50748 matches found
Joomla MyMuse 4.3.0 SQL Injection
┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...
Centreon 22.04.0 Cross Site Scripting
Exploit Title: Stored XSS in servicealias parameter in Centreon version 22.04.0 Date: 1/10/2022 Exploit Author: syad Vendor Homepage: Centreon Software Link: https://download.centreon.com/ Version: 22.04.0 CVE ID : CVE-2022-39988 Tested on: Centos 7 Centreon 22.04.0 is vulnerable to Stored Cross...
ZKSecurity BIO 3.0.5.0_R Privilege Escalation
ADVISORY INFORMATION Product: ZKSecurity BIO Vendor: ZKTeco Version Affected: 3.0.5.0R CVE: CVE-2022-36634 Vulnerability: User privilege escalation CREDIT This vulnerability was discovered and researched by Caio Burgardt and Silton Santos. INTRODUCTION Based on the hybrid biometric technology and...
Joomla JS Jobs Pro 1.3.6 SQL Injection
┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...
Joomla jMarket 5.15 Cross Site Scripting
┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...
Joomla JoomRecipe 4.2.2 Cross Site Scripting
┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...
jCart For OpenCart 3.0.3.19 Cross Site Scripting
┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...
Joomla DJ-Classifieds Ads 3.9 Cross Site Scripting
┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...
Joomla AdsManager 3.2.0 SQL Injection
┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...
Joomla EDocman 1.23.3 Cross Site Scripting
┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...
Bus Pass Management System 1.0 Cross Site Scripting
Exploit Title: Bus Pass Management System 1.0 - 'searchdata' Cross-Site Scripting XSS Date: 2022-07-02 Exploit Author: Ali Alipour Vendor Homepage: https://phpgurukul.com/bus-pass-management-system-using-php-and-mysql Software Link:...
Online Examination System 1.0 Cross Site Scripting
Exploit Title: Online Examination System - Cross site scripting Reflected Google Dork: N/A Date: 2022-9-29 Exploit Author: yousef alraddadi - https://twitter.com/y0usef11 Vendor Homepage: https://projectworlds.in/free-projects/php-projects/online-examination/ Software Link:...
Online Examination System 1.0 SQL Injection
Exploit Title: Online Examination System - SQL Injection Google Dork: N/A Date: 2022-9-28 Exploit Author: yousef alraddadi - https://twitter.com/y0usef11 Vendor Homepage: https://projectworlds.in/free-projects/php-projects/online-examination/ Software Link:...
qdPM 9.1 Authenticated Shell Upload
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'qdPM 9.1 Authenticated Arbitrary PHP File Upload RCE', 'Description' = %q A remote code execution RCE vulnerability exists in qdPM 9.1 and earlie...
WordPress Motopress Hotel Booking Lite 4.4.2 Cross Site Scripting
Exploit Title: WordPress Plugin Motopress Hotel Booking Lite 4.4.2 - Stored Cross-Site Scripting XSS Date: 2022-09-28 Exploit Author: Ali Alipour Vendor Homepage: https://motopress.com/ Software Link: https://wordpress.org/plugins/motopress-hotel-booking-lite/ Version: 4.4.2 Tested on: Windows 10...
Netfilter nft_set_elem_init Heap Overflow Privilege Escalation
frozenstringliteral: true This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Netfilter nftseteleminit Heap Overflow Privilege Escalation', 'Description' = %q An issue was discovered in the Linux...
EShop Joomla Shopping-Cart 3.6.0 Cross Site Scripting
┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...
Mobile Mouse Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Mobile Mouse RCE', 'Description' = %q This module utilizes the Mobile Mouse Server by RPA Technologies, Inc protocol to deploy a payload and run ...
Online Birth Certificate Management System 1.0 Cross Site Scripting
Exploit Title: Online Birth Certificate Management System - Cross Site Scripting XSS Reflected POST Google Dork: N/A Date: 2022-9-27 Exploit Author: yousef alraddadi - https://twitter.com/y0usef11 Vendor Homepage:...
Online Birth Certificate Management System 1.0 Cross Site Request Forgery
Exploit Title: Online Birth Certificate Management System - Cross Site Request Forgery CSRF Google Dork: N/A Date: 2022-9-27 Exploit Author: yousef alraddadi - https://twitter.com/y0usef11 Vendor Homepage:...
COVESA 2.18.8 NULL Pointer Dereference / Heap Buffer Over-Read
SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple Memory Corruption Vulnerabilities product: COVESA DLT daemon Diagnostic Log and Trace Connected Vehicle Systems Alliance COVESA, formerly GENIVI vulnerable...
