Inventory Management System 1.0 Cross Site Scripting

Title: Inventory Management System 1.0 XSS Stored Author: Hejap Zairy Date: 12.07.2022 Vendor: https://www.vetbossel.in/inventory-management-system-php/ Software: https://cutt.ly/lOZ8lrr Reference: https://github.com/Matrix07ksa Tested on: ArchLinux, MySQL, Apache Description: Stored XSS, also...

SAP Knowledge Warehouse 7.50 / 7.40 / 7.31 / 7.30 Cross Site Scripting

RCE Security Advisory https://www.rcesecurity.com 1. ADVISORY INFORMATION ======================= Product: SAP Knowledge Warehouse Vendor URL: https://help.sap.com/viewer/816f1f952d244bbf9dd5063e2a0e66b0/7.5.21/en-US/4dc9605e4a9d6522e10000000a15822b.html Type: Cross-Site Scripting CWE-79 Date...

Xlight FTP 3.9.3.2 Buffer Overflow

Exploit Title: Xlight FTP v3.9.3.2 - Buffer Overflow SEH Egghunter + ROP Exploit Author: Hejap Zairy Date: 13.07.2022 Software Link: http://www.xlightftpd.com/download/setup.exe Tested Version: v3.9.3.22022-1-5 Tested on: Windows 10 64bit 1.- Run python code : 0day-HejapZairy.py 2.- Open...

Amazing CD Ripper 1.2 Buffer Overflow

Exploit Title: Amazing CD Ripper v1.2 - Buffer Overflow Exploit Author: Hejap Zairy Date: 03.08.2022 Software Link: http://www.shelltoys.com/cdripper.exe Software Link: https://web.archive.org/web/20160313071152/http://www.shelltoys.com/cdripper.exe Tested Version: v1.2.1 Tested on: Windows 10...

OX App Suite 7.10.5 Cross Site Scripting

Product: OX App Suite Vendor: OX Software GmbH Internal reference: OXUIB-1092 Vulnerability type: Cross-Site Scripting CWE-80 Vulnerable version: 7.10.5 Vulnerable component: frontend Report confidence: Confirmed Solution status: Fixed by Vendor Fixed version: 7.10.5-rev26 Vendor notification:...

ICT Protege GX/WX 2.08 Client-Side SHA1 Password Hash Disclosure

ICT Protege GX/WX 2.08 Client-Side SHA1 Password Hash Disclosure Vendor: Integrated Control Technology Ltd. Product web page: https://www.ict.co Affected version: GX: Ver: 2.08.1002 K1B3 Lib: 04.00.217 Int: 2.3.235.J013 OS: 2.0.20 WX: Ver: 4.00 284 H062 App: 02.08.766 Lib: 04.00.169 Int: 02.2.208...

WordPress iQ Block Country 1.2.13 Arbitrary File Deletion

Exploit Title: Wordpress Plugin iQ Block Country 1.2.13 - Arbitrary File Deletion via Zip Slip Authenticated Date: 02-17-2022 Exploit Author: Ceylan Bozoğullarından Blog Post: https://bozogullarindan.com/en/2022/01/wordpress-iq-block-country-1.2.13-admin-arbitray-file-deletion-via-zip-slip/...

Poultry Farm Management System 1.0 Shell Upload

Title: Poultry Farm Management System 1.0 Remote Code Execution RCE Author: Hejap Zairy Date: 20.07.2022 Vendor: https://www.sourcecodester.com/php/15230/poultry-farm-management-system-free-download.html Software:...

Simple Mobile Comparison Website 1.0 Cross Site Scripting

Exploit Title: Simple Mobile Comparison Website v1.0 - Reflected Cross-Site Scripting XSS Unauthenticated Author: Ayedh AlQahtani Discovery Date: 2022-03-18 Vendor Homepage: https://www.sourcecodester.com/ Tested Version: v1.0 Tested on: XAMPP, Windows 11 Pro x64 es Vulnerability Type: Reflected...

BuilderPandoraRat.b Insecure Credential Storage

Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/ae4a409d217bbd538009fbbb5457e754.txt Contact: [email protected] Media: twitter.com/malvuln Threat: BuilderPandoraRat.b - Pandora Rat 2.2 Beta.exe Vulnerability: Insecure Credential Storage Descriptio...

BuilderOrcus Insecure Permissions

Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/cc3670f1b3e60e00b43c86d787563a44.txt Contact: [email protected] Media: twitter.com/malvuln Threat: BuilderOrcus Orcus.Administration-cracked.exe Vulnerability: Insecure Permissions Description: When...

BuilderRevengeRAT XML Injection

Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/531d8b4ac8f7eb827d62424169321b2b.txt Contact: [email protected] Media: twitter.com/malvuln Threat: BuilderRevengeRAT - Revenge-RAT v0.3 Vulnerability: XML External Entity Injection Description: The...

