Online Birth Certificate Management System 1.0 Insecure Direct Object Reference

Exploit Title: Online Birth Certificate Management System - Insecure Direct Object Reference IDOR Google Dork: N/A Date: 2022-9-27 Exploit Author: yousef alraddadi - https://twitter.com/y0usef11 Vendor Homepage:...

Online Birth Certificate Management System 1.0 Cross Site Scripting

Exploit Title: Online Birth Certificate Management System - Stored Cross-Site Scripting XSS Google Dork: N/A Date: 2022-9-27 Exploit Author: yousef alraddadi - https://twitter.com/y0usef11 Vendor Homepage:...

Online Birth Certificate Management System 1.0 Cross Site Request Forgery

Exploit Title: Online Birth Certificate Management System - Cross Site Request Forgery CSRF Google Dork: N/A Date: 2022-9-27 Exploit Author: yousef alraddadi - https://twitter.com/y0usef11 Vendor Homepage:...

COVESA 2.18.8 NULL Pointer Dereference / Heap Buffer Over-Read

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple Memory Corruption Vulnerabilities product: COVESA DLT daemon Diagnostic Log and Trace Connected Vehicle Systems Alliance COVESA, formerly GENIVI vulnerable...

Online Birth Certificate Management System 1.0 Cross Site Scripting

Exploit Title: Online Birth Certificate Management System - Cross Site Scripting XSS Reflected POST Google Dork: N/A Date: 2022-9-27 Exploit Author: yousef alraddadi - https://twitter.com/y0usef11 Vendor Homepage:...

Food Ordering Management System 1.0 SQL Injection

Exploit Title: Food Ordering Management System - SQL Injection Google Dork: N/A Date: 2022-9-27 Exploit Author: yousef alraddadi - https://twitter.com/y0usef11 Vendor Homepage: https://www.sourcecodester.com/php/15689/food-ordering-management-system-php-and-mysql-free-source-code.html Software...

Backdoor.Win32.Augudor.b MVID-2022-0644 Code Execution

Discovery / credits: Malvuln John Page aka hyp3rlinx c 2022 Original source: https://malvuln.com/advisory/94ccd337cbdd4efbbcc0a6c888abb87d.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Augudor.b Vulnerability: Remote File Write Code Execution Description: The...

WooCommerce BRW Booking Rental 1.3.1 Cross Site Scripting

┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...

Backdoor.Win32.Bingle.b MVID-2022-0643 Hardcoded Credential

Discovery / credits: Malvuln John Page aka hyp3rlinx c 2022 Original source: https://malvuln.com/advisory/eacaa12336f50f1c395663fba92a4d32.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Bingle.b Vulnerability: Weak Hardcoded Credentials Description: The malware...

Online Diagnostic Lab Management System 1.0 SQL Injection / Shell Upload

Exploit Title: Online Diagnostic Lab Management System - Remote Code Execution RCE Unauthenticated Google Dork: N/A Date: 2022-9-23 Exploit Author: yousef alraddadi - https://twitter.com/y0usef11 Vendor Homepage:...

LivelyCart Pro 3 Cross Site Scripting

┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...

osCommerce Shopping Cart 4 Cross Site Scripting

┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...

Active eCommerce CMS 6.3.0 Arbitrary File Download

Exploit Title: Active eCommerce CMS Arbitrary File Download Exploit Author: th3d1gger Vendor Homepage: https://codecanyon.net Software Link: https://codecanyon.net/item/active-ecommerce-cms/23471405 Version: Version 6.3.0 Tested on Ubuntu 18.04 without authentication with for loop user can downlo...

Backdoor.Win32.Psychward.b MVID-2022-0645 Hardcoded Credential

Discovery / credits: Malvuln John Page aka hyp3rlinx c 2022 Original source: https://malvuln.com/advisory/0b8cf90ab9820cb3fcb7f1d1b45e4e57.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Psychward.b Vulnerability: Weak Hardcoded Credentials Description: The...

WiFi Mouse 1.8.3.4 Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Wifi Mouse RCE', 'Description' = %q The WiFi Mouse Mouse Server from Necta LLC contains an auth bypass as the authentication is completely...