Food Ordering Management System 1.0 SQL Injection
Exploit Title: Food Ordering Management System - SQL Injection Google Dork: N/A Date: 2022-9-27 Exploit Author: yousef alraddadi - https://twitter.com/y0usef11 Vendor Homepage: https://www.sourcecodester.com/php/15689/food-ordering-management-system-php-and-mysql-free-source-code.html Software...
Online Birth Certificate Management System 1.0 Cross Site Scripting
Exploit Title: Online Birth Certificate Management System - Stored Cross-Site Scripting XSS Google Dork: N/A Date: 2022-9-27 Exploit Author: yousef alraddadi - https://twitter.com/y0usef11 Vendor Homepage:...
Online Birth Certificate Management System 1.0 Insecure Direct Object Reference
Exploit Title: Online Birth Certificate Management System - Insecure Direct Object Reference IDOR Google Dork: N/A Date: 2022-9-27 Exploit Author: yousef alraddadi - https://twitter.com/y0usef11 Vendor Homepage:...
Backdoor.Win32.Psychward.b MVID-2022-0645 Hardcoded Credential
Discovery / credits: Malvuln John Page aka hyp3rlinx c 2022 Original source: https://malvuln.com/advisory/0b8cf90ab9820cb3fcb7f1d1b45e4e57.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Psychward.b Vulnerability: Weak Hardcoded Credentials Description: The...
pfBlockerNG 2.1.4_26 Shell Upload
!/usr/bin/env python3 Original Advisory: https://www.ihteam.net/advisory/pfblockerng-unauth-rce-vulnerability/ import argparse import requests import time import sys import urllib.parse from requests.packages.urllib3.exceptions import InsecureRequestWarning...
WooCommerce BRW Booking Rental 1.3.1 Cross Site Scripting
┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...
osCommerce Shopping Cart 4 Cross Site Scripting
┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...
Active eCommerce CMS 6.3.0 Arbitrary File Download
Exploit Title: Active eCommerce CMS Arbitrary File Download Exploit Author: th3d1gger Vendor Homepage: https://codecanyon.net Software Link: https://codecanyon.net/item/active-ecommerce-cms/23471405 Version: Version 6.3.0 Tested on Ubuntu 18.04 without authentication with for loop user can downlo...
LivelyCart Pro 3 Cross Site Scripting
┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...
Online Diagnostic Lab Management System 1.0 SQL Injection / Shell Upload
Exploit Title: Online Diagnostic Lab Management System - Remote Code Execution RCE Unauthenticated Google Dork: N/A Date: 2022-9-23 Exploit Author: yousef alraddadi - https://twitter.com/y0usef11 Vendor Homepage:...
Backdoor.Win32.Augudor.b MVID-2022-0644 Code Execution
Discovery / credits: Malvuln John Page aka hyp3rlinx c 2022 Original source: https://malvuln.com/advisory/94ccd337cbdd4efbbcc0a6c888abb87d.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Augudor.b Vulnerability: Remote File Write Code Execution Description: The...
Backdoor.Win32.Bingle.b MVID-2022-0643 Hardcoded Credential
Discovery / credits: Malvuln John Page aka hyp3rlinx c 2022 Original source: https://malvuln.com/advisory/eacaa12336f50f1c395663fba92a4d32.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Bingle.b Vulnerability: Weak Hardcoded Credentials Description: The malware...
Veritas Backup Exec Agent Remote Code Execution
frozenstringliteral: true This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Veritas Backup Exec Agent Remote Code Execution', 'Description' = %q Veritas Backup Exec Agent supports multiple...
WiFi Mouse 1.8.3.4 Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Wifi Mouse RCE', 'Description' = %q The WiFi Mouse Mouse Server from Necta LLC contains an auth bypass as the authentication is completely...
Active eCommerce CMS 6.3.0 Cross Site Scripting
Exploit Title: Active eCommerce CMS Cross Site Scripting Exploit Author: th3d1gger Vendor Homepage: https://codecanyon.net Software Link: https://codecanyon.net/item/active-ecommerce-cms/23471405 Version: Version 6.3.0 Tested on Ubuntu 18.04 -------Request----------- POST /ajax-search HTTP/1.1...
WordPress Forym 1.5.7 Cross Site Scripting
┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...
WordPress Sabai Discuss 1.4.13 Cross Site Scripting
┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...
