bi...

ProLink PRS1841 Backdoor Account

Exploit Title: Router backdoor - ProLink PRS1841 PLDT Home fiber Exploit Author: Lawrence Amer @zux0x3a Vendor Homepage: https://prolink2u.com/product/prs1841/ Firmware : PRS1841 U V2 reference:...

Hughes Satellite Router Remote File Inclusion Cross Frame Scripting

Hughes Satellite Router Remote File Inclusion Cross-Frame Scripting Vendor: Hughes Network Systems, LLC Product web page: https://www.hughes.com Affected version: HX200 v8.3.1.14 HX90 v6.11.0.5 HX50L v6.10.0.18 HN9460 v8.2.0.48 HN7000S v6.9.0.37 Summary: The HX200 is a high-performance satellite...

Botble 5.28.3 Backdoor Account

==================================================================================================================================== | Title : Botble 5.28.3 Backdoor Account Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 103.064-bit | |...

Student Attendance Management System 1.0 SQL Injection

Title: Student-Attendance-Management-System 1.0 from Erick O. Omundi Multiple-SQLi Author: nu11secur1ty Date: 12.25.2022 Vendor: https://github.com/rickxy Software: https://github.com/rickxy/Student-Attendance-Management-System Reference:...

Active Ecommerce CMS 6.4.0 Backdoor Account

==================================================================================================================================== | Title : Active ecommerce cms v6.4.0 Backdoor Account Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox...

Consultine Consulting Business And Finance Website CMS 1.8 Backdoor Account

======================================================================================================================================================================================= | Title : consultine consulting business and finance website cms v1.8 Backdoor Account Vulnerability | | Author :...

Car Dealer Pro 2.01 Backdoor Account

==================================================================================================================================== | Title : Car Dealer Pro v2.01 Backdoor Account Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox...

Enlightenment 0.25.3 Privilege Escalation

Title: Enlightenment Version: 0.25.3 LPE Author: nu11secur1ty Date: 12.26.2022 Vendor: https://www.enlightenment.org/ Software: https://www.enlightenment.org/download Reference: https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2022-37706 Description: The Enlightenment Version: 0.25.3 is...

Courier Deprixa 2.5 Backdoor Account

==================================================================================================================================== | Title : COURIER DEPRIXA V2.5 Backdoor Account Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox...

WordPress Yith WooCommerce Gift Cards Premium 3.19.0 Shell Upload

Description: Unauthenticated Arbitrary File Upload Affected Plugin: Yith WooCommerce Gift Cards Premium Plugin Slug: yith-woocommerce-gift-cards-premium Affected Versions: = 3.19.0 CVE ID: CVE-2022-45359 CVSS Score: 9.8 Critical CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N...

OpenTSDB 2.4.0 Command Injection

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'OpenTSDB 2.4.0 unauthenticated command injection', 'Description' = %q This module exploits an unauthenticated command injection vulnerability in...

Stock Management System 2022 1.0 From Erick Cesar SQL Injection

Title: Stock-Management-System-2022-1.0-from-Erick-Cesar Multiple SQLi Author: nu11secur1ty Date: 12.22.2022 Vendor: https://github.com/rickxy/Stock-Management-System Software: https://github.com/rickxy/Stock-Management-System Reference:...