Active eCommerce CMS 6.3.0 Cross Site Scripting

Exploit Title: Active eCommerce CMS Cross Site Scripting Exploit Author: th3d1gger Vendor Homepage: https://codecanyon.net Software Link: https://codecanyon.net/item/active-ecommerce-cms/23471405 Version: Version 6.3.0 Tested on Ubuntu 18.04 -------Request----------- POST /ajax-search HTTP/1.1...

Veritas Backup Exec Agent Remote Code Execution

frozenstringliteral: true This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Veritas Backup Exec Agent Remote Code Execution', 'Description' = %q Veritas Backup Exec Agent supports multiple...

pfBlockerNG 2.1.4_26 Shell Upload

!/usr/bin/env python3 Original Advisory: https://www.ihteam.net/advisory/pfblockerng-unauth-rce-vulnerability/ import argparse import requests import time import sys import urllib.parse from requests.packages.urllib3.exceptions import InsecureRequestWarning...

WordPress Sabai Discuss 1.4.13 Cross Site Scripting

┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...

WordPress Forym 1.5.7 Cross Site Scripting

┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...

WordPress WP-UserOnline 2.88.0 Cross Site Scripting

Exploit Title: Wordpress Plugin WP-UserOnline 2.88.0 - Stored Cross Site Scripting XSS Google Dork: inurl:/wp-content/plugins/wp-useronline/ Date: 2022-08-24 Exploit Author: UnD3sc0n0c1d0 Vendor Homepage: https://github.com/lesterchan/wp-useronline Software Link:...

Testa 3.5.1 Cross Site Scripting

Exploit Title: Testa 3.5.1 Online Test Management System - Reflected Cross-Site Scripting XSS Date: 28/08/2022 Exploit Author: Ashkan Moghaddas Vendor Homepage: https://testa.cc Software Link: https://download.aftab.cc/products/testa/Testawos2.0.1.zip Version: 3.5.1 Tested on: Windows/Linux Proof...

Teleport 10.1.1 Remote Code Execution

Exploit Title: Teleport v10.1.1 - Remote Code Execution RCE Date: 08/01/2022 Exploit Author: Brandon Roach & Brian Landrum Vendor Homepage: https://goteleport.com Software Link: https://github.com/gravitational/teleport Version: /dev/tcp/10.0.0.1/5555 0&1...

WordPress 3dady Real-Time Web Stats 1.0 Cross Site Scripting

Exploit Title: Wordpress Plugin 3dady real-time web stats 1.0 - Stored Cross Site Scripting XSS Google Dork: inurl:/wp-content/plugins/3dady-real-time-web-stats/ Date: 2022-08-24 Exploit Author: UnD3sc0n0c1d0 Vendor Homepage: https://profiles.wordpress.org/3dady/ Software Link:...

Feehi CMS 2.1.1 Remote Code Execution

Exploit Title: Feehi CMS 2.1.1 - Remote Code Execution RCE Authenticated Date: 22-08-2022 Exploit Author: yuyudhn Vendor Homepage: https://feehi.com/ Software Link: https://github.com/liufee/cms Version: 2.1.1 REQUIRED Tested on: Linux, Docker CVE : CVE-2022-34140 Proof of Concept: 1. Login using...

TP-Link Tapo c200 1.1.15 Remote Code Execution

Exploit Title: TP-Link Tapo c200 1.1.15 - Remote Code Execution RCE Date: 02/11/2022 Exploit Author: hacefresko Vendor Homepage: https://www.tp-link.com/en/home-networking/cloud-camera/tapo-c200/ Version: 1.1.15 and below Tested on: 1.1.11, 1.1.14 and 1.1.15 CVE : CVE-2021-4045 Write up of the...

Bitbucket Git Command Injection

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Bitbucket Git Command Injection', 'Description' = %q Various versions of Bitbucket Server and Data Center are vulnerable to an unauthenticated...

Multix 2.4 Cross Site Request Forgery

Exploit Title: Multix - Multipurpose Website CMS with Codeigniter Cross Site Request Forgery Exploit Author: th3d1gger Vendor Homepage: https://codecanyon.net Software Link: https://codecanyon.net/item/multix-multipurpose-website-cms-with-codeigniter/23537596 Version: Version 2.4 Tested on Ubuntu...