BuilderTorCTPHPRAT.b Shell Upload

Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/838f67d7a4b6824ec59892057aab3bb7B.txt Contact: [email protected] Media: twitter.com/malvuln Threat: BuilderTorCTPHPRAT.b Vulnerability: Arbitrary File Upload - RCE Family: TorCTPHPRAT Type: WebUI MD5...

BuilderOrcus Insecure Credential Storage

Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/cc3670f1b3e60e00b43c86d787563a44B.txt Contact: [email protected] Media: twitter.com/malvuln Threat: BuilderOrcus Orcus.Administration-cracked.exe Vulnerability: Insecure Credential Storage Descriptio...

BuilderTorCTPHPRAT.b Cross Site Scripting

Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/838f67d7a4b6824ec59892057aab3bb7C.txt Contact: [email protected] Media: twitter.com/malvuln Threat: BuilderTorCTPHPRAT.b Vulnerability: Remote Persistent XSS Family: TorCTPHPRAT Type: WebUI MD5:...

BuilderTorCTPHPRAT.b Insecure Credential Storage

Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/838f67d7a4b6824ec59892057aab3bb7.txt Contact: [email protected] Media: twitter.com/malvuln Threat: BuilderTorCTPHPRAT.b Vulnerability: Insecure Credential Storage Description: The default password fo...

Tiny File Manager 2.4.6 Shell Upload

Exploit Title: Tiny File Manager 2.4.6 - Remote Code Execution RCE Date: 14/03/2022 Exploit Author: FEBIN MON SAJI Software Link: https://github.com/prasathmani/tinyfilemanager Version: Tiny File Manager Example: $0 http://files.ubuntu.local/index.php admin "admin@123" " log-in URL=$1 admin=$2...

Windows SpoolFool Privilege Escalation

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'CVE-2022-21999 SpoolFool Privesc', 'Description' = %q The Windows Print Spooler has a privilege escalation vulnerability that can be leveraged to...

Pluck CMS 4.7.16 Shell Upload

Exploit Title: Pluck CMS 4.7.16 - Remote Code Execution RCE Authenticated Date: 13.03.2022 Exploit Author: Ashish Koli Shikari Vendor Homepage: https://github.com/pluck-cms/pluck Version: 4.7.16 Tested on Ubuntu 20.04.3 LTS CVE: CVE-2022-26965 Usage : python3 exploit.py Example: python3 exploit.p...

Moodle 3.11.5 SQL Injection

Exploit Title: Moodle 3.11.5 - SQLi Authenticated Date: 2/3/2022 Exploit Author: Chris Anastasio @mufinnnnnnn Vendor Homepage: https://moodle.com/ Software Link: https://github.com/moodle/moodle/archive/refs/tags/v3.11.5.zip Write Up: https://muffsec.com/blog/moodle-2nd-order-sqli/ Tested on:...

Hikvision IP Camera Backdoor

Exploit Title: Hikvision IP Camera - Backdoor Date: 14/03/2022 Exploit Author: Sobhan Mahmoodi Reference: https://ipvm.com/reports/hik-exploit GitHub: https://github.com/bp2008/HikPasswordHelper/ Hikvision included a magic string that allowed instant access to any camera, regardless of what the...

Apache APISIX 2.12.1 Remote Code Execution

Exploit Title: Apache APISIX 2.12.1 - Remote Code Execution RCE Date: 2022-03-16 Exploit Author: Ven3xy Vendor Homepage: https://apisix.apache.org/ Version: Apache APISIX 1.3 – 2.12.1 Tested on: CentOS 7 CVE : CVE-2022-24112 import requests import sys class color: HEADER = '\03395m' IMPORTANT =...

Laravel Media Library Pro 2.1.6 Shell Upload

Exploit Title: Laravel Media Library Pro Vendor Homepage: https://spatie.be/ Software Link: https://spatie.be/products/media-library-pro Version: =1.17.10 & =2.1.6 Tested on: Laradock PHP 8.0 inside Ubuntu 20.04 CVE : CVE-2021-45040 Description: The Spatie media-library-pro library through 1.17.1...

College Website Management System 1.0 SQL Injection

Exploit Title: College Website Management System 1.0 - SQL Injection Date: 12/03/2022 Exploit Author: Mr Empy Software Link: https://www.sourcecodester.com/php/15203/college-website-content-management-system-phpoop-free-source-code.html Version: 1.0 Tested on: Linux Title: ================ Colleg...

Hades RAT Web Panel Information Disclosure

Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/c4cc1317aea42f7dd4a1b786c5278a24B.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Hades RAT - Web Panel Vulnerability: Information Disclosure Description: The Hades Rat web-panel...