Testa 3.5.1 Cross Site Scripting
Exploit Title: Testa 3.5.1 Online Test Management System - Reflected Cross-Site Scripting XSS Date: 28/08/2022 Exploit Author: Ashkan Moghaddas Vendor Homepage: https://testa.cc Software Link: https://download.aftab.cc/products/testa/Testawos2.0.1.zip Version: 3.5.1 Tested on: Windows/Linux Proof...
TP-Link Tapo c200 1.1.15 Remote Code Execution
Exploit Title: TP-Link Tapo c200 1.1.15 - Remote Code Execution RCE Date: 02/11/2022 Exploit Author: hacefresko Vendor Homepage: https://www.tp-link.com/en/home-networking/cloud-camera/tapo-c200/ Version: 1.1.15 and below Tested on: 1.1.11, 1.1.14 and 1.1.15 CVE : CVE-2021-4045 Write up of the...
WordPress WP-UserOnline 2.88.0 Cross Site Scripting
Exploit Title: Wordpress Plugin WP-UserOnline 2.88.0 - Stored Cross Site Scripting XSS Google Dork: inurl:/wp-content/plugins/wp-useronline/ Date: 2022-08-24 Exploit Author: UnD3sc0n0c1d0 Vendor Homepage: https://github.com/lesterchan/wp-useronline Software Link:...
WordPress 3dady Real-Time Web Stats 1.0 Cross Site Scripting
Exploit Title: Wordpress Plugin 3dady real-time web stats 1.0 - Stored Cross Site Scripting XSS Google Dork: inurl:/wp-content/plugins/3dady-real-time-web-stats/ Date: 2022-08-24 Exploit Author: UnD3sc0n0c1d0 Vendor Homepage: https://profiles.wordpress.org/3dady/ Software Link:...
Teleport 10.1.1 Remote Code Execution
Exploit Title: Teleport v10.1.1 - Remote Code Execution RCE Date: 08/01/2022 Exploit Author: Brandon Roach & Brian Landrum Vendor Homepage: https://goteleport.com Software Link: https://github.com/gravitational/teleport Version: /dev/tcp/10.0.0.1/5555 0&1...
Feehi CMS 2.1.1 Remote Code Execution
Exploit Title: Feehi CMS 2.1.1 - Remote Code Execution RCE Authenticated Date: 22-08-2022 Exploit Author: yuyudhn Vendor Homepage: https://feehi.com/ Software Link: https://github.com/liufee/cms Version: 2.1.1 REQUIRED Tested on: Linux, Docker CVE : CVE-2022-34140 Proof of Concept: 1. Login using...
Multix 2.4 Cross Site Scripting
Exploit Title: Multix - Multipurpose Website CMS with Codeigniter Reflected Cross Site Scripting Exploit Author: th3d1gger Vendor Homepage: https://codecanyon.net Software Link: https://codecanyon.net/item/multix-multipurpose-website-cms-with-codeigniter/23537596 Version: Version 2.4 Tested on...
Multix 2.4 Cross Site Request Forgery
Exploit Title: Multix - Multipurpose Website CMS with Codeigniter Cross Site Request Forgery Exploit Author: th3d1gger Vendor Homepage: https://codecanyon.net Software Link: https://codecanyon.net/item/multix-multipurpose-website-cms-with-codeigniter/23537596 Version: Version 2.4 Tested on Ubuntu...
Bitbucket Git Command Injection
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Bitbucket Git Command Injection', 'Description' = %q Various versions of Bitbucket Server and Data Center are vulnerable to an unauthenticated...
WorkOrder CMS 0.1.0 SQL Injection
Exploit Title: WorkOrder CMS 0.1.0 SQLI Date: Sep 22, 2022 Exploit Author: Chokri Hammedi Vendor Homepage: https://github.com/romzes13/WorkOrderCMS Software Link: https://github.com/romzes13/WorkOrderCMS/archive/refs/tags/v0.1.0.zip Version: 0.1.0 Tested on: Linux Auth Bypass: username:' or '1'='...
WorkOrder CMS 0.1.0 Cross Site Scripting
Exploit Title: WorkOrder CMS 0.1.0 Cross-Site Scripting XSS Date: Sep 22, 2022 Exploit Author: Chokri Hammedi Vendor Homepage: https://github.com/romzes13/WorkOrderCMS Software Link: https://github.com/romzes13/WorkOrderCMS/archive/refs/tags/v0.1.0.zip Version: 0.1.0 Tested on: Linux Payload:...
Unified Remote Authentication Bypass / Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Unified Remote Auth Bypass to RCE', 'Description' = %q This module utilizes the Unified Remote remote control protocol to type out and deploy a...