WorkOrder CMS 0.1.0 Cross Site Scripting

Exploit Title: WorkOrder CMS 0.1.0 Cross-Site Scripting XSS Date: Sep 22, 2022 Exploit Author: Chokri Hammedi Vendor Homepage: https://github.com/romzes13/WorkOrderCMS Software Link: https://github.com/romzes13/WorkOrderCMS/archive/refs/tags/v0.1.0.zip Version: 0.1.0 Tested on: Linux Payload:...

WorkOrder CMS 0.1.0 SQL Injection

Exploit Title: WorkOrder CMS 0.1.0 SQLI Date: Sep 22, 2022 Exploit Author: Chokri Hammedi Vendor Homepage: https://github.com/romzes13/WorkOrderCMS Software Link: https://github.com/romzes13/WorkOrderCMS/archive/refs/tags/v0.1.0.zip Version: 0.1.0 Tested on: Linux Auth Bypass: username:' or '1'='...

Multix 2.4 Cross Site Scripting

Exploit Title: Multix - Multipurpose Website CMS with Codeigniter Reflected Cross Site Scripting Exploit Author: th3d1gger Vendor Homepage: https://codecanyon.net Software Link: https://codecanyon.net/item/multix-multipurpose-website-cms-with-codeigniter/23537596 Version: Version 2.4 Tested on...

WiFiMouse 1.8.3.4 Remote Code Execution

Exploit Title: WiFiMouse 1.8.3.4 - Remote Code Execution RCE Date: 15-08-2022 Author: Febin Vendor Homepage: http://necta.us/ Software Link: http://wifimouse.necta.us/download Version: 1.8.3.4 Tested on: Windows 10 !/bin/bash printf " WiFiMouse / MouseServer 1.8.3.4 Exploit by FEBIN " printf "...

Unified Remote Authentication Bypass / Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Unified Remote Auth Bypass to RCE', 'Description' = %q This module utilizes the Unified Remote remote control protocol to type out and deploy a...

Bookwyrm 0.4.3 Authentication Bypass

Exploit Title: Bookwyrm v0.4.3 - Authentication Bypass Date: 2022-08-4 Exploit Author: Akshay Ravi Vendor Homepage: https://github.com/bookwyrm-social/bookwyrm Software Link: https://github.com/bookwyrm-social/bookwyrm/releases/tag/v0.4.3 Version: = 4.0.3 Tested on: MacOS Monterey CVE:...

Buffalo TeraStation Network Attached Storage (NAS) 1.66 Authentication Bypass

Exploit Title: Buffalo TeraStation Network Attached Storage NAS 1.66 - Authentication Bypass Date: 2022-08-11 Exploit Author: JORDAN GLOVER Type: WEBAPPS Platform: HARDWARE Vendor Homepage: https://www.buffalotech.com/ Model: TeraStation Series Firmware Version: 1.66 Tested on: Windows 10 An...

Backdoor.Win32.Hellza.120 MVID-2022-0642 Authentication Bypass

Discovery / credits: Malvuln John Page aka hyp3rlinx c 2022 Original source: https://malvuln.com/advisory/2cbd0fcf4d5fd5fb6c8014390efb0b21B.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Hellza.120 Vulnerability: Authentication Bypass Description: The malware...

Backdoor.Win32.Hellza.120 MVID-2022-0641 Remote Command Execution

Discovery / credits: Malvuln John Page aka hyp3rlinx c 2022 Original source: https://malvuln.com/advisory/2cbd0fcf4d5fd5fb6c8014390efb0b21.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Hellza.120 Vulnerability: Unauthorized Remote Command Execution Description...

ProcessMaker Privilege Escalation

Exploit Title: ProcessMaker - User Profile Privilege Escalation Description: ProcessMaker before v3.5.4 was discovered to contain insecure permissions in the user profile page. This vulnerability allows attackers to escalate normal users to Administrators. Date: 20220822 Exploit Author: Sornram...