Automatic Question Paper Generator System 1.0 Cross Site Scripting

Exploit Title: Automatic Question Paper Generator System 1.0 - Cross-site scripting stored Date: 2022-11-03 Exploit Author: Mr Empy Software Link: https://www.sourcecodester.com/php/15190/automatic-question-paper-generator-system-phpoop-free-source-code.html Version: 1.0 Tested on: Linux Title:...

RedLine.MainPanel Insecure Permissions

Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/baf102927947289e4d589028620ce291.txt Contact: [email protected] Media: twitter.com/malvuln Threat: RedLine.MainPanel - cracked.exe Vulnerability: Insecure Permissions Description: The malware writes ...

Hades RAT Web Panel Insecure Credential Storage

Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/c4cc1317aea42f7dd4a1b786c5278a24.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Hades RAT - Web Panel Vulnerability: Insecure Credential Storage Family: Hades Type: WebUI MD5:...

Insurance Management System 1.0 SQL Injection

Title: Insurance Management System v1.0 SQLi Author: nu11secur1ty Date: 03.12.2022 Vendor: https://itsourcecode.com/free-projects/php-project/php-projects-source-code-free-downloads/ Software:...

VIVE Runtime Service 1.0.0.4 Unquoted Service Path

Exploit Title: VIVE Runtime Service - 'ViveAgentService' Unquoted Service Path Date: 11/03/2022 Exploit Author: Faisal Alasmari Vendor Homepage: https://www.vive.com/ Software Link: https://developer.vive.com/resources/downloads/ Version: 1.0.0.4 Tested: Windows 10 x64 C:\Users\Usersc qc "VIVE...

Automatic Question Paper Generator System 1.0 Insecure Direct Object Reference

Exploit Title: Automatic Question Paper Generator System 1.0 - Authentication Bypass Date: 2022-04-03 Exploit Author: Mr Empy Software Link: https://www.sourcecodester.com/php/15190/automatic-question-paper-generator-system-phpoop-free-source-code.html Version: 1.0 Tested on: Linux !/usr/bin/env...

Student Grading System 1.0 SQL Injection

Title: Student Grading System v1.0 SQLi Author: nu11secur1ty Date: 03.14.2022 Vendor: https://www.sourcecodester.com/users/tips23 Software: https://www.sourcecodester.com/php/14522/student-grading-system-using-phpmysql-source-code.html Reference:...

Hades RAT Web Panel Cross Site Scripting

Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/c4cc1317aea42f7dd4a1b786c5278a24C.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Hades RAT - Web Panel Vulnerability: Remote Persistent XSS Family: Hades Type: WebUI MD5:...

Baixar GLPI Project 9.4.6 SQL Injection

Exploit Title: Baixar GLPI Project 9.4.6 - SQLi Date: 10/12 Exploit Author: Joas Antonio Vendor Homepage: https://glpi-project.org/pt-br/ https://www.blueonyx.it/ Software Link: https://glpi-project.org/pt-br/baixar/ Version: GLPI - 9.4.6 Tested on: Windows/Linux CVE : CVE-2021-44617 POC1:...

FLEX 1080/1085 Web 1.6.0 Information Disclosure

Exploit Title: FLEX 1080/1085 Web - Information Disclosure Exploit Author: Mr Empy Vendor Homepage: https://www.tem.ind.br/ Software Link: https://www.tem.ind.br/?page=prod-detalhe&id=94 Version: 1.6.0 Tested on: Linux Title: ================ FLEX 1080/1085 Web - Information Disclosure Summary:...

Seowon SLR-120 Router Remote Code Execution

Exploit Title: Seowon SLR-120 Router - Remote Code Execution Unauthenticated Date: 2022-03-11 Exploit Author: Aryan Chehreghani Vendor Homepage: http://www.seowonintech.co.kr Software Link: http://www.seowonintech.co.kr/en/product/detail.asp?num=126&bigkind=B05&middlekind=B0530 Version: All versi...

Employee Performance Evaluation System 1.0 SQL Injection

Title: Employee Performance Evaluation v1.0 SQLi Author: nu11secur1ty Date: 03.11.2022 Vendor: https://www.sourcecodester.com/users/tips23 Software: https://www.sourcecodester.com/php/14617/employee-performance-evaluation-system-phpmysqli-source-code.html Reference:...

Tdarr 2.00.15 Command Injection

Exploit Title: Tdarr 2.00.15 - Command Injection Date: 10/03/2022 Exploit Author: Sam Smith Vendor Homepage: https://tdarr.io Software Link: https://f000.backblazeb2.com/file/tdarrs/versions/2.00.15/linuxarm64/TdarrServer.zip Version: 2.00.15 likely also older versions Tested on: 2.00.15 Exploit:...

