50748 matches found
Active eCommerce CMS 6.5.0 Cross Site Scripting
Exploit Title: Active eCommerce CMS 6.5.0 - 'svg' Stored Cross-Site Scripting XSS Date: 19/01/2023 Exploit Author: Sajibe Kanti Vendor Name: ActiveITzone Vendor Homepage: https://activeitzone.com/ Software Link: https://codecanyon.net/item/active-ecommerce-cms/23471405 Version: 6.5.0 Tested on:...
Food Ordering System 2 Shell Upload
Title: Food Ordering System v2 File upload Vulnerability + web-shell upload - RCE Author: nu11secur1ty Date: 01.23.2023 Vendor: https://github.com/oretnom23 Software: https://www.sourcecodester.com/php/16022/online-food-ordering-system-v2-using-php8-and-mysql-free-source-code.html Reference:...
Inout RealEstate 2.1.3 SQL Injection
┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...
NetChess 2.1 Buffer Overflow
Exploit Title: NetChess2.1 Buffer Overflow SEH Date: 8/1/2022 Exploit Author: Ugur Eminli Vendor Homepage: https://sourceforge.net/projects/avmnetchess/ Software Link: https://sourceforge.net/projects/avmnetchess/ Version: 2.1 Tested on: WinXP SP2 Build 2600 !/usr/bin/perl my $file= "exploit.pgn"...
wolfSSL WOLFSSL_CALLBACKS Heap Buffer Over-Read
wolfSSL before 5.5.2: Heap-buffer over-read with WOLFSSLCALLBACKS ==================================================================== INFO ======= The CVE project has assigned the id CVE-2022-42905 to this issue. Severity: 9.1 CRITICAL Affected version: before 5.5.2 End of embargo: Ended October...
Inout Multi-Vendor Shopping Cart 3.2.3 Cross Site Scripting
┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...
ASKEY RTF3505VW-N1 Privilege Escalation
Exploit Title: ASKEY RTF3505VW-N1 - Privilege escalation Date: 07-12-2022 Exploit Author: Leonardo Nicolas Servalli Vendor Homepage: www.askey.com Platform: ASKEY router devices RTF3505VW-N1 Tested on: Firmware BRSVg000R3505VMN1001s327 Vulnerability analysis:...
Solaris 10 dtprintinfo / libXm / libXpm Security Issues
-- HNS-2022-01 - HN Security Advisory - https://security.humanativaspa.it/ Title: Multiple vulnerabilities in Solaris dtprintinfo and libXm/libXpm Products: Common Desktop Environment 1.6, Motif 2.1, X.Org libXpm Date: 2023-01-18 Oracle vulnerability tracking numbers: S1597707 - Arbitrary printer...
Inout Multi-Vendor Shopping Cart 3.2.3 SQL Injection
┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...
OpenText Extended ECM 22.3 File Deletion / LFI / Privilege Escsalation
SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple post-authentication vulnerabilities including RCE product: OpenText™ Content Server component of OpenText™ Extended ECM vulnerable version: 16.2.2 - 22.3 fixed...
Patient Record Management System 1.0 Authentication Bypass
Exploit Title: Patient Record Management System v1.0 - Authentication Bypass via PHP Loose Comparison Exploit Author: Joe Pollock Date: January 19, 2023 Vendor Homepage: https://www.sourcecodester.com/php/13505/patient-record-management-system.html Software Link:...
SLIMS 9.5.2 Cross Site Scripting
Title: SLIMS-9.5.2 - XSS Reflected - Account Exploit Development: nu11secur1ty Date: 01.19.2023 Vendor: https://slims.web.id/web/ Software: https://github.com/slims/slims9bulian/releases/tag/v9.5.2 Reference:...
PHP Hazir Haber Sitesi Scripti 3 SQL Injection
┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...
Jettweb Ready Rent A Car Script 4 Cross Site Scripting
┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...
Active Matrimonial CMS 3.6 SQL Injection
┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...
WordPress WPtouch 3.7.5 Open Redirection
==================================================================================================================================== | Title : WordPress - WPtouch 3.7.5 Open Redirect Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox...
Ivanti Cloud Services Appliance (CSA) Command Injection
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Ivanti Cloud Services Appliance CSA Command Injection', 'Description' = %q This module exploits a command injection vulnerability in the Ivanti...
Zstore 6.5.4 Cross Site Scripting
Title: zstore-6.5.4 - XSS-Reflected Development: nu11secur1ty Date: 01.18.2023 Vendor: https://zippy.com.ua/ Software: https://github.com/leon-mbs/zstore/releases/tag/6.5.4 Reproduce: https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/zippy/zstore-6.5.4 Description: The value of...
KesionCMS X 1.5 Add Administrator
==================================================================================================================================== | Title : KesionCMS X1.5 Reinstall Add Admin Exploit | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 105.0.32-bit | |...
Yazilimi Jettweb Haber 3 SQL Injection
==================================================================================================================================== | Title : yazılımı jettweb Haber V3 Auth By Pass Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 68.032-b...
WordPress WPtouch 3.8.2 Open Redirection
==================================================================================================================================== | Title : WordPress -WPtouch 3.8.2 Open Redirect Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 66.064-b...
Chrome JSNativeContextSpecialization::BuildElementAccess Bypass
Chrome: Copy-on-write check bypass in JSNativeContextSpecialization::BuildElementAccess VULNERABILITY DETAILS Copy-on-write is one of V8's internal optimization features that allows multiple JavaScript objects to share the same element store. This feature is primarily used to optimize creation of...