Blink1Control2 2.2.7 Weak Password Encryption

// Exploit Title: Blink1Control2 2.2.7 - Weak Password Encryption // Date: 2022-08-12 // Exploit Author: p1ckzi // Vendor Homepage: https://thingm.com/ // Software Link: https://github.com/todbot/Blink1Control2/releases/tag/v2.2.7 // Vulnerable Version: blink1control2 !/usr/bin/env node const...

Trojan-Dropper.Win32.Corty.10 MVID-2022-0639 Insecure Credential Storage

Discovery / credits: Malvuln John Page aka hyp3rlinx c 2022 Original source: https://malvuln.com/advisory/f72138e574743640bdcdb9f102dff0a5.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Trojan-Dropper.Win32.Corty.10 Vulnerability: Insecure Credential Storage Description: The...

Trojan.Ransom.Ryuk.A MVID-2022-0640 Code Execution

Discovery / credits: Malvuln John Page aka hyp3rlinx c 2022 Original source: https://malvuln.com/advisory/5ac0f050f93f86e69026faea1fbb4450.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Trojan.Ransom.Ryuk.A Vulnerability: Arbitrary Code Execution Description: The ransomware...

Genesys PureConnect Cross Site Scripting

Product: Genesys PureConnect - Interaction Web Tools Chat Service Description: Interaction Web Tools Chat Service allows XSS within the Printable Chat History via the participant - name JSON POST parameter. Vulnerability Type: XSS Vendor of Product: Genesys PureConnect Affected Product Code Base:...

Owlfiles File Manager 12.0.1 Path Traversal / Local File Inclusion

Exploit Title: Owlfiles File Manager 12.0.1 - multi vulnerabilities Date: Sep 19, 2022 Exploit Author: Chokri Hammedi Vendor Homepage: https://www.skyjos.com/ Software Link: https://apps.apple.com/us/app/owlfiles-file-manager/id510282524 Version: 12.0.1 Tested on: Ios 16.0 path traversal on HTTP...

VIAVIWEB Wallpaper Admin SQL Injection / Shell Upload

Exploit Title: VIAVIWEB Wallpaper Admin - Multiple vulnrabilities Google Dork: intext:"Wallpaper Admin" "LOGIN" "password" "Username" Date: 18/09/2022 Exploit Author: Edd13Mora Vendor Homepage: www.viaviweb.com Version: N/A Tested on: Windows 11 - Kali Linux ------------------ SQLI on the Login...

OpenCart 3.x Newsletter Custom Popup 4.0 SQL Injection

Exploit Title: OpenCart v3.x So Newsletter Custom Popup Module - Blind SQL Injection Date: 18/09/2022 Exploit Author: Saud Alenazi Vendor Homepage: https://www.opencart.com/ Software Link:...

PhotoSync 4.7 Local File Inclusion

Exploit Title: PhotoSync 4.7 IOS APP Local file inclusion Date: Sep 19, 2022 Exploit Author: Chokri Hammedi Vendor Homepage: https://www.photosync-app.com/home.html Software Link: https://apps.apple.com/us/app/photosync-transfer-photos/id415850124 Version: 4.7 Tested on: iPhone IOS 16.0 GET...

WordPress GetYourGuide Ticketing 1.0.1 Cross Site Scripting

Exploit Title: WordPress Plugin ‘GetYourGuide Ticketing’ - Stored Cross-Site Scripting Date: 18-09-2022 Exploit Author: Mariam Tariq - HunterSherlock Vendor Homepage: https://wordpress.org/plugins/search/GetYourGuide+Ticketing/ Version: 1.0.1 Tested on: Firefox Contact me: [email protected]...

Social Share Button 2.2.3 SQL Injection

Title: Social Share Buttons-2.2.3 SQLi Author: nu11secur1ty Date: 09.16.2022 Vendor: https://wordpress.org/ Software: https://downloads.wordpress.org/plugin/social-share-buttons-by-supsystic.2.2.3.zip Reference:...

SAP SAPControl Web Service Interface Local Privilege Escalation

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Local privilege escalation product: SAP® SAPControl Web Service Interface sapuxuserchk vulnerable version: see section "Vulnerable / tested versions" fixed version: see S...

Palo Alto Networks Authenticated Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Palo Alto Networks Authenticated Remote Code Execution', 'Description' = %q An OS Command Injection vulnerability in the PAN-OS management...