Sony Playmemories Home Unquoted Service Path

Exploit Title: Sony playmemories home - 'PMBDeviceInfoProvider' Unquoted Service Path Date: 09/03/2022 Exploit Author: Saud Alenazi Vendor Homepage: https://www.sony.com/ Software Link: https://support.d-imaging.sony.co.jp/www/disoft/int/download/playmemories-home/win/en/index.html Version: 6.0...

Sandboxie-Plus 5.50.2 Unquoted Service Path

Exploit Title: Sandboxie-Plus 5.50.2 - 'Service SbieSvc' Unquoted Service Path Exploit Author: Antonio Cuomo arkantolo Exploit Date: 2022-03-09 Vendor : David Xanatos Version : SbieSvc 5.50.2 Vendor Homepage : https://sandboxie-plus.com/ Tested on OS: Windows 10 Pro x64 PoC : ============== C:\sc...

Siemens S7-1200 4.5 Unauthenticated Access

Exploit Title: Unauthenticated Siemens S7-1200 CPU Start/Stop Command Date: 09/03/2022 Exploit Author: RoseSecurity Vendor Homepage: https://www.siemens.com/global/en.html Version: V4.5 and below Tested on: Siemens S7-1200 CPU: 1215C IP == PLC IP address Start Command curl -i -s -k -X $'POST' \ -...

WOW21 5.0.1.9 Unquoted Service Path

Exploit Title: WOW21 5.0.1.9 - 'Service WOW21Service' Unquoted Service Path Exploit Author: Antonio Cuomo arkantolo Exploit Date: 2022-03-09 Vendor : ilwebmaster21 Version : WOW21Service 5.0.1.9 Vendor Homepage : https://wow21.life/ Tested on OS: Windows 10 Pro x64 PoC : ============== C:\sc qc...

Zabbix 5.0.17 Remote Code Execution

Exploit Title: Zabbix 5.0.17 - Remote Code Execution RCE Authenticated Date: 9/3/2022 Exploit Author: Hussien Misbah Vendor Homepage: https://www.zabbix.com/ Software Link: https://www.zabbix.com/rn/rn5.0.17 Version: 5.0.17 Tested on: Linux Reference:...

McAfee Safe Connect VPN Unquoted Service Path

Exploit Title: McAfee® Safe Connect VPN - Unquoted Service Path Elevation Of Privilege Date: 09/03/2022 Exploit Author: Saud Alenazi Vendor Homepage: https://www.mcafee.com/ Software Link: https://www.mcafee.com/en-us/vpn/mcafee-safe-connect.html Version: 2.13 Tested: Windows 10 x64 Contact:...

Dirty Pipe Local Privilege Escalation

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Dirty Pipe Local Privilege Escalation via CVE-2022-0847', 'Description' = %q This exploit targets a vulnerability in the Linux kernel since 5.8,...

BattlEye 0.9 Unquoted Service Path

Exploit Title: BattlEye 0.9 - 'BEService' Unquoted Service Path Date: 09/03/2022 Exploit Author: Saud Alenazi Vendor Homepage: https://www.battleye.com/ Software Link: https://www.battleye.com/downloads/ Version: 0.94 Tested: Windows 10 Pro Contact: https://twitter.com/dmaral3noz C:\Users\saudhsc...

DEOS AG OPEN 710/810 Cross Site Scripting

Title: DEOS control systems GmbH - OPEN 710/810 EMS Cross Site Scripting Vulnerability Dork: app:"DEOS AG OPEN EMS System ics device httpd" Vendor page: https://www.deos-ag.com/en/ Exploit Author: n4pst3r Tested on: Debian POST /cgi-bin/option.cgi?function=2 HTTP/1.1 Content-Length: 83...

Webmin 1.984 Remote Code Execution

Exploit Title: Webmin 1.984 - Remote Code Execution Authenticated Date: 2022-03-06 Exploit Author: faisalfs10x https://github.com/faisalfs10x Vendor Homepage: https://www.webmin.com/ Software Link: https://github.com/webmin/webmin/archive/refs/tags/1.984.zip Version: = 1.984 Tested on: Ubuntu 18...

Audio Conversion Wizard 2.01 Buffer Overflow

Exploit Title: Audio Conversion Wizard v2.01 - Buffer Overflow Exploit Author: Hejap Zairy Date: 03.07.2022 Software Link: https://www.litexmedia.com/acwizard.exe Tested Version: v2.01 Tested on: Windows 10 64bit 1.- Run python code : 0day-HejapZairy.py 2.- Open 0dayHejap.txt and copy All content...

Wondershare Dr.Fone 12.0.18 Unquoted Service Path

Exploit Title: Wondershare Dr.Fone 12.0.18 - 'Wondershare InstallAssist' Unquoted Service Path Discovery by: Mohamed Alzhrani Discovery Date: 2022-03-08 Vendor Homepage: https://www.wondershare.com/ Software Link : https://download.wondershare.com/drfonefull3360.exe Tested Version: 12.0.18...