Active eCommerce CMS 6.5.0 SQL Injection
┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...
WordPress WPtouch Pro 3.0.9.1 Open Redirection
==================================================================================================================================== | Title : WordPress -WPtouch Pro 3.0.9.1 Open Redirect Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox...
xcash 1.5 Insecure Settings
==================================================================================================================================== | Title : xcash V1.5 Insecure Settings Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 103.064-bit | |...
WordPress WPtouch 4.3.47 Open Redirection
==================================================================================================================================== | Title : WordPress - WPtouch 4.3.47 Open Redirect Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox...
WordPress WPtouch Pro 3.3.4 Open Redirection
==================================================================================================================================== | Title : WordPress - WPtouch Pro: 3.3.4 Open Redirect Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox...
Active Matrimonial CMS 3.5 Insecure Settings
==================================================================================================================================== | Title : Active Matrimonial CMS v3.5 Insecure Settings Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox...
BootCommerce 3.2.1 Cross Site Scripting
┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...
LISTSERV 17 Cross Site Scripting
Exploit Title: LISTSERV 17 - Reflected Cross Site Scripting XSS Exploit Author: Shaunt D Vendor Homepage: https://www.lsoft.com/ Version: 17 Tested on: Windows Server 2019 CVE : CVE-2022-39195 A reflected cross-site scripting XSS vulnerability in the LISTSERV 17 web interface allows remote...
LISTSERV 17 Insecure Direct Object Reference
Exploit Title: LISTSERV 17 - Insecure Direct Object Reference IDOR Exploit Author: Shaunt D Vendor Homepage: https://www.lsoft.com/ Version: 17 Tested on: Windows Server 2019 CVE : CVE-2022-40319 Steps to replicate 1. Create two accounts on your LISTSERV 17 installation, logging into each one in ...
BootCommerce 3.2.1 SQL Injection
┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...
Yazilimi Jettweb 3 Cross Site Scripting
==================================================================================================================================== | Title : yazılımı jettweb Haber V3 XSS Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 68.032-bit | |...
Citrix Workspace App For Linux 2212 Credential Leak
Citrix Linux client credential leak The Citrix Linux client emits its session credentials when starting a Citrix session. These credentials end up being recorded in the client's system log. Citrix do not consider this to be a security vulnerability. Software affected - Citrix Workspace App for...
Infokart 1.1 SQL Injection
==================================================================================================================================== | Title : Infokart v1.1 Auth By Pass Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 69.032-bit | | Vendo...
Infobool 3.0 SQL Injection
==================================================================================================================================== | Title : Infobool v 3.0 Auth By Pass Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 69.032-bit | | Vend...
Yuvan Education CRM 3.0 SQL Injection
==================================================================================================================================== | Title : Yuvan Education CRM v 3.0 Auth by pass Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro | | Vendor :...
Global Infotech CMS 1.0 SQL Injection
==================================================================================================================================== | Title : Global Infotech cms v 1.0 Sql injectioin Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro | | Vendor :...
KesionCMS X 1.5.160902 Insecure Settings
==================================================================================================================================== | Title : KesionCMS X 1.5.160902 Insecure Settings Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox...
Incrementer CMS 0.1 Insecure Settings
==================================================================================================================================== | Title : Incrementer CMS v0.1 Technology Solutions Insecure Settings Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser :...
Inlislite 3.2 Insecure Settings
==================================================================================================================================== | Title : Inlislite V3.2 Backdoor Account Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 103.064-bit | |...
WordPress Slider Revolution 3.0.8 Directory Traversal
==================================================================================================================================== | Title : WordPress - Slider Revolution 3.0.8 Directory Traversal Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla...
Laravel 9.47.0 Information Disclosure
==================================================================================================================================== | Title : Laravel from Version 1.0 to 9.47.0 MySQL Credential Disclosure Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser :...
WordPress Profile Builder 3.0.5 SQL Injection
==================================================================================================================================== | Title : WordPress profile builder 3.0.5 SQL Injection Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox...
Global Education And Technoworld 4.1 Backup Disclosure
==================================================================================================================================== | Title : GLOBAL EDUCATION & TECHNOWORLD Version 4.1 unauthorized backup download Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.10Pro /...
WordPress Slider Revolution 4.1.3 Directory Traversal
==================================================================================================================================== | Title : WordPress - Slider Revolution 4.1.3 Directory Traversal Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla...
WordPress Slider Revolution 4.6.5 Directory Traversal
==================================================================================================================================== | Title : WordPress - Slider Revolution 4.6.5 UpdateCaptionsCSS Directory Traversal Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro /...
WordPress Slider Revolution 4.x.x Shell Upload
================================================================================================= | Title : WordPress - Slider Revolution 4.x.x WordPress - arbitrary file upload exploit | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 66.064-bit | |...
Academy LMS 5.11 Cross Site Scripting
┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...
WebKit CSSCrossfadeValue::crossfadeChanged Use-After-Free
WebKit: Use-after-free of RenderMathMLToken in CSSCrossfadeValue::crossfadeChanged There is a use-after-free of a RenderMathMLToken object in CSSCrossfadeValue::crossfadeChanged. CSSCrossfadeValue extends CSSImageGeneratorValue. CSSImageGeneratorValue keeps a HashCountedSet of clients mclients of...